Smartisan officially joins the Unified Push Alliance in China for notifications on its smartphones. The company has successfully met the requirements of the alliance’s T-UPA0002-2019 unified push interface layer specification.
The unified notification protocol will be first available on Smartisan Nut Pro 3 smartphone and all the upcoming models from the company. Also, old devices will be supported via a system update in the coming days.
Notifications on smartphones is a crucial part of the experience. Improper implementation could lead to various complications such as battery drain, waking of apps in the background, and more. On Android smartphones, Google Play Services takes care of proper delivery and maintenance of notifications from apps, however, since Google is banned in China, this service is not available in smartphones sold in the country.
In China, OEMs have their own implementation of notifications in their devices. To mitigate this, The Ministry of Industry and Information Technology of China formed Unified Push Alliance in 2017. The smartphones released by the member companies follow a common protocol for notifications.
Now, Smartisan is the latest smartphone company to join the Unified Push Alliance. Last, when we reported on this topic, Samsung had joined the alliance. In addition to these two OEMs, the alliance also has all the popular smartphone manufacturers like Oppo, Vivo, Xiaomi, Redmi, OnePlus, iQOO, and Realme to name a few.
Source
Related
Thought i would post this for other world wider users to give opinions,sky is our version of HBO or ESPN,they android support has been shocking,they don't even support jellybean 4.1 yet and no tablet support etc while all IOS devices are supported .We thought we were getting some where with them and they promised to be more open after stringing us along for months with false claims why they could not bring sky go out on android etc so here it what we got
http://helpforum.sky.com/t5/Sky-Go/Sky-Go-on-Android-Forum-response/ta-p/763976
and here is the thread with all the input and waffle we are getting
http://helpforum.sky.com/t5/Sky-Go/Sky-is-in-breach-of-its-customer-code/td-p/749576/page/20
whats the views of other countries users of the likes of HBO which runs on 4.2,netflix which does the same
Sent from my Transformer using XDA Premium HD app
it gets better after a barrage of question after the last staement this is what they come back with, to give you an idea how far behind they are, they dont support a single android tablet yet, no jellybean support yet, not support for HTC one seris yet not even on ICS
"Android Q & A
Why is it taking so long to test for JellyBean?
We have been testing the Jellybean operating system across the range of handsets we currently support (and new unsupported devices) and have run into a few challenges around media playback. These are all being worked through by our Android development team and we hope to release before Christmas along with support for the HTC One series. We’re unable to go into further details around these challenges as this is sensitive information. As soon as we have a confirmed date for the next release we will announce it here.
Why are devices blocked?
The main reason why some Android devices are blocked is due to rooting; we are not able to support rooted devices because of the risk to our security measures. All unsupported devices are unable to download the official Sky Go app.
How come Sky is the only company which seems to have such a problem with TV rights issues?
Unlike some other content providers we have a lot of 3rd party content available on Sky Go, we have multiple contracts with varying obligations in order to protect this content. For example, Sky has rights to content in the first pay TV window (following DVD release) whereas some other Movie services do not, therefore our security requirements are different. We have a very sophisticated Digital Rights Management system which we which we work hard to protect. It means we are unable to release one generic app that will work across all Android handsets, and to ensure each handset adheres to our content protection requirements, they do need to be Q/A and tested individually.
How long does it take to test a device?
Generally speaking testing takes a minimum of two weeks, if we run into compatibility issues on any variant of the Android operating system for that device we need to investigate, implement fixes and test them. In addition our suite of services spans many platforms (Mobile, Web, Xbox) and a variety of apps which all tie in to the same backend system and therefore utilise the same working environments, bringing in inter-team dependencies. Releases are scheduled so that multiple updates can be delivered simultaneously.
No other legitimate TV app has these problems, why?
We’re not able to comment on the rights deals other comparable services have with third party content providers
Why can other companies who have the same issues with content/licensing/contractual obligations provide apps that work across the android ecosystem almost immediately?
We cannot confirm if they do have the same challenges we have. Some companies in the UK have third party content and some don’t which may affect the level of protection required.
Why is HDMI out supported on PC / Laptop but not mobile or tablet?
HDMI out on a laptop is not something we are able to control; where HDMI blocking is within our control we must make every effort to block it as this is a contractual studio requirement
Why isn't your Sky Go director leading the push to get Sky Go on all platforms?
Our Director and the team here are all pushing to get Sky Go on as many platforms as we can. We have two equally resourced teams that work on app development for Sky Go, one for Apple development and one for Android. We are platform agnostic and do not have exclusive relationships with any manufacturers. We are well aware of the level of Android penetration in the UK and as such have been working as quickly as we can to develop support for the ever growing number of handsets and operating systems. We are hoping to release support for the HTC One Series before Christmas along with JellyBean. We have every intention of continuing to develop versions of Sky Go for new handsets and new operating systems; the fact of the matter is that we face significant challenges in Android development so unfortunately this will not happen overnight.
Executive Summary
The future is here, and ahead of schedule. Come join us, the weather's nice.
This blog post describes the installation and configuration of a prototype of a secure, full-featured, Android telecommunications device with full Tor support, individual application firewalling, true cell network baseband isolation, and optional ZRTP encrypted voice and video support (ZRTP does run over UDP which is not yet possible to send over Tor, but we are able to send SIP account login and call setup over Tor independently).
Aside from a handful of binary blobs to manage the device firmware and graphics acceleration, the entire system can be assembled (and recompiled) using only FOSS components. However, as an added bonus, we will describe how to handle the Google Play store as well, to mitigate the two infamous Google Play Backdoors.
Introduction
Android is the most popular mobile platform in the world, with a wide variety of applications, including many applications that aid in communications security, censorship circumvention, and activist organization. Moreover, the core of the Android platform is Open Source, auditable, and modifiable by anyone.
Unfortunately though, mobile devices in general and Android devices in particular have not been designed with privacy in mind. In fact, they've seemingly been designed with nearly the opposite goal: to make it easy for third parties, telecommunications companies, sophisticated state-sized adversaries, and even random hackers to extract all manner of personal information from the user. This includes the full content of personal communications with business partners and loved ones. Worse still, by default, the user is given very little in the way of control or even informed consent about what information is being collected and how.
This post aims to address this, but we must first admit we stand on the shoulders of giants. Organizations like Cyanogen, F-Droid, the Guardian Project, and many others have done a great deal of work to try to improve this situation by restoring control of Android devices to the user, and to ensure the integrity of our personal communications. However, all of these projects have shortcomings and often leave gaps in what they provide and protect. Even in cases where proper security and privacy features exist, they typically require extensive configuration to use safely, securely, and correctly.
This blog post enumerates and documents these gaps, describes workarounds for serious shortcomings, and provides suggestions for future work.
It is also meant to serve as a HOWTO to walk interested, technically capable people through the end-to-end installation and configuration of a prototype of a secure and private Android device, where access to the network is restricted to an approved list of applications, and all traffic is routed through the Tor network.
It is our hope that this work can be replicated and eventually fully automated, given a good UI, and rolled into a single ROM or ROM addon package for ease of use. Ultimately, there is no reason why this system could not become a full fledged off the shelf product, given proper hardware support and good UI for the more technical bits.
Click to expand...
Click to collapse
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
Pretty much what Guardian ROM is doing. I look forward to all the new builds
Truth. Transparency. Technology
Is there a cm rom version that will work on Archos 45 plat?? Or any other good rom??
ZuEma said:
Is there a cm rom version that will work on Archos 45 plat?? Or any other good rom??
Click to expand...
Click to collapse
In case you might want to give it a try, you could start with rooting according to this thread:
http://forum.xda-developers.com/showthread.php?t=2573743
NOTE:- Archos 45 Platinum too has similar device specifications. The same CWM version worked for @best98 who is using an Archos 45 Platinum.
Click to expand...
Click to collapse
I guess there is a need now to step up to KitKat or newer, if the Webos security hole is not hashed out by other ways on devices running JB 4.3 or lower
Tod Beardsley
Google No Longer Provides Patches for WebView Jelly Bean and Prior
Gepostet von Tod Beardsley in Metasploit auf 12.01.2015 00:19:38
Over the past year, independent researcher Rafay Baloch (of "Rafay's Hacking Articles") and Rapid7's Joe Vennix have been knocking out Android WebView exploits somewhat routinely, based both on published research and original findings. Today, Metasploit ships with 11 such exploits, thanks to Rafay, Joe, and the rest of the open source security community. Generally speaking, these exploits affect "only" Android 4.3 and prior -- either native Android 4.3, or apps built with 4.3 WebView compatibility. sadjellybeans_t.png
WebView is the core component used to render web pages on an Android device. It was replaced in Android KitKat (4.4) with a more recent Chromium-based version of WebView, used by the popular Chrome browser.
Despite this change, though, it’s likely there will be no slow-down of these Android security bugs, and they will probably last a long time due to a new and under-reported policy from Google's Android security team: Google will no longer be providing security patches for vulnerabilities reported to affect only versions of Android's native WebView prior to 4.4. In other words, Google is now only supporting the current named version of Android (Lollipop, or 5.0) and the prior named version (KitKat, or 4.4). Jelly Bean (versions 4.0 through 4.3) and earlier will no longer see security patches for WebView from Google, according to incident handlers at [email protected].
Up until recently, when there's a newly discovered vulnerability with Android 4.3, the folks at Google were pretty quick with a fix. After all, most people were on the "Jelly Bean" version of Android until December of 2013. Jelly Bean's final release was just over a year ago in October of 2013. This is why this universal cross-site scripting bug was fixed, as seen in the Android changelog and Rafay's blog, Rafay Hacking Articles.
Google on Patching pre-KitKat
However, after receiving a report of a new vulnerability in pre-4.4 WebView, the incident handlers at [email protected] responded with this:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
So, Google is no longer going to be providing patches for 4.3. This is some eyebrow-raising news.
I've never seen a vulnerability response program that was gated on the reporter providing his own patch, yet that seems to be Google's position. This change in security policy seemed so bizarre, in fact, that I couldn't believe that it was actually official Google policy. So, I followed up and asked for confirmation on what was told to the vulnerability reporter. In response, I got a nearly identical statement from [email protected]:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves but do notify partners of the issue[...] If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.
When asked for further clarification, the Android security team did confirm that other pre-KitKat components, such as the multi-media players, will continue to receive back-ported patches.
Sorry, Jelly Bean, You're Too Old
Google's reasoning for this policy shift is that they "no longer certify 3rd party devices that include the Android Browser," and "the best way to ensure that Android devices are secure is to update them to the latest version of Android." To put it another way, Google's position is that Jelly Bean devices are too old to support -- after all, they are two versions back from the current release, Lollipop.
On its face, this seems like a reasonable decision. Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds; heck, many vendors drop support once the next version is released, and many others don't have a clear End-Of-Life (EOL) policy at all. (An interesting side note: neither Google nor Apple have a published EOL policy for Android or iOS, but Microsoft and BlackBerry provide clear end of life and end of sales dates for their products).
Most Android Devices Are Vulnerable
While this may be a normal industry standard, what's the situation on the ground? Turns out, the idea that "pre-KitKat" represents a legacy minority of devices is easily shown false by looking at Google's own monthly statistics of version distribution:
As of January 5, 2015, the current release, Lollipop, is less than 0.1% of the installed market, according to Google's Android Developer Dashboard. It's not even on the board yet.
The next most recent release, KitKat, represents about two fifths of the Android ecosystem. This leaves the remaining 60% or so as "legacy" and out of support for security patches from Google. In terms of solid numbers, it would appear that over 930 million Android phones are now out of official Google security patch support, given the published Gartner and WSJ numbers on smartphone distribution).
The Economics of Upgrading
Beside the installed bases, I posit that the people who are currently exposed to pre-KitKat, pre-Chromium WebView vulnerabilities are exactly those users who are most likely to not be able to "update to the latest version of Android" to get security patches. The latest Google Nexus retails for about USD$660, while the first hit for an "Android Phone" on Amazon retails for under $70. This is a nearly ten-fold price difference, which implies two very different user bases; one market that doesn't mind dropping a few hundred dollars on a phone, and one which will not or cannot spend much more than $100.
Taken together -- the two-thirds majority install base of now-unsupported devices and the practical inability of that base to upgrade by replacing hardware -- means that any new bug discovered in "legacy" Android is going to last as a mass-market exploit vector for a long, long time.
Here Come the Mass-Market Exploits
This is great news for penetration testers, of course; picking company data off of Android phones is going to be drop-dead easy in many, many cases, and I fully expect that handsets will be increasingly in-scope for penetration testing engagements. Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scope.
Open source security researchers routinely publish vulnerability details and working exploits with the expectation that this kind of public discussion and disclosure can get both vendors and users to take notice of techniques employed by bad guys. By "burning" these vulnerabilities, users come to expect that vendors will step up and provide reasonable defenses. Unfortunately, when the upstream vendor is unwilling to patch, even in the face of public disclosure, regular users remain permanently vulnerable.
Roll Your Own Patches?
It's important to stress that Android is, in fact, open source. Therefore, it's not impossible for downstream handset manufacturers, service providers, retailers, or even enthusiastic users to come up with their own patches. This does seem to happen today; a 4.3 vulnerability may affect, say, a Kyocera handset, but not a Samsung device with the "same" operating system.
While this is one of the core promises of open source in general, and Android in particular, it's impossible to say how often this downstream patching actually happens, how often it will happen, and how effective these non-Google-sourced patches will be against future "old" vulnerabilities.
The update chain for Android already requires the handset manufacturers and service carriers to sign off on updates that are originated from Google, and I cannot imagine this process will be improved once Google itself has opted out of the patching business. After all, is AT&T or Motorola really more likely to incorporate a patch that comes from some guy on the Internet?
No Patches == No Acknowledgement
To complicate matters, Google generally does not publish or provide public comment on Android vulnerabilities, even when reported under reasonable disclosure procedures. Instead, Android developers and consumers rely on third party notifications to explain vulnerabilities and their impact, and are expected to watch the open source repositories to learn of a fix.
For example, Google's only public acknowledgement of CVE-2014-8609, a recent SYSTEM-level information disclosure vulnerability was a patch commit message on the Lollipop source code repository. Presumably, now that Google has decided not to provide patches for "legacy" Android WebView, they will also not be providing any public acknowledgement of vulnerabilities for pre-KitKat devices at all.
Please Reconsider, Google
Google's engineering teams are often the best around at many things, including Android OS development, so to see them walk away from the security game in this area is greatly concerning.
As a software developer, I know that supporting old versions of my software is a huge hassle. I empathize with their decision to cut legacy software loose. However, a billion people don't rely on old versions of my software to manage and safeguard the most personal details of their lives. In that light, I'm hoping Google reconsiders if (when) the next privacy-busting vulnerability becomes public knowledge.
Click to expand...
Click to collapse
Samsung is using its control of the device to its best advantage.
Samsung’s strategy to move into software and services is starting to bear fruit as it ChatOn IM service has broken the magic 100m user number.
This number has doubled in the last four months and is showing particular strength in China, India and the US.
I expect the number to grow strongly as ChatOn is installed on almost every Android and Bada device that the company makes.
The service is available in almost every country and supports 63 languages.
These are numbers from Samsung and there is no indication regarding how these numbers are counted or how active these users are.
Despite this, all of them will have at some point signed up meaning that they now have an account with Samsung.
This moves Samsung into contention with WhatsApp (300m users), Line (100m+ users) and BlackBerry (75m users)
This is the key advantage of controlling the device.
One can ensure that your app is front and centre and this seems to be working to great effect for Samsung.
This is a good step forward for a company that to date has largely just been all about hardware.
Samsung knows that it must move up into software and services if it is to preserve its margins and ChatOn is looking like a good start.
Samsung now has a relationship with 100m users. It may be a tenuous and fickle relationship, but at least it is there.
Samsung is now in a position to encourage those ChatOn users to try other things like games, social networking, music and so on.
If it can do that and get those users using its services then it will be well on the road to becoming a Digital Life supplier.
This is exactly what it must do to preserve its profitability as hardware commoditises.
This will bring it into direct conflict with Google and is why I believe that the big battle in tech over the next 5 years will be Samsung vs. Google. (see here for more details).
Everyone scoffs at Samsung’s ability to write software and 8 years ago I was among them.
Things are quietly changing.
Samsung is showing some signs of confounding its critics and soon I may have to afford Samsung a position in my list of Digital Life contenders.
So now that these exploits for Android and iPhone are out in the wild, will developers patch them?
Would like to know everyone's thoughts.
For those who aren't up to speed on the news report today here is the press release and relevant info:
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
Click to expand...
Click to collapse
Thoughts? Concerns?
I can't post outside links yet, but if you want the full information, you can search "wikileaks press release vault 7" on google and see the press release and search the information database and exploits. Basically exploits are out in the wild that compromise your android phone completely rendering them completely insecure and giving zero privacy.