So, for some time now (basically since I started my current job) I've been aware of a potential security issue on my Priv. It's an AT&T with the most up to date firmware they've pushed, none of the updates have seemed to address it, although I am seeing it less often now.
Everyone's familiar with the Wi-Fi prompts that some businesses, etc use to allow access right? The web-page based ones that hijack your DNS until you log in. My company uses one, and every morning I have to re-authenticate using my company credentials with it.
The bug I have seen is, after hitting the Login button (having left my cursor in the password field), at some point later in the day, I will open Voxer, Messenger, Chrome, etc, and when I go to start typing in a text field, my password I typed earlier is in that text field already. WTF? This has to be one of the most egregious security bugs I've ever seen, the fact that a password I typed is just floating around in memory between apps like that, and it has yet to be completely fixed it seems like. I have implemented a workaround in which I move the cursor to the username field before I hit login, but I don't think this bug is limited to just this one style of prompt either. I still occasionally see my username sitting in a text field of an app I was about to type something in.
Has anyone else seen this behavior or know of a way to correctly address it? Expected better from a device touting its enhanced security.
I actually don't know if this involves the device's 'clipboard' or not, I haven't attempt to see if I can paste the last field I had highlighted manually into another app. But auto-copying a password field to the clipboard seems like a terrible idea if that's the case, and if it's not then how else is data from one app's text field getting floated around the device like that?
Related
Has anybody else found annoying bugs so far? Here's the ones that I've run into:
- Address Book server sync overwrites changes that you've made from the phone (haven't confirmed this one, might be my fault somehow)
- Multimedia volume slider plays your ringtone once you adjust the volume, but plays it at the volume set in the ringtone slider (not the volume that you're actually adjusting)
- Browser bookmarks list has a lot of trouble keeping site icons straight, it just kind of randomly shuffles them around to the wrong site as you load different bookmarks
- AOL Instant Messenger app shows weird behavior, not sure if it's a bug but it is definitely difficult to use in its current state. Locking the phone prevents messages from showing up, then on unlock they stream in all at once, and if you go too long without checking in on it the program will be terminated but your screen name will not be signed out of AOL's server
- There doesn't appear to be any way to set a vibration for notifications like Text Messages or IMs
- Some apps (MySpace Mobile, specifically) do not account for their process being interrupted when the screen rotates and the current action will be cancelled or the program will freeze.
Overall great phone, I'm really extremely impressed with it as a whole so far. I'm amazed at how fast my internet connection is on EDGE, my old Dash was technically on the exact same connection but took 5 or 10 times longer to load a full web page. Even without 3G the web browsing experience is comparable to using my desktop at home.
chefgon said:
- There doesn't appear to be any way to set a vibration for notifications like Text Messages or IMs
Click to expand...
Click to collapse
ya there is. for example, go to the main Messaging page where it shows all of your threads. Click on Menu > Settings > Vibrate (put a check mark)
same thing with IMs or EMail
snofrandy said:
ya there is. for example, go to the main Messaging page where it shows all of your threads. Click on Menu > Settings > Vibrate (put a check mark)
same thing with IMs or EMail
Click to expand...
Click to collapse
Awesome, thank you! Weird that the option isn't available in the same place as setting the vibration function for the phone. Has anybody found solutions to any of these other problems?
Thanks
That fixed it for me. Thanks..its so Funny because Ive been messing around with my phone for 2 days and Just found this answer...Thanks
Android will get it wrong sometimes on sms threads when the sender is not in your contacts.
I noticed yesterday I received an sms from [email protected] and deleted it. Later an sms from +1913XXXXXXX. When I pulled up the my sms folders later, the newer, undeleted sms from the 913 number said it was from @domain.com.
(and the two are in no way related.) I did a reboot and it still displayed the same.
chefgon said:
Has anybody else found annoying bugs so far?
Click to expand...
Click to collapse
When I plug my G1 into my iMac the computer freezes and I need to do a hard restart. Is anyone else having this issue? My updates are current on my iMac and all of my other phones work without any problems.
when i play music and i turn of the screen, there is a jump every 15 seconds
here's an email bug...
Go to craigslist.org. I wanted to ask a seller a question. When I email from there, it gives me 2 options, to use my pop 3 email account or gmail. If I use gmail, it takes off the craigslist.org extension and replaces it with gmail.com. If i choose to send with my pop 3, it just opens a blank email without the email address. I try to copy and paste the address into the sending field, but it won't let me. I use craigslist a lot, so this is a bit of a pain...
Otherwise, lovin the G1
scottslc said:
Go to craigslist.org. I wanted to ask a seller a question. When I email from there, it gives me 2 options, to use my pop 3 email account or gmail. If I use gmail, it takes off the craigslist.org extension and replaces it with gmail.com. If i choose to send with my pop 3, it just opens a blank email without the email address. I try to copy and paste the address into the sending field, but it won't let me. I use craigslist a lot, so this is a bit of a pain...
Otherwise, lovin the G1
Click to expand...
Click to collapse
When it switches you over to gmail. Is the body filled out or the sender in the field?
no, just replaces the extention
Give it a try see what you find. www.craigslist.org
Actually i did try it and it worked for me.
But, i used the mobile version of Craigslist.
Mobile version of Craigs
This is the second time I've had this issue so i thought i'd post it.
Basically what happened was my phone was in my pocket and it locked itself out. I had pattern lock enabled so i was getting "Too many pattern attempts. please login" No matter how i put my information in username (by itself), [email protected], [email protected] it wouldn't authenticate me. The first time it happened to me i posted the following thread:
http://forum.xda-developers.com/showthread.php?t=485903
No matter what i did i was not able to get in so i just reflashed the phone. After a reflash the authentication worked fine. At that time I was using one of JFs ROMS so i figured that may have been the issue. Recently the problem happened again. This time i was using one of Cyanogens ROMS. This time instead of flashing the phone i followed haykuro's thread to defeat pattern lock:
http://forum.xda-developers.com/showthread.php?t=485988
once i did those adb commands and rebooted the phone it asked to authenticate again but this time it worked! After it authenticates it will ask you for a new unlock pattern. And you're all set! hopefully it works for you. This is a really annoying problem and im surprised more people aren't having it.
Figured it out without hard reset!!! htc hero " too many pattern attempts"
I figured out a way to get past the screen lock "too many attempts" problem without doing a hard reset on my phone.
I called my Phone (from my Skype account so I could get to the notifications pull down. (couldn't get to home screen or setting from the call) But, I could pull down my notifications. I had a "new email" notification so I clicked on it so that my gmail would open. I then opened an email that had a URL link in it and I clicked on the link. This then opened my browser, which tried to open the link but, it couldn't because, I was still on my Skype call. This prompted the browser to give me an error message that had a Settings button. I clicked on the settings button and was able to turn on my wi-fi and connect to my home network ( I couldn't get to any other settings). At this point I pulled down my notifications again and clicked on the sign in failure notification and this time my phone was able to authenticate my gmail password, through the wi-fi connection.
FYI, I had to go to gmail and change my password as I'd forgotten it. If you don't remember your password you'll have to go through the gmail, I forgot my password/reset process.
If you have email notifications turned off, I think you can send a URL link through with a text message but, I've never done that. Maybe someone else can chime in on how to do that. It's probably pretty simple.
Lemme know if this works for you.
cjayl said:
I figured out a way to get past the screen lock "too many attempts" problem without doing a hard reset on my phone.
I called my Phone (from my Skype account so I could get to the notifications pull down. (couldn't get to home screen or setting from the call) But, I could pull down my notifications. I had a "new email" notification so I clicked on it so that my gmail would open. I then opened an email that had a URL link in it and I clicked on the link. This then opened my browser, which tried to open the link but, it couldn't because, I was still on my Skype call. This prompted the browser to give me an error message that had a Settings button. I clicked on the settings button and was able to turn on my wi-fi and connect to my home network ( I couldn't get to any other settings). At this point I pulled down my notifications again and clicked on the sign in failure notification and this time my phone was able to authenticate my gmail password, through the wi-fi connection.
FYI, I had to go to gmail and change my password as I'd forgotten it. If you don't remember your password you'll have to go through the gmail, I forgot my password/reset process.
If you have email notifications turned off, I think you can send a URL link through with a text message but, I've never done that. Maybe someone else can chime in on how to do that. It's probably pretty simple.
Lemme know if this works for you.
Click to expand...
Click to collapse
Sounds like one hell of a flaw in the security to me. I actually hope that this gets fixed sometime in the near future.
I had this problem on a HTC Hero I could not run sqlite3 ont he command line for permissions so the second thread did not work for me. But did not want to flash my phone, this is how I solved it.
Take out the battery, OFF button does not work.
Take out the SD card.
Plugin the USB cable to the phone and turn the phone back on.
Download the Android SDK
untar to a new directory
run
./tools/adb -d shell
To get a shell open, you do not need to be root.
You should get a $ prompt, indicating you are not root
Make a call from another phone to the blocked phone and answer the call.
Then run the following command.
$ am start -a android.settings.SETTINGS -n com.android.settings/com.android.settings.Settings
This will bring the Settings window to the front so you can then disable the screen lock, thus proving that the screen lock facility not a security feature.
Screen lock is still useful so you don't make unintentional phone calls.
easier method
You can also enter your username, and in the password field just enter the string "null"
1. ok so sometimes I have to jerk/nudge my phone to get the accelerometer to work...
2. When I create a new text through text msg interface and type in the contacts name in the name field it only seems to read and recognize half of my contacts... so i have to exit out, go to contacts, select the contact and text that way...
3. If i haven't used my phone for a while, say in the morning when i wake up the touch screen seems act funny and is not very accurate... to say the least!
4. When replying to text sometimes i have to click the text entry field numerous times before the keypad will launch, both in landscape and portrait...
and damn this phone needs multi touch! ; )
any feedback would be great, thanks!
well i have only had my phone for about a week now and haven't seen any of these problems at all. I use Chompsms so not sure about the default program for text. The touch pad works pretty well for me. I don't really have any problems with it. I use Dolphin for internet which has multi touch so I don't really care if it gets added to the default browser or not. All in all the only problems i seem to have is with the USB for the PC. Connection speeds are really really slow. Don't get anything over like 600k transfer rate. Where as if i plug the SD card into my PC its self i get over 8mb asec.
1. Haven't noticed this issue, unable to comment.
2. sounds like a possible problem with how your contacts are named, or possible where they're sourced from (multiple places, google/facebook/sim/microsd). Unify your source and/or try cleaning the names.
3./4. Known issue, try rebooting your phone, there's a problem that crops up over time. Also, ensure you don't have the edges of your hand/finger near the edge of the screen, its super sensitive. This includes the meaty part of your palm as you reach over with your thumb.
thanks for the replies,
@bofslime
I'm always trying to watch where my other hand is, no MT ; ( This problem is only in the text msg screen I have to click the field a bunch in different spots until it finally selects it... doesn't happen all the time but enough to bugg me!
Also How do I merge/unify I got my contacts on my phone via vcard from my apple address book then loaded into gmail and from there added to the phone... I do have contacts on my sim, at first i uploaded them but it was missing so many i deleted them off the phone then gmail synced it... follow?
thanks!
The reason why you have to go to contacts to text some people is because you don't have the number stored as a mobile phone number. It is probably list as other or home. Just edit it to mobile and it should fix it.
Has anyone cracked the code on when Google chat on the phone ignores desktop chat and when it doesn't? I have seen that sometimes when I chat with my friends on my desktop, sometimes my phone beeps for every line entered by the other party and sometimes it doesn't. I think in a perfect world, the phone should beep for the "first" line of text, and if I answer on the desktop, it should ignore the rest (but still record them for posterity). And if I answer on the phone, perhaps it should just haptic vibrate for each line of text received after the "first". I say "first" in quotes because I imagine that would be difficult to manage pragmatically. When is it the first chat of a new "session", and when is it just a delay in between chat lines of the same session? Maybe a customizable interval, like say five minutes. If no text is received within five minutes then it is a new session, so beep on the first line?
Lat night I was chatting with a friend (I was on the desktop) and every time he sent something, my phone would beep. Not the best solution in my opinion.
From what I can tell, your phone will receive the message when you do not have the gchat window active on your desktop.
If you click in on the area like you were going to type a message and leave your cursor there, when your friends send messages they don't seem to get sent to the phone. On the other hand, even if you have gchat open on your desktop and you say use a different program or are on a different tab in your browser, then your phone will receive the messages.
At least this is my experience. I think this is the correct behavior as you don't need to get messages in two places when you are actively chatting.
From my experience I use Gchat on my pc everyday when i am at work and I have my phone on my desk near by. When a friend of mine messages me it hits both for the first message, but if i answer on my desktop, it does not hit my phone ever until I sign off of gchat on my pc. Even if it is not focused on the gchat window. I am however using Trillian for my gchat, not sure what you all are using.
DLarva said:
From what I can tell, your phone will receive the message when you do not have the gchat window active on your desktop.
If you click in on the area like you were going to type a message and leave your cursor there, when your friends send messages they don't seem to get sent to the phone. On the other hand, even if you have gchat open on your desktop and you say use a different program or are on a different tab in your browser, then your phone will receive the messages.
At least this is my experience. I think this is the correct behavior as you don't need to get messages in two places when you are actively chatting.
Click to expand...
Click to collapse
This is what happens for me as well. Messages go to my phone on the first IM or if I don't have that window active on my desktop.
I am using the built-into-gmail-dot-com google chat. This has definitely happened to me several times before. Last night it happened again. The entire conversation I had with my friend, every time I received a message on my desktop, my phone also beeped. Other times it worked like it was supposed to (beeped the first time and that was it.)
I will see if I can get my wife to help me troubleshoot tonight.
perhaps a topic for a different thread...
I found the chat behavior to be exactly the way DLarva stated:
DLarva said:
From what I can tell, your phone will receive the message when you do not have the gchat window active on your desktop....
Click to expand...
Click to collapse
My question (perhaps a dumb one ) is how/where to turn off the notification that you got a chat all together?
I don't want any notification of a chat receipt while I am on the phone.
Any help?
Maybe:
Try (within setting of google talk) turn off notification bar, no vibrate, and set ringtone to silent.
That might approximate no notification.
etaChase said:
I found the chat behavior to be exactly the way DLarva stated:
My question (perhaps a dumb one ) is how/where to turn off the notification that you got a chat all together?
I don't want any notification of a chat receipt while I am on the phone.
Any help?
Click to expand...
Click to collapse
thanks for that - have tried to "approximate" no notification, and that's all well and good. . . but not the same as turning it off.
I have looked around in my mobile settings in the google account but can't find it (thought it might be similar to turning on/off notification of appointments in the calendar)...
might just be missing it, but this seems like fairly simple feature. I am nearing feeling ready to root my phone and thought maybe this would be a feature that was only available after doing that. It would have been the final encouragement I need to take that (admittedly not very big) plunge!
I have a rooted Nexus One (CM6 with KOR) and that is as close as I can get to turning them off (that I can find anyway).
This was happening to me, too (when I used Gtalk on the PC, the phone sitting on my desk would sound the alert, with every chat message I rec'd) -- so I just manually signed out of Gtalk on the phone, and it stopped happening. I mostly use Gtalk on desktop anyway. (Though when I check "running processes" on the Vibrant, I see Gtalk always seems to be running -- must start up automatically -- even though I'm signed out...)
exactly Pevvy -
but signing out of Gmail kinda defeats the purpose of having the phone constantly synched. Guess the same argument could be made as to why you want chats saved/synched... anyhoo - I just don't want chat on my vibrant, period. I don't want them saved (so transcription is turned off in gChat on the desktop) and I would never chat from the phone. OK, never say never, but I would rather have to enable that, rather than always having it running using resources.
When I root that would a fun thing to explore to see if it can be deactivated through some custom start-up (so it doesn't show as a running service - I see the same thing) and only starts if I manually start it.
That said, if it is server side associated with the google account (its a hosted domain and that may further change things...) it may not be able to adjust even with root. Interest how this shows the blending/blurring between the net and the synch to the phone - and should data and synch be more push or pull.
Oh, I didn't sign out of Gmail on my phone -- just Gtalk (the chat service)... seems it was keeping me signed in automatically before, and I had to go into the app, and manually sign out.
Someone please help! Having read the very little amount of content I can find so far, I am extremely concerned that somehow some or all of my text messages are being relayed to an email account via the Service (SmsRelayService) that is running under the app Exchange Services.
I don't seem to be able to find anything conclusive, but what I have found is that it is likely to be relaying text messages to an Exchange Account?
I can stop the Service and it stays 'stopped' until a text message is received and it starts running again.
Now have a Note 4, having upgraded because my last handset appeared to have been tampered with and was also behaving in this manner, as well as my Google Location History recording me in places that I never was. On that handset there were even more questionable apps running, one of which appeared to be some form of spyware when searched in Google!
Is there any way that you can dig deep into the operating system of the device and see what is going on?
Is there any way of identifying is my suspicions and those of others that I have seen post similar stories are correct?
One of the reasons I started to question it initially and then look into it was because I was receiving overly descriptive and some unnecessary text messages from someone and at the same time, another device nearby was demonstrating email notification sounds!
Not only that, but certain things that I had not discussed with certain people, but had discussed over text with others (in no way related or connected) were being brought up!
Help please.... is SmsRelayService under the app Exchange Services something to be worried about?????
I was also shocked by the lack of information on this "SmsRelayService" There are tunz of questions out there about it.
After much research and messing with my phone I feel the service is stock BUT can be hijacked by some unknown application to send all texts to a 3rd party. My x was getting my text messages somehow. In her email account i found she had set up a service on her own phone first to test and she would receive every text on the phone and also location. I assume she set it up on her own phone first to figure it out then she put it on my phone. I have a rooted phone with a custom rom. strangely the SmsRelayService had permission for EVERYTHING on my phone. From sms to photos and every single admin right possible. I doubt this is normal for that service. my custom Rom has a "App ops" menu that shows what the service has used or not. In my case it looks like she was only accessing my sms messages. Killing the service did not help as when a new text came in it started back up and accessed the new messages. Once i removed all the permissions for "SmsRelayService" in the "App ops" menu i no longer had the problem of the service accessing the texts. Without this menu option i don’t know how i would have stopped it. I'd assume there is an app or process killer out there that would have been able to shut it down but it'd take someone else with a normal rom to let us know.
in my case I’m lucky it was only sms's. It looks as though whatever she put on my phone was only getting sms's. the app having access to all rights on the phone a better or more in depth spy app/program could have accessed much more. Only spying my sms activity i did not notice ANY extra battery drain. Also this app is known with Microsoft exchange and that messes up a lot of the research. I have never setup any other account but a gmail account so without a link there i don’t know why else it'd been activated in the first place if not for a spy app. I'll try and post back in a few weeks after i'v been able to see if she suddenly doesn’t have information that she shouldn’t know.