Android Security Bulletin – October 5th update

Google’s monthly security release just hit AOSP code this morning, and as of this post has been merged into CM 12.1 source (Android 5.1.1._r24). Nightlies from today forwards will contain the security fixes identified on the release document.

For our stable release users, we’ll be rolling out an update to the stable CMUpdater channel with this set of fixes this week as well.

-The CyanogenMod Team

PS: Marshmallow source just released, we are syncing and will begin evaluating it. When we have more to share on this, we will publish a separate post.

Expanding the CM device family

Over the past few months, device maintainers new and old have been pushing hard to get support up to par for a wide range of devices. While some flagships (M9/S6/G4, etc) still need more time in the proverbial oven, we’ve seen a large increase in the medium range devices.


Thanks in part to device contributions from Huawei’s team directly, we are now supporting the Honor 4 & 4x (cherry), Ascend Mate 2 (mt2) and Snapto (g620_a2). These devices represent the first set of Huawei devices we’ve supported since CM 7(!) and it’s nice to see the company supporting the community ahead of the rumored Huawei Nexus. We’re expecting good things to come here.


Moto continues to make headway with their budget line – and we’ve now enabled support for both the Moto E (otus) and G (osprey) 2015 variants.


This Chinese OEM has been making waves in Asia. That wave has reached …

Read the Rest…

Releases, Releases, Releases – August 2015

Tapping into my inner Balmer with the post title

We’re queuing up releases across three branches this evening, releasing into the wild CM 11.0-security, 12.0-security and our very first 12.1 release. As always, these releases are being marked as ‘known good’ by their maintainer, and signed-off individually. This means that not every CM device will receive a release – only those marked as ‘Good to go’ by the maintainer.

The 11.0 and 12.0 builds are security releases built on top of the last CM11/12.0 releases, modified to include the recent security disclosures, including the vulnerabilities in Stagefright. Users of the previous 11/12.0 release builds are encouraged to update. Users of 11.0/12.0 weeklies (nightlies) will see no net change, and need not update.

The CM12.1 release marks our first Android 5.1.1 release which brings our IMAP idle support, SDK v1 release and the security fixes mentioned previously.

If you are updating to any of these builds, please pay close …

Read the Rest…

CVE-2015-3833 and you

The past month has been dominated by highly publicized vulnerabilities such as ‘Stagefright’, ‘Certifi-gate’, and ‘Deserialization’, however the August wave of fixes also included many other fixes, one of which in particular we have received a lot of questions/complaints over.

CVE-2015-3833 affects Android 5.0 and higher, and is officially described as follows:

Mitigation bypass of restrictions on getRecentTasks()

A local application can reliably determine the foreground application, circumventing the getRecentTasks() restriction introduced in Android 5.0. This is rated as a moderate severity vulnerability because it can allow a local app to access data normally protected by permissions with a “dangerous” protection level.

This particular patch was merged into CM sources on August 12th. As a result, apps that relied on attaining a list of running processes via the now plugged hole will fail to function properly. This includes (but is not limited to) apps like Greenify, FMR Memory cleaner, Zillow and System Panel [1]. …

Read the Rest…

Developer Spotlight: Brinly “UberLaggyDarwin” Taylor

Welcome to another Developer Spotlight, a short Q & A with community staff. This is a small spectacle of a much larger picture that we focus on to recognize the many talented developers who contribute to one of the largest community driven open source projects around.

Brinly Taylor aka UberLaggyDarwin/uld, is a contributor and device maintainer part of the maintainer & bring-up team for the CyanogenMod community. He has been a core contributor to the project since 2012 with hundreds of contributions including being a big part of device bring ups. He’s currently a student in Adelaide, Australia, while spending some of his spare time reverse engineering low level firmware of Android devices.

So how did you get started with programming and tinkering with devices?

I started pretty young playing with Rockbox open source firmware for my Sandisk – got me into open source, plus then I got a Nintendo DS for homebrew projects.

That’s …

Read the Rest…

Cyanogen Platform SDK: The Proof Is In The Pudding

At its core, CyanogenMod is a best in class example of Open Source development. Secure, fast, and full of meaningful choices for users, our goal is to make the world’s best Android OS available to hundreds of millions of users around the world.

Along with the resources of Cyanogen Inc. behind it, we’ve created the Platform SDK. This platform empowers developers to scale the open development of Android through CyanogenMod.


The Cyanogen Platform SDK is about safely giving developers deeper access to Android, while enabling them to create original experiences for users. Whether it’s creating new ways of engaging with existing applications or developing completely new experiences, our goal is to make sure the Cyanogen platform offers meaningful choices to meet the growing needs of a diverse, global smartphone population (6b+ by 2020).

As we approach Hack The Planet, we wanted to share the first apps that …

Read the Rest…