Related
Can it be done?
emudojo said:
Can it be done?
Click to expand...
Click to collapse
No, search next time please =)
Short answer is no with an adp build but if you really want paid apps you can install JFRC33 to get access to them.
I don't know where these guys are coming up with their info. You most definitely CAN access paid market with ADP, IF you have installed the update available at www.htc.com in the support section.
The only requirement is that you have a US or UK sim card installed, I don't think that it is necessary for the card to be active.
not so short answer
Well, people are kind of right about not being able to download paid apps. I have an ADP1 1.1 phone using Three as my provider here in the UK and I see SOME charged apps. BUT apps that the developer 'copy protects' arel not available. (see below for the unfiltered version)
This is a load of cr4p on Google's part because the 'copy protection' is simply installing the app to a protected directory (no encryption, no validation, nothing). As the ADP1 phone has root, we can get easy access to the apk file, and since we are all criminals we will post them to warz sites. Of course the reality is that there are far more rooted G1s out there (that CAN get all forms of paid apps) then there are ADP1s.
But, of course, Google has plausible denyability when it comes to hacked G1s. This is not the case with ADP1s. I suspect that this was a decision from the law department in Google.
The only sure way to get ALL the apps on an ADP1 is to install one of the hacked JesusFreek ROMS or flash it to a stock G1
Here is the official word from the android developers (http://android-developers.blogspot.com/)
"Some developers have asked about the support for copy-protected apps on developer devices, and indeed there is a limitation you should be aware of. Many developers are concerned about the unauthorized redistribution of their applications, so they make use of the copy-protection feature (known as "forward locking") which prevents applications from being copied off devices. However, developer phones like the ADP1 allow for unrestricted access to the device's contents, making it impossible to enforce copy protection. As a result, the Market application on such devices is not able to access copy protected apps, whether they are free or paid. If you choose to add copy protection when you upload your application to the Android Market, then you won't be able to test it on the ADP1's Android Market client. Your application will always be accessible to users who have standard configurations though, and if your application (whether it is free or paid) is not copy-protected it will appear on all devices, including developer configurations."
lbcoder said:
I don't know where these guys are coming up with their info. You most definitely CAN access paid market with ADP, IF you have installed the update available at www.htc.com in the support section.
The only requirement is that you have a US or UK sim card installed, I don't think that it is necessary for the card to be active.
Click to expand...
Click to collapse
What update????
Try clicking on the link and going to the support section as I said. THAT update.
I don't see any updates for the G1 under the support section, only FAQ, User Guides, and Tips & Tricks. Do you have a direct link?
http://www.htc.com/www/support/android/adp.html
Thanks for the direct link. I was looking under G1... opps. I want to try and switch over to adp, but wont flashing the updates from the link mean I cant flash to a modded build? Even if I can see protected apps with this update, if I chose to use a Modded image, then I will lose the ability once again right?
Im sorry if im not getting this, but I just want to be on an ADP1.1 build that allows me to see AND purchase all apps... Even protected ones, while still being able to run the scripts and other developments that this community has brought. Will this help me accomplish that???
Sorry in advance
Hi fellow LG WP7 users!
Just wanted to let you guys know that new free apps in the LG app store are available now. Enjoy!
New apps:
Cocktail Flow
Doodle God
Color Sprouts
envision for Basecamp
Krashlander
Colorize
Weave
Talking Ragdoll
Mobile Sommelier
Mr. Hat and the Magic cube
Network Setup
Thanks for the heads up. I can confirm the apps are available in Canada as well.
Wow, LG really knows what they are doing with their apps. And RIGHT on time too. 60 days after launch. I wonder if this will continue. Also, seeing how the last round of apps still remain, here's hoping any new apps won't replace the old ones.
I am really not regretting buying and keeping this phone after all, even if the buttons are still a bit wobbly. If LG comes up with a phone with an IPS panel like they are doing with their Tegra2 based Android phones, but with WP7 on board, then they will have another customer...again.
PS: The total worth of the apps is around 30 dollar US...Respect LG, respect.
That's awesome! I was actually considering buying Cocktail Flow, Doodle God and Krashlander. That's 3 quality apps right there!
Well here is the bad news. After installing all the apps, I have discovered a sad truth. Not all the apps are up to date. The corresponding paid version in the Marketplace for an app, let's see Weave, is several releases ahead. Same with Cocktail flow. This was my initial fear as well. LG is basically offering these apps AS IS and probably will not update them past the 60-days offer. If the apps are not tied to the original developer, then basically we are screwed with no updates, and have to stick with out version 1.0 apps from LG. Nothing against LG, but if you promise something, then do it right.
You're right. This issue should be brought up to LG if we want a chance of getting updates. They probably won't do anything about it unless people make it known that it is important.
Hi! I'm one of the developers on Cocktail Flow. The current version in the LG appstore is indeed not the holiday version: this has to do with some issues with the process of getting them over to LG behind the scenes. However I can assure you that the app will soon be updated to the current version (and to other versions that would come out through the 60 days period).
The first update will still probably take some time, but after that there should be shorter delays between the marketplace and the LG store update.
gergolovebsz said:
Hi! I'm one of the developers on Cocktail Flow.
Click to expand...
Click to collapse
Nice job! Easily one of the best looking apps on the platform.
gergolovebsz said:
The current version in the LG appstore is indeed not the holiday version: this has to do with some issues with the process of getting them over to LG behind the scenes. However I can assure you that the app will soon be updated to the current version (and to other versions that would come out through the 60 days period).
Click to expand...
Click to collapse
Do you know what the plan is after the 60 day period? I assume they'd be removed from the app store, which in turn probably means no more updates. hopefully you have info to the contrary.
gergolovebsz said:
The first update will still probably take some time, but after that there should be shorter delays between the marketplace and the LG store update.
Click to expand...
Click to collapse
Thanks for the info, LG hasn't communicated how this works very well so far.
gergolovebsz said:
Hi! I'm one of the developers on Cocktail Flow. The current version in the LG appstore is indeed not the holiday version: this has to do with some issues with the process of getting them over to LG behind the scenes. However I can assure you that the app will soon be updated to the current version (and to other versions that would come out through the 60 days period).
The first update will still probably take some time, but after that there should be shorter delays between the marketplace and the LG store update.
Click to expand...
Click to collapse
Thank you for the information. If only LG was so transparent in communicating with consumers. Cocktail Flow is one of the few apps in the marketplace that is just amazing to LOOK at, and even more impressive to use. I had it purchased before LG put it up. Amazing, and has gotten me some praise on my mixing formulas nowadays (Hehe). My question for you is whether the updates will stop after the 60 days, or will it be tied directly to your actual app...because if it is the former, that is kinda...a downer...
What happend to this apps? Two weeks ago they were available to download in LG marketplace, but now they arent.
elektryk said:
What happend to this apps? Two weeks ago they were available to download in LG marketplace, but now they arent.
Click to expand...
Click to collapse
+1 My device was reset after entering a pin incorrectly and now that I am trying to reinstall, these apps listed at the top of this thread are no longer on the marketplace. What is going on? Older LG apps are showing, newer ones are showing but not all of those are there:
Cocktail Flow - NO
Doodle God - NO
Color Sprouts - NO
envision for Basecamp - YES
Krashlander - NO
Colorize - NO
Weave - NO
Talking Ragdoll - NO
Mobile Sommelier - NO
Mr. Hat and the Magic cube - NO
Network Setup - YES
Any ideas?
I know some of the apps said "60 days of free download for lg handset owners" so they probably took them down because it's been 60 days.
This is what I was afraid of. As of now, the free apps that were off Marketplace (not the LG developed ones) are no longer available, possibly new ones are coming.
Two matters to think about:
1- If you reset your phone, there is no way to install the apps again, even if you downloaded it before. This is due to the fact that the xap files are not stored locally on your computer or anywhere when syncing with Zune. iTunes stores an app on the synced computer no matter what, even if the app has been removed from App Store.
Basically, if you have the apps, don't delete them, until someone figures out (or at least shares with us) how to extract xap files.
2- If you have the apps right now on your phone, then the apps are STUCK with their current version, probably forever. For example, if Weave updates their app to version 2.5 or above, you are stuck with 2.3 ANYWAYS. I voiced this concern early on if you look back at the earlier posts in this thread.
So, we should either petition LG to bring back the apps, and disallow new installs, which I believe has more to do with the Marketplace's structure than LG. OR, get Microsoft to tie our apps to the Marketplace equivalents.
Also, Microsoft should adopt Apple's model of backing installed apps through its Zune software.
kapanak said:
This is what I was afraid of. As of now, the free apps that were off Marketplace (not the LG developed ones) are no longer available, possibly new ones are coming.
Two matters to think about:
1- If you reset your phone, there is no way to install the apps again, even if you downloaded it before. This is due to the fact that the xap files are not stored locally on your computer or anywhere when syncing with Zune. iTunes stores an app on the synced computer no matter what, even if the app has been removed from App Store.
Basically, if you have the apps, don't delete them, until someone figures out (or at least shares with us) how to extract xap files.
2- If you have the apps right now on your phone, then the apps are STUCK with their current version, probably forever. For example, if Weave updates their app to version 2.5 or above, you are stuck with 2.3 ANYWAYS. I voiced this concern early on if you look back at the earlier posts in this thread.
So, we should either petition LG to bring back the apps, and disallow new installs, which I believe has more to do with the Marketplace's structure than LG. OR, get Microsoft to tie our apps to the Marketplace equivalents.
Also, Microsoft should adopt Apple's model of backing installed apps through its Zune software.
Click to expand...
Click to collapse
OK. So are there other ways to grab the XAP files off the LG phones using TouchXplorer or Advanced Explorer? This way we won't need to wait until LG or MSFT figures out what they are going to do?
So far, I have not had any success with either of the above tools, but that could just be me, or maybe there is a device specific tool for the LG Optimus line of phones?
kapanak said:
So, we should either petition LG to bring back the apps, and disallow new installs, which I believe has more to do with the Marketplace's structure than LG. OR, get Microsoft to tie our apps to the Marketplace equivalents.
Click to expand...
Click to collapse
I think it should be implemented in MarketPlace. Normally when you buy app, you have it assign to live acount. To solve it, they need to make an option to assign a free application OR make an option to add a "prepayed" (or free for some group of users) option to some application and some device id (ie from LG). IMHO MarketPlace architecture does not allow any of this solutions now.
My biggest hurdle right now is that I have to hard reset my phone, which is the only solution to get rid of the 8000FFFF error in Zune Update. This means I won't be able to back it up on my PC. So somehow I need to grab the apps before that. Heh.
elektryk said:
I think it should be implemented in MarketPlace. Normally when you buy app, you have it assign to live acount. To solve it, they need to make an option to assign a free application OR make an option to add a "prepayed" (or free for some group of users) option to some application and some device id (ie from LG). IMHO MarketPlace architecture does not allow any of this solutions now.
Click to expand...
Click to collapse
Interestingly, some of the apps we downloaded from the LG app store ARE actually tied to our live accounts, which you can check using the app purchase history in the Zune client. However, the apps listed are ONLY the permanent, LG developed or endorsed ones (eg. QR Reader, Metro Scanner, etc).
None of the Marketplace pulled ones are there. So there is no record of it whatsoever.
It is as if the developers just handed LG their xap files and LG submitted them (which is almost exactly what happened), and then when you install, it is like installing a homebrew xap...
So I won't feel too bad for pulling the xap out of the phone (when I figure out how).
UPDATE: Upon further inspection, it seems the 60-day offer apps WERE tied to the live accounts, but completely disappeared after being pulled from the Marketplace. Something similar happened with Twin Blades (the zombie killer nun game), which I still have installed, but there are no trace of it on my account.
I read about the Twin Blades game and it was pulled out of Marketplace supposedly because it was too violent and Microsoft had a no Mature game policy, that's what I think I read. Mango will supposedly have a rating system and supposedly we will start seeing more mature games.
Although I've read that Twin Blades will be released soon with the blood change to green.
Ye
kapanak said:
This is what I was afraid of. As of now, the free apps that were off Marketplace (not the LG developed ones) are no longer available, possibly new ones are coming.
Two matters to think about:
1- If you reset your phone, there is no way to install the apps again, even if you downloaded it before. This is due to the fact that the xap files are not stored locally on your computer or anywhere when syncing with Zune. iTunes stores an app on the synced computer no matter what, even if the app has been removed from App Store.
Basically, if you have the apps, don't delete them, until someone figures out (or at least shares with us) how to extract xap files.
2- If you have the apps right now on your phone, then the apps are STUCK with their current version, probably forever. For example, if Weave updates their app to version 2.5 or above, you are stuck with 2.3 ANYWAYS. I voiced this concern early on if you look back at the earlier posts in this thread.
So, we should either petition LG to bring back the apps, and disallow new installs, which I believe has more to do with the Marketplace's structure than LG. OR, get Microsoft to tie our apps to the Marketplace equivalents.
Also, Microsoft should adopt Apple's model of backing installed apps through its Zune software.
Click to expand...
Click to collapse
Sent from my GT-S5360T using XDA Free mobile app
Hello,
I am wondering if anyone has any information about the supposed MS update which was to take place on February 7th?
Also, are we going to be notified of this directly by MS through our phone's update feature or Zune? What I mean, is our hacked rom capable of detecting those official updates?
Any information about this will be most welcome.
Thanks guys.
http://www.engadget.com/2011/01/11/wp7-update-with-faster-app-load-times-copy-and-paste-is-real-r/
http://pocketnow.com/windows-phone/microsoft-to-unveil-major-wp7-update-at-2011-mwc
http://www.windows7news.com/2011/02/02/microsoft-details-upcoming-wp7-update/
This would be good to know. Especially if the update includes more than what their website says: http://www.microsoft.com/windowsphone/en-us/features/update-info.aspx
Copy and paste is good (not sure why they missed this from the start being that iPhone got mocked for this so much at their beginning), but I really think they need more in this update.
Does the update have:
- Updated BING to have navigation
- The ability to attach videos to emails/texts (I understand what they are doing here, pushing people to use their "Skydrive")
If it is a "yes" to both of these, I will be jumping back into Windows Phone 7 from Android. The Windows Phone 7 is super slick I think. The number of apps is lacking, but hopefully people will get on board (yahoo fantasy football, espn, etc).
From neowin.net:
Neowin received confirmation from multiple sources, that pins the first Windows Phone 7 update for March 8.
According to the sources - including someone well placed inside a European carrier - the update has been delayed due to last minute changes by Microsoft and/or OEMs. The update must then be tested by carriers for two-three weeks prior to launch.
Updates:
The first update to Windows Phone 7 brings copy & paste, CDMA device support, large performance improvements and better marketplace search. The update, entitled "NoDo" will be the first in a series of updates over the coming months, according to Microsoft. "Mango" is rumored to be next update for Windows Phone 7, which is pinned to bring multi-tasking for third party apps, HTML5 and the IE9 browser engine to the platform.
Supposedly delivered either through Zune or via OTA - but as our ROM has been 'fixed' by the various cooks, i'll probably hold off from either...
The Vulnerability
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
But that's not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:
ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BATTERY_STATS Allows an application to collect battery statistics
DUMP Allows an application to retrieve state dump information from system services.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
READ_LOGS Allows an application to read the low-level system log files.
READ_SYNC_SETTINGS Allows applications to read the sync settings
READ_SYNC_STATS Allows applications to read the sync stats
Theoretically, it may be possible to clone a device using only a small subset of the information leaked here.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door. For a more technical explanation, see the section below.
Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?
Technical Details
In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
In fact, HtcLogger has a whole interface which accepts a variety of commands (such as the handy :help: that shows all available commands). Oh yeah - and no login/password are required to access said interface.
Furthermore, it's worth noting that HtcLogger tries to use root to dump even more data, such as WiMax state, and may attempt to run something called htcserviced - at least this code is present in the source:
/system/xbin/su 0 /data/data/com.htc.loggers/bin/htcserviced
HtcLoggers is only one of the services that is collecting data, and we haven't even gotten to the bottom of what else it can do, let alone what the other services are capable of doing. But hey - I think you'll agree that this is already more than enough.
Patching The Vulnerability
... is not possible without either root or an update from HTC. If you do root, we recommend immediate removal of Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don't download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
Affected Phones
Note: Only stock Sense firmware is affected - if you're running an AOSP-based ROM like CyanogenMod, you are safe.
EVO 4G
EVO 3D
Thunderbolt
EVO Shift 4G? (thanks, pm)
MyTouch 4G Slide? (thanks, Michael)
the upcoming Vigor? (thanks, bjn714)
some Sensations? (thanks, Nick)
View 4G? (thanks, Pat)
the upcoming Kingdom? (thanks, Pat)
most likely others - we haven't verified them yet, but you can help us by downloading the proof of concept above and running the APK
HTC's Response
After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public (as per RF full disclosure Policy). In my experience, lighting fire under someone's ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry. (This is where we come in.)
As far as we know, HTC is now looking into the issue, but no statement has been issued yet.
HTC, you got yourself into this mess, and it's now up to you to climb out of the hole as fast as possible, in your own interest.
The ball is in your court.
Credit
ANDROID POLICE
Huge thank you to Trevor Eckhart who found the vulnerability and Justin Case for working with us today digging deeper.
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
zzm5 said:
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
Click to expand...
Click to collapse
Is your device rooted?
I used root explorer and removed the HtcLoggers.apk and other than the forced close loop that removing it caused (requiring me to remove the battery), after rebooting all seems to be working fine.
EDIT: Actually I didn't just delete HtcLoggers.apk but moved it to a safe location on the SD Card in case there was a problem and it needed to be restored. I highly suggest you do this instead of just deleting it, or better yet, a nandroid backup.
there are a few good ROMS out there that have the ICQ loggers removed already.
Do we really need three threads on the front page about the same thing?
Just came across this on Engadget Mobile, anyone know a way to fix it?
Eight Android phones, including the Motorola Droid X and Samsung Epic 4G, were found to house major permission flaws according to a research team at North Carolina State University. Their study revealed untrusted applications could send SMS messages, record conversations and execute other potentially malicious actions without user consent. Eleven of the thirteen areas analyzed (includes geo-location and access to address books) showed privileges were exposed by pre-loaded applications. Interestingly, Nexus devices were less vulnerable, suggesting that the other phone manufacturers may have failed to properly implement Android's security permissions model. Google and Motorola confirm the present flaws while HTC and Samsung remain silent. Exerting caution when installing applications should keep users on their toes until fixes arrive.
Click to expand...
Click to collapse
http://www.engadget.com/2011/12/02/some-android-phones-fail-to-enforce-permissions-exposed-to-unau/
I was just about to post this. I havent had any problems like that tho, i wonder wat apps are the ones taking advantage.