android

362 Articles

Privacy Report: What Android Does In The Background

November 18, 2021 by 76 Comments

We’ve come a long way from the Internet of the 90s and early 00s. Not just in terms of technology, capabilities, and culture, but in the attitude most of us take when accessing the ‘net. In those early days most users had a militant drive to keep any personal or identifying information to themselves beyond the occasional (and often completely fictional) a/s/l, and before eBay and Amazon normalized online shopping it was unheard of to even type in a credit card number. On today’s internet we do all of these things with reckless abandon, and to make matters worse most of us carry around a device which not only holds all of our personal information but also reports everything about us, from our browsing habits to our locations, back to databases to be stored indefinitely.

It was always known that both popular mobile operating systems for these devices, iOS and Android, “phone home” or report data about us back to various servers. But just how much the operating systems themselves did was largely a matter of speculation, especially for Apple devices which are doing things that only Apple can really know for sure. While Apple keeps their mysteries to themselves and thus can’t be fully trusted, Android is much more open which paradoxically makes it easier for companies (and malicious users) to spy on users but also makes it easier for those users to secure their privacy on their own. Thanks to this recent privacy report on several different flavors of Android (PDF warning) we know a little bit more on specifically what the system apps are doing, what information they’re gathering and where they’re sending it, and exactly which versions of Android are best for those of us who take privacy seriously.

Continue reading “Privacy Report: What Android Does In The Background”

Streetfighter 2 placed on table top display with separate arcade control box

Game Like It’s 2021 On A McDonald’s Touchscreen Table

September 8, 2021 by 6 Comments

Some of you around the world may have come across these Android-based gaming tables installed in your local fast-food outlet, and may even have been lucky enough to paw at one that was actually working at the time.

Originally based on an ancient mini PC, with a 1080p flat panel LCD and a touch overlay, they would have been mind-blowing for small children back in the day, but nowadays we expect somewhat more. YouTuber [BigRig Creates] got his hands on one, in a less than pleasant condition, but after a lot of soap and water, it was stripped down and the original controller junked in favour of a modern mini PC. To be clear, there isn’t much left beyond the casing and display from the original hardware, but we don’t care, as a lot of attention was paid to the software side of things to get it to triple-booting into Windows 10, Android x86 and Linux running emulation station, covering all those table-gaming urges you may have.

Internally, there is a fair amount of room for improvement on the wiring side of things, and [BigRig] is quick to admit that, but that’s what this learning game is all about. Now, many of you will choke on the very idea of playing games on a table system like this, after all, it’s pretty obvious this will be really hard on the back and neck. But, it does offer the easy option to switch from landscape to portrait orientation, simply by walking around the side, so it does have an upside. Also you’ve got a handy place to dump your beer and the takeaway when it arrives, so maybe not such a bad thing to have in your apartment? And, yes, it does run Doom.

We were particularly amused by the custom boot logo as well as the slick custom art in emulation station. It’s attention to detail like this that makes a build a great one and a conversation piece at parties. Now if only he could sort out that wiring job.

Continue reading “Game Like It’s 2021 On A McDonald’s Touchscreen Table”

Pulling the Google logo off of a smartphone

Pining For A De-Googled Smartphone

September 2, 2021 by 89 Comments

Last summer in the first swings of the global pandemic, sitting at home finally able to tackle some of my electronics projects now that I wasn’t wasting three hours a day commuting to a cubicle farm, I found myself ordering a new smartphone. Not the latest Samsung or Apple offering with their boring, predictable UIs, though. This was the Linux-only PinePhone, which lacks the standard Android interface plastered over an otherwise deeply hidden Linux kernel.

As a bit of a digital privacy nut, the lack of Google software on this phone seemed intriguing as well, and although there were plenty of warnings that this was a phone still in its development stages it seemed like I might be able to overcome any obstacles and actually use the device for daily use. What followed, though, was a challenging year of poking, prodding, and tinkering before it got to the point where it can finally replace an average Android smartphone and its Google-based spyware with something that suits my privacy-centered requirements, even if I do admittedly have to sacrifice some functionality.

Continue reading “Pining For A De-Googled Smartphone”

This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New

June 18, 2021 by 8 Comments

First off, Apple has issued an update for some very old devices. Well, vintage 2013, but that’s a long time in cell-phone years. Fixed are a trio of vulnerabilities, two of which are reported to be exploited in the wild. CVE-2021-30761 and CVE-2021-30762 are both flaws in Webkit, allowing for arbitrary code execution upon visiting a malicious website.

The third bug fixed is a very interesting one, CVE-2021-30737, memory corruption in the ASN.1 decoder. ASN.1 is a serialization format, used in a bunch of different crypto and telecom protocols, like the PKCS key exchange protocols. This bug was reported by [xerub], who showed off an attack against locked iPhone immediately after boot. Need to break into an old iPhone? Looks like there’s an exploit for that now. Continue reading “This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New”

Make Android’s New Power Menu Work On Your Terms

May 14, 2021 by 7 Comments

Introduced in Android 11, the power menu is a way to quickly interact with smart home gadgets without having to open their corresponding applications. Just hold the power button for a beat, and you’ll be presented with an array of interactive tiles for all the gadgets you own. Well that’s the idea, anyway.

[Mat] of “NotEnoughTech” wasn’t exactly thrilled with how this system worked out of the box, so he decided to figure out how he could create his own power menu tiles. His method naturally requires quite a bit more manual work than Google’s automatic solution, but it also offers some compelling advantages. For one thing, you can make tiles for your own DIY devices that wouldn’t be supported otherwise. It also allows you to sidestep the cloud infrastructure normally required by commercial home automation products. After all, does some server halfway across the planet really need to be consulted every time you want to turn on the kitchen light?

Adding tiles in Tasker.

The first piece of the puzzle is Tasker, a popular automation framework for Android. It allows you to create custom tiles that will show up on Android’s power menu, complete with their own icons and brief descriptions. If you just wanted to perform tasks on the local device itself, this would be the end of the story. But assuming that you want to control devices on your network, Tasker can be configured to fire off a command to a Node-RED instance when you interact with the tiles.

In his post, [Mat] gives a few examples of how this combination can be used to control smart devices and retrieve sensor data, but the exact implementation will depend on what you’re trying to do. If you need a bit of help getting started, our own [Mike Szczys] put together a Node-RED primer last year that can help you put this flow-based visual programming tool to work for you.

Continue reading “Make Android’s New Power Menu Work On Your Terms”

Finally An Inexpensive Route To Digital Radio Listening

May 8, 2021 by 30 Comments

An inexorable trend over the last decade or more has been the exodus of AM radio stations from the low frequency and HF broadcast bands. The bandwidth and thus audio quality at these frequencies puts them at a disadvantage against FM and internet streamed services, and the long-distance advantage of HF has been reduced by easy online access to overseas content. The world has largely moved on from these early-20th-century technologies, leaving them ever more a niche service.

Happily for medium- and long-wave enthusiasts there is a solution to their decline, in the form of DRM, or Digital Radio Mondiale, a digital scheme that delivers cleaner audio and a range of other services in the same space as a standard-sized AM channel. DRM receivers are somewhat rare and usually not cheap though, so news of an Android app DRM receiver from Starwaves is very interesting indeed.

DRM uses a licensed encoding scheme from the Fraunhofer Institute, and this product follows on from a line of hardware DRM receivers that Starwave have developed using their technology. It uses the Android device as a front-end for any of a number of SDR receivers, including the popular RTL-SDR series. It supports the VHF variant of DRM, though we’re guessing that since the best chance of finding a DRM channel for experimentation is on HF that an RTL-SDR with the HF modification will be required. We think it’s an interesting development because the growth of DRM is a chicken-and-egg situation where there must be enough receivers in the wild for broadcasters to consider it viable.

This Week In Security: BYOVD, Spectre Vx, More Octal Headaches, And ExifTool

May 7, 2021 by 16 Comments

I learned a new acronym while reading about a set of flaws in the Dell BIOS update system. Because Dell has patched their driver, but hasn’t yet revoked the signing keys from the previous driver version, it is open to a BYOVD attack.

BYOVD, Bring Your Own Vulnerable Driver, is an interesting approach to Windows privilege escalation. 64-bit versions of Windows have a security feature that blocks unsigned kernel drivers from the kernel. The exploit is to load an older, known-vulnerable driver that still has valid signatures into the kernel, and use the old vulnerabilities to exploit the system. The caveat is that even when a driver is signed, it still takes an admin account to load a driver. So what use is the BYOVD attack, when it takes administrative access to pull off?

SentinelLabs is witholding their proof-of-concept, but we can speculate. The particular vulnerable driver module lives in the filesystem at C:\Windows\Temp, a location that is writable by any process. The likely attack is to overwrite the driver on the filesystem, then trigger a reboot to load the older vulnerable version. If you’re still running Windows on your Dell machines, then make sure to go tend to this issue. Continue reading “This Week In Security: BYOVD, Spectre Vx, More Octal Headaches, And ExifTool”