Android glitch allows hackers to bug phone calls Computer scientists have discovered a weakness in smartphones running Google's Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission. Handsets sold by HTC, Samsung, Motorola, and Google contain code that …
I'd like to know how do they record phone conversations on Android, I tried and could't find a way to code it. A lot of architects, lawyers... have to record phone conversations because they can be contractual but as far as I know an android app can't tap an actual conversation.
If someone knows how to do this please tell me.
... which is the main reason why I use a Nokia Symbian phone. There's numerous software to automatically record calls (even when talking with a bluetooh headset). The manual even explains how to do it using the inbuild recorder app (which involves way too much user interaction to be usefull but it does work too).
Funny thing is that many dumbphones from Sony-Ericsson and Nokia can do it too (simply assign one o/t shortcut-options to the recorder and up you go) while most of these super duper dual core suposedly 'smart-'phones can't.
Anyway perhaps this 'hack' is the solution to your need.
It's in the Documentation, look up "android.media.MediaRecorder".
I found this from a quick google search which should take care of it for you ...
http://www.benmccann.com/dev-blog/android-audio-recording-tutorial/
and of course, the android documentation.
http://developer.android.com/guide/topics/media/index.html
[/rtfm]
I believe he has RTFM'ed. Did you RTFOP? The issue isn't recording audio from the microphone, that's a piece of piss as your links show.
The problem is recording telephone *conversations*. It's very easy to get the audio feed from the Microphone (as per usual), but getting the other side of the conversation is damn tricky.
In some situations the microphone will pick up the audio coming from the ear piece and echoing through the phone internals, but this is not ideal, and subject to the designs of the handset and background noise. It's also completely useless the moment an ear piece is used.
Without a way to tap directly into both sides of the audio, a call recorder as the OP described is not possible.
but, and favour Android, but there is always that little moment of tension as you install a random APK, review what it says it can access and... well I never quite trust it'll be 100% accurate.
I guess the advantage of the Apple App store is that somebody has genuinely checked it for me..
Clearly you haven't analysed the Google terms and conditions and privacy statements. Read them (very carefully mind - being careful to untangle all the deliberate misdirection) and you will realise Google reserve the right to read all the material you post via their servers. Mail, Google Docs, everything. Google docs is specifically designed to ensure your documents remain open to Google (they resisted allowing PDF storage as long as they could because PDF's can be encrypted and so locked from prying eye's). You see their whole business model depends on targeted advertising, which means it is predicated on finding as much out about you as they can. They are categorically not in the business of protecting your privacy and only pay privacy issues sufficient lip service as they judge will keep a lid on user outrage.
"Given the choice between freedom with risks and apparent safety with such restrictions as imposed by, for instance, apple, I think I prefer the freedom."
What freedom?
Seriously. What freedom? The freedom that Android users always talk about seems pretty illusory to me.
I opted not to get one of the new iPhones, trading in my iPhone instead for an HTC Sensation with Froyo. Different jailer, same jail--the only difference is that the walls around Android's garden are largely invisible.
Yes, it's true there's no single central authority telling developers what apps they can and can't publish. Instead, there are several--the telcos. They're not (necessarily) as strict as Apple, but make no mistake about it--they can and do control what runs on your phone.
And even what you're allowed to do with it. Remember when HTC announced they'd released tools to root their formerly bootlocked phones? There's a caveat...if the telcos permit it. Mine doesn't. There is currently no way for me to root my Sensation, because the telco I'm with forbids it. (There was, briefly, a version of Easy Fre3vo's temporary root that worked with my phone. HTC released a patch that blocked it.)
Look, I like my Android phone. From a hardware perspective, I think my Sensation is actually demonstrably superior in many respects to the iPhone 4s one of my friends just got. But seriously? Android users need to quit drinking the Kool-Aid. Android is designed to put power in the hands of the customer--but the customer is the telco, not you. You can find plenty of Android apps that feature the sorts of jiggling body bits you won't find on an iPhone, but if you seriously believe that nobody controls your phone, you're deluded. If your phone is totally open, it's not because Android is inherently open--it's because your particular handset maker and telco have chosen to allow it to be.
Sorry to be a bizzkill.
I said "But google is not perfect". Did you miss that? The inability to appreciate understatement is a woeful lack. I choose android nt because it *is* the idea, but because it's a step closer. For me it's actually a leap backwards compared to my previous phone (n900, which still works but was starting to fall apart) and I would have got the N9 if I could have afforded it, but I can't. I make do.
At least there's the option to replace th stock firmware with something more free. That's another step in the right direction.
By and large I have the abiity to do what I want with my phone with relatively little fuss. Without even having to go through the palaver of rooting I have an sshd, web server and numerous other applications that you can't get on the iphone without jailbreaking. I can take the risk of instaling apps from elsewhere. I can do a great deal of tinkering.
Google is not perfect. Android is closer to the ideal.
Given the choice between no freedom and allegedly illusory freedom that is, nevertheless, closer to the ideal, I still choose the latter.
You must be in America as UK telcos either have no power over what we do on our phones or they just don't enforce.
Sure, if you get an Orange branded phone it will have some Orange branded software pre-installed (and probably unremovable), but buy an unbranded phone and you're good to go.
Even from digging through my gf's Orange San Fran, they only bunged some marketing rubbish on it; Vodafone used to try some awful stuff with their 360 abomination (pre-Android), but they've largely given up with that; and my friends O2 Android only had a light theme applied.
From all of the comments similar to yours, I have to assume it's different with telcos in the USA.
In the UK we have laws that allow us to unlock phones from carriers (they can only charge an admin cost) or bring a phone to an existing one.
Apart from fair-use policies (normally around tethering), I've never seen a telco here bother about what people do with their contract.
You're obviously in the wrong part of the world. I use my own mobile devices rather than a network provided one; the upfront cost is higher but the long term cost is significantly reduced. It carries no operator branding, I've root access and I can switch network and change the OS version freely.
I can understand that if you live under a corporate oppression the freedom offered by Android is a little hollow, but out here in the free world we don't have that sort of issue.
Actually it appears to be that there are applications installed on these phones that expose an unprotected public interface for doing things that are usually protected by the permissions system. For instance rather than getting permission to make a call, a malicious application could just broadcast a particular message (for which it doesn't need permission) and the rogue application picks up the message and makes the call.
The Nexus rogue application doesn't actually sound too serious. Apparently a malicious app can uninstall the com.svox.langpick.installer application! Which sounds like it stops you installing voices for the speech synthesiser.
Hang on,
I'l admit I didn't even read the paper, but from your summary it seems like this exploit is done using the Intent system which allows applications to ask other applications to handle a task for them. This is by design and the whole purpose of the Intent interface.
While I see that this, if no permission is required, is a security issue the flexibly you get from a system that can do this, for me, outweighs the risk. If anyone is that concerned it is fairly trivial to decompile applications to see what they are up to,
Yes, some of this is exploited using Intents that apps have exposed and it is a powerful mechanism but as the paper says it's not tightly controlled on some of the applications. If an application is exposing a function that requires permission, the application (or ideally Android itself) should check that the requester has sufficient authority. It's the equivalent of locking your front door but leaving your windows open.
And your statement that "If anyone is that concerned it is fairly trivial to decompile applications to see what they are up to" is quite frankly ridiculous. Are you seriously suggesting that the average Android user would be able to decompile and understand what an application is doing?
Someone is listening to hours and hours and hours of my 'Hi Honey I'm on the train messages.
I feel violated that someone other than the dozens of people also in the carriage also in earshot can hear my private communications.
The humanity!
Who do I sue and where can I pick up my hundred million quid?
This post has been deleted by its author
The difference in the general tone of posts responding to this article vs posts responding to any given article about an iOS flaw is amazing. Apple-mocking is so deeply ingrained in the average Reg commentard that if it's an Apple story all you get is pages upon pages of vacuous cackling. Come the serious Android security flaw, though, and the first poster wants to know if he can write an app to do what's done in the exploit, and someone tells him maybe the exploit is his answer. Love it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
