New Android Exploit Discovered To Steal Data 98
mimd writes "A researcher at North Carolina State University has discovered yet another Android Browser exploit that affects the new Android 2.3 (Gingerbread) and previous versions. Slashdot recently covered a previous browser exploit that affected all versions of the Android Browser, but was patched in 2.3. Xuxian Jiang writes 'our finding here is that the patch contained in Android 2.3 is not an ultimate fix and can still be bypassed. We have a proof-of-concept exploit with a stock Nexus S phone and are able to successfully exploit the vulnerability to steal potentially personal information from the phone.' The exploit is capable of reading and writing files from an Android's sdcard or system partition as well as uploading user data over the internet."
Re:Windowsesqe (Score:5, Interesting)
I had to do a factory reset on my phone after a google created app killed the phone. I suspect it was google maps. I say that because even after doing that and maps was then updated again it would always crash everytime I started up the phone. I believe it was about a month later until it was fixed.
Today my phone and home button quit working and when bringing up the shut-down menu the only option that was there was to turn the phone off. I searched and most people just did a factory reset. I wasn't about to do that. I haven't installed any apps since the last ordeal where I had to do a factory reset and no apps were updated in ages so as far as I was concerned no factory reset should be needed.
What it was in the end is something like the cookie data for communicating to Google got corrupt for as best as I can tell no good reason. I'm not sure why that should put the phone in a nearly broken state and absolutely no warning message whatsoever so you're left thinking the buttons are broke or something worse. I found you can clear you google apps cache and log back in and it fixes it. That's ridiculous, imo. I have version 1.6 of Android and there are people with at least 2.2 experience this problem. It's not like they're unaware of it.
I can't bring myself to pay out for an iPhone but I have to say I'm really tempted. The idea of having a phone where you have to worry about it fucking up for no apparent reason and with no warning message is awful. I'm trying to convince myself that even if I get an android phone cheaper I'm still locked in a contract so it is a big deal. But even if I want to pay for an iPhone I don't entirely agree with how Apple manages their app store but more and more I understand completely why they do it.
Re:Windowsesqe (Score:5, Informative)
1) back all the way out of the Market
2) Go to Settings --> Applications --> Manage Applications
3) Click on the "All" tab at the top
4) Wait a couple of minutes, and then find "Market" in the list (list isn't always in order, so it can be hard to find if you have a lot of apps)
5) Click "Market"
6) If the "Force Stop" button isn't grayed, click it to force the Market app to end
7) Click the "Clear Data" button
8) Re-launch the Market app, click "Agree", and try it again.
I know it's stupid, but it does work about 90% of the time. If not, rinse and repeat.
Re: (Score:2)
This almost feels like a +5 black comedy moderation. Just read through that list of 8 steps, many of which can be further broken down to more steps. Step 4 is especially endearing if taken literally, which may sadly be true. Shit like this is why people will buy the Apple product even if it's locked down or forces the purchaser to hand over his first-born child.
Re:Windowsesqe (Score:4, Funny)
The iPhone may not be your best choice. I accidentally let my iPhone 'upgrade' from 3.2 to 4.1 (note to self - do nothing at all, except perhaps post on Slashdot when tired). After a very frustrating four hours of reinstalling itunes, waiting for Apple's 'upgrade server', googling a dozen cryptic error messages and finally reinstalling everything from scratch, I finally have a functional phone.
It's pretty amazing that Apple can manage to have so many holes and gotchas in their locked down system. Much of it seems to be just bad programming (not realizing a preference file is corrupt, having twizzlefits about exactly which USB port is OK, cruft files left over from previous installs) and sloth.
I'd recommend a DOS phone. Nice and simple. Just use a hex editor to fix things. None of this complex new stuff. Bah.
Re: (Score:2)
I'm having a better experience w/ Android right now though I'm still not fond of that default Facebook+contacts shit [slashdot.org]. The first thing I dl'ed just happened to be Advanced Task Killer and it stays open in notification area — if I have a problem, I open ATK and kill everything except ATK. (Don't worry; the important stuff restarts itself anyway. Even the unimportant bloatware starts itself again. ...I must root this thing.)
I have ipod touches and have used iPhones — imo not much better except i
Re: (Score:2)
Breaks the home and phone button and removes options from the shut down menu is the fact that the Google Apps cache becomes corrupt. In fact supposedly it's as something basic as just a cookie becoming corrupt according to some.
I can't for the life of me understand why that should disable the ho
Turnabout is fair play? (Score:2)
When Windows Phone has this kind of market share it will be the target of hackers too.
Oh, how I hate that meme.
Re: (Score:1)
"There are countless oss vulnerabilities being disclosed on security lists year after year and only about 10% make front page news on Slashdot."
perhaps because a project finding bugs in the code it is developing is not particularly newsworthy but a third party finding bugs in someone else's expensive code that is marketed as being 'secure' is?
no conspiracy, no cheerleaders. people just like to read about the 'big guy' getting a PR spanking rather than the flurry of irc messages between a few devs.
in this ca
Re: (Score:2)
Finding a flaw in the source code isn't that much easier than finding a flaw in the disassembly. In both cases, you're either spending insane amounts of time reading code, or you're using automated tools to spot certain patterns. Or you're just running the code and seeing how it really behaves, which is how most holes are found.
The problem is that finding a vulnerability in Windows or Android gives you a lot of vulnerable machines. Monocultures are bad for this exact reason, whether they're Microsoft or
Re: (Score:2)
Android could stand to be more open, or use different jumping off points for work towards future versions.
Not being GPL'd, the modified source from the various handset vendors / carriers isn't likely to make it make it back into the gene pool. Users can't fix bugs or make other improvements to what came on their devices, and any would-be natural selection using "surviving" popular variations from some vendors normally doesn't get any added goodness put back into the main distribution. The evolutionary mec
Re: (Score:3)
> Mobile Windows didn't have such glaring problems with malware stealing from the user.
That's mostly because statistically, there weren't enough Windows Mobile users (or PalmOS users, or Symbian users, for that matter) to be worth the time of organized crime.
The problem with Android isn't the fact that the source is available to peruse, it's the fact that manufacturers and American carriers do their best to make upgrades as difficult as possible despite Android's open-source Linux roots. An exploit like
Re: (Score:1)
> Mobile Windows didn't have such glaring problems with malware stealing from the user.
That's mostly because statistically, there weren't enough Windows Mobile users (or PalmOS users, or Symbian users, for that matter) to be worth the time of organized crime.
The problem with Android isn't the fact that the source is available to peruse, it's the fact that manufacturers and American carriers do their best to make upgrades as difficult as possible despite Android's open-source Linux roots. An exploit like this barely gets a yawn from Nexus One users, because someone will update it before any real exploits based on this ever become a problem. In contrast, owners of American Samsung Galaxy S phones will be shitting bricks, because we're still waiting for a fucking kernel that works with Froyo. Or at least leaked CDMA loadable kernel modules compatible with a 2.6.32 kernel so we can build our own without losing basically all the hardware drivers it needs to work properly.
Sidetrip: Unlike Windows, Linux makes no effort to maintain a stable ABI between versions. Simplified a bit, this basically means that a loadable kernel module (the Linux analog to a hardware driver) that's built for a 2.6.29 kernel will probably crash and burn on a 2.6.32 kernel. The official Linux party line is that it makes it harder for manufacturers to keep drivers proprietary, and motivates vendors to release source for their drivers so it can be automatically rebuilt for each new kernel release. The cold American consumer reality is that the Android Emperor is nude. The Nexus S can't do 4G on T-Mobile, is fundamentally incompatible with Sprint and Verizon, and AT&T's slow, capped, expensive 3G isn't even a real option. We're stuck with an allegedly-open operating system inextricably bound to hardware that's more locked down and proprietary than an iPhone, and all we can really do is hope some of Linux's core developers also own Android phones and are starting to really, really feel some of the ABI pain themselves on a daily basis.
Put another way, here's a more technical summary of the problem:
* Samsung has released source to its kernel and loadable kernel module drivers, but the LKM source won't build against any known 2.6.32 kernel due to missing dependencies.
* The .ko modules themselves were built against the ABI of a specific build of 2.6.29 that changed enough with 2.6.32 for most of them to crash and burn if you try using them with a 2.6.32 kernel.
* Froyo and Gingerbread have dependencies on the 2.6.32 kernel. You can cobble together a FrankenBuild that sort of works with a 2.6.29 kernel, but it'll never be a True Froyo/Gingerbread, and will always have bugs hidden below the surface veneer.
Metaphorically, an American Samsung Galaxy S trying to run Froyo is kind of like a laptop that shipped with Windows 98 and a winmodem. The unfortunate user upgrades it to XP himself, then discovers that the winmodem only has drivers for Win98. Through some miracle, the winmodem drivers have their "source" released, but that source requires a thirdparty library called LunexantProprietaryLib that isn't included, and won't build without it. After lots of hacking, the user manages to cobble together drivers that will allow the modem to limp along at 9600 baud by pretending it's an older version of the chipset, but getting it to do 56k without official drivers is hopeless. And if, by some miracle of god, a never-released copy of drivers for XP get leaked despite the determination of the manufacturer to keep it unavailable through the perverse logic that fucking their customers will somehow encourage them to buy a newer model from the same company that screwed them less than a year earlier (instead of buying one made by just about ANYBODY else), the user discovers that the drivers needed for 3D acceleration have the same problem as the Winmodem, and it's back to square one.
What Google really needs to do is define an ABI thunking layer and require that any and all device drivers must go through it, and that manufacturers release kernel source that includes that ABI thunking layer. That way, the Linux ABI can mutate as always, but at least newer Android kernels can get built that are capable of using binary drivers intended for older versions of Android so consumers won't end up getting fucked by companies like Samsung again when they release a cool new phone, then totally drop the ball and fail to keep it upgraded.
@ Miamicanes
That was a really good post, it should be moded up to extremely informative!
V
Re: (Score:3, Insightful)
Why did this get marked Troll?
Android has taken the same position in the smartphone market Windows has in the PC market. It even did it the same way.. by being more open than Mac and working with various hardware and software vendors.
Re: (Score:2)
Re: (Score:3)
CM7 nightlies have been available for a while. Whole list of phones you can install that on.
Re: (Score:2)
Is the Nexus S still the only 2.3 phone available?
Not at all -- there's at least five different gingerbread ROMs available for the HTC Desire over on XDA, for example. Most popular phones should have an AOSP build of gingerbread by now, it's been out long enough!
Re: (Score:2)
and every single one of them will void your warranty on the hardware.
Where are the HTC 2.3 ROMs? You know the ones that you don't lose your hardware warranty for installing?
Maybe if HTC only had 2 or 3 models they could work to make at least one of them good, and update on a regular basis.
Re: (Score:3)
It will?
Where, exactly, is that spelled out in the warranty agreement?
The warranty for my Droid 1 [motorola.com] doesn't seem to care a bit about software -- in fact, it goes on at length about exactly how little Motorola gives a shit about how poorly the software on the device behaves.
HTC's warranty [htc.com] is similarly worded.
Hack away.
Re: (Score:2)
and every single one of them will void your warranty on the hardware.
They may or may not (although I doubt such a void warranty claim would stand up in court). But since you can always revert to stock with one of the OTA ROMs, it hardly matters, does it? My phone is currently being repaired, and you can be assured that I reverted to stock before sending it back ...
Where are the HTC 2.3 ROMs? You know the ones that you don't lose your hardware warranty for installing?
So HTC aren't concerned with building new ROMs for older hardware? That's one more reason to switch over to the community ROMs!
I'm not sure what exactly your fear of using an AOSP ROM is, but bear in mind that t
Click here (Score:2)
You'll see boobies. I promise
Seriously, the only way you can protect users is to take the phone from them. be consious about whatt youre doing with your phone. despite it acting like a computer that fits your pocket its still just a phone.
Re: (Score:1)
I generally would agree with you, but in cases like this it is not necessarily the user's fault. If the bug is really like the article describes, just clicking a link can exploit it - and you can avoid clicking in the "click here to see boobies", but not some google results that appear to be legit, or some links in forums, etc. If in fact you need to RUN something, then, yes, it will be the user's fault.
Re: (Score:2)
Re: (Score:2)
Want Boobies, for real??? click here [gstatic.com]
Re: (Score:1)
Just dont use the stock browser (Score:4, Informative)
Im not minimizing the problem or its potential consequences, but the article says:
For now, Android users can protect themselves by disabling JavaScript support in the browser, or by using a third-party browser for now.
So the problem is the browser, not the OS, and it can be circumvented by using another browser (what a lot of people do, for example Opera and Dolphin). Good to know, since I use Dolphin most of the time, and Firefox Beta (still terribly buggy) now and then.
Re: (Score:2)
AFAIK Dolphin dont use a proxy to "compress" pages as Opera and Skyfire, so its not a threat to my privacy to use Dolphin. In Opera's and Skyfire's cases, I agree with you it would be.
But, in other news, when I was confirming that Dolphin don't use a proxy I just found out that it is built over the stock browser, and therefore probably doomed too. It seems that I will need to use the incredibly buggy Firefox for now. At least I have a stock Android (Nexus S) so probably Ill have a patch soon.
Re: (Score:1)
Re: (Score:2, Funny)
Lol Steve, you're supposed to be on medical leave, not trolling slashdot.
Re: (Score:1)
Yes, youre right. Im doomed. :-) Please let me know if you see my wifes nude pictures somewhere. ;-)
(I think I will need to use Lynx for Android ;-)) )
Re: (Score:1)
Oh, God, this shitty MS keyboard have two keys that looks like the apostrophe, and I ALWAYS use the wrong one - hence I have no apostrophes in my messages...
Re: (Score:3)
Re:Just dont use the stock browser (Score:5, Interesting)
I dunno, isn't the entire underlying engine vulnerable? Browsers like Dolphin don't implement their own engine, but rather just wrap around the existing browser...
Opera and Firefox should be fine though.
Re: (Score:1)
Re: (Score:2)
Hence "Opera and Firefox should be fine though." ;)
What SD Card? (Score:2)
The Nexus S doesn't have an SD card slot, I assume the exploit also allows uploading of anything in the phone's internal storage area but "removing the SD card" as a workaround isn't going to work on the Nexus S!
Re: (Score:1)
It will work. The phone will be dead, so nobody (even you) will read or write anything in the SD anymore. :-)
(I have a Nexus, and the only think I couldn't understand and think would make the phone even better is the lack of a SD port)
Re: (Score:3)
Android devices have two main storage locations. One is internal storage. That term specifically refers to the device mounted on /data , in which user downloaded apps, and internal app data is stored. (This is in reality pretty much always a partition on the same storage device as provides the partition mounted on /system (a.k.a. the "ROM")).
The other is known as shared storage, and it is invariably SD. On phones without an external SD card slot, this is either an internal SD card slot, or more frequently a
Market updates? (Score:5, Interesting)
<rant>
Wait, they can't just use Market to push out new browser updates? Something to do with the browser being integrated into the OS? (Yet all third-party browsers are not--can't google at least provide a second non-integrated but secure browser?)
Are you telling me that one of the *most complicated* applications on the OS which deals with untrusted data from the internet can not be updated? Did the android developers dream that the web browser will not have security bugs?
Then, did they just push out Android 2.3, *knowing that there was a security bug in the past, and likely to be more in the future*, and still provide no way to release updates to the browser?
Google, are you serious? </rant>
. /me updates Firefox with the hope of getting a less buggy version
Re:Market updates? (Score:4, Interesting)
It's inexplicable. This is one area where Google needs to do some serious catching up...
Re:Market updates? (Score:5, Insightful)
Awesomeness. Which has actually been the case mostly...
Sent from a Desire baked into Gingerbread.
Re: (Score:2)
Awesomeness, indeed. I seem to be caught in the awesomeness of failure that is Android.
Sent from my Macbook Pro cuz I have one less reason to post from my Nexus S... aside from that its battery is dead again.
Re: (Score:2)
Don't blame others for your mistakes. I could have told you that SAMOLED display would drain power like crazy (AMOLED saves power, yes - when displaying mostly dark images... uses up to 3x as much as a decent LCD when displaying anything moderately light) and that the system-available RAM is woefully inadequate at a smidge over 300MB... and that Samsung has quite a poor track record when it comes to Android handsets and stability/fluidity and buggy software.
Of course, Google endorsing the (Galaxy-in-Disguis
Re: (Score:2)
Strange, I've found that the Samsung Galaxy S units (Friend has a Captivate) seem smoother in terms of UI responsiveness than the HTC Evos I've played with. Also the Captivate and Nexus S were definitely smoother than the Motorola Atrix I played with at CES.
My problem actually hasn't been the AMOLED display, it's the OS' incessant need to use the radio when it's in my pocket. (But yeah, the display does eat batteries too)
If I leave the phone on a desk idle without touching it (display off, bluetooth off, wi
Re: (Score:2)
Strange, I've found that the Samsung Galaxy S units (Friend has a Captivate) seem smoother in terms of UI responsiveness than the HTC Evos I've played with. Also the Captivate and Nexus S were definitely smoother than the Motorola Atrix I played with at CES.
You've got to consider that Motorola are just bad at Android software (which makes the locked bootloaders all the more sad). My Dream/G1 with a decent custom ROM is about on par with my old Milestone in terms of general UI performance - slow as balls. Without custom ROMs like on the OG Droid, all Motorola devices will be more or less crippled :(
Hence why I'll never be buying another Moto device...
My problem actually hasn't been the AMOLED display, it's the OS' incessant need to use the radio when it's in my pocket. (But yeah, the display does eat batteries too)
If I leave the phone on a desk idle without touching it (display off, bluetooth off, wifi off, cell on) for 8-9 hours, I got 20% of my battery remaining.
If I leave the phone mostly idle (did play mp3s for my car for 3 hours) but all the radios off, I got 90%+ remaining.
Friends with Moto Droid 1s and other Nexus S units I've talked to are unsurprised, so I could only conclude that this is considered normal. (while I didn't get mine free from google, most of the people I know with Nexus S units got them as their employee holiday gifts)
Sounds like you've got a runaway app. That's definitely not the radios, unless they're actively sending and rece
Re: (Score:2)
The way I see it isn't that Motorola, Samsung, and HTC arn't bad at Android software, it's just that the stock Android software is bad. I haven't owned a Nexus One, but I did play with a friend's when it first came out, and "slow as balls" describes that perfectly as well. It's not very reassuring to me that even using Google-supported devices, there's quirks that just arn't acceptable.
From what I can see, there's something polling the net as the phone's idle, keeping the radio on. So turning off all the ra
Re: (Score:2)
Can't quite agree with your statement about plain Android being slow in general... pure AOSP (which is basically what the Nexus phones come with) absolutely flies.
As for your power problem:
1. Install Battery monitor widget from the market - idle/standby drain higher than 10mA means you're not done optimizing.
2. Check partial wake usage in battery history (you might need to Google that, unless you can get Spare Parts installed on your phone... the battery history menu in the advanced phone info menu seems to
Re: (Score:2)
So it took a while but I logged some data using the Battery Monitor Widget.
Basically, the phone sits in 4mA to 8mA idle for an hour or so, and then jumps to 15 to 30mA for about 3 hours.
Then returns to 4-8mA for about 3 hours.
Periodically, this cycling occurs over 1 hour instead of 3, but more often 3.
By the way, I already signed out of Google Latitude as suggested by:
http://www.google.com/support/forum/p/Google%20Mobile/thread?tid=6bcdbe3c9425039c&hl=en [google.com]
Here's the list of apps installed:
Advanced Task Ki
Re: (Score:2)
I would love to see Google try to reign some of the uncontrolled nature of Android back in. Establishing a central software repository of all of the forks of Android would be a create start. All of the manufacturers that have tweaked Android for their specific devices could provide copies of their loads, ideally including the source and details of their changes. This would give users one central place to look for updated 'firmware' (yeah I know, but that's what the vendors keep calling it). As it stand
Re: (Score:2)
I would love to see Google try to reign some of the uncontrolled nature of Android back in.
That's the downside of the free open source nature of Android though, anyone can use it, anyone can build a device that runs it and anyone can lock it down on the device they sell.
Re: (Score:2)
I would love to see Google try to reign some of the uncontrolled nature of Android back in.
That's the downside of the free open source nature of Android though, anyone can use it, anyone can build a device that runs it and anyone can lock it down on the device they sell.
And unfortunately, anyone can and does sell crap hardware with Android on it which severely tarnishes the reputation of Android. China is flooding the market with low-end, very slow hardware. People are getting frustrated and getting the perception that Android is garbage and not user friendly. It doesn't help when the high-end tablet makers can't seem to sell anything that doesn't cost $2-300 more than an iPad.
Re: (Score:2)
China is flooding the market with low-end, very slow hardware. People are getting frustrated and getting the perception that Android is garbage and not user friendly. It doesn't help when the high-end tablet makers can't seem to sell anything that doesn't cost $2-300 more than an iPad.
That's the core issue, the average consumer isn't going to be able to justify spending $600 on an Android tablet that has a 7" touchscreen, GPS, wifi, 3G, etc... when they can get one with the same features for $159, nevermind the fact that the hardware in the cheap one is rubbish and slow and only runs Android 1.6.
They need to try them out side-by-side, but even then once they've been lured in with dirt-cheap prices the chances of actually spending 400% of the cost of the cheap one are quite slim.
Re: (Score:3)
Assuming the phone even has access to the Market. Many don't have access to the standard Android Marketplace and can only get to the one the telco restricted the phone to. For the slew of Tablets out there, many can't get to the Android marketplace either. Also note that many of those are running dead-ended or proprietary/custom builds that are no longer supported and might not see any future updates at all.
The "fragmentation" of Android is perhaps it's biggest shortcoming. There is not such thing as a s
Re: (Score:1)
They've had built-in apps that you couldn't update through Market until recently-- Mail and Maps are two well-used examples.
While I agree with your sentiment that they should've employed at least a bit more forethought to this, this could motivate them to detach the browser from the OS (assuming that's possible), and push it as a standalone app on the Market where it can be updated independently of the OS.
What would be ideal, though, is updates for all OS components through the Market, similar to Ubuntu OS
Re: (Score:1)
Mini-rant (and OT): The HTML tag <i> was permitted before the update, now the current comment software filters it out in "Plain Old Text" mode for some reason-- it's even in "Allowed HTML", for goodness' sakes. I don't suppose this is a test case that was overlooked? Maybe the new CSS sets a rule for the tag to "text-style: normal;"?
Re: (Score:2)
. /me updates Firefox with the hope of getting a less buggy version
Apparently you're not running Minefield, which was working fine for me a couple weeks ago, and now explodes or ignores clicks before I can even get a page open.
On a vaguely related note, wine1.3 worked for HL2 two weeks ago, then didn't a week ago, now does again. I love wine, for all my bitching.
Re: (Score:1)
I received a text message... (Score:2)
I received a text message from someone I don't know that said "don't tell anyone with an iPhone, but there's another browser exploit in my Android phone!"
I kid, I kid.
Re: (Score:1)
You are just joking, but I need to answer. ;-)
The iStuff have the most severe exploit of all: Apple can do what they want with the iStuff, like delete things.
And this one exploit will never be fixed.
Re: (Score:2)
So can Google. Both ecosystems have remote kill switches.
Google has used theirs too.
Re: (Score:2)
How can they remove a program that Ive installed through my USB without knowing the name of the package? It can work for Market only, and theyve usedit once for a specific exploit.
Anyway, I love to rant about Apple. ;-)
Re: (Score:2)
They might be able to remove an app from your phone, but they can't remove the backup you made to your PC.
Outbound Firewall (Score:4, Interesting)
DroidWall gives a convenient interface to manage the iptables rules (requires a rooted phone).
Yes, this is overkill for a regular user, and it cuts out a lot of the convenience of a smartphone (being able to run many internet-using apps). But for me it's less of a toy and more of a personal communication device (email, and yes, occasionally phone
On the other hand, the fact that very few "regular users" use iptables on their phone, means that exploiters have no reason to try to target and bypass it.
Combining a strict firewall with some prudence in which apps are downloaded/run results in a pretty secure platform.
(and yes, the data is encrypted/protected against physical loss and communication interception)
Re: (Score:2)
So does or did this whitelist ever contain the default Android browser?
Re: (Score:2)
I don't really think smartphones make very good web browsers anyways.
Obviously there is no failsafe protection -- the best you can do is add some more layers and diversify enough that you're not part of a huge group of easy targets.
Re: (Score:2)
Phones that won't let you update your OS.. (Score:2)
I don't really follow the smartphone scene, but aren't there some Android-based phones that currently can't be upgraded to a later OS version? Are owners of those phones just less secure, or are there patches available, if not full upgrades?
Re: (Score:1)
Most Android phones don't receive any official OS updates from the vendors. However there is a very strong 3rd party community that puts together custom firmware for just about any device. So as long as you're not afraid to root your phone and install a custom firmware, you'll be able to update just fine.
Don't worry, a fix in 2 days (Score:2)
like most open source projects, the patch will be out in less than 2 days, then you can download, patch, compile and install. ohh, wait a minute ... where the the repo command in Android?
Use Opera Mini (Score:2)
I do. Why don't you too? ;)
Who needs exploits? (Score:1)
Isn't this just a browser issue? (Score:2)
Maybe I'm reading this wrong, but it seems like if you d/l a different browser, you're good?
(Though I'm actually glad Market doesn't automatically update stuff unless you specifically request it to check for updates; sometimes updates can suck. What Google SHOULD do is inform you of your options (d/l update; get new browser; turn off j/s), but I don't want them putting anything on my phone w/out my knowledge. That's so... **apple/microsoft**)