Thursday, May 19, 2011

Google plans to close Android hole as soon as possible

Google says that it has started "to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts". The fix will roll out globally over the next few days, said a Google spokesperson in an official statement. No user action will reportedly be required to close the security hole.

However, the company didn't provide any details on how exactly it intends to solve the problem. According to some reports, Google will expected to configure its servers in a way which forces communication to be encrypted using HTTPS when synchronising calendar items and contacts.

For the Picasa app, this is apparently not an option and Google is said to be working on an alternative solution. The company also doesn't appear to have solved the Picasa problem in Android firmware either. The Picasa app continues to transmit the authentication token in plain text even in version 2.3.4, where Google Calendar and Contacts no longer synchronise without encryption.

Researchers at the university of Ulm in Germany had discovered an Android data transmission vulnerability that allows attackers to gain unauthorised access to, and manipulate, other users' Google Calendar, Picasa Web Album and Google Contact data. The issue exists because an authentication token (AuthToken) which is received when logging into the Google server is then subsequently transmitted, in plain text, by some applications when they make further requests of the Google servers. In unencrypted Wi-Fi networks and in networks where all users use the same key, attackers can use Wireshark to intercept the token and use it for their own purposes

Enhanced by Zemanta

Monday, May 16, 2011

Android Open Conference

Introducing Android Open

The Android juggernaut is gaining force and momentum, rocketing past the iPhone and Blackberry to become the dominant smartphone platform. And the opportunity goes beyond phones—Android is powering tablets, set-top boxes, and a host of new embedded and connected devices.

Android Open is the first conference to cover the entire Android ecosystem. Whether you're a developer, IT pro, business decision-maker, or marketer, you'll find the latest and best information for maximizing the power of the Android platform. But this new O'Reilly conference is not just about today's Android opportunity—it also spotlights tech, projects, and companies that point to Android's bright future.

Android Open is a big-tent meeting ground for app and game developers, carriers, chip manufacturers, content creators, OEMs, researchers, entrepreneurs, VCs, and business leaders to share best practices, tools, models, and lessons learned. If it's your business to create, sell, or market products in the Android space, if you're launching an Android-centric venture or need to take stock of the competitive landscape, Android Open is the place to be.

Insightful keynotes, practical workshops, and expert-led sessions will explore:

  • Building Android apps: best practices
  • Android internals—under the hood
  • Development tools
  • New frameworks
  • Alternative languages
  • Gaming and game development
  • Enterprise solutions and considerations
  • Performance and security
  • Analytics and revenue models
  • Multiple Android markets
  • Promotion and consumer needs
  • and much more

Android Open happens October 9-11, 2011 at the Hyatt Regency San Francisco. Expect to encounter actionable insight, alternative hardware and services, announcements and product launches, and a "hallway track" that takes networking to a whole new level. Join with other Android professionals who are passionate about making the Android universe open, inclusive, and successful at the very first Android Open.


- Android Open

Enhanced by Zemanta

Thursday, May 5, 2011

Installing non-Market Android Apps made easy




Now you can install apps on your Android powered phone or device without having to get them through the Android Market.

Android Injector allows you to quickly and easily install apps that you have downloaded to your computer in the form of ".apk" files onto your Android phone or device. Some phones do not allow you to install apps from any other source except the Android Market. However, some app authors do not release their apps to the Android Market and elect to put them on other sites such as Getjar.com. Android Injector allows you to download apps from those other sources to your computer and then install them onto your phone from your computer quickly and easily via USB connection.

Just install the USB drivers for your phone or device onto your computer (check your carrier or device manufacturer for drivers), connect your phone to your computer via a USB cable, select any amount of Android app files (.apk) and click "Install to device". No rooting or any of that complicated stuff.

- xda developers forum

Link for the tool is here: Android Injector
Enhanced by Zemanta