root

Motorola DROID 4 rooted already, get it now

The Motorola DROID 4 QWERTY keyboard slider has only been available for a few days and was just released late last week. Thanks to those awesome developers it appears that we already have a full root method for the device, as well as a script to make the entire process simple for those looking for a little root access.

Surprise: you don’t need root to break into Google Wallet after all

So there's some considerable hubbub surrounding Google Wallet at the moment, after an independent security researcher was able to create a rooted app that bypasses the PIN lock in the software. You can see Google's official response just a few stories down. But now another party, the self-styled Smartphone Champ, has discovered another way to get into a private Google Wallet account, no root required. Technically this is more of a lopphole than a crack, if only because it uses Android's default setting to achieve access. The gist is that all you need to do to wipe the security PIN is to delete the app's stored data via the Settings menu, essentially resetting it to the state it was in when you downloaded it from the Android Market. This is a common Android function and is even recommended sometimes when an app is misbehaving. Wipe the data, re-launch the app, and you (or anyone who has your phone) can access Wallet, associate it with your Google account (without entering a password) and set up a new PIN. Then they can spend the money at any online or retail store that accepts Google Wallet - all without root. Watch as Hashim demonstrates: [youtube Rh1ytHrhj2E] This is a much bigger problem than the previous leak, because anyone with physical access to your phone has the ability to do this quickly and easily. The problem lies with Google Wallet's authentication system: though funds are added into your account and virtually "kept" by Google, the authentication is linked to a single device, not your account. Compare this with any banking app, which keeps your account password connected to your username. Odds are overwhelming that Google will address this loophole very soon. In the meantime, the best way to stay protected while using Google Wallet is to set up a PIN or lock pattern on your device itself - without the PIN or pattern, a thief would have to completely wipe your phone to access any apps or data. [timeline] [via 9to5Google, via AndroidandMe]

Google responds to Wallet root vulnerability: don’t use Google Wallet

You've probably already seen the recently exposed vulnerability in the Google Wallet app which potential thieves to steal your PIN code if you're running a rooted version of Android. The crack can be applied even after a PIN or password is changed, but again, only on rooted devices. After The Next Web posted the story from the original source, Google itself responded - though there isn't much information on an actual resolution. Essentially, Google reminds users that a stock phone cannot be affected in this manner, and recommends that root users refrain from downloading Google Wallet at all. Here's the full text of their reply:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
That's a disappointing answer, but not an unexpected one. When you unlock or root a device, you're always running at least some kind of risk, to your hardware, your software, and even your personal data. The possibility that 1) your rooted phone would get stolen by 2) someone with the technical knowledge to pull a similar hack off and 3) the knowledge that both your banking information is on the phone and that it's possible to retrieve it is remote to say the least. Considering the low saturation of NFC payment systems, especially in the US, it would seem that root users just need to do without for now. This isn't the first time that Google has essentially ignored the considerable percentage of Android users who root: there's still no way to legally watch movies or TV shows downloaded from the Android Market on a rooted device. While this is thought to be a measure insisted upon by the various entertainment studios, that doesn't make the refusal of service any less annoying. Even so, it's not Google's responsibility to cover every contingency of every Android modification: If you modify the software on your phone or tablet, you're responsible for any change in functionality or security. That seems like a reasonable position, if at times frustrating one.

Change DPI and Market settings easily with build.prop Editor

If you're a dedicated Android modder, you're probably aware of the myriad tweaks you can apply via the build.prop file, located in the /system folder. It's a popular method of changing your phone or tablet's screen density (as in our Galaxy Nexus Tablet experiment) or fooling the Android Market into thinking you've got a different phone than the one you have. But Android's built-in text editor leaves something to be desired, and the only alternative to a root-enabled file browser has been the tedious ADB method of backing up and swapping in modified build.prop files.

New Nook Tablet root method requires just a MicroSD card and a reboot

The Nook Tablet has become notoriously difficult to mod, thanks in no small part to Barnes & Noble's decision to ship it with a locked bootloader. Various software updates have closed root methods already in use, making it more and more difficult for modders to do what they wish with they hardware they bought. Thankfully, XDA member Indirect has combined a series of hacks to create a root method that launches directly from a MicroSD card, which boots directly into ClockworkMod Recovery.

SwitchMe brings multiple user profiles to (rooted) Android phones and tablets

There's one thing that I've heard requested more than anything when it comes to Android tablets: support fur desktop-style user profiles. It's rare that more than one person uses a smartphone, but tablets were practically made for sharing, especially in the communal area of the family coffee table. While Google graciously allows you to connect more than one Gmail account to a single device, true separation (as in apps, passwords, and settings) is impossible. Enter SwitchMe, the first enabler of a truly multi-user device. The app is free in the Android Market, but requires a $1.98 license key for more than two profiles.

Rooting exemption to the DMCA set to expire, EFF fights for permanent solution

Did you know that your right to root your Android phone is actually protected by U.S. copyright law? It's true. In a 2010 revision to the Digital Millennium Copyright Act, the US Copyright Office granted an exemption that made modifying copyrighted software legal for the purposes of unlocking phones. This was mostly aimed at the iPhone (as Apple was trying to establish a legal precedent for suing its own customers at the time) but the exemption applies to any cell phone, including all Android phones sold in the United States. There's just one problem: the exemption wasn't permanent, and it's set to expire later this year.

CyanogenModApps.com is not endorsed by CyanogenMod

The CyanogenMod team is planning to create an 'Android Market'-like application to easily find root applications for your devices. This is a great idea, and even indexing root applications by device compatibility would be a great help to anyone willing to load them to their device. Well, it turns out the website www.cyanogenmodapps.com is in no way connected to the CyanogenMod team.