Friends is this true?
The vulnerability:
Android [1] supports TEL protocol [2] to call the desired phone number from the
browser. Invoking TEL:123 intent via any Android app (which has a permission to
make a call) can put a number 123 on the dialer to call.
For example: Call us to contact . After clicking the above link,
Android applications/browsers pre-enter digits 19050000 on to the dial screen without auto-dialing.
I discovered a vulnerability that can allow an attacker to execute USSD codes automatically without any user permission/interaction.
This happens due to:
Android dialer fails to differentiate between a phone number and USSD code.
The second reason was that few important USSD codes can be executed without need of pressing a 'dial' (green) button.
And I guess Android developers might be unaware of this fact.
Affected Android versions:
Android Version: 2.3.x (potentially earlier versions before 2.3.x too), 3.x (Honeycomb), 4.0.x Ice Cream Sandwitch, 4.1.x Jelly Bean
Affected Devices:
All android devices running above versions are affected. Following are the devices I tested in June.
Manufactures: Samsung, HTC, Motorola, Sony Ericsson (Possible others too)
Key Devices: Samsung Galaxy SIII, SII, S Advance, Ace and possibly more,
HTC One Series, Sensation, Sensation XL and other HTCs,
Motorola Droids, Sony Ericsson Xperia series
Click to expand...
Click to collapse
Yes it is.But its only possible in stock android dialer.So you can easily fix it by installing a third party dialer fro market and make it the default dialer
Sent from my GT-N7000 using xda app-developers app
but I guess it's now fixed the 404 version of android thru an update patch
Sent from my GT-N7000 using xda premium
There is an app to protect your phone. It's called G Data USSD Filter, it is available on google play and it's free.
Sent from my Galaxy Note running ICS
I think the bug is present in only fw older than 3 months old....
Sent from my GT-N7000 using xda app-developers app
vijai2011 said:
I think the bug is present in only fw older than 3 months old....
Sent from my GT-N7000 using xda app-developers app
Click to expand...
Click to collapse
Anything pre 4.04 is vulnerable.
Sent from my GT-N7000 using xda app-developers app
Related
Sorry if this is posted under the wrong thread but I have seen other posts about porting apk's here so anyway here it goes:
I'm sure that by now today Skype has lifted its Verizon Android phone only limitions and is now extending them to ALL Android devices. The only problem is that an updated app is TBA. With that being said, I stumbled across this site earlier: http://www.chadhaney.com/droidXDefault/ which has all the apk's for the Droid X listed in alphabetical order. Needless to say I installed the Skype Live apk and it appeared to load but gave me a message stating that it was for Verizon phones only. Would it be possible for someone to port this to the Captivate, and since the FM Radio apk is there too, would that also be possible? Thanks in advance!!!
Sent from my SAMSUNG-SGH-I897 using XDA App
I meant to say that "I'm sure by now everyone knows that today Skype..."...
Sent from my SAMSUNG-SGH-I897 using XDA App
skype is on app market already.
FM radio i think captivate just missing out the chips that was used for it in i9000, and guess that's the same one for verizon's galaxy s.
I've been trying the Market version but it wont let me sign in...I've only had success with the beta which...sucks lol...
Sent from my SAMSUNG-SGH-I897 using XDA App
What's the likelyhood of getting the BT Voice commands APK/odex from the Droid X and applying them?
I wouldn't expect to see BT Voice control until the official FroYo release for our phone.
jgotti107 said:
I've been trying the Market version but it wont let me sign in...I've only had success with the beta which...sucks lol...
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
that was because u were on 2.1 and skype didnt support that..only 2.2 and later versions..
why to bring up something from last october... 7 months by my count!
Moved to proper forum.
Any way to install the droid apk & odex in captivate...?? For example the social message
Sent from my SAMSUNG-SGH-I897 using XDA App
insane08 said:
Any way to install the droid apk & odex in captivate...?? For example the social message
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
Depends on if it has any dependencies in Motorola specific frameworks or not.
Hi, we have just released a free app to the HTC Desire with Android 2.2 that can scan a barcode and do a webservice call to our productdatabase with buildingmaterials (apps name: nobb skanner).
We have many people complaining that the app does not work with the Wildfire with android 2.2.1. The app just terminate on the Wildfire after doing a barcode-scan. We do not have a Wildfire to do a test, and I would very much like to tell the development team what to do if someone her could give me a hint ;-)))
Is there anyone that knows what the issue could be?
best regards
gillidk
gillidk said:
Hi, we have just released a free app to the HTC Desire with Android 2.2 that can scan a barcode and do a webservice call to our productdatabase with buildingmaterials (apps name: nobb skanner).
We have many people complaining that the app does not work with the Wildfire with android 2.2.1. The app just terminate on the Wildfire after doing a barcode-scan. We do not have a Wildfire to do a test, and I would very much like to tell the development team what to do if someone her could give me a hint ;-)))
Is there anyone that knows what the issue could be?
best regards
gillidk
Click to expand...
Click to collapse
IIRC, Barcode scanner had the same problem like, 4 months ago, I guess you can solve it with a simple mail to his developer.
Ps: you could even post the solution here, even if it seems pointless, posting it makes it avaible (even if it takes 5hours to find )
This sppears to be based on the same source as the barcode scanner app (what is it for?) i have had it crash (i hit report and sent the system info) just a side note it works fine on the galaxy tab but could do with being translated into english
Sent from my GT-P1000 using XDA App
I suspect it will either be to do with the Wildfires low resolution or limited EGL.
Still barcode scanner works and they seem to be running on the same base source
Sent from my GT-P1000 using XDA App
HCDR.Jacob said:
I suspect it will either be to do with the Wildfires low resolution or limited EGL.
Click to expand...
Click to collapse
Could be. Tried it on my friends x10 mini pro running 2.1 and it had the sane issue
Sent from my HTC Wildfire using XDA App
NOBB skanner
NOBB stands for norwegian building article database. NOBB contains allmost 700.000 articles sold in the Do it yourself (DIY) stores in Norway.
With the scanner you can find productinformation on the buildingarticles such as certification, maintenance, assambly etc. etc. just by scanning the products barcode.
The app is programmed for Android 2.2, and we know that it will not work on Wildfire bacause it use Android 2.2.1.
The app uses the common barcode scanner api.
Does the ordinary barcode scanner app function good on the Wildfire?
The normal one is Fine on the x10 and wildfire
Sent from my GT-P1000 using XDA App
Would be nice if at least the descriprion was also in english so people know what it is
Sent from my GT-P1000 using XDA App
The x10 mini pro is running 2.1 on a qualcomm msm 7227 with a qvga screen and a 5 megapixel camera. And it crashes as soon as you tap the button to open the barcode scanning function
Sent from my GT-P1000 using XDA App
Tested
hxxp://megaupload.com/?d=6JK9QGUO
ThuongTin said:
Tested
hxxp://megaupload.com/?d=6JK9QGUO
Click to expand...
Click to collapse
Hmm might give it a go, thanks
Is root required? I m getting stuck at installation on my non rooted device.
Sent from my HTC Incredible S using XDA App
siddroid said:
Is root required? I m getting stuck at installation on my non rooted device.
Sent from my HTC Incredible S using XDA App
Click to expand...
Click to collapse
No
had the same problem. After installing the official version (yes, despite china's firewall I managed to update it via the Market...), I got the error message "application not installed". Ofcourse the official version, which is also 2.0.0.47, does not support this phone... Interestingly, it doesn't bring up the option for video calling either.
link does not work. comes back with a google search result pointing to this page, rather than loading the actual link.
I am getting stuck at installation. When I click on install nothing happens.
I have Installation of non market application ticked in the settings.
Sent from my HTC Incredible S using XDA App
HTC INCREDIBLE S DOES NOT SUPPORT YET VIDEO CALLING IN SKYPE!!!
"To enjoy 2-way video calling on your Android device, it must be running Android Version 2.3 and above with a front-facing camera. Supported handsets right now that allow video calling include the HTC Desire S, Sony Ericsson Xperia neo, Sony Ericsson Xperia pro and the Google Nexus S. We are sorry if your device currently does not support video for the Skype for Android app. But, rest assured, we plan to roll out support for more Android handsets very soon."
Those who are having problems with the link... did you replace the hxxp: with the proper letters? The link worked fine as of July 4th.
I installed this patched Skype v2.0.0.47 without any problem. I haven't made any calls yet, though. I just ran the application, signed in, and then closed it after exploring it for a bit.
I am running the Skype videocall successfully on my IS.
Make sure u uninstall any existing Skype app before installing the patched one.
Sent from my HTC Incredible S using XDA App
Works just fine
I'm using the HTC Incredible 2, not the S - but I can't imagine the hardware required to use Skype is that different between the two. Have you actually successfully made a video call? All attempts at any version resulted in a Force Close when trying to bring up video in any way.
crashes
Makes calls and sends IM's, but it force closes whenever a video initiation is attempted.
Stock Incredible 2
I presume this is the same that was posted on the XDA portal front page awhile back by pulser?
http://www.xda-developers.com/android/skype-2-available-for-other-devices/
Video call works on my Incr S. Tested video call with Skype on a PC and on my wifey's iPhone 4. The only minor gripe I have is that it's locked in landscape mode. Video quality seems a lot better than Tango...
For all that have it working -
What version of android are you on?
If Gingerbread, is it 2.3.4, or 2.3.3?
OUTATIMEMK said:
For all that have it working -
What version of android are you on?
If Gingerbread, is it 2.3.4, or 2.3.3?
Click to expand...
Click to collapse
2.3.3 using Virtuous Unity v1.27 ROM
edit: I should qualify my earlier comment about the video being better than Tango. Not sure if it's my internet connection today, but video quality wasn't as good as before.
humm
this thread should be closed
http://forum.xda-developers.com/showthread.php?t=1148708
thats the real thread with the lattest updates and mods
thanks..want to try it now !
Is Skype the only way to make video calls on incredible S?
Hi friends.
When i have some free time,i browse browser's header on www.handsetdetection.com .
Today i have found this : Mozilla/5.0 (Linux; Android 4.3; Nexus 4 Build/JWR23B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.60 Mobile Safari/537.36
So in my opinion ,google should release this version before the key lime pie.
I hope they add AVRCP 1.3 support in this version. Google has really been dicking the dog on this one.
LOL, anyone can fake a Browser UA...
CrazyPeter said:
LOL, anyone can fake a Browser UA...
Click to expand...
Click to collapse
It could be true. I found and Issue report HERE for Chrome browser.
Issue 235536: [rAc dialog] After a successful submit with the Autofill, the user would never get a passive Wallet sign-in.
Application Version : 28.0.1489.2
Android Build Number : JDQ39, JWR23B
Device: S4, Galaxy Nexus
Steps to reproduce:
Steps to reproduce:
1. Fresh install app
2. On Firstrun not sign into any google account
2. Enable the flag
3. Open new tab and load the url - http://tinyurl.com/cov836j
4. Tap on check out button
5. Initial Mobile payment screen - Pay without Google Wallet
6. Tap on Submit button
7. Open New tab and load mail.google.com
8. Login into gmail
9. Go to http://tinyurl.com/cov836j
10. Tap on Checkout button
Observed behavior:
Mobile payment screen has only one option -Pay without Google Wallet
Expected behavior:
Should have 2 option Google Wallet(login gmail acct) and Pay without Google Wallet
Frequency:
2/2
Additional comments:
Google wallet option is showing
1.After Force quit and clear app
2. Login into gmail first
Click to expand...
Click to collapse
Another internal JB version. Nothing to see here. Move along.
Sent from my Nexus 4 using xda premium
http://www.androidpolice.com/2013/04/26/google-is-working-on-and-testing-android-4-3-its-still-jelly-bean/
tylercarter said:
http://www.androidpolice.com/2013/0...and-testing-android-4-3-its-still-jelly-bean/
Click to expand...
Click to collapse
Or would be nice to get a test copy
Sent from my Nexus 4 using Tapatalk 2
I would've thought this thread would be 50 pages by now... Thinkin back to the gnex days lol
Sent from my Nexus 4 using xda app-developers app
If this is true then we won't be seeing Android 5.0/Key lime pie at the Google conference. Not a big deal to me, I am happy with Jellybean . I would prefer Google to fix those issues [sensitivity, battery etc...] with JellyBean rather than unveiling a new android.
Sent from my Nexus 4 using xda premium
maybe there will be a fix for the notification delay issue finally....
Ahh JB is just boring to me!
Nexus⁴
I bet that it will be the version presented in the Goggle I/O...
VivaErBetis said:
I bet that it will be the version presented in the Goggle I/O...
Click to expand...
Click to collapse
I would be very disappointed!
Sent from my Nexus 4 using xda premium
I also think they'll present 4.3 in may...
I had enogh beans for now... id like to move along
I'm a fan of the bean.. Looking forward to whatever Google has in store
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Im guessing 4.3 will be released at I/O along with an updated nexus 7. Maybe will see 5.0 release with the nexus 5 in the fall
Sent from my Nexus 4 using xda app-developers app
JB 4.3 sounds good to me until a N5 is released.
Save the big 5.0 release for a whole new phone to launch it on in Fall.
Android 5.0 on the Nexus-Five in November.
Sent from my Nexus 4 using xda premium
I'd rather them fix the issues with 5.0.. We've been on 4.x for years..
Sent from my Nexus 4 using xda app-developers app
I don't really mind. I can wait for KLP, just wanna give Google some time to perfect it.
Hi guys, ok I have been using a certain app for ages the "itv" app, now for some reason it say in the app store that there is update...... But when I click to update it say your device is not supported.
Any ideas to get past this please.
Thanks
Chris.
Sent from my LT30p using xda premium
Hi bud, I just checked it and it says my device is not compatible but I am running the central European .140, is it a regional thing?
Sent from the event horizon of a quantum singularity
Hmmm I can understand that as its the central European firmware mate.
The silly thing is that I'm using the UK generic firmware.
Sent from my LT30p using xda premium
Maybe itv dropped the t from the compatible devices, or they just forgot about it
Sent from the event horizon of a quantum singularity
From the apps description on Play store it appears they've temporarily limited the supported devices.
ITV Player on Android is ITV’s video catch-up service for mobile and tablet devices.
We’ve been working to improve the quality of the application and improve the experience for our Android users. The application has been tested on the following devices:
- Galaxy S2
- Galaxy S3
- Galaxy Note (original)
- Galaxy Note2
- Galaxy Note 10.1
- Ace2
- Galaxy Tab (P1000)
Our intention is to extend this supported device list to as many Samsung devices as we can and to that end, we would appreciate your feedback...
The ITV Player is only available for users with Samsung mobile and tablet devices. This is for an initial period whilst we endeavour to optimise and improve the experience before releasing to other device manufacturers.
Thanks for the reply Barney the stupid thing is that when I was running CM10 I had no problems at all, now that I'm on stock firmware that I can't use it.
Is there no beta I can use maybe.
I have the old version already on my phone. But since the update its showing incompatible.
Thanks
Chris.
Sent from my LT30p using xda premium
Sammy have paid for exclusivity. The updated apk is working fine on my T.
http://www.modaco.com/page/news/_/a...-available-as-long-as-you-use-a-samsung-r1070
Sent from my LT30p using xda app-developers app