G1 News

Oh dear it seems as though there may be a pretty serious security issue present in Android OS, specifically related to Open Home. Open Home is a home replacement application that gives Android users a whole new series of themes. The problem is to do with permissions, and what Open Home can acess. Android’s home screen has open permission, giving the programme access to contacts and short cuts to apps. This means someone could develop an app to be used in conjunction with Open Home which replaces the home screen that could maliciously access the phone’s contacts and pass them onto a third party. Because the home screen has permission to app short cuts, a programme could be developed simply to reroute users to a fake programme that could steal username and password info.

It is these sorts of security issues that might make people wonder whether it was such a great idea for Google to give anyone free reign to release Apps into the market without any serious scrutiny. Apple’s App store may be restrictive and controlling but at least issues like this would never come about.

Androinica have got hold of a letter from an Android developer worrying about the dangers of using Open Home from Better Android:

I am an engineer on the Android Team and I worked on the default Home screen. I recently came across your Home replacement called Open Home. First of all, let me congratulate you for it, it has some very nice ideas and it’s good to finally see a viable 3rd party replacement for our Home screen. However, I would like to warn you about two very serious security holes in your application, both related to the way you implemented widgets.
(some texts removed….) * by Better Android

Home runs with quite a few permissions, most notably the ability to read contacts. With your implementation of widgets, any application can offer a new widget that, once installed by the user, will silently use Home’s permissions to achieve whatever it needs. For instance, a widget could be easily modified to read all the contacts and upload them silently to a website. At no point the user will know that the widgets will make use of the “read contacts” permission.

The second security hole is the ability you give the widgets to spoof any other app. A widget could for instance find shortcuts on the Home screen and change their Intent or attach a different click listener to execute something entirely different. This way, a widget could for instance execute a fake Email app and grab the user’s password and emails. A widget could do much more too since they have access to all the information stored in the Home screen UI. These two very important issues are the reason why widgets were not implemented in Android 1.0. We need to implement them correctly to guarantee the privacy and safety or the user’s data.

As your application currently stand, I would strongly advise you to disable the widgets support until you come up with a secure implementation of widgets. You have customers who paid for your applications and it would be really bad both for them, you and Android if a malicious widgets started taking advantage of these security holes.

- -UPDATE UPDATE UPDATE- -

Better Android have been in contact to refute the claims in this post check ‘em out here.

The German Verbs App is slightly more useful than this one especially when it comes to the difficulty of learning German verbs. With the German language, the mentality seems to be, why invent new words when you can just stick existing ones together to describe the new concept. This cut and shut approach to language results in extremely long words such as Donaudampfschiffahrtsgesellschaftskapitän and makes learning it a tricky process for English speakers who are used to having more words at a shorter lengths.

As this is a new App, the G1 Market News community haven’t yet rated it but it is sure to be popular for linguists and tourists alike as it provides a really useful service.

G1 Market News

I am personally concerned for just how many mails I’ve had asking for a Twilight Theme for the T-Mobile G1! Thought it only fair that I linked y’all on to G1PhoneWallpaper.com, and gave you what you so desire!

Twilight Wallpaper – normal resolution of 320 x 480

Twilight Wallpaper – widescreen resolution of 500 x 375

Original version – here

Be sure to check out www.G1Wallpaper.com for all manner of great wallpapers. Not guaranteeing any of those will have pasty-faced angst ridden vampires in them, but there’s no harm in looking!

Not really sure what this movie is about, seems pretty similar to the Buffy/Angel interspecies love affair. Am I right?

Anyone that bought an unblocked G1 phone is no longer able to download apps from the app store, since  Google changed the set up last week. Any user with an unblocked G1  phone can’t access copy prohibited applications, including those that cost to download.

Google made the changes in an attempt to close a loophole that reportedly allows users to unlock the phone and download apps for free. Google allows returns within 24 hours of downloading. The Android market allows anyone to return an application within 24 hours; in contrast to the iPhone app store which has none of the freedoms of the Android system.

So how it works is this – protected applications are automatically downloaded into a private Android folder. Most phone users can’t access the files but users of the developer phone can. In that way a specific developer phone user could buy an application, copy it from a private folder, return the application for a refund and then re-download the application to the phone. The developer version of the G1 was designed to give developers “flexibility” by letting them have full permission to use the software.

But I know that if I’d paid $400 for a phone and then found out that I couldn’t access any of the applications, I’d be mightily pissed off. If it was applications (that I’d designed myself) and I couldn’t get access to on my phone; I’d be even more pissed off.

One developer is proposing a “developer revolt” and encouraging all developers to pull their applications from the store.

“It would be the only way to show Google that this is not acceptable, and that devs are not second (third?) class citizens on the Market”.

“I am beyond angry that I can not even see my own paid app on the market with my 400 dollar dev phone!”

Looks like Google have got some making up to do.