Does your DEVICE REALLY SHUTDOWN, ROOTING SIDE-Effects ! - Android Q&A, Help & Troubleshooting

Rooted your device, but it may have side effects !​Does your phone really shutsdown !​Next time you turn off your Android phone, you might want take the battery out just to be certain.
Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.
When someone presses the power button on a device, a fake dialog box is shown. The malware then mimics the shutdown animation and appears to be off, AVG’s mobile malware research team said in a blog​The malware requires an Android device to be “rooted,” or modified to allow deep access to its software. That may eliminate a lot of Android owners who don’t modify their phones.
But some vendors of Android phones ship their devices with that level of access, potentially making it easier for the malware to get onto a device.​SO be careful about the rooting !​

Related

hi

hey i'm new just curious what rooting means? and what it lets you do?
xstreetz said:
hey i'm new just curious what rooting means? and what it lets you do?
Click to expand...
Click to collapse
Google is your friend. But, can can start here.
Root Android the Easy Way
Add advanced features, customize the interface, and boost your handset's performance by rooting your Android phone.
By Robert Strohmeyer
Sep 14, 2010 5:00 PM
Google's Android operating system is riding a wave of popularity that has rapidly eclipsed Apple's iOS, and by the end of 2010 it's expected to overtake RIM's BlackBerry as America's leading smartphone platform. However, despite the relative openness and flexibility of the OS, your Android phone still isn't as powerful and customizable as it could be. To unlock all of your phone's potential, you'll need to root it.
WARNING: Rooting--adding superuser capabilities to your phone by altering its system permissions--is an advanced technique that the inexperienced or faint of heart should NEVER ATTEMPT. It's hacking, folks, and if done improperly it can destroy your phone. Do not follow any of the instructions in this guide or on any of the linked sites unless you are comfortable with the very real risk of turning your phone into an expensive brick. As of this writing, rooting is not supported by any carrier or manufacturer, and will most likely void your phone's warranty. In short: This stuff is for big kids only. No whining if things don't go your way.
Why Root?
With that very real and important caveat out of the way, there are a few really good reasons to root your Android phone. The simplest reason is that rooting your handset allows for some cool features that probably ought to be enabled in Android by default, such as on-the-fly screen capture, tethering capabilities (even on phones whose carriers don't allow it), and advanced firewall apps.
Android Superuser Request
Rooting Android gives you superuser access to your phone's OS, letting you do more than you'd be able to with a stock Android installation.
Rooting also lets you install custom ROMs that eliminate the annoying crapware many manufacturers and carriers include by default. In addition, custom ROMs can give you the latest version of Android weeks--or even months--ahead of the carriers' sluggish update schedules.
Rooted phones can take advantage of some great performance tweaks--such as CPU overclocking and improved cache management--that can dramatically speed up Android. You can take advantage of these options either by installing a ROM that includes them or by downloading apps from the Android Market that will automatically tweak settings on your rooted phone for you.
It would be a stretch to say that rooting Android is a necessary project for most users. In fact, most people should never even try it on their phones, just as most PC users probably shouldn't attempt to overclock their processors. But if you're an advanced user (or an intermediate user with a taste for adventure) and you know the risks, rooting can help you get a lot more fun and function out of your Android device.
Get Root
Until fairly recently, rooting Android was a messy process that required installing the Android Debug Bridge and hacking the phone from a command line. Fortunately, some industrious hackers have produced a few simple apps that can root your device in seconds with the tap of a finger. In this tutorial, I'll discuss two such apps--Easy Root (for the Motorola Droid, Droid X, and Milestone, and the HTC/Google Nexus One) and Unrevoked (which supports a variety of HTC handsets).
It's important to note here that although these one-click root apps are easy to use, they aren't completely trouble-free. For instance, as of this writing the developer of Unrevoked 3 is reviewing it to solve a problem with the HTC EVO 4G (but Unrevoked 2 is still available). And the latest version of Android, 2.2 (aka Froyo), will present new challenges for root users as carriers and phone manufacturers continue to try to block users from hacking their handsets. These obstacles are a basic reality for anyone attempting to root their device, just as Apple iPhone users must constantly adapt to Apple's efforts to block people from jailbreaking the iPhone.
Even though Easy Root and Unrevoked don't work on all Android phones, they do cover a broad swath of the Android universe. If you're interested in rooting a Samsung Galaxy or another device, however, you still have options--they're just not as easy. Because the state of Android hacking is constantly in flux, your best bet for phones not covered in this tutorial is to google "root" and the name of your phone, or to keep an eye on the discussions about your phone on a good Android forum, such as AllDroid.org.
Step 1: Download a Rooting App
To get started rooting your phone, you need the appropriate app for your device. If you're using a Droid, Droid X, Milestone, or Nexus One, you'll want Easy Root. HTC users with an Aria, Desire, Droid Incredible, EVO 4G, Hero, or Wildfire/Buzz will want to use Unrevoked. With either of these apps, your first step is to download the app directly from the developer's Website and put it in the root folder of your phone's SD Card.
Easy Root downloads as an APK file that's ready to run from the phone, so you could just download it straight onto the device and tap it in your file manager app to run it.
Unrevoked downloads as a zipped file with several files inside it. If you have an unzip utility on your phone, you can download and unzip it directly on your device. Otherwise, you'll need to unzip it on a PC and copy the appropriate file to the phone. Because Unrevoked comes in a few phone-specific files, it's generally best just to copy the correct file from your PC in the first place. The documentation on the Unrevoked site clearly explains which file to use for your particular phone.
Step 2: Install the App
Once you've placed the APK file for your rooting app onto your phone's SD Card, locate it with a file-management app such as Astro File Manager and tap it to start the installation. Follow the prompts to allow the installation. Once this finishes, the rooting app will appear in the phone's App Drawer. Launch it.
Step 3: Root It
Easy Root for Android
Easy Root's interface is as simple as it gets. Tap 'ROOT ME!' to root your phone.
This is the moment of truth. With your newly installed rooting app launched, tap the option to root the phone. (You may first have to tap past a warning or disclaimer screen.) Once you tap the button to root your phone, the app will spend a few seconds running a script that alters the system's user permissions to allow superuser access and install a customized recovery image on your phone's System partition. It will then present you with a screen that says you have root.
In some instances, running Easy Root or Unrevoked on a supported device and following all the instructions exactly can still result in an unrooted phone. If this happens to you, don't lose heart. The developers of these apps are highly responsive to user questions and feedback, and if you take care to document everything you did and all of the relevant settings on your device, you stand a good chance of getting the help you need to root your handset. Or, at the very least, you could provide valuable information that the developer can use to update the app and make it work on phones like yours. Just remember: Rooting is a precarious business for everyone involved, and these developers have put a lot of work into their projects with very little promise of reward. So be nice, even if you're frustrated.
Step 4: Reboot
Restart your phone to enable the new root permissions on your device. Congratulations--your handset should now be rooted.
Now What?
Gaining superuser access to your phone is just the first step in a vast new territory of Android exploration. Depending on which rooting app you're using, you may already be enjoying the performance and usability benefits of a host of enhancements included in your root recovery image. But there's plenty more to explore.
Barnacle Wi-Fi Tether
Barnacle makes it one-tap easy to add Wi-Fi tethering to your phone, even if your carrier doesn't support the feature.
If your phone doesn't support Wi-Fi tethering out of the box, you can now add it to your rooted phone. Barnacle is a good, fairly simple app that exploits root for tethering with or without your carrier's support.
Root users also have the option to overclock the phone's CPU to give it a serious performance boost. For this task, it's hard to beat SetCPU, which offers a friendly slider-bar interface for setting your phone's clock speed. But be careful: Setting your clock speed too high can damage your phone permanently.
ROM Manager
ROM Manager includes a variety of features that make replacing your phone's stock OS easy.
The ultimate Android hack is to replace your phone's default operating system with a custom ROM. You have many to choose from, and each has its own pros and cons. Some ROMs are designed for specific phone models, and not all Android phones support the installation of a custom ROM. As of this writing, the Droid X is particularly problematic in this regard, while handsets such as the Nexus One and Droid Incredible support a wide variety of ROMs. The best way to find, install, and manage ROMs is to run ROM Manager, which is available for free from the Android Market. ROM Manager Premium even offers a large list of available ROMs that you can download straight from the app itself.
Have Fun
By now you should have a pretty good handle on working with a rooted Android device. I've attempted to cover all the basics in this guide, but there's no shortage of additional tips, tricks, and advice that can help you improve how Android functions. If you have some tips of your own to share, please chime in with a comment. And if you think my attempt to simplify the process has resulted in a significant error or omission, please let me know by e-mailing [email protected].
Click to expand...
Click to collapse
thanks will do some reading

There's a Zombie-like Security Flaw in Almost Every Android Phone

Nice article to read.. Just thought I would share.. MODS PLEASE DELETE IN CASE THIS IS A DUPLICATE.
http://news.yahoo.com/theres-zombie-...013019842.html
There's a Zombie-like Security Flaw in Almost Every Android Phone
LikeDislike
Abby Ohlheiser 56 minutes ago
Technology & Electronics
.
View gallery
There's a Zombie-like Security Flaw in Almost Every Android Phone
Almost every Android phone has a big, gaping security weakness, according to the security startup who discovered the vulnerability. Essentially, according to BlueBox, almost every Android phone made in the past four years (or, since Android "Donut," version 1.6) is just a few steps away from becoming a virtual George Romero film, thanks to a weakness that can "turn any legitimate application into a malicious Trojan."
While news of a security vulnerability in Android might not exactly be surprising to users, the scope of the vulnerability does give one pause: "99 percent" of Android mobiles, or just under 900 million phones, are potentially vulnerable, according to the company. All hackers have to do to get in is modify an existing, legitimate app, which they're apparently able to do without breaking the application's security signature. Then, distribute the app and convince users to install it.
Google, who hasn't commented on the vulnerability yet, has known about the weakness since February, and they've already patched the Samsung Galaxy S4, according to CIO. And they've also made it impossible for the malicious apps to to install through Google Play. But the evil apps could still get onto a device via email, a third-party store, or basically any website. Here's the worst-case scenario for exploitation of the vulnerability, or what could potentially happen to an infected phone accessed via an application developed by a device manufacturer, which generally come with elevated access, according to BlueBox:
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The company recommends users of basically every Android phone double check the source of any apps they install, keep their devices updated, and take their own precautions to protect their data. But as TechCrunch notes, Android users really should be doing this anyway, as the devices tend to come with a " general low-level risk" from malware. That risk, however, is elevated for users who venture outside of the Google Play store for their apps.
So while the actual impact of the vulnerability is not known, neither is the timeline for fixing it. Manufacturers will have to release their own patches for the problem in order to fix it, something that happens notoriously slowly among Android devices.
Mr_Jay_jay said:
/snip
Click to expand...
Click to collapse
As always, this really boils down to the same thing: don't be a fool in the most non-pejorative way possible. With the exception of the Syrian Electronic Army fiasco awhile back, secured and verified app vendors like Google Play (or Apple's App Store) continue to provide all the services most users will need without exposing the end-user to this kind of vulnerability. If you don't expose yourself, you're not at risk.
That said, this all relies on the notion of the end-user being at least somewhat vigilant, which can be quite dangerous.
Rirere said:
As always, this really boils down to the same thing: don't be a fool in the most non-pejorative way possible. With the exception of the Syrian Electronic Army fiasco awhile back, secured and verified app vendors like Google Play (or Apple's App Store) continue to provide all the services most users will need without exposing the end-user to this kind of vulnerability. If you don't expose yourself, you're not at risk.
That said, this all relies on the notion of the end-user being at least somewhat vigilant, which can be quite dangerous.
Click to expand...
Click to collapse
Not every Android device has access to Play Store though, by-default. I have a tablet now that doesn't have access. If a normal user had such a device, they wouldn't likely go through the process needed to get Play Store, and would just deal with whatever marketplace app existed.
This exploit will likely only ever affect users that by default use devices that do not have Google support. Many of these are distributed among 3rd world nations and are typically a hot bed of illicit activities anyways. Of the first worlders that would be affected, it would be those using black market apps without knowing the risks involved in doing so. Most black market users are knowledgeable enough to know to check their sources and compare file sizes before installing apk's.
Also the notion that 99% of devices being affected has nothing with the OS being flawed (Google reportedly fixed the flaw in March), but rather the OEMs being slow in pushing out (or not pushing out at all) the patched hole.
Also I would be weary of a security outfit that has been around since 'mid-2012' and continues to pride themselves as a start-up mobile security firm.
espionage724 said:
Not every Android device has access to Play Store though, by-default. I have a tablet now that doesn't have access. If a normal user had such a device, they wouldn't likely go through the process needed to get Play Store, and would just deal with whatever marketplace app existed.
Click to expand...
Click to collapse
Granted, but the Play Store reduces the attack surface by a considerable margin. Right now, I consider non-Google blessed Android to be something akin to stock Windows 7 with Defender and Firewall turned off-- you can do just about anything with it, but you're running at a risk by not deploying some vendor-based add-ons (in this case, choosing to use the unit available).
I do understand that many devices sell outside of the Google world, before anyone jumps on me, but it doesn't change how the vulnerabilities play out.
This boils down to:
If users install a virus then they get a virus!!! This affects all Android phones!!!!!!!! Oh Nos!
Sucks that this is being patched. Guess there will be no more modding games for me.

Need undeletable tracking/ management app

I often give out loaner phones and recently have had a wave of theft and damage to my devices. I need a way to make for say a limited profile on devices that will not allow borrowers to delete my tracking apps and preferably a way to remote wake device... I have multiple devices so this is not specific to just one device. Been thinking maybe tasked would help me achieve this?
There is nothing you can do with the state of Android. A simple factory rest or flash will remove anything you may do

About Chrome OS security

Hello everyone.
It seems Chromebooks cannot setup a power-on password, like normal BIOS/UEFI do. So how can users prevent a hacker with physical access tempering with the system?
Let’s assume he don’t disassemble the computer, but there’s still many ways, right?
For example, he can boot via USB and change the unencrypted part(will it always triggering boot verify?)
Or, he can switch to developer mode and login as root or other hidden users. (Or does the system prevent those action without first login a normal user?)
And are there even more security holes one should pay attention to?
Thank you guys.

Note 20 981U Apps Signed with Code Signing Certifica

This is pertaining to a serious ongoing security issue. Yesterday, while performing my Daily Hard Factory Reset on my Windows 10 Laptop due to continuous unauthorized modifications to PC,including Driver changes, warnings of 3rd party traffic monitoring, frequent service failure,, visual changes to applications GUI without Authorized warning or consent to upgrade said program,applications,services, etc.. More detailed information available in needed. I used a PC for explanation because my Note 20 and several past Android devices mirror above issues. My question is finally: Can a legitimately acquired Development Code Signing Certificate (SSL,Digicert etc) be used in a malicious way to trick OS, Device, End User and Security Software into allowing very dangerous changes? These ATTACKS seem to allow System Compromise to basically be totally Invisible to device and user owner. I believe this tactic if in anyway plausible is being used to cause devastating damage financially, emotionally and all the above. I need to prevent and deture future issues.
Is there a reason you posted this general question in samsubg n20 development thread? also, title is misleading as it looks like u are offering or educating how to sign apps with a signing ceetificate but ur post is more so asking if hacking is possible on android which of course there is, its an electronic device that connects to the internet, there will always be crazy ppl out there exploiting stuff

Categories

Resources