Related
I am concerned that Google has their tentacles all throughout the OS, and I want to take all measures to stop that. I particularly don't like their search query tracking (I use ixquick) and their nav app, as their privacy policies are atrocious.
Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious.
Of course I'll not be using the apps of that-search-engine-everybody-uses. Removing them forthwith, in favor of whatever GPL open-source apps there are available for various functions. Using self-contained nav software like CoPilot or TomTom.
So, have any devs investigated whether Android phones home at any interval? Have measures been taken to privacy-enable the Android firmware?
I hear that HTC has some sort of 'phone home' function. How to neuter that?
What good is Wifi? Is it that you can use that when available, not using up 3G bytes? I am asking what use it is on a mobile in consideration of mobility and the security problems -- what uses can this be put to, and how to secure the phone?
Where is the best place to find open-source apps?
I'm curious about this as well, not so much from a privacy standpoint, but how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem? And actually Google apps aren't in the Android sources, so you won't have them after compiling. Yeah, two birds with one stone.
Also you could disable WiFi if you don't like it.
Tachikoma_kun said:
how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
Click to expand...
Click to collapse
Errr... what ROM and how many apps do you have installed? There is no "mysterious data" on clean system, but 25% of apps use data connection for various reasons.
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
The background syncing does not turn anything off as far as I know.
To my knowledge it allows 3rd party apps the ability to check if the user has flagged this, but they do not have to respect this flag.
Tachikoma_kun said:
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
Click to expand...
Click to collapse
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Brut.all said:
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem?
Click to expand...
Click to collapse
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
i think he meant either put up or shut up, which is a pretty reasonable statement.
IMO it's anonymous user data.... let them build cybernet
otherwise say no to the T.O.S that is your constitutional right if you have "privacy" concerns
Brut.all said:
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Click to expand...
Click to collapse
Thanks, will give that a try.
themapleboy said:
i think he meant either put up or shut up, which is a pretty reasonable statement.
Click to expand...
Click to collapse
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Brut.all said:
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Click to expand...
Click to collapse
u know what they say about assuming...... it always makes you look like a jackass
Yeah, I mean we're not playing with iOS4 or anything.
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
If you're still concerned, I suppose you could always opt not to install the Google Apps, but you'd be a bit limited, functionality-wise.
Sent from my Droid using XDA App
themapleboy said:
let them build cybernet
Click to expand...
Click to collapse
O' little do you know... many years ago I did work in Eastern Europe. You have no idea the paranoia a society can endure. For an idea, watch the old TV series Danger Man. Or the movie 1984.
If most young people share your view, it is a dark future. I'm glad I'll be dead.
herald83 said:
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
Click to expand...
Click to collapse
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
I smell a rat...
Quantumstate said:
...Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious...
Click to expand...
Click to collapse
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
A 52yo real estate developer, whose not a coder, but used to be a "cracker" and knows what is possible? Anyone else here think this doesn't make a bit of sense?
It's funny, but it sounds like someone is trying to stir up some FUD by making claims that Android is somehow doing an "All your data are belong to us...". I hope Apple aren't paying your cheques!
@perpetualmotionuk: Be advised that there is a difference between mathematics and decryption, and coding. Yes I can do some coding, but not at a level necessary to analyze and modify an operating system.
If Apple were paying my 'cheques', wouldn't I come in with some sort of proof that monitoring is taking place? Rather than asking what others have found?
Now, rather than trying to tear people down, why don't you use that considerable nose to investigate this yourself?
No one's seen anything about info leakage?
Quantumstate said:
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
Click to expand...
Click to collapse
Most of that data is pulled from search history, I suspect. Which you can disable, if I recall. Don't have my phone on me at the moment to confirm.
I just did a very simple test on an emulator: after ~15 minutes of running system there was 0 (zero, null) of network packets. Now I want to do the same on a device with clean system, but I think results will be the same or similar (SDK system is just normal Android - very similar to these from devices).
I have a feeling that even if I will catch zero packets as well, you will be asking whether Google send something mysterious through... errr... bluetooth? Some hidden antenna?
If you're worried about Google tracking your info...root the phone and don't install the Google apps. What do ya know...problem solved.
If you're still worried that people are tracking what you are doing see steps below.
1) Flush phone or give to a homeless guy to throw them off.
2) Destroy Computers.
3) Liquidate everything you own.
4) Walk into the woods and live off the land.
5) Kill self shortly after because they already have a file on you.
You say you're a 52 year old real estate developer...guess what...they're already tracking you. You're already helping to build "cybernet" just by living and breathing.
And if you are really worried about your "220 year old Constitutional Rights" then go read the Patriot Act and discover that you don't have ****.
I'm normally not one to flame...but you are an absolute idiot.
I'm not an English person, excuse for the syntax/grammar/... mistakes I'd could make.
hedjemunkee said:
I'm normally not one to flame...but you are an absolute idiot.
Click to expand...
Click to collapse
I don't understand WHY this person could be considered as "an absolute idiot" by ASKING if some 'data' are sent over the network through the phone.
Facebook, with it's ad system is sending information for each ad displayed (not alot, but still some !)....
ADS.GOOGLE do you have any idea about what's behind !?
I don't have the number (nobody have it) of webpages using it but it's huge. with this you can track navigation of people, establish profiles, link to a physical person. Without your consent.
I understand the concern of the "OP" here. I don't think the data sent are easy to "catch", or are systematically sent... maybe there is no, and you are paranoid. But it "COULD". So easily. I'm from the young tech generation.
And to quote
Quantumstate said:
If most young people share your view, it is a dark future. I'm glad I'll be dead.
Click to expand...
Click to collapse
People who don't ask themselve the question, or wich refuse to be open minded enough to consider the right to ask this question ... could be surprised very soon. I'm not directly affraid of "google". I'm affraid of those 'blind' people.
You'll be dead in less than 10years !? I hope we can share some of the darkness you're talking about. your parent's generation started it, you continued it.
Anyway, back to the topic.
Why in my pocess list i've : (app id number) com.ap.SnapPhoto:remote
even when I do not use the camera !?
...when I notice my battery is being used more than usual I check the process list and I find this...
What's this "remote" !?
Maybe "remote" refers to "another app wich launch this app"... ? Otherwise... wow.
I'm installing tracking tools on my Xoom but someone could easily do a factory reset to get rid of them.
Is there a way to prevent a factory reset or make it realy hard to do? or is there a way to modify the rom image so that these apps are installed by default?
Essentially i want to make sure that the only way to get rid of the tracking tool is to flash the roms...
note: I have a rooted Xoom with Android 3.2
If you want to prevent people from clearing the device memory from the Settings UI, you can simply password protect your entire tablet (or portions of the software using App Protector or similar software). You may also want to lock down ADB and Android Market app installs
I don't think that most people would be smart enough to know how to get to the recovery screen from a fully powered down device, since it's model specific.
willverduzco said:
If you want to prevent people from clearing the device memory from the Settings UI, you can simply password protect your entire tablet (or portions of the software using App Protector or similar software). You may also want to lock down ADB and Android Market app installs
I don't think that most people would be smart enough to know how to get to the recovery screen from a fully powered down device, since it's model specific.
Click to expand...
Click to collapse
While this is a good suggestion, I could quite easily figure out how to get to recovery from any given device. It's really as simple as Googling it. Granted though, most people won't even know what recovery is!
OP, I'm not sure that what you want is available but I'd be very interested in finding this out also!
The thing is that i want people to be able to use it or more specifically connect to a wifi allowing me to...
- Remotely take picture of them...
- keyloging all their facebook/twitter/paypal passwords
- get the location of the device with the gps
And use the information to destroy their life before sending the cops in for the picking...
If the device locks completly they would more then likely trow it in a garbage or have somme tech wiz manualy reset/flash it. My main goal is to bait an idiot into using it and raising the difficulty of resetting the device.
Vellius said:
The thing is that i want people to be able to use it or more specifically connect to a wifi allowing me to...
- Remotely take picture of them...
- keyloging all their facebook/twitter/paypal passwords
- get the location of the device with the gps
And use the information to destroy their life before sending the cops in for the picking...
If the device locks completly they would more then likely trow it in a garbage or have somme tech wiz manualy reset/flash it. My main goal is to bait an idiot into using it and raising the difficulty of resetting the device.
Click to expand...
Click to collapse
This strikes me as you wanting to leave a trap allowing you to phish someone's details, more then you wanting to protect your device from theft. Perhaps you are planning to leave the Xoom out for the use of coworkers or fellow students, and harvest their data?
Up until the "keyloging all their facebook/twitter/paypal passwords" you seemed a bit paranoid and draconian, but reasonable...after that, I got a bad feeling about this. Even if you do want it to deal with a possible thief, keylogging their Paypal passwords would make you just as guilty of a crime as the tablet thief...and likely just as open to prosecution.
...leave a trap allowing you to phish someone's details...
Click to expand...
Click to collapse
LOL! i admit it may sound like it at first glance. I dont plan leaving it or go "phishing" like you said. I'm not the kind of having the money to trow 500$ and crossing fingers.
All i want is raise my chances of recovering the device should it get stolen. If it's locked then they will just trow it in a garbage or have someone flash it. If it's unlocked then they can use it allowing me to trace it.
would make you just as guilty of a crime as the tablet thief
Click to expand...
Click to collapse
I dont plan using the data my self... I was thinking more like posting the thief details on 4chan or other sites like these and post banking info free on underground sites. I dont want their money.
You cant blame me wanting to turn the life of a thief into a living hell for stealing from me
actually we can, you're allowing him to be stolen from all because he stole your tablet? Anyway, just flash tiamat rom 2.0 and add all of those apps to the "first install" or something folder and be done with it.
Just because he stole something of yours doesn't mean you should be alright with him being stolen from. An eye for an eye makes the whole world blind dude.
Vellius said:
I dont plan using the data my self... I was thinking more like posting the thief details on 4chan or other sites like these and post banking info free on underground sites. I dont want their money.
You cant blame me wanting to turn the life of a thief into a living hell for stealing from me
Click to expand...
Click to collapse
Actually, we can. That's still considered identity theft to a certain extent thus him stealing a 500$ tablet (which may be illegal but no where near identity theft) and then you posting about it in a public forum, thus incriminating yourself. You're pretty open to prosecution now.
Guide: How to haxor anyone that takes your tablet!
Alright, how you want to do this is by taking your left shoulder and putting it infront of you, running at maximum speed, then colliding with a wall. This guide was made to show you, GROW UP AND DEAL WITH YOUR TABLET BEING TAKEN! There are methods for you to be able to get it back if someone does a factory wipe (Tiamats install on first boot folder comes to mind) but aside from that, you shouldn't really have to worry about this, I mean grow up, people have -cars- stolen every day and not all of them have onstar. Deal with the fact your tablet got stolen, file a police report, and cry yourself to sleep. That is all.
OK, this is getting a bit sketchy here. We're not going to discuss how to commit identity theft on XDA, even if the person who steals the tablet is a criminal.
This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?
Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse
I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse
I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.
Thats why I prefer stock ROM
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Ever heard of pdroid? Droidwall?
reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.
This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.
He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.
an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.
I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.
Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.
I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse
Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse
I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.
I'd like to start this thread with the main question I have, if we got all up in arms about CIQ mining our data, tracking our browsing, and all the other oh-so-awesome things it did, why do we not get upset with the OS on the device when it does those exact same things for a profit?
I'm not talking about monitoring everything we do for some vague diagnostic reason, I'm talking about them monitoring everything we do and then using that info to serve targeted ads. We don't like it when our ISP does that in conjunction with an ad company, so why is our smartphone different?
I moved off android when they combined their EULAs into one. And I now use a Nokia N9...it's not the best solution, but it works...mostly.
I'm asking this question here because I want an answer, I'm curious as to why we (consumers) are ok with giving away our privacy to a phone OS when we weren't OK with it from an app? What is the difference?
While winmo 6.1 may be a bloated ass and overall pos of an os, at least it didn't track my every fricken move and report it back to MS.
Please use the Q&A Forum for questions &
Read the Forum Rules Ref Posting
Thanks ✟
Moving to Q&A
hobbiteer said:
I'd like to start this thread with the main question I have, if we got all up in arms about CIQ mining our data, tracking our browsing, and all the other oh-so-awesome things it did, why do we not get upset with the OS on the device when it does those exact same things for a profit?
I'm not talking about monitoring everything we do for some vague diagnostic reason, I'm talking about them monitoring everything we do and then using that info to serve targeted ads. We don't like it when our ISP does that in conjunction with an ad company, so why is our smartphone different?
I moved off android when they combined their EULAs into one. And I now use a Nokia N9...it's not the best solution, but it works...mostly.
I'm asking this question here because I want an answer, I'm curious as to why we (consumers) are ok with giving away our privacy to a phone OS when we weren't OK with it from an app? What is the difference?
While winmo 6.1 may be a bloated ass and overall pos of an os, at least it didn't track my every fricken move and report it back to MS.
Click to expand...
Click to collapse
Any information the OS uses they are open an honest about it in their user agreements. CIQ and the Carriers lied about the data, lied about what they do with it, and continue to lie about it still being there. A company that lies about that information is much more likely to use it maliciously or sell it to someone who will use it maliciously.
hobbiteer said:
We don't like it when our ISP does that in conjunction with an ad company, so why is our smartphone different?
I'm asking this question here because I want an answer, I'm curious as to why we (consumers) are ok with giving away our privacy to a phone OS when we weren't OK with it from an app? What is the difference?.
Click to expand...
Click to collapse
Not everyone is OK with it, that is why there are ways around using android without that data mining software.
Regardless though of that little green android working its magic, you don't think every single phone has some sort of 'security' feature? Even older non-smart-phones?
I guess the difference is that one company does it openly and tells you where the data gathered is going, and others just do it discretely.
mojo22 said:
Not everyone is OK with it, that is why there are ways around using android without that data mining software.
Regardless though of that little green android working its magic, you don't think every single phone has some sort of 'security' feature? Even older non-smart-phones?
I guess the difference is that one company does it openly and tells you where the data gathered is going, and others just do it discretely.
Click to expand...
Click to collapse
What ways are viable without turning the device into a larger dumbphone? Being able to use the chat, maps, and browser are what makes it better than a feature phone. That and the additional applications available, but those are a minor point.
But that second part is exactly what I'm asking about. Doesn't it bother anyone that they are data mining your info and selling it?
Hi
I know that this will sound like another hacked story but I know what to do.
My phone got hacked couple of months back.i didnt know it was untill the hacker started to leave clues. It was then that i started really payibg attention to everything going on. but keeping quiet abort it so that he or she thinks i didn't know
I know of 3 incidents that may have conpronised my security coupled by the fact that I did not practice password hygiene or unique ones for all accounts. I know that its totally my fault and i am not goings to blane Android os. So please dont think of this as one of tjose posts
What i now need is help in understanding what tondo next.
Little details on what happens, lets say i get search for some one on Facebook. The same is Charles smith, I Finish off my search and open Instagram boom i see a pictures where recommended shows a google search page where Charles is written and the Google auto complete is giving options .
Happened twice
I tumlr and I don't really post anything in fact My blog is totally blank. Suddenly i have people followings me and they tend of hame my nick name as their user id .the id displays my WhatsApp status updates.
These and just two examples i have more but i think everyone gets whats going on.
things i have done to prevent such occurences factory formatting the phones mac abd router. Gotten new routers and ready to flash a custom firmware for them.
Password changes .everything.wps2 aes wifi password with random numbers upper case lower case n symbols
Passwords are written on paper without a electronic backup and under lock and key.
I thought that maybe its a key logger but i took my moto x2 n moto e2 to the service center and got them to re load official software.
Two days later bam the same thing.
Any suggestion on where the weakness is ?
The problem is that I am kind of tired if thi
Sent from my XT1092 using XDA Forums
Check account sync settings if it is on more applications can use various private data.
Sent from my A0001 using XDA Free mobile app
i dont understand?
can u explain , i have sync on should I not have it
on different note does anyone suggest rooting and installing something that can isolate and restrict data from being accessed. now i know that exposed does that and marshmallow will work that out. but any other guidance ?
Did you use a virus or malware scanner?
Are there any apps you didn't install on your phone?
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Semseddin said:
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Click to expand...
Click to collapse
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Jaytronics said:
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Semseddin said:
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Click to expand...
Click to collapse
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Jaytronics said:
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Humble apology accepted.
You may not like AT&T and Verizon for their tight stance against rooting.I don't like that as well. They're filling their devices with their bloatware and excluding some very useful features from their customers like hotspot for free. However, Anyone who owns an operator variant of a specific device have already signed a contract with his operator already accepted their terms and that's why they get their bloated and controlled devices for cheaper prices in long term instead of paying full in cash. That said, i see nothing wrong with AT&T or Verizon's policy of keeping their devices locked to death since rooting would take a stake from their business and that was not their agreement with their customers. This is not the subject of this thread for sure. Should add, i see nothing wrong if a contracted owner a device wants to take full potencial out of it by rooting since it is the only way for them to get rid of bs in their devices. This is another discussion, not related to this thread.
I will use the word " regular user " instead of "dope" since nobody have to be knowledgeful about android security. Being someone without a clue of android security wouldn't make them a "dope". I currently sport a Moto Maxx, a bootloader unlockable variant of Verizon Droid Turbo sold in Brazil. I paid about 150$ more just to be free of Verizon Bloatware for the exact same hardware. I could have paid 150$ less and bought a Verizon Droid Turbo but i didn't just because i knew i would have Verizons' bs running in my phone every second. There used to be a time for me when rooting was a must with android because i used to own devices bloated with Motoblur, having low amount of ram and storage as well as unavailbility of disabling/deleting of unwanted apps. Now, i have 3gb of ram and 64gb storage with near Vanilla Android experience with my phone. I asked myself, what the heck do i need rooting for ? The answer was easy : nothing.
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Semseddin said:
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Click to expand...
Click to collapse
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
optimumpro said:
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
Click to expand...
Click to collapse
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Just kiss each other already or dont say anything.
This thread is made by someone who needs help and you two both are taking it off topic instead of helping him. Now out of respect for that user, stop this endless conversation.
Semseddin said:
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Click to expand...
Click to collapse
This is not about respect, disrespect or disagreements. The facts (not opinions) remain: every operating system on Earth provides root or administrative privileges to users. However, it is not given to the same user when he turns to a smartphone. There is no security reason whatsoever why a user has root on computer and no root on a smartphone.
As I have already said, there are plenty of non-security reasons for the above: the main one being to prevent the user from removing advertising junk and spying malware inserted there by manufacturers, carriers and software providers. Kids love it (above three) and Mother (NSA) approves...
Every argument against root invalidates itself when applied to computer OS: remember the user is the same.
@its the peanut
Please stop patronizing. This is a security discussion thread and we discuss security, which is beneficial to the poor guy, the OP... :silly:
Semseddin, what do you do to stop fastboot?
rooting and knowledge go hand in hand, the OP states device is rooted, but sounds like hasn't got the interest to know what's behind the process. that is why we don't have the slightest piece of evidence that his device has been compromised. just the users opinion that it has.
having su and adb debugging at least allows them to logcat.