Related
mentioned as a sort of derail in this older post
http://forum.xda-developers.com/showpost.php?p=58810816&postcount=3
but no replies so just wanted to re-post with a specific, appropriate subject line.
so, supposedly I should be able to go into settings->wireless->bluetooth and change the "bluetooth name" of the device, and also choose discoverable on/off/timeout.
a. can't change the name of the device; there's no sort of default name shown, and when I tap the left side of the very first line, all I get is bluetooth turns on.
2. turning bluetooth on makes it permanently discoverable, no options to disable or set a time out. if I try tapping the left side of the first line, all that happens is BT shuts off.
is this pure pilot error? does this work / not-work for others?
I have the 4.5.3 update installed.
one thing I wonder about, is that I did disable a bunch of safe-seeming Amazon packages (check out the other thread about PM blocking) including the launcher and some other things. seems unlikely this would have any effect, but in the worst case I can try unblocking stuff and see.
also, haven't been able to find any realy mention on xda or google, but might as well ask: does anyone know if PM or AM are able to manipulate bluetooth settings?
also also, getprop shows:
[net.bt.name]: [Android]
net.hostname = kindle-blahblahgibberish (the usual)
(even weirder, when I pair it with a win7 PC, it shows up as the custom name I put in settings->device options->"change your fire's name")
and the bluetooth settings page still shows none of the above, zero name at all.
again, is this all normal behavior? it's kind of a security flaw (yes, I was still required to enter a PIN on the keyboard, which is good, but there are other ways permanently-discoverable can be bad.)
Don't have your device, so can't say how bluetooth shd work, but as far as blocking I wonder if the debloater tool by @gatesjunior will work with your device. No root required on KitKat, (but of course Sangria is very different.) If it works, it'll show you everything you blocked, let you easily unblock some or all, and also find out if you can pm block bluetooth.
http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
thanks, but I may have already heard of that one...
http://forum.xda-developers.com/showpost.php?p=58820407&postcount=6
and if it somehow wasn't clear, I'm NOT trying to block bluetooth. otherwise I could simply leave it turned off to same effect.
Hey, sorry. I searched around and didn't see your post
DoLooper said:
Hey, sorry. I searched around and didn't see your post
Click to expand...
Click to collapse
nah, I was just having a laugh, no worries. I was actually glad you posted it because that program is so seriously friggin' useful, the more people know it will work with their firehd, the better.
like, if my lazy carcass ever gets around to trying re-enabling stuff I've blocked and see if that changes anything in the BT settings, I can do it one by one, but first export/save the list of blocked stuff - so much easier to import/restore the saved blocklist file, instead of writing it down or trying to remember.
tarvoke said:
nah, I was just having a laugh, no worries. I was actually glad you posted it because that program is so seriously friggin' useful, the more people know it will work with their firehd, the better.
like, if my lazy carcass ever gets around to trying re-enabling stuff I've blocked and see if that changes anything in the BT settings, I can do it one by one, but first export/save the list of blocked stuff - so much easier to import/restore the saved blocklist file, instead of writing it down or trying to remember.
Click to expand...
Click to collapse
Right on! Too many text files with notes of mods to everything, not just KFs. lol.
And hey, thanks for getting Fire 6 to Gran--lots of promises, but you came through. Good man! Guess you saw this: https://plus.google.com/+GranPC/posts/SkUo5AUDMAy
Alright, So we've seen Firefox running on Android Wear, however we can't enter any menus due to no softkeys on the device. I have been trying to install apps such as "Virtual Button Bar" and SoftKeys for Root Users onto the watch and they install and run. But only the home button works. Neither the back or menu button seems to work in any application.
Has anyone else attempted to get some softkeys for controls in unsupported apps that may be able to enlighten me more on why these keypresses seem to be ignored by the OS..
ShadowEO said:
Alright, So we've seen Firefox running on Android Wear, however we can't enter any menus due to no softkeys on the device. I have been trying to install apps such as "Virtual Button Bar" and SoftKeys for Root Users onto the watch and they install and run. But only the home button works. Neither the back or menu button seems to work in any application.
Has anyone else attempted to get some softkeys for controls in unsupported apps that may be able to enlighten me more on why these keypresses seem to be ignored by the OS..
Click to expand...
Click to collapse
With LMT all the keys that can get on-screen are working just fine in apps that support them but the problem is the app can't be launched (FC-most probably because it has an action bar) so you can't edit the buttons or the size of them, they just work but are over sized.
Ranomez said:
With LMT all the keys that can get on-screen are working just fine in apps that support them but the problem is the app can't be launched (FC-most probably because it has an action bar) so you can't edit the buttons or the size of them, they just work but are over sized.
Click to expand...
Click to collapse
I wonder if you can install LMT on your phone, customize it first, then go to /data/data/... or an appropriate location to grab the config and push it into the watch.
I'm also considering buying a GW, so if this somehow works, please let me know.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
AndyYan said:
I wonder if you can install LMT on your phone, customize it first, then go to /data/data/... or an appropriate location to grab the config and push it into the watch.
I'm also considering buying a GW, so if this somehow works, please let me know.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
Click to expand...
Click to collapse
Yes ofc it will work but the problem with that is that it will take a lot of time to customize the settings right for the watch and each time you copy the files to data/data remember that you will need to set the right permissions, owner and SELinux context for each and every file and considering that currently SELinux contexts can differ from one device to an other and from one ROM to an other that will be really time consuming and hard as you will have to find an app on your watch that has the same types of files to see the SELinux contexts for each of them.
To say it short yes you can do that but it will probably take you at least 1 day and I don't have the time or patience to do that and I doubt many people on this forum will but ofc if you do buy a G Watch have a go at it and tell us just how much time you've wasted.
Ranomez said:
Yes ofc it will work but the problem with that is that it will take a lot of time to customize the settings right for the watch and each time you copy the files to data/data remember that you will need to set the right permissions, owner and SELinux context for each and every file and considering that currently SELinux contexts can differ from one device to an other and from one ROM to an other that will be really time consuming and hard as you will have to find an app on your watch that has the same types of files to see the SELinux contexts for each of them.
To say it short yes you can do that but it will probably take you at least 1 day and I don't have the time or patience to do that and I doubt many people on this forum will but ofc if you do buy a G Watch have a go at it and tell us just how much time you've wasted.
Click to expand...
Click to collapse
Hmm, I doubt it would take that much effort, because I've tried manually moving config for some other apps without even touching the permissions, and they seem to fix that automatically. System apps don't like that way, though.
But seeing how Android Wear hates ActionBar, thus making many of my apps unavailable, I don't know if I'd still buy one. Yes I do want something Android on my wrist, but if it's just time-telling and Google Now (which is not even available here in China), then I'm not paying that chunk for it.
What apps do you have, then?
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
AndyYan said:
Hmm, I doubt it would take that much effort, because I've tried manually moving config for some other apps without even touching the permissions, and they seem to fix that automatically. System apps don't like that way, though.
But seeing how Android Wear hates ActionBar, thus making many of my apps unavailable, I don't know if I'd still buy one. Yes I do want something Android on my wrist, but if it's just time-telling and Google Now (which is not even available here in China), then I'm not paying that chunk for it.
What apps do you have, then?
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
Click to expand...
Click to collapse
Well you are talking about moving configs to the same phone I guess? Also if not were you on android 5.x+ cause if yes SELinux has became really strict, to the point that if you mess up some contexts on any file in the data partition you could even get a bootloop (happened to me) or have all your apps disappear and be unable to install any app until you fix up the SELinux context (again happened to me), which you will have to do using adb in that state if you don't happen to have and file manager with root capabilities installed in /system/app or /system/priv-app.
Also to answer your question: yes most normal android apps don't work but there are some that do, even some games and some are even really playable, moreover there are enough useful android wear apps out there, I don't know what you plan to use your watch for but for me it does way more than enough, after all it's a watch, it's not like I'll ever want to spend a lot of time looking at it doing anything but I can do some fast reading on it when I need (not like I'll ever read a whole book on it, that's why I have an android e-book reader or even my phone in the worst case scenario), browsing the internet fast (ofc it needs to be connected to a phone with a data connection), receive and send messages, reject calls, even some light or not so light gaming, even things as Temple Run 2, can play music when I don't have my phone using a bluetooth headset/speaker), the only thing I miss is a full office suite, really, I am writing a novel at the moment and never know when I get some inspiration and have to write down what I have in my mind pretty fast so I don't forget, would love to just be able to write on the watch and not have to take out my phone for that.
Also I would suggest that if you have the money you should go with a watch that has wi-fi like the G Watch R or Urbane cause then you will be able to use the internet without a phone, also the screen of the G Watch is really bad in the sun, I had a Sony Smartwatch 2 before and that was way more limited software wise (and for that reason had a battery life of over 1 week) but the screen was miles ahead, I could see everything in powerful sun light without even setting the brightness to the maximum, on the G Watch I can barely see anything with the brightness at maximum in not so powerful sun light.
Does LMT contain the menu button by default? I could care less if it's a little oversized (as long as it's not to big for 150-175 DPI), but I'm about to reset my watch using the restore tools because I screwed up root while trying to get SoftKeyz (EDIT: I believe was the name of the softkey app I was trying to make work, can't remember and just finished resetting) to work correctly.
Ranomez said:
Well you are talking about moving configs to the same phone I guess? Also if not were you on android 5.x+ cause if yes SELinux has became really strict, to the point that if you mess up some contexts on any file in the data partition you could even get a bootloop (happened to me) or have all your apps disappear and be unable to install any app until you fix up the SELinux context (again happened to me), which you will have to do using adb in that state if you don't happen to have and file manager with root capabilities installed in /system/app or /system/priv-app.
Also to answer your question: yes most normal android apps don't work but there are some that do, even some games and some are even really playable, moreover there are enough useful android wear apps out there, I don't know what you plan to use your watch for but for me it does way more than enough, after all it's a watch, it's not like I'll ever want to spend a lot of time looking at it doing anything but I can do some fast reading on it when I need (not like I'll ever read a whole book on it, that's why I have an android e-book reader or even my phone in the worst case scenario), browsing the internet fast (ofc it needs to be connected to a phone with a data connection), receive and send messages, reject calls, even some light or not so light gaming, even things as Temple Run 2, can play music when I don't have my phone using a bluetooth headset/speaker), the only thing I miss is a full office suite, really, I am writing a novel at the moment and never know when I get some inspiration and have to write down what I have in my mind pretty fast so I don't forget, would love to just be able to write on the watch and not have to take out my phone for that.
Also I would suggest that if you have the money you should go with a watch that has wi-fi like the G Watch R or Urbane cause then you will be able to use the internet without a phone, also the screen of the G Watch is really bad in the sun, I had a Sony Smartwatch 2 before and that was way more limited software wise (and for that reason had a battery life of over 1 week) but the screen was miles ahead, I could see everything in powerful sun light without even setting the brightness to the maximum, on the G Watch I can barely see anything with the brightness at maximum in not so powerful sun light.
Click to expand...
Click to collapse
Thanks for compiling such a long response for me :thumbup:
As my signature says most of my devices are on 5.1. Moving some game saves across devices works nicely, though moving contacts database involves modifying owner and permission, but not SEL context - to be honest, I don't even know that ever matters.
Sure I don't have many things in mind when it comes to "what to do with GW"... Back when I was using the Gear, I had quite some apps on it, but most of the time I use it as a timekeeper. But not being compatible with ActionBar is so shocking - I can't imagine how many apps I've used on the Gear so nicely won't work with GW, the most important of which are Greenify, LMT and Root Explorer. Looks like I still have to do much research before I decide on a purchase.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
AndyYan said:
Thanks for compiling such a long response for me :thumbup:
As my signature says most of my devices are on 5.1. Moving some game saves across devices works nicely, though moving contacts database involves modifying owner and permission, but not SEL context - to be honest, I don't even know that ever matters.
Sure I don't have many things in mind when it comes to "what to do with GW"... Back when I was using the Gear, I had quite some apps on it, but most of the time I use it as a timekeeper. But not being compatible with ActionBar is so shocking - I can't imagine how many apps I've used on the Gear so nicely won't work with GW, the most important of which are Greenify, LMT and Root Explorer. Looks like I still have to do much research before I decide on a purchase.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
Click to expand...
Click to collapse
I just looked at your signature and now I know why you had no problem with moving data from one device to an other: all your devices are running CM so they will all use the same security contexts but CM's security contexts are different from normal stock AOSP's contexts and both are different from the contexts used in Samsung TW ROM's, I can bet that if you try to move the data to a stock nexus or some other device running a manufacturer ROM or an other custom ROM than CM (most do use the same contexts but some don't) you will get into problems. SELinux contexts seem to be now just as important as permissions, sometimes you can get around with the wrong owner but if you have wrong Permissions or SELinux contexts you might mess up more than what you were changing.
Also about the app compatibility thing....I don't really miss many apps that I run on my normal devices, the only one I can actually think of is Titanium Backup (and an office app as I said), I found a good replacement for root explorer in MiXplorer, greenify is totally un-needed and wouldn't be too useful even if it worked (I'm actually not sure if it does or not, to me that layout looked like the action bar is either a non-default implementation so it might work without it) because the xposed installer doesn't work (FC-same reason, action bar) but I think xposed could work if someone adapted the installer (doesn't seem to me that the OS-level differences are so big, it's more of the framework), didn't yet try but just for a lol will flash the xposed lollipop zip and see if I can still boot.
An other option for you might be to buy a Gear S, as far as I can see there is some development going on towards running (initially) android wear on it and further afterwards full android.
Ranomez said:
I just looked at your signature and now I know why you had no problem with moving data from one device to an other: all your devices are running CM so they will all use the same security contexts but CM's security contexts are different from normal stock AOSP's contexts and both are different from the contexts used in Samsung TW ROM's, I can bet that if you try to move the data to a stock nexus or some other device running a manufacturer ROM or an other custom ROM than CM (most do use the same contexts but some don't) you will get into problems. SELinux contexts seem to be now just as important as permissions, sometimes you can get around with the wrong owner but if you have wrong Permissions or SELinux contexts you might mess up more than what you were changing.
Also about the app compatibility thing....I don't really miss many apps that I run on my normal devices, the only one I can actually think of is Titanium Backup (and an office app as I said), I found a good replacement for root explorer in MiXplorer, greenify is totally un-needed and wouldn't be too useful even if it worked (I'm actually not sure if it does or not, to me that layout looked like the action bar is either a non-default implementation so it might work without it) because the xposed installer doesn't work (FC-same reason, action bar) but I think xposed could work if someone adapted the installer (doesn't seem to me that the OS-level differences are so big, it's more of the framework), didn't yet try but just for a lol will flash the xposed lollipop zip and see if I can still boot.
An other option for you might be to buy a Gear S, as far as I can see there is some development going on towards running (initially) android wear on it and further afterwards full android.
Click to expand...
Click to collapse
Hmm, you got a good point there. I also move data between one of the CM phones and the TF300TL tablet, but SEL is nonexistent in Android 4.2, so I guess you're right.
Gear S is way out of my reach - if I had that cash I'd buy a ZenWatch, a 360 or even an Omate TrueSmart without hesitation. But thanks for letting me know all this anyway - I choose not to look at GW and Android Wear at this moment.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
AndyYan said:
Hmm, you got a good point there. I also move data between one of the CM phones and the TF300TL tablet, but SEL is nonexistent in Android 4.2, so I guess you're right.
Gear S is way out of my reach - if I had that cash I'd buy a ZenWatch, a 360 or even an Omate TrueSmart without hesitation. But thanks for letting me know all this anyway - I choose not to look at GW and Android Wear at this moment.
Sent from Google Nexus 4 @ CM12.1
[WARNING: XDA Premium 4.0.13+ lacks Signature function - do not update]
Click to expand...
Click to collapse
You could instead look at a Gear Live then, it at least has a heart rate sensor and a way better screen for outdoors and at least in my country it is in the same price range as the G Watch (actually cheaper) but yes, I can't totally recommend android wear as it is right now, it's good enough (at least for me) but I can also see why a normal pure android watch could be way better yet I have faith that this will change.
Also I really can't recommend the Omate or any other MediaTek smart watch as 1st most of them have no resistance to water whatsoever, 2nd they have no support from and 3rd the firmware on them has so many security holes and other flaws it looks like a schweizer.
EDIT: I forgot to say that if you want full android you could search for a SmartQ Z-watch, as far as I know that is a pretty good one and also pretty cheap (on pandawill when it was on "last time sale" it was sold for 30$ and I am talking about the normal not the lite one, the lite one isn't worth it) but I don't think it will be updated anymore, yet android 4.4 is pretty good compared to other android smart watches.
Ranomez said:
You could instead look at a Gear Live then, it at least has a heart rate sensor and a way better screen for outdoors and at least in my country it is in the same price range as the G Watch (actually cheaper) but yes, I can't totally recommend android wear as it is right now, it's good enough (at least for me) but I can also see why a normal pure android watch could be way better yet I have faith that this will change.
Also I really can't recommend the Omate or any other MediaTek smart watch as 1st most of them have no resistance to water whatsoever, 2nd they have no support from and 3rd the firmware on them has so many security holes and other flaws it looks like a schweizer.
EDIT: I forgot to say that if you want full android you could search for a SmartQ Z-watch, as far as I know that is a pretty good one and also pretty cheap (on pandawill when it was on "last time sale" it was sold for 30$ and I am talking about the normal not the lite one, the lite one isn't worth it) but I don't think it will be updated anymore, yet android 4.4 is pretty good compared to other android smart watches.
Click to expand...
Click to collapse
Z Watch? No thanks, I've tried that *before* the Gear, and I sold it within a week and lost $15 in the process - crappy 1GHz MIPS which is not only slow but also lacks compatibility for almost everything I throw at it - not even a custom launcher or a weather app would work. Omate's MTK is indeed unfavorable, and that's why I haven't already got one. And there aren't many people who sell Gear Live here. Which leaves me zero feasible choice.
I guess I could call it an end to my hunt of smartwatches, until something like Neptune Pine (but thinner and lighter) shows up. Thanks for helping me analyze the situation all this time!
AndyYan said:
Z Watch? No thanks, I've tried that *before* the Gear, and I sold it within a week and lost $15 in the process - crappy 1GHz MIPS which is not only slow but also lacks compatibility for almost everything I throw at it - not even a custom launcher or a weather app would work. Omate's MTK is indeed unfavorable, and that's why I haven't already got one. And there aren't many people who sell Gear Live here. Which leaves me zero feasible choice.
I guess I could call it an end to my hunt of smartwatches, until something like Neptune Pine (but thinner and lighter) shows up. Thanks for helping me analyze the situation all this time!
Click to expand...
Click to collapse
Well the compatibility thing has changed as ingenic released a compatibility layer (something like libhoudini for intel CPU's) so as far as I can see from a friend's Z Watch it can run almost anything one would throw at it (ok, anything a bit rational, only apps that can actually be useful on a watch) but yes that CPU is not the fastest and the firmware is not really optimized enough so you would need a custom ROM and perhaps some RAM management script like L Speed to get it lag-free yet I can say my friend's z watch behaves pretty well on Dj Droid, it wasn't really lag-free the 2 weeks time we exchanged watches so I could test it but that's just cause I was using xposed and quite a few modules and also had about 100 apps installed, the lag wasn't really the problem for me, the annoying thing for me was the app load times, it would take me up to 1 minute to launch a 3d game.
This being said I would still recommend you to wait for something better, smartwatches right now are good but I see a lot more potential and I am sure in a few years we will see amazing ones, perhaps as good as our older phones in regards to app compatibility and flexibility, who knows, perhaps they'll even be as powerful as our current phones (as far as it goes phones in 1 year will probably be much powerful than our current phones so anything's possible).
EDIT: I also forgot to say that many apps have been adapted for MIPS since then so even without the compatibility layer there are enough apps working on the Z Watch.
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
Click to expand...
Click to collapse
Heres some useful info:
http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
That's some info, but not really anything useful. Does this mean Google has a patch, will they be pushing that our or will there be ways to patch custom ROMs sooner even? These are all unanswered, though would be nice to know...
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Click to expand...
Click to collapse
Here's further info. Google has apparently already sent the patches, 7 in all, to the various phone manufacturers.
Because of fragmentation, though, some of them may never send out these fixes. Since these have assumedly been committed to the source code online, they should theoretically be available for download at some point as well. However, you'd (likely) need to be rooted to apply them.
In the meantime, go into your SMS application (usually Hangouts these days) and turn off automatic MMS retrieval. Then, do not accept any photos or videos from anyone you don't know. I am not sure, but I worry it's also possible you might get it from someone do know who is already infected, so just operate with an abundance of caution overall, I guess. And keep an eye out for news here, because it will probably be one of the first places they become available.
mihai.apostu98 said:
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
Click to expand...
Click to collapse
People connect with Stagefright by sending you the malicious code contained within the MMS. Once that code gets (usually automatically) processed by the Stagefright service already locally present, it exploits security vulnerabilities to hand control of your device over to whomever is waiting on the other end. As for a media service being able to control the whole system, think of how Flash (a media service) and Microsoft had those zero-day UaE bugs that would allow someone to take over your PC. The logistics may be different, but the concept is the same.
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Hope that helps.
I gather that Google has a patch. Has it been pushed out to Nexus devices?
pomeroythomas said:
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Click to expand...
Click to collapse
Excellent idea, +thanks. Et voilà, what appears to b-e in my KitKat:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this can break all kinds of things if you don't know what you're doing. Use a build.prop editor from the Play Store.
I don't know that they all need to be false to plug this hole. But those are the relevant lines.*
UPDATE [10 Aug 2015]: This doesn't affect what the Zimperium scanner says is vulnerable, which may indicate the edit won't protect you. It's unclear at this point.... read the latest posts in this thread for possible info. You can turn off auto-retrieve in MMS, but SF exists at other levels of the operating system. I suppose it couldn't hurt to do the build.prop, but don't rely on it.
voxluna said:
Excellent idea, +thanks. Et voilà:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this will probably break all kinds of things, and I don't know that they all need to be false to plug this hole. But those are the relevant lines.
Click to expand...
Click to collapse
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
pomeroythomas said:
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
Click to expand...
Click to collapse
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now (I did, and this happened).
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
voxluna said:
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now.
Click to expand...
Click to collapse
The only reason I even know about Stagefright is because my very first, 550MHz, resistive touchscreen Kyocera Zio shipped with Stagefright disabled by default. Haha.
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
Click to expand...
Click to collapse
I would assume it's possible (this is just an arbitrary code execution issue, I think), but having had that vulnerability built into pretty much every ROM for the last 5 years could be a problem in that I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
I could be wrong, though; I'm basically guessing as I haven't looked into the malicious code.
Xposed Android will no doubt have either a module for this or existing bugfix modules will be updated to include this vulnerability in the coming days, and due to the nature of Xposed modules taking over services the ROM is trying to run without actually messing with your ROM, I'm sure it'll be a universal fix.
Personally, I just shut off the Stagefright service using my build.prop and am patiently awaiting someone more skilled than I to create a fix.
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
Here's hoping!
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
pomeroythomas said:
I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
Click to expand...
Click to collapse
Come to think of it, if this exploit allows any kind of root, I suppose it'd be possible for Services itself to use that hole, and therefore be able to patch StageFright. A weird workaround, but entirely possible. Something tells me they won't use it, though, as technically feasable as it may be. I'm really hoping for that Xposed fix, just like GravityBox can patch FakeID. Which, indeed, Services eventually mitigated (for the most part).
commits on android.googlesource.com
Has anyone tracked any commits in android.googlesource.com related to stagefright?
Is this really a viable fix for this? I copied it from another website
If you turn off the following settings in your messaging app/apps on your device:
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
iverson3-1 said:
Is this really a viable fix for this? I copied it from another website
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
Click to expand...
Click to collapse
That should be one way to disable the hack. It's unclear from what I've read if it only affects Hangouts, or all SMS clients. What I've done is disable any auto MMS retrieve in my own messaging app, which in my case is mySMS. I suppose it couldn't hurt to do it in Hangouts as well.
This should cover it, but I think you still run the risk of someone you know sending (probably without their knowledge) an infected video -- much like trojans that take over a PC, and use the internal contact list to send mail as though they were your friend, they could exploit your trust.
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess. I wish I knew more about app development, because I would write something that did all this stuff automagically.
voxluna said:
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess.
Click to expand...
Click to collapse
Aaaaaand that's what I just did. I'm in a boot loop after changing the build.prop file. This is going to be really fun with an encrypted data partition that holds the backup I just made.
Be warned.
UPDATE: I had to reflash the ROM, and the entire experience took about 2.5 hours because I couldn't get a KDZ to work. I decided that since it was going to be a full wipe, at least I would upgrade to Lollipop, but I'll have to set up the entire phone all over again. I suspect the problem was that I didn't pay attention to the permissions of that file when I edited and transferred it from another machine. Ugh. I just went back and put warnings on all my posts about the build.prop lines.... and it would be better to just wait for patches, IMO. This thread is progressing quickly now.
i tried tracking the fix on android source repo. but the only recent commit against libstagefright is on July 7th.
Fix global-buffer-overflow in voAWB_Copy.
Copy() in frameworks/av/media/libstagefright/codecs/amrwbenc/src/util.c always
overreads the buffer by 4 bytes to the right, which, if we are very unlucky,
can even hit an unmapped memory page (in this case it is just a global
variable).
Click to expand...
Click to collapse
Hi all,
in my case, as I plainly don't use the MMS feature, I simpl deleted the MMS apn. Is this a possible workaround for this problem (at least, until it gets fixed somehow)?
Hi everyone. CW Network recently released a new VOD app for Apple TV, Roku, and Xbox, and Fire TV... but not Android TV. Someone on Reddit was kind enough to rip the Fire TV apk and post it for people to try, but there are a couple of issues. One is the Amazon ownership check (which doesn't seem to allow it to run even if you have the CW app on Amazon's app store), and the other is a strange error message about network connectivity. Could anybody take a look at it and see if it can be hacked to work on the Shield?
Reddit thread:
https://www.reddit.com/r/AndroidTV/comments/556f46/heres_firetv_cw_app_shows_on_leanback_launcher/
APK download:
http://www.mediafire.com/file/gkokbqq27s4vaxv/The_CW_com.cw.tv.android_1.0.0_106.apk
..
The guy who ripped it says that the leanback intent was already in place.
..
JJ-KwiK said:
I'll pull out my old Fire TV stick from storage and pull the apk this evening.
Edit:
Decided to try right away. The CW app was added to my amazon account and installed on my Fire Stick directly from Amazon. It still gave the connection error. There must be an issue with the app if the app is still giving a connection error on a Android device it was designed to be used on. I'm assuming CW will released an update to fix the problem soon enough. When they do, I can remove the amazon checks.
Click to expand...
Click to collapse
Weird, it works perfect on my Fire TV and Stick downloaded directly from Amazon. It doesn't work on any Android TV device though. I don't know how to crack the app. Someone needs to crack the app and see if he can get it working.
..
Would you be able to remove the checks on the PlayStation Vue Firetv app as well? I would love to be able to use it on my Shield.
Its not letting me post the link since I am a newer member but please let me know if you can do it and I'll DM you a download link.
Thanks!
..
Thanks for putting all this effort in. I'm away from home (and my Shield) this week, but I will try it when I get back.
Finally had the opportunity to try it. It no longer throws the ownership error, but still throws the connection error.
..
Cool. I'll keep an eye out for that, and I'll reply if I find anything regarding a new APK. Thanks!
Watching this thread
Sent from my Nexus 7 using Tapatalk
Kovs said:
Watching this thread
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
Anything new happening on this front?
There are two network connections made at the initialization of the app. They are both going to Amazon WS. Both appear to have issues, probably because the User-Agent isn't a Fire TV UA, and the request that gets the license reports "android" from the Shield whereas the Fire version reports "amazonfire" on the posted data. Because of the differences, the license returns "invalid" on the JSON response.
If the responses that come back from the Fire stick were to come back to Shield, the app would function perfectly. I had changed the two URLs to my local webserver to return the good responses, and I could browse and watch episodes without issue. Beautiful picture.
With that, the app is very specifically blocking Android TV devices.
EDIT: Correction, the User-Agent is not used. It is just the "amazonfire", which is based on one piece of code. A small modification gets this working without needing to host the two response files.
Attached is an apk to try out.
** Edit: current version doesn't work anymore. Removing ***
That's awesome. I'll try this when I get home from work today. Would it be difficult to do this to the USA and Cartoon Network apps as well?
Seems to work awesome. I was able to watch an episode of the flash without issue
I took a look at USA Network and the Cartoon Network apps. The Amazon app for USA Network is a webapp, so it is unlikely to work without bigger modifications. Cartoon Network appears to have a few issues (title bar displays all the time, no leanback launcher banner icon, Amazon hooks). I'll take a look, but at least they have added casting support to the Cartoon Network Android app for now.
Thanks for posting The CW App, while the Content seems sparse, and not really my thing (DC Comic Universe), it does at least work, and thats something.
I recently upgraded to the S23 Ultra and discovered that there's no option to unlock the bootloader. The root functions I value most are:
A firewall that will block apps from phoning home and/or accessing the internet without using the Android vpn (not sure if I could do that even if rooted...I just want to block apps from phoning home and use a vpn at the same time))
A call recorder (currently using Cube ACR, which actually works pretty good)
A way to 'image' the entire phone (i.e., like TWRP back up/restore)
A way to uninstall the bloatware that doesn't have an uninstall function.
Barring some method that will unlock the bootloader on this phone, what are methods/apps that will help me get as close to a rooted state as possible?
Well your first point is solved with what I use for privacy and adblocking. NextDNS (free option or $12/yr) you get a private DNS server and you control what is blocked and what isn't with all the customization you want. As for call recording, I've used skvalex (free with paid pro option but pro only adds automatic backup) for years whether rooted or not and it always works just fine. Though I will admit when it's connected to my car with Bluetooth it only records my side but I rarely talk while in the car so not a deal breaker for me. Thirdly, you could use adb to make a backup (from what I've read) but I use shizuku to give swift backup more permissions and it backups everything for me.
Thanks for your comments, spart0n.
I looked over NextDNS. It seems to have a lot of features. I do use my vpn's DNS, but they're various US servers are slow, plus NextDNS seems to have more features.
One thing I'm not clear on is can it slectively block apps from connecting to the internet, both on mobile /and/or wifi connection, much like a firewall?
I also did a quick perusal of skvalex, but I'm not sure how it's different from Cube ACR? One concern with cube is security...are they doing nefarious things with my data.
Cube also won't record the other side of a conversation when I'm using a bluetooth device (earbuds, car).
Is skvalex ' more respecting of privcy? In what ways do you deem it superior to other options such as Cube?
I'll be looking into Shizku and Swift backup, but am I correct in that it seems to be more of a 'Titanium' type app than a complete phone backup?
I really appreciate the pointers.
Sam Sung said:
Thanks for your comments, spart0n.
I looked over NextDNS. It seems to have a lot of features. I do use my vpn's DNS, but they're various US servers are slow, plus NextDNS seems to have more features.
One thing I'm not clear on is can it slectively block apps from connecting to the internet, both on mobile /and/or wifi connection, much like a firewall?
I also did a quick perusal of skvalex, but I'm not sure how it's different from Cube ACR? One concern with cube is security...are they doing nefarious things with my data.
Cube also won't record the other side of a conversation when I'm using a bluetooth device (earbuds, car).
Is skvalex ' more respecting of privcy? In what ways do you deem it superior to other options such as Cube?
I'll be looking into Shizku and Swift backup. I really appreciate the pointers.
Click to expand...
Click to collapse
I've tried cube in the past and it had a lot of denied connections in the background but over the years skvalex has worked perfectly even if I completely block all internet connectivity even from the start of installation except for checking for pro version.
As for NextDNS it does work on wifi and cellular. Personally I pay for the pro and have it setup on my home router plus all my phones too
Try freezing the Apps you cannot uninstall - e.g. SuperFreezZ or SD Maid.
Have a look here for some other goodies that may be useful:
https://alternativeto.net/list/28655/the-ultimate-f-droid-setup/
elmor0 said:
Try freezing the Apps you cannot uninstall - e.g. SuperFreezZ or SD Maid.
Have a look here for some other goodies that may be useful:
https://alternativeto.net/list/28655/the-ultimate-f-droid-setup/
Click to expand...
Click to collapse
There's no such thing as not able to uninstall. With adb commands you can uninstall literally any app, even system apps.
spart0n said:
There's no such thing as not able to uninstall. With adb commands you can uninstall literally any app, even system apps.
Click to expand...
Click to collapse
My understanding is that the system apps don't get truly uninstalled but are effectively disabled (frozen)......?
spart0n said:
I've tried cube in the past and it had a lot of denied connections in the background but over the years skvalex has worked perfectly even if I completely block all internet connectivity even from the start of installation except for checking for pro version.
As for NextDNS it does work on wifi and cellular. Personally I pay for the pro and have it setup on my home router plus all my phones too
Click to expand...
Click to collapse
The problem I've seen with Cube is that it sometimes randomly ends a recording before the call is finished.
Your earlier comment about using ABD to backup the phone - I found this and several other similar articles/guides outlining the method I think you alluded to. Seems pretty straight-forward. I also turned up info on uninstalling. Thanks for that - ABD seems the way to go.
The link:
How To Create a Full Android Phone or Tablet Backup Without Rooting or Unlocking Your Device
Android includes a built-in way to back up and restore the contents of your phone or tablet. All you need is a computer and a device running Android 4.0 (Ice Cream Sandwich) or newer.
www.howtogeek.com
Adding this link:
How to uninstall carrier/OEM bloatware without root access
If you want to get rid of carrier/OEM apps from your phone, here's how you can uninstall bloatware from your device without root access!
www.xda-developers.com
elmor0 said:
My understanding is that the system apps don't get truly uninstalled but are effectively disabled (frozen)......?
Click to expand...
Click to collapse
They do get uninstalled, but they remain inside the recovery partition so that when you reset the device they get reinstalled. You can disable or uninstall from Android any system app, even breaking the system, but the app will not get deleted from recovery unless you flash twrp or another custom recovery which deletes the stock recovery
Sam Sung said:
The problem I've seen with Cube is that it sometimes randomly ends a recording before the call is finished.
Your earlier comment about using ABD to backup the phone - I found this and several other similar articles/guides outlining the method I think you alluded to. Seems pretty straight-forward. I also turned up info on uninstalling. Thanks for that - ABD seems the way to go.
The link:
How To Create a Full Android Phone or Tablet Backup Without Rooting or Unlocking Your Device
Android includes a built-in way to back up and restore the contents of your phone or tablet. All you need is a computer and a device running Android 4.0 (Ice Cream Sandwich) or newer.
www.howtogeek.com
Adding this link:
How to uninstall carrier/OEM bloatware without root access
If you want to get rid of carrier/OEM apps from your phone, here's how you can uninstall bloatware from your device without root access!
www.xda-developers.com
Click to expand...
Click to collapse
Those are okay but dated guides for bloatware removal. There's 2 easy ways right now. One open source and not as feature rich and then there's a free/pro app that has more features.
Open source is universal android debloater gui (unless you want command line) from GitHub really easy to find with Google.
Or adb app control from cybercat. He's very active in his telegram support group and helpful
spart0n said:
Those are okay but dated guides for bloatware removal. There's 2 easy ways right now. One open source and not as feature rich and then there's a free/pro app that has more features.
Open source is universal android debloater gui (unless you want command line) from GitHub really easy to find with Google.
Or adb app control from cybercat. He's very active in his telegram support group and helpful
Click to expand...
Click to collapse
So they are. Not stuck on terminal. I've found and bookmarked AppControl download page.
Looking again, the ADB guide I linked to is aged too...is that still the best method? A Windows GUI would be nice for that too. Is there a reliable app or is ADB still my best bet?
Sam Sung said:
So they are. Not stuck on terminal. I've found and bookmarked AppControl download page.
Looking again, the ADB guide I linked to is aged too...is that still the best method? A Windows GUI would be nice for that too. Is there a reliable app or is ADB still my best bet?
Click to expand...
Click to collapse
Yeah there's a gui for adb, it's called universal android debloater from GitHub and in the release section they have a gui version
GitHub - 0x192/universal-android-debloater: Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device. - GitHub - 0x192/universal-android-debloater:...
github.com
spart0n said:
Yeah there's a gui for adb, it's called universal android debloater from GitHub and in the release section they have a gui version
GitHub - 0x192/universal-android-debloater: Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device. - GitHub - 0x192/universal-android-debloater:...
github.com
Click to expand...
Click to collapse
Rereading, I can see I wasn't clear at all. I should have specified 'for backup'. I'm doing a bit of searching for something now and this week. I doubt I can image the entire phone, but I'm hoping to find as complete and 'nandroid-like' backup solution as I can. If you know of anything, I'd appreciate it. Or maybe my best bet actually is ABD and commandline.
Sam Sung said:
Rereading, I can see I wasn't clear at all. I should have specified 'for backup'. I'm doing a bit of searching for something now and this week. I doubt I can image the entire phone, but I'm hoping to find as complete and 'nandroid-like' backup solution as I can. If you know of anything, I'd appreciate it. Or maybe my best bet actually is ABD and commandline.
Click to expand...
Click to collapse
Honestly I don't know any good ones, I use swift backup with shizuku. That's all I really know of. It works like titanium backup did but without root, even with shizuku, is somewhat limited.
adb pull /sdcard will get your files
Sometimes adb pull will fail on a specific file or folder and just puke on itself and refuse to continue. If that happens, you just have to delete the file/folder and try again. I've only had this happen once though.
Swift Backup with shizuku will back up apps and their downloaded data but not user data. Pair it with Google Backup and Google will restore *some* app data... Realistically though, you'll be losing some or a lot of app data, depending on app policies.
Thanks for your responses. Regrettably, there's no option in Dev options to unlock the boot-loader., so I'm stuck with whatever is available. Now I know. I should have either switched carriers or bought an unlocked phone, which I think comes with its own caveats.
User data, photos and such isn't too much of an issue here. My client data from apps is backed up to PC regularly, as are any photos I want to keep etc.
I like Nandroid backups because they backup everything including texts, call logs and OS (nice in case something happens and the OS bites the dust or gets crippled).
The real issue is my texts and call logs, moreso the texts..
How reliable is Swift (which is looking more and more attractive) compared to ABD, and can ABD back up more?
Also, side note, but my late wife's phone is an S7. I lost a previous phone and ergo my texts, so the texts on her phone are all I have of our texts over the years.
I was thinking I'd use Smart Switch or something to transfer the texts from her phone over to the S10 I just upgraded from. Is that practical?
I appreciate your remarks. Thanks!
Sam Sung said:
Thanks for your responses. Regrettably, there's no option in Dev options to unlock the boot-loader., so I'm stuck with whatever is available. Now I know. I should have either switched carriers or bought an unlocked phone, which I think comes with its own caveats.
User data, photos and such isn't too much of an issue here. My client data from apps is backed up to PC regularly, as are any photos I want to keep etc.
I like Nandroid backups because they backup everything including texts, call logs and OS (nice in case something happens and the OS bites the dust or gets crippled).
The real issue is my texts and call logs, moreso the texts..
How reliable is Swift (which is looking more and more attractive) compared to ABD, and can ABD back up more?
Also, side note, but my late wife's phone is an S7. I lost a previous phone and ergo my texts, so the texts on her phone are all I have of our texts over the years.
I was thinking I'd use Smart Switch or something to transfer the texts from her phone over to the S10 I just upgraded from. Is that practical?
I appreciate your remarks. Thanks!
Click to expand...
Click to collapse
As for bootloader unlocking anything Samsung, you can't buy the north America models, any other country model will have the option for unlocking. As for swift vs adb without root? Swift does call logs and text backups locally on the device and on several cloud services of your choice if you wish.
spart0n said:
As for bootloader unlocking anything Samsung, you can't buy the north America models, any other country model will have the option for unlocking. As for swift vs adb without root? Swift does call logs and text backups locally on the device and on several cloud services of your choice if you wish.
Click to expand...
Click to collapse
Thanks, sprt0n. I'll give Swift a try, along with Shizuku. Regarding the old S7 texts...do you recommend Swift there as well? WIll there be an issue transfering texts between the s7 and s10 given their age? S10 is Android 12, S7 is Android 8.
Sam Sung said:
Thanks, sprt0n. I'll give Swift a try, along with Shizuku. Regarding the old S7 texts...do you recommend Swift there as well? WIll there be an issue transfering texts between the s7 and s10 given their age? S10 is Android 12, S7 is Android 8.
Click to expand...
Click to collapse
You can try it says on the Google Play store listing page that supports Android 6 and up so it should work
I'll do that, Thx.
Y'all have given me direction regarding uninstalling apps and back up, and even firewalling, if NextDNS allows.
I may be back for future questions after I research this stuff. I appreciate all your comments, particularly spart0n.