Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells

Android: Google OS with inconsistent user interface

News Linux Administration Recommended Links Samsung Galaxy Note 10.1 with S-pen Galaxy 10.1 S-pen Asus A3000
Android (in)security Windows  Malware Cloud providers as intelligence collection hubs Privacy is Dead Get Over It Search engines privacy  Java
Books of Google Play Selected Free and Low Cost Android Apps Android Scripting Android History Humor

Etc


Introduction

Android is Linux kernel-based OS designed mainly for smartphones. On application level the main programming language is Java. So outside the kernel it is quite different OS and has little to do with Linux, so in a way it is almost non-linux. While kernel is licensed under GPL 2, the license for Google code is different. Google releases the code under the Apache License. While OS is touted as an "open system", it increasingly serves the role of a portal for Google ads and services and the instrument of spying on users.  The main hallmark of Android is very insistent, amateur user interface.  This is a real black mark of Google developers. Which is not surprising due to preoccupation with "performance reviews" of neoliberal owners of Google (Larry Page and Sergey Brin).  That actually outline them in a negative light. Of course, they probably were puppets of higher lever handlers, but  still... Although many suspect that it was Eric Schmitt, who was instrumental in this malaises ( neoliberal hack of Java fame; who was also on Apple board and got their the ideas about smartphone)  who managed the company

In recent three years Android became the major player in smartphone market  and completely dominates low end of the market. It also exert substantial pressure on iPhone (Nexus, Samsung Galaxy, etc recently became very competitive). In the third quarter of 2012 Android reached 75% market share for smartphones with 500 million devices activated in total and 1.3 million activations per day.  In a way, Android repeated the success of DOS on a new level/

 It also became a dominant player in the lower segment  of tablet market (completely dominates 7" tablets segment, and is strong player on 8" and 9" segment). At the same time it has noticeable and growing presence in 10" segment dominated by iPad. As Reuters reported in October 2013 (Sharper display Apple iPad Mini faces delay sources):

The iPad's total market share almost halved to 32.5 percent in the second quarter from a year ago, while Android devices, including Samsung's Galaxy series, gained nearly a quarter to 62.6 percent, a survey by tech research company IDC showed.

Amazon's new 7-inch Kindle Fire is priced from $229 for 16GB wifi-only models, while Google's second-generation Nexus 7 offers a similar screen size and storage capacity at the same price. By comparison, the cheapest model in Apple's current 7.9-inch iPad Mini lineup with 16GB storage size starts at $329.

Like DOS, it was initially developed by a separate corporation -- Android, Inc., with Google financial  backing. Google purchased Android, Inc in 2005. It was the first adventure of Google in the area of OS and huge talent pool that Google assembled helped to achieve ensure a huge success in smartphone market. Since 2008, Android has seen numerous updates. The latest release is Android 4.2 Jelly Bean. As of September 2013 most new smartphones still are using version 4.1. Version 4.3 with important security enhancements (SELinux in kernel) is out, but mass adoption is expected in 2014.

Android has a large community of developers writing applications ("apps") written primarily in a customized version of Java.  Linux roots helped here and many application are Linux applications ported to the new platform. For developers it now increasingly resembles Marc Andressen's famous description of Microsoft Windows -- "a poorly debugged device driver layer".

Android first achieved success as a low-cost OS for smartphones, outselling Apple who pushed its idea of "small luxuries" with iPhone way too far. But outsize 7" tablets, so far it has more limited success on tablets, especially after Microsoft launched Windows 8 Intel based tablets,  because the OS is underpowered in comparison with Windows 8. For those who never used Android smartphone Windows 8 tablets have more convenient interface and much richer functionality. 

Still the synergy with smartphones greatly helps penetration of tablet market, especially for 7" tablets and Android share of the market had grown considerably in 2012 and 2013. But the upper segment of tablets market now belongs to Windows 8 in Intel and Intel based tablets (not Windows 8 RT).  Still until recently pricewise Android tablets successfully competed with Windows 8 on lower part of 10" tablet market segment due to lower cost ($399 for an excellent quality 10" Android tablet from Samsung).  In comparison Microsoft Surface Pro used to costs around $1K, while less powerful Samsung ATIV Smart PC 500T (which like Galaxy Note 10.1 has built-in stylus) is around $700. Now with Dell Venue 8 Pro ($299) that advantage is less pronounced. Even Google $230 Nexus 7 does not look too attractive in comparison with Dell Venue 8 Pro and  $70 difference does not save it from comparison of Windows 8 features and Android features.  Only $150 and lower priced 7" tablets now make some sense (here again Dell offers Android-based Venue 7 for $149). In "enterprise" segment Windows 8 tablets dominate: door to the enterprise was shut by release on Windows 8 tablets on Intel CPUs.

That means that only 7" tablets and 10" tablets with Wacom digitizers can defend their position against Windows 8 tablets in high price segment. And as a media consumption device they have difficulties in competing with iPads as they are more or less direct imitation of iPad with just a different OS kernel and Java as an application language (Steve Jobs was very unhappy about this aspect of Android, considering it to be a clone of iPad, and threatened to destroy Google with lawsuits; his death probably spared Google from a very targeted legal attack). In this sense Windows 8 on Intel CPU tablets are head and shoulder ahead, as they can run regular desktop OS -- Windows 8.1 with all huge application ecosystem, that can't be replicated on android anytime soon.

Google's response to these two trends has been to reassert its control by coupling vital phone functions to its own web services and to its online software marketplace called Google Play. It's really no different from lending you a shopping terminal, but you can only use it to buy stuff from the Amazon. Google has also is concerned with "Landfill Android", the cheap, unreliable "noname" phones from China which destroy Android credibility by underpowered hardware.

Android Interface

Win comparison with Windows applications, Android applications are more balkanized with each offering its own unique interface style. There are general guidelines, but they are seldom obeyed. Google proved to be a bad architect and in the area of user interface his  record is dismal.

You can get used to it (again experience with smartphones greatly helps),  but  interface  does not inspire any good feelings and for more or less complex tasks you find yourself struggling. Still it is OK as a media consumption device. But in this role it does not have "killer application" that distinguish it from already entrenched iPad although recently S-pen from Samsung came close. It allows to write emails on the screen and send them which greatly improves "ergonomics" of this process in keyboard-less environment  (typing on on-screen keyboard is not very convenient on 7" tablets, and is barely acceptable on 10" tablets). See Galaxy Note 10.1   for more details.

Generally tablets are closer to laptops then to smartphones. It is prudent to consider them to be just a different laptop form factor. That means that standard expectation are those of Windows laptops functionality. Android can't deliver functionality yet. Like iPad it is generally limited to media consumption type of tasks. And it can perform them really well: it's much easier to get your weather forecast in the morning from the tablet, then from the laptop, because it is "instant on" device. But not more then that.

That's why "Windows 8 on Intel" tablets essentially wiped out possibility of Android to compete in the corporate market. Also so far Google proved to be a weak match to Microsoft as for ability to create a consistent interface and enforce it with iron hand on application developers. 

The same is true for patching: Google looks amazingly incompetent in this respect. And as for security Google repeated on a new level and for a new platform all mistakes Microsoft made trying first to catch the market share at all costs and them resolve the security issues. Now with Android success on smartphone Google have found itself under "Windows curse" spell. Recent attempt to incorporate SELinux functionality into the Android kernel suggest that Google started to realize consequences of Android insecurity. Android 8 used in Samsung Galaxy 8 allows creation of a workplace, but does it in a very clumsy manner.  

I think Android market share on tablets on high end is further vulnerable to Windows 8 based tablets onslaught as Intel releases better, more economical CPUs like Ivy Bridge. You simply can not compare functionality of Android with the functionality of a full blown desktop OS like Windows 8 or Linux (and that means that Ubuntu has some theoretical chances at lease on Intel-based segment of  tablet market).  

Lack of Microsoft Office on Android devices and excessive push to the cloud and privacy intrusions on the part of Google also does not help. Still in more specialized, applications-style tablets like $200 Amazon Kindle and Nook by Barnes and Nobles Android looks more or less acceptable. Kindle and Nook actually have their own ecosystems  and the community of users. 

Interface

Android's user interface is based on imitation of the Apple interface used in iPhone and iPad using touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching and reverse pinching to manipulate on-screen objects.

Up to the version 3.0 Android devices had have four hardware buttons: Home, Back, Menu, and Search. Android version 3.0 and above replaced them with onscreen three touch buttons which can perform two type of actions (direct and alternative):

In Android 8 that changed. While home button still has alternative action Back button  doe not. And menu button was redefined to create the set of screen for open applications (line Alt-Tab in Windows).

The response to user input is designed to be immediate, but Java is slow. Still on modern CPUs it can provide as acceptably fluid touch interface,

Newer versions of Android , such as version 4.x can use the vibration capabilities of the device to provide feedback to the user about pressing the button (usually this is a separate setting that might need to activated). Internal hardware such as accelerometers, gyroscopes and proximity sensors are used by some applications to respond to additional user actions.

But in most Android tablets this is not done properly. For example, most tablets allow to adjust the screen from portrait to landscape depending on how the device is oriented. But most are either too sensitive, or not sensitive enough. In the first case you face the problem when device rotate the screen when do not what it way too often which is pretty annoying. In the second case you need special effort to rotate the screen when you need the rotation.

Homescreen

Android devices boot to the homescreen, the primary navigation and information point on the device, which is similar to the desktop found on PCs. There are several Desktop screen as in Linux with one displayed after the book (Android homescreen). Homescreen is typically made up of app icons and widgets selected by manufacturer and unless you adapt it to your needs, you will hate it the next day after you bought the tablet. Most widgets selected by manufacturer can be removed including frost of all Google widget, which is invoked if you use "alternative action on home button". 

App icons launch the associated app, whereas widgets display live, auto-updating content such as the weather forecast, the user's email inbox, or a news ticker directly on the homescreen.

Typically a homescreen may be made up of several teenagers oriented widgets and the user need to swipe back and forth between to find a few useful applications. Third party apps available on Google Play and other app stores can extensively re-theme the homescreen, and even mimic the look of other operating systems, such as Windows Phone. Most manufacturers, and some wireless carriers, customize the look and feel of their Android devices to differentiate themselves from the competition.

Status bar

Present along the top of the screen is a status bar, showing information about the device and its connectivity. This status bar can be "pulled" down to reveal a notification screen where apps display important information or updates, such as a newly received email or SMS text, in a way that doesn't immediately interrupt or inconvenience the user.

In early versions of Android these notifications could be tapped to open the relevant app, but recent updates have provided enhanced functionality, such as the ability to call a number back directly from the missed call notification without having to open the dialer app first.[40]

Notifications are persistent until read or dismissed by the user.

Applications

Generally Google tries imitate close-style Apple iPad ecosystem on Android.  But there are quit welcome loopholes that makes Android more attractive to power Windows and Linux users who got accustomed to be the administrators of their own PCs.  There is no out-of-box opportunity to create an Ghost-style disk image of Android tablet and restore it back on the device. Typically all device provide is compete wipe out and restoration of the initial vendor configuration. 

Google Play -- an official application store for Android -- has a large and growing selection of third party applications. Many applications also can be acquired via Amazon Appstore, or by downloading and installing the application's APK file from a third-party site.

Key applications with the exception of Microsoft Office are available for Android. See Selected Free and Low Cost Android Apps

All Google Play Store applications  comply with Google's compatibility requirements, but they are very low and interface is balkanized.

Google Play automatically filters the list of available applications to those that are compatible with the user's device, and developers may restrict their applications to particular carriers or countries for business reasons. Purchases of unwanted applications can be refunded within 15 minutes of the time of download.

As of September 2012, there were more than 675,000 apps available for Android, and the estimated number of applications downloaded from the Play Store was 25 billion. But generally only top several thousand applications really matter, so the absolute number of application is a very deceptive metric to compare two tablet OSes.

Development

Applications are developed in the Java language using the Android software development kit (SDK). The SDK includes a set of basic development tools, such as a debugger, software libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials. The officially supported IDE is Eclipse with  the Android Development Tools (ADT) plugin.

Other development tools are less common. No good Python support yet.  Development in C and  C++ is possible but far from being easy.  In a way Android SDK is a Google visual environment oriented on novice programmers.

Android consists of a kernel based on the Linux kernel 2.6 (Linux Kernel 3.x  in Android 4.0 and later), with middleware, libraries and APIs written in C and application software running on an application framework which includes Java-compatible libraries based on Apache Harmony. Android uses the Dalvik virtual machine with just-in-time compilation to run Dalvik dex-code (Dalvik Executable), which is usually translated from Java bytecode. The main hardware platform for Android is the ARM architecture. There is also an improving support for x86 from the Android x86 project, and Google TV uses a special x86 version of Android.

Android's linux kernel is a fork taking codebase outside Linux kernel development cycle. So this divergence is a mixed blessing.  Android does not support the full set of standard GNU libraries, which makes it challenging to port existing Linux applications or libraries to Android.

Linux included the autosleep and wakelocks capabilities in the 3.5 kernel, after many previous attempts at merger of those features from Android. The interfaces are the same but the upstream Linux implementation. They  allows for two different suspend modes: to memory (the traditional suspend that Android uses), and to disk (hibernate, as it is known on the desktop).

The flash storage on Android devices is split into several partitions, such as "/system" for the operating system itself and "/data" for user data and app installations.

Android device owners are not given root access to the operating system and sensitive partitions such as /system are read-only. Root access can be obtained by exploiting security flaws in Android. Along with enthusiasts those are used by malicious parties to install viruses and malware. Popularity of Android on smartphones led to "Windows effect" -- stream of sophisticated malware including financial malware and bonnets.

Memory management

Since Android devices are usually battery-powered, Android is designed to keep power consumption at a minimum. When an Android app is no longer in use, the system will automatically suspend it in memory - while the app is still technically "open," suspended apps consume no resources (CPU cycles) and sit idly in the background until needed again. This also increases responsiveness of Android devices, since previously opened apps don't need to be loaded from SSD if you have enough RAM. And modern Android smartphones and tablet often have staggering amount of RAM -- one gigabyte became pretty common in 2013. Please remember that DOS operated in on megabyte of memory, one thousand times less.

When memory is low, the system will begin killing apps and processes that have been inactive for a while, in reverse order since they were last used (i.e. oldest first). This process is designed to be invisible to the user. There are also  third-party task killers and as you can expect,  some of them doing more harm than good.

Updates problems and general insecurity of Android platform

Updates are weak spot of Android. Here Microsoft generally wipes the floor with Android developers. windows 8 update process works like a clock. You can complain about quantity and quality but mechanism itself is pretty robust and well debugged. Parches are provided for Windows for free by Microsoft itself.

In Android this task is offloaded to the vendors. Google does not have a patching framework and does not provide patches. Everything need to be done via vendors.

Horrible status of Android updates by many versions such as Samsung has been widely criticized by consumer groups and the technology media. Some commentators have noted that the industry has a financial incentive not to update their devices, as the lack of updates for existing devices fuels the purchase of newer ones, an attitude described as "insulting".

As the Guardian has complained that the complicated method of distribution for updates is so complicated mainly because manufacturers and carriers have designed it that way. With a typical plan you replace the phone in two-three years. So why bother.

In 2011, Google partnered with a number of industry players to announce an "Android Update Alliance", pledging to deliver timely updates for every device for 18 months after its release. As of 2012, this alliance has never been mentioned since.

In 2013 Dr. Web found a botnet that existed on Android phones.

Root access

Many users resent absence of root access to their devices and consider this attempt to replicate Apple-style ecosystem to extract more money from users. I myself consider this situation unacceptable as you can't fully backup and restore the device yourself. The only option is going to factory defaults which for obvious reasons is less impressive solution although you can adapt to it backing up "user space" and reinstalling applications. The latter can be scripted. But like any situation with the severe restriction on user behavior it create similar to Apple wave of Google hate.

As users are not allowed access to root, Android users have became hostages of malware developers, who can. Backup and restore on Android devices are primitive and are severely handicapped in comparison with Linux, where there are such packages  as Relax-and-Recover

So restrictions to root access does not help unsophisticated users, who fall victims of malware anyway, and really handicap sophisticated users limiting their ability to backup and restore the system and fight malware by reinstalltion of the clean backup image. That's why rooting Android devices instead of hacker entertainment became a necessity for sophisticated users.

Windows effect and proliferation of Android malware

"Windows effect" means that as soon as OS became dominant in particular segment of the market,  it became favorite target for malware attacks and hacking. At this point it became difficult to "defend the castle" independently of its technical qualities (not that Windows has a good security architecture). The rule 2:1 of regular warfare probably is applicable here: if the number of fighters on one side is at least twice larger then the amount of fighters on the other side, this numerically inferior side is in trouble.

Like for Microsoft in the past Google primary objective of initial Android development was gaining market share, security be damned. In other words Google from the beginning sold its soul to the devil ;-).

And if the major contingent of a complex and powerful OS are unsophisticated users, then the task of providing good security is really formidable and requires new architectural vision, and innovative solutions. Android as an OS is pretty primitive and uninventive as initially it was designed for devices with very restricted computational capabilities, somewhat similar of relationship between DOS and Unix.  As for innovative solutions it has none. Moreover because it is generally understood by users worse then Windows 8 it creates additional security risks. Recently Dr. Web found a botnet that existed on Android smartphones. The problem with Android is that if your phone or tablet is "owned", you can do nothing as you do not have access to root.

If the major contingent of a complex and powerful OS are unsophisticated users, then the task of providing good security is really formidable and requires new architectural vision

Some promising security approaches within the framework of classic Unix kernel design and some outside it are available, but were never used. For example, it would cost almost nothing to provide all Android tablets with hardware-based token implementing SecurID style authentication scheme. That was not done, and enables banking fraud. So in a way if you bank does not support SecurID style authentication, you better do not access its Web portal from Android devices. Some banks try compensate for this sending SMC messages, but if the you smartphone or tablet is owned by some type of malware this might be not enough. But it is definitely better then nothing.

In other words in its current form Android is unsecure for Web banking. As simple as that. Without such a token, interception of passwords means the compromise of the account.

As Android kernel was based on Linux kernel 2.6 (and now 3.0) some vectors of attacks are related to this heritage. For example linux kernel like any classic Unix kernel has all-powerful root and underpowered regular user accounts. That means that process which, for example, needs to access low port (below 1024) need to became root at leas on temporary basis to perform this part of the task. Ability to access Web and Web-based email portals such as Hotmail, Gmail, Yahoo mail (HTTP and HTTPS use low ports) creates the same spectrum of vulnerabilities as in Linux and Windows.

Being open source also does not help in this regard. It actually hurts as instead of disassembly you can just read regularly available codebase and try to invent some nasty exploit that allows you to become root. So in Android you from the beginning has capability which in Windows world have three latter agencies and large corporation which get Windows source code.

Instead of analyzing code trying to find exploit yourself you can buy a zero day exploit on the black market. Such a market exists for the most popular devices. Possession of not yet patched zero day exploit (and Android vendors are slow in providing patches and Android as an OS has nothing weaker then Windows patching framework) means that you are in if the user replicates the conditions necessary for this exploit, for example access a certain ("inflected") Web site.

Generally the problems with patching of Android are severe due to decentralization of the process.

Google realizes the situation with Android (in)security and in the pipeline is SE Linux framework in kernel. It is badly needed. There is also no Authenticode style cryptographic signing of executables, which provide a clean way to make loading unsigned executable in root mode more difficult. Another missed opportunity is AppArmor style framework, but generally it is just more elegant way to provide SE-linux style functionality.

Rooting the Android device

The unlocking (rooting) and "hackability" of smartphones and tablets remains a source of great tension between the community and industry.

Android applications run in a sandbox, an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed. Before installing an application, the Play Store displays all required permissions: a game may need to enable vibration or save data to an SD card, for example, but should not need to read SMS messages or access the phonebook. After reviewing these permissions, the user can choose to accept or refuse them, installing the application only if they accept. the scheme does not work for unsophisticated users.

Theoretically both the sandboxing and permissions system lessens the impact of vulnerabilities and bugs in applications, but huge percentage unsophisticated users (Windows-effect), developer confusion and limited documentation has resulted in applications routinely requesting unnecessary permissions and users happily granting them, reducing security to a minimum. In a way Google proved to be completely incompetent to solve this difficult and important problem and decided just to "go with the flow". As a result Google replicated the situation with malware that exists on Windows on a new platform.

Security industry already sensed the opportunity and the necessity to protect Android users from design defects inherent in attempt to provide powerful OS for unsophisticated users and from growing spectrum of Android malware. We can expect that generally there is will be a security tax on Android users, similar to "Windows insecurity tax."

Several Windows AV products vendors have released antivirus software for Android devices. they need to run as root as otherwise sandboxing also applies to such applications

More about Android Malware

There are multiple types of Android malware in the wild:

Google engineers have argued that the malware and virus threat on Android is being exaggerated by security companies for commercial gains. They accused the security industry of playing on fears to sell virus protection software to users. Google maintains that dangerous malware on Android is actually extremely rare.

Google currently uses their Google Bouncer malware scanner to watch over and scan the Google Play store apps. It is intended to flag up suspicious apps and warn users of any potential issues with an application before they download it.

Android 4.1 (Jelly Bean) has enhanced security features, including a malware scanner built into the system, which works in combination with Google Play, but can scan apps installed from third party sources as well; and an alert system which notifies the user when an app tries to send a premium-rate text message, blocking the message unless the user explicitly authorizes it.

Privacy implications of Android smartphones and tablets: You are like a bug under the microscope

Android smartphones have the ability to record the location of Wi-Fi access points, encountered as phone users move around, to build databases containing the physical locations of hundreds of millions of such access points. These databases form electronic maps to locate smartphones, allowing them to run apps like Foursquare, Google Latitude, Facebook Places, and to deliver location-based ads. Third party monitoring software such as TaintDroid, an academic research-funded project, can, in some cases, detect when personal information is being sent from applications to remote servers.

Recently another source of security problems for Android was revealed via publication of some materials about Prism program by Snowden. That undermines confidence in the platform as there is no guarantee that all your voice and data streams are not written on some remote NSA server and, adding insult to injury, not without Google help.

 That does not increase the confidence about the platform, but two other major platforms (iPads and Windows 8 based tablets) suffer from the same problem. all can contain NSA backdoors and Skype monitoring tools installed without user consent.  See Cloud providers as intelligence collection hubs

Licensing

Google publishes most of the code (including network and telephony stacks)  under the Apache License version 2.0,  and the rest, Linux kernel changes, under the GNU General Public License version 2.

The Open Handset Alliance develops the changes to the Linux kernel, in public, with source code publicly available at all times. The rest of Android is developed in private by Google, with source code released publicly when a new version is released.

Typically Google collaborates with a hardware manufacturer to produce a 'flagship' device (part of the Google Nexus series) featuring the new version of Android, then makes the source code available after that device has been released.

Although the software is open-source, device manufacturers cannot use Google's Android trademark unless Google certifies that the device complies with their Compatibility Definition Document (CDD). Devices must also meet this definition to be eligible to license Google's closed-source applications, including Google Play.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Sep 22, 2018] Google admits it lets hundreds of third party apps read your emails by Valentin Wolf /

Notable quotes:
"... "so long as they are transparent with the users about how they are using the data." ..."
"... In practice, this means that any app that shares your private data with advertisers must disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a note that the app wants permission to "read, send, delete and manage your email." However, information about the marketers this data is shared with can often be more difficult to find. ..."
"... In their letter to the company, the senators claim that one marketing company, Return Path Inc, read the private contents of 8,000 emails to train its AI algorithms. ..."
"... "not limited to your name, email address, username and password." ..."
"... At least 379 apps available on the Apple and Android marketplaces can access users' email data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended an app for not complying with its rules. ..."
"... Google itself has mined users' emails since Gmail was launched in 2004, but announced last year that it would stop the practice, amid privacy concerns and a federal wiretapping lawsuit. ..."
"... "discuss possible approaches to safeguarding privacy more effectively." ..."
"... Everything you've ever searched for on any of your devices is recorded & stored by Google https://t.co/8KGgO0xT92 ..."
"... Like this story? Share it with a friend! ..."
Sep 20, 2018 | www.rt.com

Omnipresent tech giant Google told US senators that it lets third-party apps read data from Gmail accounts and share this information with marketers, even though Google itself allegedly stopped this practice last year. In a letter sent to the lawmakers in July and made public on Thursday, Google said that developers may share your data with third parties for the purposes of ad-targeting, "so long as they are transparent with the users about how they are using the data."

In practice, this means that any app that shares your private data with advertisers must disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a note that the app wants permission to "read, send, delete and manage your email." However, information about the marketers this data is shared with can often be more difficult to find.

Read more Google lets 3rd-party app developers read your emails - report

Google's letter came in response to a request by Republican senators for information about the scope of the email content accessible to these third parties. In their letter to the company, the senators claim that one marketing company, Return Path Inc, read the private contents of 8,000 emails to train its AI algorithms.

Return Path told the Wall Street Journal at the time that, while it did not explicitly ask users whether it could read their emails, permission is given in their user agreements, which state that the company collects personal information including but "not limited to your name, email address, username and password."

At least 379 apps available on the Apple and Android marketplaces can access users' email data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended an app for not complying with its rules.

Google itself has mined users' emails since Gmail was launched in 2004, but announced last year that it would stop the practice, amid privacy concerns and a federal wiretapping lawsuit.

Now, privacy officials from Google, Apple and Amazon are preparing to travel to Capitol Hill next week, for a Commerce Committee hearing . There, the tech companies will be asked to "discuss possible approaches to safeguarding privacy more effectively."

Everything you've ever searched for on any of your devices is recorded & stored by Google https://t.co/8KGgO0xT92

-- RT (@RT_com) March 30, 2018

The hearing is another in a series of grillings faced by the tech industry since the Cambridge Analytica privacy scandal revealed in March that Facebook allowed a third party to collect personal information on millions of users. Google CEO Larry Page was invited to a Senate Intelligence Committee hearing on political bias, foreign interference and privacy on tech platforms earlier this month, but declined to show up, sending a written testimony instead.

Like this story? Share it with a friend!

[Sep 07, 2018] Android Bug Allows Geolocation Tracking of Users

Sep 07, 2018 | yro.slashdot.org

(duo.com) 46 Trailrunner7 writes: Researchers have discovered a weakness in all version of Android except 9 , the most recent release, that can allow an attacker to gather sensitive information such as the MAC address and BSSID name and pinpoint the location of an affected device. The vulnerability is a result of the way that Android broadcasts device information to apps installed on a device. The operating system uses a mechanism known as an intent to send out information between processes or applications, and some of the information about the device's WiFi network interface sent via a pair of intents can be used by an attacker to track a device closely.

A malicious app -- or just one that is listening for the right broadcasts from Android -- would be able to identify any individual Android device and geolocate it. An attacker could use this weaknesses to track a given device, presumably without the user's knowledge. Although Android has had MAC address randomization implemented since version 6, released in 2015, Yakov Shafranovich of Nightwatch Cybersecurity said his research showed that an attacker can get around this restriction.

[Oct 21, 2017] Samsung DeX Promises to Bring the Linux PC Experience to Your Mobile Device

Oct 21, 2017 | news.softpedia.com

Samsung announced Samsung DeX earlier this as a way for users to transform their mobile phones into full-fledged desktops or workstations by attaching a monitor, mouse, and keyboard. DeX is currently limited the Galaxy S8 and S8+, as well as Note 8, bringing you a desktop-like experience powered by your smartphone.

And now, Samsung wants to expand the DeX's capabilities by introducing "Linux on Galaxy," a new concept promising to bring the Linux PC experience to your mobile device. Linux on Galaxy comes in the form of an app that you can install on your smartphone to run multiple Linux-based operating systems.

"Although it's in a trial phase, Linux on Galaxy is our innovative solution to bring the Linux experience on PC to mobile, and then further onto a larger display with Samsung DeX. Now developers can code using their mobile on-the-go and with Samsung DeX, and can seamlessly continue the task on a larger display," says Samsung.

Developers will be able to use their favorite GNU/Linux distro

With the Linux on Galaxy app, developers will be able to use their favorite GNU/Linux distribution on their mobile devices. When using Samsung DeX with Linux on Galaxy, users can also run Linux apps that aren't available on their smartphones, which run Google's Android mobile operating system, also powered by the Linux kernel.

Best of all, Samsung Linux on Galaxy will enable developers to use a fully functional development environment to create content on a big screen, all powered by their Samsung S8/S8+ or Note 8 devices. At the moment, Linux on Galaxy is in heavy development, but you can find out more about it at seap.samsung.com/linux-on-galaxy .

[Sep 17, 2017] Android stops glitchy apps by detecting your panicky presses

Notable quotes:
"... So far the feature, spotted by XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat. ..."
"... Google hasn't said anything about the feature-- XDA just happened to discover the code in a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of them happen (four to be exact) in rapid succession (with less than a third of a second delay) then Android will override the app and bring back the home screen. This could apply to apps that just freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware. ..."
Jul 11, 2017 | access.redhat.com
If you can't dismiss an app by pressing the "back" button, it may just be a glitch or crappy app, but it could also be something much worse . That's why Google has quietly slipped in a new Android feature called "panic detection" that can preemptively close an app if you stab at the back button multiple times. So far the feature, spotted by XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat.

Google hasn't said anything about the feature-- XDA just happened to discover the code in a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of them happen (four to be exact) in rapid succession (with less than a third of a second delay) then Android will override the app and bring back the home screen. This could apply to apps that just freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware.

It's a smart idea, because what's the first thing you do when you can't make an app go away? Frantically pressing the back key is probably the first thing, so that will kill the app and allow you to uninstall or disable it until you figure out the problem.

You'll have to enable the feature to get it to work, apparently. Google seems to be rolling it out on a limited basis, and may in fact just be testing it, so it may be some time before it ends up on your device.

[Aug 11, 2017] Amazon Takes Privacy Stand by Slapping Down Blu for Pre-Loading Spyware by Brady Dale

Notable quotes:
"... it detected devices sending data about call history, text messages, the unique identifier of the mobile service subscriber, the device's unique identifier and call histories. ..."
"... It also found evidence that the software specifically searched text messages for key words and sent full text messages back to Adups servers in China. ..."
"... In May 2017 on the Cubot X16S device, we observed the user's call log, text message metadata, browser history, list of installed apps, list of apps used and unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the Observer in an email. ..."
Aug 01, 2017 | observer.com

In its November report, Kryptowire wrote that it detected devices sending data about call history, text messages, the unique identifier of the mobile service subscriber, the device's unique identifier and call histories.

It also found evidence that the software specifically searched text messages for key words and sent full text messages back to Adups servers in China. These messages were encrypted, but Kryptowire was able to find the key and decrypt them.

Since the Kryptowire finding, Adups has reported that it is no longer collecting personally identifiable information, but Kryptowire told Black Hat attendees that it has continued to observe the same behavior, though more carefully hidden and not necessarily on Blu devices.

In a November statement , Adups explained the searching and parsing of users' text messages by saying it had created an application to screen and block promotional messages. It wrote, "In response to user demand to screen out junk texts and calls from advertisers, our client asked Adups to provide a way to flag junk texts and calls for users. [The] application flags texts containing certain language associated with junk texts and flags numbers associated with junk calls and not in a user's contacts."

Blu devices aren't the only ones to carry the Adups software, and Kryptowire has noted that it behaves differently from device to device. Another maker of cheap Android phones, Cubot, also uses Adups software. " In May 2017 on the Cubot X16S device, we observed the user's call log, text message metadata, browser history, list of installed apps, list of apps used and unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the Observer in an email.

On Wednesday, Kryptowire released additional technical details, describing tests from May on Blu Grand M, LifeOne X2 and Advance 5.0 devices.

Subsequent to the Black Hat presentation, Amazon has closed off sales for the complete line of Blu Android phones ...

[Jul 28, 2017] Google Uncovers, Blocks Malware Possibly Used To Spy On Android Users

Jul 28, 2017 | www.msn.com
discovered and blocked a new family of Android malware developed by a cyber arms company that may have its roots in state-sponsored spying efforts.

The malware!known as Lipizzan!contained references within its code to an Israeli tech firm called Equus Technologies, which offers "tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations."

In the Android Developers Blog , Megan Ruthven of Android Security and Ken Bodzak and Neel Mehta of Google's Threat Analysis Group detailed the malicious software, which they called a "multi-stage spyware product."

The researchers found Lipizzan had the ability to monitor and steal communications from the device. The malware could hijack a user's email, SMS messages, location information, voice calls and local media. It could also snap screenshots of the user's device and hijack the camera to take pictures or record video.

When active, Lipizzan could steal data from a number of apps including Gmail, Google Hangouts, LinkedIn, Facebook Messenger, Skype, Snapchat, popular messaging platforms like WhatsApp and Viber and encrypted communications app Telegram.

Most troubling about Lipizzan was that it was found in apps on the Google Play Store disguised as legitimate apps. The malware was most often found in apps posing at popular utilities with names like "Backup" or "Cleaner." A second wave of apps containing the malware posed as notepad, sound recorder, and alarm manager apps.

When a user would install one of the infected apps, the app would begin to download a "license verification" that would examine the device. If the handset met certain criteria, the second stage of Lipizzan would kick in and root the device while establishing a connection to the Command and Control server operated by malicious actors to send back files and recordings.

While the spyware was available to download through apps in the Google Play Store, Google reported very few instances in which infections were found. According to the company's findings, fewer than 100 devices had the malicious apps installed on their devices. Google claimed that would make the infection rate only 0.000007 percent.

Lipizzan and the apps that contain it have been removed from the Google Play Store, and Google recommends users make use of Google Play Protect , a security suite for Android devices.

Google also advised users to download apps exclusively from the Google Play Store rather than from third-party app stores and to disable installations from unknown sources. The search giant also suggested keeping devices up to date with the most recent security patch.

While Google may have caught and eliminated Lipizzan, the company has run into a fair amount of malware slipping through the cracks of its Google Play Store. Earlier this year, an adware scheme managed to infect 40 million phones through Google's official marketplace.

[Jul 11, 2017] no title

Jul 11, 2017 | www.msn.com
If you can't dismiss an app by pressing the "back" button, it may just be a glitch or crappy app, but it could also be something much worse . That's why Google has quietly slipped in a new Android feature called "panic detection" that can preemptively close an app if you stab at the back button multiple times. So far the feature, spotted by XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat.

Google hasn't said anything about the feature-- XDA just happened to discover the code in a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of them happen (four to be exact) in rapid succession (with less than a third of a second delay) then Android will override the app and bring back the home screen. This could apply to apps that just freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware.

It's a smart idea, because what's the first thing you do when you can't make an app go away? Frantically pressing the back key is probably the first thing, so that will kill the app and allow you to uninstall or disable it until you figure out the problem.

You'll have to enable the feature to get it to work, apparently. Google seems to be rolling it out on a limited basis, and may in fact just be testing it, so it may be some time before it ends up on your device.

[Jun 17, 2017] How governments devise custom implants to bug smartphones

Jun 17, 2017 | arstechnica.com
Citizen Lab, the University of Toronto group that monitors government surveillance in the digital age, analyzed the recently discovered instance of the fake Qatif Today app in a blog post headlined Police Story: Hacking Team's Government Surveillance Malware . The account provides a rare glimpse into malware developed by "Hacking Team," a highly secretive outfit based in Italy that charges governments top dollar for extremely stealthy spyware that's often referred to as a "lawful intercept" program.

The Trojan is known as an Android implant because it cloaks itself inside a legitimate third-party app. People who are infected with it must first be tricked into obtaining the Android installation package (APK) from a non-authorized source, which in this case was this now-shuttered Dropbox location . Aside from that, victims may have little indication anything is amiss. To lend it legitimacy, the malicious APK was signed by a digital certificate that appeared to be related to Java and its original creator Sun Microsystems. Citizen Labs identified six other samples signed by the same certificate.

Once installed, the app establishes contact with command and control servers located at 91.109.17.189 and 106.186.17.60, which are addresses Citizen Lab has seen used in previous Hacking Team campaigns. The implant also attempts to break out of its Android-imposed security sandbox by exploiting a vulnerability in older Android versions on specific handsets that allows apps to gain unfettered root privileges.

The trojan next tries to access local files stored by a variety of social media, chat, and call apps including Facebook, Viber, WhatsApp, Skype, LINE, and QQ. The app has audio recording, camera, video, key logging, and "live mic" capabilities, as well as a "crisis" module that provides anti-analysis functionality. The researchers also found evidence of what appears to be location, screenshot-taking, and browsing activity modules. The implant even seems to have a filter to specify date ranges to narrow the mail and text messages it sends back to the control servers. (It's not clear what happens when the app runs on Android versions that have patched the rooting vulnerability.)

"We also see information about how the implant exfiltrates data, along with its C2 servers," Tuesday's post reported. "Interestingly, it appears that the implant is capable of monitoring the devices' connectivity (e.g. Wi-Fi, cellular network), choosing connection type, and rate limiting the bandwidth. Note that these are the same servers we observed in the implant's network communications."

The Citizen Lab researchers provided an overview of the remote control system (RCS) architecture that works with Android trojans and trojans for other platforms. The architecture relies on a series of system administrators, technicians, and analysts to funnel information pulled off an infected device to the interested parties. Unverified screenshots an anonymous person provided to Citizen Lab show RCS works on computers running Windows, Mac OS X, or Linux.

Citizen Lab

It comes with a dazzling number of capabilities, including:

Citizen Lab researchers wrote:

The implant ("agent") offers one-click functionality for requesting information from target devices. Technicians are encouraged to add functionality as needed.

... ... ...

Selection of available surveillance modules Other Capabilities

Once an implant is operational its collection operations can be updated. In addition files can be sent to and received from the device.

In addition, implants have a default cap on "evidence" space of 1GB on the target device. Recording of new material stops when the space is reached. Operators also have the ability to delete not-yet-transmitted data on the device.

Programs such as RCS are marketed to governments as legitimate wares, but Citizen Lab points out that many countries have few legal guidelines and little oversight for the way they're used.

"In light of the absence of guidelines and oversight, together with its clandestine nature, this technology is uniquely vulnerable to misuse," the report warns. "By analyzing the tools and their proliferation at the hands of companies like Hacking Team and Gamma Group, we hope to support efforts to ensure that these tools are used in an accountable way, and not to violate basic principles of human rights and rule of law." , Jun 24, 2014 9:47 PM

Quote:
The implant also attempts to break out of its Android-imposed security sandbox by exploiting a vulnerability in older Android versions that allows apps to gain unfettered root privileges.

According to your link Dan, this affects only the Samsung Galaxy S3 or anything with Samsung's Exynos chipset. It isn't an Android root exploit in general. It's already been patched a year ago. blockquote

This is more interesting because all android apps are signed and if an app wished to update an app already installed (and with the same name, otherwise it will show up as a separate app), it has to have a matching signature.

MatthewSleeman , Ars Praetorian Jun 24, 2014 10:34 PM
aleph_nought wrote:
When does lawful intercept cross the line into total surveillance? Post-Snowden, the concept of lawful intercept has no meaning when everything can be intercepted and used at a later time.

Better question: How is this lawful to begin with? Unless they set things up so that, in theory, only terrorists and other *valid* targets of surveillance download then app, I don't see how it could be given the uproar over the stuff Snowden released
goretsky , Smack-Fu Master, in training Jun 25, 2014 12:33 AM
Hello,

The SHA-256 hash for the file is 8e64c38789c1bae752e7b4d0d58078399feb7cd3339712590cf727dfd90d254d .

According to this VirusTotal report, this program is currently detected by the following programs:

Avira AntiVir - Android/FakeInst.ES.4
Baidu-International - Trojan.Android.FakeInst.bES
ESET - a variant of Android/Morcut.A
Kaspersky - HEUR:Trojan-Spy.AndroidOS.Mekir.a
ThreatTrack VIPRE - Trojan.AndroidOS.Generic.A

Five out of fifty-three program, or a little under 10%. I'm sure the detection rate will go up in the next 24 hours to (or at least, near) 100%, though.

Regards,

Aryeh Goretsky

Pueo , Smack-Fu Master, in training Jun 25, 2014 3:48 AM
MatthewSleeman wrote:
aleph_nought wrote:
blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory, only terrorists and other *valid* targets of surveillance download then app, I don't see how it could be given the uproar over the stuff Snowden released

Consider the likely target of the malware. It is someone using a news app focusing on a Saudi Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp) and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt the monarchy is concerned with adding spying to its long list of human rights violations.

julienm , Wise, Aged Ars Veteran Jun 25, 2014 9:39 AM
Ostracus wrote:
show nested quotes
MatthewSleeman wrote: blockquote aleph_nought wrote: blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory, only terrorists and other *valid* targets of surveillance download then app, I don't see how it could be given the uproar over the stuff Snowden released

Consider the likely target of the malware. It is someone using a news app focusing on a Saudi Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp) and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt the monarchy is concerned with adding spying to its long list of human rights violations.

True, although I doubt they're the only country that would benefit from such a tool.

BTW when is the IOS version coming out? I can't image just running a different brand would provide the needed security?

there has been several stories about iOS malwares used by government agencies.

some are using public jailbreak exploits to install:
http://blog.kaspersky.com/iphone-spyware/

others, aimed at high value targets, would use 0day flaws (browser exploits, PDF exploits,...).

so far, haven't heard of any such malware targeting WP7/8, but that's probably due to market share. Interestingly, such spying toolkits still have modules for Windows Mobile 6 (that might be explained by the fact it was much easier to develop malware on that old platform without sandboxing or modern memory protection features)

nonars , Smack-Fu Master, in training Jun 25, 2014 10:16 AM New Poster
All of these app permissions are shared by and android app named "MobileTracker 1.0", which comes with many of the cell phones straight from the manufacturers. The full list of MobileTracker 1.0 is scary and this app cannot be disabled. It smells a lot like another CarrierIQ to me. Be aware of this app.

[Jan 26, 2017] That Old Phone Trump Uses for Twitter Could Be an Opening to Security Threats by CECILIA KANGJAN

And what about regular users android insecurity? Is not this is a huge problem with Google serving as as a channel for spying on us?
Notable quotes:
"... "The absolutely minimum Trump could do to protect our nation is to use a secure device to protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief to use an unsecure device that could be easily hacked or intercepted." ..."
"... "There are a lot of questions, but it is clear there are often vulnerabilities in our phones and internet systems - and it is critical that people take precautions to ensure their sensitive information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union. ..."
"... In 2009, President Barack Obama fought to become the first president with a smartphone; though he won, the use of a White House-issued secure device came with many rules. ..."
Jan 25, 2017 | www.nytimes.com

President Trump has carried his Twitter habit into his presidency. He has also brought with him another tech habit that is causing concern.

Mr. Trump has been using his old, unsecured Android phone to post on Twitter since moving to Washington late last week.

The president's desire to use his old, personal smartphone raises concerns that its use could be exposing him and the nation to security threats.

He is using the Android smartphone mainly to post on Twitter, not to make calls. But it's unclear what security measures have been put in place on the device and how vulnerable he could be to someone stealing data or breaking into his Twitter account.

The White House did not respond to a request for comment.

Twitter requires a connection to the internet, which exposes the device to security vulnerabilities if proper measures like two-factor authentication - a password and a code texted to a phone, for example - are not in place. If he uses the smartphone on an unsecure Wi-Fi network, he could be exposing his location and other personal information on the device.

"The absolutely minimum Trump could do to protect our nation is to use a secure device to protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief to use an unsecure device that could be easily hacked or intercepted."

Among the concerns by security experts:

"There are a lot of questions, but it is clear there are often vulnerabilities in our phones and internet systems - and it is critical that people take precautions to ensure their sensitive information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union.

The president's use of the personal device is particularly notable given his criticism of Hillary Clinton for using a personal email address and server when she was secretary of state.

In 2009, President Barack Obama fought to become the first president with a smartphone; though he won, the use of a White House-issued secure device came with many rules.

"As president, he is the biggest sitting target in the world," said Kevin Bankston, the director of New America's Open Technology Institute.

[Dec 26, 2016] Malware Found In the Firmware of 26 Low-Cost Android Models

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 60 Posted by msmash on Tuesday December 13, 2016 @11:12AM from the security-woes dept.

An anonymous reader writes:

Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets , malware which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android device models have been found to be vulnerable. The common link between all these devices is that all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.

According to security researchers from Dr.Web , a Russian antivirus vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users." The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.

[Dec 26, 2016] Barnes Noble's Latest Tablet Is Running Spyware From Shanghai

Dec 26, 2016 | news.slashdot.org
(linuxjournal.com) 63

Posted by BeauHD on Tuesday December 20, 2016 @07:45PM from the buyer-beware dept. Long-time Slashdot reader emil writes about how ADUPS , an Android "firmware provisioning" company specializing in both big data collection of Android usage and hostile app installation and/or firmware control, has been found pre-loaded on Barnes and Noble's new $50 tablet :

ADUPS was recently responsible for data theft on BLU phones and an unsafe version of the ADUPS agent is pre-loaded on the Barnes and Noble BNTV450 . ADUPS' press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that " owners can expect zero privacy or control while using it ."

[Dec 26, 2016] More Than 1 Million Android Devices Rooted By Gooligan Malware

Dec 26, 2016 | tech.slashdot.org
(onthewire.io) 42 Posted by msmash on Wednesday November 30, 2016 @12:25PM from the security-woes dept. Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world , giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

[Dec 09, 2015] 10 Best Must Have Android Apps 2015

YouTube

10 cool things you didn't know your Android could do by Kris Carlon

AndroidPIT

Access Chrome tabs from other devices

If you're using Chrome as your default browser and let's be honest: who isn't? were you aware that you can access the Chrome tabs from your other devices on your phone or tablet?

As long as you're logged into Chrome, when you launch a new tab you'll see the Recent tabs option at the bottom right. Tap this to see the urls that are open on your other logged-in devices and quickly access any of them.

Document scanner

In the early days of digitizing documents and photographs, you had to invest in a large flatbed scanner to make the physical digital. Nowadays you can use your smartphone camera as a makeshift scanner. Although the quality isn't quite as good, the process is a lot more convenient.
CamScanner is one of the best document scanners. / ANDROIDPIT
CamScanner -Phone PDF Creator Install on Google Play
If you want to use your phone in this way there are a number of options. You can just snap a document and save it as an image, while Google Drive can convert scans into PDF files and read the text within them, as can the excellent CamScanner and Evernote.

If found, return to:

This is another great tip for anyone with a tendency to misplace their things or for those with the bad habit of leaving your phone on the restaurant table while they dash off to the bathroom. If your phone gets lost and you suspect it has been picked up by someone, you can put a message on the lock screen telling the finder of your phone how to get in contact with you.

Remote lock or wipe your lost phone

There's not much worse than losing your phone, apart from losing your phone and knowing that someone might have access to your data. It's not only depressing, it's downright dangerous. Did you know that Google has an awesome feature called Android Device Manager that lets you track and take control of your phone if you ever lose it?

ADM goes beyond just tracking your phone though: you can use it to ring your phone, remotely lock it or even factory reset it if you know you're never getting it back. Just enable Android Device Manager in Settings > Security > Device Administrators and access the site on your computer if you ever lose your phone.

[Dec 09, 2015] 16 Must Have Android Apps By Matt Hartley

Nov 05, 2015 | Datamation

Mr. Number
There is little in life that's more annoying than having your smart phone ring during dinner. Even worse than that, is discovering the call is coming from a phone solicitor. This is where Mr. Number saves the day. You can use Mr. Number to block problem incoming numbers. Best of all, you'll have the ability to either send the caller directly to voicemail or just block them completely.

SwiftKey
I've tried to use the default Android keyboard. It's "okay," however I need something that will help catch my written mistakes. While not perfect, I've found that SwiftKey is pretty close. If you allow it to learn from your phone's history, it's surprisingly accurate in its suggestions and auto-corrections. Install, choose the keyboard skin you want and you're all set. The only downside is that I lack this on my desktop PC.

Tasker
I've had a bit of a love/hate relationship with Tasker. I love it as it allows me to automate various aspects of my phone's interaction with the real world. But I hate it because I keep finding new uses for it. From using location services to make your phone turn off certain services to sending SMS messages when you get to work this app does it all! I should point out that this is not an easy app to use out of the box. You will need to spend some time working with it to fully get the hang of it.

Elixir 2
If there is one application you install, it needs to be Elixir 2. It's designed to help the masses understand some of the mysterious stuff running in the background of their Android devices. This app is also awesome for hardware troubleshooting. Proximity sensor or software issues bugging you? Elixir 2 will allow you to verify that your Android phone's sensors are all acting correctly. I have found that its report generator is an invaluable tool for determining device health, component temperature and if everything is firing on all cylinders.
PIA (Private Internet Access)
If you find yourself using untrusted wifi on occasion, then you're going to want to make sure you're using the PIA VPN app for Android. It's dead simple to use, simply enter in your account information once and connect. The VPN software will ensure you're connecting to the fastest VPN server and your getting solid throughput performance. There are other VPN solutions out there for Android, however none of them match both the speed and performance found with PIA.

SmartThings
It's been said that 2015 is the year that "the Internet of things" becomes a common buzzword with smart devices working together to make life around your home easier. Recently I've been testing out a smart device hub called SmartThings. It comes with a smart hub that I connected to my router, then I added smart sensors to expand the "network" of smart devices. The key to controlling these items comes from their SmartThings Android app. It allows me to monitor sensors being triggered and even turn devices on or off. What I love about this app is that it offers me the ability to receive alerts as push notifications and SMS alerts. Bundle their alerts with the ability to make real-time changes to aspects of my home from anywhere and it's easy to see why SmartThings is such a popular concept.

[Dec 09, 2015] Best Free Android Apps By Matt Hartley

Dec 07, 2015 | Datamation

Fing Having a clear, real-time list of the devices attached to my home network is a huge time saver. Fing provides this for me without any extra effort. It even provides me with the assigned IP addresses, device manufacturer name and hostname for each appliance. Fing goes further by providing me with ping, traceroute and DNS lookup options. And as an added benefit, I can even execute WAL (Wake on LAN) for any computers setup to receive the "magic packet."

BaconReader Reddit is a guilty pleasure of mine. But rather than bother to load up Reddit in Chrome, I prefer to use BaconReader. Its UI is intuitive, simple to use and runs very smoothly. I also like that I can share comments or a direct link to a Reddit post with minimal screen presses.

JuiceSSH I spend more than a fair amount of time in SSH these days, between checking logs and working with my crontab. I've been known to monitor server performance or track down issues, while using JuiceSSH on my Android phone. I need SSH access to Debian ARM on a Pogoplug, Ubuntu Server on a Raspberry Pi and Ubuntu MATE and Arch (Antergos) dual-booting on my main rig. With JuiceSSH, I have simple access to all of these machines. Add in Dynamic DNS and I have SSH access from anywhere in the world. The biggest thing that sold me on JuiceSSH vs other related apps are the plugins available. An importer for my ssh_config, performance monitor for my remote servers, a port knocker, even a solid audit log.

... ... ...

[Dec 06, 2015] The marriage day of Android and Chrome OS may finally be set on the calendar

The Wall Street Journal reported Thursday, citing sources with knowledge of the matter, that Google plans to fold its Chrome operating system into Android.

It follows on from reports two years ago when Google's executive chairman Eric Schmidt refused to rule out merging the two Linux based operating systems.

What's Hot on ZDNet

Last year, rumors emerged that Google was already at work in combining its popular end-user operating systems. And, in June 2014, Sundar Pichai -- now Google's CEO -- said that the company will be giving Chrome OS the power to run Android apps..

This move make a great deal of sense. Android and Chrome OS are Linux-based operating systems, which support apps in different ways but share the same foundation. Android forms its own distribution family, while Chrome OS is based on Gentoo Linux.

Both have their own strengths they could bring to a merged smartphone, tablet, and desktop operating system. Android, which runs on more than a billion devices, is the single most popular end-user operating system, with more than 1.6 million apps. Chrome OS has shown that Web-based apps are sufficient enough for many desktop users. In addition, Android is plagued with multiple versions that are very difficult to upgrade.

Chrome OS updates all versions on all systems. If Google gets vendors to update their Android devices using Chrome OS' upgrade methodology, Android would instantly become much more secure.

Sources close to the matter said that Chrome OS isn't going away any time soon, however.

"Google will still be pursuing Chromebook partnerships, for example since Chromebooks are doing better than ever in US schools."

Another source said that it makes sense now to explore with mobile devices becoming the primary device. There are opportunities to provide an open platform for both mobile and desktop. This is already happening. Examples of this direction include Chromecast running on a version of Android and the new Pixel C Android tablet.

In a recent issue of Fast Company, Google engineer Hiroshi Lockheimer, one of the leading Android developers, said that with the Android and Chrome OS now under the same management its "easier to implement cross-platform features such as the ability to use an Android phone to unlock a Chromebook."

We can now see the where these cross-platforms efforts are leading to: A new merged operating system.

Alas, while the marriage license may be signed, the actual release date is still over a year in the future. The Journal reports that the combined "Android Chrome OS" won't ship until 2017.

A beta version may be available sometime in 2016.

[Feb 08, 2015] Three Adware-Infected Android Apps Suspended From Google Play

Feb 08, 2015 | Linux Today

Security vendor Avast warned on Feb. 3 that it had found three popular apps in the Google Play Android apps store that were infecting users with adware.

A Google spokesperson confirmed to eWEEK Feb. 4 that all of the malicious apps identified in the Avast report had been suspended from Google Play.

Complete Story

Related Stories:

[Dec 31, 2013] Why Do Android Smartphones Guzzle the Most Data?

Android smartphones are kind of like Hummers. Reminiscent of the oversize, gas-guzzling S.U.V.'s, Androids have the biggest screens and tend to use much more data than other types of smartphones, including iPhones. And that higher data usage could rack up heftier phone bills.

In a recent study, Ericsson, the networking company, found that global mobile Internet traffic varied greatly, depending on the software system and the network that a phone uses.

But the highest average data consumption was seen on Android phones, which consumed an average of 2.2 gigabytes of data a month on one network, the study said. By contrast, iPhones used roughly 1.7 gigabytes a month and Windows phones used approximately 1.4 gigabytes a month, Ericsson found.

Chetan Sharma, a telecom analyst who is a consultant for wireless carriers, also has found that Android phones were the biggest data hogs. In the United States, high-end Android phones used about 4 gigabytes a month on average this year, he said. That is well above the average of 1.2 gigabytes a month that American wireless subscribers consumed this year.

So why does Android use more data?

The reasons are multifold. The most obvious is that Android phones tend to have the largest screens, so they download bigger files and video with more pixels, Mr. Sharma said.

Another factor is that Android is less efficient at managing apps than Apple's iOS. For instance, multiple Android apps may be running in the background with things like location data being collected, Mr. Sharma said. Also, Android users typically don't upgrade their operating systems as frequently as iOS users, so their smartphones may not receive fixes improving data management, he said.

Jan Dawson, an independent telecom analyst who previously worked for Ovum, noted that the data traffic numbers may also reflect the profiles of the people who choose Android versus those who choose iPhones. People with larger Android phones are more likely to skip buying a tablet, whereas iPhone owners may be buying iPads and consuming a lot of content there.

Regardless of how much data whichever phone consumes, the greater concern is how difficult it is to monitor data usage, Mr. Dawson said. While the carriers provide tools for monitoring data usage, there is no easy and intuitive way to keep close track of the megabytes or gigabytes you're using - no equivalent to a gas gauge to see how close you are to empty.

[Oct 23, 2013] 10 great Android apps you should be using, but aren't

None of those application even close to being great ;-). AutomateIt might have some promise, though

AutomateIt

Your smartphone is pretty smart, but apps like AutomateIt can make it even smarter.

The app lets you automate actions on your phone, so that whenever certain criteria are met, the action is triggered.

You can use AutomateIt for a variety of tasks, including sending a reply with your phone's location whenever a person texts you asking where you are. Or you can use it to turn Wi-Fi on and off under certain conditions to save battery life. You can even have AutomateIt switch your phone to vibrate mode whenever a meeting saved on your calendar starts.

If all of these settings seem a little too utilitarian, and just not fun enough, consider this: You also can use AutomateIt to play audio that says "Don't Touch Me!" whenever anyone comes too close to the proximity sensor on your phone.

[May 16, 2013] Survey On the Future of Open Source, and Lessons From the Past

May 15, 2013 | Slashdot

Drakino

This isn't always good though

It's great to see Open Source used as a tool to help foster healthy competition where it otherwise may not happen. But it's also potentially bad if the Open Source path leads to worse results for end users.

Take for example the iPhone/Android comparison made. The iPhone took control away from the mobile phone carriers in regards to the device, allowing all iPhone users to see updates all at the same time. It also put a dent in the phone crapware problem. Android has done nether, suffering problems because devices can't be all easily updated. Google today announced that they will be updating APIs through Google Play. All because their attempts to update those APIs at the OS level failed due to carrier and device manufacturers holding up, or never providing OS updates.

Google is only regaining control and providing better user experience on Android by becoming more closed, at least when it comes to how they deal with carriers and device manufacturers.

jedidiah

Re: This isn't always good though

Android gives users more control over their hardware and their user experience. It also presents a more diverse and meaningful set of choices.

A lot of people like to whine about Android fragmentation and then ignore how badly forced OS upgrades can run on an iPhone.

Even without Google trying to emulate Apple. Android provides a useful and distinct alternative.

There is nothing about Google engaging in Apple style megalomania that will improve my user experience as an Android user. Those perpetuating the usual FUD in this area never highly any actual real consequence of this so-called tragic fragmentation.

[Dec 09, 2012] Stock Android Isn't Perfect These Are The Things I Can't Stand About Jelly Bean

So the Back button should open the previous screen. Use of the word "History" makes me think it should work like the back button in your browser. Boy, would that be awesome. There are so many times when that just doesn't happen.

I Never Have Any Idea What The Back Button Will Do

Here is a screen cap from Google's official Galaxy Nexus User Guide (PDF), explaining what the Back button is supposed to do:

Capture

So the Back button should open the previous screen. Use of the word "History" makes me think it should work like the back button in your browser. Boy, would that be awesome. There are so many times when that just doesn't happen.

The back button is broken in a million different ways. Here, I'll show you.

... ... ...

Since we can't believe the user manual, let's be smart users and learn from this interaction: the Back button takes you to the "main page" of an app, then a second back press will get you to where you were - lesson learned.

[Dec 07, 2012 ] What is the best programming language to develop Android apps

LinkedIn

Igor K.

In the case you would like to find the most advanced community support use the following:* Android development kit from Google;* use Eclipse as the IDE since it's being widely used and has needed plugins;* build your app in Java in the case you are targeting only Android devices and your application functionality demands full platform API set;* build your app logic in JavaScript, HTML5 and use PhoneGap as a glue if your application mostly consist from data presentation layers and you are targeting multiple platforms like iOS, BlackBerry;* would you like to build it as JavaScript, HTML5 but using Java for coding - Google Web Toolkit your choice along with PhoneGap; There are many other ways but I would rather say they are not that easy comparably to said above.

Ankur R.

Java is the primary language for developing Android applications. On top of that you can use scripting language like Python, JRuby, Lua,PERL, JavaScript. For using the scripting languages you have to install SL4A (Scripting layer for Android).

Is there any way to run Python on Android

"As a python lover and Android programmer, I am sad to say this is not really a good way to go."
Stack Overflow

As a python lover and Android programmer, I am sad to say this is not really a good way to go. There's two problems.

One problem is that there is a lot more than just a programming language to the Android development tools. A lot of the Android graphics involve XML files to configure the display, similar to HTML. The built-in java objects are really integrated with this XML layout, and it's a lot easier than writing your own code to go from logic to bitmap.

The other problem is that the G1 (and probably other Android devices for the near future) are really not that fast. 200 Mhz processors, and RAM is very limited. Even in Java you have to do a decent amount of rewriting-to-avoid-more-object-creation if you want to make your app perfectly smooth. Python is going to be too slow for a while still on mobile devices.

====

gdw2

Using SL4A (which has already been mentioned by itself in other answers) you can run a full-blown web2py instance (other python web frameworks are likely candidates as well). SL4A doesn't allow you to do native UI components (buttons, scroll bars, and the like), but it does support WebViews. A WebView is basically nothing more than a striped down web browser pointed at a fixed address. I believe the native Gmail app uses a WebView instead of going the regular widget route.

This route would have some interesting features:

Carl Smith

SL4A does what you want and is actively developed. You can install it from the Market and don't need root. It supports a range of languages, Python support is currently for version 2.6, but the owner, Robbie, is personally working on Python3. Check it out.

http://code.google.com/p/Android-scripting/

Update: Python3 is out, but it's not running very well.

Python Console for Android: https://play.google.com/store/apps/details?id=com.pythonconsole

You can run, create, load, save, manage scripts on your Android device.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haters Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: November 16, 2018