Facebook Finally Fixes Battery Draining Bug In The Messenger App

For a past couple of weeks, many Facebook Messenger users were complaining about  very fast battery drainage on their smartphones (with the accompanying thermals impact) due to an unknown bug in the app. Luckily, it looks like the bug which was causing this rapid battery draining has been fixed after all.

Yesterday, Facebook's Vice President of Messaging Products, David Marcus, took Twitter and acknowledged that they were aware of the bug and that it's now fixed. As for what was causing the problem, David said that it was a server-side bug, adding that it has now been isolated and fixed by the Facebook team. David also advised users to restart the Facebook Messenger app in order to completely get rid of the issue.

@bestsportnascar @alxpap issue was isolated and fixed server side. If you restart Messenger the problem should be gone now. Very sorry.

— David Marcus (@davidmarcus) January 10, 2017

If you're a Facebook Messenger user and noticed that your battery is draining very fast from past couple of weeks, then you were most likely affected by this battery draining bug. But as acknowledged by Facebook, the issue is now fixed on their end and to ensure it's fixed on your end too, simply restart the Messenger app. You can try force closing the app from the Settings. Alternatively, you can also restart the device to see if the issue is resolved.

Are you a Facebook Messenger user? Let us know if you noticed unusual battery drain!

Source: @DavidMarcus

from xda-developers http://ift.tt/2igOy51
via IFTTT

Get Custom Quick Settings Tiles

In Android Nougat, you are able to edit your quick settings tiles and even download and add new ones from the Play store. This video shows some of the best tiles out there.

Weather Quick Settings Tile

This app lets you add a small weather tile to your quick settings bar on Android Nougat. The text shows you the current temperature while a small icon displays one of 12 different weather conditions.

Download

Caffeinate

Caffeinate works by creating a tile in your quick settings, a feature only available in Android Nougat and higher. Upon toggling, Caffeinate will keep your screen awake for five minutes. After the time is up, your screen will continue sleeping normally.

Download

Night Mode

Activate the hidden night mode feature in Android Nougat with one tap of this tile.

Download

Monotweety

Monotweety is an open-source Twitter client just for tweeting from device's notification area. If you are using Android 7.0 or later, you can literally tweet from the notification area. Otherwise when you tap the notification, an editor dialog will be launched.

Download

from xda-developers http://ift.tt/2ienpQ6
via IFTTT

Xperia Projector Shows up Again at CES 2017 — Android Touchscreen Device Projected Anywhere!

Lately, Sony has showcasing new devices that it claims are the next step in innovation for mobile technology. Dubbed "Xperia SmartProducts", they are a new take with a small twist on not-so-old gadgets, often with just enough pizzazz to raise some eyebrows.

First shown alongside the Xperia X series back in February of 2016, these smart devices are what Sony calls products "with the brains and the beauty to redefine the way you communicate". While most of them existed as mere visions and concepts back at Mobile World Congress 2016\, the Xperia Ear voice assistant is actually available now — but this was arguably the least ambitious of the products, though, as it is essentially a newer Moto Hint. What really made us raise our heads back then, and what we are still most excited about, is the Xperia Projector. Below is an excellent video by Linus Tech Tips demonstrating how the Xperia Projector works and what it's good for:

In case you cannot watch the video, the Xperia Projector is indeed a laser projector that's intended to bring a full-fledged Android tablet experience anywhere, projected onto any surface. It detects 10-point multi-touch rather accurately through an IR sensor on the device, making for a responsive and scalable Android touchscreen you can put anywhere in your house, including on furniture and even walls. It generates a 23-inch display which can also be scaled up to 80 inches by putting the device around 25cm away from the target surface (this being best for walls), which makes it great for gatherings or movies (even if the quality isn't the best). The device also has NFC, bluetooth, WiFi , a microphone and a camera for Skype calls and other use.

Like we saw with other Xperia smart products, there are various usecases this could be good for, ranging from a smart wall assistant for your bedroom to an interactive kitchen screen to help you navigate recipes and cooking videos without getting a physical device all messy. It also looks to be fun to use with board games and casual reading, and you can stream PlayStation 4 games to the device as well.

Sony isn't sharing many details regarding price or availability, but it's likely that this product will hit stores within the year as other "Xperia smart products" have. We don't expect it to be cheap, but we appreciate Sony's willingness to innovate in this space. If you haven't checked out Linus Tech Tips' video on the matter, we suggest you bookmark it for later as it's truly worth a watch!

---

What do you think of this projector? If it ends up being affordable, would you buy one? Discuss below!

from xda-developers http://ift.tt/2jFiLLB
via IFTTT

Google will now Require OEMs to Prompt before Silently Uninstalling Applications

With the release of each new version of Android comes a whole host of changes. For instance, Android 7.1 Nougat introduced application shortcuts, round icon support, and keyboard image insertion. But there are also many subtle changes made to the operating system that only developers and OEMs really pay attention to. For OEMs, they also have to pay attention to any updates made to the Android Compatibility Definition Document (CDD). This document outlines the hardware and software requirements necessary for devices to meet the compatibility requirements with the latest version of Android. If a device fails to meet these requirements, then they may fail Google's Compatibility Test Suite – resulting in a loss of access to Google's suite of applications.

When the CDD for Android 7.1 Nougat released, it received little fanfare compared to the interest generated by 7.0's document. No surprises there, though, as 7.1 is only a minor upgrade to Android so there isn't much that was expected to change. But that doesn't mean there aren't any changes worth noting. Today, AndroidPolice discovered some language in the updated document stating that OEMs will be forbidden from modifying the notification behavior introduced in Android Nougat – direct replies and notification bundling. Through some digging of our own, we discovered the introduction of some more interesting language added to the document.

Section 4 of the document, titled "Application Packaging Compatibility", defines how device implementations must manage APK installations. At the bottom of this section, there is a new paragraph that states that system-installed applications can no longer uninstall packages without prompting the user.

Device implementations MUST NOT allow apps other than the current "installer of record" for the package to silently uninstall the app without any prompt, as documented in the SDK for the DELETE_PACKAGE permission. The only exceptions are the system package verifier app handling PACKAGE_NEEDS_VERIFICATION intent and the storage manager app handling
ACTION_MANAGE_STORAGE intent.

What this is essentially saying is that only the application that was responsible for installing a package in the first place will be able to uninstall that package. For example, if you install an application through the Google Play Store, it retains the ability to uninstall that package. The only exceptions to this rule is when the system package manager is verifying an application and when you are using the new Android Nougat storage manager feature.

In order to delete a package that is not considered the "installer of record", an application needs to have the DELETE_PACKAGE permission. Fortunately, this permission is restricted to system applications, so it's not as if you can be tricked into granting an application this dangerous permission (unless you grant a malicious application root access, but then all bets are off). The Android permission manifest documentation notes that whenever a system application requests to delete another package, user confirmation will be requested. However, even though this language was introduced in the developer reference page for Android 7.0, it's only with Android 7.1 that Google is making this user prompt a requirement.

We haven't heard of any examples of OEMs secretly maliciously uninstalling your applications, because it would undoubtedly be a big scandal for that to occur. We found it interesting to see this requirement and language introduced now, when this dangerous permission has existed for many API levels. What's most likely happening is that Google is cracking down on third-party cleaner applications that are installed at the system level of certain smartphones, and is instead pushing OEMs to adopt their new Storage Manager feature.

from xda-developers http://ift.tt/2jF6RRT
via IFTTT

January 2017 Security Update Rolling out to the Huawei Watch

Feature Image Credit: XDA Member Pepousek67

The latest January 2017 security update is now rolling out to owners of the Huawei Watch. Pictures of the update and a downloadable OTA link to sideload have been shared in the forum thread. Get it now!

from xda-developers http://ift.tt/2jvWqM8
via IFTTT

How to Enable Google Assistant Without Changing Your Device’s Model Name

The Google App has recently been updated to no longer require modifying your device's product model when enabling Google Assistant, instead you now only need to add 'ro.opa.eligible_device=true' to build.prop. XDA Member Fknt00 has posted a flashable zip to easily make this change.

from xda-developers http://ift.tt/2j8gurH
via IFTTT

OnePlus 3/3T Bootloader Vulnerability Allows Changing of SELinux to Permissive Mode in Fastboot

The OnePlus 3 and the OnePlus 3T are among the best phones you could purchase right now. The flagships of 2017 are yet to be revealed to the market and consumers, and in their absence, the OnePlus 3/3T dominate real world performance at an affordable price segment.

But, if we are to be fair in assessing the device, we need to acknowledge that despite OnePlus's best efforts, the OnePlus 3/3T are not without faults. Even on the software end, we've reported on security issues like OnePlus leaking IMEI details when you check for updates on your phone. And now, we have another serious addition to the list, one with vastly more dangerous ramifications.

A vulnerability in the bootloader of the OnePlus 3/3T opens up doors to malicious attacks. As found by Roee Hay of the IBM X-Force Application Security Research Team and revealed on the IBM X-Force Exchange platform, this vulnerability allows an attacker to manipulate the SELinux state on the devices, toggling it to permissive mode. All that the attacker needs is either physical access to the device, or remote access to an ADB connection to the device.

SELinux, or Security-Enhanced Linux is a linux kernel security module, allows for access and management of security policies on systems. SELinux was introduced in Android 4.3, and was set into Enforcing mode as default since Android 4.4. This mandatory access control system helps enforce the existing access control rights, and attempts to prevent privilege escalation attacks. This acts as a hurdle for unauthorized control over your device, such as an app or vulnerability aiming to get root access maliciously on your device without your knowledge. Setting it to Enforcing by default across Android as an OS serves as the first step to protect normal users from such attacks.

The vulnerability is rather straightforward to exploit — in fact, it looks to be a huge oversight rather than exploit. First, an attacker reboots the OnePlus 3/3T into 'fastboot' mode — if you have physical access, simply press Volume-Up button during device boot, and if you don't, you can issue the ADB command adb reboot bootloader to the device. The fastboot mode on the device exposes a USB interface, which should not allow any security sensitive operation to complete on locked devices. But on the OnePlus 3/3T, simply issuing the fastboot oem selinux permissive command through the fastboot interface toggles the SELinux mode from Enforcing to Permissive.

  fastboot oem selinux permissive  ...  OKAY [  0.045s]  finished. total time: 0.047s    ....    OnePlus3:/ $ getenforce  Permissive  OnePlus3:/ $    

To further complicate the problem, the OnePlus 3 and 3T do not possess any entry in the 'About Screen' to mention the current SELinux state of the device. A victim will continue to remain oblivious to the compromised state of his device if he had no knowledge of such compromise ever occurring. The lack of SELinux state entry in the 'About Screen' is missing from both the Android 6.0 based Open Beta releases, as well as Android 7.0 official ROMs.

Several apps exist to toggle SELinux state to Permissive, like the SELinux Mode Change app. This change exists only across soft reboots. You can utilize scripts to maintain the Permissive state across hard reboots. Both of these methods require root access, which implies that the user has knowledge of the risks he is exposed to. But the change to Permissive using the above vulnerability not only persists across hard reboots, it does so without needing root access.

No remedies exist against the vulnerability as of January 2017.

We hope OnePlus publicly acknowledges the serious issue and is transparent in their plans towards fixing it.

from xda-developers http://ift.tt/2jE9001
via IFTTT