Now let me just say right here and now that I'm not a coder so hang with me. It seems to me that google has an issue with pirates (due to the blocking of paid apps for dev phones) until they create a better solution I was hoping somebody might create some kind of module that any dev could use to prevent and curb piracy. I know it's not a huge deal as there's really not that much out there for downloading paid .apk but there are some.
What I would do breaks down into two parts, preventing redistribution of the .apk and then nagging users who have an outdated version (as with download-copy-refund-reinstall). If you made the program run at the moment it was installed and pull and then archive a piece of unique info such as the phone number and then force the whole app to double check the internal archive to the actual phone number it would not only prevent the giving away of apps but archiving the initial release person's info to the dev.
Step two is to force a version check from the app to a sever that has the current version. If you made some kind of update (even if very so minor about once a month) and gave let's say a month so that you're not forcing folks to update that day you could then make the program "nag" a user into updating (that you cannot do if you didn't pay for it) and after some length of time have the program stop working at all.
Now yes it is work for something that may only cost .99 but if the anti-piracy measures were open source then you could not only retrofit an existing program but build new pirate proof apps.
Thoughts?
Both methods are still fairly easily crackable. Just like it's impossible to "DRM" game cd's, music, and video - preventing piracy of software is a very difficult and always flawed things.
You can make copy protection pretty decent but eventually it's all still very crackable. There is no 'good' copy protection. If Google is waiting until they do have a 'good' system for it - it will never happen.
And yes, I actually am a coder with commercial interests that are copy "protected". In the end the question is always if people find it valuable enough to purchase or their time invaluable enough to spend it on cracking these things.
How about release all your code under an open source license and get paid through donations?
I LOL'd! Seriously, if you ever went that route you'd know usually people hardly ever donate, at all. You'll be working for $0.01 an hour. That's ok if it's a hobby project, but bigger projects are just not feasable that way.
It also depends a lot on the community though. For example, I've made freeware tools for gameserver admins and got a lot of donations. I've made mods for games that practically every player used - and these were RCE games, so they cost $$$ - and the total of donations was less than $100 for 100's of hours of work. It depends on the situation, the crowd, how useful the software is, etc, but in the end it comes down to people being cheapskates, but in a weird way.
By 'in a weird way' I mean that it is rather strange that if you ask for donations, hardly anybody will donate $5, but if you were to charge $5, lots of people would purchase and not care about the $5.
Of course this is not true for everybody. Personally I try to donate to free projects that I use - and I know there are several people who also do this. But it's not the 'general public'.
this isnt an issue about open source vs charging for a product. Nobody is doing anything about piracy for this particular handset. it so easy to steal these apps, and if nothing is done to stay ahead of the curve then everyone suffers. do we have to wait till the average user figures it out, or till somebody makes a blog and/or a youtube post on how to release paid apps and that even non root users can pirate these in seconds?
one of two people need to step up, either the devs and try and be a step ahead of the crackers or what i imagine as widespread piracy and the degrading of all app quality.
some have said that people wont bother stealing a .99 app, but i disagree.
robotmaxtron said:
this isnt an issue about open source vs charging for a product. Nobody is doing anything about piracy for this particular handset. it so easy to steal these apps, and if nothing is done to stay ahead of the curve then everyone suffers. do we have to wait till the average user figures it out, or till somebody makes a blog and/or a youtube post on how to release paid apps and that even non root users can pirate these in seconds?
one of two people need to step up, either the devs and try and be a step ahead of the crackers or what i imagine as widespread piracy and the degrading of all app quality.
some have said that people wont bother stealing a .99 app, but i disagree.
Click to expand...
Click to collapse
Well i believe chainfire answered the question already, there is nothing they can do. Are you a dev? The only ones suffering are the developers. Piracy is here and no one can really do anything about it. There are more important issues to deal with in the world then piracy. Look at smartphone files - cabs - wm, you dont have to pay for one of those anymore they are out there for the taking. How long have they been around? One look at their situation and its pretty clear nothing can be done.
ummm
piracy is nothing new.... piracy has been around since back on the commodore 64, i cant even explain how many shoebox's of 5 1/4" floppys of games. Pirating windows..... the first version ever. Theres no way to stop it, what is made can always be undone. The use of online connectivity is the only way to stop people from pirating software. Those "servers" are at the expense of the company that released the software. All installs have to have a "phone-home". Why do you think WifiRouter for WM (i think thats what its called) can never be cracked for more than a week. Because the serial numbers are registered in a database, and hardware id's and whatnots are sent regarding that individual phone. If more than a few of set "phones" with the serial number given is used. That serial is blacklisted and deactivated. The software checks for serial status everytime it loads. Very good way of using such software. But others are a little different, like programs that can be cracked using a serial number, but the program is in a site that normally wouldnt ever have acccess to internet (construction sites, etc.) Its just something that cant be stopped.....
p.s. http://tinyurl.com/dczb66 and you will realize what chainfire meant by ruin and destroying software due to copy protection
piracy done right
they need to stop trying to figure out how to solve the problem and just say there is no problem. there is no single "market" for software for my pc.... there will never be one for android. developers will never be comfortable trusting security they have no say so in. apps will come from all edges of the cloud and google is sadly mistaken if they think they can control it.
here is what they should do.. Nothing
Let the developers on their own find ways to secure their apps. wether it be a simple pin number or a log in. as developers make security hackers will break it, then the devs make more, its that cycle that made Linux work in the first place.
regardless of what google does people will start protecting their apk's
If you want to sell programs, do the following and you won't have a problem.
Don't worry about piracy (DRM, Copy Protection, etc)
Make a good product
Don't over-charge for the product
Be upfront with the support offerings
Offer a reasonable satisfaction guarantee if demo is not available
Trying to limit and stop piracy is a failing battle and will ultimately end up costing the developer in the long run.
I come from both sides of the track, i'm a pirate (aka lacking moral compass) and developer. When I come across good software at a reasonable price, I don't think twice about purchasing it.
You could do likesome programmers who sell their product online and on the market at the same time.
http://forum.xda-developers.com/showthread.php?t=487790
Thanks to the masterBaron I have this program on my dev phone and I live in france.
soundwire said:
How about release all your code under an open source license and get paid through donations?
Click to expand...
Click to collapse
The Windows Mobile version of Klaxon has had around 200,000 downloads, and I have received less than $200 in donations. I spent several months on that project. Donationware/open source is does not work.
robotmaxtron said:
What I would do breaks down into two parts, preventing redistribution of the .apk and then nagging users who have an outdated version (as with download-copy-refund-reinstall). If you made the program run at the moment it was installed and pull and then archive a piece of unique info such as the phone number and then force the whole app to double check the internal archive to the actual phone number it would not only prevent the giving away of apps but archiving the initial release person's info to the dev.
Step two is to force a version check from the app to a sever that has the current version. If you made some kind of update (even if very so minor about once a month)....
Thoughts?
Click to expand...
Click to collapse
I'd rather my number not be freely given out.
This would also be a problem if my number changed, but I don't buy apps that force version checks / expire / phone home. If it's good enough I look for a copy cleansed of such behavior, while i'd buy a good app without that behavior and if its not locked to hardware/providers. Copy protection can backfire and drive off customers.
How about release all your code under an open source license and get paid through donations?
Click to expand...
Click to collapse
Although I have some open source projects this will never work... A lot of people just like to get everything for free and are actually upset when needed to pay 1€ for an application.
I have people send me like 20€ but this is a very rare case! I would be lucky to have at most one costless weekend of drinking in a month, but no way to actually make a living that way.
And if you look into the work put in to most open-source projects ( in terms of hours ) its better to just do 1% of that work for a boss and get payed a lot more. Ofcourse I love doing this and thats mainly the reason why I join open-source projects... Making some money is a nice aspect which "could" happen.
As for copy protection... Like cf stated... There isnt an uncrackable copy protection and if creating one takes up half of the time of your projects development how much good would it be in terms of earning money. Its not a copy-protection problem but its a mind-set problem... People just dont like paying for things they use everyday...
inpherno3 said:
piracy is nothing new.... piracy has been around since back on the commodore 64, i cant even explain how many shoebox's of 5 1/4" floppys of games. Pirating windows..... the first version ever. Theres no way to stop it, what is made can always be undone. The use of online connectivity is the only way to stop people from pirating software. Those "servers" are at the expense of the company that released the software. All installs have to have a "phone-home". Why do you think WifiRouter for WM (i think thats what its called) can never be cracked for more than a week. Because the serial numbers are registered in a database, and hardware id's and whatnots are sent regarding that individual phone. If more than a few of set "phones" with the serial number given is used. That serial is blacklisted and deactivated. The software checks for serial status everytime it loads. Very good way of using such software. But others are a little different, like programs that can be cracked using a serial number, but the program is in a site that normally wouldnt ever have acccess to internet (construction sites, etc.) Its just something that cant be stopped.....
p.s. http://tinyurl.com/dczb66 and you will realize what chainfire meant by ruin and destroying software due to copy protection
Click to expand...
Click to collapse
Bull****. WifiRouter or whatever it is could easily be cracked by using fake DNS servers, manually editing the servers to a custom, or bypassing the online checks completely.
Their system is crap, and any skilled cracker could defeat online checks in just a bit of work.
The only truly invincible copy protection I've seen are either hardware, or extremely internet based (something that relies on external servers so much that it's useless without them, such as MMOs). Hardware can be modded, and you can recreate the servers for internet based.
Gary13579 said:
Bull****. WifiRouter or whatever it is could easily be cracked by using fake DNS servers, manually editing the servers to a custom, or bypassing the online checks completely.
Their system is crap, and any skilled cracker could defeat online checks in just a bit of work.
The only truly invincible copy protection I've seen are either hardware, or extremely internet based (something that relies on external servers so much that it's useless without them, such as MMOs). Hardware can be modded, and you can recreate the servers for internet based.
Click to expand...
Click to collapse
Or you could just remove the TPM (or Variant) requirements from the software like the Hackintosh version of OSX.
piracy won't ever be stoped.. might take a vbbit longer for some one to bypass it's protecting but it will always be cracked sooner or later
best thing u can do is.. as said before just make a good product be craeative, dont over-charge, people will buy it support you..
heck better is better to make 20 bucks thank nothing at all
Related
What does everyone think will happen with future revisions of Android in regards to the fork between the stock G1s with OTA updates and the hacked G1s with manual updates with the test keys?
Hopefully this doesn't turn into Sony's militant locking down of the PSP via every firmware upgrade. Even though I never owned a PSP, I thought it was absolutely insane that Sony would try so hard to keep people from using their purchased equipment in any way they wanted to.
I totally understand that Google had to release RC30 to shut down a GIGANTIC security exploit that could have (but not likely) been used compromise phones. I'm sure it's in their interest to keep a homogeneous G1 userbase but would they actively try to relock rooted phones?
I'm hoping they just leave the rooted G1s alone. Mostly because we bought the phones and they are OURS. We are obligated to stay with Tmobile until the contract is up because the price is subsidized but we are not obligated (in my opinion) to retain the software they were shipped with. Obviously if my phone has a software problem I won't be calling Tmobile. On the other hand, if there is a hardware defect I'm certainly reflashing RC30 and sending it back under warranty.
I would like to hear everyone's opinion. I think it was great that Tmobile UK was good enough to open a dialog about possibly allowing root access but I don't think they really understand what "root access" is or care as long as they sell phones under contract. I don't think Google really cares either since they have open sourced all of the OS that we are modifying which is in the spirit of Open Source Software anyway. I think as long as they get their marketshare, they will be happy.
I dont think so first off the psp hackers down load games so the dont have to pay for them they lose millions each year on the hackers...next i dont thnk that google would do this but t-moble might.But in my opinion i think they will as soon as they start hacking the pay apps. that will start later this year.
HOGWILD said:
I dont think so first off the psp hackers down load games so the dont have to pay for them they lose millions each year on the hackers
Click to expand...
Click to collapse
Hogwild hit the nail right on the head. I don't think T-Mo/HTC will engage in a drawn out battle to "steal" back root simply because there is no real financial motivation to do so. I'm of the mind that it's best not to begin speculating unless one of the aforementioned company takes a step in that direction. There's no point whipping up another possible flame-war over something that might never happen.
Ya I agree they are our phones 1 thing you left out not everybody is under contract some ppl paid full price on a prepaid 90 service plan then they get their unlock code. Some people didn't qualify for the upgrade price of 179$ and some people are under contract eiither of all three it is owned by the user the day they signed or paid. Tmobile won't take back a used g1 for failure to honor the 2 year agreement they will bill the customer.
So the whole open source push... and market. There and hundreds of. Thousands of programmers who make programs for the love of advancing "things" look how popular sourceforge is. So you get people who will create a program and demand a nominal fee say 14.95 the dev only gets 70% of the price and the wireless carrier get 30% for nothing. I . Defently there being an underground "market place" that bypasses that standard one to allow people to download free apps. The most exciting thing that everyone is about the market being a paid app is stopping all the comments of the retarded people in the market place
My 2 cents
diabolical28 said:
The most exciting thing that everyone is about the market being a paid app is stopping all the comments of the retarded people in the market place
Click to expand...
Click to collapse
There are a lot of idiots in the world with money to waste. Rest assured, the paid apps will have retarded comments as well.
qft
rabble:rabble
Wow I hate people that don't know what they talking bout. I wanna clear up a few thing. Being a psp dev I can tell you it wasn't bout the hacking and homebrew. the psp updates were to stop piracy. Btw most exploit on psp were by sony. If you own a psp atlease you would know a little about the scene. Secondly, the root bug is dangerous to us. Google own dev are helping us htc people are leaking tools and t-mobile always let us screw them over. So no it not gonna be no war going on it all for our safety untill the software is right. As you can see we're like test bunnys and when a bug you should be greatful that they release update. So while I love having root access it not that serious right now it just would be right to compare this to the iphone jailbreak scene. Once paid app are here I wouldn't be shock if update start coming to block test key and resigning to respect developer work. Read before posting and short answer no unless as needed
There's not going to be a homogenous Android ecosystem to begin with because each carrier will tailor it to their own needs, and possibly to each handset.
danguyf said:
There's not going to be a homogenous Android ecosystem to begin with because each carrier will tailor it to their own needs, and possibly to each handset.
Click to expand...
Click to collapse
Correct. And you can bet that there will be handsets running builds of Android not maintained by Google which will not run Android Market. Whatever carrier releases it will want to funnel that 30% revenue to themselves. I'm concerned that that fracturing of the ecosystem will impede overall market acceptance. And i'm not even talking about the inevitable outcome of Android "strains" that slowly become sdk incompatible with each other.
Here's a posting I made on android-platform and Dianne Hackborn's response:
Right, I'm thinking along the device manufacturer side of things. As
an imperfect analogy, is the Android team okay with manufacturers
producing their own Android builds which may be slightly incompatible
with each other (a la Symbian's various flavors), or will all
manufacturers be encouraged/required to adhere to some technical
requirements checklists in order to brand their phone as Android-
powered? (more like say Windows Mobile).
Click to expand...
Click to collapse
We won't, this is something we will be actively discouraging (or from a
positive perspective, doing whatever we can to encourage android devices
to be compatible).
Click to expand...
Click to collapse
Of course with an open source project "actively discouraging" can only go so far...
jashsu said:
Whatever carrier releases it will want to funnel that 30% revenue to themselves.
Click to expand...
Click to collapse
The carriers already get that 30%.
From the android dev blog
"Starting in early Q1, developers will also be able to distribute paid apps in addition to free apps. Developers will get 70% of the revenue from each purchase; the remaining amount goes to carriers and billing settlement fees—Google does not take a percentage. We believe this revenue model creates a fair and positive experience for users, developers, and carriers."
From what I've heard from Google folks, they aren't that interested in the root thing, that is more a carrier issue. However, the way people originally got root was a serious issue. Not directly because you could get root, but because it was an outright silly bug than could potentially raise havoc on your device if you happened to type the wrong thing on your keyboard.
JesusFreke said:
The carriers already get that 30%.
From the android dev blog
"Starting in early Q1, developers will also be able to distribute paid apps in addition to free apps. Developers will get 70% of the revenue from each purchase; the remaining amount goes to carriers and billing settlement fees—Google does not take a percentage. We believe this revenue model creates a fair and positive experience for users, developers, and carriers."
Click to expand...
Click to collapse
I imagine the billing settlement fees could be rather sizeable. I don't run a credit card processing company, but i've seen $.20 - $.30 per transaction thrown around. That's in line with Paypal's fees.
We'll see if other manufacturer/carrier matchups continue to use Android Market. I wouldn't be surprised to see them create their own markets though, simply because if it's possible and there's the slightest financial incentive to do so, eventually someone will do it.
I was in the PSP scene for a long time, admin at one of the largest PSP sites, net admin on the largest PSP IRC server, and had several contacts within Sony's Playstation department. So I know how the scene went pretty well.
Sony did not want homebrew for multiple reasons. The obvious one is ISO playback. No matter what they did, warez was possible. Even back before we had perfected the actual emulation, we could simply patch calls to disc0:/ to ms0:/ and load the EBOOT. If we hadn't figured out how (the first one to truly do it was UMD Emulator, which would patch many of the PSP calls to make it MUCH smoother/more compatible), we could simply expand on this.
The second reason is that we were stepping on their toes, so to speak. They wanted to have many more downloadable minigames that could be booted off of the memstick, something we did years before them. I doubt they liked that we were doing what they planned, and doing it much better/faster.
Thirdly, they were responsible for all bricked devices. Although their unbricking process has always been easy, it costs them time/shipping. It's still a pain and costly for them to do it massively.
This is why they combated it on the PSP so much. On the standard Playstations, they've never had to worry about it this much. They didn't have memory cards that you could easily throw ISOs on, they didn't have any easily loaded software that would allow you to boot them, etc. You had to buy hardware devices (hdloader, the swap program (ffs can't remember the name), or modchips). Pirating the PSP was SO much easier.
Now, onto the G1... a Google employee has already (off the record, speaking for himself, not Google) that they should have just given us root access, especially if HTC was going to be so careless with their NBH images.
If every one was given root access, cracking paid applications would be much easier. Well, that is the belief. In reality, cracking them will be a sinch. With easily done byte code modification, and resigning the APK, I doubt there's an application that CAN'T be cracked. As long as you could install apps from browser/SD card, you can crack them. Even if they locked it down to market only, we could spoof DNS servers and run "unofficial" markets with cracked applications. This wouldn't require root access at all.
(excuse any typos, it's 10F outside atm and I'm trying to smoke.)
Gary13579 said:
I was in the PSP scene for a long time, admin at one of the largest PSP sites, net admin on the largest PSP IRC server, and had several contacts within Sony's Playstation department. So I know how the scene went pretty well.
Click to expand...
Click to collapse
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
aron4588 said:
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
Click to expand...
Click to collapse
The last time I used my PSP was a year ago, as a flash drive so I could reformat my computer. I haven't actually *used* it in years, so anything you saw on QJ wasn't about the real Gary .
But yes that's me, and I was an admin at Dash Hacks.
aron4588 said:
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
Click to expand...
Click to collapse
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
diabolical28 said:
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
Click to expand...
Click to collapse
Lol what? fIRC lets you connect to any server and any channel.
diabolical28 said:
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
Click to expand...
Click to collapse
http://code.google.com/p/androidirc/
I was wondering if anyone knows a real answer for this. How easy would it be to cook in something that would send back your email login and password? Or other logins to stuff like banking sites. The people who make the roms seem to be hard working enthusiasts, but it still makes me nervous.
The reason I am asking this is because WM6.1 seems pretty buggy and slow and I was hoping that maybe updating to 6.5 would help, however Sprint is being super slow and vague (as usual) about if they will ever release an official rom.
And please no "then just don't use custom roms" replies. I am just hoping someone has some way to show that they are safe and then I will happily use it!
I was wondering the same thing. I don't use any cooked rom for anything banking related for this possible risk.
I know there are other threads that have the answer but can't find them maybe someone hid them?
Anyway what would the average chef gain, second of all how do you know a member of Opera or IE is not taking down your details or even Bill? "by that i mean there is more to worry about"
My point being chefs cook ROMs to give users better phones than stocks... Also the world of WM isn't laden with virus's/spyware so even doing so would be hard and no one would be bothered to spend there time considering how much time cooking consumes.
Just Hard-SPL your device and start flashing
I find cooked roms are the best! They are tweeked, customized, optimized, flexable, etc. Happy Flashing
Im still leary. Im going to wait until you all flash...then i will know its safe
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
FloatingFatMan said:
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
Click to expand...
Click to collapse
That is a very argumentative answer to a very simple and valid concern that allwires has regarding the security of using cooked rom's. Some people that use these rom's like to use their device's web capabilities for banking and for storing personal information and he brings up a very valid question regarding the safety of using these rom's for these purposes. Then you insult the poster by saying he or she is being paranoid when we all know that the capabilities for wrong doing via viruses and other malicious software are very valid concerns in this day and age. I would like to hear an intelligent and informative answer to this question since I'm sure as this sort of thing becomes more mainstream as it is bound through time to become there will be many more inquiries made as to the safety of their usage.
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
deedee said:
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
Click to expand...
Click to collapse
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
qqa92 said:
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
Click to expand...
Click to collapse
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
^^ And to add to Tim's comments. Just make sure you get your cooked ROM from an established chef if you're worried, and there won't be any problems.
Now, if the ROM was from someone with a tiny postcount and wasn't known, then you might have cause to think twice; but that's not going to happen here...
timmymarsh said:
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
Click to expand...
Click to collapse
Well then why not let the cat out of the bag. I'm just in here to see if I can get a large portion of the members in here's knickers in a twist so that they will all go out and buy my mobile AV since mine is the biggest one out there currently. Lots of potential there, in terms of cha-ching you have to agree. LOL!
There's also the option of downloading a kitchen and cooking your own ROM ... this method permits you to look at each package in detail.
Cheers,
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
I'm not sure what your reasoningn was to stop using email on the phone because of a failure to login to yahoo from a laptop. Did you notice any malicious activity on your yahoo account? Have you since? Have you changed that password? Just seems strange.
As for the security of cooked ROMS, I've never used one but I have a new phone coming and I'm going to try one from a reputable party here. I'm not nervous about it and I use online banking all the time. Here is why I am not concerned:
1.) As several people pointed out already, your PC is more vulnerable just because of sheer numbers. WinMo has a small market share and cooked ROMs would represent an even smaller market share. Even then, there are many custom ROMs to choose from. Then if EVERY user of a specific tainted ROM used their online banking on their phones, there is still little they could actually do with that information. For example, chase uses text messaging which means yes, someone could get my balance and stuff, but I actually have to login to the site to authorize my phone rather than login through the phone. So the information itself may or may not be useful. At the end of the day, it just wouldn't make the chef much money since there would simply be too few potential victims.
2.) The liklihood is very high that the perp would be caught by their peers and exposed in order to 1 - protect their own integrity, and 2 - get bonus points for being the one who exposed the bad guy (or girl). When you add this level of risk to the low reward, it just doesn't make sense. High risk, lots of work, little reward.
3.) Then of course, if someone fraudulently accesses your account, you can usually get that money back.
So I'm perfectly comfortable froma security standpoint. It's the stability standpoint I'm a bit concerned about but that's why I'm waiting till I get my new phone to try one out so I can go back to my old phone if it all craps out.
RedScorpion78 said:
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
Click to expand...
Click to collapse
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
startluvova said:
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
Click to expand...
Click to collapse
Hey there,
Way to go to ressurect an old thread
Nothing has changed, i have never heard of seen of a custom rom that has a virus cooked in, or one that has been intentionally created to spy on the user.
That said, i guess you have to make your own decision after reading the comments from some experienced chefs/flashers here
CHeers.
http://ashleyesqueda.com/private/HdniCFAkDv
What pisses me off as mentioned is the fact that you have to install a software update WITH the skin intact and updated as well. I don't like how this delays the time the update takes to get pushed, I don't like how this oftentimes turns me off from using the damn skin, and I most definitely don't like the fact that I have to install it to get perks. It's a trap!! The whole update BS is what drove me (and many others) to root their Legends in the first place. This is absolute crap!
And yeah, I'm against a locked bootloader as with everybody here on XDA. It's not just the custom skins being reverted to plain stock or similar, it's the extra "feel-good" things you can do with it unlocked.
Thoughts on the rant?
Google's in it to make money? What a shock(!)
They're a company, not a charity.
Google is also about spreading it's monoply.
And they're better at it than At%t
Yeah Google is in it for money all company's are, money makes the world go around nowadays so that's what they do. As far as the ads part, that's how they make their money that's how they always have, but you don't see ads floating around when you use your phone just in apps that you download form the marketplace. However, the OS is open, like any other Linux base, allowing people to customize it and thus making Google sit back and see what devs can do with it and integrating what the devs are bringing to the table and seeing what people like (free user studys). Its genius on their part especially to push it to the masses that don't know what they're doing and have no idea what it even means when you say "root." I've always enjoyed Linux and its openness so I will continue to support Android.
Agree with rant.
Yeah, it's the nerds that want this, but the normals don't consider the why.
And the why is these devices are not phones.
They are tiny computers.
And it's pretty terrible that I can change the OS on my other, not-so-tiny computer whenever I want to, but I'm stuck with whatever the manufacturer of a given device forces upon me?
I'm not even sure I like the fact that my smartphone is limited to Android only.
I envision a day sometime in the future where smartphones are treated as tiny computers by everyone--including the manufacturers. Where you can buy barebones smartphones from the manufacturers without a preinstalled OS and pick your poison!
Of course Apple would never play ball with this--they don't even do so on their not-so-tiny computers--but wouldn't it be sweet to pick up the latest HTC superphone and then think to yourself...
... do I want Android, MeeGo, Windows Phone... or whatever other mobile OSes might exist at the time?
That's true openness now, but smartphones are in their infancy, and too many people still think of them as just very fancy phones.
Google's true purpose is to take over the world!
The main purpose of ANY company, is to MAKE MONEY, so the top-level execs can enjoy a huge cushy corner office, drive a company Mercedes S-class, own a Bentley for personal use, host extravagant parties on their yacht, visit France on weekends in the private jet, live in a house so big there are rooms they've never set foot in, and still have enough to pay for private security, butler, maid, and nanny for the rugrats. Accomplishing this goal for Google includes ads, and for manufacturers, includes customization for product differentiation and locked bootloaders to reduce losses from warranty/support claims.
In a way, it's the lax rules of "open" Android which has allowed manufacters to customize however they see fit.
Is it just me, or does anyone else find the fact that this woman is interested enough in technology to even bother ranting about Google, Android, and secured bootloaders, is a total turn on?
All companies give something away then, start changing the game, the problem with All phone companies is soon we will have devices that will allow us to load whatever we want, (we do that with dual boot now) this will become the standard, probably take 3-5 years before it is mainstream. But, like everyone else said Google just wants to make money. and have secure market position.....
..... duh.....
google is a company ..... where the strangeness?
GnatGoSplat said:
Is it just me, or does anyone else find the fact that this woman is interested enough in technology to even bother ranting about Google, Android, and secured bootloaders, is a total turn on?
Click to expand...
Click to collapse
... hey, not everyone here is a guy, you know!
... and yet I still agree!
Moral of the story- Companies like money to further themselves.
Step666 said:
Google's in it to make money? What a shock(!)
They're a company, not a charity.
Click to expand...
Click to collapse
Agree.Google is a company,not a charity.
LOL GOogle wasnt made so people can happily search away
It was made with the purpose of making money... who would spend thousands of dollars doing otherwise.
PS. "Google is a company, not a charity" <---Egg-sactly.
I completely disagree with the whole "stock skin is awesome!" thing. I personally dislike the stock Android theme, and it was one of the reasons I disliked CM7 to begin with, until I found Honeybread.
The stock Galaxy S theme is my favorite theme I've seen so far.
I agree with synaesthetic's vision. Would be amazing if we could dual boot operating systems on any smartphone too.
Sent from my Nexus S using XDA App
sales are UP
Google also gives all your personal data (contacts included, and all their data) to it's subsidiaries. thus bypassing Google's own privacy policies, and this is perfectly legal.
they then make a big tree showing your surfing habits, your friends and families. what u eat and drink and what movies you watch, what news you are interested in your political affiliation !
the more info they have on you the more you are worth to them.
both for their own adds and the more you are worth when they sell your info through their subsidiaries!
like i said this is all perfectly legal. because it's subsidiaries do not have the same privacy policies as the parent company! in this case Google!
why do u think they want to get into the internet service providing business (ISP)? More INFO!
now they have u using their OS, their web-browser, their app store, their email, google maps (to see where u go and what u eat) even down to what streets u use and how long u spend at each place!
the amount of info they have on u is mind blowing
why do u think they are trying to pass a bill in congress on how (and how much) these companies collect info on you!
it will never pass. but it shows you even members of congress are concerned about the points i made above!
so I'm not just talking out of my behind OR a conspiracy nut. it cant even be a conspiracy if it wanted to because the info i right out in the open for anyone who cares enough to look for it,
the companies even Google are not trying to hide anything
food for thought next time u turn on your Google
Ric H. (a1yet)
.
synaesthetic said:
... hey, not everyone here is a guy, you know!
... and yet I still agree!
Click to expand...
Click to collapse
...there are girls here...!
QUOTE of the day is
deeking2 said:
...there are girls here...!
Click to expand...
Click to collapse
QUOTE of the day is
...there are girls here...!
LOL
Nothing illegal is happening here. They're an American business. If you don't like it, don't buy it.
synaesthetic said:
smartphones are in their infancy, and too many people still think of them as just very fancy phones.
Click to expand...
Click to collapse
So true...so very true.
JL
I just need to vent. I'm a fairly active developer for the android platform. I've created a number of kernel patches and applications that I have released at no charge to the community for about 10 or so devices.
All this I do in my "spare time", which I have very little of because I am a full time professional student who takes on 32 credit hour semesters.
Recently, since my 1994 geo prizm is literally falling apart and I was hoping to scrounge together a little bit of money to get a new car so I don't end up stranded on my way to class, I decided to release a paid application. Fastcharge / Force AC toggle which allows you to toggle on and off the force AC feature. A feature which I have personally implemented and released source patches for on a number of devices.
Not only in every thread where I released the patch on a device did I write up how to toggle the feature through the command line, but I also stated that I also implemented a toggle into my completely free application that you can also download from the market, IncrediControl.
In good faith and knowing how annoying licensing is, I elected to not include licensing in my application. This is a huge regret.
Within a couple days of releasing the application to the market I googled it to see if anyone was talking about it. One of the first links was to a piracy site where a user was requesting the widget, to which another user obliged and posted the apk to a filesharing site. Doing something I never though I would have to do, I filed a DMCA takedown request, which was answered quickly and the app was taken down. Monitoring the thread, every single time a link gets taken down, another user requests the app and the original user reuploads it, most recently to 11 different sites.
So now, after filing dozens of takedown requests. This user has decided to unzip my apk, change out the artwork, and now is going around releasing it as his own work.
Really, all this to avoid paying $1.50 (only ~$1 of it actually going to me) to an individual whose yearly income is low enough that he doesn't have to file taxes?
This disgusts me.
This is even worse than the 50% "order cancellation rate" that the widget has. I'm not stupid, I know exactly what users are doing, but yet initially I was willing to ignore it. But this has gone too far.
What is even the point of pissing off a developer so much that he is considering saying screw the platform all together? It doesn't even make sense. We, the developers improve your devices, generally at little or no cost, and this is how we're repaid. With ~50% of current users of the application having pirated it. To avoid paying just over $1.
Now before someone even counters with the "my area doesn't support paid applications" argument I've actually gladly GIVEN the widget away to a number of users who casually mentioned in the release threads that they couldn't download it for this reason. Not to mention, everyone knows there are apps that unlock the market in these areas to be able to purchase apps.
How much more generous can a developer be than to provide source code patches for a feature, provide information on how to toggle the feature, provide a COMPLETELY FREE way to toggle the feature, and then charge a measly $1.50 for a secondary, slightly more convenient way to toggle.
Yet he's repaid like this .
Of course, this must suck for a developer like you. Unfortunately, it seems to happen more and more often, and all I can really say is:
I would gladly pay a few bucks for an application like IC or BootManager. That BootManager seemed really interesting, but we can't buy apps from the Play Store without CC (and as a 16-year old, I don't have one). I asked the developer if he accepted Paypal, but he didn't.
Don't get me wrong, and this is not an attack to you personally: developers, if you made something really nice, and people will like it, 70% of the people will gladly pay for it, just make sure you allow them to.
Chaosz-X said:
70% of the people will gladly pay for it, just make sure you allow them to.
Click to expand...
Click to collapse
I honestly thought this was the case. It's really not. The problem is much worse than that. If 70% of users in the root community paid for apps it would be astonishing. Its made pretty clear by the number of users who download the app, back it up and then cancel the order.
If a 16 year old kid had made me that offer, the e-mail reply I sent would have the apk attached.
Well, that is a real flaw of Android: tweakability is really impressing, but these things make it really difficult to earn some money as a developer.
We have been thinking about anti-piracy measures as well, with stuff such as authentication with a server, and locking down the code and verifying integrity of APKs and stuff to make sure it's really hard to mess with the code, but it's just sad that there's a need for these measures..
The trouble is everything has piracy right from movies to game consoles through to mobiles and music.
I mean the iPhones appstore would be a hell of a lot bigger if there was no jailbreaking and installous.
Every platform has been cracked so you'll get it regardless of what you develop for.
Sent from my HTC Desire using XDA
I think you know you just needed to vent but can I change your picture.
There are some people in this world who just don't buy the idea of an idea as property. That's not compatible with this business model. That's the first problem.
The next problem is that
there's a million and one apps out there and which one are we going to choose? Where does it start, where does it end? We all have our limits. What's yours?
For me, the app has to be something very unique and possible generate me cash. For example something I use every day at work. If it's something that the phone should do anyway I tend to skip it and save the $1 for the next phone that does it out of the box. Your app is a great thing, but there's many utility apps out there. It just doesn't fall into the kind of thing I'd cave my strict budgeting for. There are people here with a 1000 apps installed and you expect them to pay $1000 in this sense.
Another way would be having utility in the cloud and then the app is free. Another one of course, advertising.
The difference with both of these is we don't need to risk a credit card with the market. That's the main reason I personally haven't bought many apps and I'd imagine it's a problem for minors too.
The very community that allowed us to create the app fails to pay for it's products is like life itself.
I'd say make something for the iphone instead because there's more profit there but that would never have been possible, see what I'm saying? That's the 3rd problem.
So you've got 3 problems there all converging into one big push towards piracy. But remember, can your app assure security that the pirated version cannot for example? This is how one has to think.
In short,
you can't do something and hope to make a bit from it on the side. You got to go out from the start and get the money aspect central from the start. I mean, that's business and of course that's exactly what the android community works hard to free us from.
Still, summarising those 3 points for suggestion:
- offer something free things can't (i.e. security, brand etc) For example, I never run pirated stuff for fear of insecurity on my data whereas I'll try out software that way on an old PC
- can always put a service in the cloud aka the javascript trap
- iphone is there if you want...
- needs to "the one app" a certain person would pay for, not something everyone likes
Also just to make that point again, if one does not believe in property then inconveniently there is no moral crime here. I suggest learn to live with this and go with the flow
I hope google sells PlayStore cards (like itunes cards) that allows user to buy apps, music, movies, books without a credit card. I really want to buy some amazing apps but i dont have a credit card so i just use free apps. I think that if u cant buy an app that cant be a reason to piracy or sidedownload that app.
jago25_98 said:
For me, the app has to be something very unique and possible generate me cash. For example something I use every day at work. If it's something that the phone should do anyway I tend to skip it and save the $1 for the next phone that does it out of the box. Your app is a great thing, but there's many utility apps out there. It just doesn't fall into the kind of thing I'd cave my strict budgeting for. There are people here with a 1000 apps installed and you expect them to pay $1000 in this sense.
Another way would be having utility in the cloud and then the app is free. Another one of course, advertising.
The difference with both of these is we don't need to risk a credit card with the market. That's the main reason I personally haven't bought many apps and I'd imagine it's a problem for minors too.
Click to expand...
Click to collapse
The feature is 100% unique and so is the widget. Not to mention, if you didn't want to pay the $1, I provided a free way to toggle the feature in the utility app. The point is, that there is nothing forcing people to pay for the widget to use the feature. But instead of using the free option provided, they not only pirate the paid app, but edit the artwork and release it for free as their own. It defies logic.
Also, ad based apps don't work with the rooted community. I learned that early on. Myfree utility app is ad supported. With over 40,000 installs you would think it would make even a dollar a day. Nope, makes nearly nothing. That's when I realized that the same niche I was marketing to are the same people who block ads. Even if someone didn't want to block ads, they can't install a single ROM that doesn't include an ad blocking hosts file out of the box.
chad0989 said:
[...] How much more generous can a developer be than to provide source code patches for a feature, provide information on how to toggle the feature, provide a COMPLETELY FREE way to toggle the feature, and then charge a measly $1.50 for a secondary, slightly more convenient way to toggle.
Yet he's repaid like this .
Click to expand...
Click to collapse
Be sure you're looking at all sides. Yes, you're in a losing war with guys intent on pirating your app. You can't stop them, and well, you goofed on the licensing, so someone will no doubt release the clone.
First of all, don't do the Big Media thing and assume that everybody that pirates your app would have paid for it if it hadn't been available. A lot of folks collect, or just try something once. You'll only work yourself into a funk thinking about all that money you "would" have if only they hadn't been able to pirate it. They wouldn't have. At least not all of them.
More importantly, be aware that placing something out there with value does reach folks that otherwise would have no idea of you or your plight. More than once, I've purchased an app that I don't really need, but found clever and cheap enough I can buy it without thinking about the investment. I've spent more on Android software at $1-15 over the last year than I did over the last 25+ at $30-100 a pop. I've only refunded an app once, by accident.
Finally, be up front about your situation. A guy trying to make do does influence my impulse buying. So does his reputation. If you're doing a lot, be sure that's clear on your app page, and let us know clearly you're the guy that also brought us whatever.
I am curious, though: How much did you actually bring in?
Chad- thanks for telling your story, I agree that you have every right to be disappointed. Especially the buying and refunding, that to me send almost worse because you can't stop dedicated pirating, but I would have hoped the rest would have bought the app.
It's easy to forget the human side of development, so thanks for sharing your side.
Jesus christ Chad. This is f$%&*#@ ridiculous. Probably the best and most generous kernel dev I have ever come into contact with, and people are cheating you out of 1.50. Please don't abandon Android. I need kernels when I get my rezound! but in all seriousness, warez needs to stop.
Sent from my ADR6400L
Yep. Sucks. After getting serious about android , which wasn't too far in, joining with a nexus one and seeing all the free HARD work we get, I definitely try buying stuff I use. If I can't pay sometimes I will see if dev does something else I can donate to. Its an issue I've thought about and part of it really boils down to how sorry people are in general. They want free and cheap. $1 is laughable even when it can be easily had for free. You really should market yourself a bit even though you don't want to. And people should really put a complimentary $5 or so budget a month or more and try to support devs. Maybe if you have something he gave free but has an app you won't use for a buck, buy the dollar app and uninstall after the 15 minute period. Or throw him a 5 through PayPal or something. Its simple really. If these devs don't have to resort to ramen and water they keep dev'ing especially for the community supporting him or her. And if they're eating vegetables and have plenty of red bull money it gives them wings. Otoh, the devs that make us pay to reinstall an app after we bought it on another or lost our phone suck. Balls. Won't buys theirs anymore.
teach a man to fish, you feed him for life. teach a man to fastboot, and you create competency. and less threads on xda.
Maybe you should implement a system like some developers do where you download the app for free with a time limited trail, then they would go to another website to pay for the app to unlock it, and the unlock codes would be unique for every user which would minimize piracy.
Sent from my GT-N7000 Samsung Galaxy Note "Go big or go home" using XDA app
rafa6571 said:
I hope google sells PlayStore cards (like itunes cards) that allows user to buy apps, music, movies, books without a credit card. I really want to buy some amazing apps but i dont have a credit card so i just use free apps. I think that if u cant buy an app that cant be a reason to piracy or sidedownload that app.
Click to expand...
Click to collapse
In the Netherlands we have prepaid Visa card.
Works well.
Maybe you google something similar in your own country.
(3V prepaid Visa cards)
That does suck but if someone wants to pirate an app even licencing doesn't stop them as there is an app that apparently patches licence checks.
It is so easy for even a non root and new user to find cracked apps, I have seen links on here and even on peoples facebook sites, it's got to the point where people can just browse a webpage and click a link to get the cracked version of an app.
Unfortunately if someone wants to crack it they can. Unless you could implement your own security check somehow, something obfuscated in the code, licencing is the only alternative as it would stop people using backed up cancelled versions at least.
Unfortunately it seems a lot of people just don't want to pay for apps.
Dave
Sent from my LG P920 using Tapatalk
also have to look at both sides. some people just refuse to pay for **** whatever it is, or get it as cheaply as they can. being android apps, the free route is how they're going to go. but the other side, you hsould be grateful for all the people that do pay. they're the ones helping keeping google, open source, android and everything in between chugging along. open source is the future and you can tell every corporation i said that. and thanks for you your work even though i've never used it.
jago25_98 said:
...
Also just to make that point again, if one does not believe in property then inconveniently there is no moral crime here. I suggest learn to live with this and go with the flow
Click to expand...
Click to collapse
There is plenty to disagree with in your post as it all seems like an attempt at rationalizing ways to get around the system. This last statement is a ridiculous attempt at summarizing why stealing is OK. Your morals don't define the crime, the law does. Stealing property, physical or intellectual, is not legal and not right regardless of your morals or lack of.
Chad,
I am sorry to hear of your products' abuse. I used your kernels all the time on my Incredible devices and bought IncrediControl to support development. I have purchased many applications just to support development and believe that is the way to get high quality applications.
Piracy is just so damn easy on Android. I know ppl that are doing it who I wouldn't even expect to be doing such a thing. This guy I know love android only because he can get everything free by just googling the apk.
awww thats sad i feel really bad for you!
I've used pre paid visa debit cards to buy apps. You can find them in Any money shop like Cheque cashing places for example. You can even just stick a dicky diver (£5) on them. Perfect for situations like this
Sent from my GT-I9100 using xda premium
I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.