Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs?

Then this news would be a perfect pick for you!

What If, you can effectively carry a Linux computer in your pocket?

Hereby introducing a new Android-based Operating system named "Maru OS" that combine the mobility of a smartphone as well as the power of a desktop on a single device.

Maru OS allows you to turn your smartphone into a desktop when plugging it with an HDMI cable.

Maru custom ROM includes two operating systems:

• Android 5.1 Lollipop for mobile phones
• Debian-Linux for desktop monitor

When you connect your phone (with Maru OS installed on it) via HDMI to a monitor, it will load Debian Linux automatically on your desktop screen in less than 5 seconds.

"Your phone runs independently of your desktop so you can take a call and work on your big screen at the same time," Maru OS official website explains.

Maru is shipped with Zero Bloatware (no pre-installed apps), which facilitates lots of free space for all your apps and your phone runs fast.

Advantages of Maru OS

• Dual OS in phone
• Multi-Tasking
• Lightweight Distro Packages
• Zero Bloatware, except Google Play
• Run a web server from your pocket
• You can set up a portable development environment

And the Best One:

If by chance… your phone get disconnected from your screen, Maru OS will preserve your desktop state in the background, helping you pick up right where you left off.

This latest OS is still in beta stage and currently available only in Nexus 5 devices. We hope this limitation might disappear later on.

Read More

Samsung Get Sued for Failing to Update its Smartphones

One of the world's largest smartphone makers is being sued by the Dutch Consumers' Association (DCA) for its lack in providing timely software updates to its Android smartphones.

This doesn't surprise me, though.

The majority of manufacturers fail to deliver software updates for old devices for years.

However, the consumer protection watchdog in The Netherlands, The Dutch Consumentenbond,filed a lawsuit against Samsung, due to the manufacturer's grip over the local market compared to other manufacturers.

Last year, the discovery of the scary Stagefright Security Bug, which affected over 1 Billion Android devices worldwide, forced Samsung to implement a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered," and that the security updates will occur once per month.

However, the watchdog also blames Korean OEM Samsung for not being transparent regarding the critical security updates, like the update to fix Stagefright exploits, that are necessary to "protect [its] consumers from cyber criminals and the loss of their personal data."

Majority of Samsung Handsets Vulnerable to Issues

According to DCA's own research, at least 82 percent of Samsung smartphones available in the Dutch market examined had not received any software updates on the latest Android version in two years.

This failure in providing the software updates left the majority of Android devices vulnerable to issues on security and others.

The DCA says that the agency has previously contacted Samsung many times and discussed the matter privately with the manufacturer giant to resolve the situation, but it failed to reach an agreement with the company, and so it decided to go to court.

At this point, I should mention that these are entirely valid claims.

Like most other manufacturers, Samsung doesn't provide timely software updates to its devices.

No doubt, the Samsung Galaxy S6 series have received Stagefright patches on time, but the manufacturer failed to provide Stagefright fixes for its majority of midrange and entry-level Android devices.

Furthermore, none of Samsung's devices currently runs the latest Android 6.0 Marshmallow, three months after it officially launched.

DCA's Demands from Samsung

The agency has requested the manufacturer to update all of its smartphone devices to the latest version of Android operating system for two years since the handset is purchased (not launched).

In some ways, the agency wants Samsung to treat software updates as part of the warranty that has its length mandated at two years in the European Union.

"[We are] demanding that Samsung provides its customers with clear and unambiguous information about this," The DCA writes. "Also, [we are] demanding that Samsung actually provides its smartphones with updates."

Response by Samsung

In response to the lawsuit, Samsung released an official statement saying the company was working on improving its updates on software and security.

"We have made a number of commitments in recent months to better inform consumers about the status of security issues, and the measures we are taking to address those issues,"reads the statement. 

"Data security is a top priority and we work hard every day to ensure that the devices we sell and the information contained on those devices are is safeguarded."

Read More

Google fixes vulnerabilities in Android where rooting is a double-edge sword

Google had to intervene to fix a few vulnerabilities that risked exposing its Nexus devices and related Android operating system to remote access – or through malware – by hackers.

The tech firm has actually been working on media file related software bugs in Android OS since July last year when Stagefright – a media-parsing library – was discovered to be flawed. This called for a massive coordinated patching action by Android manufacturers and for monthly updates to be issued by Google, Samsung and LG.

Gif Source: Gifizer

In an effort to address these most recent vulnerabilities, the giant tech company released security updates for its Nexus devices on Monday and is due to publish further patches and stitches today. Manufacturers who are in partnership with Google had already been informed of the vulnerabilities – six critical, two high and five moderate – one month ago and will soon issue updates according to their own schedules.

The most dangerous threat was to be found in the media server Android component, which constitutes a core part of the OS, the one in charge of handling and storing digital media and analysing the corresponding file metadata.

The media server process could be tampered with by attackers so as to make an arbitrary code execution possible, either remotely by tricking users into opening “maliciously-crafted” media files or by sending those files through MMS.

The situation is gradually stabilising as are the five other critical – high-level threats that target the very core of an OS-vulnerabilities were fixed in the release.

One of the flaws was located in the misc-sd driver from Taiwan-based MediaTek. A further flaw was in a driver from UK-based Imagination Technologies. A third one was discovered and solved directly in the kernel. The last two critical vulnerabilities were in the Widevine QSEE Trustzone application.

All of them could compromise the whole system and would require a high-maintenance recovery process. The latter ones could allow malicious activities in the TrustZone context, a hardware-based security extension of the Central Processing Unit architecture, which is separate from the operating system.

What’s really at the core of the matter is the act of rooting – the access to the phone’s inner secrets. It is, in fact, a double-edged sword depending on whose exploiting this possibility: computer wizards that just want to “have fun” or attackers full of bad intentions.

For this reason, Google does not allow rooting apps in its Google Play store. And that is why Verify Apps and SafetyNet – Local Android security features – are in place to discourage such actions.

One extra measure if caution, in order to make remote exploitations of media parsing flaws more difficult to achieve, is the disabling of the automatic display of multimedia messages in Google Hangouts and Messenger app. This security measure was first used in response to the Stagefright flaw back in July.

-Source: Hackread

Read More