Miren Browser SECURITY concern - Android Apps and Games

Hi!
I got myself in a real predicament here. I just love this Miren browser (v1.2) from the market. It's actually so unbelievably good, I feel as though I need to make the following request to the community before A LOT of others and myself are totally hooked to it.
So here's the problem, Miren is relatively unknown and from China. Now let's be clear here: I don't have anything against china but I think this does merit that someone takes this thing apart and take a good look at it before we all start punching in our passwords by the thousands. I have fruitlessly spent hours searching online for any info on this browsers integrity. As I unfortunately don't know myself how to e.g. wireshark the phone and check for security flaws, I had hoped some smart linux person here is willing to invest some time and check it out. Thank you

thats a valid concern, the only way to be really sure is
1) find an open source browser and build it yourself
2) go through the code looking for back-doors/root kits/triggers/trojan/keylogger etc
Some choices:
-Firefox mobile
-Default android browser
-Chrome (coming soon I hope)

I see your concern but where do you stop?
What about those "free" apps people mindlessly install? Some have been proven to send data behind the scenes with "rights" loopholes.
Plus, I see you say its "not that its from China..." but... you do seem to have a concern that it's from "China", why not pick on Dolphin Browser?

Good point mentioned by everyone.

Once you have doubt then just stop using it.
You can try Xscope 6 version. It's fast...
Actually there are so many apps that leaking your information regardless if the apps are from China or not. I think all the users should pay attention on the security issues when using smart phone with easy internet access.

Related

ninesky browser - privacy worry

Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.
I was a big supporter of Ninesky but I uninstalled today. It does seem to be constantly running and transmitting data, though what data is being transmitted I don't know. LBE also kept notifying me that it was trying to obtain my location information even when I wasn't using it. I uninstalled it through the Market and left a one star review.
Drunk texted from my MIUI Thunderbolt.
I'm writing a review of about 13 different Android browsers, and came across Ninesky. Has anyone heard anything more about the privacy concerns and what data it might be transmitting?
well....if it keeps requesting the location even while its closed, thats not a good sign...
Not good. This needs addressing.
I have changed my review on Market also until we get some answers.
Cheers to the OP.
I agree. I think my review should come out tomorrow, hopefully the developer reaches out. It really is a decent browser.
Sent from my Transformer Prime TF201 using xda premium
´I'll leave you here my tests made since Monday with last versions of each app:
==|Boat 4.0.1|==
#Just after starting#
- Ask for GPS location
- 211.151.139.246 (China Network Information Center)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Dolphin HD 8.6.1|==:silly:
#Just after starting#
- 184.73.86.141 (AMAZON.COM - amazonaws.com - US)
- 65.52.32.12 (Microsoft Corp - US)
- 107.20.57.0 (AMAZON.COM - amazonaws.com - US)
and one more on this IP range type...
- 205.251.242.197 (AMAZON.COM - amazonaws.com - US)
- 205.251.242.165 (AMAZON.COM - amazonaws.com - US)
- 72.21.195.98 (AMAZON.COM - amazonaws.com - US)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Firefox 14.0.1|==
#Just after starting#
- No Ping
#When going to any website#
- 80.67.92.43 (AKAMAI TECHNOLOGIES US) *
- 93.184.219.20 (EdgeCast Networks - US) *
- IP from that website
* note: not always, most of the times just go to IP website we asked
--------------------------------------------------------
==|Opera 12.0.4|==:victory:
#Just after starting#
- No Ping
#When going to any website#
- IP from that website
note: DON'T use Opera Turbo or EVERY single info WILL pass through their servers...
--------------------------------------------------------
It's pretty obvious to me who are the most privacy oriented here...
STAY WAY FROM OPERA MINI AND DOLPHIN MINI AND ALL MINI VERSIONS. They process all info on their server first for speed.
Anyone researched Xscope or could research this browser?
If you explain how, I could do it myself!!
Sent from my GT-I9000 using xda premium
But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2
bombayboy said:
But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2
Click to expand...
Click to collapse
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...
sushidog said:
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...
Click to expand...
Click to collapse
Connected with reference to Google promoting & supporting Firefox before they decided to go with Chrome.
I still use Firefox, Aurora & Chrome
Sent from my MT11i using Tapatalk 2
If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.
DnaPolymerase said:
If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.
Click to expand...
Click to collapse
Like facebook which sells our data
Sent from my MT11i using Tapatalk 2
Calamitous with Ninesky
Hi,
I stumbled upon XDA Developers forum today and I was so grateful to find this write-up; it was the only honest review I could find of Ninesky. So, thank you.
I want to share an experience our family went through a few weeks ago. Perhaps it will answer some of your questions and alert some users out there of what this browser could do. We have an unfortunate incident happen to our child: My little boy received an android tablet for a gift this October. He was so eager downloading all the apps and games he could find, and in about a month, it was completely personalized. We regularly monitored his downloads, the games he played, and the apps he utilized.
Much to our regret, we really did not give much thought to the browsers he had installed. He had more than three at one point and Ninesky was always in the background. Sadly, whenever he would search for apps, we later discovered Ninesky directly linked him to several stores that was not common to Google or Firefox. Some of them had Anime icons (mostly innocent looking), nicely titled games for their tiles. Some apps were legitimate and very cool games; however, some apps were direct links to hard-core porn websites and a whole universe of filth (not excluding child-porn). They attached themselves to the tablet like trojans and was quite aggressive in linking the user to overseas app stores (inappropriate). Every time a game would be uploaded from one of these stores, it gives auto-access to these atrocious websites and videos. Because Ninsky always functioned in incognito--one of it's touted features--we almost had no access to the history or cookies when this browser was used. Almost anyway ... it took us hours (and some hacking) to track and identify what was really going on, the seeming source of it was this "sophisticated" browser.
So the catch may be that this browser has no advertisements because it plays host to several groups funding the porn industry. That's my suspicion anyway, based on what we went through.
I cannot begin to say how grieved we are that our son was exposed to all this, especially that we discovered it so much later. We thought we paid attention. That being said, he's back to playing with his remote control car outside, where life is a bit less complex.
More power to your forum and thanks again.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
xenofont said:
Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.
Click to expand...
Click to collapse

[Q] I have questions about Android security. (Edit: I STILL NEED HELP!)

I don't own a smartphone yet, but I'm thinking about getting an Android phone soon. It will be my first smartphone. I’m also new to XDA-Developers. Please help me, as I have questions about Android security and though I’ve posted this message to several other web sites--android.stackexchange.com, Quora.com, and Reddit--no one has answered all of my questions completely and thoroughly. I’ve only gotten short responses that are a few sentences long and only talk about one or two things. I really need more help than that, and I’m hoping that I can get it here!
I know that this message is long, but please, if anyone can read through it and then try to answer all of my questions, I would REALLY appreciate it!
Here are my questions.
1. Is Android’s stock browser updated directly by Google, or do updates to it have to go through phone manufacturers (Samsung, HTC, etc)?
2. If I buy a phone that runs a manufacturer-customized version of Android, such as the TouchWiz version of the S4 or the Note II, will keeping Android’s stock web browser--as well as any other browser I choose to use--up to date keep me safe from web-based exploits, even if that phone’s manufacturer is slow to deliver updates? (Edit: I want to add that I'm interested in technical details.) By “updates” I mean updates to everything provided by or customized by the phone’s OEM: the customized version of Android, the manufacturer’s pre-installed apps, etc. (Edit: what I'm asking here is whether the OS needs to be kept up to date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date, whatever web browser it is).
3. I have read that OEMs are often slow to update their devices, and because of that I have limited myself to only looking at Nexus devices and Google Play Edition devices. But I really need to know if I SHOULD limit myself to Nexus and GPE devices for the sake of web security. (Again, I'm interested in technical details.) I don't want to buy a phone from a manufacturer that takes months to release security updates, leaving me vulnerable to web browser exploits and malware in the interim. But if I am wrong about ANY of this, please tell me so, because I would like to be able to consider devices that run manufacturer-customized versions of Android, such as the Touchwiz version of the S4 or the Note II (or maybe the future Note III).
(Edit: the answer to question #3 would depend on the answer to question #2; if the answer to #2 is ‘no, the underlying OS does not need to be kept up-to-date to protect you from web browser exploits’, then I guess the answer to #3 would be that I can consider buying a device that runs a manufacturer-customized version of Android that won’t receive OS updates as quickly as a Nexus does. If, on the other hand, the answer to #2 is ‘yes, to protect yourself from web browser exploits you need to keep both your browser AND your OS up-to-date’, then I guess for maximum web security I’d need to buy either a Nexus or a Google Play Edition device.)
4. I’ve read that in-app advertising can be a security risk. I’m really hoping that someone here will explain this to me. (Edit: again, I'm interested in the technical details, but keep in mind that I'm new when it comes to smartphones.)
I’d like to add a few comments:
1. I will only get my apps from the official app store--Google Play--or maybe Amazon.com’s Appstore for Android.
2. I'm concerned about web security and in-app advertising.
3. I don't plan on rooting my phone. I'm not saying I won't, I'm just saying that I don't plan on it.
1. Only nexus devices are updated directly by google. Even htc one Google edition will be updated by htc, so as the browser since it's a part of the software.
2. Manufacture updates are slower than Google. Most of the good apps available should receive updates and solve security issues.
3. If you want to disable advertising then use adaway, notice that you will need root.
1. The stock browser I believe does get updated when the OS is updated. I've read about people getting OS updates to find the stock browser is then faultering and assume this then gets updated. The update of the OS is usually done by the device manufacturer unless you are using a custom rom. Whomever creates the rom used on the device, is responsible for the internal updates for it, to whatever level they wish to support it. I have read that google don't mainstream care about the stock browser as they are pushing Chrome for the win and a separate team deals with the stock browser.
2. The world and his hedgehog are not safe from hack exploits. The quality of protection out there in any sense is mirrored by the quality of hacker. If you have a crap security level, any old hacker can exploit it. If you have the worlds most renowned secure, then the best hackers will break in at some stage while the wannabe hackers struggle to threaten their way out of a paper bag. However with some people, they need gold bullion and jail style security while others wonder why they need it. People can recommend you do this or do that, and some recs are excellent while others are not quite but almost hilarious but at the end of the day, if a child can hack into high security places, our devices are not so hard to get into. That said... we can run paranoid while there may be no threat at all. If you are concerned, just be careful of what you do with your device. Myself, I use it for every day communication and have not yet used a credit card on it with no real need to.
3. Even the greatest have not updated their OS. The Motorola Xoom promised one from purchase yet people were moaning long after the stock sold out that it never came. Granted it surely must be true that certain companies are quicker to advocate update releases than others. But the higher paying vs the cheap low end thing isn't something to run with either. I have a very cheap quad core tablet and that has just had a firmware update from last week and as far as I can see, it's an almost brand new device, market wise so it seems the update from them was fluid. Again, that said, the updates seem to be more about the OS running well, with the hardware and app capabilities than security although I dare say there are some inevitable security fixes in there too. My quad tablet was sluggish to some extent and a bit crashy but so far, it is fine after the update although I have only done it a few hours ago... everything me and the kids have tried, has either worked better of been flawless. No sign of lag yet anyway.
4. In-app advertising can be dangerous for a few reasons i guess. but the reality again, is I think any file can have dangerous code attached and configured in a way that the OS or security cannot smell it. Of course there is the ability of spam links to scam sites. There is also false flag things that are or maybe are possible too. For example, using x file with y file and requesting a cup of tea from z file can make a security team think your couch is about to disappear and your granny is about land bump on the floor, when indeed an app just wanted to execute a command using an ancient method of pressing Q. This is something I learned in windows based operating systems where using certain dll files with certain other files can trigger an alarm, as innocent as the intentions were. I built a website not so long ago and called some iFrames in that had no < head > or < body > tags. the pages worked perfectly but some chinese company employed to protect a british isp flagged the site as a security risk and blocked any visitors from viewing it. Thankfully, long gone are the days that visiting a website would fry your motherboard.
On your remaining comments.. seems like wise advice as of course there are scammers out there who will give your granny that bumpy ride off the disappearing couch onto the floor or steal your account and all those types of greed based madness which is a shame because it ruins the experience of say if a friend is trying to build an app and they ask you to give it a go, you are somewhat rightfully not willing to play ball.
FYI I have been around computers for a long time but am by no stretch of the imagination an android expert at all. I hope what I have wrote above is helpful and not by any means, wrong. I have not long posed the question about rooting and security as I do not qualify understanding the realm at all. I dare say it is a huge question, to some extent.
Also, security risk aside as no smartphone tablet or computer escapes that realm, Android for me is the best device, then IPhone, then Windows Phones, then Crapberry. I would never purchase the latter three.
Hi codQuore,
Thank you for your responses to my questions. I need to clarify two of my questions in my original post. (I have edited my original post to include these clarifications.) In question #2, I was attempting to ask whether the OS needs to be kept up to date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date (whatever web browser it is). In question #3 I asked whether I should only look at Nexus and Google Play Edition devices for the sake of web security, and the answer to that would depend on the answer to question #2; if the answer to #2 is ‘no, the underlying OS does not need to be kept up-to-date to protect you from web browser exploits’, then I guess the answer to #3 would be that I can consider buying a device that runs a manufacturer-customized version of Android that won’t receive OS updates as quickly as a Nexus does. If, on the other hand, the answer to #2 is ‘yes, to protect yourself from web browser exploits you need to keep both your browser AND your OS up-to-date’, then I guess for maximum web security I’d need to buy either a Nexus or a Google Play Edition device.
What are your answers to those two questions?
Truth_Seeker1 said:
What are your answers to those two questions?
Click to expand...
Click to collapse
At a guess I would say, for browsers that are built in to the OS, there will be two ways this can update, via the OS update and independently. The OS update would be a total OS replacement that is not automated and you would need to use a built in checking feature (if available) or manually check yourself periodically. Browsers that you add yourself will be offered updates from notification unless the ability to auto update is allowed then it should happen seamlessly of course letting you know. Google "android chrome update" to see something along the lines of what the update history shows.
Yes, you would want to update but I would recommend having a read first as on any computer device, an update can be flawed or give more problems than it's worth. Although more often than not, an update should be an improvement on performance and stability and of course for security.
If you are working blind, then do an update and assume security improvements are happening and go for it. If not, then you will know what is happening. I have never gone to the lengths of checking an update list before updating for android, but with pcs I do depending on what is updating, check what the update is worth and how people are getting on with the update. I did beta testing for years (hence the knowledge of flawed updates and reluctance to do the updates) so for me it's one of those do you risk it scenarios.
Sadly as I said above, we are never safe from hacks but with some hindsight and genuine attempt to protect, we are safe from the majority. For me it's 90% "what are you worried about?" and 10% "I don't blame you for being paranoid!"
As for the preference of buying google branded devices, the foundation of an android release is surely never set for these devices "out of the box" so to speak. I would assume that the team who look after these devices have the same process of having to streamline the OS thereafter before they can release it for their device update. This is somewhat proven by people wanting to put a custom rom on their Nexus and such. For some reason, people aren't happy with the normal rom and want or need to replace it. naturally, it is easy to think a nexus device for example, is closer to home and should by rights get updated a bit quicker than my Ampe tablet but in some respects I think this could be a bit of swings and roundabouts, again depending on the company and their apportioned team force to output the update. Yes you should be better off with a more directly linked device, to google but in my opinion, the concern is not a great one. You would be better off thinking about your budget, what you can save and ultimately do with the extra cash alongside the knowledge of which devices and companies actually do spend an effort on looking after them.
I'm in no position to afford these devices and if I were, I would rather throw my money in the bin (or spend it on my loved ones) than give it to the highest bidder.
So in the end, yes updates are 99/100 important and should be done. Be careful of what you browse and do all secure data passing before you go out on the internet highway and risk getting robbed. It is probably safer to "remember my password" to avoid future keysniffers than worry about indepth data mining. Of course, anyone can give you a sniffer but data mining is more clinical, I would say.
Finally, i wouldn't worry about these things too much but as concerned as you are, do some research. But do remember that in one hand, the UK government said "the internet isn't safe so we don't use it" yet on the other, the majority of secure usage is 'watched' by paid professionals for banking and such and is alot safer than you may think aswell as protection for credit card fraud and such.
Thanks again codQuore. I understand your point that there is no such thing as 100% bullet-proof security, but I still need to know whether both the OS and the browser need to be kept up-to-date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date (whatever web browser it is).
You are most welcome, TS. I would say generally yes, to both, to be on the safe side. I'd like to guarantee the OS update will update the browser if it has been updated in the update and that the browser can be updated on it's own. However, I think I am right in saying you have to check for OS updates yourself and the same for certain apps whilst some apps will auto offer the update. You may be able to force this auto update for all apps, but how this is done per different version of android, escapes me. I do remember seeing the option come up after a factory reset or buying a new device and running the first time setup of playstore and such. There's an option for it somewhere. but I don't think the OS itself offers an auto update, it has to be checked for, in my experience. I have just done my tablet and it required installing some software on my pc from the tablet manufacturer and getting that to update the firmware/os. It was a 525MB download and everything was in chinese lol. I managed it with the help of google translate but it also helped that I had previously done the same thing on a t-mobile vivacity for my daughter after her OS died and got stuck at the rotating t-mobile logo on first boot.
It is essential to update but across the board it's not majorly important to check every minute, so to speak. You'll be fine. For the record though, my quad core tablet cost £70 from singapore and I knew I was taking a bit of a gamble but was protected by returns if all went wrong and get my money back. A similar tablet is something like £120. I plan on doing the same thing for my next phone upgrade too... but I don't have a contract phone running, I am on pay as you go and all I use is internet, no calls. Incidentally, I pay £20 for 6months net from t-mobile and the only limit is 1gb per month on video. when that expires, youtube and such stops working, some video sites carry on and everything else, FB mail, tethering, ftp via pc and stuff, all still works. I have even streamed radio from my android phone, flawlessly.
codQuore said:
I'd like to guarantee the OS update will update the browser if it has been updated in the update and that the browser can be updated on it's own.
Click to expand...
Click to collapse
LOL, I had to read that sentence several times in order to process it because you used the word "update" so many times :laugh:
If I remember what you said earlier, I think you said that the stock browser doesn't get updated on its own, but only as part of big OS updates? So it won't receive security patches as vulnerabilities are discovered, and won't be updated until the next version of Android arrives?
If this is true, then I'll use a different browser. But even if I use a different browser, is code from the stock browser used in other things, meaning that it is STILL a security risk if it isn't kept up-to-date?
It also occurred to me that if an OEM is slow to release OS updates for its phones, will it be just as bad at keeping its pre-installed apps up-to-date, and if so, does that pose a security risk.
Haha, looking back I can't believe I wrote that and am wondering if its a valid statement. I'll leave it for someone else to contradict lmao.
The core of the os and apps that run built are updated I guess separately and together. EG, say the browser gets an update to 1.1 the next update of the OS will most likely carry that updated version but if it doesn't it should still offer an update after you hit the playstore setup. naturally, these apps use core parts of the OS and i think some updates for apps will carry their own additional bypass of outdated os core, where applicable. That said, the bypass could be more secure in one sense and less secure in another. I'm guessing this is even possible. One thing I am yet to see, knowing how windows and linux works a little, is android have to update x- because something app wise has been installed that requires it. Alot of software on windows, requires things like framework to be added, linux is or can be the same.
The chances are you will be 99% secure in any event. The core defence for mobile phones is the phone companies themselves as that is in the realms of trillions of dollars at risk. They've been cracked before and they know it, so there is some possible reassurance for the devices, from that angle.

Time for a New Non-Profit Browser Project

Mozilla has lost its way. Technically it's not even a non-profit any longer, and it no longer behaves like it. Capriciousness and indifference to developer concerns is rampant.
For me, the change in the nature of the file browser is the straw which broke the camel's back. The file name now spills uncontrollably over the page, disfiguring any layout which surrounds it. Just as it does in Google's browser.
The direction Google is forcing the web into is contrary to the original vision of it as designed by Tim Berners-Lee. In response to user ire, the Mozilla team again and again blames Google, alleging that Google's design is "ultracompetitive" and that they "have to catch up" to them. Yet if you read their blogs they make no secret that the new standards and design choices are being made in collaboration with Google (HTML 5 is apparently the brainchild of a pair hailing from Google and Mozilla, respectively... or at least that's what they want you to think).
For me, the burden that the file browser now imposes is something that's just not practical from an implementation standpoint. With this change, web browser form design no longer even competitive to XWindow. The whole thing seems like it was dreamed up by one of the jerks on a reality talent contest... and a takeover by one of those very jerks seems to be the most probable cause of this particular miscarriage of philosophy, just as happened at Microsoft with XBox One last month. But I'm not about to clamor for a figurehead's head: just as at MS, something is rotten at Mozilla. We need a new seed to sprout that can take us into the future. A seed that will respect the intelligence of the people who have to now placed their faith in Mozilla, only to be told by the organization they exalted that they aren't as smart as it. This new organization, if it is not to suffer the same fate which hangs over Mozilla, will do right what Mozilla heedlessly does wrong, including:
respect for user freedom and competence.
avoids placing undue burdens on the designer
avoids obfusticating its code with impenetrable, bug-ridden COMs.
is open source.
In short, it'll be friendly and it'll actually listen to people who aren't ready to fork over their whole lives to an endless reinvention of the wheel like we are seeing at Mozilla.
Free browsers are nice and all, but they just aren't working out. We're getting what we deserve for letting Google take everything over and letting Mozilla get by without relying exclusively on user donations. The result is a corrupted organization and now, a faulty product. I'm prepared to pay a little for a good browser that respects common sense design practicalities. What about the rest of you, will you sacrifice the price of a couple large pizzas for a decent web browser minus the drama?
I've done my bit to try to change Mozilla's downward trajectory. I went on their forums and their chats and told them, this stuff doesn't work. They're making things hard. Their response was that they didn't really give two cents for the opinion of anyone who wasn't down in the trenches with them writing code in their incredibly complicated wrapper context. Like you, I've got other priorities. There are people out there with more experience and, quite frankly, better math skill that can do this job and get a lot more out of it. I want to give them the chance to do just that. Tired of the betrayals, just want to download my browser updates and be done with it... is that too much to ask? I don't think it is, and I hope you don't, either.
I've never tried to write code for a browser before, never even researched it. I'd be happy to help, but I'd like to see a mock GUI first to see how clean of a browser you're shooting for. Mock one up?
t3hcurs3 said:
I've never tried to write code for a browser before, never even researched it. I'd be happy to help, but I'd like to see a mock GUI first to see how clean of a browser you're shooting for. Mock one up?
Click to expand...
Click to collapse
Actually I was looking around and it seems like there is this browser called NetSurf which may be doing everything right. There's no build for Windows or for mobile, which is an issue, but its libraries are in C which offers little room for obfustication a la C++. Should be portable to Java... I think if there was a windows build this browser could take off.
Although I don't really need Windows anymore. I'd just as well settle for a mobile version. There's also Amaya, but it has a reputation for poor ease of use and excessive minimalism. And there's Dillo which is stuck in a timewarp.
There is a question of where they're getting their funding from. However, they seem to be far enough along that if they did start to pull crap it would be easy enough to fork, and really I don't think the web needs much more technology beyond what it already has at this point. I need more information though. What do you think?
Sewrizer said:
This is the best advice I can give as a humble user, and the point stated above makes me believe that this is how things should be created from the beginning. A new browser has the advantage of being based on the present ideas, and since the devs have nothing to lose they can introduce off the wall features, original ideas which others didn't dare to add for fear of losing users.
Click to expand...
Click to collapse
Yeah I agree with this. I asked Moz's JS engine people why they didn't program Firefox to use webworker technology to manage events, so as not to tie up the browser when waiting for file access, and they said it "wasn't in the spec" and "wasn't a priority". And when I requested that they program the canvas API to access multiple cores, they told me to take it up with W3C. Thinking like is not gonna move anybody forward.
I have no issues with Firefox's UI... it's its API which kills me.
EDIT: OK Netsurf is definitely not ready for prime time, but it certainly has potential. I think if it were combined with Mozilla's SpiderMonkey it would be able to handle Javascript alright... I don't really care it's slower than Chrome from the outset... could always be improved. Really dynamic recompilation is the state of the art. I like that it's written in C, and uses GTK and SDL. Gonna look into this...
Here's some evidence of how bad Mozilla has become.
Nevermind... due to new poster restrictions I can't post my links.

Android browsers needs to do better!

People, please spare a moment.. It's going to help..
Over the years I have used, tried, tested and reviewed just about every browser in the play store.. Sadly, android browsers are mostly overhyped, very few even worthy of being there..
HERE'S THE DEAL
1. Most users (including myself) needs to have 3 or 4 browsers in their devices..
WHY? Because, browser X has something what browser Y doesn't AND, Y has something what X doesn't.. So people hopelessly end up junking up all of them wanting the best of everything.. This creates wastage of resources and bloating up devices but can't help it.. After all, no one wants to miss out on something important.. As if it's not possible to share or unify the major features..
2. Does developers expect everyone to have free hi-speed wifi access everytime?
Why does the already loaded pages and multiple tabs needs to reload/refresh without the user's consent everytime the browser is minimised for a few minutes without even even killing or exiting (no task killers here), wasting needless time and data making the browsing experience very undesirable.. This happens on most of the browsers barring opera mini..
What devs must take regard is that a vast majority of mobile users are on tight expensive 3G/4G data plans.. And this takes a big toll, doubling or even tripping up your monthly bill..
Is it an Android OOM or a caching problem?
Some even offers data compression and engines for economical surfing, which will make a negligible difference as compared to this problem.. Whatever this strange behaviour is, it's a big issue that needs to be looked into very soon, and this doesn't happen on a PC..
3. While, some browsers downloads a Web page instead of saving the already loaded page whereas some really popular BIG names doesn't even support saving a page for offline viewing which is such a crucial aspect of being a browser.. I hate to say this but it's such a shame!
Do you still need to concede precious data just to download the already loaded Web page for offline reading when Uc browser, opera mini, opera mobile can all easily save the already loaded page in an instant without eating any more data?
I believe, it's not all about staying ahead of the competition and thriving to be reputated as the ultimate best browser BUT it's more about focussing on the persisting flaws and offering the users the best experience along with the feature improvements..
See, what I mean is that it's pretty obvious that they already know more than anyone else about the above described problems but unless one of them steps up and do something about this NO BODY AMONG THE REST IS GOING TO CARE!
It's like a cat and mouse game, decades back, some television manufacturer implements remote control for the first time and solved a problem making life much better for us and suddenly the rest started doing the same to catch up BUT they all knew the technology was already there and anyone could have done it first with just a little more effort BUT they didn't care because nobody was complaining BUT, WE ONLY REALIZED HOW MUCH DIFFERENCE IT MADE AFTERWARDS..
I SAY, ANDROID HAS EVOLVED BIG TIME SO DOES THE BROWSERS NEEDS TO.
Sent from my GT-P3100 using XDA Premium 4 mobile app

AirDroid Using Tencent Servers?

I've search for information on this but have found nothing so I thought I'd post my findings here and see if anyone has anything to add/correct.
I've been setting up firewall blocking on my router using ASUSWRT-Merlin with Skynet firewall. I decided to block a whole bunch of countries that I deemed unnecessary/risky for security, including China.
Turns out, blocking China prevents AirDroid from working - it can't even log in.
Checking the log shows a bunch of domains that Skynet is blocking (stat.airdroid.com, stat3.airdroid.com, stat-push.airdroid.com, us-east-7-data.airdroid.com, us-east-8-data.airdroid.com, srv3-clb.airdroid.com, id4-clb.airdroid.com; possibly others). Telling Skynet to unblock these domains results in it responding with "Element cannot be deleted from the set: it's not added" (i.e. they're not blocked).
Removing China from the blocked countries list allows AirDroid to work.
Now this is where things get interesting, and how I figured out the China-wide blocking was causing this issue. In the log file that Skynet stores on the inserted USB drive, "skynet.log", it shows the IPs that these connections were trying to make. All of them are owned by Tencent (there were two prominent ones, but the entire range beginning with "49.51." is owned by them) - specifically, these are for TencentCloud (I assume those are their cloud services, like Azure or AWS or such).
Also, the three MAC addresses dealing with the Tencent IPs are my Note 9, Galaxy Tab A8 and my MacBook - the only three devices on which I run AirDroid.
I'm sure most people won't really care on what servers AirDroid are hosting, but personally, I'd rather not have any connections made to or from Tencent IPs if possible, especially considering how often AirDroid appears to be phoning home. This worries me, especially since this doesn't appear to be public knowledge. The only inconsistency is that a whois lookup shows AirDroid's host is GoDaddy, so how exactly Tencent is involved, I'm not sure... but they are.
If I'm mistaken about this, please feel free to correct me - I'd be happy to be wrong, frankly -, but based on what I'm seeing and the blocking/unblocking I've tried, it appears, at least for now, that this is true.
Guess I'll have to start looking for an AirDroid alternative, because this is unacceptable to me.
Attached are some screenshots of my logs with MAC addresses and personal IPs redacted in case anyone is curious. Yes, I realise the dates are different - I didn't realise I'd screencapped yesterday from the log until after I had edited the images, but the data is pretty much identical to the data from today.
Best I can tell, the Tencent IPs definitely coincide with AirDroid trying to log in and authenticate (and failing at the time because China was still blocked).
Thanks for this info, I was already having my doubts about Airdroid.
No problem. I'm glad someone found it useful. Nobody else seems to be talking about it, which bothers me.
If nothing else, Tencent's servers are being used for Airdroid's authentication servers.
Not sure why it is such an issue really? I mean it is not like other services that use servers tell me where they are routing anything. I would be more worried that there is basically no information about the company that runs the project.
wangdaning said:
Not sure why it is such an issue really? I mean it is not like other services that use servers tell me where they are routing anything. I would be more worried that there is basically no information about the company that runs the project.
Click to expand...
Click to collapse
Because not every company routes your information through Chinese servers which, in this case, could have a large amount of access to your linked devices. Tencent is not a trustworthy company. This could potentially mean that, if they wanted to, the Chinese government could access a lot of your data through AirDroid.
Now, obviously that's not guaranteed, but I still wouldn't trust it.
Then again, there's a reason I try to stick to FOSS software as much as possible. AirDroid was convenient for a while but I don't use it now.
Besides, your reasoning for this not being "such an issue" is "others are shady too". That... doesn't actually make it any better. Plus we know that companies like Google, for example, mine your data anyway, whereas this seemingly innocuous application that I've seen readily recommended by many people is a lot more obfuscated (probably because it's a smaller app).
That, and I haven't found many apps and sites from personal usage that my firewall setup blocks, so this one absolutely stood out like a sore thumb.
I don't want anything to do with Tencent and I know other people feel the same way as me. More importantly, I shared the information to hopefully learn more and, more importantly, let other people know in case they care.
TankedThomas said:
Because not every company routes your information through Chinese servers which, in this case, could have a large amount of access to your linked devices. Tencent is not a trustworthy company. This could potentially mean that, if they wanted to, the Chinese government could access a lot of your data through AirDroid.
Now, obviously that's not guaranteed, but I still wouldn't trust it.
Then again, there's a reason I try to stick to FOSS software as much as possible. AirDroid was convenient for a while but I don't use it now.
Besides, your reasoning for this not being "such an issue" is "others are shady too". That... doesn't actually make it any better. Plus we know that companies like Google, for example, mine your data anyway, whereas this seemingly innocuous application that I've seen readily recommended by many people is a lot more obfuscated (probably because it's a smaller app).
That, and I haven't found many apps and sites from personal usage that my firewall setup blocks, so this one absolutely stood out like a sore thumb.
I don't want anything to do with Tencent and I know other people feel the same way as me. More importantly, I shared the information to hopefully learn more and, more importantly, let other people know in case they care.
Click to expand...
Click to collapse
I would like to know what exactly makes tencent untrustworthy. I use them for banking daily, so would like to be informed.
wangdaning said:
I would like to know what exactly makes tencent untrustworthy. I use them for banking daily, so would like to be informed.
Click to expand...
Click to collapse
The fact that they give your data to the Chinese government should be all you need to know to deem them untrustworthy - Tencent and similar companies collect a lot of your data (often illegally).
If you don't believe me, look it up - most of (if not all, though that has yet to be conclusively proven, but it's not much of a stretch) the tech giants in mainland China are in the pocket of the Chinese government.
Frankly, I value my privacy too much to deal with such a company, and using them for banking sounds like a bad idea to me.
Here are some sources that I pulled up quickly, but there's plenty more of these around the web:
https://www.wsj.com/articles/chinas...ping-the-government-see-everything-1512056284
https://www.scmp.com/tech/article/2...-your-data-when-you-use-chinese-messaging-app
https://fossbytes.com/xiaomi-and-tencent-illegal-data-collection-china/
https://freedomhouse.org/blog/worried-about-huawei-take-closer-look-tencent
The best they get is a slap on the wrist (and sometimes only for the sake of publicity), then they continue on with these practices.
And that's to say nothing of the censorship in which they engage.
TankedThomas said:
The fact that they give your data to the Chinese government should be all you need to know to deem them untrustworthy - Tencent and similar companies collect a lot of your data (often illegally).
If you don't believe me, look it up - most of (if not all, though that has yet to be conclusively proven, but it's not much of a stretch) the tech giants in mainland China are in the pocket of the Chinese government.
Frankly, I value my privacy too much to deal with such a company, and using them for banking sounds like a bad idea to me.
Here are some sources that I pulled up quickly, but there's plenty more of these around the web:
https://www.wsj.com/articles/chinas...ping-the-government-see-everything-1512056284
https://www.scmp.com/tech/article/2...-your-data-when-you-use-chinese-messaging-app
https://fossbytes.com/xiaomi-and-tencent-illegal-data-collection-china/
https://freedomhouse.org/blog/worried-about-huawei-take-closer-look-tencent
The best they get is a slap on the wrist (and sometimes only for the sake of publicity), then they continue on with these practices.
And that's to say nothing of the censorship in which they engage.
Click to expand...
Click to collapse
If privacy was your main concern you would never use an app that routes your data through a third party without encryption. It is clear your goal is to take a shot at a company that is not even in control of the app you are complaining about. Lets see, your news list says, Xiaomi, Huawei, Tencent, and Chinese. How interesting.
By all means protect your privacy. I know I do and I use all three companies and many more products from the country. I hate that tencent knows when I get a latte though :silly:
wangdaning said:
If privacy was your main concern you would never use an app that routes your data through a third party without encryption. It is clear your goal is to take a shot at a company that is not even in control of the app you are complaining about. Lets see, your news list says, Xiaomi, Huawei, Tencent, and Chinese. How interesting.
By all means protect your privacy. I know I do and I use all three companies and many more products from the country. I hate that tencent knows when I get a latte though :silly:
Click to expand...
Click to collapse
It is clear your goal is to defend a bunch of Chinese companies known for handing data over to the Chinese government.
The fact that you are purposely trying to portray me in a specific way to fit your narrow-minded view instead of being concerned about how and where data goes (and for the record, I care about where my data goes in general, but most people around here are already well aware of where data for companies like Google and Apple goes, but not for an app like this) is frankly ridiculous.
If you don't care about this (which you clearly do not), then kindly leave this thread and don't return. I posted this thread to let people who despise Tencent and their business practices know about AirDroid's involvement, and to see if anyone had more information. I did NOT post this thread for you to come along and defend Tencent's honour. Enough garbage companies already do that, and they've added as much to the discussion of privacy as you have (i.e. absolutely nothing of value).
Great concerns, for sure. Thanks for your input.
I tried the app, quickly isolating it from the WAN, and running with Xprivacy of course. Luckily, HTTPS local connection only is possible. I wouldn't sign up in this type of app and i wouldnt use the barcode reader to connect to WAN. Rendered LAN web app contacts chinese servers on the PC, but reviewing content it looked fine in a quick check.
The app seems chinese, it's giving me one notification bar in chinese, and rest of translations are chinglish. I don't say it's neccessarily wrong, i just want to know if this is an open source app to trust it. Otherwise, i will keep running it in strict LAN mode.
Now about the functionality, I like Synology/Windows like UI. So cool!
Contacts/Call log/messages/ringtones/apps work.
Mirroring and Camera worked once. There's some strange checkbox "Don't show again" to click on (?) in Mirroring settings which doesn't work. Update: Camera worked again once switching back to HTTP.
Files/Music/Pictures/Videos don't work at all, even the android app cannot see files. No clue why.
Notifications are shown again on HTTP, however they're not displayed by the browser AND they simply disappear later. No actions also. So unless you 're currently in the tab, you won't notice anything.
I struggle to find a use case for this.
* Mirroring isn't interactive - so together with Camera it's a very infrequent function to use. I'd rather have an interactive mirroring like MobilEdit (if i remember correctly), what a great app it was. Or a Dex type of desktop where you can really interact with the android.
* Messages is showing "SMS", which is something obsolete for me, using alt messenger with secure repository (not the standard unsafe android one). SMS and calls are dead to me long time ago, but i'd have been happy about possibility to reply a decade ago, definitely!
* The last resort is notifications, that'd save some time if implemented well, with history. But it's not.
* One more thing on my mind is ability to send APK to phone, ok.. but it's again a rare task, i wouldn't run this background service for this purpose if i can send the APK via bluetooth...
I look for an app that let me get rid of USB cable for sharing photos or musik between PC and phone.
Sorry if I didn't understood the whole elaboration, but isn't this not just a point to point connection? I wouldn't like that others have access to it.
Or is it about other services?
is this the same Airdroid that has been around for like 10 years now?

Categories

Resources