Android Authority this week – August 9, 2015
Android fans, this week brought us more reports about the upcoming Note 5 and Galaxy S6 Edge Plus, rumors about the next Nexus phones surfaced, Sony launched the new Xperia C5 and Xperia M5, OnePlus was in the news thanks to its notorious invite system, Xiaomi teased the release of a new version of MIUI, Asus introduced the 5,000 mAh Zenfone Max, and we all discussed the latest – and biggest – Android security scare yet.
Inside AA HQ
Android Authority this week is where you can get all your essential Android news and keep up with your favorite (we hope) Android bloggers, but if you’re more of a video guy or gal, we now have a weekly post where we highlight the best videos from the AA YouTube channel and more. Check out this week’s installment here.
There’s been a lot of talk this week about how secure (or how insecure, depending on whom you ask) Android really is. You can learn about Stagefright and what you can do to protect yourself as much as you can, but it’s important not to fall prey to doomsayer tendencies. Is the problem serious? Yes, by all means. Is it an impeding catastrophe? Probably not – there’s usually a big gap between the theoretical reach of a vulnerability and its practical impact. In other words, do follow basic precautions. Do not freak out (just yet.)
Yes, the OnePlus 2 is controversial. But is it a great phone? You bet! This week we’re giving away a OnePlus 2 to one lucky AA reader. Head over here to get your ticket, and good luck!
The stuff you shouldn’t miss
- How to: Time to dump that iPhone. Here’s how you can switch to Android with minimal hassle
- First impressions: Matt looks at the Galaxy A8 and brings you his first impressions
- Review: How does the Galaxy S6 Edge hold up in time? Nirave answers
- Opinion: Is Google Plus dying? Probably not, but it’s definitely changing
- Review: Bailey reviews the popular Lenovo K3 Note
- Opinion: How Motorola transcends Android without actually changing it
- Review: The long anticipated new Moto G is here, and this is our review
- First impressions: Josh unboxes the OnePlus 2 – does it hold up to they hype?
Top news of the week
Galaxy Note 5 & Edge Plus
- Samsung Galaxy Note 5 leaks yet again, showing off new Air Command menu
- Samsung begins teasing its upcoming Galaxy Note 5
- Samsung teases Note 5, Galaxy S6 Edge Plus, and what could be a new tablet
- Exposed: the Galaxy Note 5 is leaked in-full, packaging and all
New Xperia phones
- Xperia C5 Ultra offers two 13MP cameras and a “near borderless” 6-inch display
- ‘Super Mid-Range’ Sony Xperia M5 announced
OnePlus 2
- OnePlus Carl Pei: another phone by Christmas & NFC is overblown
- 30,000 OnePlus 2 handsets sold in 64 seconds in China
- (Update 2: Hacked yet again) How one user ‘hacked’ the OnePlus 2 invite system
- OnePlus is auctioning OnePlus 2 invites for charity
- OnePlus 2 on sale through OppoMart for $459, no invite required
Xiaomi teasers
- Xiaomi to launch MIUI 7 alongside a new product on August 13th
- Xiaomi may unveil Redmi Note 2 alongside MIUI 7 next week
Stagefright, oh my
- How is Google fixing the Stagefright vulnerability that affects 95% of all Android phones?
- (Update: multiple Samsung devices, too!) Stagefright patch now rolling out to the Nexus 6 and Nexus 5 as build LMY48I
- Samsung to release monthly security updates to its Android devices in wake of Stagefright exploit
- Google to roll out security-focused updates to Nexus devices on a monthly basis
- Worried about Stagefright? Here’s what you can do for now
New Asus Zenfones
- Asus announces the Zenfone Max with 5000 mAh battery
- ASUS launches the ZenFone 2 Laser, ZenFone 2 Deluxe and ZenFone Selfie in India
Nexus rumors
Sound off
We always want to hear your feedback. Whether it’s criticism or praise, feel free to tell us what you think about Android Authority’s content, design, and community. Comment here or get in touch with us on our social channels:
Happy Sunday!
Don’t want Stagefright? Follow these tips to protect your device
So there’s been a lot of talk over the last couple of weeks about this Stagefright vulnerability that has been found in just about every Android device. The team who found the exploit, released an app to let you know whether your device is at risk, but there’s still one question that remains. How do you protect yourself against losing your device to Stagefright?
Well today, we will take a look at some ways to try to protect you and your device, until your manufacturer and/or carrier get an update out to your device. The first step, would be to double check and see if your device is at risk. You can do so by downloading the Stagefright Detection App from the Play Store.
Before knowing what you can do to fix the problem, you should have some type of understanding as to what the problem does. So what Stagefright does, if it affects your device, is essentially take over your the MMS capabilities. If targeted, the device will automatically download the MMS, and open the video. The process that takes place after an MMS is received, is where Stagefright has been found.
The Stagefright Detection App was developed by Zimperium, which was the group that found the vulnerability. Once you’ve run the analysis and get your result, don’t panic if you’re vulnerable. There are still steps you can take to avoid having any issues pop up.
So now that we know WHAT happens, we can now take the necessary steps to better protect our devices from being compromised. First and foremost, you’ll want to head on over to the update section of your device. Manufacturers, like LG, Samsung and Google, have been trying to get their devices updated as quickly as possible to protect their users.
If you don’t have an update, the next step you will want to take is to check for updates for the messaging app of your choice. Since the vulnerability is found through the use of the SMS application, developers have been updating their apps to protect against Stagefright. For example, Textra and Google Messenger have recently been updated to patch the loophole found.
Another step that will (hopefully) greatly reduce the chance of your device being affected, is to turn off the auto-retrieval of MMS. This can be done in the settings of your SMS application, or the settings of your device. There should be a toggle to disable MMS auto-retrieval and you’ll already be taking a step in the right direction.
While this last suggestion may seem trivial, it really could be beneficial in protecting your device. Be sure to not open any MMS messages from any number that you don’t know. You don’t want to open an MMS from someone you don’t know and then be instantly affected, so don’t take the chance. Double check the phone number before opening the message.
These are just some steps you can take to try to avoid being affected by Stagefright, but these definitely will help. As we’ve stated, and covered here at AndroidGuys, manufacturers are working very hard to help protect their users against vulnerabilities like this going forward.
Let us know of any other suggestions that you may have to share with the rest of us to make sure we aren’t affected by Stagefright. Leave your suggestions in the comments below, and let us know what you think about the Google and Android manufacturers jumping on board with a plan to keep us all protected.
The post Don’t want Stagefright? Follow these tips to protect your device appeared first on AndroidGuys.
LG joining Samsung and Google to combat Stagefright
LG has announced that it will join Samsung and Google in an effort to combat Stagefright.
Stagefright is a vulnerability in Android that exploits how the operating system handles MMS. When an MMS is sent, some messaging apps automatically download the video files as soon as they are received in order to make them immediately ready to be opened. And while the OS does this, the system involved with processing video can be attacked.
In relation to the issue, LG stated,
LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority.
This is certainly welcome news, and hopefully, other OEMs will take part in this initiative against Stagefright. However, how effective will this be with carriers involved? After all, carriers are known for being slow with OS updates, which provide their own improved security over those currently installed, until they are certain their own services function properly.
Should you be concerned about this uncertainty, check out this post for how to detect if you have Stagefright and how to defend yourself against it.
Source: Droid-Life
The post LG joining Samsung and Google to combat Stagefright appeared first on AndroidGuys.
The top 8 wearables you can buy right now
Fall is right around the corner and whether you’re looking for a fashionable accessory, fitness tracker or productivity wearable to see the season through, you’ve got plenty of great options. Apple’s Watch has finally hit its stride, with a rich app selection and recent software updates, making it a top pick for the iOS crowd. For those more interested in a casual colorful design and long battery life, the Pebble Time may be just right for your wrist. LG’s classically styled Watch Urbane has joined the stable of Android Wear devices and Garmin finally graced the niche fitness market with a proper smartwatch. All these and more are lined up in the gallery below for your perusal and can also be found in our complete buyer’s guide.
Slideshow-290264
Filed under:
Wearables, Apple, LG
Tags: apple, buyers guide, engadget buyers guide, lg
LG commits to monthly Android security updates
In the wake of the Stagefright bug, LG has reportedly committed to posting monthly security updates to protect its Android smartphones. It’s the third company in two days to pledge to ensure that its devices aren’t left wide open for hackers, since Google and Samsung both said the same yesterday. The announcement was reported by Wired, who quotes an unnamed LG source as saying that it’ll provide the updates on a monthly basis. Unfortunately, these updates will still have to be passed fit for purpose by the carriers, who frequently drag their feet when it comes to getting them out to consumers.
The problem, as both Motherboard and MIT Technology Review have recently pointed out, is based around how Android works. Rather than being a product that’s worked on in a lab at Google and then pushed out to all users, the operating system is forked, tweaked and altered by every company, and carrier, that uses it. That means that, instead of one version of the software, there are hundreds of minor variations, which makes universal security patches all that more difficult to distribute. That’s why the Stagefright bug is so terrifying, since it threatens anything up to 950 million devices with little chance of a one-size-fits-all solution being created. We’ve reached out to LG so that we can confirm that it will commit to monthly security updates, but have not had a reply by the time of publication.
Filed under:
Cellphones, Software, Mobile, Google, LG
Via:
Android Police
Source:
Wired
Tags: Android, Bug, google, lg, mobilepostcross, Patch, Security, Stagefright
LG to implement monthly security update policy
Joining a list of companies shaken by the Stagefright vulnerability on Android, LG has announced they will be implementing a new policy to issue security updates on a monthly basis. This strategy is similar to one recently announced by Google for their Nexus devices as well as other smartphone manufacturers like Samsung.
According to a statement made to WIRED,
“LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority.”
Besides the potential harm to the brand from any perceived weaknesses in the Android operating system running on their devices, LG is trying to establish itself as a source of smartphones for the U.S. government, so a commitment to security is a key ingredient to success with that effort.
source: WIRED
via: Android and Me
Come comment on this article: LG to implement monthly security update policy
LG’s G4 officially certified as a secure device by the US government
LG can now proudly say their current flagship, the G4, is officially secure enough for use in the US government after passing some pretty strict testing.
The device meets the US National Security Agency’s National Information Assurance Partnership standards, certifying it for use in over 25 countries, including the US. It meets international security standards as well as the US government’s Cryptographic Modules standards, which is a pretty big accomplishment and opens up a large new market for the G4.
LG GATE is LG’s own security platform and offers enhanced platform, network, and application security. It’s a benefit to large enterprise customers and helps keep sensitive data secured.
LG’s previous flagship, the G3, received the same NIAP certification, but it was also approved for use by the Department of Defense. The G4 is currently undergoing DoD testing.
source: LG
Come comment on this article: LG’s G4 officially certified as a secure device by the US government
In the wake of Stagefright, LG plans monthly security patches too
The Stagefright exploit, reported last month, seems to have the Android OEMs a little shaken, and LG is the next big OEM to announce that it will be providing monthly security updates to its smartphones from now on.
In an email to Wired, LG states that it will be proving updates each month and will be making them available to carriers right away. Hopefully, carriers will also participate in providing timely security updates, as they can often be the cause of major update delays.
“LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority.”
In the past couple of days, Google and Samsung have also announced that they will be providing fast track rollouts for security updates. Typically, companies lump a ton of security patches in with their next big update for a smartphone, but many handsets quickly drop off the update radar all together. Little and often updates should really help to keep handsets secure.
See also: How is Google fixing the Stagefright vulnerability that affects 95% of all Android phones?
Although security exploits are never a good thing, it looks like Stagefright has finally jump scared OEMs into taking customer security more seriously. Although we will have to wait and see how long companies are willing to provide support for and how many older handset users will still be left in the dark.
We can probably expect similar announcements from other major OEMs in the next few days.
Report: Android Pay will launch with an LG Nexus in October
Reports out of Korea today are claiming that in the coming months, Google will team up with LG to launch Android Pay and a new LG Nexus phone. You may remember the hugely popular Nexus 5 was made by LG and many Android enthusiasts have been clamoring for an updated version of the phone ever since the disappointingly large and expensive Motorola Nexus 6 was launched last year. With multiple leaks all seeming to confirm that we’ll see a successor to the Nexus 5, fans just may be in luck.
According to the leaks we should see a 5.2″ 1080p P-OLED panel, 4 GB of ram, up to 64 GB of storage, a 3,180 mAh battery USB Type C, and a Sony IMX278 sensor with f/1.8 aperture lens. Powering the newest Nexus will be the Qualcomm Snapdragon 620. Qualcomm has recently gotten a ton of heat for their subpar Snapdragon 810 process that has been widely reported to run so hot that thermal throttling is a major issue. Fans will be relieved to know that in recent benchmarks that the 620 “comes close to, or actually beats the Snapdragon 810 as benchmarked in the Xiaomi Mi Note Pro”.
One question people are being forced to ask themselves is “what took so long?” Google had a gigantic lead on Apple’s mobile payment platform and squandered it. Google Wallet has been around since May 26, 2011 and now they’re going to be behind the 8 ball because they’ve let Apple come in and dominate mobile payments. Any entry into this growing segment is going to be seen as a late push to claim what Apple has trail blazed so far, whether that’s true or not.
This is yet another example of Google’s rollout of a feature that could be potentially game changing only for them to limit to the United States and not put any real development or advertising behind it.
Source: Business Korea
The post Report: Android Pay will launch with an LG Nexus in October appeared first on AndroidGuys.
Researchers can take complete control of Android phones
The wave of security issues with devices, cars and even skateboards continues as Check Point researchers presented a vulnerability at the Black Hat conference that could potentially open millions of Android up to hackers. Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app’s plugins to access a device’s screens and actions using an OEMs own signed certificates.
That means a nefarious individual could see what you’re doing and control your phone or tablet. And according to the researchers, there’s no reasonable way to revoke the certificates as an end user. Check Point noted that the devices that could suffer from Certifi-gate are from LG, Samsung, HTC and ZTE and that these OEMs have released updates to mitigate the issue. Both Check Point and Google have noted that Nexus devices are not prone to the vulnerability.
Check Point’s Technology Leader of Mobile Threat Detection, Avi Bashan told Engadget that the vulnerability stems from an issue in Android’s security architecture and that OEMs created flawed implementations of the remote support tools to get round the Android issue. The companies jsut didn;t do a very good job at it. Bashan also noted that for many, the vulnerability may not go away any time soon because of the long update time associated with Android devices.
Concerning the vulnerability Samsung issued the following statement: “At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are aware of Check Point’s alleged claims, and Samsung has addressed this issue. Samsung encourages users not to execute unsecure apps.”
A Google spokesperson told Engadget: “We want to thank the researcher for identifying the issue and flagging it for us. The issue they’ve detailed pertains to customizations OEMs make to Android devices and they are providing updates which resolve the issue.”
Like Samsung, Google urged Android users to get their apps from the trusted sources, “in order for a user to be affected, they’d need to install a potentially harmful application which we continually monitor for with VerifyApps and SafetyNet. We strongly encourage users to install applications from a trusted source, such as Google Play.”
Bashan said that it’s possible for an app that exploits the vulnerability to get through the Google Play verification service because the app can look perfectly legit while its associated plugin could lead to the device being compromised. Either way, until your phone gets the update, it’s probably a good idea to skip side-loading apps.
Check Point has made the full report of their findings available online and has created a free app that scans for apps that use the Certifi-gate vulnerability.
Filed under:
Misc, Internet, Sony, HTC, Google, LG
Source:
Check Point
Tags: Android, BlackHat, CheckPoint, google, htc, lg, Security, sony
AIVAnet 