Slashdot Mirror
Hacker Modifies Facebook Home To Work On All Android Devices
An anonymous reader writes "That was quick. Mere hours after Facebook Home arrived on Google Play, the launcher has been modified to remove the device-specific limitation. This means you can use the latest Facebook service on any Android device. The brilliant hackers at XDA Developers have done it again. This particular hack was performed by XDA Senior Member theos0o; who provides details and download links."
Thanks hackers, now Facebook will be able to more effectively track all Android users equally! It's so thoughtful for you to effectively to their crummy job for them...
Face-book-phooone-Hooome
Nobodies Prefect
Tidbits for Techs Technology Blog
It's got malicious code in it, that downloads all the private information from the phone and publishes it for the world to see!
IT'S A TRAP!
Those darn hackers..
by Cyphase ( 907627 )
It must be the biggest, blackest hat in the history of the world.
Wake me when he manages to remove every trace of phone-home crap in there, then it's maybe news worth mentioning.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Usually I am happy to admire the skill and ability of hackers in doing something interesting, and never ask "Why?" or what practical purpose it might help with. I am satisfied to admire the hack for the hack's sake.
But here, why? Do you really want Facebook Home? This hack is like saying, "oh, the Sony Rootkit only ran on Windows, let's port it to OSX so macboys can enjoy it too." Why would you do that? There are much more interesting things to do with your time. Like vacuuming your floor or something.
"First they came for the slanderers and i said nothing."
If the program was such a quick "fix", it would indicate that the device-specific limitations were either intentionally added by the higher-ups, or Facebook Home was written by a complete idiot (considering how buggy it is reported to be, this might be the more likely possibility)
What self respecting hacker would donate their precious time to helping out a Mark Zuckerberg and his company. Facebook does not need this help. Facebook are the only real winners of this little feat. There are better alternatives for people who dont want to support a shady company like Facebook
I see that the XDA community is STILL doing EVERYTHING in a god-damn forum. Nope. No code repositories here! Just download this link from this thread on this forum and have fun!
Great technical feat though that would be, it does not make it a good idea.
Okay, and this is impressive/useful/newsworthy how exactly?
I think there's a more interesting issue here... Why did Facebook, probably the world's largest harvester of user information after Google, launch their new app for only few selected devices? Perhaps (conspiracy theory ahead) they wanted to create a hype by releasing the app for only those few selected devices, but allow easy port for people with the proper knowledge?
As a "leech-only client to Facebook" for the few who do actually care about their own privacy, but are nosy enough to want to read up on everybody else's every move (from the phones of all those to whom it couldn't matter less as they use an unpatched very verbose version).
For the same reason that European rules would plant potatoes in a "guarded garden for the king" so neighbors would want them too: ;-)
There's no better way than artificial scarcity to ensure accelerated adoption.
Plus, replacing the Home screen and interacting with the system at a lower level than probably e.g. Apple on iOS would allow, given the wide variety of Android versions (and hacks) out there that might be incompatible in unforeseen ways, Zuck probably does not want his company to go down in history as the one that (at least temporarily for Joe Avg. Users) inadvertently bricked a hundred million phones or so.
This "hacker" wouldn't actually be named Mark Zuckerberg, would he?
If someone's not willing to share their own life but still want to peek into the lives of others then they're a bit of a peeping Tom in my book. I guess that's what two decades of reality TV has turned people into.
The classic bit-torrent problem.
These systems only work when you share as much as you receive. Kind of like people who are dead set against Google knowing minor anonymous details about their life yet at the same time are happy for live traffic feedback in navigation apps.
If you're the type of person who is interested in leech only, then this is most definitely not even remotely the product for you.
1) develop software for one platform only ...?
2) loudly trumpet that to maintain IP rights and control the product will never be developed for other platforms
3) sit back and let hackers port it for you
4)
5) Profit!
Could just be a manifest change.
Heh. I dare you to write your Congressman that.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Maybe those few selected devices paid Facebook to keep it that way. "Buy our phone it has Facebook Home"
So if the peeping tom is willing to share (getting naked) he should be allowed to see others getting naked. Because personally I would still classify that as a peeping tom. If we reapply this upgraded standard to facebook terms, everyone is a peeping tom on facebook.
lxs why are you a peeping tom?
In case you hear a woosh noise I'll break it down: Analogy fail.
You are entitled to your own opinions, not your own facts.
I don't have a Congressman. I do have a queen though does that count?
I think there's a more interesting issue here...
Why did Facebook, probably the world's largest harvester of user information after Google, launch their new app for only few selected devices?
Perhaps (conspiracy theory ahead) they wanted to create a hype by releasing the app for only those few selected devices, but allow easy port for people with the proper knowledge?
It is much more highly likely that they wanted to limit distribution to the devices they had tested on, since there are two gates on the specific version of Android that a given device runs, and they had not ensured compatibility with all versions:
Gate #1: The tree from which the frozen cut of the Android sources was derived at the time that the version was frozen for productization by the device manufacturer. For some reason, people still want to erroneously believe that Android comes from Google as a finished, productized version (it doesn't), and that it takes little effort to port vendor productization changes forward to new versions of Android (it doesn't), or that the vendors submit their productization changes back to mainline Android (some do, dome don't), or when vendors do submit productization changes back, Google incorporates them into the Android repo (they generally don't).
Gate #2: The carrier generally will not distribute an Android update for the primary reason that it would permit you to ride out your two year contract with up to date features, and they want to use the lack of up to date features to get you to opt for a new device every 18 months on a 24 month contract, which in turn locks you back to the carrier until the next 18 months have passed. The secondary reason for not doing it is that the device might not have enough capability to run the new version. The tertiary reason is that it would require expensive testing which would net them zero return on investment.
Basically this means that you have to test on every device before you let the app run on it, or you're going to look like you can't program when it fails on some device you haven't tested on.
I think one of the reasons Google bought Motorola Mobility was to erase reason #1; this is consistent with them putting the Android development under the same VP as the ChromeOS development, since it doesn't have these issues, but I believe it will be an uphill (with the hill being almost vertical) battle, if that was the intended consequence of the move.
The only way to erase #2 is to force the issue as part of the contract whereby Android is supplied to the devices, as a rider on the carrier contracts. This is an uphill battle for most carriers, both for the reasons already enumerated in #2, and the fact that it requires them to realize the revenue from the subsidy of the device at a different time than they currently do, as a result of Sarbanes-Oxley. They have to pick a different option under the FAS (Federal Accounting Standard).
Remember when Apple rolled out the 802.11n patch to iPhones, but there was a charge for iPods and iPads without a cellular modem? This was because they were using the same FAS rule that the carriers used on subsidized devices, which meant that they realized their profit on the subsidy over time, even thought it was paid up front. By doing this, they were able to add new device capability to carrier-connected devices because that didn't violate SOx, but would have been in violation of SOx if they had rolled the same capability out to non carrier-connected devices without charge.
It will be difficult to cause the carrier to change their FAS practices; the typical reaction in this case, to avoid having to do the same thing for all devices, is to create a separate company as a wholly owned subsidiary to operate under the separate FAS rules. AT&T has one of these, which they use to give false ANI information for telemarketers for plausible deniability by shunting them into a number block that is supposedly "reserved" by the subsidiary. The other carriers don't h
How long has Facebook Home been out? A month? A few? Already it's been hacked in a big way. A false flag hack? Possibly, and wouldn't put it past the organization to be sly like that. Regardless the deal with Android appears to be that it's not a very secure OS already, and it doesn't bode well for security that Facebook Home took almost no time at all to get hacked in the wild. I wouldn't install that shit on my phone if they payed me and gave me a phone.
That leads to the question of why Android is so weak security-wise? I run different versions of Linux on different machines and it's very secure and Android is based on Linux, so why isn't it as secure? Reports say it has become the target of choice for bots, malware, and hackers. So whats up with that and why won't Google fix the security holes?
All I can think of is that between Google and Facebook, and their data-whoring, you may as well implant a RFID tag with remote control interface in your brain, and eliminate the need for carting around a device or wearing GG's...[rolleyes]
Well, maybe he has removed the phone home stuff, to an extent, and replaced it with his own source of advertisements? Instead of people seeing facebook's advertisements, you see advertisements where the hacker gets a commission. It's not like this would be obvious, just about every android app has these types of ads in them. Seems like a lot of comments here are "why would anyone want to do that." I think "money" is a damn good answer.
In the end, it comes down to the spyware where you know who is getting your private information, versus the spyware where you don't know.
It seems like it would be more useful to hack it to be easier to turn on and off via the status bar.
I can not wait!
I used to be
What. The. Fuck.
So for live traffic feedback I should have to provide back my live GPS location or even totally unrelated information? What a completely retarded argument. You just pulled a totally unrelated analogy out of your ass.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
All operating systems that run on top of Unix, as all Apple's operating systems do, wll run on any computer, because Unix is hardware independent since its very beginning since 1970. Microsoft operating systems run on Intel Cpus only. As you can see, they have to put software locks to avoid changing hardware. Thats is why Unix and Linux rules today.
...one of the "troubles" he's trying to escape.
wouldn't it be better to hack it so it doesn't work on a single platform ?
aaaaaaa
How do you think the service knows where traffic is backed up at? If nobody shared their GPS data there wouldn't be any traffic feedback. I'll admit comparing it to Facebook status updates is a bit of a stretch, but I wouldn't call the idea of a service pooling GPS data so users can see where traffic jams are "a completely retarded argument."
This is my sig. There are many like it but this one is mine.
They really prefer to be called homosexuals or just gays. No need for hate speach!
In my area, there is already a sensor network built into the roads. No need for GPS sharing.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Seriously folks, what is this infatuation with "apps" when a URL will do? If I want weather, I can tap the link to the local conditions and forecast. If I want streaming music, I can tap the link to my music service subscription. Unlike "apps", web browsers do not rumage around your filesystem and send all sorts of info back to the mothership. Cookies and browsing history at worst, but not phone contacts, etc.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Hey, what you do in your spare time is your biz, I'm liberal when it comes to that :)
But maybe write your MP and ask him or her what he/she thinks of a CCTV pointing at her house that's not under his/her control.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
We had traffic jam reporting via radio before anyone knew what a smartphone was and before you had always-on Internet whereever you went.
http://en.wikipedia.org/wiki/Traffic_Message_Channel
Do you really want to waste traffic with every individual car uploading its position in realtime? That's even more braindead.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
The classic bit-torrent problem.
These systems only work when you share as much as you receive. Kind of like people who are dead set against Google knowing minor anonymous details about their life yet at the same time are happy for live traffic feedback in navigation apps.
If you're the type of person who is interested in leech only, then this is most definitely not even remotely the product for you.
TCM gave the slightly more succinct version, but I concur with him (or her) in your argument's lack of merit.
I'm perfectly fine with Google knowing my position and speed for the very reasons you specify - when and only when I'm using it to navigate. Throw a copy of LBE Security Master on your phone and set Google Maps to 'prompt' mode every time it wants your location. It's amazing how often it wants to know where I am, even when I'm not actively navigating.
I have a hosted Exchange account that I link to my phone. Why then, does Google automatically sync my calendar and contacts from Gmail when I sign into the phone? Literally the only three services of Google I want to use on my phone are Maps (on demand only), Search (only through Firefox), and the Play Store. Google seems to believe I want more than that; not the least of examples is the inclusion of Google+ as a "system" app or the automatic login to Google Sites and Youtube.
The flaw in your BitTorrent logic is this: The way BitTorrent works, if I'm sharing a Kubuntu Whacky Wombat ISO, then yes, I will be expected to upload as I download...but solely for THAT ISO. I assure you that there would be significantly fewer BT users if the protocol required sharing your My Documents directory despite the ISO living on a different hard disk entirely. The latter is what Google and Facebook both do, and it's why people like myself feel the need to use tools like LBE, Permission Denied, Pdroid, and Droidwall.
Congrats, I'm sure your sensor network covers every every street in every city with real time live data for free to *every* smartphone where people are able to run google maps.
No, sorry but your little sensor network just doesn't compare to the godsend which is google's traffic update system.
Yes we have that too. During peak hour some stations report it every 15min. GPS will not magically route around it and will instead direct you straight through the middle of the mess. If you're really lucky it's actually up to date information, and if you're really really lucky the traffic information is more than just info on a couple of major roads.
As I've replied to someone else it doesn't even remotely compare to the convenience, quantity, and quality of data Google maps provide. As for wasting traffic, I prefer giving up the tiny (and the amount of data sent really is TINY) amount of bandwidth for what I get in return.
The flaw in your BitTorrent logic is this: The way BitTorrent works, if I'm sharing a Kubuntu Whacky Wombat ISO, then yes, I will be expected to upload as I download...but solely for THAT ISO. I assure you that there would be significantly fewer BT users if the protocol required sharing your My Documents directory despite the ISO living on a different hard disk entirely. The latter is what Google and Facebook both do.
Napster did exactly that. Took the courts to bring it down, the users loved it.
I have a hosted Exchange account that I link to my phone. Why then, does Google automatically sync my calendar and contacts from Gmail when I sign into the phone? Literally the only three services of Google I want to use on my phone are Maps (on demand only), Search (only through Firefox), and the Play Store.
Because you used your gmail address as your exchange login? Syncing to gservices is what android is meant to do. If you don't want it to, then don't sign into your phone with your gmail account.
Google seems to believe I want more than that; not the least of examples is the inclusion of Google+ as a "system" app or the automatic login to Google Sites and Youtube.
, and it's why people like myself feel the need to use tools like LBE, Permission Denied, Pdroid, and Droidwall.
FYI everything not user installed is a system app, including all the crapware your phone came with. It's why people like you should take the time to learn something about the device you trust your private data with. Instead of knee-jerking to everything you see on /.
Actually, it does all of that * for my area*. I kind of doubt you'd get as accurate data from smart phones. Not every one has one with gps turned on, so your really measuring traffic of people who have smart phones. The highway could be congested, but still show its wide open. I'm really suprised that anyone would rely solely on smartphone gps data.
Well.. maybe. Or Maybe not. But Definitely not sort of.
... would have found a way to disable Facebook and make it uninstallable on all android devices. This guy is an amateur or a Facebook employee.
Yet in one fell swoop a single company has managed to cover every major road in every city. The system works incredibly well. Slow update rates mean you don't need everyone to have a smartphone, but if even a tiny portion of the population use the feature you get very accurate data.
Evidence http://maps.google.com/ why not compare it to your sensor network.
I can't speak either way for the merits fof this particular app, but I think the current way apps are delivered is stupid - if your device isn't on Google's list of "will work with this app" database you're screwed. The App Store has no "I know what I'm doing" checkbox to let you install apps that don't list your device as supported, and it sorely needs it.
I had to find a hacked copy of Google Sky for example before I could get it to run on my cheap-as-chips tablet. And for no reason, apparently, as the app works absolutely fine.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The flaw in your BitTorrent logic is this: The way BitTorrent works, if I'm sharing a Kubuntu Whacky Wombat ISO, then yes, I will be expected to upload as I download...but solely for THAT ISO. I assure you that there would be significantly fewer BT users if the protocol required sharing your My Documents directory despite the ISO living on a different hard disk entirely. The latter is what Google and Facebook both do.
Napster did exactly that. Took the courts to bring it down, the users loved it.
Yes, it did, but not by default. By default, Napster (and Kazaa and Limewire) shared the files you downloaded by default, and you had the option to share your 'my documents' if you wanted. Napster was a bit more secure, actually, because the only files it supported sharing were MP3, WAV, and WMA. Its successors allowed everything to be shared, and yes, I know people who have gotten themselves in hot water because they were sharing their documents folder and didn't exactly realize what that meant.
I have a hosted Exchange account that I link to my phone. Why then, does Google automatically sync my calendar and contacts from Gmail when I sign into the phone? Literally the only three services of Google I want to use on my phone are Maps (on demand only), Search (only through Firefox), and the Play Store.
Because you used your gmail address as your exchange login? Syncing to gservices is what android is meant to do. If you don't want it to, then don't sign into your phone with your gmail account.
Wrong. I have an exchange account that is configured as a corporate e-mail, and a gmail account that's configured as a gmail account. Yes, it's meant to sync with Google Services, but why does it assume I want EVERYTHING by default? I'd be perfectly happy with not signing in to Google Services, but I can't do that if I want to be able to access my apps in the Play Store.
Google seems to believe I want more than that; not the least of examples is the inclusion of Google+ as a "system" app or the automatic login to Google Sites and Youtube.
, and it's why people like myself feel the need to use tools like LBE, Permission Denied, Pdroid, and Droidwall.
FYI everything not user installed is a system app, including all the crapware your phone came with. It's why people like you should take the time to learn something about the device you trust your private data with. Instead of knee-jerking to everything you see on /.
I am, in fact, aware that everything I don't install is considered a system app. I think that the inability to uninstall any preloaded apps is a bad thing, which is among the reasons I root the phone and get rid of the things the system says I can't get rid of, courtesy of ROM Toolbox. I do this as a first step with my phone, and like I said, I use multiple permissions-wrangling applications to take care of the rest. I don't have the foggiest idea what you're referring to when you're talking about "knee-jerking to everything [I] see on /." I guess that's what I get for responding to an AC though :/