Lately a lot of threads have been popping up on this subforum and others with regard to the CyanogenMod C&D. A lot of these long threads seem to just be giant echo chambers filled with uninformed or ignorant end-users who don't understand the true nature of the situation. I am creating this thread to help clear up the misconceptions surrounding CyanogenMod, the AOSP, and Google's position in this matter.
Here are some common misconceptions and their clarifications:
"We should petition to keep Android open source!"
Click to expand...
Click to collapse
Google acquired Android, Inc. in 2005 and began investing time and manpower to develop the Android operating system into a fully fledged mobile operating system. The entire project was open sourced in October 2008 to coincide with the first public availability of the Dream hardware. Since then, the Android Open Source Project (which consists of all the source code required to build a working Android environment) has been completely open source. Period.
On top of the completely open source operating system, Google also bundled several useful applications into many stock builds of Android. These builds are commonly referred to as "Google Experience" builds, and the apps include things like the Market, GMail, Youtube, etc. These are NOT a part of the Android Open Source Project, they NEVER WERE a part, and it is unlikely that they ever will be. Many end users seem to have the misconception that these apps are and/or should be a part of the AOSP. They are not. Period.
"Google is trying to keep me from installing other ROMs [sic]!"
Click to expand...
Click to collapse
The C&D letter to Cyanogen was not meant to suppress users from using non-official builds ("ROMs"). The purpose of the cease and desist letter was to stop Cyanogen from continuing to redistribute without permission the proprietary Google-specific apps described above. This is completely within Google's right to do so.
Now to be fair, the work done on xda has often skirted the matter of unauthorized redistribution. In fact, without unauthorized redistribution, it would be difficult (but not impossible) to "cook ROMs". However, unauthorized redistribution has generally been viewed as an unspoken, ungranted privilege. If the company holding the rights to the related software issues a cease and desist letter, the community must respect that choice. To fail to do so would only serve to delegitimize what we do here and risk the survival of the os hacking community as a whole. Users with an overinflated sense of entitlement, you are not welcome here!
"I bought the phone, I should have a right to use the proprietary Google software however I like."
Click to expand...
Click to collapse
Generally, being legally licensed to run a software package does still impose limitations on your usage of it (e.g. you cannot make unauthorized copies or disassemble it). However, in this case, the violation is not in the end-user act of installing CyanogenMod, it is with Cyanogen distributing it. And by no means is this singling out Cyanogen; any "ROM cooker" that includes copyrighted proprietary software in the updater (which at this point is the majority of them) is potentially risking a legal letter.
"Google should not have waited until Cyanogen had worked so much to shut him down!"
Click to expand...
Click to collapse
As in #2, I have to emphasize that unauthorized redistribution is something of an unspoken tacit permission. "ROM cookers" therefore need to exercise good judgement. Back when builds were simply slightly modified versions of stock update.zip files, it was easy for Google to turn a blind eye. The latest CyanogenMod installer included a leaked pre-release version of the Android Market software. Now, I hope it's plainly obvious for even the most oblivious reader, but if you leak a company's unreleased proprietary software before their official release, chances are you will piss them off. Leaks like this have several potentially negative consequences for companies: 1) decreased perceived quality because the program had not been fully debugged, 2) ruining planned launch timelines, 3) causing server backend issues due to unrecognized clients logging in.
Bottom line is this: if you are a "ROM cooker" and you absolutely have to include proprietary copyrighted software in your build, DO NOT INCLUDE ANY UNRELEASED SOFTWARE. You will very likely get C&D'd.
"Google should appreciate Cyanogen's hard work!"
Click to expand...
Click to collapse
From the time you boot up your phone to when you run that first app, probably somewhere like only 1% of the code is written by the "ROM cook". The process of "cooking a ROM" is not, for the most part, programming.
If you want to give credit where credit is due, for the most part you would be thanking Linus Torvalds and the contributors of the Linux kernel, the Android Open Source Project team, and the folks who really did the groundbreaking work establishing root access on the Dream.
good post!
Agreed, very good post..
Maybe someone can clear something up for me (its been bugging me a little)
If i compile from source i need to add files that are pulled from my phone.
Does this mean that ALL roms are technically illegal, even if they dont include the google closed source programs.
Or are we ok to include these files as they are needed for the phone to work, so considered closed source but part of asop?
I have not seen this addressed and i am curious what the state of play is with these files.
Agreed ........ !
Thank you for taking the time to clear things up. Hopefully this will help folks gain some perspective and move toward productive directions.
If i compile from source i need to add files that are pulled from my phone.
Does this mean that ALL roms are technically illegal, even if they dont include the google closed source programs.
Or are we ok to include these files as they are needed for the phone to work, so considered closed source but part of aosp?
Click to expand...
Click to collapse
Good question. It certainly means the ROM is not purely open-source, at the least.
My sense is that those files are the property of HTC and we don't have a license to redistribute them.
Now I don't really expect HTC to serve anyone with a C&D anytime soon, for various reasons, but until a ROM cook gets a written license to redistribute those files from HTC, or until a fully open-source rewrite of those files is done, it's a gray area at the very least.
vixsandlee said:
Does this mean that ALL roms are technically illegal, even if they dont include the google closed source programs.
Click to expand...
Click to collapse
Speaking very technically: yes, because you do not have the express right to redistribute the binary drivers for things like the wifi module or the radio. In reality, these pieces of code are so tightly tied to the hardware that it is unlikely you will get a c&d for redistributing them. However, in the hardcore open source community, even these drivers will be left out, requiring the user to fetch them for him/herself. That would be the 100% license-compliant way.
I'm pleased to say though, there are already many people working on semi and full license compliance methods and "ROMs". Just take a look at the first two pages of this subforum.
vixsandlee said:
If i compile from source i need to add files that are pulled from my phone.
Does this mean that ALL roms are technically illegal, even if they dont include the google closed source programs.
Or are we ok to include these files as they are needed for the phone to work, so considered closed source but part of asop?
Click to expand...
Click to collapse
Read the post again. It's illegal to even copy the Google APKs files out of an original installation and import it into a custom ROM. The major issue was that all ROM creators were importing the Google Apps which are "closed-source" into their own legal open-source code.
I guess now, it'll be down to the individual to decide whether they want the Google Apps in their phone. That's why scripts have been created to give the user a choice on whether to do the illegal act of placing the Google Apps onto their phone.
Google are unlikely going to chase you the individual down rather than the ROM creator (like in Cyanogen's case with the C&D letter).
Hope this helps.
ok. so then all this is not because of the google propriatary crap, but because he released the market early, so google just USED this BS reason to stop that? in other words, had he not released it early, nothing would have happened?
if thats the case, i dont blame cyanogen, but i blame ALL those GREEDY users that MUST have EVERYTHING before everyone else because they feel they need to be the best. you greedy punks almost ruined it for everyone. from what i see cyanogen usually tries his best to do what the people want, had the people not wanted the market so early(its not even that great, just new colors "ooohhh wooow ive never seen colors before i must have that! and now!".. ridiculous.) then this wouldnt happen.
now from i see the latest and "greatest" usually comes in the experimental releases. i think, cyanogen should shut down the experimental releases, or only release them to certain people.. or make it a lot LESS public..that way he can keep testing the stuff till its good and then release it as stable when he sees fit. i mean come on, 4.0.4 is already awesome!! i love it! been using since forever. why couldnt everyone else just be happy with 4.0.4?
and like the post said, dont be stupid and release some leaked program. cause it doesnt just shut you down its gonna shut everyone down. unfortunately i see that soon some noob working on hero roms is gonna release something, and then HTC will be here next.
oh and add this in there:
My guess is that Google has known for some time what was going on, but probably thought 'best not to upset the apple cart' while Android was in its infancy, with only one or two devices from a single manufacturer available on a single carrier. Now that we are on the verge of Android devices being shipped from at least five hardware vendors with over half a dozen carriers, Google probably felt that they needed to get a handle on this. I sense they feared things getting out of control with modders doing willy-nilly ports of innovations from one vendor/carrier to another—e.g., Motoblur on HTC devices and HTC Sense on Motorola devices. I think Google's legal team had a strong part in what took place, and forced action.
Click to expand...
Click to collapse
and i just saw a rom that got some of the motoblur stuff mixed with hero and for the g1. how long do you think till motorola and HTC are here complaining about software on the g1 that isnt supposed to be?
Why don't Google offer these closed-source apps like they do for Google Maps? They could only benefit from more users having the 'Google Experience', even though their phones don't have them pre-installed.
TunsterX2 said:
I guess now, it'll be down to the individual to decide whether they want the Google Apps in their phone. That's why scripts have been created to give the user a choice on whether to do the illegal act of placing the Google Apps onto their phone.
Click to expand...
Click to collapse
If a user downloads a "ROM" without Google apps on it, downloads an official update.zip from google.com, and then copies the Google apps from the official update into the cooked "ROM", that completely mitigates the problem of unauthorized distribution and only leaves the much less sticky issue of unauthorized usage. Unauthorized usage is typically a lot less offensive to the interested companies and definitely a lot less enforceable. There are likely some EULAs somewhere governing the usage of the Google apps (GMail, Market, etc) and except for Market I would be surprised if they explicitly required the app to run on authorized distributions only. But again like I said, it would be difficult to detect, let alone enforce.
peshkata said:
Why don't Google offer these closed-source apps like they do for Google Maps? They could only benefit from more users having the 'Google Experience', even though their phones don't have them pre-installed.
Click to expand...
Click to collapse
That's a very good question, and one I sure would like the Android team at Google to answer. The only app I see being a problem would be Market, since it requires a secured app-private to function properly (which would not be guaranteed on a non-GE phone).
Your post nicely presents the legal aspects and rights of Google but IMHO misses the larger point. The open source community was believing in the ideals of open source and looking the other way at the control Google has over this platform. The pieces that Google controls are not easily (if ever practically) replaceable.
Google actions show that they are not that much different than Apple in trying to control the platform and the user experience. Don't be surprised to see Google behave more and more like Apple as the platform gets stronger and Google's need of an open community weakens.
The only bright spot is one that Google may have missed - that is their existing fight with Apple and AT&T regarding GoogleVoice. Their actions against Cyanogen gives Apple and AT&T ammunition in their arguments with the FCC, which is the last thing Google wants.
This is the only lever this community has over Google. Bring up the FCC and Google Voice case, and Google may back off.
For those who pray for Cyanogen to be hired by Google -- that is the last thing you want. We do not need Google having more control over him, but less.
For those who think that creating bypasses with clean roms and user-initiated backups will solve these problem -- these are short-term technical workarounds which Google could close too.
so with it being technically illegal its pointless (IMHO) being open source.
Its fine with taking from the community, but google seem unwilling to give anything back.
Roll on when full open source roms appear, It would be like a linux distro coming with everything but keyboard and mouse drivers.
This is all legally correct. But it misses the point of the uproar.
We did not expect Android to devolve into a squabble over closed source bits when the whole premise is open source. Goog has disappointed, plain and simple. Your sticky is an apologist's point of view since it doesn't address that fundamental issue.
edit: btw, if Goog was upset about the new Market app specifically, they could have blocked its access to the market using a client-check.
rbrahmson said:
This is the only lever this community has over Google. Bring up the FCC and Google Voice case, and Google may back off.QUOTE]
well think about it. where would google make more money, in allowing the deals it made with htc and motorola and stuff to fall apart because they allow none licensed people do distribute there apps, but keeping the community with them, and winning with google voice... OR in screw the community, keeping the deals on good grounds, and losing the google voice fight? seeing how apple is STILL WAY ahead of android in terms of users, its tough. because its basically, either google kills its own OS for phones, or starts letting go of the iphone ideas by starting with screwing the google voice. honestly, from what i can see, google is gonna come out losing either way lol
then again it is GOOGLE. they never loses anything =/ though with that BING thing growing.. the giant may go down some day. its getting attacked on all sides
Click to expand...
Click to collapse
vixsandlee said:
so with it being technically illegal its pointless (IMHO) being open source.
Click to expand...
Click to collapse
That depends on what your objective is. Open source has many benefits, and many of those are retained even if your distribution contains some closed-source elements. Another important aspect to remember is that while x86 PCs have had three decades to mature, smartphones have not had that same luxury. Given enough time, even hw drivers will become open sourced. So "pointless" is a bit hyperbolic.
Its fine with taking from the community, but google seem unwilling to give anything back.
Click to expand...
Click to collapse
The spirit of open source is the spirit of giving. In that vein, Google has invested considerable time building parts of the AOSP from scratch. To say that they are "unwilling to give anything back" is just a plain falsehood.
Roll on when full open source roms appear, It would be like a linux distro coming with everything but keyboard and mouse drivers.
Click to expand...
Click to collapse
Good luck finding an open source 3G radio driver.
If anyone has read any of the dialog between Steve (cyanogen) and some other Google employees about this issue (most notably JBQ), you would realize that the Google employees are trying to work with Steve.
There is dialog about making the AOSP able to be built and fully functional and distributable without infringing on anyone's rights. This includes investigating other avenues for users to acquire and legally install the Google applications.
The current belief is that Google's legal team sent the C&D letter to Steve, and that it was not done so at the request of the Android developers. They most likely would have liked to work with him quietly and amicably.
Also, please remember that the Market application is not a part of AOSP. The Market application is Google's proprietary code; it is not part of the Android base. Not all Android devices have Google's Market—that is why there are other markets and means of installing software.
I have no doubt that this "controversy" will ultimately be for the best. I believe that Steve, JBQ and the rest of Google/Android will find a middle ground that will work best for everyone. (JBQ has an excellent history of working with other developers and finding good solutions for all—I remember back when he was working at Be and how helpful he was to all of those writing applications for BeOS.)
ytj87 said:
We did not expect Android to devolve into a squabble over closed source bits when the whole premise is open source.
Click to expand...
Click to collapse
So what you're saying is you expected everything included in a Google Experience phone to be open source? I think the problem here is you (and the people you lump into "we") don't understand that Android isn't just built for users, it's also built for handset manufacturers. Quote from the OHA website:
Why did you pick the Apache v2 open source license?
Apache is a commercial-friendly open source license. The Apache license allows manufacturers and mobile operators to innovate using the platform without the requirement to contribute those innovations back to the open source community. Because these innovations and differentiated features can be kept proprietary, manufacturers and mobile operators are protected from the "viral infection" problem often associated with other licenses.
Click to expand...
Click to collapse
In light of that, I don't feel its necessary to dignify the rest of your post with a response.
peshkata said:
Why don't Google offer these closed-source apps like they do for Google Maps? They could only benefit from more users having the 'Google Experience', even though their phones don't have them pre-installed.
Click to expand...
Click to collapse
Because they charge companies like T-Mobile to offer the phone "With Google". If Google put them on the market, then, according to google, any android device would be able to get these applications. So why would T-Mobile pay to have them included. This how Google makes money off of android, this is why they bought it in the first place. They didn't develop android for the open source community, they are a publicly traded company, all their share holders want to know is "How is this going to make use money?". But it is great that the platform is open.
But that brings up Google's "response" where they state any android device can get applications via the Android Market. How can ANY android device get these applications from the market, if only "With Google" devices ship with the market...
Related
I have no idea where this needs to be posted. There are a number of different threads regarding this topic, and I know at least one of them are locked. So mods, feel free to move, delete or merge this as you see fit.
Google, via the Android Developers Blog, issued a statement a short while back. Here it is ...
A Note on Google Apps for Android
Posted by Dan Morrill on 25 September 2009 at 2:31 PM
Lately we've been busy bees in Mountain View, as you can see from the recent release of Android 1.6 to the open-source tree, not to mention some devices we're working on with partners that we think you'll really like. Of course, the community isn't sitting around either, and we've been seeing some really cool and impressive things, such as the custom Android builds that are popular with many enthusiasts. Recently there's been some discussion about an exchange we had with the developer of one of those builds, and I've noticed some confusion around what is and isn't part of Android's open source code. I want to take a few moments to clear up some of those misconceptions, and explain how Google's apps for Android fit in.
Everyone knows that mobile is a big deal, but for a long time it was hard to be a mobile app developer. Competing interests and the slow pace of platform innovation made it hard to create innovative apps. For our part, Google offers a lot of services — such as Google Search, Google Maps, and so on — and we found delivering those services to users' phones to be a very frustrating experience. But we also found that we weren't alone, so we formed the Open Handset Alliance, a group of like-minded partners, and created Android to be the platform that we all wished we had. To encourage broad adoption, we arranged for Android to be open-source. Google also created and operates Android Market as a service for developers to distribute their apps to Android users. In other words, we created Android because the industry needed an injection of openness. Today, we're thrilled to see all the enthusiasm that developers, users, and others in the mobile industry have shown toward Android.
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
I hope that clears up some of the confusion around Google's apps for Android. We always love seeing novel uses of Android, including custom Android builds from developers who see a need. I look forward to seeing what comes next!
Click to expand...
Click to collapse
Source:
http://android-developers.blogspot.com/2009/09/note-on-google-apps-for-android.html
Yep, it's over.
We're still asking for community access to these applications that are almost essential to the current Android experience. I really doubt it's hurting their bottom line substantially enough to justify the killing of their distribution.
In other words, Mr. Morrill's post was pretty much a sugarcoated attempt to gain some of the PR they lost.
We always love seeing novel uses of Android, including custom Android builds from developers who see a need.
Click to expand...
Click to collapse
A "novel" use from a developer who "sees a need" is quite a way to describe a substantially improved version of your OS.
So what is the conclusion? A lot of the things could be replaced, but as mentioned before, the sync tools and so forth are tricky to get around. What is the next step from here?
cyanogen said:
Yep, it's over.
Click to expand...
Click to collapse
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
cyanogen said:
Yep, it's over.
Click to expand...
Click to collapse
So no more ROMs? Or no more ROMs with close-source apps?
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
It's still illegal. A clever trick to walk around the legal fine print. But in essence, it's illegal...
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
To touch on this in another way, what would it take for Cyanogen to become a licensed distributor of Google's Apps for Android? If there are really 30,000 users, couldn't legal fees be gathered from them? And, couldn't the business license be set up as a Not-For-Profit? Like the Association of Cyanogen Followers? If it were, wouldn't the required fees to license the distribution rights of the software be tax-free and operating expenses for the association? Meaning, any costs for running the business could be taken out of membership dues and donations? With the rest being tax write-offs?
Just a thought, as I would love to see this made legit, 4.0.4 is great, but I don't want this to stop here.... selfish I know, but it's the truth.
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
I guees thats no way. What if you have a wipe? No APNs or anything else? You cant dowmload "Market" als a single-app directly from google (as i know).
daveid said:
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
Click to expand...
Click to collapse
Then what the hell is google talking about "encouraging other ROM releases"? If that isn't possible without some pieces of Google software, then is it literally impossible to develop a custom ROM for android?
Thoughts, Cyanogen?
As soon as my contract is I am Too! I can predict a mass exit from android and google!
daveid said:
Without the basic function to sign into the device using your Google credentials, the ROM is useless. You can't just grab them from another build (as far as I know) because of the way they are tied in at compiling to the framework. So you would have to pull the ROM, grab the proprietary pieces from somewhere else, and compile the source yourself.
Right?
Click to expand...
Click to collapse
Is this true? If its proprietary how did CY compile them in the first place? In order to compile don't you need access to the source?
So just come up with replacements for those apps that are closed source and not available on the market...
Devs WILL find a way... I guarantee you
But yeah, Google SUCKS on this...They could have just given him limited licensing...
Without a doubt the most foolish decision I've seen Google make in terms of Android so far. This puts a major damper on a community that was helping make Android better in very real ways.
The only explanation I can come up with is that the closed apps use 3rd party licensed code that Google can't redistribute. Otherwise this is just completely boneheaded.
Google said:
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
Click to expand...
Click to collapse
They claim these apps (YouTube, Gmail, etc) are Googles way to benefiting from Android, but they are not distributed with all android phones? I understand that companies license these applications from Google, but how does it hurt them if they are installed on a device that would already have them?
Then they say "We make some of these apps available to users of any Android-powered device via Android Market", yet this entire thing came about because the Android Market is being distributed? How can any device get these if the market is one thing that can not be distributed?
I paid for the ADP1, which came with Gmail, YouTube and the other applications. The ADP1 feature was that I could flash any ROM I wanted to on the device, but now they are telling me that I can't put one on there if it contains their applications that my device had in the first place.
Hello Google, welcome to the the Dark side, so much for "Don't be evil"
I will help with anything I can on a project to replace the Google Products.
AquaVita said:
How so? What would be wrong with releasing the ROM without the google apps, but have a script or something that runs on first boot that installs the missing apps?
Click to expand...
Click to collapse
ya i was thinking the same .i mean if not ,how do we get gmail ,youtube,ect?do we have to download from market ? some are not in market like youtube.i use gmail all the time .
Do the current Roms have to pulled?
That shiny device with an Apple on it is looking mighty delicious
CyanogenMod officially done now:
http://twitter.com/cyanogen
"Sorry everyone, CyanogenMod in it's current state is done. I am violating Google's license by redistributing their applications."
dwang said:
Is this true? If its proprietary how did CY compile them in the first place? In order to compile don't you need access to the source?
Click to expand...
Click to collapse
I had assumed that they were "reverse-engineered" using something like baksmali, to gain access to the source.... I could be wrong.
I cant believe this. Cyanogen just twittered this:
Sorry everyone, CyanogenMod in it's current state is done. I am violating Google's license by redistributing their applications.
More at: http://twitter.com/cyanogen
(Mods I know it should belong in General but the developer thread should know about it then the other ones. Forgive me)
You are taking it all wrong. He hasn't been shut down, wont be shut down, etc. Read the original statement. As long as you any apps that arent part of the source code repository you are not violating anything as far as google is concerned.
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
I hope that clears up some of the confusion around Google's apps for Android. We always love seeing novel uses of Android, including custom Android builds from developers who see a need. I look forward to seeing what comes next!
So lets please stop being chicken little and get on with the dev work. Not including certain apps is not going to make or break any rom as each user should be able to find the apps on their own.
The sky is not falling although my home did get flooded in atlanta last week.
Johnny Blaze said:
You are taking it all wrong. He hasn't been shut down, wont be shut down, etc. Read the original statement. As long as you any apps that arent part of the source code repository you are not violating anything as far as google is concerned.
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
I hope that clears up some of the confusion around Google's apps for Android. We always love seeing novel uses of Android, including custom Android builds from developers who see a need. I look forward to seeing what comes next!
So lets please stop being chicken little and get on with the dev work. Not including certain apps is not going to make or break any rom as each user should be able to find the apps on their own.
The sky is not falling although my home did get flooded in atlanta last week.
Click to expand...
Click to collapse
You are aware of that the phone relies on ALOT on framework and other files. Have you tried to delete any of the Google Apps? The phone doesnt work without them. Also, open source replacements arent going to be pulled out of the air magically. Its going to take ALOT of work.
Are you sad all your stuff was ruined?
Johnny Blaze said:
You are taking it all wrong. He hasn't been shut down, wont be shut down, etc. Read the original statement. As long as you any apps that arent part of the source code repository you are not violating anything as far as google is concerned.
With a high-quality open platform in hand, we then returned to our goal of making our services available on users' phones. That's why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google's way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren't open source, and that's why they aren't included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it's done with the best of intentions.
I hope that clears up some of the confusion around Google's apps for Android. We always love seeing novel uses of Android, including custom Android builds from developers who see a need. I look forward to seeing what comes next!
So lets please stop being chicken little and get on with the dev work. Not including certain apps is not going to make or break any rom as each user should be able to find the apps on their own.
The sky is not falling although my home did get flooded in atlanta last week.
Click to expand...
Click to collapse
sure its not truly legal but i think its the way they have gone about it- and in the spirit of open source i fail to see how it affects them.....i thought their business plan was based on more people using the net, more people using their apps, and more people using google to search..... so surely he is creating more business for them?.....
I don't like where this is heading......
jealous
if i was google id be going mad too, seeing the new youtube and market on phones and its not supposed to be out yet.
maybe they will offer him a job
John Player said:
if i was google id be going mad too, seeing the new youtube and market on phones and its not supposed to be out yet.
maybe they will offer him a job
Click to expand...
Click to collapse
I totally agree and I think those apps were the straw that broke the camels back...
Its all crap no one not even google can stop someone developing a rom with copyrighted
material on the internet.there are many ways to cover this up without being traced
Anyway what's stopping a simple script downloading google apps onto the device on boot? Nothing as android as source is open
spyz88 said:
You are aware of that the phone relies on ALOT on framework and other files. Have you tried to delete any of the Google Apps? The phone doesnt work without them. Also, open source replacements arent going to be pulled out of the air magically. Its going to take ALOT of work.
Are you sad all your stuff was ruined?
Click to expand...
Click to collapse
The frameworks, etc and files needed to run the os are part of what you can get from the repository. I set up my mac to cook my own roms so I do know whats there and what isnt.
I bootcamped back into vista, loaded adb explorer and removed market, gmail, youtube, and maps. My phone does work without them. If you need gmail then yes there would be an issue but only reason i have gmail is that it was required for me to get my G1 when it came out. Try it for yourself. You will be a lot less functional but your phone will still work.
Besides Google is kinda in a shaky spot. Win mo although not great is established along with RIM os, and Iphone so Android is still in the growing stage and to attract the business users it has to have no hiccups or possible easy exploits so I do believe they will do a lot of barking but very little bite. Probably if Cyanogen wouldnt have made it on engadget, yahoo, msn probably wouldve been left alone.
There are still better things to do with the os. The real dev work is what cyanogen and others do with the kernel, memory management, etc not the apps included with the rom.
PROJECT:OpenAndroid
http://forum.xda-developers.com/showthread.php?t=564263 We are attempting to as a community replace all of google's parts with opensourced programs developed and written ourselves. If you have any thoughts or suggestions please let us know.
The issue is that right now if you want to create a useful ROM you need to include the Market app at a minimum.
Sure Gmail is easy enough to replace, and Maps can be downloaded from the Market. But wait, you can't download it from the Market because you don't have a Market app.
So until there is an open source way to access the Market the ROM development community for Android pretty much hosed.
Hopefully this is not heading to where I think it is heading to... Or I might just jump on the next iPhone and say bye bye to Google.
Actually just a though. Just make a way to for the end user to back the google apps and then after a flash to reload them back on after install. That is not violating their stoopid terms then lol. And then for any updates just providing where you can get the updated stuff directly from google. Like where to get market 1.6 and so forth just right from google. Again no violating anything google. Defiantly a sad day for android. Since they don't let tethering , more then 3 home, not having file system access (like win mo), and no ads (adfree) lol, and many of the other great things with out root. If Google sees this thru I am going to go back to Apple iPhone and to hell with Android. Google will loose alot of users out of this I think.
Just write apps to tie you in with Hotmail / contacts / calendaring / outlook and leave GMail totally out of it.... Google will change their tune about the usage of 'their' apps. Because really they get the most from it by keeping you tied in to their online services.
Wow! I dont even know what to think. It must be a cold day in hell. I really hope that Cyanogen and the devs here @xda can come up with a way around this. And to think that Cyanogen was making some serious headway with the development of his Roms, website, and YouTube channel. I am more or less in shock right now. I have all the faith in the world that you guys will come through this still developing the best the Android community has to offer. Just be patient...
And seriously?...you would switch to Iphone? Who the #UCK wants one of those pieces of $H1T.
NOT ME!!
I highly doubt google would actually follow through and take legal action on something like this. It would be a bad business move all around. I would expect the C&D are more about pleasing manufactures and carriers more then google being worried about their own code, in which case who can blame them as they are at a point where they desperately need to attract these companies in order to ensure the future of android.
Just received a pretty interesting article via Twitter.
http://bit.ly/2NjYST
Not my article, and not necessarily my opinion, but it's a good read.
Arrgghh..google..
Bubye google apps..lets just forget them!
Modified android is much important then google apps itself!!
Google, you are very ridicoulous!! You make your app avaliable free for other system, but for your own system? Even now you make gmail support exchange..
I think i hate google as much as i hate apple..lol..
spyz88 said:
You are aware of that the phone relies on ALOT on framework and other files. Have you tried to delete any of the Google Apps? The phone doesnt work without them. Also, open source replacements arent going to be pulled out of the air magically. Its going to take ALOT of work.
Are you sad all your stuff was ruined?
Click to expand...
Click to collapse
I beg to differ. The phone works without the google apps. I know. Thats what I had when I first got my HTC Magic 32A. For some reason, HTC did not include ANY of Google's stuff in it.
So, no market, no gmail, no maps, no youtube. It was boring as hell. but i still can do pretty much all i needed to do on it (emails, txt and calls).
Just had to imap/pop3 sync gmail using the HTC email client. One thing I hated was the fact that I need to rely on SlideME for my apps. SlideMe(at the time) had very limited apps.
So is including the market breaking the rules, if it is can someone setup a webpage alternative to download apps then just not include google stuff. Open street maps has better maps anyway so i use rmaps, google mail well plenty of email clients about. If we wait i am syre there will be alternative apps for the other google stuff.
Or, oh, I dunno, how about adding a default bookmark android-leak or something and let users download pirated apps? "To bypass the Google Market"? LOL... Basically Google wants us to know that including their apps for free (as in Cyanogen roms) is just like pirating apps, so we are the bad guys already anyway.
I really hope Google will not follow up with the C&D and further spread fear all around.
We are all Google's pawns by using Google apps, let them see our email, see our location, store our search preferences etc to "return better result for your searches" or really, target marketing. When we stop using Google apps (, and move our business to, gasp, Hotmail), they will like it better?
RotoRooted said:
And seriously?...you would switch to Iphone? Who the #UCK wants one of those pieces of $H1T.
NOT ME!!
Click to expand...
Click to collapse
Just saying I'm not happy with the news and I'm going to vote with my money when the next device comes along. I thought Google was the "good guy", but now I think Apple and Google both seem like they think they are the gods of the world anyway.
There is a simple solution to that all of this problem that anyone can use. This will effectively circumvent any legal issues and keep rom updates relatively simple.
1st Problem- A developer cannot distribute Google closed source aps.. This however does not prohibit legitimate users from holding a backup copy. (Fair Use protects the end user of this). If this were not so you could not have over the air backups on your phone, (update.zip)
2nd Continual updates of closed source google apps--- The updates provided by google will be pushed to us legitimately (hence always an approved up to date source for the closed source apps for our liscenced personal devices)
Solution--
-A rom cooker simply needs to build the rom with the applications in place, test as if a complete distribution and right before packaging pull the APKs that are closed source (the Rom does not have to be functional without them.
-The user simply downloads the rom as a "kitchen" places their apk files in a folder in the kitchen.. A provided script or simple program can be put in the kitchen to add these programs back into the package in their proper locations and resign. The output saved into a folder in the kitchen and boom functional rom
---This keeps the letter of the law and spirit, and since the developer is not distributing their code they are safe because they are only distributing android open code, but since YOU hold a legitimate ROM backup provided BY Google for YOUR liscenced device you can simply place such files in the provided folder. Run script and you are done. This program would be simple to create or scripted. File version would have to be simply pre agreed upon in the post much as some developers suggest a radio version with their roms.
--If you dont have a copy or dont hold the knowledge to extract them, then I am sure some kind souls would have accidentally placed them on rapid share for your backup enjoyment... (Liability is not on developers)
I took a screen shot of what I see as a possibility, I would make the application but I am not a ROM developer and these guys clearly have some headway on me....
Look at the picture attached....
By the way this would be legal and not infringe on the law. Since the developer is only providing a "blue print for a possible rom"
Interesting...I'm not a dev...but it seems it could possibly work.
Good idea, I was literally thinking the same thing. It could definitely work.
It would be simple enough.... very simple... Unfortunatly by the time I lay done the first line of code somebody here will have created 10 versions of this.. LOL I am rusty in programming.. Which for something so simple would probably not be needed.
it would definitely make sure that people had to step it up and learn more. I'm totally down for anything that makes people smarter!
I prefer a method such as this over the creation of replacement apps for the google suite (for the short term anyways..).l
http://twitter.com/cyanogen/status/4384352484
If a person can root their phone, or even copy their rom file to the phone then they already have more than enough skill to do a simple drag and drop and a double click... but then again I have been surprised (scared) many times by the average intellect of most people.
Mismatching is definately a problem but not one without a solution. Again some of this will have to be a little sneaky at first. But this is for a few apks. True they are intertwined in the os. Thats why a standard has to be followed for this...
It will make rom development a little more regid but still very much doable. The apks/odexs would have to be controlled a certain way but this is not out of the real of possibility... The roms would come at a slower pace for sure..
afbcamaro said:
Mismatching is definately a problem but not one without a solution. Again some of this will have to be a little sneaky at first. But this is for a few apks. True they are intertwined in the os. Thats why a standard has to be followed for this...
It will make rom development a little more regid but still very much doable. The apks/odexs would have to be controlled a certain way but this is not out of the real of possibility... The roms would come at a slower pace for sure..
Click to expand...
Click to collapse
The new, improved fix_permissions script available in this forum will fix all the mismatching and do the odexing. Perhaps a few lines of code added to the beginning of that (OS) script could transfer the Google apps from their storage spot into the newly installed CMUpdate. Just store backups of the necessary apps on the phone, install the new update, run the script that reinstalls the Google apps, fix permissions and Odex, and re-boot into your new ROM. It looks pretty straight-forward to me.
I am sure that in the beginning it will be complicated with multi steps, but soon there will be an auto-update ap that will do the lot!
Are there going to be compatability issues, even we will end up wiping everytime we get a new rom + closed apps in?
This is so stupid. Can anyone "outside US" take over the roms so we can move on unaffected, as it is happening with everything else in the net that they try to close/block/control?
zaqwsxzaqwsx said:
I am sure that in the beginning it will be complicated with multi steps, but soon there will be an auto-update ap that will do the lot!
Are there going to be compatability issues, even we will end up wiping everytime we get a new rom + closed apps in?
This is so stupid. Can anyone "outside US" take over the roms so we can move on unaffected, as it is happening with everything else in the net that they try to close/block/control?
Click to expand...
Click to collapse
that sounds good?!
Ok, so if they like the work Cyanogen has done, but they have problems with his distribution of certain elements, maybe he just needs to TALK to them and see what can be done. You cant tell me that they don't see the following, and publicity that his roms draw. That is advertising, and companies pay BIG Bucks for good advertising. They need to C.Y.A on their end, but I bet they woulds be happy to tell him what he can do to comply. Anything "gray area" that is done with the roms to come will certainly bring back the lawyer talk, so why not see what they have for ideas.
There's also the problem that software backup is NOT covered under Fair Use, which you can read about Here http://www.copyright.gov/title17/92chap1.html#107
There's also
http://www.copyright.gov/help/faq/faq-digital.html
That's an interesting read, specifically
It is also important to check the terms of sale or license agreement of the original copy of software in case any special conditions have been put in place by the copyright owner that might affect your ability or right under section 117 to make a backup copy. There is no other provision in the Copyright Act that specifically authorizes the making of backup copies of works other than computer programs even if those works are distributed as digital copies.
Click to expand...
Click to collapse
And out of the Google Market TOS(First one I found)
Section 3.5
Unless you have been specifically permitted to do so in a separate agreement with Google, you agree that you will not reproduce, duplicate, copy, sell, trade, or resell the Market for any purpose.
Click to expand...
Click to collapse
Our best bet is to convince Google to give Cyanogen a licence providing he takes certain actions to make sure end user has a licence, such as having Cyanogen updater only run on MyTouch, Hero and G1. Or get Google to give us these apps in push fashion after initial setup.
ohwut said:
Our best bet is to convince Google to give Cyanogen a licence providing he takes certain actions to make sure end user has a licence, such as having Cyanogen updater only run on MyTouch, Hero and G1. Or get Google to give us these apps in push fashion after initial setup.
Click to expand...
Click to collapse
Pretty much what I was leaning towards- there IS a way, it is a matter of figuring out what will make them happy. If it benefits them, and helps us it's a win-win
btw, greetings from Gresham Small world
What I would do is simple just get the dev to not include the google apps and add a standalone app which will then once on ur pc push your backup google apps back into the rom zzip and sign and voila. Simples
I really doubt google will attack anyone for holding copies on ur pc. How can they find out without invasion of privacy
Look any script that anyone compiles will be viewed as warez.
What you need to do is use existing apps. But installing and backing up should be done at the User level. Writing instructions on how to backup and reinstall applications will in no way violate Google agreement at the Dev level. It would however violate it at the User level. And even at that level it is not real clear as you are just using what was entitled to you at the purchase of the phone. You can technically go after Google for violating their end of the deal and not allowing you to use the content on the device.
They dont know how these apps ended up back on your phone they have no case.
And lets face it technically installing a custom rom is violation of the T-Mobile agreement in its self. Using the Tether app is violation of it also. So no matter what people are breaking the law as it is.
A script can not violate the law in this case. The user using it for illegal purposes can be.. but let's be honest most of the ground these coorporations use for infringement are in murky waters and can be defended with a pathetic lawyer, especially a user... most of us break the law with or without knowing it one or twice a year maybe more. Microsoft doesn't go after a user because it will do them more harm than good. A crime right that profiteers from this they will go after. Google has to prove monetary loss due to you action and with a user it will fall under to minor to show up on the radar. A lot of people are more afraid of these companies than they should be.... microsoft has taken action in the past with windows mobile.. xda could not host the roms... so they went to private host like rapidshare... whay they would have to do in order to go after a user cost more than is worth especially something that they know is shaky ground.... I would dare develop and host them offsite. We are trully making it much bigger than it is by being so fearful to come up with solutions. We are convincing outselves that every action to circumvent this is illegal as well
If google just made all of these apps available on the market it would solve the problem.
Then we could still have custom ROM's minus the propitiatory apps, then we could just install them from the market.
As long as the source already included all the dependency's I don't see how this would not work. There apps are free anyway and we would be getting them from the market, an "official" distributor of said apps.
Win win for everyone.
The market is not one of the propitiatory apps is it? Because that would kinda **** up my master plan here.
HOLY CRAP, i just had a realization... if Cyanogen could obtain a lisence from google, then we could probably put roms in SAM or even the market and just update or have an updater app that could save your homescreen and your google sign-in and other user data.... even have a rooting app on there
this could be a new step towards a more open android putting root and custom roms in the hands of regular users and then if that happens i think android would become truly great then we would surpass the iphone on so many levels not just the developer/flasher level, but on the reggy consumer level
A few weeks ago, I posted a very unfortunate Google+ post of the creator of Focal and why it was removed from the CM codebase. It was a depressing story and it really started to make you wonder about where CM is going.
This time, after reading an extremely well-written article, I've come to a similarly depressing conclusion: Android by Google is slowly becoming as locked down as iOS, but not in the sense that you think; it's not about what apps let you do what, it's the developers.
We've finally arrived at a critical flaw with the way Android is developed and these days, I can no longer claim that Android (by Google) is "open" anymore.
Feel free to give this a read (Disclaimer: I am not affiliated with Ars Technica in any way).
http://arstechnica.com/gadgets/2013...ntrolling-open-source-by-any-means-necessary/
It's not just about Amazon's version of Android; CyanogenMod is for all intents and purposes a "fork" of Android. It is designed to work without Google Apps and as we all know, we flash those seperately. But that's the problem, the answer isn't just "Well, I'll just flash the Gapps and it will work like it should". What will happen if new Play Store apps start referring to features in the framework that don't exist in a form that we can flash? What if the license to flash the Gapps gets revoked?
How will CyanogenMod start adding features to apps that were originally AOSP but are now closed source? What will happen when the open source Messaging app is abandoned and turns into a Hangouts feature? How can CM stay on top of that?
It's not as simple as "take the source we currently have and work with it", because what will happen when Google adds a killer feature to an app that depends on some API that is no longer open source?
These are some rather frightening questions to deal with. I don't know where Android is going, but I'm certainly starting to wonder what's going to happen to it.
I'd appreciate any and all input on this.
Not very continuous, but here's my thoughts about the article:
The Gapps license is meant to lock the makers of Android phones into Google, so users get locked within Google and Google can gain revenue from the users. After going to that extent to make sure Google gets to keep the device's user, what's to gain if Google users of the device who flash CM to be locked out of the system instead of keeping them "trapped" with the Google ecosystem even with a non Google ROM? Doesn't make any sense does it?
I suppose we will still have to flash them like we flash the Play Store now. Unlike Amazon, CM (for now) actually still relies on Google and doesn't "divert" revenue to another company and therefore Google would be more than happy to let their apps be used. But if CM does start going the Amazon way, I believe Google may lock CM out.
Those APIs take time to develop, take the Maps API for example - you think they spent millions, if not billions mapping the entire world and even roaming every street just to make sure you can find your way around for free? They'll need to recoup their costs somehow.
While Android is open source and contributed by Google for free, don't forget Google is a company, not a charity. They have to make money or their shareholders won't be happy. Even if their shareholders are massive fans of open source they also have thousands of employees to pay, and all that costs money. And don't forget, when a company is providing free stuff for you to use, you are not their customer - you are their product. Android will change in ways that will keep Google profitable and keep competitiors unprofitable, while keeping the users as comfortable as possible so they will continue to be their product.
cccy said:
Not very continuous, but here's my thoughts about the article:
The Gapps license is meant to lock the makers of Android phones into Google, so users get locked within Google and Google can gain revenue from the users. After going to that extent to make sure Google gets to keep the device's user, what's to gain if Google users of the device who flash CM to be locked out of the system instead of keeping them "trapped" with the Google ecosystem even with a non Google ROM? Doesn't make any sense does it?
I suppose we will still have to flash them like we flash the Play Store now. Unlike Amazon, CM (for now) actually still relies on Google and doesn't "divert" revenue to another company and therefore Google would be more than happy to let their apps be used. But if CM does start going the Amazon way, I believe Google may lock CM out.
Those APIs take time to develop, take the Maps API for example - you think they spent millions, if not billions mapping the entire world and even roaming every street just to make sure you can find your way around for free? They'll need to recoup their costs somehow.
While Android is open source and contributed by Google for free, don't forget Google is a company, not a charity. They have to make money or their shareholders won't be happy. Even if their shareholders are massive fans of open source they also have thousands of employees to pay, and all that costs money. And don't forget, when a company is providing free stuff for you to use, you are not their customer - you are their product. Android will change in ways that will keep Google profitable and keep competitiors unprofitable, while keeping the users as comfortable as possible so they will continue to be their product.
Click to expand...
Click to collapse
First, I appreciate the input! I was looking forward to intelligent discussion and it's great that the first reply is just that.
I would like to clarify though; my concern is not so much about Google making money; they are a business and deserve to make money in whatever way they see fit. We have something they want (ad clicks and search history) and as long as they provide an experience worth using, I don't mind that transaction at all.
My worries start with what the custom development scene will look like one or two years from now if the base apps that make Android useful on its own (and by extension, useful to custom developers) have been molded into Google Play apps or frameworks or APIs.
In parallel, it's also starting to make sense why Cyanogen continues to put effort into alternate applications such as Apollo and Focal; they saw this coming way before we did.
LiquidSolstice said:
First, I appreciate the input! I was looking forward to intelligent discussion and it's great that the first reply is just that.
I would like to clarify though; my concern is not so much about Google making money; they are a business and deserve to make money in whatever way they see fit. We have something they want (ad clicks and search history) and as long as they provide an experience worth using, I don't mind that transaction at all.
My worries start with what the custom development scene will look like one or two years from now if the base apps that make Android useful on its own (and by extension, useful to custom developers) have been molded into Google Play apps or frameworks or APIs.
In parallel, it's also starting to make sense why Cyanogen continues to put effort into alternate applications such as Apollo and Focal; they saw this coming way before we did.
Click to expand...
Click to collapse
I believe the custom development scene wouldn't get affected much. After all, remember the old XDA-Developers? Windows was all locked down, but the cooks still managed to make customized ROMs. What's more, Google wouldn't want to lose their "products" - Google wants us to continue to use their services so they can earn money, they wouldn't lock us out.
What competitors lack is the capability to access Google's services (Frameworks, APIs, etc) as Google has ways to block them (Which is why we had circumvents like device spoofing). If you had a device designed for Google's version of Android, I am sure Google would still enable access if you use a custom ROM. The point of locking those competitors out is to force them to embrace Google's version of Android and not use their own forks which would keep Google out of certain aspects of the user's phone, decreasing revenue. Therefore, if you could roll your own custom ROM, it makes sense for Google to continue supporting you so you still completely rely on them instead of "outsourcing" to other competitors.
CM puts effort into alternate applications because as you can see right now, CM's starting to roll their own commercial forked devices - what happens after that? If you have seen the ways of other commercial versions of Android (Amazon, China brands, etc), they start replacing certain revenue generating aspects of the phone to use their own service instead of Google's. Certainly not what Google wants.
In short, I would say, if you are a small custom ROM user, Google isn't going to come after you, they want you to use their services! But if you are a competing company, expect your devices to be locked out from Google in the hopes that they eventually force you to bow to them and convert all your users completely to Google's "products".
The single most important, most debated subject of being online - privacy and security.
While security is undisputed, privacy aspect is.
So what exactly is the concern? As normal people in normal professions (which is easily more than 90% of the population), is there a need for worry?
For a long time since I started using smartphones, I had a natural inclination towards remaining anonymous and private online. I would always use incognito browsing for everything I do online, never create an account with a service as much as possible (e.g. I would watch YouTube videos without signing in), etc.
With time, I began realizing that I am actually missing out on so many interesting things that matter to me, and much of the content that would interest me would be made available to me without much effort using machine learning and artificial intelligence, an area where huge investments are being made.
So slowly I started accessing content and using services with my Google account. Over time, everything from Google feed to YouTube videos were showing me content that I am interested in, and sometimes they were so intelligent that I have been amazed with the whole technology that is at works. Surely, you cannot expect a doctor to give you the right prescription without giving him complete details about your problems. You can't talk privacy there. So unless the system learns what you like and what you don't, there is no way it will present stuff (including ads) that will be interesting to you.
With that said, why are are we overemphasizing this aspect of our lives? Is the privacy lobby inflating the privacy problem more than is necessary? Especially since much of what Google learns (according to them) about you is private, and only you can access/ control it, and also because the open-source alternatives are overrated. I say overrated because there are no audit reports (from trustworthy audit entities) available. Their codes may be available for audit, but is there a trustworthy source that is actually auditing them? Are the platforms where they are available being audited? So the issue of privacy and security applies to these platforms too, and more so because they aren't scrutinized as heavily as Google products and services.
As far as more personal info is concerned, like location, age, gender, searches I perform, accounts, mobile number, etc - Google already has all those because I provided them with much of that info when I created my account. Sure, one can always provide fake info for some of them. But if you use 'Find my Device', you are pretty much giving away your location to Google REAL-TIME. While this can potentially be misused, how else is Google supposed to help you if you were to lose your device? Mobile numbers and email addresses are necessarily required to be correct because they are needed when you are locked out of your account. They are the only means to get your account back.
While I am a strong proponent of privacy, I also feel that too much is made out about a lot of stuff that aren't really something to worry about. Those stuff are essential to get the service we expect in return, in other words, putting technology to use.
That said, it is still important not to give anyone a free hand over data, and there has to be several layers of checks and balances, and accountability for safeguarding and using them.
All that said, my current position is this. Make best use of the technology at hand, because if you don't provide the necessary inputs, there cannot be a proper output.
As with some things that we do online which we might want to keep completely private, use a non-google browser (like Firefox Focus or Duck Duck Go) in incognito mode with Duck Duck Go search engine.
For everything else, use GOOGLE (assuming there is accountability and severe penalties for violations).
Reserved for additional info.
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Sridhar Ananthanarayanan said:
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Click to expand...
Click to collapse
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Ultramanoid said:
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Click to expand...
Click to collapse
You spoke of making 'reasonable compromises' on the MiX thread.
I have only elaborated the same. How does it matter if Google learns what I like to search on the internet? I am willing to give them that information so that they can provide me with content I am interested in, so that my news feed is mostly content I like to read/ watch, and little garbage. In the process, if they are showing me ads relevant to me, what is wrong with it?
My view is based only on this premise that this is how my data is being used. I have never had a financial security issue (like money being stolen from my account) because of what Google learns about my internet activity.
Also, I am assuming that Google won't learn anything about the searches I may do in incognito mode. They are supposed to respect the privacy. I'm aware they have been sued for not adhering to it strictly.
So assuming that they stick with usage of data as per their declared privacy policies and in accordance with laws, what is the problem?
Sridhar Ananthanarayanan said:
You spoke of making 'reasonable compromises' on the MiX thread.
Click to expand...
Click to collapse
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Ultramanoid said:
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
Click to expand...
Click to collapse
I think the moment you are online, you are presenting yourself to be tracked. No matter what tools you use to safeguard your privacy, a country's intelligence has an upper hand because they have the resources and much more advanced technology that is not commercially available.
They can also set up something like the link you shared as just another means to track you (by misleading you into believing that you are remaining private and anonymous).
I think one can truly stay private only by staying away from technology. Otherwise, you are just opening yourself up for tracking.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
indestructible master said:
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
Click to expand...
Click to collapse
This is not a source code ... Just because it says source code, it doesn't mean it's a source code. That's a zip file containing the OEM firmware from Xiaomi.
indestructible master said:
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
Click to expand...
Click to collapse
As I said, we are overemphasizing on many of the things and linking them to privacy. Much of the seemingly private things have no bearing in real life, even when made public. Because, no matter where you are, you have to adhere to the local laws and your internet activity isn't important (unless one is into prohibited activities).
It is a very niche segment of people (like those working for intelligence, journalists, etc.) that must pay special attention. For most others, there isn't too much to worry about, as long as the companies providing services adhere to data regulations and act with responsibility.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
It's not the case with few established ROMs. Lineage OS comes to mind. As they encourage people to build ROMs from source. But device support is problematic. That's why I turn to custom ROMs. It's a great idea, but I thought XDA ROMs guaranteed security with the GPL and Open source philosophy. But it's being violated all over the place.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Ultramanoid said:
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Click to expand...
Click to collapse
I didn't say that OEMs make their source codes available. I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition. There is lot of benefits by doing so because OEMs can use this as an opportunity to push sales of their own devices. Example is the clipboard scandal of OnePlus, as well as others.
Compare that to custom ROMs. There are so many custom ROMs available for popular devices. Official builds, unofficial builds, nightlies, etc. etc. The ROMs are available for free. Who cares to audit/ scrutinize these? No one cares because there is nothing to gain. This is also because a very minute % of Android users actually install custom ROMs. So no one cares.
Just like root, the need for custom ROMs is decreasing by the day. OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices. And now the Google-Qualcomm partnership that is making these upgrades easier and faster. Unlike in the past, OEMs are much faster in releasing security updates today.
Lineage official builds, in my experience, isn't feature rich like some other custom ROMs or unofficial forks of Lineage. People may opt for Lineage official builds primarily for two reasons:
1. Debloat their OEM software like those from Xiaomi, Huawei, even Samsung.
2. OEM has stopped providing official support (this is now changing because 3 to 4 years of official support is synonymous to life of the device because a large % of people usually buy a new device every 3 or 4 years).
Some of the developers of custom ROMs are arrogant arses. That's another reason to tell them to eff-off.
Sridhar Ananthanarayanan said:
I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition.
OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices.
Click to expand...
Click to collapse
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
One thing is to express an opinion, another to give facts.
Ultramanoid said:
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
Click to expand...
Click to collapse
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Ultramanoid said:
One thing is to express an opinion, another to give facts.
Click to expand...
Click to collapse
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Sridhar Ananthanarayanan said:
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Click to expand...
Click to collapse
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Ultramanoid said:
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Click to expand...
Click to collapse
You are simply exaggerating it.
Like the saying goes, better to trust the known devil than the unknown angel.
Cheers!