All About Android 37

From The Official TWiT Wiki
Jump to: navigation, search
All About Android
Episode 37

Contents

All About Android 37: Rounding Error

Guests

News

Carrier IQ is a third-party metric system. It allows carriers and manufacturers to know how your phone is being used. Android developer Trevor Eckhart detailed the many things the software does in a comprehensive video, including logging and purportedly transmitting data around your calls, location, keystrokes... in theory, much of your sensitive data, of which Carrier IQ has denied any wrongdoing.
Carrier IQ is not only found on many Android devices but also Blackberry and iOS before iOS5 among others. However, Eckhart's discovery was found using an Android device.
  • Nexus owners, rejoice! Google Nexus One, Nexus S and Galaxy Nexus are all free of Carrier IQ software. Dan Rosenberg analyzed CarrierIQ's operation on the Samsung Epic 4G Touch to see exactly what Carrier IQ records.
1. CarrierIQ cannot record SMS text bodies, web page contents, or email content. There is simply no metric that contains this information.
2. CarrierIQ (on this particular phone) can record which dialer buttons are pressed, something cell carriers have anyways when you place a call.
3. CarrierIQ (on this particular phone) cannot record any other keystrokes besides those on the dialer.
4. CarrierIQ can report GPS location data in some situations.
5. CarrierIQ can record the URLs that are being visited (including for HTTPS resources), but not the contents of those pages or other HTTP data.
NC State university researchers Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang published a paper finding Android smartphones from Motorola, HTC, and Samsung don't properly protect privileged permissions from untrusted applications.
HTC Legend, EVO 4G, and Wildfire S; the Motorola Droid and Droid X; the Samsung Epic 4G; and the Google Nexus One and Nexus S.
Google and Motorola have confirmed vulnerabilities, HTC and Samsung "having trouble" accepting the reporting
Allow applications to exploit a public interface or service of another app without making a permission request
Also allows other applications to get permissions from another app signed with the same digital certificate
"An untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations—all without asking for any permission."

Email

I was at Best Buy over the weekend and looked for a simple docking station so I can play music from my Android. There must have been at least 15 different kinds made for the iPhone and a measly one for the Android. What’s the deal here? I thought there were thousands and thousands of Android phones being activated a day. If so why aren’t more companies making accessories for them? Of course it’s much easier and cost efficient making a accessories for a device that only comes in one shape and size. But I wouldn’t think this would be such a factor for something like a docking station where it doesn’t have to be an exact fit. Any insight would be appreciated.

I attached a couple of pictures I took at Best Buy.

Thanks,

Brad Buntin

Hardware

Motorola Droid Razr/WIMM One previe - plasticky not cheap, grippy not rubbery

Email

I just got my Samsung Galaxy Player 4 and was wondering if there's an SMS app I can use on it? I'd love to text my family and friends that have SMS on their phones, but I can't seem to find a decent app for my wifi-only device. Any ideas?

Thanks!

b

Apps

Email

Charles shows us how he improved his Nook Tablet

Android Arena!

Outro Video

Sponsors

Production Information

  • Edited by: Jason
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.
Personal tools