HTC & Samsung’s Security Issues Putting Android Users in Hot Water

HTC & Samsung’s Security Issues Putting Android Users in Hot Water

Oct 5, 2011

Security is becoming an unfortunate hot-button issue in the Android world as of late, with one major phone manufacturer in hot water over a data leakage, and a new phone that features a silly glitch that compromises a phone’s lock settings.

HTC Android phones feature a security issue where any app that requests Internet access can get access to an extreme amount of data that could be used to clone the phone and access sensitive user information. Malicious apps could get access to the user’s accounts, phone numbers, text messages, GPS data, and system log dumps that contain vast swaths of information that could be recovered from them. Again, this can be done just simply through an app that requests internet access. Android Police, who originally reported this story, created a proof of concept app that shows just what data can be acquired through this security chasm. As well, there’s a suspicious VNC server app that HTC has added, and there exists the possibility that a hacker could find a way to activate this and take complete control over a user’s phone.

Luckily, not all HTC phones are affected, though the Evo 4G, Evo 3D, Thunderbolt, and possibly other phones could be affected. Users who root can delete one APK, /system/app/HtcLoggers.apk to help fix this vulnerability. Some custom roms, such as CyanogenMod, do not feature this vulnerability at all. Similar to the PDF exploits that led to JailbreakMe on iOS, the way to make one’s phone safer is to hack it in order to remove vulnerabilties. Oh, the irony. HTC was notified of the vulnerability a week before the post went up, but didn’t promise a fix until October 4th (3 days after the story was initially reported), and an over-the-air update patching the vulnerability is in the works.

However, other Android manufacturers can’t just sit back and laugh at their competitor’s misfortune; Samsung’s Galaxy S2 has issues in the US. Specifically, the AT&T version of the Galaxy S2 can have lock screen security bypassed by waking a device by tapping the lock key, letting the screen time out, and then pressing the lock key once again. This will bypass any security on the AT&T Galaxy S2; reports indicate that the Sprint Galaxy S2 does not suffer from this issue.

Apparently Android manufacturers need to keep a tighter lock on their devices’ security, as users could potentially find their devices and sensitive data compromised by shoddy programming.

EVO 4G Update Does In Fact Remove Framerate Cap

EVO 4G Update Does In Fact Remove Framerate Cap

Sep 28, 2010

A few days ago Sprint released its latest firmware update for the EVO 4G to take care of a few pesky bugs. In all, a total of 4 issues were to be resolved (Calender Edit Event, Multiple Gmail Sync, 30 FPS cap, GPS Reboot). Interestingly enough Sprint only decided to mention 2 of them (perhaps to avoid unwanted questioning). One of the unmentioned issues was that of the 30 FPS cap. Originally the story floating around was that the frame rate cap was software imposed due to Evo’s hardware support of HDMI-out and could not be rectified through software updates (even though hackers proved differently). Naturally this left the Evo community speculating about whether or not the recent update could indeed undo the cap. Guess what? It did!

The guys over at Engadget have confirmed that the cap has indeed been lifted and now the Evo is uncontrollably gushing streams of FPS into the Gulf of Gaming Graphics. Great news for EVO owners who have had to endure ridicule over the FPS debacle. What now? Time to take those once chained EVO’s and smack all the non-believers in the face with some 4G fury.

Users claim it, benchmarks prove it and screenshots solidify it. Now stop procrastinating and go to Settings > System updates > HTC software update and feel the FPS freedom.

Source: Engadget