The current state..
The last few days have been difficult. What has become clear now is that the Android Open Source Project is a framework. It’s licensed in such a way so that anyone can take it, modify it to their needs, and redistribute it as they please. Android belongs to everyone. This also means that big companies likes Google, HTC, Motorola, and whomever else can add their own pieces to it and share these pieces under whatever license they choose.
I’ve made lots of changes myself to the AOSP code, and added in code from lots of others. Building a better Droid, right?
The issue that’s raised is the redistribution of Google’s proprietary applications like Maps, GTalk, Market, and YouTube. These are not part of the open source project and are only part of “Google Experience” devices. They are Google’s intellectual property and I intend to respect that. I will no longer be distributing these applications as part of CyanogenMod. But it’s OK. None of the go-fast stuff that I do involves any of this stuff anyway. We need these applications though, because we all rely so heavily on their functionality. I’d love for Google to hand over the keys to the kingdom and let us all have it for free, but that’s not going to happen. And who can blame them?
There are lots of things we can do as end-users and modders, though, without violating anyones rights. Most importantly, we are entitled to back up our software. Since I don’t work with any of these closed source applications directly, what I intend to do is simply ship the next version of CyanogenMod as a “bare bones” ROM. You’ll be able to make calls, MMS, take photos, etc. In order to get our beloved Google sync and applications back, you’ll need to make a backup first. I’m working on an application that will do this for you.
The idea is that you’ll be able to Google-ify your CyanogenMod installation, with the applications and files that shipped on YOUR device already. Or, you can just use the basic ROM if you want. It will be perfectly functional if you don’t use the Google parts. I will include an alternative app store (SlideMe, or AndAppStore, not decided yet) with the basic ROM so that you can get your applications in case you don’t have a Google Experience device.
I’ll have more updates soon as I get all the code hammered out.
Thanks for all the support thru all of this.
http://www.cyanogenmod.com/home/the-current-state
The stuff Dreams are really made of....
I knew! Where there's a will there's a way! You can't keep a real boss down! Cyanogen I look forward to playing with this new stuff in the works. Rage on brother rage on, I for one honestly didn't want to leave android really, but I will continue to research back-up plans in case Google has anymore monkey wrenches laying around itching to be thrown...Good luck Cyanogen. We all owe you donations...real recognizes real! Dueces
This is great news Thank you!
fkn awesome!
this exactly what i thought and hoped would happen. everyone got in a tizy over nothing. so we have to back up before we flash which is just another way that the basic moder like myself can better understand the phone.
Does this means we need to wipe every time we flash a new rom?
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Everyone already has it.
Great
This sounds good, there is more than one way to skin a cat. I think they got upset when the new market app was released before they could get it out. They had to do something, but I think it will die down.
don't go there
tomvleeuwen said:
What do you guys think of sharing the 4.0.4 version over p2p networks?
Click to expand...
Click to collapse
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
ei8htohms said:
Cyanogen is doing his best to respect Google's legitimate copyrights, so suggesting that XDA get involved in distributing proprietary applications without a license only serves to undermine what is going on here. Mods: please remove.
Click to expand...
Click to collapse
I posted this in another thread but it would seem to be pertinent to here too:
Loccy said:
Let's face it, strictly speaking, all ROMs are warez.
Personally I'm surprised that it wasn't the Hero devs who got into trouble first, but this was all just a matter of time. I never understood the bizarre fixation that cropped up recently with QuickOffice and everyone going "omfg it's warez can't include it in romz!!!111!1one!". Why QuickOffice and not, say HTC_IME, or Work Email, or any number of other binary blobs that ROM cookers include as a matter of course now that have been "acquired" from non-orthodox source?
The Hero ROMs, let's face it, give people a means of "turning" their old phone into the latest and greatest HTC device. Each stable Hero ROM on the Dream/Magic potentially means a Hero device purchase lost. HTC are being far more hit in the pocket than Google are here - which is why I'm surprised the cease and desist wasn't directed at them.
I do think, however, this site and the people who run it are going to have to pick a side at some point. Either the position is "this is a site for developers, and as long as copyrighted material is not hosted on here in a fashion that would make us liable*, we will not suppress the work of individual devs". Or, their position is "no copyrighted material in any form, be that in the form to links to offsite storage repositories (eg. Rapidshare), or any other method". XDA doesn't *need* to do this in order to ensure the site does not get into legal hot water. I suspect they *might* do it, however, as some kind of misguided moral stance (and in my view the QuickOffice preoccupation was an example of just this). But in my opinion if they choose the latter then XDA is over as a site for realistic Android ROM development (and indeed, Windows Mobile and other OSes, if they apply the same standards across all their boards).
* elaborating on what I mean here - if people attach zips directly to their posts, and those zips are stored on the XDA servers, then XDA as a site is potentially liable. Alternatively, if instead people give a URL or a search string whereby people can find a ROM, but those files are not physically stored on XDA, they are not - any more than Google is liable for the many copyrighted MP3s you can find links to via their search engine.
Click to expand...
Click to collapse
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
ei8htohms said:
Mods: please remove.
Click to expand...
Click to collapse
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
kudos to cyanogen!
Loccy said:
If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
I think common U.S. practice is: if you speak freely, you get called names by people until you either cry or shoot them, thus proving to everyone that your original point is invalid.
But XDA has always had a policy of "if it doesn't get the site admins in trouble, it's probably ok." If memory serves, the site is in the Netherlands, and is subject to EU laws as to copyright, etc. I think that's important to remember when it comes to such things, since the EU laws as to intellectual property are in flux and not quite the same as those in the US or UK.
But the official policy is available in one of the toplevel forums here:
Flar said:
Hi Everybody,
We noticed that there is some confusion when it comes to posting sensitive material on xda-developers.com and mostly about what can and can't be posted.
We would like to clarify our point of view through this post.
Since the start of xda-developers this has always been a site that once in while has some sensitive material online, through the years this site has grown so big it's no longer possible to check every file on our servers or every post on the board, we also feel it wouldn't benefit the community if we did.
However with increased popularity comes an increased amount of legal complaints when sensitive material is found on our servers. Which is the reason why we have been more careful lately. Recently some sensitive material has shown up on the servers and we received legal complaints from companies who have the copyrights for this material, although we all feel this is very interesting and valuable material we cannot risk the future of xda-developers by ignoring the legal requests we receive, therefore this material has been taken offline.
We understand that maintaining the balance between legal and illegal is sometimes confusing and/or difficult but that is unfortunately how it works.
When it comes to posting sensitive material there are a couple suggestions we can make:
- if possible do not post the files on the xda-developers servers.
- use your common sense (if you feel something might not be legal it probably isn't).
- always keep in mind when posting software of any kind, that we will take it offline if there is a legal complaint from the copyright owner.
Warez is in no way accepted and will be removed upon discovery.
I hope this post will serve as a clear and valuable guideline.
Greetz,
Flar
Site admin.
P.s. When you have any questions you can always contact me or one of the moderators.
Last edited by Flar; 17th January 2007 at 10:14 AM..
Click to expand...
Click to collapse
Everyone has an opinion, and they have, or should have, the right to decide for themselves what is correct. I am on the side of Cyanogen. I do not think what he did caused any harm or loss of revenue to anyone. We can not always have our way though, and I think that's the case here. I don't know him, but I do think he's smart enough to keep doing what he is EXTREMELY good at without putting himself in a bad position. It's just a stumbling block to get past. We are puting a lot of effort into pointing fingers and throwing around ideas, but if we placed this much energy into finding a fuctional solution, we might get past it a whole buch faster. A good army fights the war, not the battle.
Warez is in no way accepted and will be removed upon discovery.
Click to expand...
Click to collapse
But every single ROM on here is warez to some extent or another! Certainly (just for example, I'm not picking on anyone specific here) Drizzy doesn't own the IPR for the contents of his Hero ROMs. I'm pretty sure the WinMo ROMs aren't being posted by Microsoft. If the policy is that "warez is in no way accepted and will be removed upon discovery", they're not doing much of a job, are they - every other post is "warez", if you take a strict interpretation.
I suppose I'm saying that "warez is in the eye of the beholder". I fully endorse the attitude "if it doesn't get the site admins in trouble, it's probably ok" - but I can't help thinking that relaxed attitude has been firmed up of late for whatever reason, given the QuickOffice oddness. I'm pretty sure no-one who own the IPR for QuickOffice was ever in touch (although do correct me if I'm wrong), so why the odd fixation recently?
Bottom line: stick to the attitudes and approaches that have made this site what it is, please don't start getting over zealous when there's no reason to.
Honestly did this need another topic though? I mean I'm all for good news like this, but add it on to one of the many topics that are out there. -.- (ready for flaming)
easy now
Loccy said:
The bottom line is that if ROM devs decided they were going to respect ALL legitimate copyrights, there'd be no Hero ROMs, no Windows Mobile ROMs, in fact no ROMs apart from barebones AOSP ROMs which do less than a stock ROM.
And I'm sorry, that's just ignorant. Just because you don't agree with a sentiment doesn't entitle you to demand the mods remove it. If the mods want to remove it they will (and in my view that would indicate which "side" they were choosing.) Personally, I don't know what it's like elsewhere around the world, but here in the UK one is at least allowed to speak freely, if not necessarily act freely.
Click to expand...
Click to collapse
First off, I'm not demanding anything. I politely requested that the mods remove a suggestion that clearly seeks to circumvent the policies of XDA: We won't distribute warez. The poster knew the suggestion was specifically aimed at getting around the XDA policy, otherwise there would be no reason for a P2P distribution alternative in the first place.
A key component of intellectual property and copyright laws (at least in the US) is that the holder of the copyright must act to defend the copyright to some reasonable extent (no, I'm not a lawyer and I don't know what this entails exactly). Now that Google has acted to defend their copyrights in these instances, the line is clear. Google apps are paid apps (licensed to the handset manufacturers or service providers) and are not free to distribute without a license. Consequently, there shouldn't be much further debate about the fact that these are warez and are not to be distributed on or through XDA.
I'm not trying to attack anyone (the original poster, ROM devs or certainly yourself), but I am interested in XDA maintaining the high ground here and continuing to operate in a respectful and respectable manner.
Perhaps we should stay on topic?
te5ter said:
Perhaps we should stay on topic?
Click to expand...
Click to collapse
Fair point. Maybe we should take the "warez is in the eye of the beholder" debate to this thread. I do actually think it's a fascinating debate, personally. Oh, incidentally, just re-read my earlier post, and want to apologise to ei8htohms - I didn't mean to come off quite so brusque.
First, I'm very happy that there seems to be a workaround that Cyanogen feels comfortable in using.
However, I see it as a band-aid to a much larger problem. Yes, it addresses those few apps that Google specifically mentioned. But there seems to be potential future conflicts that could adversely affect this whole Android community.
What about all the other apps in there? The Camera/Camcorder/Gallery app for instance. The UI? Other HTC bits? And the biggie, the Search component? Does Google also lay claim to unified search, the widget, the particular framework involved in that?
I don't know the answer to that, I'm just asking. So much is left unanswered, I just feel this is only the beginning. For now, I guess it may be enough. But it still leaves so much up in the air.
Now the 2nd major issue: Cyanogen should be commended for taking the high road here and doing his best to adhere to Google's current request. I think we all know that there was never ever any question that no one saw this coming. It came from left field and shocked everyone beyond belief.
But will other rom devs be as diligent as Cyanogen? Will theme developers adhere to this? And with all of these added steps required to get a functioning "Google Experience", consider the flood of newbie questions this forum is about to endure. We all thought "brick" and "hardspl" questions were tedious at best ... prepare yourselves for the onslought of mass confusion. That fun has just begun.
I still believe the burden lies with Google to make this right. I'm not saying they should make their apps open source by any means. I'm just saying that there must be a way for Google to allow the inclusion of their apps (perhaps a different license or maybe some encryption trick that protects the apps from modification <I don't know, I'm not that smart>). Google needs to step up to the plate in this. They also need to save-face and stifle this PR nightmare. Android does not need this, Google does not need this, HTC does not need this, carriers do not need this, Cyanogen does not need this, and users do not need this. Growth of the entire Android project is simply too important. I see this as speed bump. They just made the bump too big and it needs to be shaved down some so everyone can get it over without damaging anything else.
this is great news indeed. can't wait to see what is to come!
Related
Hey guys! I put together this license agreement for all the ROM chefs to use. What do you think? What should I change, add or remove?
It was partly created as a joke, but looking around, it looks as if people are getting upset with their chefs for very dumb reasons... this isn't to make the user's life miserable, but to aliviate the pressure chefs are put under or at the very least raise some awareness on the user's parts.
This is NOT the final version. Consider it a beta.
Updated: 1/1/2008 - 9:09pm Eastern Standard Time - Edited for proper syntax.
Updated: 1/1/2008 - 9:15pm Eastern Standard Time - Fixed numbering issue. Added article #16.
Over a hundred views and no comments? Was the document that horrible?
I don't release anything but if I did I probably wouldn't want to attach that to it.. It's already known that there have been legal problems on the site with redistribution of ROM's even in their original form..
Adding your licence to it makes it look like the chef would be saying that they absolutely own the code and that could be a little bit of a dangerous thing to say.
It's almost like commercialising the ROM's and that would definitely be bad. Once you try and do that you are in danger of becoming a target for Microsoft and it's partners for you ripping off their property.
Providing fixes and tweaks is different to claiming responsibility for their work and code in my eyes. I'm sure thats part of why its still being tolerated to some extent.
It's also a little bit cheeky really to say "We grant you the usage of this ROM on an unlimited number of devices, unless otherwise stated. We hold the right to restrict who is allowed to use the ROM and to stop any and all distribution of this ROM." when everyone who releases a ROM has broken the original licence term that says that.
sambartle said:
I don't release anything but if I did I probably wouldn't want to attach that to it.. It's already known that there have been legal problems on the site with redistribution of ROM's even in their original form..
Adding your licence to it makes it look like the chef would be saying that they absolutely own the code and that could be a little bit of a dangerous thing to say.
It's almost like commercialising the ROM's and that would definitely be bad. Once you try and do that you are in danger of becoming a target for Microsoft and it's partners for you ripping off their property.
Providing fixes and tweaks is different to claiming responsibility for their work and code in my eyes. I'm sure thats part of why its still being tolerated to some extent.
It's also a little bit cheeky really to say "We grant you the usage of this ROM on an unlimited number of devices, unless otherwise stated. We hold the right to restrict who is allowed to use the ROM and to stop any and all distribution of this ROM." when everyone who releases a ROM has broken the original licence term that says that.
Click to expand...
Click to collapse
Truth be told, most of it is just filler. lol It was mostly a way to say "If you use this, don't complain."
You do bring up valid points, though.
I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section
Google should change policy stating any changes to the google experience they can keep and use as there own. If people want to make there stuff better with out getting paid for it so be it. Instead of a liability they have developement for what ever dessert they plan on cooking up next. We are a small community the masses don't know what they are missing and it seems like google dosent know what they are missing either
1. http://forum.xda-developers.com/showthread.php?t=565510
2. how is the related to development of the android platform for the htc dream
3. in before the lock
We really really really didn't need a new thread started about this.
Feel free to add your comments to the other 21,348 XDA threads about the same subject.
hotadef said:
Google should change policy stating any changes to the google experience they can keep and use as there own. If people want to make there stuff better with out getting paid for it so be it. Instead of a liability they have developement for what ever dessert they plan on cooking up next. We are a small community the masses don't know what they are missing and it seems like google dosent know what they are missing either
Click to expand...
Click to collapse
UUUUUuuuuuuuuggggggghhhhhhhh
Google should change policy stating any changes to the google experience they can keep and use as there own. If people want to make there stuff better with out getting paid for it so be it. Instead of a liability they have developement for what ever dessert they plan on cooking up next. We are a small community the masses don't know what they are missing and it seems like google dosent know what they are missing either
Click to expand...
Click to collapse
thanks for your input but when you learn to post in the corrent place your thoughts will be considered inane
Why should they? Do you donate all your earnings to charity?
We all need a level of profitability, and google, being a corporation, is pretty greedy about theirs, but you know what, that's their decision.
The community needs to stop bickering about policy and start working towards fixing the problem.
As jbq said, we need to make AOSP usable, right now it's not, and devs have been very negligent about this aspect. Mostly, devs have been making their own apps (which improve nothing over AOSP) or modifiying the existing google builds, but AOSP, the only public domain aspect of android, has remained untouched and up to now only google has been contributing to it.
It's time us, as devs, start making of Android an OS, not just a framework that OEMs can take and add their proprietary bits on top and of little use to anybody else.
david1171 said:
1. http://forum.xda-developers.com/showthread.php?t=565510
2. how is the related to development of the android platform for the htc dream
3. in before the lock
Click to expand...
Click to collapse
dude you must post like 50 times a day .. i gotta step my game up
i think xda should just start temp banning whoever posts another anti-google thread just for idiocracy
and lastly RE to the PORTED
xidominicanoix said:
dude you must post like 50 times a day .. i gotta step my game up
i think xda should just start temp banning whoever posts another anti-google thread just for idiocracy
and lastly RE to the PORTED
Click to expand...
Click to collapse
Meh ... Yea .... I'll 2nd that.
~enom~
Google is a monster ...!
Whatever is said on the Google - Cyanogen afair ... one facts remains: Google has become a defacto monopolist which intends to make the Internet a "Pay for Use" business finally ... you will learn it. Microsoft has proved how to suck the money from everybody in the world and Google intends to make it even better.
This saying a person who himself is leading a company struggling for a maximum profit!
Regards
7
Automization said:
Whatever is said on the Google - Cyanogen afair ... one facts remains: Google has become a defacto monopolist which intends to make the Internet a "Pay for Use" business finally ... you will learn it. Microsoft has proved how to suck the money from everybody in the world and Google intends to make it even better.
This saying a person who himself is leading a company struggling for a maximum profit!
Regards
Click to expand...
Click to collapse
honesty stop beating this dead horse. Seriously. Everyone just stop. All you're doing is cluttering the forum that helps noone.
This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?
Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse
I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse
I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.
Thats why I prefer stock ROM
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Ever heard of pdroid? Droidwall?
reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.
This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.
He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.
an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.
I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.
Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.
I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse
Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse
I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.
(this is not a commercial thread)
I'm a father of two and they have been using the net since young age as I think the sooner they would understand the dangers and the positives it would be better than delaying the inevitable.
The backslash was that the oldest gain too much knowleged and has been online not behaving well.
I've surf around the XDA and Google and have not found an actual Android app that is cost effective and actually reliable enought to allow them to continue without supervision of all what they do.
Any suggestions out there, even from the more "dark side" ?
What I've found so far and a few comments on my opinion:
mod edit - paid services links and descriptions removed
I tend to go to the highstermobi app but not sure if there could be a better app with the missing features this one has.
Any comments or additional suggestions are so welcome!
according to Forum Rules
11. Don’t post with the intention of selling something.
Don’t use XDA to advertise your product or service. Proprietors of for-pay products or services, may use XDA to get feedback, provide beta access, or a free version of their product for XDA users and to offer support, but not to post with the intention of selling. This includes promoting sites similar / substantially similar to XDA-Developers.com.
Do not post press releases, announcements, links to trial software or commercial services, unless you’re posting an exclusive release for XDA-Developers.com.
Click to expand...
Click to collapse
I know you stated
(this is not a commercial thread)
Click to expand...
Click to collapse
but it looks like it
xanthrax said:
according to Forum Rules
I know you stated
but it looks like it
Click to expand...
Click to collapse
I understand, that is why I posted saying non commercial, how to you suggest me to make this question?
I definitely have no affiliation with any of this companies and actually I'm looking for something other than this as these do not fullfill my goal.
I can erase the reference to all apps. I wanted to avoid members to say "I did not google or search around".
Thanks for the help!
pauloviegas said:
(this is not a commercial thread)
I'm a father of two and they have been using the net since young age as I think the sooner they would understand the dangers and the positives it would be better than delaying the inevitable.
The backslash was that the oldest gain too much knowleged and has been online not behaving well.
I've surf around the XDA and Google and have not found an actual Android app that is cost effective and actually reliable enought to allow them to continue without supervision of all what they do.
Any suggestions out there, even from the more "dark side" ?
What I've found so far and a few comments on my opinion:
mod edit - paid services links and descriptions removed
I tend to go to the highstermobi app but not sure if there could be a better app with the missing features this one has.
Any comments or additional suggestions are so welcome!
Click to expand...
Click to collapse
Here is the issue that you will face. In many places apps like the ones you want are deemed illegal. Even if installing on your child's device. Might want to look into the laws where you are.
Apps like that are also not allowed to be talked about here so I hate to say it but you won't be finding any help on the matter here.
As a parent of twin teen boys. All I can say is sometimes you have to let them learn things on their own. You can't protect them forever.
pauloviegas said:
I understand, that is why I posted saying non commercial, how to you suggest me to make this question?
I definitely have no affiliation with any of this companies and actually I'm looking for something other than this as these do not fullfill my goal.
I can erase the reference to all apps. I wanted to avoid members to say "I did not google or search around".
Thanks for the help!
Click to expand...
Click to collapse
you can discuss about this apps but not linking them as you did with prices as well, are you interested on the price or usability , I would say the last so you can discuss about this. You already have an advice above so you can get feedback without linking them
zelendel said:
Here is the issue that you will face. In many places apps like the ones you want are deemed illegal. Even if installing on your child's device. Might want to look into the laws where you are.
Apps like that are also not allowed to be talked about here so I hate to say it but you won't be finding any help on the matter here.
As a parent of twin teen boys. All I can say is sometimes you have to let them learn things on their own. You can't protect them forever.
Click to expand...
Click to collapse
Thanks for the time to reply. You're right on all comments, but one is always afraid, specially because they are pre-teen.
Thanks.
pauloviegas said:
Thanks for the time to reply. You're right on all comments, but one is always afraid, specially because they are pre-teen.
Thanks.
Click to expand...
Click to collapse
The one that has gained knowledge from using the Internet would probably circumvent anything you did anyway, in a way, your plan would only fuel his fire to learn more to bypass whatever you do, so in effect, you'd be pushing him the direction you don't want him to go even faster than if you just left it alone. With that particular child, you'd have to completely restrict their access to the internet, which is virtually impossible in today's world.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
The one that has gained knowledge from using the Internet would probably circumvent anything you did anyway, in a way, your plan would only fuel his fire to learn more to bypass whatever you do, so in effect, you'd be pushing him the direction you don't want him to go even faster than if you just left it alone. With that particular child, you'd have to completely restrict their access to the internet, which is virtually impossible in today's world.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Exactly. Not to mention that with the schools and topics of learning these days. They probably already know how to bypass it. I was amazed the first time I caught my boys sending messages encrypted in their pictures. When I asked where they learned it, they learned it in school. This is when came to understand that there was nothing I could really do about it.
We always want our kids to surpass us. Which they normally do but that comes with some hard pills to swallow as a parent lol.