Android Portal

As we learned a couple of days ago, the T-Mobile G1′s firmware revision RC29 contained a rather embarassing bug: Any text entered via the keyboard could be interpreted as a Linux command and executed with root privileges. That means typing <enter>reboot<enter> while writing an email, for example, actually rebooted the phone. Annoying, obviously, but also very dangerous. An attacker could potentially trick users into launching telnetd (thereby giving the attacker remote access to a root shell) or if he just wants to cause a little mayhem, convince them to enter commands that would brick their phones.

Until now Google has been somewhat tight-lipped about the patches, presumably because they didn’t want to supply information to would-be hackers before the OTA updates had reached G1 users, but now they have revealed a little more about the fixes in RC29 and RC30, even though a full changelog is not available yet.

While RC30 focussed mainly on the root console bug and the potentially dangerous G1 “jailbreak”, it also fixed two vulnerabilities in the phone’s WebKit-based browser: a buffer overrun bug that could allow attackers to take over the browser and another one that allowed access to the phone’s memory, possibly enabling malicious websites to hijack cookies from other websites.

RC29 fixed the WebKit cross-site scripting vulnerability and a security hole that would allow someone to circumvent large parts of Android’s security mechanism by booting into safe mode.

via CNET

Mozilla has recently released an alpha version of Firefox Mobile (dubbed Fennec). The features definitely sound intriguing: The browser can hide the user interface completely to free up space on the screen, it will support Weave, allowing users to access the bookmarks and browsing history on their desktop computer, it features a smart address bar that can guess what you’re trying to type (important when using a tiny keypad) and future version may even provide tactile feedback using the vibration motors.

There’s a catch, though. In an interview with ABC, Jay Sullivan, Mozilla’s vice president of mobile, revealed that we may not see an Android version of Fennec if applications cannot run natively on Android phones. At present all apps in the Marketplace are written in Java and are interpreted by the Dalvik Virtual Machine. This means they can run on all kinds of different Android phones, and since access to the underlying operating system is restricted, it’s also rather secure.

Running applications natively would take away this layer of security, and it may also make it harder to produce software that works on a wide range of phones. On the plus side the performance would probably be a bit better, and it would be easier to port software to Android without having to rewrite it in Java.

Personally, I don’t think we will see official support for native Linux apps in Android anytime soon because the security implications are considerable and because this would eliminate some of the core features of the OS (ability to interact with other apps, managed resources). There will definitely be user efforts to install native apps and it won’t take long until someone finds a new way to gain root access to the OS now that the pre-RC30 root shell bug is patched, but whether Mozilla will make a Fennec version just for the Android “tinkerers” remains to be seen.

One shortfall of the T-Mobile G1 is that it can’t open PDF or Word files natively, a function that’s rather important for a smartphone. Fortunately Bernard Segonnes created MultiReader, a free application that can display these documents. It’s not available from the Android Market, but you can head over to the developer’s website and grab the APK installation file. Download the file using the phone’s browser and don’t forget to allow non-Market apps under “applications” beforehand. Keep in mind it’s in beta, so some things may not work perfectly yet and at 4 MB it does need quite a bit of memory.

If you don’t like messing around with beta software, there are a couple of workarounds to view PDF files on Android phones:

1. Export them to a different format on your computer, such as JPG. (duh)

2. Have Adobe convert them. You can email PDF documents to pdf2html@adobe.com or pdf2txt@adobe.com and they will send the converted HTML or text file back to you as an attachment. You can also use Adobe’s online form to convert PDF files without downloading them first (simply enter the URL to the PDF file).

3. Email the PDF docs or MS Office files to your own Gmail account and use the HTML viewer to display them (“view as HTML”).

As we reported earlier a security hole in Android RC29 allowed users to get root privileges through telnetd. A root shell is obviously useful for tinkerers, but since a password is not necessary, this ”feature” could allow attackers to cause all kinds of mayhem. It’s not exactly a remote exploit since users have to launch telnetd first, but it’s still rather dangerous considering the implications of a rooted smartphone, so Google has vowed to patch this bug in firmware revision RC30 (or whatever the version number will be). In an email to TG Daily a Google spokesperson was quoted as saying “We’ve been notified of this issue and have developed a fix” and “We’re currently working with our partners to push the fix out and updating the open source code base to reflect these changes.”

In our list of upcoming Android phones we mentioned the possibility of an Android-powered OpenMoko handset (project name GTA02), and according to DIGITIMES the company has just launched such a device. Details are sparse at the moment, but the image published by DIGITIMES shows Android running on what looks like a Neo Freerunner. That means either OpenMoko has modified Android to be compatible with the ARMv4 instruction set (which is what the Freerunner uses) or there’s ARMv5-compatible hardware inside this Freerunner shell. Since user efforts to port Android to ARMv4 have yielded promising results, our guess is OpenMoko is using a modified operating system on standard hardware as well, at least for the demo device.

Source:
http://www.digitimes.com/news/a20081105PD219.html

Pop over to the XDA Developers Wiki and forum for more information.

Since it’s difficult to keep track of all the announcements from various handset manufacturers, we figured it would be a good idea to compile a list of upcoming and current Android phones based on the latest information.

Current:

T-Mobile G1 (HTC Dream)

Release: Sept 23, 2008
Features: touchscreen, slide-out QWERTY keyboard, GPS, WiFi

Upcoming:

Motorola

Release: Q2 2009 (rumored)
Features: touchscreen, slide-out QWERTY keyboard, social-networking functions
Notes: The first Motorola Android phone is supposed to be a bit higher-end than the G1 at a slightly lower price. Motorola has been showing specs and images of the phone to carriers, but the info hasn’t been leaked yet.

Asus Eee phone

Release: Q1 2009 (rumored)
Features: not available
Notes: Supposed to be launched in Taiwan first, world launch shortly after. May be sold under a different label outside the Taiwan market.

OpenMoko GTA02

Release: Late 2008 (rumored)
Features: touchscreen as primary interface, 480×640 display, GPS, Wifi
Notes: There are no firm announcements from OpenMoko at this point, so this should be regarded as speculation. Doesn’t sound outlandish, though.

LG

Release: Q1 2009 according to LG statement, “late 2009″ rumored
Features: not available
Notes: LG’s vice president for marketing strategy Chang Ma was quoted as saying “we will bring it out late in 2008 or early 2009″ a couple of months ago. Late 2008 seems increasingly unlikely, but according to Mirae Asset Securities the release may even be pushed back until late 2009. Not quite sure what to make of this at this point, but I guess we’ll see soon enough.

Samsung

Release: Conflicting rumors
Features: not available
Notes: Earlier rumors said Samsung was releasing one or even two Android phones in late 2008/early 2009, but the only recent news on the subject are rumors based on statements by Mirae Asset Securities indicating a release in late 2009.

Sprint

Release: “at some time in the future”
Features: not available
Notes: Sprint CEO Dan Hesse recently spoke in front of the National Press Club in Washington and was quoted as saying that Android in its present form is “not good enough to put the Sprint brand on it” but that an Android-powered Sprint phone would be sold “at some time in the future”.

Speculation:

Nokia

No commitment. Reported to be experimenting with Android.

Sony-Ericsson

Reported to be experimenting with Android. Public statements discouraging.

Hop-on

Announced sub-$200 Android phone for CES 2009 in January, but might turn out to be vaporware.

In the last night a user of XDA-Developers figured out how to get a root shell on their device running Android. For more information on how to get a root shell on your G1 see this forum post on android-dls.com. The root shell is very interesting on the device because you can now change any setting which is normally restricted. For example you can now modify the “etc/hosts” file to point the device to YOUR update or market page instead of the official ones. Just edit “/etc/hosts” and replace the respective entries with your appropriate server IP.

After a year of tinkering, Ben Leslie at http://benno.id.au/ succeeded in getting Android to run on his Neo1973. Earlier efforts proved fruitless since Android is compiled for the ARMv5 instruction set while the Neo1973 only supports ARMv4. Now that Google has decided to release the source code, it’s possible to recompile the OS for different architectures, at least if you’re as determined and skilled as Ben. Check out his blog to learn about the changes he made to the source.

On a related note, OpenMoko Wiki user Seanmcneil3 has enjoyed similar success in his quest to get Android running on the newer Freerunner handset.

In case you’re one of the users anxiously awaiting firmware revision RC29 but haven’t seen an over-the-air update yet, despair not, because there’s an easy process to update the phone using the MicroSD card. You will need the firmware from Google (https://android.clients.google.com/updates/signed-kila-ota-115247-prereq.TC4-RC19+RC28.zip) and the installation instructions from androidcommunity.com. A word of warning: T-Mobile would rather you’d leave it alone and wait for the OTA update, because manual updates may brick your phone.