Tag: Android

Millions of Xiaomi phones have bugs

bugMillions of Xiaomi phones are vulnerable to a “flaw’ that could allow an attacker to remotely install malware.

Although the flaw in the analytics package in Xiaomi’s custom-built Android-based operating system has been fixed, it could be a while before users install the patch.

Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a so-called “man-in-the-muddle” attack and allow an attacker to run arbitrary code at the system-level.

Xiaomi is advising users should update their devices as soon as possible. The flaws rely on a lack of encryption and code-checking and verification. The risk is that if the phone is already hacked the update could be theoretically modified in transit although the hackers would have to be rather quick.

Companies are getting more into trouble for software that they supply with their hardware.  Lenovo faced a scandle when some some its bloatware arrived with a particularly nasty security flaw. It did fix it and bundled off a patch, but the case highlighted the risks for suppliers in providing such software to users.

Oracle asks a Judge to forget Java ruling

Consulting-the-Oracle-JWW-1884Optimistic lawyers working for Oracle have asked a Judge to set aside a landmark jury trial which prevents it screwing shedloads of cash from Google and its Android operating system.

A jury found Google rightfully helped itself to Oracle programming code to create the Android operating system.

The law allows use of copyrighted material in limited circumstances based on the scope of use, to what extent the purpose is commercial, and the effect of the use on the material’s value or market potential.

For six-years, Oracle had been seeking up to $9 billion in damages from Google. A judge already rejected a bid in May by Oracle to get the verdict thrown out. But the software and cloud company hasn’t given up.

It has filed a motion in San Francisco U.S. District Court again asking the same judge, William Alsup, to toss the verdict. It has cited case law suggesting use is not legal if the user “exclusively acquires conspicuous financial rewards” from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android.

It is unlikely that Judge Alsup would agree. He had noted in rejecting Oracle’s first attempt at scuttling the verdict that the jury could have “reasonably found” that the commercial use also “served non-commercial purposes as well, i.e., as part of a free and open software platform, namely Android.”

Google has consistently argued that the Java code was free and open to all and that its use of the code was transformative. More over Sun Microsystems, which created Java in the 1990s long before it was bought by Oracle, had no problem with Google using the code without a license.

Larry Page, CEO of Google’s parent company Alphabet, told the court said that Google did not pay for free and open things.

Obama ditches Blackberry

obama-funny-face-grr-growl-640x397President Barack Obama fought to keep his BlackBerry when he took office, now he is ditching it for an Android.

The President was given a BlackBerry 8830 World Edition with extra crypto—for unclassified calls and e-mail. He liked his Blackberry so much he continued to carry it even though the technology was getting rather elderly and the company has been going down the gurgler.

In an appearance on Late Night with Jimmy Fallon, Barack Obama said he now carries a secure “smartphone” that is so locked down that he compared it to an infant’s toy phone. The phone in question was not an iPhone of course but a “hardened” Samsung Galaxy S4.

The S4 is currently the only device supported under DISA’s DOD Mobility Classified Capability-Secret (DMCC-S) program. In 2014, a number of Samsung devices were the first to win approval from the National Security Agency under its National Information Assurance Partnership (NIAP) Commercial Solutions for Classified (CSfC) program—largely because of Samsung’s KNOX security technology. And the S4, layered with services managed by DISA, is the first commercial phone to get approval to connect to the Secret classified DOD SIPRNet network.

The DMCC-S handset sacrifices some of the Galaxy’s functionality for security purposes. While it uses biometric authentication, there’s no user-accessible camera. The Android applications on the DMCC-S Galaxy are restricted to a selection from DISA’s Mobile Application Store (MAS).

Obama’s device has even further security restrictions. Obama told Fallon that he cannot place phone calls on it—the phone is likely restricted to secure VoIP functionality, with outside calls controlled from a secure switchboard.



Google beats Oracle in Android in “fair use” case

Consulting-the-Oracle-JWW-1884A federal jury has ruled that Google’s Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs was protected by “fair use”.

The Jury took three days to reach its verdict. Oracle has decided it will appeal.

There was only one question on the special verdict form, asking if Google’s use of the Java APIs was a “fair use” under copyright law. The jury unanimously answered “yes,” in Google’s favour.

If Oracle had won, the same jury would have gone into a “damages phase” to determine how much Google should pay.

US District Judge William Alsup, who has overseen the litigation since 2010 said the jury had did a great job and he “would like to come in the jury room and shake each of your hands individually.”

Google said in a statement that its victory was good for everybody. “Today’s verdict that Android makes fair use of Java APIs represents a win for the Android ecosystem, for the Java programming community, and for software developers who rely on open and free programming languages to build innovative consumer products,” a spokesGoogle said.

Oracle which had expected to win billions off of the court case vowed to appeal.  Dorian Daley, Oracle’s general counsel, said in a statement:

“We strongly believe that Google developed Android by illegally copying core Java technology to rush into the mobile device market. Oracle brought this lawsuit to put a stop to Google’s illegal behavior. We believe there are numerous grounds for appeal and we plan to bring this case back to the Federal Circuit on appeal.”

APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a “fair use” defence.

Over the course of the two-week trial, jurors heard testimony from current and former CEOs at Sun Microsystems, Google, and Oracle, as well as in-the-trenches programmers and computer experts from both companies.

Oracle bought Java when it purchased Sun Microsystems and started a law suit against Google over the APIs in 2010. In 2012, following a first jury trial, US District Judge William Alsup ruled that APIs can’t be copyrighted, but Alsup’s opinion was overturned on appeal. At this month’s trial, Google’s only available argument was that the 37 APIs constituted “fair use.”

Oracle argued that Google copied parts of Java API packages as well as related declaring code, in order to take a “shortcut at Oracle’s expense.” As Android prospered, Oracle’s Java licensing business, cantered largely around feature-phones, tanked.

“They copied 11,500 lines of code. It’s undisputed. They took the code, they copied it, and put it right into Android,” Oracle attorney Peter Bicks told the court.

Google pointed out that Java has always been “free and open” to use—and that included re-implementing Java APIs. Sun and its CEO Jonathan Schwartz accepted Android as a legitimate, if inconvenient, competitive product.

Google attorney Robert Van Nest told the jury that Oracle’s case was all about having a big sulk. Oracle CEO Larry Ellison welcomed Android at first, but later he “changed his mind, after he had tried to use Java to build his own smartphone and failed to do it.”


Google might replace Java with Swift

taylor-swift-is-the-apple-of-musicGoogle’s long running legal row with Oracle over its Java operating system could force it to replace it with Apple’s open source Swift.

Apple made Swift open source last year and apparently Google, Facebook and Uber are interested in making it a “first class” language for Android.

Although the idea is that Swift will not replace Java, at least at first, it seems that Google has had a gutsful of Oracle’s attempts to screw money out of the search engine outfit.

Swift was created as a replacement for Objective C, and is pretty easy to code. It was introduced at WWDC 2014, and has major support from IBM as well as a variety of major apps like Lyft, Pixelmator and Vimeo that have all rebuilt iOS apps with Swift.

However it would be a bit of a mess at first. Google would also have to make its entire standard library Swift-ready, and support the language in APIs and SDKs. Some low-level Android APIs are C++, which Swift cannot bridge to.  Higher level Java APIs would have to be re-written.

Oracle lawyers demand funny money from Google

Consulting-the-Oracle-JWW-1884Oracle’s legal team does not appear to have learnt anything from its more or less failed attempt to get Google to pay up for their use of Java applets in Android and are demanding funny money from the search outfit.

Oracle said it wants $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android.

But Oracle sued Google six years ago, claiming the search giant needs a licence to use parts of the Java platform in Google’s market-leading mobile OS. The companies went to trial over the matter in 2012 but the jury was split on the crucial question of whether Google’s use of Java was protected by “fair use,” which permits copying under limited circumstances.

Now the federal district court in San Francisco for a new trial due to begin May 9. As last time, a parade of star witnesses is expected to take the stand, including Oracle’s Larry Ellison and Google’s Eric Schmidt.

The $9.3 billion figure is 10 times the sum Oracle was seeking when the case went to trial last time and is because Android is so successful. The new trial will cover six additional versions of Android, up to and including Lollipop. Even to Google this is not chump change. Google thinks that even it lost it should not pay more than $100 million.

In the first trial, a jury found Google had infringed Oracle’s copyright by copying into Android the “structure, sequence and organization” of 37 Java application programming interfaces.

The trial judge, William Alsup, ruled later that APIs aren’t eligible for protection under US copyright law, dealing Oracle’s case a seemingly fatal blow. An appeals court overturned that ruling, however. Google appealed to the Supreme Court, which declined to take the case. So it now heads back to Alsup’s court to retry the issue of fair use.

Google has already blasted Oracle’s costings and asked Alsup to exclude parts of it from trial, saying it “ignores the statutory standard for copyright damages and fails to offer anything resembling an expert analysis.”

Copyright law says damages can only be claimed for profits that are “attributable to” the infringing code. And the 37 APIs are “a fraction of a percent of the code in the complex Android smartphone platform,” Google’s lawyers argued.

Google made billions from Android

ANDROIDGoogle’s Android operating system has generated revenue of about $31 billion in profit and and profit of $22 billion since its release and Oracle thinks it should have a fair chunk of that.

He did not explain how Oracle came up with the figure, given that Android is a free operating system. Google said in a court filing on Wednesday that the Android disclosures should not have been made public, and asked the court to place it under seal.

A lawyer for Google did not discuss the figure, according to a transcript of the hearing in a Northern California federal court last week. But he said the Alphabet unit might be willing to disclose more information about the revenue produced by Android as part of the court proceedings, the transcript reviewed by Reuters showed.

Oracle says  Google used its Java software without paying for it to develop Android.

The closely watched case involves how much copyright protection should extend to the Java programing language, which Google used to design the operating system. Oracle is seeking royalties for Google’s use of some of the Java language, while Google argues it should be able to use Java without paying a fee.


AVG Web TuneUp stuffs Chrome security

face palmThe AVG Web TuneUp Chrome extension which it adds to Google Chrome browsers when users were installing the AVG antivirus has a feature which allows attackers to read the user’s browsing history and cookies.

The bug was spotted by Google Project Zero researcher Tavis Ormandy, who worked with AVG for the past two weeks to fix it. Apparently the AVG Web TuneUp extension, which lists over nine million users on its Chrome Web Store page, was vulnerable to trivial XSS (cross-site scripting) attacks.

“This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page,” explains Mr. Ormandy. “The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API,” Ormandy said.

Ormandy discovered that many of the custom JavaScript APIs added to Chrome by this extension are responsible for the security issue, being broken or poorly written, allowing attackers access to personal details.

He said that AVG’s developers appear to have forgotten to protect their users against simple cross-domain requests, allowing code hosted on one domain to be executed in the context of another URL.

It would mean that attackers would access to data stored on other websites, such as Gmail, Yahoo, banking websites. All that attackers had to do was to convince a user to access a malicious URL, which is not that tricky.

The extension tiggered HTTPS connections making websites hosted on HTTPS susceptible. For some reason the extension users end up with “SSL disabled.”

Version of AVG Web TuneUp fixed this issue. In the meantime, Google blocked AVG’s ability to carry out inline installations of this extension. This means that users daft enough to want to install the extension have to go to the Chrome Web Store and trigger the download with a click.


Google moves to open source Java

microsoft-open-sourceSearch engine Google has rewarded Oracle for its intense legal interest in Android by abandoning all elements of Larry Ellison’s Java operating system from the mobile operating system.

Ellison’s mighty briefs have been trying to squeeze cash out of Google by claiming elements of the Andriod operating system use its Java Operating System without permission. Now it seems that Google has decided it is not worth the fight and is going to use something different instead.

Instead it is going to use OpenJDK which is an open source version of Oracle’s Java Development Kit.  Android N will rely solely on OpenJDK, rather Android’s own implementation of the Java APIs.

The plan is to move Android’s Java language libraries to an OpenJDK-based approach, creating a common code base for developers to build apps and services. It will start making more contributions to the OpenJDK project.

So far 8902 files have been changed, and Google says that it will simplify the code on which they build apps — a common codebase for these Java API libraries, as opposed to multiple codebases.  But it is not just for developers, otherwise Google would have made the complete switch to OpenJDK ages ago.

Google said that the reason was  the release of  Java 8 last year and the introduction of new language features such as Iambdas.  But there is also the small matter of Ellison’s mighty briefs.

Google has decided to protect itself with regards to future Android versions in the event it loses the current legal battles between Oracle and Google.

After acquiring Sun in January 2010, Oracle sued Google for copyright and patent infringement in August 2010, arguing that Android cannot use Java’s APIs without permission. Google countered by declaring that APIs can’t be copyrighted as they are essential to software development, collaboration, and innovation.

In 2012 a jury agreed with Google and said that Java’s APIs can’t be copyrighted. In May 2014, the Federal Circuit partially reversed the district court decision, ruling in Oracle’s favour: Java’s APIs can be copyrighted, but Google could argue that it made fair use of Oracle’s copyrighted APIs.

It is also not clear what will happen to Java if it is not the prime focus of Android. While Google walking away is not exactly going to kill it off, it will weaken the widescale adoption of an OS which many developers are already considering abandoning since Oracle took it over.

Blackberry makes smaller loss

BlackberryCanadian firm Blackberry made a smaller loss in its financial third quarter than many people expected.

That’s sent its shares rising by six percent on Wall Street, so far.

Blackberry turned in a loss of $89 million, compared with the same quarter last year when it turned in a loss of $148 million.

While its revenues fell 31 percent compared to the same quarter last year, sales were up 12 percent compared to its second financial quarter.

The company has been focusing on software revenues and that grew to $162 million in the quarter.

Blackberry, formerly the corporate favourite for smartphones, recently released an Android phone called the Priv.