CVE-2015-3833 and you

The past month has been dominated by highly publicized vulnerabilities such as ‘Stagefright’, ‘Certifi-gate’, and ‘Deserialization’, however the August wave of fixes also included many other fixes, one of which in particular we have received a lot of questions/complaints over.

CVE-2015-3833 affects Android 5.0 and higher, and is officially described as follows:

Mitigation bypass of restrictions on getRecentTasks()

A local application can reliably determine the foreground application, circumventing the getRecentTasks() restriction introduced in Android 5.0. This is rated as a moderate severity vulnerability because it can allow a local app to access data normally protected by permissions with a “dangerous” protection level.

This particular patch was merged into CM sources on August 12th. As a result, apps that relied on attaining a list of running processes via the now plugged hole will fail to function properly. This includes (but is not limited to) apps like Greenify, FMR Memory cleaner, Zillow and System Panel [1]. …

Read the Rest…

More Stagefright

The issue described in the the latest publication of Stagefright issues (link) has been patched in source for CM 10.1 -> 12.1. Nightlies for 12.1 beginning tonight (~2hours) will include this fix, in addition to all the other exploits that came as a result of Stagefright and DefCon/Blackhat.

On the topic of 10.1 & 10.2, while these have been patched for this particular series of issues, we do not intend to issue a new release for these branches – the patches are there more so to protect derivative ROMs that use our source as base code.

We will be releasing another stable version of 11.0 and 12.0 (as well as a stable 12.1 release) with all of these fixes (and more) by the end of this month. More on that in a separate post.

Call for response: File Manager Redesign

Over the past couple of weeks we have given you insights into some of our proposed design changes across both Messaging and the Dialer Instant Contact Card. It has been great hearing your feedback, learning what you like and dislike. You’ll be happy to know that many of these suggestions are being reflected in the final product. Today, we’re excited to share with you our proposed File Manager experience.

File Manager has been a core part of the CyanogenMod portfolio, but has typically been an app that only advanced users use. We conducted a survey in March that indicated that by far the largest user complaint is the app’s unintuitive UI, especially when it comes to moving files around the system. In addition to this, the usage of cloud storage has increased over the years, and we wanted to enhance the platform and file manager experience with a tight integration to these services.

With …

Read the Rest…

Latest updates to CM 12.1

Over the past few weeks, contributions led by Jorge Ruesga (jruesga) and aided by Danny Baumann (maniac103) have added some much needed, and loved, features to CyanogenMod 12.1 nightlies.

Imap push enhancements

One of the most requested  features requested from Google since the ICS days was the implementation of the IMAP IDLE protocol to the stock Email app. The IMAP IDLE protocol (RFC 2177) is an extension to the IMAPv4 specification that allows for receiving email changes (new emails or modification/deletions of the current existing ones) as soon as they happen or are detected by the email server. This is accomplished by maintaining an active connection that allows the server to push notifications about these changes to email clients. Maintaining an idle connection to the server will reduce the overhead of polling the server every ‘n’ minutes, which leads to a better overall battery and networking usage performance.

In recent CM12.1 nightlies the …

Read the Rest…

Release extravaganza: CM 11.0 and 12.0 Final

AKA “The Phantom Release”

As we look forward to Android M’s release later this year and continue work to integrate the latest from Android 5.1.1_r5 (released yesterday), we are finalizing the branches of CM11.0 and CM12.0. They have seen improved stability and security fixes over the past few months, but little in the way of further development as the focus shifted to CM12.1.

Tonight, the final snapshot releases of both 11.0 and 12.0 are going live – available in sequence as they are built out by our Jenkins instance.

Why another CM11 build? Rather surprisingly, many users have been slow to upgrade to L – whether due to the lack of a snapshot release or adverse reaction to the Material design, we don’t know. The meager stats that we have show that there is a rather large contingency of users who are sticking to CM11 as their release channel of choice, so we felt compelled …

Read the Rest…

Call for response: Dialer Instant Contact Card

We were incredibly pleased with the feedback on the Messaging app redesign – your feedback there is already being incorporated into updated designs and ideas around the app. Today, we’re here going to discuss a relatively smaller change to the Dialer/Contacts card.

In a change from last week, and to more actively centralize this and future feedback, we’ve spun up a mailing list on Google Groups. The list is invite only for spam protection purposes, but is open for all to request access and join. Please provide the requested response when applying to the group. This group will be used for technical and design discussions surrounding CyanogenMod and should not be used as a forum/user-help/device request area – such posts will be deleted and the user removed without further warning. To join the group, apply here.

We’re looking to introduce a new quick contact card to the CyanogenMod Project. The quick contact card …

Read the Rest…