Phandroid » Developers Android Phone News, Rumors, Reviews, Apps, Forums & More! Tue, 28 Jul 2015 21:26:05 +0000 en-US hourly 1 Major Android vulnerability lets hackers take control of your phone with Just 1 MMS message Mon, 27 Jul 2015 17:57:34 +0000 malware

Talk about scary. A security researcher at Zimpirium has uncovered a major vulnerability in Android that would allow a no-gooder to take control of your phone by simply sending you an MMS video message.

For apps such as Hangouts, the vulnerability completely bypasses the need for user input because Hangouts automatically “opens” your video when it comes in to buffer it up for fast playback, meaning you won’t even need to so much as click a link or press play for your phone to be exposed.

Other messaging apps which don’t touch the video until you press play might be at less of a risk, but it’s still something to be wary about. It’s also worth noting the vulnerability affects a long line of Android versions, from 2.2 Froyo all the way up to the current Android 5.1 Lollipop.

So what could a hacker do if they happen to be able to use this exploit? One could go as far as taking complete control of your phone, installing spyware or malware, and removing any evidence that they were up to no good.

That’s the bad news. The good news — if you can believe there is such a thing in this story — is as follows:

  • The researcher has notified Google and even supplied a patch as early as April and May.
  • Said patch has been accepted by Google, and has already been sent to OEMs for their next critical security patches.
  • There doesn’t appear to be any known malware out there using the vulnerability, and unless a blackhat hacker happens to figure the vulnerability out it will probably never surface.

nexus google stock

Google’s official response also seems to suggest that the patch can be applied to “any” phone:

The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.

And that’s that. So what next? We’re going to need updates, and those will have to come from the OEMs and carriers responsible for the phones out in the world right now.

You’d think they’d want to make sure their customers have the most secure devices possible, but the sad reality is that there is little incentive for OEMs and carriers to keep older devices updated with the latest security patches, and Google actually can’t do much about that if the WebView vulnerability debacle is anything to go by. There’s a chance your phone could miss an update if your OEM has retired it from their list of supported devices, and that’s a real shame because this has the potential to be very dangerous.

Unfortunately that’s all the detail we’re going to get in the here and now, though the exploit is set to be discussed at a major security conference taking place next month, and we’ll be sure to bring you all the latest that comes out of it.

[via NPR]

[Update]: Cyanogen, Inc. has already chimed in to let us know that fixes for Stagefright have been in nightly builds of CyanogenMod 12 and 12.1 for as many as two weeks now, with CyanogenMod 11 “out of band” (weekly) releases getting it as soon as this weekend.

]]> 0
Google acquires mobile app prototyping software Pixate and makes it free for all to use Wed, 22 Jul 2015 17:19:54 +0000 pixate header

Google is always looking for ways to improve the app development experience for developers, and their latest move continues that trend. Google has officially acquired Pixate, a kit of software that lets developers prototype new mobile apps. Oh, and they’ve already executed their first bit of business: it’s now free for all to use.

To be clear, Pixate doesn’t let you build a full app for deployment on an Android phone, but it’ll give you an “easel,” of sorts, to help you visualize your app ahead of its actual development. You build out your UI, and you can run through it as you would an actual app on an emulator or an Android phone. Of course, very little will be functional as the code needed to make your app work the way you want to still has to be written.

The video above gives us a quick run through of a typical Pixate project. It’s almost like building legos or putting together a puzzle, with the initial stages of prototyping being a simple series of drag-and-drop gestures. Pixate has also been used to prototype apps for several popular companies, including Lyft:

Tools like these are invaluable for developers who rely on structured visual flow to help shape their development plans. While the software becomes free, Pixate will still charge a minimum of $5 per month for their cloud service which let you and your coworkers or friends collaborate on projects effortlessly.

Pixate says they have big plans for the future, and their new home under Google’s banner will ensure all those plans can be brought straight to your desktop. You can check it out for yourself right here if you weren’t already a customer.

[via Pixate]

]]> 0
Twitter admits their draconian developer policy was a mistake; is it too late to fix? Wed, 15 Jul 2015 16:05:13 +0000 Twitter_Fail_Whale

No one was in hotter water with developers than Twitter was a couple of years ago. If you don’t remember, the company introduced a wave of changes to their developer policy that basically destroyed the hopes and dreams of many third party Twitter client developers.

One of those policy changes introduced polling tokens that only allowed certain bits of information (and a certain amount of said information) to be accessed through official APIs.

The company took things a step further by introducing another type of token — authorization tokens — that limited how many users could use third party apps. That limit was set to a ridiculously low 100,000 tokens per app, which meant many popular Twitter apps become crippled in a very short amount of time. The move was likely made to funnel as many users as they could to the official Twitter app where the company has the most control over new features, updates and — most importantly — delivering ads.

Twitter Announces Plan To Float On Stock Market

And now Twitter admits all of that was a mistake. Co-founder and current board member Evan Williams says now that the company is starting to get a feel for what they really are — which is a real-time news platform — they’re starting to realize that they have an actual platform on their hands.

“One of our strategic errors we had to wind down over time,” Evans said about the anti-developer changes in a recent sit-down. “It wasn’t a win/win for developers, users and the company.”

What’s a platform without developers? That’s the question Twitter has to answer now, and they seem to have realized that a platform without developers isn’t a platform at all. Williams says his company has come down on some of those stringent policy changes over the years, and it’s true — it’s been a long time since they’ve made developer-stifling moves.

But you have to wonder whether it’s too late for the company to win back the trust and support of third-party independent developers. It would take a huge swing in policy that would look to give developers the freedom and access they need to create great third-party Twitter experiences, and there would have to be reassurances that something like this won’t happen again. It isn’t easy or cheap to create apps, and developers have to know that they won’t have the rug pulled from beneath them one random day.

Twitter’s ongoing search for a new CEO means there are still a lot of changes to come, and we can only hope the new CEO will approach their position with a level-headed approach that doesn’t alienate the lifeblood (that lifeblood being independent developers) of modern software development.

[via Business Insider]

]]> 0
New Google Fit partners bring support to more wearables, allow developers to pull even more data via SDK Tue, 30 Jun 2015 21:06:18 +0000 Google Fit new partners

Back in May, Google announced an update to Google Fit that allowed users to track their fitness goals and history, even adding a handy Android Wear watch face to help users stay on top of things. Today, Google Fit Lead Product Manager Angana Ghosh announced a handful of new Fit partners not only adding Fit support to their wearables, but bringing additional data to the SDK.

Endomondo, Garmin, the Daily Burn, the Basis Peak, and the Xiaomi miBand are Fit’s latest partners. With new Fit support, users can now store workout sessions and activity data when using those wearables on their Android device. Others include LifeSum, Lose It!, and MyFitnessPal who bring nutrition data like calories consumed, protein, carbs, fats (even vitamins and minerals) for developers to tap into using the History API in the Fit SDK. A new sleep activity is also headed to the Fit SDK thanks to Basis Peak and Sleep Android.

Google Fit Runkeeper meal data

Again, all this data is now accessible to any developer to incorporate into their own apps. For instance, based on meals written to Google Fit by other apps, Runkeeper can now display a Google Now card reminding users to “work off” meals they’ve just eaten. It’s like one big happy family of fitness services and data working together to help keep you in shape.

For those that like beta testing new software, Google mentions that Instaweather has recently integrated Google Fit into a new Android Wear watch face currently in beta. You can try it out by joining the Google+ community here and following the links therein to download the beta version of the app.

For more info on integrating the Google Fit SDK into your own app, check out the developer page here.

[Google Developers]


]]> 0
Amazon Echo’s Alexa becomes an open platform to add a digital assistant to any smart item Thu, 25 Jun 2015 15:56:03 +0000 Amazon_Echo_Review

It looks like Amazon had bigger plans for Alexa than we thought. The digital voice assistant — which is the star of the show for the Amazon Echo that recently went up for pre-sale — is becoming an open platform which developers can use to add voice assistant features to their products.

They’ll do so through the use of the Alexa Skill Kit and the Alexa Voice Service, a collection of APIs and services that’ll allow you to implement Alexa in your products with ease. The Skill Kit is what will allow developers to support Alexa as if their app is one of Amazon’s own, while the Voice Service is what device makers use to implement Alexa in internet-connected hardware.

To kick things off and spur development, Amazon is also putting up a cool $100 million — called the Alexa Fund — to promote development of Alexa apps, devices and give startups the tools they need to be successful with it.

Amazon’s hope is that the end-result will be a wide range of Alexa-capable products that can make your smart home smarter than it already is, and without the need to buy their homegrown unit to do it.

Exciting times ahead indeed, and we can’t wait to see what comes of it. You can take a look at our Amazon Echo review to learn more about Alexa and how it can help you stay on task and up to date on everything in life.

]]> 0
Google Play Developer policies updated Wed, 24 Jun 2015 20:01:43 +0000 Google Play Store

Google is sending out a notice to Google Play Developers about some changes they’ve made to their policies. The newly updated Developer Program Policy page adds revisions like a new sensitive events policy for natural disasters and/or global conflicts. Everything else is more or less changes to the language used for current policies. It’s pretty cut and dry, but here’s the full list of changes outlined in their email:

  • A new sensitive events policy addresses sensitivities around tragic events, such as natural disasters or global conflicts.
  • To protect users from harm, we’ve introduced new deceptive behavior language to more clearly define expectations for app functionality.
  • We’ve clarified language in the payment policy section for consistency and added links to a supplemental help center article for additional developer support.
  • To ensure a secure and consistent customer support experience for our users, we’ve introduced a provision which governs the transfer of in-app virtual currencies purchased in an app.
  • We’ve specified that apps should not harm, interfere with, or improperly access Application Programming Interfaces (APIs).

Developers who publish an application or game after today will be subject to the new changes, while those who’ve already submitted content to Google Play will have 30 calendar days to comply or risk their app being removed from the Play Store. Google is also asking developers to provide feedback on their terms and polices in a brief survey here.

[Google Play Developer Program Policies]

]]> 0
Google will pay up to $30,000 to anyone who can help squash Android vulnerabilities Tue, 16 Jun 2015 13:50:37 +0000 androidmalwareBAD

Security is an important talking point for mobile operating systems in 2015, but you have to do more than just talk. Google is already pretty stout when it comes to security, but the company knows it’s impossible to catch every vulnerability alone.

That’s why they’re extending their Security Rewards program to Android. The premise is simple: you help Google find a bug, they’ll pay you. The more you help and the more severe the bug, the more you get.

Simply disclosing a bug or vulnerability can net you anywhere between $500 and $2,000, while providing test cases and fixes can get upwards of $10,000. And if you can demonstrate a high severity hole that is vulnerable to attacks by any third party application installed on the device, Google will go as high as $20,000 to $30,000.

There are a couple of caveats to note. For starters, rewards are only eligible for vulnerabilities that affect AOSP, OEM and kernel code in the Nexus 9 and Nexus 6. Google will also make exceptions for chipset code if the vulnerability affects Android. There are also some rules to adhere to:

  • Only the first report of a specific vulnerability will be rewarded.
  • Bugs initially disclosed publicly, or to a third-party for purposes other than fixing the bug, will typically not qualify for a reward.

And some cases that won’t qualify as a valid vulnerability:

  • Issues that require complex user interaction. For example, if the vulnerability requires installing an app and then waiting for a user to make an unlikely configuration change.
  • Phishing attacks that involve tricking the user into entering credentials.
  • Tap-jacking and UI-redressing attacks that involve tricking the user into tapping a UI element.
  • Issues that only affect userdebug builds or require debugging access (ADB) to the device.
  • Bugs that simply cause an app to crash.

You can read more details over at the site’s FAQ right here. If you’re a developer or security researcher with a knack for finding and squashing these kinds of bugs and vulnerabilities then be sure to make yourself knowledgeable on everything about the program, and fingers crossed that you can help shore up Android security while making some nice cash in the process.

[via Google]

]]> 0
Google Play developer pages are now live on desktop and mobile, check ours out! Wed, 10 Jun 2015 17:07:36 +0000 neverstill google play page

Google announced at this past Google IO that developers would be able to make neat landing pages to show off their apps and brands. Those pages now seem to be live for developers to start customizing and giving their wares a much prettier home than a boring list of apps.

For developers, getting started is almost as easy as Tweeting. You’ll start by heading to the Developer Pages section in Google Play’s developer console settings. From here, you’ll need a few things:

  • Promotional text: Add up to 140 characters that describe your brand. You can add translations of your promotional text by clicking Add translations near the top of the screen. Once you’ve added translations, you can click Manage translations to add other translations.
  • Developer icon: 512 x 512, 32-bit PNG
  • Header image: 4096 x 2304, JPG or 24-bit PNG (no alpha)

You also have the option of setting a primary app to highlight, as well as a URL to link to your brand’s website. You can see ours in action by heading right here, if you’re curious. (Psst: you should definitely download that Phandroid app.) Other developers will want to get their pages in order as soon as possible to maximize visibility in Google Play.

]]> 0
You will soon be able to officially unlock your LG G4’s bootloader Thu, 04 Jun 2015 15:44:05 +0000 LG_G4_18

LG has been one of the odd souls out of the “let’s give depeer access to developers” party, but that looks to be changing soon. The company’s developer website has been updated with instructions for officially unlocking the LG G4’s bootloader.

There’s a catch here, naturally. It’s only possible to do this for one model of the LG G4, which is the European H815 variant. LG’s site says select “devices” will gain that ability eventually so you can bet there will be more.

We’re not sure if this courtesy will ever be extended to the likes of the LG G2, LG G3 or any of LG’s other models, but we’ll be looking to find out. In the meantime, if you’re the lucky owner of the necessary variant and have been waiting for an official bootloader unlock then LG has everything you need right here (note that it’s liable to void your warranty and that it’s a process which can’t be undone).

]]> 0
Android M introduces black status icons for light colored themes Tue, 02 Jun 2015 13:46:21 +0000 windowlightstatusbar

Android M will have a lot of cool new features, but one of the smaller ones Google didn’t mention was for app developers. Roman Nurik has revealed a new windowLightStatusBar flag that will tell the system to make icons and text in the status bar a translucent black color instead of the usual white.

This flag will be useful for apps which use light-colored tint for their status bar where white icons might be hard to read. It’s small, but developers who remain mindful of these small details tend to earn loyal userbases, so be sure to use it if your app needs it!

[via Google+]

]]> 0
Up close with Google and Qualcomm’s new Project Tango smartphone platform [VIDEO] Sat, 30 May 2015 00:05:17 +0000 project-tango-qualcomm-phone-back

Out of all the Google projects, Project Tango is probably the one that gets the least amount of attention around the blogosphere. That probably has something to do with the fact that it’s so developer focused and its real world applications aren’t so easily visualized when it comes to consumer devices.

What is Project Tango, you ask? Well, according to Larry Yang, Project Tango’s lead product manager, it’s as a computer vision-based platform that gives mobile devices the ability to, not only sense their location within a space, but identify objects around them as well. This gives devices the ability to navigate around indoors purely by sight. No WiFi, GPS, or Bluetooth beacons necessary.


During this year’s Google I/O, Google announced a new smartphone reference platform for Project Tango. The device is powered by a Qualcomm Snapdragon 810 and equipped with a 3D depth sensing camera. It’s not for the everyday man, but meant to give developers the tools they need to start building exciting new applications and products.


While real-world use cases can be anything from furniture modeling to extremely accurate and advanced augmented reality. But probably the most interesting application is in gaming, where all these things come into play. In fact, Yang showed us toy gun built by Hasbro that tracks the players location and movement, mirroring that in the virtual world.


Google says they’ve sold around 3,000 units of their NVIDIA powered tablet which recently went on sale in the Google Store earlier this week for $512. With the lower price tag, removal of the invitation restrictions, and the new smartphone platform launching this summer, we should see more developer interest in Project Tango. We’re definitely curious to see where Tango ends up in the future.


]]> 0
If you hate passwords as much as we do, you’ll love Google ATAP’s latest projects Fri, 29 May 2015 17:30:27 +0000 project-abacus-you-are-your-password-phandroid

It’s another wonderful day of Google I/O and the developer conference is proving that there’s still more interesting developments outside of Android M. During a Google ATAP session, Regina Duggan took the stage to talk about what the special projects unit as been working on.

Project Abacus

One of the more interesting projects is something called Project Abacus. They’ve actually been conducting user trials and gathering data since last year. Everyone knows passwords suck (Duggan actually said this on stage) and Project Abacus looks to eliminate the hassle of typing out or remembering long passwords because simply put: humans aren’t good at this.

Because your smartphone knows more about you than you think, Project Abacus combines a variety of sensor data — how you walk, location patterns, how you talk, how you type — to verify that you are you. In other words, your device is the key to your authentication and it doesn’t even need fingerprint scanning hardware to pull it off.


Project Abacus works passively in the background to continually authenticate you before a website or app or anything else asks you for your password. Based on a trust score, it can verify your identity and you’ll be logged in without having to type a single thing. Higher trust scores could be required from something like a banking app, while low ones for something like logging into a game. Should your device fall into the wrong hands, the trust score will drop and the user will be asked to input a password like the olden days.

Of course, the question on everyone’s mind is how secure Abacus is when compared to other methods of authentication. ATAP says that by combining all this sensor data, Abacus is more than 10 times more secure than traditional methods. We’ve seen enough movies to know that anyone can pop out your eyeball or cut off your fingers — wouldn’t it be great if you phone knew you were you?

Project Vault


Another interesting project to come out of Google ATAP’s session is something they’re calling Project Vault. ATAP says Vault is tiny, security dedicated computer squeezed into a micro SD card. It uses a suite of encryption primitives to act as a digital mobile safe for your most sensitive data, anything from chat conversations to files and everything in between.

Using a driver-free interface, Project Vault partitions a portion of an SD card to store data and works out of the box on a variety of platforms outside of Android (like full fledged Windows PCs). ATAP says that Vault more or less aimed at the enterprise market for now and like most things to come out of Google I/O, still in its early stages but will soon have an open source SDK for developers.

]]> 0
Google Play’s upcoming Family section makes finding kid-friendly content easier than ever Thu, 28 May 2015 19:30:27 +0000 google-play-family-home-brand-partners

We’ve had more than a few clues that Google was fixin’ to announce a new kid-friendly section of the Google Play Store. They’ve definitely been focusing on family oriented apps with the recent launch of YouTube kids and their acquisition of Launchpad Toys, a studio responsible for popular apps for kids on iOS.

The biggest clue came last week when we discovered Google’s “Designed for Families” program, a special program for developers that allows them to submit their apps for additional review so that they’ll be labeled as family-friendly in the Play Store.

According to Google, more than 1/3 of Android users in the US are parents with a kids under the age of 12. It’s because of this, Google finally took the wraps off their latest project aimed at families, a new family home section coming soon to the Google Play Store.

Google Play Family Star

The new page offers a handful of tools parents can use to help discover family-friendly content for their kids. First up is the “Family star,” Google’s little green star icon that highlights family-friendly apps, games, movies, and books in the Play Store. The family home section also allows parents to search for content based on their age group, showing only filtered family-friendly results.

Google Play app listing

Because generally kids like looking for content based on their favorite characters or shows, they can now browser for content based on characters like Dora the Explorer, or My Little Pony. Apps and games features in family home (which undergo a manual review process) all feature objective 3rd party content ratings (like ESRB ratings) and are labeled when they’re ad-supported.

Google says that with a new set of parental controls stronger password protection for in-app purchases, Android is more fantastic than ever for families looking to keep a watchful eye over their kids digital playtime.

]]> 0
Developers will be able to make their own pages in Google Play Thu, 28 May 2015 18:43:58 +0000 Google Play Store wm watermark

Google has announced developer pages for Google Play. What this allows developers to do is create their own section in Google Play to show off all their Android apps.

It’s already possible to view a developer’s list of apps by clicking a their name when viewing their app listing in Google Play, but developer pages will let developers highlight their best and most recent apps, as well as provide more detail to the user about the company or individual behind them. It’s a great way for fans to find and keep track of their favorite developers’ apps.

Also coming to Google Play for developers is the ability to A/B test your app listings. What this means is you’ll be able to experiment with different sets of graphics, app descriptions, screenshots and titles for your Google Play listing.

You can have both listings exist simultaneously, with users seeing one or the other at random. This’ll allow you find out which listing style performs best for driving downloads, a great tool for developers who want to make sure they’re doing everything they can to maximize their chances for success. It shan’t be long before you developer types are able to get your feet wet with all this stuff in the developer console, and we’re be sure to update you once those options become available.

]]> 0
Google introduces cross-platform URLs for deep linking inside of apps Thu, 28 May 2015 00:05:57 +0000 deep link URL

Google is supercharging their short URLs with the ability to deep link into apps. Developers that have taken advantage of Google’s new App Indexing — available on both Android and iOS — can create URLs that take users to specific places inside their app, or by default, their website.

For instance, clicking on one of these new URLs will auto-detect the specific platform (either Android or iOS) and whether or not they have a specific app installed. If the app is installed, the app will open directly to the content. If the app isn’t installed, the user will simply be directed to the website. Simple.

Google says the new feature actually works retroactively, so any old URLs will still work by linking users to an app. To get started, developers will need to integrate Google’s new URL Shortener API into their app’s share flow. Here’s are the steps needed to set everything up.

Set up app deep linking on

  1. Complete the necessary steps to participate in App Indexing for Android and iOS at Note that deep links are open to all iOS developers, unlike deep links from Search currently. After this step, existing short links will start deep linking to your app.
  2. Optionally integrate the URL Shortener API with your app’s share flow, your email campaigns, etc. to programmatically generate links that will deep link directly back to your app.

When opened, the link auto-detects the user’s platform and if they have Maps installed. If the user has the app installed, the short link opens the content directly in the Android or iOS Maps app. If the user doesn’t have the app installed or is on desktop, the short link opens the page on the Maps website.


]]> 0