On 23 June something happened. Google decided that 2 Android apps should be removed. If it would’ve been only a
removal from the Android Market it wouldn’t be news or weird but they didn’t stop there (actually the author had removed them from the market already). Google used what they call “Remote Application Removal Feature”, in short that means that everyone who had one of the apps installed got a notifications saying something like “This app has security issues and has been uninstalled”. Not ok Google. My phone is mine and you should not force me to remove things from it.
I understand the will to do it though. When installing an app from the Android Market it states what it has access to (in big red letters with exclamation marks) and you have to approve it before installing. Good so but knowing that most users will likely approve almost anything there is a need for additional security. As I see it there are three alternatives:
The Apple way. Let all apps go through a review process. I don’t like this, it takes time, requires resources and opens the possibility for censorship (you’ll find no iTunes competition in AppStore, no nudity and some other things Jobs decided shouldn’t be allowed). Apple also have a feature to remotely uninstall apps but to my knowledge they haven’t used it yet.
The Google way. As stated above, all apps are directly published and will only be reviewed if users complain. Then it can be removed from the Market and obviously from devices that installed it.
My way (Google are you listening carefully now?). All apps are directly published and only reviewed if users complain. It can then be removed from the market. If Google finds it necessary to take direct actions because the app is malicious in any way this is what happen: Instead of removing the app it will be stopped from running until the users act on a notification explaining in simple terms what the problem is. The user can then choose to lift the quarantine and keep on running the app or remove it. Simple “I understand the risks” or “Save me” buttons. The only thing that remains unsolved is if the app in question adds risks for other users. That is a hypothetical question since Android today doesn’t really have a way to harm each other if I understand correctly (I’m still not a developer so my insights in the deeper parts of Android is somewhat limited).
Problem solved. Google, Don’t be Evil right?
Read the Android Developers blog post mentioning the removal:
So I’ve been using my N1 for quite a while now and one of the pre-installed apps I just love is the News & Weather
app/widget. It’s not that it unique in what it does, I just find myself using it more and more. The functions are straight forward:
Widget presenting either current weather and headlines from Google news or just one of the two
Selecting the weather gives you some additional info and forecast for the coming 7 days
Selecting a headline gives you a tabbed list with categories with headlines
Nothing is perfect so when the product manager showed up on the Help Forum asking for feedback for a new iteration…I jumped right in. Good can always get better right? Trying to think outside, inside, around and over a defined box is always a fun challenge so here goes…
For the weather app/widget:
Option to set background colour, and transparency from 100%-0%
Option to set both Home location and Current location
Added view in the app to show hourly forecast for the day/24h/48h instead of day by day forecast
Night icons :)
When opening the app a small animation would be cute, raindrops splashing, clouds moving etc. (possible with an option to disable, relevant for low tier devices)
Different sizes available for the widget
For the News app/widget
Option to set locale (right now I depend on the “More locale” app to be able to get Swedish news, not everyone will figure this out). Now and then I also might be interested in reading us, uk or whatever news.
Option to set background colout and transparency from 0-100%
Ability to star news in the list, which should keep them on the top, and not fall of the list (hate trying to find that article I started reading only to find out that it’s not listed any more)
Articles I have already opened should not be displayed in the widget, unless I starred it (see above), option to dis/enable this feature
Different sizes available for the widget
I’m especially proud of remembering two things I have been thinking about. First the locale issue. So far you can only set your Settings->Locale (to simplify it, your location) to the countries where the Nexus have been launched. That means no-no for Sweden. The news app/widget read this info to determine which news to present to me and in what language. Now that’s a limitation I don’t like. Using the app “More Locale” from the market you can work around this but most users won’t figure that out. I would also like to be able to read other news than the localized now and then so an option in the settings would be the easiest way to go. More Locale also gives me metric units in Google Maps so if this is bugging you that’s a way to fix it. Just search for More Locale in the Market and then select your country. If it’s not available just choose “Menu”->”Add Custom” and fill it in like in the picture below.
Second great idea, staring articles. Fits right into “all” other Google services from Search to GMail and would be like a perfect bookmark for me until I finished reading/telling my friends about it or such. Together with the idea about read articles not showing up in the widget feed it’s a killer feature :)
What ideas do you have, what would make it better for you? Take your chance to contribute to Android :)
Original thread in the support forum can be found here.
Time to change that Samsung Galaxy a bit? Time for the Galaxo how to. Just remember that unlocking your bootloader will void your warranty. The risks are very slim but they do exist and neither I or anyone else will take any responsibility for any problem that could occur. However you will always loose all your data on the phone! Any external SD card will be left untouched.
That was the disclaimer on to more fun stuff! This guide will flash (install) Galaxo by Drakaz on your phone. We will use Galaxo 1.6.2 which is built on the XEJC6 firmware. It’s not as hard as it look, I just wrote a quite extensive guide divided in many steps. My goal is that you should be able to achieve this without any pre-knowledge at all. more straight forward instructions are always published with the ROM. Note that this guide focus on how to do this on a Windows computer, it’s possible on Mac and Linux but since I don’t have any experience on that I’ll let you look for that answer somewhere else.
Phase 0: Preparations
0.1 First of all you need to follow this guide to install the correct firmware and get all the files needed.
0.2 Back-up anything you want to save from your phone and make sure your battery is charged to minimum 60%. Enable USB Debugging in Settings->Applications->Development
0.3 Make sure you have the files needed, ie. Recovery 4.6.2, Galaxo 1.6.2 and the XEJC6 firmware as linked in the Odin guide. You should still have the SDK installed and ADB up and running. Just like last time I will assume you installed the SDK in C:\Android so if you didn’t just change the paths accordingly.
Phase 1: Install the Recovery
1.1 Extract the Recovery 4.6.2 zip. You should now have 2 files, recovery.img and RECTOOLS.tar.gz
1.2 Copy the extracted “recovery.img” to “C:\android\tools\”
1.3 Change the name on “Galaxo_V1.6.2.zip” to “update.zip”
1.4 Extract the firmware zip and rename “I7500XEJC6-PDA-CL209906.tar” to “SAMSUNG.tar” (in caps!)
1.5 Connect your phone and mount your SD card, now copy “SAMSUNG.tar”, “update.zip” and “RECTOOLS.tar.gz” to the root of the card. This can be done with the ADB Push command if you prefer it but in my opinion that doesn’t exactly make it simpler
1.6 If you followed the above steps correctly you should now have “recovery.img” (from the Recovery 4.6.2 zip file) in C:\android\tools and in the root of your SD card “SAMSUNG.tar” (renamed from the firmware zip), “update.zip” (renamed Galaxo 1.6.2 zip) and “RECTOOLS.tar.gz” (from the Recovery zip)
1.7 Shut down your phone and connect it to your computer via USB
1.8 Press “windows-button + R” and type in cmd, Enter
1.9 In your cmd window type “cd c:\android\tools” and press enter
1.10 Type “fastboot flash recovery recovery.img” (without the “”) and press enter. The response should be “Waiting for device” like shown in this picture
1.11 Start your phone in fastboot mode by pressing “Call + Power/End call”
1.12 Your phone should show you a terminal-like black screen with white text that say FASTBOOT in the top. The cmd window on your computer should find your device and after a short while say “OKAY” as will your phone. If it stays on waiting for device try typing in the “fastboot flash recovery recovery.img” again but this time don’t hit enter until you’ve started your phone in fastboot. You will have something like 10-15 seconds before the phone restarts so be quick on that Enter key. If you get the same result again, go back to the Odin guide and make sure that you have ADB live and kicking.
1.13 Your phone reboots and the cmd window will go back to showing c:\android\tools and accept input. Just shut your phone down again.
Phase 2: Flash Galaxo ROM
2.1 Boot your phone in recovery mode by pressing “Volume down + Call + Power/End call”. It should now look similar to this picture (older version, picture borrowed from Drakaz)
2.2 Just in case you Galaxo update doesn’t work as planned or you decide to switch back, make a Nandroid back-up. Do this by selecting “Nandroid backup” with your navigation pad and pressing “OK”. This will take a while and when done return to the previous screen. Make sure it says “backup complete!” in the bottom of the screen. Now you can always return to this “clean state”.
2.3 Before we update it with Galaxo we perform a wipe, select the entry “Wipe data/factory reset” press “OK” and then confirm. get a cup of coffee while you wait and then we’ll sprint through the last part.
2.4 Time for the actual Galaxo update! Select the entry “Apply sdcard:update.zip”, confirm and start to get exited
2.5 When the update is done you only have one step left, and that is to restore Google applications. Drakaz are not allowed to put these in the ROM so instead we pull them from the firmware (this is why we have the SAMSUNG.tar file). Select “Restore G.Apps” and confirm. When it’s done select “Reboot system now” and enjoy your new Samsung Galaxy, powered by Galaxo rom.
2.6 Phone doesn’t start, stays on the blue Samsung logo? Most likely Restore G.Apps failed. This can happen, select “Mount SD(s) on PC” and on your computer look for the recovery.log. Open it in notepad, at the bottom you will find why it didn’t work. Most of the times it’s one of these 2:
File not found – Did you forget to copy SAMSUNG.tar? Did you name it properly (remember CAPS)? Did you copy it to the root and not some folder?
Checksum failed – Did you remember to perform the wipe before applying the update.zip? Do you have the correct file (I7500XEJC6-PDA-CL209906.tar renamed as SAMSUNG.tar)?
When you feel that you have checked the above, delete the SAMSUNG.tar and copy it again (don’t overwrite! Shouldn’t make a difference but I’ve seen it). Unmount the SD and start over from 2.3 performing the wipe.
Optional Phase 3: Personalize your Galaxy
Some small steps I have taken to get the most out of my phone:
I got tired of the vanilla Android look and got myself a theme, there are many more out there. Just Google on Galaxo themes, note that there are a couple of different ways to install them. This is the one I use http://www.frandroid.com/forum/viewtopic.php?id=8640 with instruction (Google Translate does the trick if you don’t speak french).
If anything is unclear, let me know in the comments and I’ll work trough that part again!
Tired of your Galaxy? Getting tired of Samsungs unwillingness to update your phone? Then it might be time to consider rooting it. Before you look any closer you should remember that unlocking your bootloader will void your warranty. The risks are slim but they do exist and neither I or anyone else will take any responsibility for any problem that could occur. However you will always loose all your data on the phone! The external SD card will be left untouched.
That was the disclaimer on to more fun stuff! This guide will upgrade your phone firmware and baseband to I7500XEJC6 which is a leaked official (almost) firmware from Samsung. Tool for this is Odin Multi Downloader and this guide should work fine with later versions as well. It’s not as hard as it look, I just wrote a quite extensive guide divided in many steps. My goal is that you should be able to achieve this without any pre-knowledge at all. After that you can choose to continue and install Galaxo 1.6.2 ROM and Recovery 4.6.2 by Drakaz. The recovery image contains a set of tools that can be accessed by booting the phone in recovery mode whilst the ROM is a modification of the actual phone OS that you will boot every day. Read my next post for that here. This is not very hard and you should be good to go in about an hour if the drivers doesn’t give you a very hard time. Note that this guide focus on how to do this on a Windows computer, it’s possible on Mac and Linux but since I don’t have any experience on that I’ll let you look for that answer somewhere else.
Phase 0: Preparations
0.1 Time to get your phone ready, and get the necessary files.
If you already have ADB (Android DeBugging) up and running just skip the driver steps, otherwise keep reading.
0.2 Get the Android SDK from here: http://developer.android.com/sdk/ then unzip it wherever you like. This guide will assume that you unzipped it to c:\android\ to keep it simple.
0.3 Download this very small zipfile and extract the file android_winusb.inf to c:\android\usb_driver\i386 (or if you use a 64-bit windows c:\android\usb_driver\amd64)
0.4 Install Samsung PC studio from the CD that came with your phone (or get it here from Samsung)
0.5 Activate USB debugging on your phone, Settings->Applications->Development->Enable USB debugging
0.6 Connect your phone to your computer, Windows will start to install your drivers but will fail on one device
0.7 Open the Device Manager. Right click on the unknown device and select “Update driver” then “Browse my computer for driver software”
0.8 Choose to search the location c:\android\usb_driver\i386 (or \amd64). Choose to install the driver even though it isn’t signed.
0.9 Time to see how it went, you should now have “ADB Interface->Samsung Galaxy Composite ADB Interface” in your Device Manager. To make it more exiting this isn’t always the case. I used to have it, but not any more. ADB still works though…to be sure Press “Win-button + R” and type in “cmd” then press “Enter”
0.10 In the terminal window that opens type (without the “”) “cd c:\android\tools” and press enter. Then use your very first ADB command by typing “adb devices”. Now you should get a reply that looks something like this:
Device list example
0.11 If you did get I7500xxxxx, congratulations. ADB is up and running! If you didn’t we have something of a problem on our hands. Could be of several reasons but start with de-select debugging, connect to your computer and mount your SD card. Unplug and redo from step 0.XX. I also added some alternative drivers from Samsung here. Post in comments if you can’t get it to work! There are so many alternative drivers and ways to install them floating around that posting everything here would be impossible. With the first device I tried only the first driver was needed, with the second I installed the second zip as well to get it to work.
Just found a new driver…once again. Amazing how hard it can be but several people says that this is it :) Here’s the link
Phase 1: Update your Firmware with Odin Multi Downloader
1.1 Unzip both the Odin and Firmware zip files at any location
1.2 Right-click Odin.exe and choose “Run as administrator”, it’s absolutely necessary that you do it as an admin!
1.3 Start with pointing out the .ops file included in the Odin zip file. If you downloaded the I7500XEJC6 firmware above it should hold 4 different files ending with .tar. Other versions can hold only 1 and is then called a “one package” (note on that below). Point out your corresponding files to BOOT, PHONE and PDA (the CSC file included can be used, some people claimed different benefits from this I tried both without noticing any difference. However that is the localized file for the carrier. This leak is from Russia so before using it you should write down your APN settings and the menu positions to get to the change language options unless you speak Russian :) ) like showed in the picture below.
Example of Odin set-up
(If you only got one .tar file just tick the box next to “One Package” and point that file out on the right, ignore the rest.)
1.4 Time to back-up anything you want to save from your phone, search the market for backup and you’ll find many options.
1.5 Shut down you phone and connect it to your computer via USB
1.6 Start your phone in “Download mode” by pressing and holding “Volume down + OK + Power” buttons
1.7 You phone should now say “Downloading…” and show a SD card like icon
1.8 In Odin, look at the white frame on the left, it should say “<1> Added!!!”, “<1> Detected!!!” just like the picture above
1.9 Time to hit that switch! Press Start in Odin and go have a cup of coffee while Odin does it Magic. When finished it will reboot, this could take a couple of minutes
1.10 If it got stuck on the Samsung logo, have no fear. A wipe should get you going. Shut down your phone (pull the battery if you have to) and boot in recovery mode by pressing and holding “Volume down + Answer + Hang up/Power” buttons. When you see the triangle with a ! all you have to do is press the “Menu” button. The phone will perform a Wipe and then restart. Still not working? Start over from step 1.XX – Download mode.
1.11 Perform a wipe as instructed in 1.10 and you’re all done! In Settings->About phone you should now see that Firmware version says something like Galaxy 1.6 and Baseband version says I7500XEJC6. The picture below shows that screen after Galaxo installation.
“About phone” after update
Optional next step…Flash Recovery and Flash Galaxo Rom
Every blog and paper already published their summaries and lists of both the previous year and decade. I say let’s forget the past, and focus on the future. At least for a little while. I will tell you what you can (might) expect from the future of mobile electronics, maybe not in a year but in 1-5 this is the development I predict.
Since I got my first smartphone I’ve been convinced that it was only a matter of time before the rest of my friends and family followed me into the modern age (i.e. got themselves one of their own). iPhone started exactly that movement. Suddenly there where a phone easy enough, funny enough and produced by a company with enough market share (I’m convinced that an identical phone from HTC for example never would have had the same impact). So slowly my friends and family is jumping on the wagon. What the iPhone started now has turned into friends with HTC Hero, Windows Phone (old Windows Mobile), iPhones and devices from any and all brands. Of course that means that I’m now starting to plan my own jump off from the same wagon. Here’s what I want, and other will figure out in a couple of years:
Standard phone features e.g. calling, SMS (starting to feel very outdated but, for a few more years) and such
All my internet needs in a mobile device, including mail (and wave/other collaboration tools), streaming videos, streaming music, reading blogs and news sites
eBook reader (no use fighting it, sorry librarians and other “paperback-huggers” time to adapt)
Some games and other miscellaneous stuff.
To read books, extensive articles online and browse the web somewhat comfortable I need a bigger screen than my Samsung Galaxy got (3.2”). The problem is that already a phone of this size sometimes feel a bit clumsy to carry around. When I don’t have a jacket/bag, at a party or on the town, going to the beach etcetera. There’s also an economical aspect in this. My phone suddenly cost the same as an average laptop and that’s before the bigger screen and additional features mentioned above. Phones are easily lost, stolen or broken. Nothing strange there, it’s the same with all things we carry with us everywhere. I remember an interview with a scientist researching crime among youths in Sweden a couple of years back. He/she said that one of the reasons for the increase of robbery against individuals is that we carry much higher values on our persona. We stopped having cash in our wallets but instead we got expensive mobile phones, mp3 players and so on.
Solution? As everything gets combined into the same device (do they still sell mp3 players or cameras without a mobile phone included? :) ) I predict an excelling need for different products for different occasions. I will most likely in the coming two (ehm, one if I know myself) years change my smartphone for a “stupid phone”. That phone should be small, cheap and manage just the basic functions like placing calls, simple e-mail and maybe music. A revival of my old Sony Ericsson K750i maybe? :) At the same time I will buy a tablet that is more of a hybrid of today’s:
tablets (Archos 5-like);
ebook reader (nook-like);
smart phone (Nexus One-like);
mediaplayer (iPod touch-like).
This baby will follow me to work and longer journeys, but not on short trips to the town and such. Then once again I will be telling my friends and family: This is the future of mobile electronics!
This post was inspired by numerous blogs and news sites over the year and the pictures are standard ones that’s flooding the web. Any objections to me posting this pictures can be sent to me and I will sort it out. Special thanks to the Swedish site http://www.swedroid.se that always keep me in the loop on Android news.
In the FAQ category: Unlock Android phone that is locked after too many pattern attempts. I’ve seen the question so many times in the Google Mobile Help Forum that I felt that a post could help someone out.
On Android phones you can activate a feature called pattern lock. This feature can be compared to a Windows computer asking for password after the screen saver kicked in, only instead of a password you use a pattern. You get a screen with 9 dots and you draw a pattern of your choice with 4 of them. If you forget your pattern (or have kids that likes to play with phones) you will after 3 faulty attempts be unable to use the pattern to unlock it. Instead you are asked for your Google account and password (that is setup with the phone of course). This is where the problem starts.
For many, many users providing the username and password won’t change a thing. For some people changing the password via a computer has worked but that is uncommon. Most people ends up with a very expensive paperweight. Have no fear, there are solutions to almost everything!
Google has a decent article on how to regain access to your account here:
4. Call yourself from another phone, answer, without hanging up press the home button, then menu button, settings, try to disable pattern-lock
5. Call yourself from another phone, answer, hang-up, directly after hanging up start pressing your buttons like a madman for <30-60 seconds ending with your home button (might take a while to get the timing right). Go into settings and disable pattern-lock.
6. Try the normal recover password routine from GMail.com and start over from 1.
7. Perform a factory reset. YOU WILL LOOSE all not-synced DATA (SD card will be left untouched).
1-6 are possible workarounds, these doesn’t work for everyone but can be worth a try to avoid factory reset. 6. is what should work but hardly never does. 7 – The factory reset always work
In this case the solution is to make a factory reset (sometimes referred to as hard reset or wipe). This will erase all data on your phone (not on your SD-card). Your contacts and mails should be in sync with the Google servers, no problem there then. Downloaded applications needs to be installed again but there is a list of your previous downloads in the Android Market->My Downloads. Other things though are lost if you haven’t backed them up manually with a 3-rd party application. Example on things you will lose: Call logs, text messages, application settings.
This is your 3 step solution
Factory reset your phone (links to Android device manuals can be found below, it differs between devices)
Setup your phone just like you did the first time you unpacked it (use the same Google Account if you want your old contacts back!)
Restore any manual back-ups and install your previous applications from the My Downloads list.
How do I factory reset? HTC leads the way and put this information in their manuals, other manufacturers should learn from this!
Dear readers, as much as I would love to keep a directory on how to factory reset every single Android device out there, it’s just not possible. Use your rights as a customer, go back to the store and ask them to help you factory reset your device!
With the phone turned off, PRESS and HOLD Volume down and Send buttons CALL buttons (the manual says SEND and with that they obviously mean Call)
Press the END/POWER button. You will see a screen with three Androids at the bottom of your screen
Follow on screen instructions
Samsung Galaxy (note old Galaxy i7500, Galaxy S further down):
1. Turn off your Galaxy.
2. Hold volume_down+call+power button.
3. After boot, press menu button to start recovering.
Motorola Droid (a.k.a. Milestone): 1. Turn the Droid off. If it won’t turn off, take the battery out then place it back in.
2. Open the keyboard and press the X key while pressing and holding Power. The device will power on. Keep holding the buttons downuntil a yellow triangle appers.
3. Press the Camera and Volume Up buttons at the same time to get to the menu.
4. Use the direction pad to the right of the keyboard to select the Format option.
1. Turn the phone off. If it’s frozen in the on state, pull the battery.
2. Press and hold both the Home and Back buttons simultaneously.
3. While continuing to hold the buttons, press the Power button.
4. Release Home and Back.
5. Follow the instructions on the screen to complete the hard reset.
If you want to do a Hard Reset but can’t do it through the menu, please use the update from T-Mobile UK website: T-Mobile – Help & Support
But use the file from the “Android updates” section and the following piece: November 2009: T-Mobile Pulse software
This software update should be used ONLY when your T-Mobile Pulse has been security locked and you do not have a valid password.
If you right-click on your mouse here and select the “Save target as..” option – it should take about 2 minutes to download depending on your internet connection speed. PLEASE NOTE: Installing this update will remove all existing data on your T-Mobile Pulse.
Then in your pc format the SD card. then copy the folder dload to your new formatted SD card. So the folder with the two files will be on there.
Insert your SD card in the phone
Then when your phone is off, do the following:
Vol + key & “hang up button” – keep them both together pushed and then turn on the phone. Then the update will start automatically. Once the update is finished it might hang to long in the “phone will restart automatically”. If so, take out the battery again and turn the phone on normally. then it all will go as normal.
Once the update is done, you will have to configure your phone again, which also means you can choose the language again.
This post is most of all an answer to a question in the Google Mobile Help Forum. There are limitations when it comes to embedded pictures in that platform so I’ll take it here instead. Who knows, it might find other readers searching the web as well.
To change your keyboard type on a HTC Magic, same on Hero, and as far as I know all devices running the HTC soft keyboard for Android (like my Samsung Galaxy). Note that this is to change between the different stock keyboards, not installing a custom one which is a whole other question.
Start to type a new message, just to get the keyboard up. Then push the little “Settings-button” marked in red on this picture.
This brings you to the keyboard settings (mine is in Swedish but I’ll translate the important parts for you). Select the row marked in red that should be called something like “Keyboard types” in English.
Which brings you to this screen where you just select the input you favor, QWERTY, Compact QWERTY or Phone.
That should be it! Enjoy the keyboard of your choice.
Just read a quite interesting article about Google in the Swedish paper “Dagens Nyheter” or “Daily News”. Since it’s in Swedish I will do exactly what the author is afraid off, provide it to Google for translation! Link at the bottom.
In short it’s all about conspiracy theories concerning computers and Google in particular. It’s an interesting text and has a couple of good points, we have all Googled our name right?
The article rendered quite a few comments one of my favourites being: “The difference between govermental supervision and Google is that Google only can watch if you let it” This is not entirely true with google satelite maps and street views, what other writes about you will be indexed etcetera etcetera but you can hide from most of it’s services (and clear your “preferred add history” if I don’t remember it wrong).
One thing struck me while reading, the big problem (if you choose to see it as one) is that we like what they do. At least I preferr relevant ads and hits when searching. I like that people, you maybe, can find this blogg. On the other hand I try to stay somewhat restrective on what goes online, specially if we are talking about photos and so on. There is a reason why this blogg is not some kind of diary, well it is but not that personal.
A sequal to the ill-hidden we-don’t-like-Microsoft film conspiracy.com (worth a see if you got some time to spare) maybe?
Being active at the Google Windows Mobile Support Forum I have noticed that many questions tend to show up over and over again. Normally I don’t find that to be a major problem, but when it comes to general set up questions the answers tends to be looong. Without pictures to support your instructions you simple need to write more. Then it gets annoying answering the questions over and over again.
So without further hassle, here are my basic instructions with pictures. Note that this is Windows Mobile 6.1 instead of 5 that Google use in their instructions (why they do that I don’t know, must be some magical reason that normal users don’t understand). Of course this is instructions “as-is”, no warranties and of course BACKUP before you start. I’ll add a bit of troubleshooting afterwards just in case :)
Security experts have revealed a vulnerability in Googles mail service, Gmail. This is not my area of expertise so if I make any mistakes they are mine and not the original authors.
The reason for publishing the details is according to the author that Google was informed of the risk in August 2007 and they have decided not to take any action. The vulnerability lies in the “Change password” function, and the problem is that the authorization for changing password is stored in a session cookie and could be collected by other sites. This is called “Cross-Site Request Forgery” or CSRF (and this is fun, you read this as Sea-Surf).
A website with this malicious code could under the right circumstances (i.e. the visitor has logged in to Gmail during the same session, and stay on the “evil” website during the whole procedure) use the cookie to change the password for the visitor. Even worse in my opinion, they can by trying to change to a simple password (that Gmail won’t accept) confirm that the password analysis is correct. That way an attacker could get access to your Gmail account without you knowing it. The difference to if they would change your password is that you would of course notice it when not being able to log in.
Google have no records of any use of this vulnerability and say that it is unlikely that it will be used since the circumstances are so precise. I don’t know about you but I stay logged in to Gmail and other Google services all the time while browsing (Gmail Chat anyone?). I just don’t see why they don’t change it, as far as I understand it would be enough to add an extra authentication (i.e. ask for password again) to render the exploit useless, so why not Google?