GPS: ephemeris and almanac data? - Android Software/Hacking General [Developers Only]

Hi, i'm currently exploring the gps on my device with the java api provided with the Android SDK.
I stumbled upon something that I can't make sense of: I collect the satellites my GPS sees and query those satellites it they are involved in the current fix and if they contain almanac and ephemeris data.
Now, somehow I never get a confirmation that the GPS i query contains eph or alm data? Turning on or off the aGPS don't really like to influence this. (FYI i'm running this on a Galaxy S)
I wonder, can someone try the attached program on his or her Android device and report back to me if the abbreviations "eph" and/or "alm" appear after the listed satellites.
Thanks in advance!
by request: code of the app (be warned this was my very first android app ):
Code:
package com.appelflap.android.location_app;
import java.util.Iterator;
import android.app.Activity;
import android.content.Context;
import android.location.GpsSatellite;
import android.location.Location;
import android.location.GpsStatus;
import android.location.LocationListener;
import android.location.GpsStatus.Listener;
import android.location.LocationManager;
import android.os.Bundle;
import android.util.Log;
import android.widget.TextView;
public class LocationActivity extends Activity implements LocationListener, GpsStatus.Listener {
private static final String TAG = "com.appelflap.android.location_app";
private LocationManager locationManager;
private static final String PROVIDER = "gps";
private TextView output;
private TextView accuracy;
private TextView gpsstatus;
private TextView gpsfix;
private TextView gps_output;
private TextView line;
private TextView maxSatellites;
private TextView maxLocked;
private TextView minSignalNoiseRatio;
private Integer iGpsStatus;
private Integer maxSats;
private Integer maxFix;
private Integer minSnr;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
maxSats = 0;
maxFix = 0; // maximal number of sats constituting a fix. The claim for the SGS is that this is always =< 8
minSnr = 100; // minimal Snr of a sat contained in a fix. The claim for the SGS is that this is always > 20 (Lets start set with an unreal high value)
iGpsStatus = -1 ;
output = (TextView) findViewById(R.id.output);
accuracy = (TextView) findViewById(R.id.accuracy);
line = (TextView) findViewById(R.id.line);
maxSatellites = (TextView) findViewById(R.id.maxSatellites);
maxLocked = (TextView) findViewById(R.id.maxLocked);
minSignalNoiseRatio = (TextView) findViewById(R.id.minSignalNoiseRatio);
gpsfix = (TextView) findViewById(R.id.gpsfix);
gpsstatus = (TextView) findViewById(R.id.gpsstatus);
gps_output = (TextView) findViewById(R.id.gps_output);
locationManager = (LocationManager) getSystemService(Context.LOCATION_SERVICE);
locationManager.requestLocationUpdates(PROVIDER, 0, 0, this);
locationManager.addGpsStatusListener(this);
}
private void registerLocationListeners() {
locationManager = (LocationManager) getSystemService(Context.LOCATION_SERVICE);
locationManager.requestLocationUpdates(PROVIDER, 0, 0, this);
locationManager.addGpsStatusListener(this);
}
public void onLocationChanged(Location location) {
String result = String.format(
"Coordinates: latitude: %f, longitude: %f", location
.getLatitude(), location.getLongitude());
Log.d(TAG, "location update received: " + result);
output.setText(result);
accuracy.setText("Accuracy: " + location.getAccuracy());
}
public void onProviderDisabled(String provider) {
Log.d(TAG, "the following provider was disabled: " + provider);
}
public void onProviderEnabled(String provider) {
Log.d(TAG, "the following provider was enabled: " + provider);
}
public void onStatusChanged(String provider, int status, Bundle extras) {
Log.d(TAG, String.format(
"Provider status has changed. provider: %s, status: %d",
provider, status));
}
public void onGpsStatusChanged(int event)
{
Log.v("TEST","LocationActivity - onGpsStatusChange: onGpsStatusChanged: " + Integer.toString(event)) ;
int iSats;
int fix;
int snr;
switch( event )
{
case GpsStatus.GPS_EVENT_STARTED:
iGpsStatus = event ;
break ;
case GpsStatus.GPS_EVENT_SATELLITE_STATUS:
GpsStatus xGpsStatus = locationManager.getGpsStatus(null) ;
Iterable<GpsSatellite> iSatellites = xGpsStatus.getSatellites() ;
Iterator<GpsSatellite> it = iSatellites.iterator() ;
iSats = 0 ; // Satellite Count
fix = 0 ; // Count satellites used in fix
StringBuilder s = new StringBuilder();
while ( it.hasNext() )
{
iSats++ ;
GpsSatellite oSat = (GpsSatellite) it.next() ;
s.append(oSat.getPrn());
s.append(": ");
snr = (int) oSat.getSnr();
s.append(snr);
s.append(" Snr");
if ( oSat.usedInFix() ) {
s.append(" (*) ");
fix++;
// if snr of this locked sat < minSnr then update minSnr
if (snr < minSnr) {
minSnr = snr;
minSignalNoiseRatio.setText("Min Snr: " + minSnr);
}
// Just testing for ephemeris and almanac data. On the Galaxy S the following GpsSatelite methods
// always return "false". To do: formatting the output..
}
if ( oSat.hasEphemeris() ) {
s.append(" Eph ");
}
if ( oSat.hasAlmanac() ) {
s.append(" Alm ");
}
s.append("\n");
Log.v("TEST","LocationActivity - onGpsStatusChange: Satellites: " + oSat.getSnr() ) ;
}
gpsstatus.setText("Satellites: " + iSats);
gpsfix.setText("Locked: " + fix);
Log.v("TEST","LocationActivity - onGpsStatusChange: Satellites: " + iSats ) ;
if ( s.length() > 0) {
gps_output.setText(s.toString());
}
else { gps_output.setText("Waiting..."); }
if ( iSats > maxSats ) {
maxSats = iSats;
maxSatellites.setText("Max Sats: " + maxSats);
}
if ( fix > maxFix ) {
maxFix = fix;
maxLocked.setText("Max Locked: " + maxFix);
}
break ;
case GpsStatus.GPS_EVENT_FIRST_FIX:
iGpsStatus = event ;
break ;
case GpsStatus.GPS_EVENT_STOPPED:
gpsstatus.setText("Stopped...") ;
iGpsStatus = event ;
break ;
}
}
protected void onPause() {
// Make sure that when the activity goes to
// background, the device stops getting locations
// to save battery life.
locationManager.removeUpdates(this);
super.onPause();
}
protected void onResume() {
// Make sure that when the activity has been
// suspended to background,
// the device starts getting locations again
registerLocationListeners();
super.onResume();
}
}
// Framework for the code based on http://www.hascode.com/2010/05/sensor-fun-location-based-services-and-gps-for-android/

bumperdibump

LocationApp could not be installed on this phone.
System Requirements? I'm running Android 1.6

t-bon3 said:
LocationApp could not be installed on this phone.
System Requirements? I'm running Android 1.6
Click to expand...
Click to collapse
I attached another version for all Android levels. I checked with the api docs and it should run.
Thank you very much for testing!

I get a list of saetllites with a number, 'Snr' then a (*) for the sats that have a lock, but nothing else, no 'Eph' or 'Alm'.
This is on Android 1.6 on an i-mobile i858 device.
Do you have sample code for a simple app that reads data from the GPS. GPS software from the market seems buggy on my device and I would like to investigate by writing my own basic GPS app.
Thanks.

t-bon3 said:
I get a list of saetllites with a number, 'Snr' then a (*) for the sats that have a lock, but nothing else, no 'Eph' or 'Alm'.
This is on Android 1.6 on an i-mobile i858 device.
Do you have sample code for a simple app that reads data from the GPS. GPS software from the market seems buggy on my device and I would like to investigate by writing my own basic GPS app.
Thanks.
Click to expand...
Click to collapse
No problem, I will clean up the code somewhat and will put it up in the first post.
BTW did you activated aGPS while testing the app?

On my device under "My Location" in settings there are only these options:
Use wireless networks
Enable GPS satellites
Share with Google
I had all 3 set to active while testing the app.

t-bon3 said:
On my device under "My Location" in settings there are only these options:
Use wireless networks
Enable GPS satellites
Share with Google
I had all 3 set to active while testing the app.
Click to expand...
Click to collapse
The aGPS function has to be activated in an app delivered with your device. Don't know if it is activated by default. (assuming your GPS chip supports aGPS of course)
Anyway, I put the code up in the first post. (EDIT: included the resource files and the manifest file in a attached zip file)

Related

[Q] Probably easy but...accelerometer and random generator

Trying to use a random image generator as an action if accelerometer is utilized....different image each time the phone is shook.
import java.util.Random;
import android.app.Activity;
import android.hardware.SensorListener;
import android.hardware.SensorManager;
import android.os.Bundle;
import android.util.Log;
import android.widget.ImageView;
import android.widget.Toast;
public class ShakeActivity extends Activity implements SensorListener {
// For shake motion detection.
private SensorManager sensorMgr;
private long lastUpdate = -1;
private float x, y, z;
private float last_x, last_y, last_z;
private static final int SHAKE_THRESHOLD = 800;
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
// start motion detection
sensorMgr = (SensorManager) getSystemService(SENSOR_SERVICE);
boolean accelSupported = sensorMgr.registerListener(this,
SensorManager.SENSOR_ACCELEROMETER,
SensorManager.SENSOR_DELAY_GAME);
if (!accelSupported) {
// on accelerometer on this device
sensorMgr.unregisterListener(this,
SensorManager.SENSOR_ACCELEROMETER);
}
}
protected void onPause() {
if (sensorMgr != null) {
sensorMgr.unregisterListener(this,
SensorManager.SENSOR_ACCELEROMETER);
sensorMgr = null;
}
super.onPause();
}
public void onAccuracyChanged(int arg0, int arg1) {
// TODO Auto-generated method stub
}
public void onSensorChanged(int sensor, float[] values) {
Log.d("sensor", "onSensorChanged: " + sensor);
if (sensor == SensorManager.SENSOR_ACCELEROMETER) {
long curTime = System.currentTimeMillis();
// only allow one update every 100ms.
if ((curTime - lastUpdate) > 100) {
long diffTime = (curTime - lastUpdate);
lastUpdate = curTime;
x = values[SensorManager.DATA_X];
y = values[SensorManager.DATA_Y];
z = values[SensorManager.DATA_Z];
float speed = Math.abs(x+y+z - last_x - last_y - last_z) / diffTime * 10000;
// Log.d("sensor", "diff: " + diffTime + " - speed: " + speed);
if (speed > SHAKE_THRESHOLD) {
ImageView imgView = new ImageView(this);
Random rand = new Random();
int rndInt = rand.nextInt(4) + 1; // n = the number of images, that start at idx 1
String imgName = "img" + rndInt;
int id = getResources().getIdentifier(imgName, "drawable", getPackageName());
imgView.setImageResource(id);
}
last_x = x;
last_y = y;
last_z = z;
}
}
}
}
Thanks in advance for help?

A solution to enable/disable data connection without modifying APN

After a lot of search to find a solution to enable/disable the data connection without modifying the APN configuration, I finally found a solution that I would like to share with developers that are looking for the same thing.
I known that some applications (as Quick Settings) are able to do this but I was not able to find a solution on the web. Because I really wanted to have this feature in my AndroMax application, I searched how it is managed in the Android OS source code.
I quickly discovered that it's not possible to modifiy the connection state using the same API than what is used in the Android phone settings application because the necessary permission can only be obtained by a system application. After more investigation in Android source code, I discovered that it's possible to change the connection state with the ITelephony interface, using a permission that can be obtained by a standard application.
This solution is not working with Gingerbread due to security reenforcement, if anybody have a solution for Gingerbread, I buy it
Here is this solution:
Code:
import java.lang.reflect.Method;
import android.content.Context;
import android.net.ConnectivityManager;
import android.net.NetworkInfo;
import android.telephony.TelephonyManager;
// Needs the following permissions:
// - "android.permission.MODIFY_PHONE_STATE"
public final class DataConManager
{
private TelephonyManager m_telManager = null;
private ConnectivityManager m_conManager = null;
// ------------------------------------------------------
// ------------------------------------------------------
public DataConManager(Context context)
{
try
{
// Get phone and connectivity services
m_telManager = (TelephonyManager)context.getSystemService("phone");
m_conManager = (ConnectivityManager)context.getSystemService("connectivity");
}
catch (Exception e)
{
m_telManager = null;
m_conManager = null;
}
}
// ------------------------------------------------------
// ------------------------------------------------------
boolean switchState(boolean enable)
{
boolean bRes = false;
// Data Connection mode (only if correctly initialized)
if (m_telManager != null)
{
try
{
// Will be used to invoke hidden methods with reflection
Class cTelMan = null;
Method getITelephony = null;
Object oTelephony = null;
Class cTelephony = null;
Method action = null;
// Get the current object implementing ITelephony interface
cTelMan = m_telManager.getClass();
getITelephony = cTelMan.getDeclaredMethod("getITelephony");
getITelephony.setAccessible(true);
oTelephony = getITelephony.invoke(m_telManager);
// Call the enableDataConnectivity/disableDataConnectivity method
// of Telephony object
cTelephony = oTelephony.getClass();
if (enable)
{
action = cTelephony.getMethod("enableDataConnectivity");
}
else
{
action = cTelephony.getMethod("disableDataConnectivity");
}
action.setAccessible(true);
bRes = (Boolean)action.invoke(oTelephony);
}
catch (Exception e)
{
bRes = false;
}
}
return bRes;
}
// ------------------------------------------------------
// ------------------------------------------------------
public boolean isEnabled()
{
boolean bRes = false;
// Data Connection mode (only if correctly initialized)
if (m_conManager != null)
{
try
{
// Get Connectivity Service state
NetworkInfo netInfo = m_conManager.getNetworkInfo(0);
// Data is enabled if state is CONNECTED
bRes = (netInfo.getState() == NetworkInfo.State.CONNECTED);
}
catch (Exception e)
{
bRes = false;
}
}
return bRes;
}
}
isnt this same stuff as going
settings -> wireless & networks -> mobile networks - data service enable/disable ?
It has the same effect but it's at a low level since the API called by "settings -> wireless & networks -> mobile networks - data service enable/disable" is not permitted for a standard application.
Officicaly there is no API that can be use by an application to enable/disable data.
please help.. not working
Hi I have taken your class into my solution, the method switchState(true) returns true for me, but no data connection appears ... when I enable the data connection manually, the connection worx
I have set up the permissions correctly in my manifest...
any clues?
I guess that your data connection was not enabled at the beginning. This method only works is the connection state is enabled (system settings) and that you use it to disable/enable it.
It's like if you add a switch in addition to the system switch.
Sorry to drudge up an older thread. But I have a question that is related.
I have mastered the art of battery management with the Droid Bionic, and I think I've figured out an app that would help people manage their batteries throughout the day by giving quick, easy toggles that perform multiple connection state changes. Problem is, while I've done some development, it hasn't been Java.
Is this basically saying that there is no way to write an app that will allow you to selectively toggle data on or off (same as the Data Enabled toggle under Data Delivery), or control individual radio states?
Some app is turning on my data network even if I turn it off.Any idea?

Capturing Screenshots using background agent WP7.1

Hi, i am trying to write a application that can be used for streaming my phone to my windows desktop running a Java client to receive the images. However when i tried to create a background task following a tutorial by microsoft i am unable to access the UIElement. Does anyone know how to work around this?
the below code in the OnInvoke is able to run in a application however if i were to create it under a Task Agent project , i cant because i cant get the FrameElement.
Code:
using System.Windows;
using Microsoft.Phone.Scheduler;
using Microsoft.Phone.Shell;
using System;
namespace ScheduledTaskAgent1
{
public class ScheduledAgent : ScheduledTaskAgent
{
private static volatile bool _classInitialized;
/// <remarks>
/// ScheduledAgent constructor, initializes the UnhandledException handler
/// </remarks>
public ScheduledAgent()
{
if (!_classInitialized)
{
_classInitialized = true;
// Subscribe to the managed exception handler
Deployment.Current.Dispatcher.BeginInvoke(delegate
{
Application.Current.UnhandledException += ScheduledAgent_UnhandledException;
});
}
}
/// Code to execute on Unhandled Exceptions
private void ScheduledAgent_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
{
if (System.Diagnostics.Debugger.IsAttached)
{
// An unhandled exception has occurred; break into the debugger
System.Diagnostics.Debugger.Break();
}
}
protected override void OnInvoke(ScheduledTask task)
{
var timer = new System.Windows.Threading.DispatcherTimer
{
Interval = System.TimeSpan.FromSeconds(10)
};
timer.Tick += (sender, args) =>
{
Microsoft.Devices.VibrateController.Default.Start(
TimeSpan.FromSeconds(0.1));
var bitmap = new System.Windows.Media.Imaging.WriteableBitmap(this.Parent, null);
var stream = new System.IO.MemoryStream();
System.Windows.Media.Imaging.Extensions.SaveJpeg(bitmap, stream,
bitmap.PixelWidth, bitmap.PixelHeight, 0, 100);
stream.Position = 0;
var mediaLib = new Microsoft.Xna.Framework.Media.MediaLibrary();
var datetime = System.DateTime.Now;
var filename =
System.String.Format("Capture-{0}-{1}-{2}-{3}-{4}-{5}",
datetime.Year % 100, datetime.Month, datetime.Day,
datetime.Hour, datetime.Minute, datetime.Second);
mediaLib.SavePicture(filename, stream);
};
timer.Start();
// Call NotifyComplete to let the system know the agent is done working.
NotifyComplete();
}
}
}
kyrogue said:
i am unable to access the UIElement
Click to expand...
Click to collapse
Hmm... Background agents don't have UIElements at all (and by the sandbox concept you can't access anything not belong to your app).
To capture WP7 screen, you should have an interop-unlock phone and use DllImport library.
Interop-unlock is *not* required to use anything in DllImport, actually - normal dev-unlock works fine.
There actually used to be an app that did what you described (stream the screen contents to a PC in real-time) but I don't think it ever got updated to work on Mango.

[R&D|WIP] Reversing the Samsung OEM App/Bins

This is a dumper thread for collecting research and development information on reversing some (or all) of the various Samsung proprietary Applications and binaries found in their later top models running at least 4.2.2, and preferably also SELinux enabled as Enforcing.
In these devices there is an extensive amount of hidden functions, applications and behind the scenes modifications that is completely outside anything that we will ever be able to find in the AOSP repositories. In addition Samsung is spending more energy into obfuscating many of these functions and applications, which makes security vulnerability research much harder. Why? What is it that they try to hide from public scrutiny?
So if you have any insights or are particularly good at reading obtuse OEM Java code. Please join the discussion and help us out.
One of the first Apps to look at is the Samsung ServiceMode apps. There are at least three of them.
1) serviceModeApp_FB.apk
2) serviceModeApp_RIL.apk
3) Samsungservice.apk
Let's have a look at the first one: serviceModeApp_FB.apk
The first thing that hits you in the face is the LibOTPSecurity. This class is using the time zone as a mechanism for obfuscating some security mechanism using OTP (One Time Password) as a means of temporary authorization for access. (Thanks @ryanbg) The code look like this:
Code:
[SIZE=2]package LibOTPSecurity;
import ibOTPSecurity.OTPSecurit;
import java.text.DecimalFormat;
import java.util.Calendar;
import java.util.TimeZone;
public class OTPSecurity
{
private String GetDateString(int paramInt)
{
Calendar localCalendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
localCalendar.add(12, paramInt * -1);
return new StringBuilder(String.valueOf(new StringBuilder(String.valueOf(new StringBuilder(String.valueOf(new DecimalFormat("00").format(-2000 + localCalendar.get(1)))).append(new DecimalFormat("00").format(1 + localCalendar.get(2))).toString())).append(new DecimalFormat("00").format(localCalendar.get(12))).toString())).append(new DecimalFormat("00").format(localCalendar.get(5))).toString() + new DecimalFormat("00").format(localCalendar.get(11));
}
private int MakeHashCode(String paramString)
{
int i = 0;
for (int j = 0; ; j++)
{
if (j >= paramString.length())
{
if (i < 0)
i *= -1;
return i;
}
i = i + (i << 5) + paramString.charAt(j);
}
}
public boolean CheckOTP(String paramString1, String paramString2)
{
int j;
for (int i = 5; ; i = j)
{
j = i - 1;
if (i <= -1)
return false;
if (paramString1.equalsIgnoreCase(Integer.toString(MakeHashCode(paramString2 + GetDateString(j)))))
return true;
}
}
}
[/SIZE]
This is making a "hash" out of some date strings for comparison. hopefully we'll see later what exactly these strings come from.
The GetDateString function can be reformatted as:
Code:
[SIZE=2] private String GetDateString(int paramInt) {
Calendar localCalendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
localCalendar.add(12, paramInt * -1);
return new StringBuilder(String.valueOf(new StringBuilder(String.valueOf(new StringBuilder(String.valueOf(new DecimalFormat("00")
.format(-2000 + localCalendar.get(1))))
.append(new DecimalFormat("00")
.format(1 + localCalendar.get(2)))
.toString()))
.append(new DecimalFormat("00")
.format(localCalendar.get(12)))
.toString()))
.append(new DecimalFormat("00")
.format(localCalendar.get(5)))
.toString() + new DecimalFormat("00")
.format(localCalendar.get(11));
}[/SIZE]
I'd have been much happier if this was simplified to readable pseudo-code.
Another interesting part is the SysDump.class:
Code:
[SIZE=2] private boolean checkForNoAuthorityAndNotEngBuild()
{
this.settings = getSharedPreferences("SYSDUMPOTP", 0);
boolean bool = this.settings.getBoolean("ril.OTPAuth", false);
String str = String.valueOf(SystemProperties.get("ro.build.type"));
if ((!bool) && (str.compareToIgnoreCase("eng") != 0))
{
Log.e("SysDump", "It's user binary");
return true;
}
Log.e("SysDump", "It's eng binary");
return false;
}
[/SIZE]
This clearly (!) determines whether or not your phone is currently set as an Engineering model or User model. To allow this you probably need to set these properties:
Code:
ro.build.type=eng
ril.OTPAuth=true
It's possible that OTP = One Time Password as a means of temporary authorization for accessing service/engineering features. It could be similar to the Blackberry engineering menu that is accessed by a code generated from the Date/Time and device specific information. I'm also doing some significant work on disassembling these applications. Major developments will be posted here.
fusedlocation.apk
is this [fusedlocation.apk] a samsung thing?
disabling/removing/dummyfile all cause reboot like failing critical service.
this has been bothering me for sometime. there is literally no intelligent information
i've been able to find on this. that killing it skunks the os suggest that it's not so simple
as "oh yeah derrr that's for gps or sumthin.."
i could go on but, that's the basics of it.
do you have a list of suspect or confirmed scummy files/bin/apks?
thanks
m

Xiaomi Security issues.

Xiaomi firmware has multiple backdoors So I've basically got myself in this sh*t because lack of care.. Until it pop'd and hit the highlights.
And now straight to the point. It doesn't f*ckin matters if you had a fw or not. As the backdoors are embedded in ROOT system processes.
And those where obviously white-listed as i didn't think of a nasty Chinese guy sitting in it calling back home. My friend who got the same phone found the article as i was having my vacation for a bit, so when i found out i did a bit a research of course on my device. After finding all this i e-mail'd him it and he posted it on the Xiaomi European forums. Guess what happened, it got deleted. So they know damn good what they're doing.
Quote:
When you purchase Xiaomi products or services, we’ll collect relevant personal information, including but not limited: delivery information, bank account, credit card information, bill address, credit check and other financial information, contact or communication records.
Quote:
Originally Posted by OP
Music app(?) connects to:
202.173.255.152
2012-12-01 lrc.aspxp.net
2012-12-01 lrc.feiyes.net
2012-12-01 w.w.w.616hk.com
2012-12-01 w.w.w.hk238.com
2012-12-01 w.w.w.lrc123.com
123.125.114.145
2013-11-27 tinglog.baidu.com
1/53 2014-07-02 12:51:01 hxxp://tinglog.baidu.com
Latest detected files that communicate with this IP address
Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment.
3/43 2014-07-08 07:39:24 facb146de47229b56bdc4481ce22fb5ec9e702dfbd7e70e82e 4e4316ac1e7cbd
47/51 2014-04-28 09:25:27 091457f59fc87f5ca230c6d955407303fb5f5ba364508401a7 564fb32d9a24fa
24/47 2014-01-08 08:19:43 3cf0a98570e522af692cb5f19b43085c706aa7d2f63d05469b 6ac8db5c20cdcd
21/48 2013-12-02 15:15:45 7e34cb88fc82b69322f7935157922cdb17cb6c69d868a88946 8e297257ee9072
19/48 2013-12-01 20:02:32 bce4bd44d3373b2670a7d68e058c7ce0fa510912275d452d36 3777f640aa4c70
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/53 2014-07-02 12:47:57 hxxp://dev.baidu.com/
Android-system ANT HAL Service(Framework_ext.apk/jar) connect to:
42.62.48.207
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2014-04-28 app.migc.wali.com
2014-07-12 app.migc.xiaomi.com
2014-05-30 gamevip.wali.com
2014-05-30 log.wlimg.cn
2014-04-21 mitunes.game.xiaomi.com
2014-04-30 oss.wali.com
2014-05-17 p.tongji.wali.com
2014-07-13 policy.app.xiaomi.com
Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/58 2014-08-13 07:10:49 hxxp://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php
1/58 2014-08-10 00:46:35 hxxp://policy.app.xiaomi.com/
1/53 2014-07-02 12:49:59 hxxtp://oss.wali.com
Messages(Mms.apk) connect to (it literary calls back home)
54.179.146.166
2014-08-12 api.account.xiaomi.com
2014-07-26 w.w.w.asani.com.pk
What it does? It sends phone numbers you call to, send messages to, add etc to a Resin/4.0.13 java application running on a nginx webserver to collect data. Checkpackages, embedded system process/app posts all installed apps to a Tengine a/k/a nginx webserver cms.
URL: hxxtp://api.account.xiaomi.com:81/pass/v3
Server: sgpaws-ac-web01.mias
Software: Tengine/2.0.1 | Resin/4.0.13
URL: hxxp://policy.app.xiaomi.com:8080/cms/interface/v1/
Server: lg-g-com-ngx02.bj
Software: Tengine | Resin
Bottom line
They don't give a single damn about your data.. All sent in plain text.
For messages APK (Mms.apk)
I don't believe it needs those permissions for normal functionalities, this is only for the extra feature let's call it bug.
android.permission.SEND_SMS_NO_CONFIRMATION
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
miui.permission.SHELL
android.permission.GET_TASKS
android.permission.CAMERA
Some code ... i also attached java classes and smali dalvik jvm bytecode..
Code:
Code:
#<externalId = outgoing callerid># package com.xiaomi.mms.net; import android.net.Uri; import android.net.Uri.Builder; import android.telephony.TelephonyManager; import android.text.TextUtils; import com.xiaomi.mms.utils.EasyMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import miui.net.CloudManager; public class b { public static final String qa = CloudManager.URL_ACCOUNT_BASE; public static final String qb = CloudManager.URL_ACCOUNT_API_V2_BASE; public static final String qc = CloudManager.URL_ACCOUNT_API_V3_BASE; public static final String qd = qa + "/serviceLogin"; public static final String qe = qc + "/[email protected]"; protected static String a(String paramString, Map paramMap) { if ((paramMap != null) && (!paramMap.isEmpty())) { Uri.Builder localBuilder = Uri.parse(paramString).buildUpon(); Iterator localIterator = paramMap.entrySet().iterator(); while (localIterator.hasNext()) { Map.Entry localEntry = (Map.Entry)localIterator.next(); localBuilder.appendQueryParameter((String)localEntry.getKey(), (String)localEntry.getValue()); } paramString = localBuilder.build().toString(); } return paramString; } public static c al(String paramString) { EasyMap localEasyMap = new EasyMap("type", "MXPH").a("externalId", paramString); d locald = new d(a(qe, localEasyMap)); String str = TelephonyManager.getDefault().getDeviceId(); if (!TextUtils.isEmpty(str)) locald.l("deviceId", str); return locald; } } =========================================================== public static Header a(Account paramAccount, ExtendedAuthToken paramExtendedAuthToken) { StringBuilder localStringBuilder = new StringBuilder(); localStringBuilder.append("serviceToken="); localStringBuilder.append(paramExtendedAuthToken.authToken); localStringBuilder.append("; userId="); localStringBuilder.append(paramAccount.name); return new BasicHeader("Cookie", localStringBuilder.toString()); } =========================================================== public void gT() { if (ai("http://api.comm.miui.com/miuisms/res/version").getLong("data") == PreferenceManager.getDefaultSharedPreferences(this.mContext).getLong("festival_message_version", 0L)) return; Object[] arrayOfObject = new Object[1]; arrayOfObject[0] = Integer.valueOf(this.mScreenWidth); a(ai(String.format("http://api.comm.miui.com/miuisms/res/categories?width=%s", arrayOfObject)).getJSONArray("data")); } public void m(long paramLong) { Cursor localCursor = this.mq.rawQuery("SELECT MIN(message_id) FROM messages WHERE category_id=" + paramLong, null); if (localCursor == null) throw new FestivalUpdater.DatabaseContentException(null); try { if (localCursor.moveToFirst()) { long l = localCursor.getLong(0); Object[] arrayOfObject = new Object[3]; arrayOfObject[0] = Long.valueOf(paramLong); arrayOfObject[1] = Long.valueOf(l); arrayOfObject[2] = Integer.valueOf(pd); a(ai(String.format("http://api.comm.miui.com/miuisms/res/messages?cat=%s&marker=%s&count=%s", arrayOfObject)).getJSONObject("data").getJSONArray("entries"), paramLong); } return; } finally { localCursor.close(); } } =========================================================== package miui.util; import android.content.Context; import android.provider.Settings.Secure; import android.util.Log; import org.json.JSONArray; import org.json.JSONObject; final class BaseNotificationFilterHelper$2 implements Runnable { BaseNotificationFilterHelper$2(Context paramContext) { } public void run() { try { JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.access$000(this.val$context)); if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200)) { JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY")); int i = localJSONObject2.getInt("errCode"); if (i == 200) { JSONArray localJSONArray = localJSONObject2.getJSONArray("packages"); StringBuilder localStringBuilder = new StringBuilder(); for (int j = 0; j < localJSONArray.length(); j++) { localStringBuilder.append(localJSONArray.get(j).toString().trim()); localStringBuilder.append(" "); } Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString()); BaseNotificationFilterHelper.access$102(null); return; } if (i == 202) { Log.d("NotificationFilterHelper", "blacklist is empty "); Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", ""); BaseNotificationFilterHelper.access$102(null); return; } if (i == 201) Log.d("NotificationFilterHelper", "request param empty"); } else { Log.d("NotificationFilterHelper", "access network anomalies"); } return; } catch (Exception localException) { } } } =========================================================== package miui.util; import android.app.INotificationManager; import android.app.INotificationManager.Stub; import android.content.ContentResolver; import android.content.Context; import android.content.SharedPreferences; import android.content.SharedPreferences.Editor; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.content.res.Resources; import android.database.ContentObserver; import android.os.ServiceManager; import android.provider.Settings.Secure; import android.provider.Settings.System; import android.text.TextUtils; import android.util.Log; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import miui.os.Build; import miui.provider.CloudAppControll; import miui.provider.CloudAppControll.TAG; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; public class BaseNotificationFilterHelper { protected static final String APP_NOTIFICATION = "app_notification"; protected static final int CODE_REQUEST_PARAM_EMPTY = 201; protected static final int CODE_RESPONSE_EMPTY = 202; protected static final int CODE_SUCCESS = 200; public static final int DEFAULT = 0; public static final int DISABLE_ALL = 3; public static final int DISABLE_ICON = 1; public static final int ENABLE = 2; protected static final String EXPANDED_BLACK_LIST_CODE = "errCode"; protected static final String EXPANDED_BLACK_LIST_PACKAGES = "packages"; public static final int NONE = 0; protected static final String SYSTEMUI_PACKAGE_NAME = "com.android.systemui"; protected static final String TAG = "NotificationFilterHelper"; protected static final String URL = "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php"; private static HashSet<String> mBlacklist; protected static INotificationManager nm; protected static HashSet<String> sFilterList = new HashSet(); protected static HashMap<String, Integer> sFilterMap = new HashMap(); private static HashMap<String, Boolean> sIsSystemApp; protected static HashMap<String, Integer> sUidMap = new HashMap(); static { if (Build.IS_INTERNATIONAL_BUILD); for (int i = 2; ; i = 1) { DEFAULT = i; nm = INotificationManager.Stub.asInterface(ServiceManager.getService("notification")); mBlacklist = null; sIsSystemApp = new HashMap(); return; } } protected static void enableStatusIcon(Context paramContext, String paramString, int paramInt) { getSharedPreferences(paramContext).edit().putInt(paramString, paramInt).commit(); } public static void enableStatusIcon(Context paramContext, String paramString, boolean paramBoolean) { if (paramBoolean); for (int i = 2; ; i = 1) { enableStatusIcon(paramContext, paramString, i); return; } } public static String getAppNotificationText(Context paramContext, String paramString) { int i = 101450315; switch (NotificationFilterHelper.getInstance().getAppFlag(paramContext, paramString, true)) { default: case 3: case 1: case 2: } while (true) { return paramContext.getResources().getString(i); i = 101450314; continue; i = 101450315; continue; i = 101450313; } } public static int getAppUid(Context paramContext, String paramString) { int i = 0; if (sUidMap.containsKey(paramString)) return ((Integer)sUidMap.get(paramString)).intValue(); try { i = paramContext.getPackageManager().getApplicationInfo(paramString, 0).uid; sUidMap.put(paramString, Integer.valueOf(i)); return i; } catch (PackageManager.NameNotFoundException localNameNotFoundException) { } return i; } protected static int getDefaultFlag(Context paramContext, String paramString) { initFilterList(paramContext); if (sFilterList.contains(paramString)) return 2; return 0; } protected static int getGameCenterFlag(Context paramContext, String paramString) { readBlacklist(paramContext); if (mBlacklist.contains(paramString)) return 3; return 0; } private static String getInstalledAppsJson(Context paramContext) { JSONObject localJSONObject = new JSONObject(); JSONArray localJSONArray = new JSONArray(); Iterator localIterator = paramContext.getPackageManager().getInstalledPackages(0).iterator(); while (localIterator.hasNext()) { PackageInfo localPackageInfo = (PackageInfo)localIterator.next(); if ((0x1 & localPackageInfo.applicationInfo.flags) == 0) localJSONArray.put(localPackageInfo.packageName + "/" + localPackageInfo.versionCode); } try { localJSONObject.put("packages", localJSONArray); return localJSONObject.toString(); } catch (JSONException localJSONException) { } return ""; } protected static int getNetDefaultFlag(Context paramContext, String paramString) { if (sFilterMap.containsKey(paramString)) return ((Integer)sFilterMap.get(paramString)).intValue(); return loadAppNetFlagByPkg(paramContext, paramString); } public static SharedPreferences getSharedPreferences(Context paramContext) { if (!paramContext.getPackageName().equals("com.android.systemui")); try { Context localContext = paramContext.createPackageContext("com.android.systemui", 2); paramContext = localContext; return paramContext.getSharedPreferences("app_notification", 4); } catch (PackageManager.NameNotFoundException localNameNotFoundException) { while (true) localNameNotFoundException.printStackTrace(); } } protected static void initFilterList(Context paramContext) { if (sFilterList.size() == 0) { String str = Settings.System.getString(paramContext.getContentResolver(), "status_bar_notification_filter_white_list"); if (!TextUtils.isEmpty(str)) { String[] arrayOfString = str.split(" "); for (int i = 0; i < arrayOfString.length; i++) sFilterList.add(arrayOfString[i]); } sFilterList.add("cn.com.fetion"); sFilterList.add("com.google.android.talk"); sFilterList.add("com.tencent.mm"); sFilterList.add("com.tencent.qq"); sFilterList.add("com.tencent.mobileqq"); sFilterList.add("com.xiaomi.channel"); } } public static boolean isNotificationForcedFor(Context paramContext, String paramString) { int i = getAppUid(paramContext, paramString); return ("android".equals(paramString)) || (i == 1000) || (i == 1001) || (i == 0); } public static boolean isSystemApp(String paramString, PackageManager paramPackageManager) { Boolean localBoolean = (Boolean)sIsSystemApp.get(paramString); if (localBoolean == null); try { ApplicationInfo localApplicationInfo2 = paramPackageManager.getApplicationInfo(paramString, 0); localApplicationInfo1 = localApplicationInfo2; boolean bool = false; if (localApplicationInfo1 != null) { int i = 0x1 & localApplicationInfo1.flags; bool = false; if (i != 0) bool = true; } localBoolean = Boolean.valueOf(bool); sIsSystemApp.put(paramString, localBoolean); return localBoolean.booleanValue(); } catch (PackageManager.NameNotFoundException localNameNotFoundException) { while (true) ApplicationInfo localApplicationInfo1 = null; } } protected static boolean isUserSetttingInited(Context paramContext, String paramString) { int i = getSharedPreferences(paramContext).getInt(paramString, 0); boolean bool = false; if (i != 0) bool = true; return bool; } public static void loadAppNetFlag(Context paramContext) { new Thread(new Runnable() { public void run() { BaseNotificationFilterHelper.sFilterMap.clear(); Iterator localIterator = this.val$context.getPackageManager().getInstalledPackages(0).iterator(); while (localIterator.hasNext()) { PackageInfo localPackageInfo = (PackageInfo)localIterator.next(); if ((0x1 & localPackageInfo.applicationInfo.flags) == 0) { String str = localPackageInfo.applicationInfo.packageName; BaseNotificationFilterHelper.loadAppNetFlagByPkg(this.val$context, str); } } } }).start(); } public static int loadAppNetFlagByPkg(Context paramContext, String paramString) { int i = CloudAppControll.get(paramContext, CloudAppControll.TAG.TAG_NOTIFICATION_BLACKLIST, paramString); if (i == -1) return 0; sFilterMap.put(paramString, Integer.valueOf(i)); return i; } public static void observeSettingChanged(ContentResolver paramContentResolver, ContentObserver paramContentObserver) { paramContentResolver.registerContentObserver(Settings.System.getUriFor("status_bar_notification_filter_white_list"), false, paramContentObserver); } private static void readBlacklist(Context paramContext) { if (mBlacklist == null) { mBlacklist = new HashSet(); String str = Settings.Secure.getString(paramContext.getContentResolver(), "status_bar_expanded_notification_black_list"); if (!TextUtils.isEmpty(str)) { String[] arrayOfString = str.split(" "); for (int i = 0; i < arrayOfString.length; i++) mBlacklist.add(arrayOfString[i]); } } } public static void requestBlacklist(Context paramContext) { new Thread(new Runnable() { public void run() { try { JSONObject localJSONObject1 = Network.doHttpPostWithResponseStatus(this.val$context, "http://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php", BaseNotificationFilterHelper.getInstalledAppsJson(this.val$context)); if ((localJSONObject1.has("RESPONSE_CODE")) && (localJSONObject1.getInt("RESPONSE_CODE") == 200)) { JSONObject localJSONObject2 = new JSONObject(localJSONObject1.getString("RESPONSE_BODY")); int i = localJSONObject2.getInt("errCode"); if (i == 200) { JSONArray localJSONArray = localJSONObject2.getJSONArray("packages"); StringBuilder localStringBuilder = new StringBuilder(); for (int j = 0; j < localJSONArray.length(); j++) { localStringBuilder.append(localJSONArray.get(j).toString().trim()); localStringBuilder.append(" "); } Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", localStringBuilder.toString()); BaseNotificationFilterHelper.access$102(null); return; } if (i == 202) { Log.d("NotificationFilterHelper", "blacklist is empty "); Settings.Secure.putString(this.val$context.getContentResolver(), "status_bar_expanded_notification_black_list", ""); BaseNotificationFilterHelper.access$102(null); return; } if (i == 201) Log.d("NotificationFilterHelper", "request param empty"); } else { Log.d("NotificationFilterHelper", "access network anomalies"); } return; } catch (Exception localException) { } } }).start(); } protected boolean areNotificationsEnabled(Context paramContext, String paramString) { return false; } public boolean canSendNotifications(Context paramContext, String paramString) { return getAppFlag(paramContext, paramString, true) != 3; } public void enableAppNotification(Context paramContext, String paramString, boolean paramBoolean) { } public void enableNotifications(Context paramContext, String paramString, boolean paramBoolean) { enableAppNotification(paramContext, paramString, paramBoolean); } public int getAppFlag(Context paramContext, String paramString, boolean paramBoolean) { if (paramBoolean); for (boolean bool = areNotificationsEnabled(paramContext, paramString); bool; bool = true) { int i = getSharedPreferences(paramContext).getInt(paramString, 0); if ((i == 0) && (isSystemApp(paramString, paramContext.getPackageManager()))) i = 2; if (i == 0) i = getNetDefaultFlag(paramContext, paramString); if (i == 0) i = getDefaultFlag(paramContext, paramString); if (i == 0) i = getGameCenterFlag(paramContext, paramString); if (i == 0) i = DEFAULT; return i; } return 3; } public void initUserSetting(Context paramContext, String paramString) { if (!isUserSetttingInited(paramContext, paramString)) { if (isSystemApp(paramString, paramContext.getPackageManager())) enableStatusIcon(paramContext, paramString, true); } else return; int i = getAppFlag(paramContext, paramString, false); if (i == 3) { enableAppNotification(paramContext, paramString, false); enableStatusIcon(paramContext, paramString, false); return; } enableStatusIcon(paramContext, paramString, i); } }
RELATED
http://apkscan.nviso.be/report/show/...0b623da712918f
http://lists.clean-mx.com/pipermail/...14/072661.html
OTHER SOURCES
http://www.newmobilelife.com/2014/08...-china-server/
http://www.htcmania.com/showthread.php?p=14730859
Main post and more info. All credits go to the OP
http://forum.xda-developers.com/general/security/xiaomi-firmware-multiple-backdoords-t2847069
Is there anything that can be done about this ?
I wanted to buy this phone in a few months when proper LTE version for Europe comes out, in order to replace my SGS1, because the HW and dimensions fit my needs the best of all today's smartphones at reasonable price. But after reading about security issues I'm not sure now. I know Samsung, Google, Apple, etc. do it as well, but when I see that Xiaomi doesn't even try to use HTTPS, blah. I call it epic fail.
I guess my SGS1 must keep working far overtime
lpguy said:
Is there anything that can be done about this ?
I wanted to buy this phone in a few months when proper LTE version for Europe comes out, in order to replace my SGS1, because the HW and dimensions fit my needs the best of all today's smartphones at reasonable price. But after reading about security issues I'm not sure now. I know Samsung, Google, Apple, etc. do it as well, but when I see that Xiaomi doesn't even try to use HTTPS, blah. I call it epic fail.
I guess my SGS1 must keep working far overtime
Click to expand...
Click to collapse
The other companies don't do this on that level. Did you see the bit about bank account info?
Can it be blocked? No idea. I would never run this device or the ROM. Just posting it for others. Check the link at the bottom for the OG post
zelendel said:
The other companies don't do this on that level. Did you see the bit about bank account info?
Can it be blocked? No idea. I would never run this device or the ROM. Just posting it for others. Check the link at the bottom for the OG post
Click to expand...
Click to collapse
Thanks for the information. I saw the news when it first broke about all this info leaking stuff and i would have thought xiaomi would have learned there lesson but they didn't. I too want this device when the Europe LTE comes out but this is making me think.
Anyway, since you mention smali and a few other things, can't you just decompile the necessary apks and edit it all out. I know it would be a large task but its food for thought.......
Sent from my Note 10.1 2014
22sl22 said:
Thanks for the information. I saw the news when it first broke about all this info leaking stuff and i would have thought xiaomi would have learned there lesson but they didn't. I too want this device when the Europe LTE comes out but this is making me think.
Anyway, since you mention smali and a few other things, can't you just decompile the necessary apks and edit it all out. I know it would be a large task but its food for thought.......
Sent from my Note 10.1 2014
Click to expand...
Click to collapse
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
zelendel said:
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
Click to expand...
Click to collapse
Yes I can understand, security and privacy is not a light topic, especially on this scale.
Anyway, just had a read of the original post and it seems like its under control. In my opinion, decompile all apks, get a list of all the Chinese links and add it manually to some adblock host files. That way you wouldn't have to decompile apks for every weekly Miui update :good:
Sent from my Nexus 4 using Tapatalk
zelendel said:
Could someone decompile it and remove it? Maybe. I really can't be sure myself. There are a few devs for this device and it would be better suited for them, as I stated I would not own the device nor would I ever run the software. (I have my reasons)
Click to expand...
Click to collapse
@zelendel This Issue is in Official Miui right? and those apps which are in miui is affected by this crap but if they are on Custom Rom's i dont think so it will effect if these issue lies in miui apps since custom rom's use their own/Cm based apps
Strange is that most of you have no idea how this works and you already have made your opinion about MI4 and MIUI rom from single post that doesnt show true.
To make things clear... again:
MIUI rom does have online services like Music or Video online content and it connects to chinese servers to download this content e.g album covers or music lyrics
MIUI rom has SMS could messaging which is optional - and again this has connections to international and chinese gateways
MIUI uses Cloud sync to sync contacts, mms, call logs, and many more - so again connections to chinese servers are required. But this is also optional to users
MIUI has other services that will connect to chinese servers like Clean master, Virus scanner or Data monitor traffic saver feature - again optional to users
MIUI rom has Themes services, so there is automatic checks for new or updated themes - again optional for users
MIUI rom has payments services to buy themes online. Yes, it requires bank cards information to fill BUT only for chinese users.
Nothing from First POST has been proven with any example. Nothing has been shown to us which particular data has been sent to chinese servers.
And answering to user questions if this can be removed from app?
- Yes. Most apps have on/off switches in bools.xml that will remove e.g: online content in Music or Video. So this depends on developer choice.
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Thats all.
Accidd said:
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Click to expand...
Click to collapse
As Mi4 is not yet released outside China (I think) is this choice feasible?
Accidd said:
Strange is that most of you have no idea how this works and you already have made your opinion about MI4 and MIUI rom from single post that doesnt show true.
To make things clear... again:
MIUI rom does have online services like Music or Video online content and it connects to chinese servers to download this content e.g album covers or music lyrics
MIUI rom has SMS could messaging which is optional - and again this has connections to international and chinese gateways
MIUI uses Cloud sync to sync contacts, mms, call logs, and many more - so again connections to chinese servers are required. But this is also optional to users
MIUI has other services that will connect to chinese servers like Clean master, Virus scanner or Data monitor traffic saver feature - again optional to users
MIUI rom has Themes services, so there is automatic checks for new or updated themes - again optional for users
MIUI rom has payments services to buy themes online. Yes, it requires bank cards information to fill BUT only for chinese users.
Nothing from First POST has been proven with any example. Nothing has been shown to us which particular data has been sent to chinese servers.
And answering to user questions if this can be removed from app?
- Yes. Most apps have on/off switches in bools.xml that will remove e.g: online content in Music or Video. So this depends on developer choice.
Also setting parameter:
Code:
ro.product.mod_device=cancro_global
in build.prop will convert rom to Global Version (used in east Asia countries) where most of online content or chinese services will be disabled.
Thats all.
Click to expand...
Click to collapse
First off my thoughts about this OEM and MIUI were made long before this came about. Now you seem to be more about trying to convince people that they are trust worthy instead of finding out whats going. This would not be the first time they have been found out to be doing something shady.
I am sorry, there is no way I can trust anyone that makes their name off of breaking the law and copying someone else. I really dont have to worry about them much as their device will never be sold outside of the few minor countries that they have released it in.
deetailed said:
As Mi4 is not yet released outside China (I think) is this choice feasible?
Click to expand...
Click to collapse
Yes! And this doesn't matter!
The global version is build in in every MIUI rom. It doesn't matter if device is sold in China only or not. Even If you use dev weekly releases then you can still convert MIUI to global version.
From my research MIUI v5 can be converted, but MIUI v6 is not yet fully supported, altough apps have global support but some functions couldn't be disabled this way.
And the best part is that you can install global rom for Mi4 from en.miui.com.
Mi4 shares the same rom (cancro) as Mi3, and Mi3 is already sold in global countries like India or Singapore.
Wysłane z MI4 W
---------- Post added at 10:12 AM ---------- Previous post was at 10:04 AM ----------
zelendel said:
First off my thoughts about this OEM and MIUI were made long before this came about. Now you seem to be more about trying to convince people that they are trust worthy instead of finding out whats going. This would not be the first time they have been found out to be doing something shady.
I am sorry, there is no way I can trust anyone that makes their name off of breaking the law and copying someone else. I really dont have to worry about them much as their device will never be sold outside of the few minor countries that they have released it in.
Click to expand...
Click to collapse
Wait. I do that? What about the guy you quoted and made thread? Iv explained the reasons why MIUI connects to Xiaomi servers with many services.
Now ask that guy how he can prove his accusations.
Let him prove that my sms is read by Chinese government without my permissions. Because syncing sms or call logs or call recordings are optional to users. I can turn sync or not and this is MIUI feature.
Why not you ask that guy who never responded in this thread. He attached some smali files and classes that is not readable for most people.
The code fragment, the ip traces doesn't make sense to each other. Just take a look into the post you quoted. He never told which version of MIUI he used. From where. Etc. For me its just false accusations.
Wysłane z MI4 W
Accidd said:
Yes! And this doesn't matter!
The global version is build in in every MIUI rom. It doesn't matter if device is sold in China only or not. Even If you use dev weekly releases then you can still convert MIUI to global version.
From my research MIUI v5 can be converted, but MIUI v6 is not yet fully supported, altough apps have global support but some functions couldn't be disabled this way.
And the best part is that you can install global rom for Mi4 from en.miui.com.
Mi4 shares the same rom (cancro) as Mi3, and Mi3 is already sold in global countries like India or Singapore.
Wysłane z MI4 W
---------- Post added at 10:12 AM ---------- Previous post was at 10:04 AM ----------
Wait. I do that? What about the guy you quoted and made thread? Iv explained the reasons why MIUI connects to Xiaomi servers with many services.
Now ask that guy how he can prove his accusations.
Let him prove that my sms is read by Chinese government without my permissions. Because syncing sms or call logs or call recordings are optional to users. I can turn sync or not and this is MIUI feature.
Why not you ask that guy who never responded in this thread. He attached some smali files and classes that is not readable for most people.
The code fragment, the ip traces doesn't make sense to each other. Just take a look into the post you quoted. He never told which version of MIUI he used. From where. Etc. For me its just false accusations.
Wysłane z MI4 W
Click to expand...
Click to collapse
You may have explained why, that doesnt make it right. Personally I dont really care. They are a fly by night OEM that unless they change their OS completely and start following the laws then they will end up being just another OEM like ZTE or other device only sold in a few countries. There are a few threads around that are questioning how these roms are doing things. Even one that shows the rom uploading all attachments from email and anything else to their servers. Then mix in the last Mimessage issues and them being known for shady dealings and you cant blame people for not trusting them.
The way its going these forums for this OEM are gonna end up being removed from the site. They need to come clean and tread very carefully.
Hi,
I do not have this lin, maybe because I am using Miuiv6. That's what I can see in the build.prop file:
Code:
ro.build.id=KTU84P
ro.build.display.id=KTU84P
ro.build.version.incremental=4.9.26
ro.build.version.sdk=19
ro.
build.version.codename=REL
ro.
build.version.release=4.4.4
ro.build.date=Fri Sep 26 06:27:25 CST 2014
ro.build.date.utc=1411684045
ro.build.type=user
ro.build.user=builder
ro.build.host=wcc-miui-ota-bd24
ro.build.tags=release-keys
ro.product.model=MI 3W
ro.product.brand=Xiaomi
ro.product.name=cancro
ro.product.device=cancro
ro.product.board=MSM8974
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=Xiaomi
ro.product.locale.language=zh
ro.product.locale.region=CN
Should I modify anything to "globalize" the device? It's Mi3.
Dzięki z góry za pomoc krajan
Install latest MIUIPolska rom. It's already made almost global.
Wysłane z MI4 W
Couldn't most potential security threats be eliminated by:
1. Encrypting
2. Installing another rom, not MIUI based (if possible)
3. Uninstalling the apps of concern
4. Setting specific permissions within each app
As for the personal information issue, couldn't that also be avoided by purchasing through a third party vendor? If they handle the information, all Xiaomi provides is the hardware and nothing else. Of course, I suppose if your options are limited in that area, it could be worrying.
kibmikey1 said:
Couldn't most potential security threats be eliminated by:
1. Encrypting
2. Installing another rom, not MIUI based (if possible)
3. Uninstalling the apps of concern
4. Setting specific permissions within each app
As for the personal information issue, couldn't that also be avoided by purchasing through a third party vendor? If they handle the information, all Xiaomi provides is the hardware and nothing else. Of course, I suppose if your options are limited in that area, it could be worrying.
Click to expand...
Click to collapse
To be honest I would t know. This device is not available here and as long as it is only paypal I'll never get it.
Hey, should xiaomi owners (typical consumers) should be worried about these secutiy concerns? I know this is a serious matter of privacy but is it enough to stay away from it?
feb289 said:
Hey, should xiaomi owners (typical consumers) should be worried about these secutiy concerns? I know this is a serious matter of privacy but is it enough to stay away from it?
Click to expand...
Click to collapse
Hi. This is a very old topic and concern. Security concerns were raised as MIUI v5 used to directly sync data to their cloud storage, MI cloud. So it looked like all data was secretly being sent to China. However this has been resolved as soon as the matter was brought to notice. Now you have control over what gets synced. So there is no reason to be scared
Sent from my MI 4W using XDA Free mobile app
Are you sure it isn't Xiaomi Cloud Service just like iCloud?
Sent from my MI 4LTE using XDA Free mobile app
I read an article regarding a stock app named AnalyticsCore.apk
http://thehackernews.com/2016/09/xiaomi-android-backdoor.html
https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/

Categories

Resources