Guys,
I think everyone nowadays is quick to judge Android and Google for fragmenting the OS with multiple (4) versions but I think it was a necessary for success side effect. Without the humongous push that Google has done with Android, it wouldn't have been where it is now.
If you haven't heard, Google shared its plans to battle fragmentation which I mentioned as well.
What do you think? Do you think if Google slowed down back then (1.5/1.6), they would have ended up with Android that is as awesome as today?
Right now, Google has set up Android with a low-end version (1.5/1.6) and a high-end version (2.0, 2.1) and the market is sorting itself out. I think the two options were to fragment or be unsuccessful. With the fragmentation comes some issues, but it also comes with a wider range of devices that are capable of running it, which pushed it's popularity. Fragmentation can be easily solved farther down the line when Google takes the updating into it's own hands and stops letting carriers and manufacturers screw with everything.
In the end, we'll see Android itself being updated via the Market, I'd bet.
thats why google is releasing separate packages for the awesomeness theyre releasing from now on. the browser, ui kits, etc will come in separate apk's on the android market so you can have fun with whatever kernel and not be binded to the manufacturers limits. at least thats what the article today from engadget said.
I have been consistently wanting a viable video editor / movie maker for android, and finally there's some hope.
- Background: My work phones have been iPhones for several years, and I own a personal iPad 2. Currently iOS is in a different league, above Android, when it comes to video editors / movie makers (yeah, I said it...). There is nothing comparable to Apple's iMovie on Android (nothing that is multi-platform, that is). I know there have been apps by individual vendors (Samsung etc.) that only work on their hardware, and even then, there were buggy (I have the Samsung app, and it has a lot of issues).
So, the good news is, I Just came across this tonight - http://blog.wevideo.com/bid/272187/W...pp-for-Android
It's a new app called WeVideo (just released, so it's still in BETA), and it's pitching itself as an iMovie-like editor for Android, with some cloud-based features and other differences, but what's important as it appears to provide full "movie making" capabilities across various Android devices.
I just tried it out and it works well, with a few oversights like:
- No transition control
- No volume control for music tracks
- No local storage of published video (not that I've found anyhow)- This is its biggest drawback IMO
But with the app being brand new and in beta (AND FREE) I'm hopeful that community feedback will sees this things are addressed.
So for now, if you don't mind using their simple theme, and don't want to include your own music, it works pretty well.
It's also nice that it supports publishing of your videos directly to YouTube, despite not exporting to sdcard etc.
not supported on my device
c3n_dhol said:
not supported on my device
Click to expand...
Click to collapse
Be patient. It was literally just released. Their website states that additional device support is under development.
Developers have to know that there is huge demand for a working movie-making app for android. I'm really hoping that this one pans out. I know many people who would be willing to pay a decent fee for such an app.
Works for my i717.
:beer:"We can't stop here! This is Bat Country":beer:
Downloading feedback later
Sent from Qarth
Looks very promising.
Sent from the Mars Rover.
I don't own a smartphone yet, but I'm thinking about getting an Android phone soon. It will be my first smartphone. I’m also new to XDA-Developers. Please help me, as I have questions about Android security and though I’ve posted this message to several other web sites--android.stackexchange.com, Quora.com, and Reddit--no one has answered all of my questions completely and thoroughly. I’ve only gotten short responses that are a few sentences long and only talk about one or two things. I really need more help than that, and I’m hoping that I can get it here!
I know that this message is long, but please, if anyone can read through it and then try to answer all of my questions, I would REALLY appreciate it!
Here are my questions.
1. Is Android’s stock browser updated directly by Google, or do updates to it have to go through phone manufacturers (Samsung, HTC, etc)?
2. If I buy a phone that runs a manufacturer-customized version of Android, such as the TouchWiz version of the S4 or the Note II, will keeping Android’s stock web browser--as well as any other browser I choose to use--up to date keep me safe from web-based exploits, even if that phone’s manufacturer is slow to deliver updates? (Edit: I want to add that I'm interested in technical details.) By “updates” I mean updates to everything provided by or customized by the phone’s OEM: the customized version of Android, the manufacturer’s pre-installed apps, etc. (Edit: what I'm asking here is whether the OS needs to be kept up to date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date, whatever web browser it is).
3. I have read that OEMs are often slow to update their devices, and because of that I have limited myself to only looking at Nexus devices and Google Play Edition devices. But I really need to know if I SHOULD limit myself to Nexus and GPE devices for the sake of web security. (Again, I'm interested in technical details.) I don't want to buy a phone from a manufacturer that takes months to release security updates, leaving me vulnerable to web browser exploits and malware in the interim. But if I am wrong about ANY of this, please tell me so, because I would like to be able to consider devices that run manufacturer-customized versions of Android, such as the Touchwiz version of the S4 or the Note II (or maybe the future Note III).
(Edit: the answer to question #3 would depend on the answer to question #2; if the answer to #2 is ‘no, the underlying OS does not need to be kept up-to-date to protect you from web browser exploits’, then I guess the answer to #3 would be that I can consider buying a device that runs a manufacturer-customized version of Android that won’t receive OS updates as quickly as a Nexus does. If, on the other hand, the answer to #2 is ‘yes, to protect yourself from web browser exploits you need to keep both your browser AND your OS up-to-date’, then I guess for maximum web security I’d need to buy either a Nexus or a Google Play Edition device.)
4. I’ve read that in-app advertising can be a security risk. I’m really hoping that someone here will explain this to me. (Edit: again, I'm interested in the technical details, but keep in mind that I'm new when it comes to smartphones.)
I’d like to add a few comments:
1. I will only get my apps from the official app store--Google Play--or maybe Amazon.com’s Appstore for Android.
2. I'm concerned about web security and in-app advertising.
3. I don't plan on rooting my phone. I'm not saying I won't, I'm just saying that I don't plan on it.
1. Only nexus devices are updated directly by google. Even htc one Google edition will be updated by htc, so as the browser since it's a part of the software.
2. Manufacture updates are slower than Google. Most of the good apps available should receive updates and solve security issues.
3. If you want to disable advertising then use adaway, notice that you will need root.
1. The stock browser I believe does get updated when the OS is updated. I've read about people getting OS updates to find the stock browser is then faultering and assume this then gets updated. The update of the OS is usually done by the device manufacturer unless you are using a custom rom. Whomever creates the rom used on the device, is responsible for the internal updates for it, to whatever level they wish to support it. I have read that google don't mainstream care about the stock browser as they are pushing Chrome for the win and a separate team deals with the stock browser.
2. The world and his hedgehog are not safe from hack exploits. The quality of protection out there in any sense is mirrored by the quality of hacker. If you have a crap security level, any old hacker can exploit it. If you have the worlds most renowned secure, then the best hackers will break in at some stage while the wannabe hackers struggle to threaten their way out of a paper bag. However with some people, they need gold bullion and jail style security while others wonder why they need it. People can recommend you do this or do that, and some recs are excellent while others are not quite but almost hilarious but at the end of the day, if a child can hack into high security places, our devices are not so hard to get into. That said... we can run paranoid while there may be no threat at all. If you are concerned, just be careful of what you do with your device. Myself, I use it for every day communication and have not yet used a credit card on it with no real need to.
3. Even the greatest have not updated their OS. The Motorola Xoom promised one from purchase yet people were moaning long after the stock sold out that it never came. Granted it surely must be true that certain companies are quicker to advocate update releases than others. But the higher paying vs the cheap low end thing isn't something to run with either. I have a very cheap quad core tablet and that has just had a firmware update from last week and as far as I can see, it's an almost brand new device, market wise so it seems the update from them was fluid. Again, that said, the updates seem to be more about the OS running well, with the hardware and app capabilities than security although I dare say there are some inevitable security fixes in there too. My quad tablet was sluggish to some extent and a bit crashy but so far, it is fine after the update although I have only done it a few hours ago... everything me and the kids have tried, has either worked better of been flawless. No sign of lag yet anyway.
4. In-app advertising can be dangerous for a few reasons i guess. but the reality again, is I think any file can have dangerous code attached and configured in a way that the OS or security cannot smell it. Of course there is the ability of spam links to scam sites. There is also false flag things that are or maybe are possible too. For example, using x file with y file and requesting a cup of tea from z file can make a security team think your couch is about to disappear and your granny is about land bump on the floor, when indeed an app just wanted to execute a command using an ancient method of pressing Q. This is something I learned in windows based operating systems where using certain dll files with certain other files can trigger an alarm, as innocent as the intentions were. I built a website not so long ago and called some iFrames in that had no < head > or < body > tags. the pages worked perfectly but some chinese company employed to protect a british isp flagged the site as a security risk and blocked any visitors from viewing it. Thankfully, long gone are the days that visiting a website would fry your motherboard.
On your remaining comments.. seems like wise advice as of course there are scammers out there who will give your granny that bumpy ride off the disappearing couch onto the floor or steal your account and all those types of greed based madness which is a shame because it ruins the experience of say if a friend is trying to build an app and they ask you to give it a go, you are somewhat rightfully not willing to play ball.
FYI I have been around computers for a long time but am by no stretch of the imagination an android expert at all. I hope what I have wrote above is helpful and not by any means, wrong. I have not long posed the question about rooting and security as I do not qualify understanding the realm at all. I dare say it is a huge question, to some extent.
Also, security risk aside as no smartphone tablet or computer escapes that realm, Android for me is the best device, then IPhone, then Windows Phones, then Crapberry. I would never purchase the latter three.
Hi codQuore,
Thank you for your responses to my questions. I need to clarify two of my questions in my original post. (I have edited my original post to include these clarifications.) In question #2, I was attempting to ask whether the OS needs to be kept up to date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date (whatever web browser it is). In question #3 I asked whether I should only look at Nexus and Google Play Edition devices for the sake of web security, and the answer to that would depend on the answer to question #2; if the answer to #2 is ‘no, the underlying OS does not need to be kept up-to-date to protect you from web browser exploits’, then I guess the answer to #3 would be that I can consider buying a device that runs a manufacturer-customized version of Android that won’t receive OS updates as quickly as a Nexus does. If, on the other hand, the answer to #2 is ‘yes, to protect yourself from web browser exploits you need to keep both your browser AND your OS up-to-date’, then I guess for maximum web security I’d need to buy either a Nexus or a Google Play Edition device.
What are your answers to those two questions?
Truth_Seeker1 said:
What are your answers to those two questions?
Click to expand...
Click to collapse
At a guess I would say, for browsers that are built in to the OS, there will be two ways this can update, via the OS update and independently. The OS update would be a total OS replacement that is not automated and you would need to use a built in checking feature (if available) or manually check yourself periodically. Browsers that you add yourself will be offered updates from notification unless the ability to auto update is allowed then it should happen seamlessly of course letting you know. Google "android chrome update" to see something along the lines of what the update history shows.
Yes, you would want to update but I would recommend having a read first as on any computer device, an update can be flawed or give more problems than it's worth. Although more often than not, an update should be an improvement on performance and stability and of course for security.
If you are working blind, then do an update and assume security improvements are happening and go for it. If not, then you will know what is happening. I have never gone to the lengths of checking an update list before updating for android, but with pcs I do depending on what is updating, check what the update is worth and how people are getting on with the update. I did beta testing for years (hence the knowledge of flawed updates and reluctance to do the updates) so for me it's one of those do you risk it scenarios.
Sadly as I said above, we are never safe from hacks but with some hindsight and genuine attempt to protect, we are safe from the majority. For me it's 90% "what are you worried about?" and 10% "I don't blame you for being paranoid!"
As for the preference of buying google branded devices, the foundation of an android release is surely never set for these devices "out of the box" so to speak. I would assume that the team who look after these devices have the same process of having to streamline the OS thereafter before they can release it for their device update. This is somewhat proven by people wanting to put a custom rom on their Nexus and such. For some reason, people aren't happy with the normal rom and want or need to replace it. naturally, it is easy to think a nexus device for example, is closer to home and should by rights get updated a bit quicker than my Ampe tablet but in some respects I think this could be a bit of swings and roundabouts, again depending on the company and their apportioned team force to output the update. Yes you should be better off with a more directly linked device, to google but in my opinion, the concern is not a great one. You would be better off thinking about your budget, what you can save and ultimately do with the extra cash alongside the knowledge of which devices and companies actually do spend an effort on looking after them.
I'm in no position to afford these devices and if I were, I would rather throw my money in the bin (or spend it on my loved ones) than give it to the highest bidder.
So in the end, yes updates are 99/100 important and should be done. Be careful of what you browse and do all secure data passing before you go out on the internet highway and risk getting robbed. It is probably safer to "remember my password" to avoid future keysniffers than worry about indepth data mining. Of course, anyone can give you a sniffer but data mining is more clinical, I would say.
Finally, i wouldn't worry about these things too much but as concerned as you are, do some research. But do remember that in one hand, the UK government said "the internet isn't safe so we don't use it" yet on the other, the majority of secure usage is 'watched' by paid professionals for banking and such and is alot safer than you may think aswell as protection for credit card fraud and such.
Thanks again codQuore. I understand your point that there is no such thing as 100% bullet-proof security, but I still need to know whether both the OS and the browser need to be kept up-to-date to protect against web-based exploits, or is that accomplished solely by keeping the web browser up-to-date (whatever web browser it is).
You are most welcome, TS. I would say generally yes, to both, to be on the safe side. I'd like to guarantee the OS update will update the browser if it has been updated in the update and that the browser can be updated on it's own. However, I think I am right in saying you have to check for OS updates yourself and the same for certain apps whilst some apps will auto offer the update. You may be able to force this auto update for all apps, but how this is done per different version of android, escapes me. I do remember seeing the option come up after a factory reset or buying a new device and running the first time setup of playstore and such. There's an option for it somewhere. but I don't think the OS itself offers an auto update, it has to be checked for, in my experience. I have just done my tablet and it required installing some software on my pc from the tablet manufacturer and getting that to update the firmware/os. It was a 525MB download and everything was in chinese lol. I managed it with the help of google translate but it also helped that I had previously done the same thing on a t-mobile vivacity for my daughter after her OS died and got stuck at the rotating t-mobile logo on first boot.
It is essential to update but across the board it's not majorly important to check every minute, so to speak. You'll be fine. For the record though, my quad core tablet cost £70 from singapore and I knew I was taking a bit of a gamble but was protected by returns if all went wrong and get my money back. A similar tablet is something like £120. I plan on doing the same thing for my next phone upgrade too... but I don't have a contract phone running, I am on pay as you go and all I use is internet, no calls. Incidentally, I pay £20 for 6months net from t-mobile and the only limit is 1gb per month on video. when that expires, youtube and such stops working, some video sites carry on and everything else, FB mail, tethering, ftp via pc and stuff, all still works. I have even streamed radio from my android phone, flawlessly.
codQuore said:
I'd like to guarantee the OS update will update the browser if it has been updated in the update and that the browser can be updated on it's own.
Click to expand...
Click to collapse
LOL, I had to read that sentence several times in order to process it because you used the word "update" so many times :laugh:
If I remember what you said earlier, I think you said that the stock browser doesn't get updated on its own, but only as part of big OS updates? So it won't receive security patches as vulnerabilities are discovered, and won't be updated until the next version of Android arrives?
If this is true, then I'll use a different browser. But even if I use a different browser, is code from the stock browser used in other things, meaning that it is STILL a security risk if it isn't kept up-to-date?
It also occurred to me that if an OEM is slow to release OS updates for its phones, will it be just as bad at keeping its pre-installed apps up-to-date, and if so, does that pose a security risk.
Haha, looking back I can't believe I wrote that and am wondering if its a valid statement. I'll leave it for someone else to contradict lmao.
The core of the os and apps that run built are updated I guess separately and together. EG, say the browser gets an update to 1.1 the next update of the OS will most likely carry that updated version but if it doesn't it should still offer an update after you hit the playstore setup. naturally, these apps use core parts of the OS and i think some updates for apps will carry their own additional bypass of outdated os core, where applicable. That said, the bypass could be more secure in one sense and less secure in another. I'm guessing this is even possible. One thing I am yet to see, knowing how windows and linux works a little, is android have to update x- because something app wise has been installed that requires it. Alot of software on windows, requires things like framework to be added, linux is or can be the same.
The chances are you will be 99% secure in any event. The core defence for mobile phones is the phone companies themselves as that is in the realms of trillions of dollars at risk. They've been cracked before and they know it, so there is some possible reassurance for the devices, from that angle.
So, I just found this thing called Flare Play at goodwill for $6. I didn't know anything about it and wanted to learn more, but it turns out that the cable provider, Cox Communications discontinued the Flare Play services, including all near all youtube videos for it, the official website and the facebook page, leaving next to not information about the system at all.
What I was able to extract from the internet is that it was apparently a game streaming service. When it was first released, it was priced around $80, which isn't too bad when competing with onlive and others back in the day. Though, there was no word on how much the streaming cost per month.
So, with the service discontinued, I wanted to see if there was a way to hack it. It might work off of a type of android software, but it could also be some for of raspberry pi. The model number for it is F1G1001
FC11001
Service number is FGM1505A00414
If anyone has anymore information about this, or has worked on this type of thing and has a nice little hack so I can install android apps to it, let me know!
What it looks like: https://i.imgur.com/FZ9aDvg.jpg
This might seem like a really weird topic to some but its becoming one that I feel will benefit many in discussing:
Since 2010, I've remained on the fence about Google and to a lesser degree Samsung and Apple. Some days I'd wake up and they would be the company I LOATH and HATE because of some thing they did that had bad optics (Hello Google's purchase of Boston Dynamics). Other days, I'd wake up and think they were the best company in the world because they did something that really pushed the envelope of technology or did something that had fantastic humanitarian potential or something that was just genuinely felt altruistic in nature.
As time went, those days of "evil" creped closer in to being the daily status quo and those altruistic events have been diminishing. 2016 marked the year where we saw a huge uptick in the unethical usage of data Google and companies who could claim close affiliation (either by direct partnerships or making use of their technology) began to absolutely abuse the information they've gathered on us over the last 10-20 years depending how early of an adopter you were.
Events such as PRISM, Harvard Analytical and Fusion GPS all illustrated the unethical use of data gathering techniques and has inspired the application of the Jellinik Curve and other addiction methodologies into applications.
It's been my goal in 2019 to get myself as much out of this "game" as possible. The big realization I had a number of years ago (which, I'm sure many others have had) is that if you aren't paying for something with money, you are paying for something through some other means; usually through information. This doesn't necessarily preclude that paying for something means they aren't ALSO doing stuff with your data too to some nefarious end (Hello False Dichotomy).
After all this background, my usecases are pretty simple:
- Any application I use on my phone has to be front someone or someplace (company) that, with some research, seems like they have ethical standing.
- My information going through their network needs to be encrypted in some way. Obviously the higher the better within operational tolerances (IE I doesn't bog down the equipment into unusable).
- It has to be cloud based with the same information being accessible across multiple devices.
- A mobile webapp is highly welcomed (it's harder to mess with your on phone data if you can use a webapp as opposed to an APK, but, of course that comes with usability and potentially security problems).
Insofar, I've tested/played with the following apps that are starting to become my daily drivers.
- Protomail to replace Gmail. (paying for yearly subs)
- Timetree to replace Google Calendar (Still not sold on this one)
- Cryphon to replace Hangouts/Messaging (kind of, sort of)
- Waze to replace Google Maps (Sure, Waze is owned by Google now, but its lacking some the issues --- I'm very open to another long term solution)
The one that's personally killing me is Google Voice. It's been my daily driver since 2008. I have 8 different Google Voice numbers I use for various things.
- 1 is for personal
- 1 is a "business personal"
- 5 are for business
- 1 is a spam line
I can't find any solution to Google Voice that allows for the number of phone lines without it costing an arm and a leg.
All this said, I'd like to see what the XDA community thinks about this topic in general and what app suggestions people may have.
At the end of this year, I'd like to be at a place where I can use an Android and have absolutely zero Google apps installed (including Play Services).
99.9%+ of people don't care about going non-Google. Even after many privacy abuses over the years. Even after a Play Store filled with 99.99%+ adware, trackers and malware & where clean apps are the very rare exception rather than the norm. Most people simply don't care about this stuff. Congratulations on caring enough to make changes.
Google is a filthy company, much like Microsoft and Apple. CIA /NSA partners. No different in other countries. You get exactly what you expect from such State Mafia pairings. Android only gets worse and more restrictive as time goes on.
F-droid.org for all open-source apps that aren't reliant on any Play Store spyware. F-droid.org forums for any help. Probably the best way to start on your journey. I use Osmand on the odd occasion I need GPS. It is OK. I am looking into hosting my own ejabberd server for chat. I have some way to go...it's all new to me.
Removing as much Google spyware on a new device (after rooting) is essential, IMO (If not flashing with new Google-free firmware). That means all the stock Google apps and more - gone
https://www.youtube.com/watch?v=S0G6mUyIgyg
https://qz.com/1145669/googles-true...nd-nsa-research-grants-for-mass-surveillance/
https://exodus-privacy.eu.org/en/
I feel like over the next few months we're going to start to realize this as a society, especially as we close into the 2020 election in the US and Directive 13 and 15 close closer in at the EU.
To me, its important to get ahead of the game a bit.
Ideally, from my perspective, I don't see the need to have the newest phone on the market. This ecosystem has taught us that we'll see a new product every year no matter what but that newest product will always interface the buyers as abused beta testers. The technology never seems to be good until the a generation or three later.
That being said, a phone a few years back usually has a good development group around, especially thanks to XDA.
Besides dealing with the information that's on the company's servers, however, I have a learning concern that even inside Android, without GAPPS installed, there is still some potential for abuse of person's information stepping from the various repositories designed for call logs, calendar, GPS data etc that, in theory, every Android going back to 1.0 has.
Part of my hunt for good apps are ones that don't rely on that underpinning technology.