The Meitu selfie app unlocks your anime beauty and personal data

Meitu has been taking off — everywhere I look on my Facebook, Twitter, I see pictures run through the app.

But do you actually check to see what permissions it asks for? A crazy amount it seems. I just checked on Google Play (https://play.google.com/store/apps/details?id=com.mt.mtxx.mtxx) and these are the current permissions

Version 6.1.0.2 can access:
Device & app history
  • retrieve running apps
Location
  • approximate location (network-based)
Phone
  • read phone status and identity
Photos / Media / Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Camera
  • take pictures and videos
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • receive data from Internet
  • view network connections
  • change system display settings
  • full network access
  • change your audio settings
  • run at startup
  • reorder running apps
  • control vibration
  • prevent device from sleeping
  • Google Play licence check

For the most part, these aren’t too much of a concern but these two might be:

Phone
  • read phone status and identity
 Device ID & call information
  • read phone status and identity

These relate to reading the device information such as the IMEI and call information. I’m not too concerned about the call side — you can block this with later version of Android’s permission manager (and I use that a lot with different apps), but I’m not sure if I can block attempts to read phone status.

Their justification of this to track usage in China because it is blocked, I guess does make sense, but am I the only one who thinks doing it this way leaves it way too open for abuse and misuse?

Source: The Meitu selfie app unlocks your anime beauty and personal data

Update & Build Prep – Lineage OS – Lineage OS Android Distribution

Cyanogen’s fork is beginning to take shape. Currently my devices aren’t showing but fingers crossed it will.

Few points worth noting from their site:

  • The build roster is ever growing, but we are supporting Marshmallow and Nougat capable devices.

    • We’ll list the 80+ devices in a separate post.
  • Our release cadence will be ‘weekly’ by default (to be nice to all the donated hardware).

  • We will NOT be shipping root baked into the ROM.

    • Root will be a downloadable zip based install similar to gapps installation (only need to flash it once).
    • Home builders that want to bake su back into the ROM can use the command ‘export WITH_SU=true’ prior to building.
  • Our official builds will all be signed with a private key for authentication and signature permission control

However, also notable and I’m really happy about this:

Regarding installation, we recommend that users wipe when switching to LineageOS, and reinstall their gapps. However, we recognize that this can be time consuming, so we are offering an EXPERIMENTAL (read as, if it fails, you’ll have to wipe anyways) solution.

  • Alongside the ‘weekly’ release for your supported device, we’ll provide an EXPERIMENTAL data migration build.
  • This build will allow you to ‘upgrade’ from CM to the signed LineageOS weekly
  • This build may wipe permissions (you’ll have to re-allow app permissions), but should retain all user data
  • This build will be watermarked with an ugly banner to ensure that you don’t permanently run this EXPERIMENTAL release, and upgrade to a normal weekly after.
  • The process for this installation will be as follows:
    • Install EXPERIMENTAL migration build on top of cm-13.0 or cm-14.1 build (don’t try to install LineageOS 13.0 on top of CM 14.1, that will not work).
    • Reboot
    • Install LineageOS weekly build
    • Reboot
    • Re-setup your application permissions

Given the EXPERIMENTAL nature of this process, we are going to remove this option in two months time.

All systems operational

Source: Update & Build Prep – Lineage OS – Lineage OS Android Distribution

Cyanogen Inc. shuts down CyanogenMod in Christmas bloodbath | Ars Technica

Open source Android ROM project dies, developers launch fork.

Source: Cyanogen Inc. shuts down CyanogenMod in Christmas bloodbath | Ars Technica

So, CM is dead, but like with most things in the open source world, things will be forked, especially if there’s a disagreement between the two. In this case, rather than compete, it’s a desire to keep the project going.

No, 900 million Android devices are not at risk from the ‘Quadrooter’ monster | Computerworld

You’ve probably seen articles inducing panic around the number of android devices vulnerable to this Quadrooter bug. But read through the below first.

 

 

Another day, another overblown Android security scare. Who’s ready for a reality check?

Source: No, 900 million Android devices are not at risk from the ‘Quadrooter’ monster | Computerworld

Guys, gals, aardvarks, fishes: I’m running out of ways to say this. Your Android device is not in any immediate danger of being taken over a super-scary malware monster.

It’s a silly thing to say, I realize, but we go through this same song and dance every few months: Some company comes out with a sensational headline about how millions upon millions of Android users are in danger (DANGER!) of being infected (HOLY HELL!) by a Big, Bad Virus™ (A WHAT?!) any second now. Countless media outlets (cough, cough) pick up the story and run with it, latching onto that same sensational language without actually understanding a lick about Android security or the context that surrounds it.

To wit: As you’ve no doubt seen by now, our latest Android malware scare du jour is something an antivirus software company called Check Point has smartly dubbed “Quadrooter” (a name worthy of Batman villain status if I’ve ever heard one). The company is shouting from the rooftops that 900 million (MILLION!) users are at risk of data loss, privacy loss, and presumably also loss of all bladder control — all because of this hell-raising “Quadrooter” demon and its presence on Qualcomm’s mobile processors.

“Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place,” the company says in its panic-inducing press release.

Well, crikey: Only an advanced mobile threat detection and mitigation solution can stop this? Wait — like the one Check Point itself conveniently sells as a core part of its business? Hmm…that sure seems awfully coincidental.

TL;DR: A “mobile threat detection and mitigration solution” is already present on practically all of those 900 million Android devices. It’s a native part of the Android operating system called Verify Apps, and it’s been present in the software since 2012….. Android has had its own built-in multilayered security system for ages now. There’s the threat-scanning Verify Apps system we were just discussing. The operating system also automatically monitors for signs of SMS-based scams, and the Chrome Android browser keeps an eye out for any Web-based boogeymen.

Magic happens with the Ubuntu tablet – TechRepublic

Jack Wallen reviews the bq Aquaris M10 tablet and he’s impressed. If you’ve been on the fence about Ubuntu Touch, this might just assuage those unpleasant feelings.

Source: Magic happens with the Ubuntu tablet – TechRepublic

Canonical tried to do this with their last attempt to crowdsource their Ubuntu phone, but it didn’t make enough money. This one looks pretty good too. Now I wonder if I could run Android apps on there too. 😀

Android 6.0

So I updated my S5 to Android 6.0.1 using Cyanogenmod, and I’ve noticed some slight lagging. Apps tend to close themselves randomly, normally when less apps are running than on Android  5.1.1. Also, when using the tethered connection, there’s some lag there too, causing my online games to judder. Though that part is only hypothetical, I’m going to test this by downgrading my phone back to 5.1 and verifying whether there’s lag on my connection there. If there isn’t, I’ll report this as a bug.