Android 4.4.4-based CyanogenMod M8 released with lock protected apps

The latest snapshot release of custom Android ROM CyanogenMod brings a slew of new features, including the hidden Heads Up notifications feature and more controls to lockdown private apps.

CynaogenMod's latest snapshot update for its KitKat-based ROM has rolled out, bringing a host of security features to its most stable version of CM 11.0 to M8.

Smartphone owners who've ditched their OEM builds of Android can begin flashing the latest version of CyanogenMod's popular alternative to some of the 50-odd devices supported by the CM 11 M8 build. New among the list of supported devices in this version are the Sony Xperia Z2, Xioami Mi2, Oppo Find, and OnePlus One.

The update contains a number of bug and security fixes as well as a few new features recently flagged by CyanogenMod developers.

Heads up. Image: CyanogenMod

CM 11.0 M8 carries forward some features from the less stable nightlies, including the new 'Heads Up' notification mode that's buried in the Android Open Source Project code but never showed up on Nexus devices. The feature enables notifications that hover over an active application, allowing the user to respond to them without leaving the app. Since it can also interrupt gaming or watching a video, CM 11.0 M8 adds a 'do not disturb’ filter to prevent the feature interrupting games or other apps.

Another useful privacy and security feature — beyond CM's Privacy Guard to control app permissions and encrypted messaging — is a new way to lock down apps that users would prefer remain hidden on the launcher display. Individual apps can be hidden as usual but with the additional protection of a pattern unlock to prevent access. It also introduced protected folders to lock down multiple apps — for example banking-related apps.

 The update also makes a number of changes to settings, replacing the old generic "interface" category with more specific items such as "status bar", "notification drawer", and "gestures". It also moved expanded desktop to the 'display' setting and grouped all 'lock screen' settings under the this header.

Security issues and bugs that are fixed include the VPN issues that emerged for some users after Android 4.4.2. It also contains a fix for the Towelroot exploit, which gave root access to nearly every Android device on the market.

Protected apps. Image: CyanogenMod

The exploit, which took advantage of a Linux kernel bug ( assigned the CVE-2014-3153 identifier ), was developed by well-known modder, GeoHot.

While it was designed to liberate Android devices from OEM lockdowns, it also posed a threat, as outlined by Lacoon Security, since it could allow an attacker to run malware with administrative privileges, install a backdoor, and bypass enterprise data protection features such as secure containers, wrappers, and hardened apps.    

CyanogenMod's M release builds are the most stable it offers following its decision earlier this year to drop 'stable' builds . Downloads for each supported device are listed under its "snapshot" builds.   

The full change log includes

  • Common: Android 4.4.4 (Google)
  • New Devices: Sony Xperia Z2 (sirius); Xiaomi Mi2 (aries); Oppo Find 7a/s (find7); OnePlus One (bacon)
  • Common: Fix VPN issues related to 4.4.3 merge
  • Common: Enable 'Heads Up' notification mode (Settings > Notifications)
  • Settings: 'Interface' replaced by 'Status Bar', 'Notification Drawer', and 'Gestures'
  • Settings: Moved 'Expanded Desktop' to 'Display'
  • Settings: Moved all lock screen related items to 'Lock Screen' and removed duplicates from 'Security'
  • Settings: Moved 'Navigation Bar' layout control to 'Buttons'
  • Trebuchet: Custom Homescreen grid size
  • Trebuchet: Add Protected Apps feature
  • Trebuchet: Add Search Panel (Google Now) option
  • WhisperPush: No longer ignores 'Blacklist'
  • Futex: Protect against Towelroot
  • Various small bugfixes, global and device-specific