Develop Bugs

Swype

Hey can someone Pm me the stock (or a better one) Swype apk extracted from the ota update. I don't want to OTA update cause I hear it sucks battery on older phones. I unrooted my evo to get the speaker replaced and the next morning my laptop died (mother board) and it won't be back from getting repaired till latter next week :-( I was using unrevoked. Or can you tell me where the phone downloads the OTA to so I can extract it without updating.
Sent from my PC36100 using XDA App

smokinbanger said:
Hey can someone Pm me the stock (or a better one) Swype apk extracted from the ota update. I don't want to OTA update cause I hear it sucks battery on older phones. I unrooted my evo to get the speaker replaced and the next morning my laptop died (mother board) and it won't be back from getting repaired till latter next week :-( I was using unrevoked. Or can you tell me where the phone downloads the OTA to so I can extract it without updating.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Wrong section. You can download the OTA from XDA, there's a link if you search.

I'll just leave this here...
Swype letter to XDA said:
While we at Swype are obligated to protect our intellectual property, we also feel that the enthusiast community is valuable to the long-term success of our business. With that in mind we’d like to offer some rules for posting content related to Swype here on the XDA-developers forum.
The overriding principle behind our policy is that distributing Swype in any way which would allow its use without a license is a violation of our terms of service and our intellectual property rights. This includes the use of features for which the user does not hold a valid license. Therefore the following situations are NOT allowed:
Distribution of Swype standalone APKs in any form;
Inclusion of Swype in ROMs where the Swype licensing mechanisms have been stripped;
The addition of features, such as the voice input button, to devices where the user does not hold a license or appropriate rights for these features – this includes the distribution of additional languages; and
Any other use of Swype that infringes any third party copyrights or other intellectual property rights or violating any third party terms of service.
The following, however, are allowed by Swype (assuming you have all other required third party rights):
Inclusion of Swype in ROMs for devices which come with Swype preinstalled, where:
the version of Swype matches the version distributed with the device
all licensing mechanisms remain intact, and
where the user is not infringing on any third party copyrights or other intellectual property rights or violating any third party (e.g., a device manufacturer or carrier) terms of service;
The use of MetaMorph(R) to modify graphical elements in any licensed installation of Swype.
Thank you for your understanding and cooperation in making sure our intellectual property and that of third parties is protected, while still allowing those who love to customize their devices in such awesome ways the liberty to do so. Swype reserves all of its rights.
Click to expand...
Click to collapse
Please keep in mind that you can always register for the BETA at http://beta.swype.com. The rules above apply only to the redistribution of Swype APKs. A valid BETA license allows you to use the latest BETA version from beta.swype.com on any supported Android device.

smokinbanger said:
Hey can someone Pm me the stock (or a better one) Swype apk extracted from the ota update. I don't want to OTA update cause I hear it sucks battery on older phones. I unrooted my evo to get the speaker replaced and the next morning my laptop died (mother board) and it won't be back from getting repaired till latter next week :-( I was using unrevoked. Or can you tell me where the phone downloads the OTA to so I can extract it without updating.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Oh jeez, someone is gonna get banned

He's not gonna get banned for asking for swype...

The latest update doesn't suck battery on older devices. The older x.30.xxx.x updates did. No reason not to flash.
Sent from my PC36100 using XDA App

Nothing wrong with asking, but there is an easier method than trying to use the ota, and wont risk getting anyone in trouble for warez. Swype is legal on our phones. You can download nearly any rom based off of 3.70, rip it open and push the apk and lib to your phone. OP, do a little more reading, bro. I saw a thread just earlier talking about where to put the apk and the lib files.

Ok guys. So remember my computer is dead. And Swype is part of the OTA so maybe I should ask how can I do it from my unrooted phone. I can't root till I get my puter back. And anyone got a download link to the OTA file? How bout someone just rip up an OTA for me and get me some pieces out of it named swim or something like that. Oh and are OTA's banned too cause they contain it? Is everyone supplying them gonna get clipped. Like hello! Sprint/ HTC redistributes it for this phone! Is that license enough? Um did anyone say sell or buy?
Sent from my PC36100 using XDA App

Not happening on an unrooted phone. Not without the update. The lib file goes in a /system folder...which you can only write to with root.

tejasrichard said:
Not happening on an unrooted phone. Not without the update. The lib file goes in a /system folder...which you can only write to with root.
Click to expand...
Click to collapse
Ok that's what I was afraid of. What's MetaMorph? That sounds cool. Also does the OTA version have the voice input button?
Sent from my PC36100 using XDA App

mattykinsx said:
After the 3.70 OTA? Also, requesting the Swype apk that came with the 3.70 OTA?
Click to expand...
Click to collapse
Yup after the 3.70 OTA. Another member asked for it, I told him to PM me cuz I was gonna give it to him, & a mod issued me a warning saying asking for Swype via PM is the same as doing it openly in the forums and its grounds for getting banned.
EVO on Tapatalk

Just as an fyi, as long as your phone is rooted you don't need a computer to do the work.
I downloaded the ota, extracted the zip contents, used root explorer to mount /system rw, moved the library to /system/lib, remounted /system as ro and installed the OTA apk.
That's all there is to it and swype runs fine on cm 6.1.2 wimax alpha 2.
Cheers,
Swyped on my CM'D Evo using tapatalk!

All it takes is thirty seconds worth of searching on google to find the apk...

Neatchee:
I tried to get the current beta and swype didn't work at all other than as a traditional keyboard. Swype tells you to install the ota version.
Yes, I'm in the beta program.
Swyped on my CM'D Evo using tapatalk!

smokinbanger said:
Ok guys. So remember my computer is dead. And Swype is part of the OTA so maybe I should ask how can I do it from my unrooted phone. I can't root till I get my puter back. And anyone got a download link to the OTA file? How bout someone just rip up an OTA for me and get me some pieces out of it named swim or something like that. Oh and are OTA's banned too cause they contain it? Is everyone supplying them gonna get clipped. Like hello! Sprint/ HTC redistributes it for this phone! Is that license enough? Um did anyone say sell or buy?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
The reason we can't post the APK by itself is because it will work on any phone, whether or not it's licensed for use on it. Basically, it's piracy. If I post it here, what's to stop an LG Optimus owner from downloading it and putting it on their phone? On top of that, one of the rules said it has to be the same version, so even if someone with a different phone already has Swype, it'd be a different version and therefore would break the rule.
It's not cause we're so "by the book". It's just that you have to respect the rules of the people who put time into it. They're nice enough to let us modify it and put it into our ROMs at all. Notice how they said don't POST them here. They never said "we'll come after you if you extract it from the OTA yourself!".

Ummm I think everyone is making this wayyyyy too complicated. He's unrooted, doesn't have a computer to do it, doesn't mind using the OTA update....
Go to Settings >> System Update >> Firmware update
Unless you're not getting any connection on your phone, I don't know why anybody else didn't suggest it. Also if you're afraid about rooting it again, and most rooting methods cover the newest hboots now too.
edit: misread, sorry. I'm pretty sure you can download the OTA SOMEWHERE on this forum, just use the search. As far as extracting it without a computer, I'm sure it's possible but very difficult.

adamantypants said:
Ummm I think everyone is making this wayyyyy too complicated. He's unrooted, doesn't have a computer to do it, doesn't mind using the OTA update....
Go to Settings >> System Update >> Firmware update
Unless you're not getting any connection on your phone, I don't know why anybody else didn't suggest it. Also if you're afraid about rooting it again, and most rooting methods cover the newest hboots now too.
edit: misread, sorry. I'm pretty sure you can download the OTA SOMEWHERE on this forum, just use the search. As far as extracting it without a computer, I'm sure it's possible but very difficult.
Click to expand...
Click to collapse
I know you misunderstood, but it's worth a mention that Unrevoked works for all Evos now. Any hboot and radio and hardware revision.

All the ones who have said that asking for or sharing the apk are correct. Swype cannot be distributed in any way other than by cooking it into roms. Don't ask in open forums or via pm, you will get a warning and/or banned if repeat offender.
BTW, you posted in the wrong section. I am moving this (and closing it) to Q&A.
@OP,
This is your first and last warning. I would read this thread and try to follow their advise.
Thread closed and moved.

[Q] Why do developers add apps?

The one thing that bugs me on most of the ROMs out there is the fact that developers insist on pushing their favorites apps. Which makes the ROM larger and in some cases the apps are unable to be uninstalled. I just never got this and I was just wondering why they do this.
Most of these apps are completely useless to the ROM (by that i mean they don't serve any function to the ROM):
XDA
Dolphin Browser
Amazon App Store
WiFi or USB Tether (in the cases they aren't modified)
Any of the Launchers
Handcent
File Explorers
Google+
MyBackUp

The spots are easy to uninstall
Use the sdx app remover
And if you don't like their style don't use their roms
Sent from my SPH-D700 using XDA Premium App

You could also use titanium backup to uninstall them.

Easy answer. They build roms the way they want for their phone, then share with the rest of us.

shane6374 said:
Easy answer. They build roms the way they want for their phone, then share with the rest of us.
Click to expand...
Click to collapse
We got a winner.
Sent from my SPH-D700 using Tapatalk

CompCrash said:
The one thing that bugs me on most of the ROMs out there is the fact that developers insist on pushing their favorites apps. Which makes the ROM larger and in some cases the apps are unable to be uninstalled. I just never got this and I was just wondering why they do this.
Most of these apps are completely useless to the ROM (by that i mean they don't serve any function to the ROM):
XDA
Dolphin Browser
Amazon App Store
WiFi or USB Tether (in the cases they aren't modified)
Any of the Launchers
Handcent
File Explorers
Google+
MyBackUp
Click to expand...
Click to collapse
Useless probably wouldn't be an entirely fair statement for all the items in your list.
Examples:
1. File Explorers...If the ROM developer wisely takes out the relatively elementary stock file browser, they need to replace it with something otherwise you wouldn't be able to get at your files without installing one on your own.
2. Any of the Launchers...Often times, TouchWiz launcher is removed in these custom ROMs...There would certainly be an issue if it wasn't replaced with something...Right?
As for the rest of the items, these folks are trying to build a streamlined, yet useful, ROM which generally would appeal to anyone for daily use based on their own preference/experience.
FWIW...You should/could simply use 7zip or Archive Manager to open, not extract the ROM zip, which will allow you to delete/add/update whatever apps you'd like in the /system/app or /data/app folder prior to flashing the ROM...Seriously, it's that easy.

shane6374 said:
Easy answer. They build roms the way they want for their phone, then share with the rest of us.
Click to expand...
Click to collapse
Ding ding ding!
Posted by Mr. Z's Epic 4G.

Wow, the nerver of some people, Ill make a zip that only contains the words ROM and zip just for you o_0

CompCrash said:
The one thing that bugs me on most of the ROMs out there is the fact that developers insist on pushing their favorites apps. Which makes the ROM larger and in some cases the apps are unable to be uninstalled. I just never got this and I was just wondering why they do this.
Most of these apps are completely useless to the ROM (by that i mean they don't serve any function to the ROM):
Click to expand...
Click to collapse
Most roms of a matching firmware revision are 90% similar fundamentally. After that, dev's aim to share an experience in functionality.
XDA: A quick and easy app to keep track of your favorite rom so you don't have to!
Dolphin Browser: The stock browser is clunky, slow, and a ram hog. Many devs remove it and substitute a more efficient and battery friendly alternative.
Amazon App Store: Provides access to daily free apps, but can't be installed from the Android Market. Who doesn't like free apps?
WiFi or USB Tether (in the cases they aren't modified): I'm not even sure what could be said against this.
Any of the Launchers: The built-in Touchwiz is generally dislike-able. A preference of the dev.
Handcent: Many find this to be nicer and more functional than the stock mms.
File Explorers: You pretty much have to have one of these, and they're almost all more useful than MyFiles.
Google+: Well I can't argue this one, I generally remove most Google Apps to avoid incessant synchronizing.
MyBackUp: People like to restore their apps after an install. Having something like this included in the install expedites the process.
I generally assemble a rom so that these "unnecessary" apps are readily removed. Or as mentioned, you could simply use 7zip to delete anything you like prior to flashing. Or yet again, feel free to not use said roms.

Here is a suggestion for the OP. Make your own ROM with what you feel is "important and useful" and share it with us but make sure there is nothing that we might deem useless in it. And before anyone mentions NO I am not a developer nor do I really want to be but I support our devs 110%!

Preinstalled file manager with all ROMS?

There should be a file manager pre-installed with all gnex roms. Don't you think?

Google pretty much realized that 3rd party file managers will always trump any anemic, non-updated stock file manger they stuff into their builds.

jordanishere said:
Google pretty much realized that 3rd party file managers will always trump any anemic, non-updated stock file manger they stuff into their builds.
Click to expand...
Click to collapse
But the problem is we can't install apks and need to waste data plans or waste time installing it via Nexus 7.8 toolkit

Mike556 said:
But the problem is we can't install apks and need to waste data plans or waste time installing it via Nexus 7.8 toolkit
Click to expand...
Click to collapse
of course we can install apks, sideloaded or through the markets(s). waste time? it takes seconds. astro file manager is nice, so is root explorer(if you need a root file manager.. https://play.google.com/store/apps/details?id=com.metago.astro&hl=en

Mike556 said:
But the problem is we can't install apks and need to waste data plans or waste time installing it via Nexus 7.8 toolkit
Click to expand...
Click to collapse
Waste data plans? You would have just downloaded a rom on WiFi I assume. Boot it and install what you want.
Or manually add the apk you want into the ROM, system/app prior to flashing it.
There is no problem.

Google wants Google to be your file manager, and the cloud to be your storage. So much easier to sift through your data and monetize the info.
Google also fully realizes that if ROMs had file managers, it would quickly become obvious that you don't need gapps or even a Google account to fully utilize your phone.
And it wouldn't be long after that that you realize apps should be available somewhere besides the Playstore, like any other version of Linux. And people might start a SourceForge or similar site for Android.
So Google doesn't like file managers, or sdcards, or anything else that prevents them from monetizing your data, because that's their whole business model.

Mike556 said:
But the problem is we can't install apks and need to waste data plans or waste time installing it via Nexus 7.8 toolkit
Click to expand...
Click to collapse
Whose got a gun to your head telling you that you can't? It's so incredibly easy.

strumcat said:
So Google doesn't like file managers, or sdcards, or anything else that prevents them from monetizing your data, because that's their whole business model.
Click to expand...
Click to collapse
Most of Android's problems trace back to this single fact.
Sent from my Galaxy Nexus

strumcat said:
Google wants Google to be your file manager, and the cloud to be your storage. So much easier to sift through your data and monetize the info.
Google also fully realizes that if ROMs had file managers, it would quickly become obvious that you don't need gapps or even a Google account to fully utilize your phone.
And it wouldn't be long after that that you realize apps should be available somewhere besides the Playstore, like any other version of Linux. And people might start a SourceForge or similar site for Android.
So Google doesn't like file managers, or sdcards, or anything else that prevents them from monetizing your data, because that's their whole business model.
Click to expand...
Click to collapse
That is crazy talk man.
Google has nothing against file managers. It has nothing against using your device as plug and play drive either He is talking about custom ROMs anyways. Google has no control over them. If you don't want to use a Google account on your phone then don't.
People are aware apps are elsewhere. You got third party appstores like amazon and others and android period has a reputation for people pirating apps/side loading apps etc.
The reason nexus devices went away from SD cards is well documented. That is not the reason.
Googles businesses model has nothing to do with your data on your devices.
---------- Post added at 09:00 PM ---------- Previous post was at 08:58 PM ----------
Edit. He doesn't directly mention custom ROMs . But when you mention toolkits and all ROMs I am fairly certain op is not talking about factory ROMs

sshede said:
Whose got a gun to your head telling you that you can't? It's so incredibly easy.
Click to expand...
Click to collapse
Apple and their fanboys are since they can't do it.
--------------------------------------------------
If I have helped you.... hit that sexy thanks button. ^_^

MikeyMike01 said:
Most of Android's problems trace back to this single fact.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Not even remotely true for most users out there.
Let me fix that for you:
MikeyMike01 said:
Most of my problems with Android trace back to this single opinion.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse

Mike556 said:
But the problem is we can't install apks and need to waste data plans or waste time installing it via Nexus 7.8 toolkit
Click to expand...
Click to collapse
What toolkit, adb install blah.apk, way faster than toolkits..
Beamed from my Grouper.

Help With Security Solution

I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LBE (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?

Mrktmind said:
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
Because phone security is generally easy to manage. Most apps make a good name for themselves. And many people check the security of an app as soon as it were to hit the Play Store. It doesn't mean we are young it means that we aren't dumb and know how modern technology works.

hrffd said:
Because phone security is generally easy to manage. Most apps make a good name for themselves. And many people check the security of an app as soon as it were to hit the Play Store. It doesn't mean we are young it means that we aren't dumb and know how modern technology works.[/QUOTE
I highly doubt that anyone on XDA, regardless of age, is dumb. I do believe, however, that there are quite a few younger members who could be a bit naive due to a lack of experience. Younger folks tend to take most things at face value. Just because something is free monetarily doesn't mean it isn't costing you something. Just because an app is on Play Store doesn't mean it is "secure" - especially since the Play Store (as well as Android, Google, et.al.) operate on the same business model as the apps!
Just a random example - Why would Angry Birds need my Sim Card Serial number to operate properly? Why would it need to know the phone numbers of all my incoming calls? Answer - it doesn't - in fact it doesn't need ANY of the permissions it asks for to operate properly. So why does it ask for these permissions? Answer - it is data mining your phone.
Ok, so I think most XDA members are aware of WHAT these apps are doing. My original question is WHY don't more people seem to care?
Click to expand...
Click to collapse

Mrktmind said:
I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LMB (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
I believe MIUI is also a viable option for this, no? You can set app permission on a "per-app" basis with MIUI security I believe.
Sent from my SPH-D710 using Tapatalk 2

I tried this app a while back and it basically does what you want but it got annoying https://play.google.com/store/apps/details?id=com.lbe.security.lite
I don't use these because I am very selective about what goes on my phone.

Thanks Luke!
Not very familiar with MIUI ROM's will have to look into them.

someguyatx said:
I tried this app a while back and it basically does what you want but it got annoying https://play.google.com/store/apps/details?id=com.lbe.security.lite
I don't use these because I am very selective about what goes on my phone.
Click to expand...
Click to collapse
Yes, this is the app I listed above - just had the initials wrong! :silly: It is a lot like pdroid but, like you, it scares me.

I have my own small business and run most of it from my phone, in the beginning I used the standard flip phone then graduated on to a touch pro 2 with Windows Mobile 6.5 as I began to accumulate massive amounts of data on my Windows Mobile phone, for some reason I still felt secure in the applications like ActiveSync that I was in control of my data.... A year ago last October I upgraded to the Samsung Galaxy s2.. this was my first real experience with Google's Android operating system. in the first few minutes of using the new phone I could see how deeply the hooks were being placed to data mine my information. I resisted at first but then came to realize if I wanted all the bells and whistles Google was offering I had to play the game... I use the security program mentioned above... maybe they should have an app were you sign a consent of exactly which data you would like to keep on your phone and not share with other people. then when you visit the play store apps that request more of your private data than you're willing to share won't show up? I would like to have an open sourced built firewall that monitors traffic, letting me choose the permissions per app as I see fit.

Mrktmind said:
Thanks Luke!
Not very familiar with MIUI ROM's will have to look into them.
Click to expand...
Click to collapse
I've ran both Adhvanlt's and Lens's JB MIUI Roms, and they're both amazing! The standard MIUI launcher feels a bit like the iphone, and there is no app drawer, but that's easily fixed by downloading [insert favorite launcher here] if you don't care for it. There's hundreds of options for customization. They are literally the most customizable ROMs you'll ever run; All of this on top of the fact that it has the security features I believe you are after baked right in to it.
Sent from my SPH-D710 using Tapatalk 2

Looked at two MIUI ROM's for the E4GT. Both of them have issues with Google Voice. I need Google Voice.
I am also going to try +AF (Droidwall fork) firewall tonight to see if it will work on FK23. It apparently has issues with some ICS/JB ROM's. That will at least give some protection from apps that don't need network access at all. But for apps that need network access to do their intended job it's useless. Just read last night that the developer has added profiles to +AF - that should be really cool.
I guess I'm spoiled a bit with Pdroid - it works so well and is very detailed.
Thanks for all the replies! Other suggestions, ideas, thoughts, opinions welcomed!

Mrktmind said:
I want to be able to granularly set the permissions for each app. From what I understand my options are:
Cyanogenmod - except CM10 for SGS2 is missing this at this time
Pdroid for GB
Pdroid 2.0 - running CM10 only
LBE (from China)
I have had Pdroid 2.0 running on CM10 for a few weeks but CM10 isn't stable - just had it auto-reboot in the middle of a call. Does anybody have any other ideas / suggestions?
On a related note - I'm wondering why it seems that most people aren't bothered with apps monitoring their use and even more important archiving all the data compiled on them?? The only thing that I can think of is that most cell phone / XDA users are really young and just don't know any better??? Didn't they pay any attention in history class?? What am I missing here?
Click to expand...
Click to collapse
As an app developer, I can tell you that there are some shady apps, but if you download from good devs, the permissions are *usually* necessary. Here's some examples that people question the most:
Access to contacts... Assuming it's not a contact or sms app, if any app has a "share" feature needs this permission.
Access to sd card... Any app that saves anything or lets you change a background needs this.
Read phone state... So the app can properly call the "onpause" method when a call comes in.
Access to location... Assuming it's not a location app or game like ingress or zombies!Run!, you'll typically see this on free apps that have ads. Ads allow developers to get paid for their work while keeping the app free. They don't have access to the ad data, though. They just put in the api and the ad company handles the rest.
On top of that, large organizations will seek phone specific permissions like sim card numbers for analytics.
Google makes most of its money from ads, so it reads your usage to better target ads. Google also uses location data to improve location services like maps.
If you're worried about security, don't download a random app that only has 100+ downloads. If an app has 50000+ downloads, you can rest assured that it's already been vetted.
Also if you're downloading pirated apps, you're just a moron who is opening up his world to who knows who. Many (not all) pirated apps have added data mining code.
Sent from my SPH-D710 using Tapatalk 2

There's a Zombie-like Security Flaw in Almost Every Android Phone

Nice article to read.. Just thought I would share.. MODS PLEASE DELETE IN CASE THIS IS A DUPLICATE.
http://news.yahoo.com/theres-zombie-security-flaw-almost-every-android-phone-013019842.html
There's a Zombie-like Security Flaw in Almost Every Android Phone
LikeDislike
Abby Ohlheiser 56 minutes ago
Technology & Electronics
.
View gallery
There's a Zombie-like Security Flaw in Almost Every Android Phone
Almost every Android phone has a big, gaping security weakness, according to the security startup who discovered the vulnerability. Essentially, according to BlueBox, almost every Android phone made in the past four years (or, since Android "Donut," version 1.6) is just a few steps away from becoming a virtual George Romero film, thanks to a weakness that can "turn any legitimate application into a malicious Trojan."
While news of a security vulnerability in Android might not exactly be surprising to users, the scope of the vulnerability does give one pause: "99 percent" of Android mobiles, or just under 900 million phones, are potentially vulnerable, according to the company. All hackers have to do to get in is modify an existing, legitimate app, which they're apparently able to do without breaking the application's security signature. Then, distribute the app and convince users to install it.
Google, who hasn't commented on the vulnerability yet, has known about the weakness since February, and they've already patched the Samsung Galaxy S4, according to CIO. And they've also made it impossible for the malicious apps to to install through Google Play. But the evil apps could still get onto a device via email, a third-party store, or basically any website. Here's the worst-case scenario for exploitation of the vulnerability, or what could potentially happen to an infected phone accessed via an application developed by a device manufacturer, which generally come with elevated access, according to BlueBox:
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The company recommends users of basically every Android phone double check the source of any apps they install, keep their devices updated, and take their own precautions to protect their data. But as TechCrunch notes, Android users really should be doing this anyway, as the devices tend to come with a " general low-level risk" from malware. That risk, however, is elevated for users who venture outside of the Google Play store for their apps.
So while the actual impact of the vulnerability is not known, neither is the timeline for fixing it. Manufacturers will have to release their own patches for the problem in order to fix it, something that happens notoriously slowly among Android devices.

I was under the impression that the very latest android is not vulnerable (4.2.2). Is this true of CyanogenMod?
Sent from my SGH-T999 using xda app-developers app

It says almost everything since 1.6 is vulnerable. It also says its up to the device manufacturers to patch the vulnerability. So 4.2.2 is just as vulnerable. My guess is aosp will be patched in 4.3.
So unless the CM team already knew about this, and have already solved it, it'll be at risk. And I doubt they would have. Pretty sure they'd make it public if they did.
@op Thanks for posting! Hopefully this'll wake some golks up and they'll stop installing anything they find. This could be one helluva strike against software pirates too! Obviously one of the easiest way to infect someone is if they use pirated root capable apps.
Be aware too though, a simple themed system app could just as easily do this. I'd say that untill we know more, be cautious with any themed or modded system apps, even those you find here on xda. (Of course if they are from our RD/RC/RT's, or from reputable sources such as Wicked (Deviant Development) you're most likely ok) But watch for stuff released by people with brand new accounts.
Hopefully we will know more soon. And more hopeful that the oatch will be simple as in the past. (Dont remember the name right now but one was patched by an empty file with no permissions.)
Sent from my SGH-T999 using xda premium

And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app

vulnerabilities
dito33 said:
And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Don't panic or get scared just be aware. These days mass hysteria can be easily created by the mass media. Ahhhh!!!! My android phone turned my family and friends in ANDROID ZOMBIES.
Mass hysteria and mass hypnosis are spreading across North America like unstoppable waves of hypnosis. The concepts of vulnerability and media go hand and foot. But I find it to be crap .. Who care ?? It a phone not your person safe.. If you dont want it seen dont keep it or type it on you phone. Android is not the only phone there are exposed security holes in Apple products such as the iPhone which allowed applications to connect to remote computers and transfer personal data. It is extremely difficult to defend against unknown vulnerabilities. Especially if we choose to believe everything the media and the masses say.
LOL dont worry about it ...you should be worried about the app that unlocks your brain vulnerabilities and takes over your MIND....:good::good:

Common Sense is the best defense!
Sent from my SGH-T999 using xda premium

They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app

Trevorlay said:
They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium

Maybe apple paid the person to write the article lol
Sent from my EVO using xda premium

Adreaver said:
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium
Click to expand...
Click to collapse
It's not fool proof. There have been several instances where malicious apps made it onto the play store. Just cause it's there doesn't make it safe.
Sent from my SGH-T999V using xda premium

Is anti-virus app can detect the zombie?
Sent from my SGH-T999 using xda premium

Didn't the article say? I don't think there is. It's been a while since I read it but I thought it touched on that.
Sent from my SGH-T999V using xda premium