Slatedroid info

Everything about android tablet pc [slatedroid]

Qualcomm spokesman says there is no Snapdragon 815

Posted by wicked April - 1 - 2015 - Wednesday Comments Off

qualcomm_snapdragon_screen_cap

In a very brief exchange between Qualcomm’s Senior Director of Public Relations Jon Carvill and website FudZilla, Carvill delivered a very specific message: “There are no plans for a Snapdragon 815 processor.”

It had been reported around the web, including here at Talk Android, that Qualcomm was working on a cutting-edge successor to the Snapdragon 810, the 810 making its debut in many of the flagship Android OEM devices this 2015. Sadly, though, the 815 was just a myth; however, Qualcomm did shed light on its next processor, the Snapdragon 820, during this past MWC.

The Snapdragon 820 is expected to arrive at the very end of 2015 or the beginning of 2016, just in time for the annual premier of flagship smartphones. It was mentioned that the 815 was using a FinFET transistor, and you’re in luck, the real-deal 820 will be as well. Qualcomm also is designing a custom core to go with the 64-bit SoC dubbed Kyro. The chip will be based on ARMv8, but also designed by Qualcomm.

Source: FudZilla via GSM Arena

Come comment on this article: Qualcomm spokesman says there is no Snapdragon 815

Google introduces new analytics tools to help game developers

Posted by wicked April - 1 - 2015 - Wednesday Comments Off

google_play_analytics_business_drivers

Following up on an announcement a few weeks ago at the Game Developers Conference, Google is make the new Play Games Player Analytics tool available to all developers through the Google Play Developer Console. The Analytics tool will help developers manage their business to revenue targets, identify hot spots using metrics to develop new game updates, and understand how players are progressing, spending and churning.

Google is making the Analytics tool available for no additional effort for developers who are using Google Play game services in their titles. All they need to do is visit their Google Play Developer Console to access the reports generated by the tool. If a developer is not using Google’s game service, they can add this tool with a few lines of code added to their game, although it appears this will also add Google Play game services to a title.

Besides the basic reports and metrics, developers can also get access to a Sources and Sinks report if they enable Events from Google Play game services.

The revenue target tool gives developers the ability to set a daily goal for revenue. The report will then show Target vs Actual data. A Business Drivers report gives developers benchmark data so they can see how their game stacks up against the competition. Other reports will show player retention statistics and another will help developers identify which parts of a game players are struggling with or where they enjoy spending their time.

The Sources and Sinks report can be used by developers to analyze the in-game economy they have created in their titles. The data will show how players are earning rewards and how they spend them.

For game players, this should mean even better games and game updates hit the market as developers have more information and data to support their development strategy.

source: Android Developers Blog

Come comment on this article: Google introduces new analytics tools to help game developers

Opera Browser Beta

When it comes to Android, you have a ton of options to choose from when deciding which browser to use on your smartphone or tablet. Opera is a name that been around for quite a while, and it has pushed an update for its Opera Browser Beta app with some must-have features that will help it keep pace with the competition.

We have the change log below as well as the download link and QR code. While there are no major improvements, the small changes and fixes as a whole should be noticeable if you are a long-time Opera user.

Change log:

  • Tab synchronization: new view for synced tabs, new layout in Tab manager
  • Improved Text wrap
  • 64-bit support
  • New progress bar
  • Opera Turbo replaces Off-road mode
  • Upgrade to Chromium 42
  • Various stability and usability improvements.

qr code

Google Play Store Get it Here

Come comment on this article: Opera Browser Beta update brings 64-bit support, Chromium 42 codebase and other improvements

Where is the best place to store a password in your Android app

Posted by wicked March - 31 - 2015 - Tuesday Comments Off

Security concept

Typically Android security issues fall into a couple of major categories. Firstly, personal information stored insecurely on a phone and secondly, insecure communication to any back end database or web server.  And while there are lots of other things that can go wrong, the majority of security problems fall into these two areas. In this article we will look at the various options available to secure personal information  in an app, and in the next article we’ll look at network communications.

The best option is to never store a user’s personal information, such as passwords or credit card numbers, on the phone. If getting the user to enter a password each time is not an option then you’re going to have to store the username and password somewhere on the device. There really aren’t a lot of places you can store information on an Android device. The possibilities are to store the information in shared preferences, or in a sqlite database, or in the device’s keystore.

Over the past few years, I have been part of a process that manually audited a couple hundred Android apps. During that time I have seen the same security problems, repeated again and again. And although we do our best to let the developers know about the security issues with their apps, we’ve been a lot more successful at hacking the apps than at getting anyone to fix them.  So in an effort to spread the knowledge, let’s look at some real world authentication patterns we’ve seen as developers try to hide password information.

These are ranked in order of difficulty to break.

  1. Store in cleartext
  2. Store encrypted using a symmetric key
  3. Using the Android Keystore
  4. Store encrypted using asymmetric keys

Cleartext

Plaintext encryption

Using cleartext means there is no protection to a user’s runtime data – assuming the hacker has physical access to the phone, which is a big assumption. But as there are so many phones for sale on eBay and Craigslist you have to assume that your app is going to end up sooner or later on a secondhand device.  You can access all the information in an app’s data folders use the adb backup command and then convert it into a tar format using the Android Backup Extractor or abe.jar. For example:

adb backup com.packagename.android
java -jar abe.jar unpack backup.ab
tar -xvf backup.tar

Using cleartext means there is no protection to a user’s runtime data – assuming the hacker has physical access to the phone.

A slightly better option used by a significant number of apps is to set the android:allowBackup flag to false in AndroidManifest.xml and then put whatever you want in the shared preferences or in into an sqlite database. The idea being that if nobody can back it up then nobody should be able to access the passwords. Unfortunately there’s a big flaw in this argument. Android is a Linux based system so root will have access to any files on the phone. If the phone isn’t properly wiped when it’s resold the new owner is going to have all the time in the world to root the phone and recover whatever dynamic user information is stored in the data folders by changing the permissions on the file and then doing an adb pull, instead of the adb backup command. Here is an example shared preferences file with an exposed password:

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="password">2secret4me</string>
<boolean name="remember" value="true" />
<string name="username">androidauthority</string>
</map>

Symmetric Encryption

Symmetric Encryption

A much better idea is to encrypt the password before you store it. If you are going to take this approach then don’t store the key in the APK code or anywhere else on the phone. It’s never a good idea to use AES, DES or any other symmetric encryption algorithm if you store the key where it can be easily found.  It is a relatively simple process to find the APK and then get a copy off the phone. The command adb shell pm list packages will get a list of the APK’s on your phone. To find where the APK lives on the phone use the command adb shell pm path com.packagename.android using your APK name. Then use the following command to get a copy of the APK, adb pull /data/app/com.packagename.android-1/base.apk making the appropriate changes for the package name and path or apk name where appropriate.

Use jadx base.apk to decompile the code back into java source code to see if you can find the encryption key in the code. If you are familiar with dex2jar then I suggest switching to jadx. It is an order of magnitude better at decompilation than dex2jar. Lots of apps I audited in the past with dex2jar have only given up their secrets when we starting using jadx.

Developers are a helpful bunch and they often put the encryption keys in easy to find places like com.packagename.android.util.security.

Developers are a helpful bunch and they often put the encryption keys in easy to find places like com.packagename.android.util.security. If that doesn’t work more often than not the code isn’t obfuscated and you can try searching for the class name or phrases like ‘encrypt’ or ‘decrypt’.  To decrypt the password cut and paste the decryption code into a java file and give it the password as an argument.  Some developers make the encryption key device specific by including device information such as the AndroidID as well as make and model information, but it’s mostly worthless if you can already see how the key is put together in the code. If you are going to use some sort of a recipe to generate the encryption key then obfuscate the code properly so that the ingredients are not easy to find. If possible store some piece of information (or even the entire key) remotely on a server, so not all the information can be found on the phone.

And as your app grows and you add more developers, make sure everyone knows how to encrypt and decrypt login information. In one of the dating apps I audited, I found the password encrypted in the shared preferences and another copy of the password was also stored in cleartext in the app’s sqlite database. Someone either didn’t know the rules or simply forgot to remove old code that stored the password in the database.

If you’re writing a healthcare app and you want to see if it’s HIPAA secure then put your device into airplane mode and if you can still log into the app then it’s probably not compliant with the HIPAA regulations.

Android Keystore

The safest option for encrypting passwords is to use asymmetric encryption algorithms such as RSA. Asymmetric means that the key is split into public and private keys where only the private key can decrypt the information.  We’re seeing a lot more developers using the Android Keystore to store public and private asymmetric key information.

old_keys

In the Android Keystore this public – private key exchange takes place on the device and would seem to be HIPAA compliant. We say ‘seem to be’ as once again if you can root the phone you can gain access to the private keys. Nothing is 100% secure and sooner or later someone will find a way to get at the keys, especially if you put everything in the same place.  I’ve always had a problem with mechanisms like the Android Keystore because app developer’s are relying on the skills of another developer for security, and there is no physical impediment to get at the keys.

Android Keystore public and private keys are stored in the /data/misc/keystore/user_0 directory.  The private key is stored in a file that has <app_id>_USRCERT_<key_alias>.  On a rooted phone you can copy the file to another <app_id_malicious>_USRCERT_<key_alias> and then import it from your malicious app, allowing you to recover the password.

Asymmetric Encryption

A safer asymmetric encryption option is to store the private key remotely. When the password is first entered, it is sent to the server for storage. It’s also encrypted with the public key and stored in the shared preferences.  Every time the password needs to be checked then the public key encrypted password gets sent to the backend server and decrypted by the private key. It is then checked against the password information in the server’s database.  A token is then passed to the Android client to allow access to the app.  At no time is the password visible on the phone.

In Android this usually means using the Spongy Castle libraries or other alternative such as Google’s Keyczar.  Sure there are other security issues that you have to think about like how to ensure that someone isn’t just sending you a publically encrypted key from a different device. But it is a lot easier to add extra ingredients to your asymmetric key recipe to foil these type of attacks when the code is on the server.  We’ll return to this in the next article.

In the future Lollipop device encryption may put an end to many of these types of attack, but until Lollipop gains critical mass then options 1, 2 and 3 are not secure approaches. Our original recommendation is to ask the user to enter their password every time they sign in. If that’s not possible then never store the password in cleartext or leave the key in the code or on the device for someone to find.  Asymmetric encryption keys using Spongy Castle or Google Keyczar are much better alternatives to consider.  In the next article we’ll look at similar options for safeguarding your API keys.

Subscribe to our Android Developer Newsletter
Join our Android Developers newsletter to get all the top developer news, tips & links once a week in your inbox


About the author

Godfrey NolanGodfrey Nolan is the founder and president of the mobile and web development company RIIS LLC based in Troy, Michigan, and Belfast, Northern Ireland.He has had a healthy obsession with reverse engineering bytecode. See more from him here. He’s also the author of Bulletproof Android: Practical Advice for Building Secure Apps.

 

Samsung isn’t working on Android 5.1 for the Galaxy Note 4 or any other devices yet

Posted by wicked March - 30 - 2015 - Monday Comments Off

Samsung_Galaxy_Note_4_Back_Galaxy_Note_4_Logo_TA

If you are the proud owner of a Galaxy Note 4, you’ve probably been getting more and more excited about the news we keep hearing that Samsung is working hard on an Android 5.1 update that will bring the latest version of TouchWiz to your device. Sadly, it seems that these rumours may well be untrue.

Indeed, the Galaxy Note 4 is still waiting for the Android 5.0.2 update in some regions, instead having to make do with Android 4.4 KitKat. So why isn’t Samsung working hard on bringing Android 5.1 to its vast array of devices? Just that, Samsung’s vast array of devices means that it takes longer to update each eligible device, which means it can’t just move its developers on to next version of Android. According to SamMobile’s sources, Samsung is not working on Android 5.1 for any of its devices at the present time. Nor is there any details available about bringing the latest TouchWiz to the Galaxy Note 4 when Android 5.1 is eventually released. And it could be worse.

Remember when the Note 2 was released with Jelly Bean 4.1, Samsung decided to skip the Android 4.2 update and move right along to 4.3 leaving the Note 2 on the same software for a year or so? It might well happen with the Note 4. While you could understand the reasoning in part, that the Note series is more difficult to update thanks to its additional features and S-Pen functionality, it was cold comfort to those Note 2 owners. I know because I was one of them. Let’s hope that Samsung doesn’t decide to do something similar with the Note 4 with regards to Android 5.1 as it struggles to get through its backlog of scheduled updates for its devices.

 

Source: SamMobile

Come comment on this article: Samsung isn’t working on Android 5.1 for the Galaxy Note 4 or any other devices yet

Details leak about Qualcomm’s Next-Gen Processor, the Snapdragon 815

Posted by wicked March - 30 - 2015 - Monday Comments Off

qualcomm_snapdragon_marketing

While the current generation of smartphones, with the exception of Samsung’s Galaxy S6 and S6 Edge, are using the Snapdragon 810 processor in their flagship devices, that doesn’t mean that Qualcomm are standing on their laurels. Instead, the chip maker is already concentrating on its next top end CPU, the Snapdragon 815 according to an unnamed source.

What we know about the Snapdragon 815:

  • Quad Cortex A72 + Quad Cortex A53 (Cores may be tweaked by Qualcomm)
  • Next Gen Qualcomm Adreno GPU
  • FinFet Manufacturing process

So the Snapdragon 815 will use the big.LITTLE configuration as seen on the Snapdragon 620 chip and may be manufactured using the new 16nm FinFet* process. According GizmoChina’s unnamed source, Qualcomm are delaying the release of the Snapdragon 815 so it doesn’t adversely impact on the recently released flagships powered by the current 810 chip. The way that these releases go, one would expect the Snapdragon 815 in the second half of 2015.

 

*FinFet is a type of 3D transistor used in the design of modern processors using a conducting channel that rises above the level of the insulator to create a thin silicon structure called a gate electrode. This gate electrode is shaped like a fin, hence the FinFet name. 

 

Source: GizmoChina

Come comment on this article: Details leak about Qualcomm’s Next-Gen Processor, the Snapdragon 815

Samsung will release a theming tool for Galaxy S6 sometime in April

Posted by wicked March - 30 - 2015 - Monday Comments Off

Samsung Galaxy S6 Edge (47)

While we’ve known that the Samsung Galaxy S6 and S6 Edge smartphones will allow users to customize the handsets thanks to the Themes option first seen in the Galaxy A series of phones, it hasn’t been clear exactly how 3rd party theme makers would be able to distribute their offerings for the S6. Until now, thanks to Reddit member, gedankenreich, receiving a reply from Samsung on the matter.

According to Samsung’s reply (below), there will be a new theming tool made available for the international Galaxy S6 sometime in April. It’s possible that it could just be an updated version of the theming tool for the Chinese Note 4, A5 and A7, but that tool is limited to custom icons and wallpapers at the present time. For me, the reply seems to imply that a new authoring tool will be made available for the S6, although as with all hunches, a liberal pinch of salt is required.

Changing themes on our smartphones is such an easy way to customize and personalize our devices, I’m surprised that it’s taken so long for this ability to become a baked-in feature. Especially when you consider how versatile the Android operating system is, and how many different launchers there are available in the Play Store. If you are one of the predicted 55 million future owners of the Galaxy S6, what theme would you like to see on your new phone?

 

MY Theme

Source: Reddit
Via: SamMobile

Come comment on this article: Samsung will release a theming tool for Galaxy S6 sometime in April

Google publishes Cloud Console Beta app for managing Cloud Platform services

Posted by wicked March - 27 - 2015 - Friday Comments Off

Cloud Console Icon

Here we have the release of the Cloud Console app from Google that will allow you, the developer, to manage your solution running on the Google Cloud Platform via your Android smartphone or tablet. The app is in beta status and Google says it plans on shipping new features regularly. 

Google Cloud Console

The Cloud Console app appears to be the result of Google acquiring the cloud database company called Firebase back in October 2014.

Features:

  • Check the status of your Google App Engine or Compute Engine resources
  • Create your own custom dashboard to get a glanceable overview of your solution
  • Take quick actions directly from your device such as stopping a virtual machine
  • View and manage Incidents tracked in Google Cloud monitoring

Early adopters have asked for features such as API call graphs and quota details as well as asking for a Google Play Developer console app. The Cloud Console app promises to give developers on-the-go control of their virtual machines. Remembering that the app is in beta status, you can download Google’s Cloud Console app by clicking the link below or scanning the QR code with your smart device.

qr code

Google Play Store Get it Here

Google Cloud Console(8)
Google Cloud Console(12)
Google Cloud Console(13)
Google Cloud Console(14)
Google Cloud Console(15)

 

Via: FoneArena

Come comment on this article: Google publishes Cloud Console Beta app for managing Cloud Platform services

Oneplus OxygenOS release has been delayed yet again

Posted by wicked March - 27 - 2015 - Friday Comments Off

OnePlus_New_ROM_OxygenOS_Forum

If you are a OnePlus One owner and were expecting today’s major decision to be whether or not to carry on using CyanogenMod 12S firmware or to turn to the home-grown OxygenOS, you are going to be a little disappointed. As Justin predicted, the release date has been missed and no new date has yet been announced.

This time the delay is said to be down to the certification process taking longer than anticipated. The OnePlus developer going by the devildv nickname said that he and a colleague were each running a handset running CM12S and OxygenOS respectively as daily drivers and that things would be explained in the coming days. It’s disappointing news, hopefully, OnePlus will announce a new deadline for the OxygenOS release sooner rather than later. Perhaps they would be better off just providing a download link when it is actually ready instead of disappointing its customers and blasting past deadline dates.

I wonder if the OxygenOS firmware will be released before OnePlus announce its GameChanger device next month?

Source: Reddit
Via: PhoneArena

Come comment on this article: Oneplus OxygenOS release has been delayed yet again

Qualcomm’s Quick Charge 2.0 technology charges ahead of conventional chargers in video test

Posted by wicked March - 25 - 2015 - Wednesday Comments Off

Qualcomm QuickCharge 2.0

One of the things we’ve come to accept in the smartphone era is that after a full day’s use, our devices usually need to be charged daily. Being human, we often forget to attach said phones to the charger and then we are stuck having to disable most of the fancy smartphone functions to try and get eek it through the day, having reduced our smartphone to dumbphone status. Larger batteries just mean it takes longer to fully charge. Thankfully, Qualcomm has come to our rescue with its Quick Charge 2.0 technology and has prepared a video demonstration on the topic featuring three Nexus 6 handsets and 3 very different chargers.

As previously mentioned, the three identical Nexus 6 handsets are hooked up to two conventional chargers; a 5 volt/1Amp, a 5volts/2Amp charger and a Quick Charge 2.0 charger. Naturally the results are startlingly different with the conventional chargers managing to charge the handsets up to 16%/24% respectively and the Quick Charge 2.0 achieving 38% after half an hour. After 40 minutes, the Quick Charge 2.0 charger got up to the 50% mark while the other chargers had just reached 22% and 32%. Considering that the Nexus 6 has a monster 3,220 mAh battery, that’s a pretty quick way to reach the halfway point in charging the device as can be seen in the video below.

Some of the devices that are Quick Charge 2.0 compatible include:

  • Nexus 6
  • Sony Xperia Z4 Tablet
  • Motorola Droid Turbo
  • Samsung Galaxy Note 4/ Note Edge
  • HTC Desire Eye
  • New Moto X by Motorola
  • Sony Xperia Z3 Tablet Compact
  • Sony Xperia Z3 Compact
  • Sony Xperia Z3
  • HTC One M8
  • Sony Xperia Z2 Tablet
  • HTC One Remix

Click here to view the embedded video.

Source: Qualcomm

Come comment on this article: Qualcomm’s Quick Charge 2.0 technology charges ahead of conventional chargers in video test

ePad 7 Android 4.0 ICS
$162 $100 FREE SHIPPING 

10" Android 4.2 1.2GHz Tablet PC

7