CyanogenMod Android ROMs Accidentally Logged Screen Unlock Patterns

← Back to Stories (view on slashdot.org)

CyanogenMod Android ROMs Accidentally Logged Screen Unlock Patterns

Posted by Soulskill on Tuesday October 23, 2012 @09:05PM from the reasons-not-to-run-android-on-your-bank-vault dept.

tlhIngan writes "Heads up CyanogenMod users — you will want to update to the latest nightly build as it turns out that your unlock patterns were accidentally logged. The fix has been committed and is in the latest build. While not easy to access (it requires access to a backup image or the device), it was a potential security hole. It was added back in August when Cyanogen added the ability to customize the screen lock size.`"

69 comments

Min score:

Reason:

Sort:

first post by Anonymous Coward · 2012-10-23 21:16 · Score: -1

I'm posting this through my remote zombie Cyanogenmod handset.
Multi-layered security by GeekWithAKnife · 2012-10-23 21:17 · Score: 1

It's these sort of things that make you paranoid about the world+dog having access to everything. If it's not outright surveillance it's accidental. If not by design then by lack of design. A bug, a user error, a missed setting, a weak password etc. *puts on tin foil hat* Screw this, I'm going somewhere, underground, without electricity or things that need it. Log that.

--
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
1. Re:Multi-layered security by Anonymous Coward · 2012-10-23 21:26 · Score: 2, Funny
  
  Your location has been observed and logged. We have dispatched the black helicopters. Your co-operations is appreciated.
2. Re:Multi-layered security by Anonymous Coward · 2012-10-23 21:56 · Score: 1
  
  Your location has been observed and logged. We have dispatched the Mole People. Your co-operations is appreciated.
  ftfy
3. Re:Multi-layered security by meatbites · 2012-10-23 22:49 · Score: 2
  
  Simple unlock patterns are inherently flawed, anyway. Your password is finger-painted on the screen. Even direction is easy enough to determine.
4. Re:Multi-layered security by neonKow · 2012-10-24 02:57 · Score: 1
  
  Don't eat fries before you unlock your phone :P
  Seriously though, I appreciate the amount of paranoia the makers of Cyanogen exhibit as far as potential security holes go. Even if patterns are not super secure, it's nice that take additional security holes seriously enough to fix it quickly and and make a public announcement.
5. Re:Multi-layered security by LizardKing · 2012-10-24 03:06 · Score: 0
  
  Simple unlock patterns are inherently flawed, anyway. Your password is finger-painted on the screen. Even direction is easy enough to determine.
  Particularly if you sweat as much as Jimmy Savile in a primary school playground.
Accidentally? by lxs · 2012-10-23 21:24 · Score: -1, Troll

If an official ROM did this it would be taken as an evil invasion of privacy by Samsung, HTC or Google, but when the Cyanogen team does it it's immediately accepted as an accident.
Interesting.
1. Re:Accidentally? by Anonymous Coward · 2012-10-23 21:36 · Score: 5, Insightful
  
  FUD:
  * it's an open-source project
  * the fix has been commited
  * it requires access to the device
2. Re:Accidentally? by hey_popey · 2012-10-23 21:38 · Score: 2
  
  The Cyanogenmod team (however precisely it is defined) might not be responsible for that one: the guy who added that "feature" seems to be working independently: he used his username directly in the code...
3. Re:Accidentally? by Anonymous Coward · 2012-10-23 21:47 · Score: 5, Informative
  
  The guy is part of the Cyanogenmod team, he used his username so he could grep the debug output he created with that log line while a testing a feature he was working on.
  To sum it up:
  Not a big deal, just left over debug code.
  Not really a vulnerability either, because in most cases where you can read the local log file you already unlocked the phone in the first place.
  --
  Me
4. Re:Accidentally? by Anonymous Coward · 2012-10-23 21:47 · Score: 3, Insightful
  
  If an official ROM did this it would be taken as an evil invasion of privacy by Samsung, HTC or Google, but when the Cyanogen team does it it's immediately accepted as an accident.
  Interesting.
  No, things like this have happened with the larger developers and it has always been explained as a bug and accepted as incompetence. The times you see outrage is when the larger developers logs data and send it to them as part of the intended function. Cyanogen has not done anything like that yet and indie teams generally don't have an interest to do so.
5. Re:Accidentally? by thegarbz · 2012-10-23 22:06 · Score: 4, Interesting
  
  Not interesting in the slightest. The difference between evil invasion of privacy and an accident is purely intent.
  If a company had done it you can't prove it one way or another so it's safe to assume the worst.
  If on the other hand it's done to code that is openly published at a time where a feature is modified which during developing would have clearly called for logging the actions to file for debugging purposes it shows quite a different level of intent.
  You can still assume the worst, but if you do in this case we'll just assume your tinfoil hat would need to be retuned.
6. Re:Accidentally? by Lumpy · 2012-10-23 22:36 · Score: 2
  
  Or you have a program running on it that is looking for that information and sending it to you via the cellular data channel.
  Imagine what the criminals of the world will do with a database of android unlock codes and gestures!
  
  --
  Do not look at laser with remaining good eye.
7. Re:Accidentally? by Anonymous Coward · 2012-10-23 23:04 · Score: 0
  
  Gasp, they could do the same thing they did with credit cards!
  http://pastebin.com/2qbRKh3R
  Now imagine all the android unlock combinaison available to all. The horror!
8. Re:Accidentally? by Anonymous Coward · 2012-10-23 23:30 · Score: 2, Insightful
  
  Oh, it's open source so it's all good?
  
  Open source is so fast to get a pass on being Evil(tm) around here. More people who own an Android phone have the skills to rebuild an engine than to properly interpret the source code of their phone. Open source only matters if you have the skills to understand the code. The vast majority of people running CyanogenMod don't have this skill set.
9. Re:Accidentally? by PopeRatzo · 2012-10-23 23:30 · Score: 1
  
  Imagine what the criminals of the world will do with a database of android unlock codes and gestures!
  What am I missing? What good is the gesture and unlock code without the phone?
  
  --
  You are welcome on my lawn.
10. Re:Accidentally? by Parker+Lewis · 2012-10-23 23:41 · Score: 5, Informative
  
  And it's a nightly build! Not a stable release!
11. Re:Accidentally? by Anonymous Coward · 2012-10-23 23:45 · Score: 0
  
  What am I missing?
  A sense of humor.
12. Re:Accidentally? by PopeRatzo · 2012-10-23 23:52 · Score: 2
  
  What am I missing?
  A sense of humor.
  Wait, was that sarcasm?
  I have a condition where I cannot determine sarcasm before 7am.
  
  --
  You are welcome on my lawn.
13. Re:Accidentally? by Em+Ellel · 2012-10-24 00:33 · Score: 4, Insightful
  
  Ahh, you miss the point. The vast majority do not need to understand the code.
  Open source's strength is not that everyone has to read/understand the code -- it is that everyone can. It takes only one person to find an issue, then others can see for themselves and confirm/fix. If the vendor not fixing it fast enough, a fork or patch can be done without vendor's approval. On the other hand when Apple logged your location, it was only found by accident because they left data laying around. Then you had to wait for Apple to fix it, which, for all we know, they did by not leaving the data easily findable.
  Of course that is not perfect and plenty of bugs and issues do not get found quickly in Open Source - but if it is popular enough, it is much harder to be evil on purpose and hide it.
  
  Oh, it's open source so it's all good?
  Open source is so fast to get a pass on being Evil(tm) around here. More people who own an Android phone have the skills to rebuild an engine than to properly interpret the source code of their phone. Open source only matters if you have the skills to understand the code. The vast majority of people running CyanogenMod don't have this skill set.
  
  --
  RelevantElephants: A Somatic WebComic...
14. Re:Accidentally? by Anonymous Coward · 2012-10-24 00:34 · Score: 1
  
  I disagree with that. No matter the intentions harm is still possible. So are you saying that if it were a company somehow they are only capable of malicious capitalistic greed, and do not possess the ability to make a mistake? That seems a bit over the top (speaking of tinfoil hats...). In this case it requires physical access to the device, and is therefore less of an issue than if it could be accessed remotely, or worse uploaded and stored on some centralized server. Rest assured that open or closed source is not the issue here.
15. Re:Accidentally? by Binestar · 2012-10-24 01:03 · Score: 1
  
  What am I missing? What good is the gesture and unlock code without the phone?
  Just imagine what the criminals will do!!! IMAGINE!
  
  --
  Do you Gentoo!?
16. Re:Accidentally? by ce4 · 2012-10-24 01:10 · Score: 1
  
  Nope. Log access is restricted with Jelly Bean onwards to the app's own logs only. You need root access to circumvent that. See http://android.stackexchange.com/questions/28857/how-can-i-access-android-log-files-on-my-nexus-7-without-root-access
17. Re:Accidentally? by Anonymous Coward · 2012-10-24 01:13 · Score: 1
  
  I disagree with that. No matter the intentions harm is still possible. So are you saying that if it were a company somehow they are only capable of malicious capitalistic greed, and do not possess the ability to make a mistake? That seems a bit over the top (speaking of tinfoil hats...). In this case it requires physical access to the device, and is therefore less of an issue than if it could be accessed remotely, or worse uploaded and stored on some centralized server. Rest assured that open or closed source is not the issue here.
  It's a matter of means, motive, and opportunity.
  On one side, you have a company. It's sole purpose for existence is the creation of profit for its shareholders. Because their products are closed, they can introduce a security flaw under cover of closed source ("opportunity"). Because they make the product, they the only ones who can introduce the security flaw ("means"). Security flaws are potentially lucrative and the only reason a company exists is to make money ("motive").
  On the other side, you have an open-source ROM project. They create the project, so they have the ability to introduce a security flaw ("means"). The code is open, so creating a security flaw that can't be spotted is very difficult to impossible (lack of "opportunity"). Because the ROM project is not for sale, a security flaw is not lucrative for the maintainers (lack of "motive").
  You can rest assured that open or closed source is precisely the issue here.
18. Re:Accidentally? by Anonymous Coward · 2012-10-24 01:25 · Score: 1
  
  by PopeRatzo (965947) on Wednesday October 24, @07:52AM
  
  I have a condition where I cannot determine sarcasm before 7am.
  Whew, dodged that one!
19. Re:Accidentally? by Anonymous Coward · 2012-10-24 01:43 · Score: 0
  
  If an official ROM did this it would be taken as an evil invasion of privacy by Samsung, HTC or Google, but when the Cyanogen team does it it's immediately accepted as an accident.
  Interesting.
  Judging by the "Troll" mod you currently have? Yes. Precisely. After all, Friend Cyanogen would never hurt you. They are above suspicion. Why are you trying to hurt your friend with your harmful insinuations? They only want what is right for you. Friend Cyanogen would never hurt you. Friend Cyanogen would never hurt you.
20. Re:Accidentally? by wile_e8 · 2012-10-24 01:52 · Score: 1
  
  As a curious Cyanogenmod user, does anyone know specifically what builds are affected? I'm assuming all of the nightly builds since this was committed include it, but since I now stick to the M-builds I'm wondering if it's in those too.
21. Re:Accidentally? by acedotcom · 2012-10-24 02:39 · Score: 0
  
  Yes it requires access to the device....to information that, most likely, is stored on the unencrypted easy to access SD card
  
  --
  they say it is often more relevant then the comment above, all we know is its called the Sig!
22. Re:Accidentally? by Archangel+Michael · 2012-10-24 02:57 · Score: 1, Funny
  
  Run for Office?
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
23. Re:Accidentally? by Anonymous Coward · 2012-10-24 03:36 · Score: 0
  
  Event: A recently-employed Google engineer walks around the Mountain View area. Being from Arizona, his body is not acclimated to the foliage of Silicon Valley and the pollen therein, and he sneezes.
  Slashdot's Response: HOOOOOOOOOOOOLY CRAP did you see that? DID YOU SEE THAT? That sneeze represents OUR PRIVACY and what Google thinks of it! Obviously all of Google thinks we're just a bunch of bugs to be sneezed at! You know what this means, right? THEY'RE SELLING OFF YOUR PASSWORDS AND EMAILS TO *gasp* ADVERTISERS!!! ARRG! The longer and harder I think about it, the more I hallucinate how EVIL it is! GRRRRRRR! STONE HIM! Tear him limb from limb! Then tear out his blood vessels until all his organs come sliding out the holes where his arms and legs used to be! THEN BURN THE HERETIC! WE MUST CLEANSE THE EARTH OF HIS SINFUL WAYS! RRRRRRR! I can still remember that sneeze! THAT SNEEZE! CAN'T YOU SEE IT? THAT SNEEZE!!! WHY HAVEN'T THEY FIXED THAT YET?!?!? It's been a whole thirty seconds since The Great Privacy Sneeze of 2012! THIRTY SECONDS! And they STILL haven't fixed it! HRRRRRRRG ANGRY! We must go to Nevada* and cleanse his extended family, too! IT'S THEIR FAULT! They shaped his life such that GOOGLE MADE HIM SO RECKLESSLY CALLOUS ABOUT OUR PRIVACY! CLEANSE THE EARTH! CLEANSE THE EARTH! CLEANSE THE EARTH! LET NOBODY STAND IN OUR WAY! THEY MUST ALL BE ERADICATED AS ENEMIES OF OUR FREEDOMS!!!
  *: Yes, I said the guy came from Arizona. I am quite familiar with how vigilante justice works, thank you very much.
  Event: Code has been found in an open source project that clearly and blatantly saves and logs your cell phone's screen locking patterns.
  Slashdot's Response: Oh ho ho! Those silly Billies at Cyanogen! What a light-hearted mistake they made! After all, it's impossible for them to keep track of every single commit that comes into their repo, right? Of course it is! It's open source! That makes it so hard to keep track of, so they'd never notice such a problem coming in! And how could they possibly have known what that would do? Oh, for fun. But don't worry! Since open source is so easy to keep track of, they can easily fix it in a week or so! Ha ha! Well, take your time, you nutty kids!
24. Re:Accidentally? by alostpacket · 2012-10-24 04:04 · Score: 1
  
  The fix was in the nightly, not the bug. The bug has been there for months.
  For whatever it's worth this is sloppy coding. As of ADT 20 there is an automatically generated java file called BuildConfig with a single constant DEBUGGING.
  So the way this line of code should have been written is something like this:
  if (BuildConfig.DEBUGGING) Log.v (TAG, "some logging info");
  That said, this isn't exactly leaking bank details, it's a swipe gesture. It's good they caught it, but it's not a huge security risk unless you lose your device.
  
  --
  PocketPermissions Android Permission Guide
25. Re:Accidentally? by tlhIngan · 2012-10-24 04:08 · Score: 1
  
  Imagine what the criminals of the world will do with a database of android unlock codes and gestures!
  Or law enforcement - imagine what they can do with the data - they sieze your phone, plug it in to see if it'll spew data out the USB port while locked. If you have USB debugging on, they could look at the logcat and see the unlock code and use it to legitimately snoop around (it "wasn't locked - it just had a very fancy "slide to unlock" function).
  Given how cellphone's legal status as a container is in doubt, this could be potentially troubling. (And face it - those who use CM nightlies probably HAVE USB debugging on.
  And on my non-CM JB phone, you can access adb and the logcat while it's still locked.
26. Re:Accidentally? by Anonymous Coward · 2012-10-24 06:50 · Score: 0
  
  Install a trojan?
27. Re:Accidentally? by PopeRatzo · 2012-10-24 06:55 · Score: 1
  
  by PopeRatzo (965947) on Wednesday October 24, @07:52AM
  I have a condition where I cannot determine sarcasm before 7am.
  Whew, dodged that one!
  Never heard of "time zones"? I posted it at 06:52 CST.
  
  --
  You are welcome on my lawn.
28. Re:Accidentally? by highphilosopher · 2012-10-24 07:03 · Score: 1
  
  Android flavor messes up security and Apple gets dissed. Standard day on /.
  Move along people, nothing to see here :)
29. Re:Accidentally? by thegarbz · 2012-10-24 21:10 · Score: 1
  
  No what I am saying is that without context we can assume the worst. Companies can and often do make mistakes, and if those mistakes are found through a process of auditing rather that security researchers finding locally stored sensitive information as is usually the case, then they would be forgiven.
  The issue here is that the open source provides context into what happened. Could it have been nefarious? Possibly, but given the incident, the full code review provided and the timetable it is quite unlikely.
Open source // code review? by alex67500 · 2012-10-23 21:26 · Score: 4, Insightful

That's one of the issues with many committers, you can't review all the code before it ships off in a build. I seem to remember a bug in openssl where some kid commented an entropy line "because it showed warnings at compile-time" and managed to commit it without raising suspicions.
Bottom line, where are the code reviewers in this process? QA?
1. Re:Open source // code review? by mwvdlee · 2012-10-23 21:44 · Score: 1
  
  Continuous integration should be able to prevent such problems.
  At it's worst it'll do no worse than the best of all code reviewers combined.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
2. Re:Open source // code review? by Anonymous Coward · 2012-10-23 21:54 · Score: 1
  
  Are you speaking about CM specifically or open source in general? With respect to the CM project, particularly on XDA, you will find a large number of people who ship binaries only instead of embracing the open source style of making branches in git and using gerritt. You just have to stick to the better known builders and subscribe to their git repo.
3. Re:Open source // code review? by Anonymous Coward · 2012-10-23 21:57 · Score: 3, Insightful
  
  I fail to see how CI would have picked this up, unless you have something like a lint checker that screams about new Log() calls not in a white list or have an Interface in place for Log such that the unit tests only pass if Log is never called for certain classes.
4. Re:Open source // code review? by Anonymous Coward · 2012-10-23 22:09 · Score: 0
  
  Continuous integration is just making sure the code everyone is working on is kept up to date. It's normally paired with automatic unit testing, which is what I assume you were trying to refer to. Unit testing only checks for possible bugs covered by the unit tests. Almost no one has comprehensive tests. 100% code and branch coverage is extremely difficult and you should assume your testing code has the same quality as your product code.
  How would a continuous integration system detect back-doors being added to the program? Why couldn't the submitter's change also update the tests to ignore his introduced bug? You always need code reviews in open source projects if you want to maintain quality.
5. Re:Open source // code review? by Anonymous Coward · 2012-10-23 22:19 · Score: 0
  
  The change in question was actually code reviewed. Since we know it's there it stands out like dog's balls, but in amongst all of the other changes I can see how a human without 20/20 hindsight might have missed a line doing some logging.
6. Re:Open source // code review? by Anonymous Coward · 2012-10-23 23:32 · Score: 0
  
  process? code review? QA? - On an open-source project with more than 1 person.
  ROTFLOL......
  That's not to say that all open-source projects are like this, but with all open source: caveat emptor.
7. Re:Open source // code review? by bluefoxlucid · 2012-10-24 00:06 · Score: 0
  
  Most dogs don't have balls because PETA has determined that it's cruel to not cut a creature's nuts off.
  
  --
  Support my political activism on Patreon.
8. Re:Open source // code review? by Esospopenon · 2012-10-24 00:41 · Score: 1
  
  To be fair, the bug was caused by the Debian OpenSSL package maintainers, not by the OpenSSL developers themselves. Here are some information for the bug in question.
  While this bug in Cyanogenmod is different and the developers themselves are responsible for it, it was not shipped in any official build. If it did, it would have been a totally different matter.
9. Re:Open source // code review? by fuzzywig · 2012-10-24 01:38 · Score: 1
  
  Two months late is where the code reviewers are, but still there.
10. Re:Open source // code review? by Anonymous Coward · 2012-10-24 05:37 · Score: 0
  
  http://review.cyanogenmod.com/
  from http://wiki.cyanogenmod.com/wiki/Howto:_Gerrit
  Gerrit is a source code review system developed by Google for use with Android (though it can be applied to any type of project). You can use Gerrit if you find an error in the source code, or you believe you have a better way of implementing a certain feature.
Requires backup file or device by Anonymous Coward · 2012-10-23 21:59 · Score: 1

So, nothing to see here, move along.
Apple'd have said "Feature, not a bug" by Anonymous Coward · 2012-10-23 22:15 · Score: 0

There are others who would have done the same as well. Glad that a happening project like Cyanogenmod takes such things seriously.
Storm in tea-cup by Anonymous Coward · 2012-10-23 22:57 · Score: 1

What protection can you really expect from the screen lock? Someone who is determined enough can usually use the android debugging bridge to do whatever the hell they want with it anyway (either in recovery or when booted up). As the saying goes: if you have physical access to a device... all bets are off anyway.
The screen lock is simply to protect against most "attackers".
1. Re:Storm in tea-cup by Ogive17 · 2012-10-24 02:49 · Score: 1
  
  I would just look at the finger oil lines on the phone's surface and use that to guess what the unlock pattern is. Unless someone wipes their phone down every time, it should be easy to spot.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
Excuse me, but... so what? by frenchbedroom · 2012-10-23 22:58 · Score: 1, Insightful

You can bypass the lockscreen on any phone that has CM installed. Just hook it up to a PC with a USB cable, up pops the "Turn on USB storage" screen, hit Home, bam, you're in.
I don't use any lockscreen gesture or password, because I find them a PITA, and I want my gf to be able to use it without hassles. On the other hand, I try to treat my phone as I treat my wallet. I look around me when I pull it out of my pocket. I wait until the subway doors are closed. Etc.
1. Re:Excuse me, but... so what? by Anonymous Coward · 2012-10-23 23:34 · Score: 2, Informative
  
  You have to unlock it to access the dialog to enable USB storage.
  Maybe you are thinking of USB debugging?
2. Re:Excuse me, but... so what? by Anonymous Coward · 2012-10-23 23:50 · Score: 1
  
  I have a phone here running CyanogenMod
  Hooked it up to a PC with a USB cable
  Phone's screen turns on, locked
  Now what?
  When you say "any phone" but you actually mean "My phone, on which I have disabled the lockscreen" then you look like a retard.
3. Re:Excuse me, but... so what? by Anonymous Coward · 2012-10-24 01:32 · Score: 0
  
  He probably means USB debugging.
4. Re:Excuse me, but... so what? by marcosdumay · 2012-10-24 01:45 · Score: 1
  
  I don't use any lockscreen gesture or password, because I find them a PITA, and I want my gf to be able to use it without hassles.
  I had the same oppinion, but I've recently added a lock gesture to stop my pocket from using the phone.
  
  --
  Rethinking email
5. Re:Excuse me, but... so what? by acedotcom · 2012-10-24 02:43 · Score: 1
  
  or you could just remove the SD card and get the back up that way. just sayin'.
  
  --
  they say it is often more relevant then the comment above, all we know is its called the Sig!
s/Android/iOS/ by Anonymous Coward · 2012-10-23 23:15 · Score: -1

iOS logs lock screen codes? Outrage! Pitchforks! Fire! Oh wait it's Android? No worries, it's cool everyone.
1. Re:s/Android/iOS/ by Anonymous Coward · 2012-10-24 02:37 · Score: 0
  
  You are missing the fact that this is not Android (i.e. the official vendor version) but the nightly development version of a community-built version. Now, when there is a popular, fast developing enhanced version of iOS provided under an open source license, and it has a problem like this, we might be able to compare one to the other.
The Big Difference by confusedwiseman · 2012-10-24 00:14 · Score: 1

The difference is that I trust CyanogenMod more than I do the big corporations. I have seen them "do no evil". This makes it seem like a more honest mistake, in a nightly build no less. The other large corporations, have given us reason to have trepidation.
The Comments of the Ars article are worth reading. by robbak · 2012-10-24 00:20 · Score: 5, Insightful

Basically, the story is that:
It is debugging code left in a development build, that happens to be used by many persons as nightlies.
It does not write to a file. It is debug information written to a ring buffer in RAM. You would need to have an app installed with permission on the logs, or connect a cable in debug mode and trace the log to even get these messages.
It was found in a code review, and removed.
So much a non-issue that it is a wonder that Ars even reported it. Seems Ars misread a mailing list heads-up. We are waiting for Ars to publish the correction to their article.

--
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
Run to the hills! by Parker+Lewis · 2012-10-24 00:21 · Score: 2

A issue in a nightly build! OMG!
Well how about that. by Anonymous Coward · 2012-10-24 01:11 · Score: 0

Never ascribe to malice what you can to incompetence.
That said, boy is that convenient if someone needed to gain access.
unlock patterns suck by Anonymous Coward · 2012-10-24 01:26 · Score: 0

who cares? those unlock patterns are laughably weak protection anyway.
Screen smear pattern also gives it away. by Anonymous Coward · 2012-10-24 01:54 · Score: 0

While unlock patterns are fast and easy, often you can just look at someone's phone and tell the 2 options for what their pattern is.
CM10 Nightly... by ectospasm · 2012-10-24 01:56 · Score: 1

The thread following TFA mentions that this is for CM10 nightlies, so if you're tracking the development branch, you just need to upgrade to the latest nightly to ensure you have the fix.

--

We are the music makers. We are the dreamers of the dreams.
What is this wizardry? by phybere · 2012-10-24 02:34 · Score: 1

"An alternative to removing the line is adding a character to the code so it's treated as a comment and isn't executed." What is this wizardry?
This would be more interesting... by undefinedreference · 2012-10-24 09:11 · Score: 1

...if the results were uploaded to a central location for data mining. I wonder what patterns are the most popular...