I was wondering if anyone knows a real answer for this. How easy would it be to cook in something that would send back your email login and password? Or other logins to stuff like banking sites. The people who make the roms seem to be hard working enthusiasts, but it still makes me nervous.
The reason I am asking this is because WM6.1 seems pretty buggy and slow and I was hoping that maybe updating to 6.5 would help, however Sprint is being super slow and vague (as usual) about if they will ever release an official rom.
And please no "then just don't use custom roms" replies. I am just hoping someone has some way to show that they are safe and then I will happily use it!
I was wondering the same thing. I don't use any cooked rom for anything banking related for this possible risk.
I know there are other threads that have the answer but can't find them maybe someone hid them?
Anyway what would the average chef gain, second of all how do you know a member of Opera or IE is not taking down your details or even Bill? "by that i mean there is more to worry about"
My point being chefs cook ROMs to give users better phones than stocks... Also the world of WM isn't laden with virus's/spyware so even doing so would be hard and no one would be bothered to spend there time considering how much time cooking consumes.
Just Hard-SPL your device and start flashing
I find cooked roms are the best! They are tweeked, customized, optimized, flexable, etc. Happy Flashing
Im still leary. Im going to wait until you all flash...then i will know its safe
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
FloatingFatMan said:
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
Click to expand...
Click to collapse
That is a very argumentative answer to a very simple and valid concern that allwires has regarding the security of using cooked rom's. Some people that use these rom's like to use their device's web capabilities for banking and for storing personal information and he brings up a very valid question regarding the safety of using these rom's for these purposes. Then you insult the poster by saying he or she is being paranoid when we all know that the capabilities for wrong doing via viruses and other malicious software are very valid concerns in this day and age. I would like to hear an intelligent and informative answer to this question since I'm sure as this sort of thing becomes more mainstream as it is bound through time to become there will be many more inquiries made as to the safety of their usage.
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
deedee said:
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
Click to expand...
Click to collapse
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
qqa92 said:
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
Click to expand...
Click to collapse
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
^^ And to add to Tim's comments. Just make sure you get your cooked ROM from an established chef if you're worried, and there won't be any problems.
Now, if the ROM was from someone with a tiny postcount and wasn't known, then you might have cause to think twice; but that's not going to happen here...
timmymarsh said:
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
Click to expand...
Click to collapse
Well then why not let the cat out of the bag. I'm just in here to see if I can get a large portion of the members in here's knickers in a twist so that they will all go out and buy my mobile AV since mine is the biggest one out there currently. Lots of potential there, in terms of cha-ching you have to agree. LOL!
There's also the option of downloading a kitchen and cooking your own ROM ... this method permits you to look at each package in detail.
Cheers,
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
I'm not sure what your reasoningn was to stop using email on the phone because of a failure to login to yahoo from a laptop. Did you notice any malicious activity on your yahoo account? Have you since? Have you changed that password? Just seems strange.
As for the security of cooked ROMS, I've never used one but I have a new phone coming and I'm going to try one from a reputable party here. I'm not nervous about it and I use online banking all the time. Here is why I am not concerned:
1.) As several people pointed out already, your PC is more vulnerable just because of sheer numbers. WinMo has a small market share and cooked ROMs would represent an even smaller market share. Even then, there are many custom ROMs to choose from. Then if EVERY user of a specific tainted ROM used their online banking on their phones, there is still little they could actually do with that information. For example, chase uses text messaging which means yes, someone could get my balance and stuff, but I actually have to login to the site to authorize my phone rather than login through the phone. So the information itself may or may not be useful. At the end of the day, it just wouldn't make the chef much money since there would simply be too few potential victims.
2.) The liklihood is very high that the perp would be caught by their peers and exposed in order to 1 - protect their own integrity, and 2 - get bonus points for being the one who exposed the bad guy (or girl). When you add this level of risk to the low reward, it just doesn't make sense. High risk, lots of work, little reward.
3.) Then of course, if someone fraudulently accesses your account, you can usually get that money back.
So I'm perfectly comfortable froma security standpoint. It's the stability standpoint I'm a bit concerned about but that's why I'm waiting till I get my new phone to try one out so I can go back to my old phone if it all craps out.
RedScorpion78 said:
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
Click to expand...
Click to collapse
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
startluvova said:
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
Click to expand...
Click to collapse
Hey there,
Way to go to ressurect an old thread
Nothing has changed, i have never heard of seen of a custom rom that has a virus cooked in, or one that has been intentionally created to spy on the user.
That said, i guess you have to make your own decision after reading the comments from some experienced chefs/flashers here
CHeers.
Related
i mean, everything on this site is pretty much microsoft, which should create some copyright issues.
they are just happy to find a place where winmo doesn't get bashed constantly
duude said:
i mean, everything on this site is pretty much microsoft, which should create some copyright issues.
Click to expand...
Click to collapse
LOL, your first post and you have a pop at this site?
You dont work for MS do you
GREAT first post.
anyway.
They tolerate it because we don't personally host anything and yes, we do make windows mobile better.
Also, this site actively opposes software theft, (warez and others like it,) which is the bulk of any copyright problems. It spreads goodwill towards Microsoft, believe it or not; if users have problems with standard Microsoft software, they don't have to just sit there and be unhappy, it can be tweaked. By doing so, people are happier with their Microsoft-driven equipment, and more likely to keep using it than changing to something else. There are countless people on this site who would tell you that without this site, they might not be using a Windows-driven phone.
It is also free tech-support for Microsoft, which saves them loads of money.
LOL duude...are u an attorney or do u own an iphone?
m$ knows better to keep this site alive. its their faults we are tweakin up and makin it better. beside...you never know...this draws a lot and i mean a lot of ppl towards m$. so i m pretty much sure the revenue keeps em' happy
yesod7 said:
There are countless people on this site who would tell you that without this site, they might not be using a Windows-driven phone
Click to expand...
Click to collapse
One here!!!
microsoft never sold wm to any end user
and this site never taken part in porting wm to a device that dident came with it
more because of the close to impossibility of doing so
so as ms still get their licensense from the manufactors
and better rep with users who can get more out of their devices then just
depending on what the manfucators give before they forget about older devices
and move on to their new stuff
more wm phone owners keep getting new wm devices rather then moving to iphones or symbian devices so
it helps ms out alot in their quest of getting a larger % of the market
Plus, along with the free tech ehlp, the improving of current phones, we all know new htc phones will be tweaked cooked and stuff, so buy another phone. so XDA not only saves tehm money, but actually gains them money
It's because of this site that I'm looking at the Windows Mobile platform for my next phone rather than traditional Nokia, Sony Ericsson (other than x1), or even the iPhone..... actually come to think of it, without the exisitence of this site EVER, I would get an iPhone 3G right away.
you will see that in the coming future microsoft will be incorporating programs and devs that were created through this site to their platform. There was once a time when microsoft tried to shut it down when they realised that the site actually brings more people to microsoft and keeps them there.
LOL! I was going to post something else, but I'm pretty sure everybody has already said it, or thinks it! To much good comes from this site! Think about it, how many users of this site are now WM users for good and will always be sold on the next best WM platform because of this site.
yesod7 said:
Also, this site actively opposes software theft, (warez and others like it,) which is the bulk of any copyright problems. It spreads goodwill towards Microsoft, believe it or not; if users have problems with standard Microsoft software, they don't have to just sit there and be unhappy, it can be tweaked. By doing so, people are happier with their Microsoft-driven equipment, and more likely to keep using it than changing to something else. There are countless people on this site who would tell you that without this site, they might not be using a Windows-driven phone.
It is also free tech-support for Microsoft, which saves them loads of money.
Click to expand...
Click to collapse
Yup, that's it.
TheChampJT said:
LOL! I was going to post something else, but I'm pretty sure everybody has already said it, or thinks it! To much good comes from this site! Think about it, how many users of this site are now WM users for good and will always be sold on the next best WM platform because of this site.
Click to expand...
Click to collapse
Amen to that!
Why haven't they done anything?
because nobody there is smoking crack
Would you close down a site that gets people talking about your products ? that is full of people writing programs that enhances the usability of your products? that's a great place to see some ideas you might steal for later versions of your OS.
This is free R&D!
duude said:
i mean, everything on this site is pretty much microsoft, which should create some copyright issues.
Click to expand...
Click to collapse
Alas, I saw this differently with others. I think the question is very out of topic since this is an All-HTC-Devices forum, not an M$ WM forum. It's only 'coincidence' that after these years, HTC always used WM as their OS.
If HTC decided in the future that they will build their own OS, or maybe use Android, then it may trigger M$ to reconsider its stance against this forum. Especially, when we -as always- try to improve our experience with the devices, do it by porting some parts (drivers/softwares) from WM to other OS, or vice versa. Then the issue may be valid.
Btw, I don't know but do you all think it's safe -legally and/or morally- to port other vendor/ODM's part (drivers/softwares/etc) into our HTC devices? I ask this because I saw many attempts already...
I don't know the exact number of people on this site, but I do know that there are a whole lot of people on this site. My point for that last sectence is "would you destroy a site that has FREE workers helping your company out to better there products and gain more money"
Yes, we might receive applications before they are release, but honestly where do you really think we receive those from uuuummmm?
So again, if I was a big company I would never touch this site because I will pass my software to this site let eveyone play with it and then I would know where all the bugs are at. So then I will fix it and then sale it.
There might be alot of poeple on this site but I think MS has a lot more customers that don't even know that this site is even alive.
There you go my 2 cents.
gsessons said:
I don't know the exact number of people on this site, but I do know that there are a whole lot of people on this site. My point for that last sectence is "would you destroy a site that has FREE workers helping your company out to better there products and gain more money"
Yes, we might receive applications before they are release, but honestly where do you really think we receive those from uuuummmm?
So again, if I was a big company I would never touch this site because I will pass my software to this site let eveyone play with it and then I would know where all the bugs are at. So then I will fix it and then sale it.
There might be alot of poeple on this site but I think MS has a lot more customers that don't even know that this site is even alive.
There you go my 2 cents.
Click to expand...
Click to collapse
and if the truth be known, they (M$) are happy that the masses dont know., in truth, the people on this site contain more knowledge and expertise than all of m$ combined as far as HTC handsets are concerned and how to tweak and tune the software to ACTUALLY work. it could be perceived as (truth) the Big companies are just mass clearing houses of useless data they can sell for a profit. how many of us came here for the first time only looking for useable software programs? how many of us came here for the first time trying to find a solution to an OEM problem?
M$ has found a truly unique forum in the world of r&d., although probably more out of frustration than than anything else, the majority of talented people here could teach this stuff to most of the employees at m$ about these devices and how they work and why.
I would be very surprised if they didnt have a staff of several people working there monitoring and testing to roms and software packages developed or tweaked through this site. they would have to be unbelieveably arrogant to think this is a bad thing for business, and we all know who one of the richest men and companies in the world is dont we. he didnt just fall off the truck so to speak, he understands..............economics!
With all of that in mind can anyone understand why pocket development is not possible on Visual studio express editions (free).
Isn't that a shoot on the foot? I think so.
I think that a platform with a lot of developers is much more appeling, and then seel more. Only a opinion from someone that will never buy a iphone.
I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section
These guys annoy the living hell out of me. You go to look for a new phone and there's 10 people trying to flash phones for a fee to every 1 person selling a phone. So I took it upon myself to post a short paragraph giving information to help people avoid wasting their money and to learn something all at the same time.
So look forward to a flock of noobs
Good idea or bad? I'm not so sure if I should link my post to this thread...
I know what you're taking about. I also see it everyday. But the thing is that even though flashing a phone might be an easy task for you and I, that's NOT the case with the vast majority of society. In most cases, it may not be the case of ignorance, but instead a major case of sheer laziness.
I mean think about it, let's say cooking for example: Cooking even the very basic chicken noodle soup is really not that hard. There are PLENTY of FREE recipes out on the internet, books, mags, etc etc. I mean it's so easy that you can just dump a can into a pot and heat for 5-10 mins, but yet people will still go out and pay someone else to make them chicken noodle soup.
*NOTE* Just to be clear, I was just using it as an example and was NOT comparing the simplicity (or complexity) of flashing a phone to cooking chicken noodle soup.
Also the fact that these guys are turning other peoples hard work into a business for themselves pisses me off even more. I'd imagine with knowing human nature that these guys haven't contributed a single cent to the people who made all of this possible.
They've damn near made rooting and flashing dummy proof so I'm going to try to compile a tutorial on craigslist that will enable the most novice computer users a way to do it for themselves.
The biggest problem is that a couple of the programs require users to have xp which a lot of people have already converted to win 7...
btw I make one hell of a chicken soup
It would be neat to see a pop up screen cooked in the rom that would pop up 24 hours after flash. But the pop up would be clearly known by any user that obtained the rom from an xda dev. The pop up could read "If you paid someone to install this on your bla bla bla......".
But in the end they are called knock off artists. How do you police the distribution of altered copy written material.
good day.
You obviously can't get rid of the "knock off artist", but you can educate the layman's if they're willing to put forth a TINY bit of effort.
Maybe this is all pie in the sky
If you hack a Nintendo Wii to install the Homebrew channel it pops up a warning that if you paid anyone for this, you were ripped off.
Counter Point
I hadn't heard of this, but it doesn't surprise me. Actually, I don't get what's wrong with it.
There are many people who pay someone to load a Windows upgrade on their computer. Heck any computer repair shop will do it for a fee.
They didn't write the OS, and they're often not charging for the OS, just the service of installing it. And installing an OS is, to me, much easier than flashing a ROM.
Some people just have other things to do like work, pay the rent, etc. They might not have the time or interest. Now, if they're actually CHARGING for the software, that's different.
Cooking chicken soup may be easy, but people still go to restaurants.
http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
smockpuv said:
http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
Click to expand...
Click to collapse
Old news.
No this is not old news at all. This subject is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is trying to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
T-Macgnolia said:
No this is not old news at all. This subnet t is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is Beloit.g to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
Click to expand...
Click to collapse
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
malybru said:
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
Click to expand...
Click to collapse
The ROM just cleans bloatware and other things in HTC Sense to help the ROM run smoother. All devices have this CIQ on them, it is not an app but several things that are hidden deep in the ROM and has to be cooked out of the ROM. ASOP ROMs do not have it. Go read this article by azrienoch on it. Make sure to click on the links in the article too then you will have a better understanding of what I mean. You will also see why it is such a big deal.
Update to the current Carrier IQ fiasco with video proof
http://m.wired.com/threatlevel/2011/11/secret-software-logging-video/
Separate link for the youtube video for easier access.
http://www.youtube.com/watch?v=T17XQI_AYNo&feature=youtube_gdata_player
In the T-Mobile galaxy s 2 forums the carrier IQ the is in the kernel is that where it is in sensation? I can't find any of the know names in my wife's phone.
Sent from my SGH-T959 using xda premium
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
So, because tracking software is being put on many devices we use every day, we should not worry about it?
Perhaps if consumers were made more aware of things like this, they could stem the tide of invasive technology.
Sent from my Sensation using xda premium
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
tictac0566 said:
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
Click to expand...
Click to collapse
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
I wonder how this affects the speed and responsiveness of the phone's OS?
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
Yes that is true what you said but most people already know that cops can get your records from a phone company with a search warrant depending on how long that company keeps those records.
This is deferent, a third party collecting all information of what you do on your phone without your consent or knowledge is wrong. This company is also not the government so what right do they have without your consent.
Yes on a console, a PC, and1st and 2nd party apps on your phone you give consent for them to use various monitoring techniques but you have a choice, here with carrier IQ you are not giving that choice it is there and you have to use a crowbar to get it out of your phone.
I'm no fanatic but I do believe in the constitution. It is your right to give away your privacy but it is not for someone else to take it away from you.
Sent from my SGH-T959 using xda premium
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Shery4life said:
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
Click to expand...
Click to collapse
Carrier is a global company. The company does have offices in London...
http://www.carrieriq.com/company/index.htm
And under the heading "About Carrier IQ"
http://www.sys-con.com/node/1865183
So European phones may have CIQ installed depending on what the mobile provider. Something that our friends over the pond
should research.
Sent from my SGH-T959 using xda premium
T-Macgnolia said:
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Click to expand...
Click to collapse
Hi,
That is very well put.
If you sit back and do nothing, then nothing will get done.
The more people complain about this, the more something is likely to be done.
As far as the carriers are concerned, they probably think that no one knows that this stuff is even installed!
Its important to show our awareness of this situation, and complain about it.
How about Logging TestApp? I heard that this app helps you erase all the logging apps in the phone, including this one.
This issue just Made ABC news this morning
gtrplr71 said:
This issue just Made ABC news this morning
Click to expand...
Click to collapse
This issue made international news.
http://www.forbes.com/sites/andygre...ve-violated-wiretap-law-in-millions-of-cases/
Wow, at first i was reading this thread and had the same, "well whatever" attitude. But after just a couple of minutes googling and reading, this is really messed up. CarrierIQ has issued a cease and dismiss order against the guy in the video, along with threats to sue if he does not publicly apologize.
This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?
Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse
I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse
I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.
Thats why I prefer stock ROM
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Ever heard of pdroid? Droidwall?
reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.
This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.
He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.
an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.
I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.
Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.
I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse
Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse
I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.