For over a week now I keep reading this on ChevronWP7 Labs:
The sale of tokens has been put on hold until more arrive, thanks for your patience.
Is it just me or is there a recurring problem with the Tokens?
It's alright if InteropUnlock gets fixed, thanks to some very hard work by Heathcliff and others....
But if I can't get ChevronUnlocked because they aren't giving out 'tokens' , well that's just annoying really isn't it?
Any one else having these issues?
Not good communicator
Not only that, but they don't reply to postings in their forum. If anyone posts a question, they might, on rare occasions, get an answer from another poster. I have to say that I am unlocked via token and appreciate that, but as far as being transparent and keeping people up to date, these developers are doing a very poor job. There are requirements to use this service that appear no where on the site other than pointing to the forums or twitter, they do a horrible job of setting expectations and, in general, are not setup to provide customer support.
Looked again today and still no tokens..
Did they close down and not tell me or something?
well better flash a DFT unlocked ROM than to trying to Unlock, its far better, u can install xap files using IE9 within WP7.
maybe they lack of manpower.
I'm also waiting for a week or more, checking several times every day.
So anoying that they are not selling tokens
December 12th?
They tweeted on their web site that more would be available December 12th.
A thought occured to me that MS might be clamping down on the release of these (they have to allow it with Chevron). The intent of these tokens was to allow people to play with app development and NOT allow a method for getting Interop-Unlock.
If MS is following any of the MULTIPLE web postings on how you can IU your phone but need to be Dev or Chevron unlocked first they probably don't care much for that (MS does not want people accessing native code and registry; that is apparent from the lock downs 2nd gen devices have plus the continued clamping down they have done with each new generation).
I wouldn't be surprised if
a) They stop issuing tokens
b) They revoke tokens (and give refunds)
There has been too much publicity on using the Chevron tokens to open up your phone to allow the various Interop-Unlock methods to be used.
LiFePo4 said:
A thought occured to me that MS might be clamping down on the release of these (they have to allow it with Chevron). The intent of these tokens was to allow people to play with app development and NOT allow a method for getting Interop-Unlock.
If MS is following any of the MULTIPLE web postings on how you can IU your phone but need to be Dev or Chevron unlocked first they probably don't care much for that (MS does not want people accessing native code and registry; that is apparent from the lock downs 2nd gen devices have plus the continued clamping down they have done with each new generation).
I wouldn't be surprised if
a) They stop issuing tokens
b) They revoke tokens (and give refunds)
There has been too much publicity on using the Chevron tokens to open up your phone to allow the various Interop-Unlock methods to be used.
Click to expand...
Click to collapse
I wouldn't be surprised if that's why 7740 update come out of no where all of a sudden.
I don't think that MS is putting the kaibash on token sales. You didn't see the tweets?
For all other issues, please email us at [email protected]. The PayPal dispute process is not for tech. support. ^RR
29 Nov
We're working on switching payment gateways prior to re-opening token sales. Possible ETA: December 12. ^RR
29 Nov
Good news, we're switching payment gateways soon. This means those having trouble with PayPal won't have trouble anymore. ^RR
21 Nov
Click to expand...
Click to collapse
They're like, a three man-team overwhelmed with a tsunami of unlockers who've been waiting for this, and lo-and-behold, there are: a) technical issues they didn't anticipate with different phone models/versions and worse b) clearly real problems with managing payments/purchases and customer service/payment support.
So they were probably naive about how much work it would be to deal with people who have trouble with their unlock. People doing things like: issuing a chargeback to Paypal (who not only reverses $9, by the way, but then hits then with another $10 'dispute fee' no matter the outcome... and eventually does massive fund freezes without explanation or recourse. Anyone who's used PayPal for any but smallest, least-refund-prone business has been there.) If they'd never undertaken something like this before, it wouldn't surprise me that they hadn't anticipated those types of problems beyond the technical.
Assume they're trying to get a merchant account opened.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
whyJoe @ChevronWP7 I'm guessing what's going on is you guys have also discovered how much #PayPalSucks. / @ChrisWalshie @longzheng @paypal 7 minutes ago
in reply to ↑
@WithinRafael @whyJoe @ChevronWP7 @ChrisWalshie @longzheng Yep, and how slow banks are.
Click to expand...
Click to collapse
Chevron token is frozen, tried to contact them no reply, haven't seen any info on what to do, and links?
Related
CRC1 patch is hitting the interwebs. Notable Android hacker JesusFreke issued the following update on his blog for those running JF1.51 US/EU builds:
http://jf.andblogs.net/ said:
OTAs in JFv1.51
July 19, 2009 If you are on the US or EU versions of JFv1.51, you’ll likely get an OTA update notification soon, if you haven’t already. I had accidentally left in the otacerts.zip file, which allows OTAs to be downloaded and verified.
For now, there are a few possible work arounds.
1. delete the otacerts.zip file manually. The file is at /system/etc/security/otacerts.zip But keep in mind if you use this method your phone will continuously re-down the OTA and try to verify it, which is bad on your bandwidth usage and your battery life
2. Replace /system/build.prop on your phone with the one from the ADP1 version of JFv1.51
3. chmod 000 the OTA file in /cache (unconfirmed solution, but is likely to work)
Or you can ignore the popups for now, and wait for my new release based on the new update (CRC1). I promise to “disable” the OTA mechanisms in a better way than simply deleting otacerts.zip
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
. I should be able to get something out soon (next few days)
In the meantime, even if you accidentally hit “accept” on the popup, it won’t be able to install the update when it gets into recovery, so you aren’t at risk of losing root access.
Click to expand...
Click to collapse
thank god, or should i say, thank jesusfreke
nice cant wait till the new buil is released thanx JF
Thanks for keeping us abreast!....
thats right i said it... abreast.
finally!
the freke himself has graced the masses! I feel bad i switched to cyaogen.... i guess i can maake it up to JF with a donation
pistol4413 said:
the freke himself has graced the masses! I feel bad i switched to cyaogen.... i guess i can maake it up to JF with a donation
Click to expand...
Click to collapse
Why do you feel bad? You're not betraying anyone as you're not obligated to just one dev. I appreciate all the devs out there, equally.
all in the family
no need to feel bad; CyanogenMod is a DF derivative
I wonder if he will make it support ext3
DOHCtor said:
Why do you feel bad? You're not betraying anyone as you're not obligated to just one dev. I appreciate all the devs out there, equally.
Click to expand...
Click to collapse
I know I shouldn't, but that's just the type of person I am. When I like something I become loyal to it weither it be a certian Rom or dev, or just something in general I guess. I call it loyalty some people call it being close minded
pistol4413 said:
When I like something I become loyal to it weither it be a certian Rom or dev
Click to expand...
Click to collapse
This kind of mentality can breed what is affectionately called "fanboyism".
Can breed, doesn't have to breed. Like I stay loyal to JF because I'm not a fan of roms that contain many ported apps. It's mostly bloat to me, as I don't need to take advantage of it all.
Cyanogen's roms would be interesting to give a try to sometime down the road. But I'm happy on my JF ADP build, it's close enough to stock (without the bloatware the US builds add in) to be compatible and runs light enough to work snappily.
"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."
The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices. Another pair of SMS bugs in the iPhone and Google's ( GOOG - news - people ) Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.
The new round of bugs aren't the first that Miller has dug up in the iPhone's code. In 2007, he became the first to remotely hijack the iPhone using a flaw in its browser. But while that vulnerability gave the attacker a similar power over the phone's functions, it required tricking the user into visiting an infected Web site to invisibly download a piece of malicious software. When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month. ("See: Hacking the iPhone.")
sourses
http://gizmodo.com/5325703/iphone-s...llow-every-iphone-in-the-world-to-be-hijacked
http://www.forbes.com/2009/07/28/ha...direct-gri.ms&utm_content=bookmarklet-twitter
i guess this is what that CRC1 patch was for
JF must be cooking up something real good because he's taking quite a while to release the CRC1 roms. I can't wait...
DOHCtor said:
JF must be cooking up something real good because he's taking quite a while to release the CRC1 roms. I can't wait...
Click to expand...
Click to collapse
yeah wish he would give us an update, if he's not going to release anything then i'd like to know so i can think about changing to someone else firmware.
The reason I ask is because I found a big one. Well for MS it's big. It allows for an end user to 'buy' apps/games from the on device marketplace without actually paying anything. The app purchase appears in your history and can be redownloaded at anytime just as with any legitimately purchased app. This can all be done on an unmodified device pretty simply and if the device is dev unlocked it can be done REALLY easily. Sadly this doesn't help any of us in the interop/full unlock area as it has more to do with purchase validation than code validation.
I would say ask Microsoft. But you should turn it in regardless, not because of morals but because it could hurt our ecosystem/chance of WP success if someone with the wrong hands found it. Plus since your a recognized dev I'm sure you wouldn't like your work getting stolen
He-he, MS marketplace scheme is full of bugs but I don't think they will pay you something.
Good example is ChevronWP: for their great and early find MS "paid" (actually just let 'em do the job) for $100K total, it means one year job (OK, may be a moonlight job) for each team member for $30K? (Don't forget: they prepared some backend, payment system, databases etc. etc. etc - lot of pain in the a$$)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
C'mon, you may earn that money for pizza delivery!
BTW, nice find, good job, congrats!
P.S. voluptuary, if you have some direct MS contacts (4 example, your MS evangelists, or some MS insiders - middle level managers or developers etc.), try to contact these guys first.
I don't believe MS has bug-bounties for external finds, though you could always try negotiating with them (I don't recommend it, they may get litigious if they think you're trying to extort them). They do however generally deal fairly with external finds (i.e. if they don't think you're being abusive and are acting in good faith, they'll be appreciative unlike some companies which would immediately unleash the lawyers).
I'm with @jeffreygtab on this, also; anything that makes app piracy really easy needs to be dealt with for the good of the platform. Android frequently loses notable devs who don't want to deal with an unreliable market. WP7 doesn't need that kind of bad rap; it's hard enough just getting the market share.
The implication that it can be done without having dev-unlock is interesting... and a bit scary. That needs to be patched immediately. MS knows that some dev-unlock is used for piracy (that's why there's the 10-app limit by default) but if it can be done on a dev-locked phone, that needs to be fixed immediately. It's also going to be easier for somebody unscrupulous to repeat this now that they know it's possible.
Agree 100% with GoodDayToDie! So, voluptuary, please try to keep your find in secret and do not share with anybody (including recognized developers and friends from XDA), it's kinda dangerous (GoodDayToDie is 200% right). If you want and don't have direct contacts in MS, let me know, I can try contact my guys ASAP. PM or email me.
Thoroughly impressed that you guys have the foresight to see this for what it is, as opposed to just extorting it for personal gain. Truly shows where your hearts lie, and it's refreshing to see.
The three of you are a credit to the WP7 scene here, even if it's just in the eyes of a rookie Mod
I tip my hat to you.
He-he, from my own experience. In 2006 I've found (accidentally) a very critical vulnerability for ALL Microsoft operating systems: from Windows 95 to latest Vista or Windows Server 2003!
That simple Pascal code (but can be C or whatever; also you'll never suspect something wrong in this code!)
Code:
program reboot;
uses
windows;
var
pData: pointer;
Info: TBitmapInfo;
Width, Heigth: dword;
ImageDc: HDC;
Bitmap: HBITMAP;
begin
Width := 640;
Heigth := 480;
ImageDc := GetDc(0);
Bitmap := CreateCompatibleBitmap(ImageDc, Width, Heigth);
GetMem(pData, Width*Heigth*8);
ZeroMemory(@Info, sizeof(TBitmapInfo));
Info.bmiHeader.biSize := sizeof(TBitmapInfo);
Info.bmiHeader.biWidth := Width;
Info.bmiHeader.biHeight := Heigth;
Info.bmiHeader.biPlanes := 1;
Info.bmiHeader.biBitCount := 32;
Info.bmiHeader.biCompression := BI_BITFIELDS;
GetDiBits(ImageDc, Bitmap, 0, Width, pData, Info, DIB_RGB_COLORS);
end.
(I'm publishing that code 'cause issue already resolved by MS)
causes immediate crash of any MS OS and push system to reboot, even without BSOD! If you have a MSDN 2005, you can easy reproduce that bug.
But... I wrote 5 (five!) emails to MS until issue wasn't resolved (at April 3-rd, 2007). Try to guess, how I was rewarded? Yep, for a real hacker "sorry" and "thanks" from the Microsoft Security Response Center stuff is best award
I never intended on sharing this with the dark underworld of the internet since it has no real use aside from piracy, but I had just read about Google's bounties for bugs so I figured I'd ask. I have to do a little more testing to make sure it's not just a backend glitch with my account but after I know for sure I'll submit a report to... someone. I'll figure that out later too.
as far as I remember there was a glitch with apps purchased and cancelled right away...someone posted here months ago something about an app that kept on reinstalling.
Glitches like these are like CC errors you see published on news papers...even if you WILL explain it, M$ will remotely erase it once they realize that there's no dineros paid...
As for piracy, only a few words: sideloading due to custom ROMs,wp marketplace, Milkman, Navigon, Nokia Apps...even running Tango could be seen as piracy; piracy is like a BJ, it depends on which end you are.
Anyway, congrats on your clean WP roms, no pun intended, they are awesome for being clean of skins and icons and so on.
Ahaha, nice find @sensboston. I once went to MS talk where they were discussing some piece of Windows malware they'd dissected. They discussed the various exploits it had used, and at one point during the talk said something like this:
"... so for the next part it exploited a vulnerability called Win32k.sys - I mean, a vulnerability in Win32k.sys - to access the kernel..."
Win32k.sys is where all the DIB stuff, among other things, lives. It's a huge mass of very high-performance code that runs in kernel mode to avoid even the (trivial, these days) performance hit of a ring switch... but it's also very old code (the oldest parts are from the mid-90s) and apparently every time they have to fix something in it there are a bunch of regressions due to the change, so apparently the Windows team is scared to touch it...
I don't know anybody on the WP7 team, but I do know some people at Microsoft if you want me to put you in touch with them. Do verify the bug first, of course, but I suggest doing so with free apps if possible...
I am just posting this, wondering if anyone has run into a similar issue, I have looked high and low, on multiple forums and have found no one with a similar issue. I am fearing that my only recourse is to make a new Google account, solely to use these features. Would anyone have any idea on how to contact a Level 2 Support or Engineer, or someone within the inner circle of Google to contact them about this issue? Or might know of another way to go about reporting this bug so that it receives more Public Attention than getting swept under the rug? Now, I would like to say, this is completely a Google Server side issue, not a client side issue (this happens on multiple devices, and only one account.) But, again I haven't gotten any more information back other than:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Which is mildly aggravating as the ticket has been open for about three weeks now.
Around June 26th, I attempted to request a Google Wallet Card, and ever since then, my Wallet Account has been in a relatively broken state. I am able to purchase apps using my debit/credit card or bank account but I am having the following issues:
What I can not do:
Use Tap to Pay
Use Google Wallet Gift Cards
Use Google Play Store Credit
Use Google Opinion Rewards
Send money to people via gmail
Pay for applications or IAP's using any form of redeemable currency through Google (IE: Gift Cards, etc) *Note the other entry above means that I cannot add gift cards and other services to my account.
Change my country as a troubleshooting method, as I have more than $10 US Dollars in my Google Play Credit/Wallet, even though my Android app says differently.
What I can do:
Add bank accounts to Wallet App
Add Debit/Credit Cards to Wallet App
Add Loyalty Programs to Wallet App
Since that day, I have opened up a support ticket and after about a week of talking with Level 1 support, that has been sent up and escalated to the Engineers Group with a known internal Known Issue ID. They told me that it was not a user error issue (obviously, I knew that from the start of this entire ordeal) and that it was completely server based. However, I am unable to get more information regarding that Bug ID/my ticket as in:
How long has this been a known issue
How many other people are experiencing the problem
What is being done to fix the problem
What is being done to isolate the problem
So on and so forth, basically any information besides "the engineers are aware of the problem." I have called about every four days hoping for an update to the issue and not receiving any, because I have a decent amount of cash right now stored as Google Play/Store credit that I am unable to use, and because I would like to use Tap to Pay.
Because of this, I am wondering:
How many people on these forums have experienced similar issues, like what I am experiencing?
Would it be easier in the long run to just setup a new e-mail, switch everything over to the new e-mail address (it's a long process which is making me hesitant to do so, and I am not sure how some of the stuff would be transferred over).
How can I get in contact with a Level 2 or "Engineer" working on this issue to get more information, and discuss issues about this.
What is being done to help resolve these issues?
I had no issues with my account until I requested a Google Wallet Card, and now I incredibly regret doing so, to the point that I wish I could reverse all of this myself manually.
Attached are the pictures of what the Android and Web app are telling me in hopes that someone sees some similarities and if someone could get in contact with me (that has more information than a Level 1 Support from the Google Wallet phone team), that would be awesome as that is my main goal, I just would like to talk with someone that can provide more technical explanation than just saying "Our engineers are aware of the issue."
Explanation of below pictures:
Capture.png - The desktop process of me trying to request a Google Wallet Card (Firefox or Chrome, doesn't matter what browser)
Step 1.png - Step 3.png - The process I take in trying to setup Tap to Pay on Android App, with Step 3 finally saying: "There was a problem loading your funding source." (This also occurs if I try to extract, add, or clear money from my Google Wallet Balance)
Screenshot_*.png - The sidebar of the Android App, they requested that I take this screenshot. As you can see there is no Balance at the bottom of the sidebar.
Step 1 - 3
EDIT: 2015/07/15
After calling again, and talking with another person, I immediately asked for the Known Issue ID (which the other representative would not give me) and this is the number that was given to me:
Known Issue ID:
20906675
Shortly after though, she told me that she wasn't able to give me any further information about it, which was a bummer. So any other advice or people experiencing problems, it would be great to hear from you.
Dear all: This is my first post. I spent two days reading posts concerning the highly anticipated unlocking of the S7 G930T bootloader. It sounds as though the developers at XDA and anot entity known as Chainfire are chomping at the bit in expectation -- TWRP is written and waiting at the border. That is awesome and I wish you all the best of luck. There are several apps that I wish to install on my phone. Most of them address device security (firewalls, etc...) and secure communications. Thank you in advance for your many hours of work.
My question is one of methodology and the ultimate goals of device rooting using the Android 6+ OS. Why not use a virtual root as a cheap and tawdry temporary work around? A similar method appears to have worked well for a Corbin Champion who create Gnuroot. His app creates rooted Linux environments on Android devices and requires no Android root.
Will this work for applications that require a rooted Android? Is my question rooted in reality? What are the limitations of a rooted app or virtual root system?
Why would anyone want to use a cheap trick? Is it possible that using an app or a virtual root may avoid potential crashes and instabilities? Samsung may have locked the bootloader to prevent or slow the use of the S7 G930T in illegal activity. Wouldn't the development of an app for non-developers all us to benefit from many wonderful apps while preventing non-developers from engaging in less than ethical hacking with root as a lockpick?
I also read an XDA post concerning chain-loading an OS from a USB device. This also seems like a clever work around. It may also be an effective security tool that may allow a cellular device to be driven by a portable OS. It may allow one to protect device data and USB-OS data while enjoying network communications. What are your thoughts?
If I could pull this off on my own, I would do it and release it for free since that seems to be the thing to do -- to contribute in an academic manner to the karma/knowledge pool. I hope that capable hands consider a project like this to be worth while. If is already done, please point me in the right direction.
Thanks.
Cheers!
Dear all:
After I posted and asked questions that I though were interesting, I continued to read and look for helpful apps.
I lot of new apps appeared in the Google play store. Or maybe I just had not paid attention well enough before.
However the coincidence occurred, the most useful apps were the IP tools such as trace and location search.
Before that day I never once obtained an IP trace result and location that was at all useful or even remotely interesting. This time I was able to summon the leviathan.
The corresponding IP address to a machine that was and may still be in constant communication with my Samsung Galaxy S7:
172.217.3.238
The corresponding GPS coordinates:
37.4192000, -122.0574000
In the links below you will see that this corresponds to an office building on the property of the Moffett Federal Air Field near Mountain View and Stevens Creek California. How did that happen. My attorney doesn't know either. He says that no one is looking for me or is in great want of a chat with me. I am a medical student. ????
Ok. So I sent a complaint to the California State Attorney General Kamala Harris... several time by fax, online portal, and email. I called her office to confirm. Her staff confirm, don't confirm, and say that they have no way of tracing documents received by their server. So my attorney called and emailed.
Anyway... this smells of phone spoofing and phone trapping again so I will have to fight just to submit a complaint.
Links to the IPtrce and IP location searches.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The link to my complaint to California Attorney General Kamal Harris.
Why wond the images post?
I am not sure what went wrong, But the image files are not visible.. How do I correct this?
Ahzreal2 said:
I am not sure what went wrong, But the image files are not visible.. How do I correct this?
Click to expand...
Click to collapse
I'm not sure about this whole thread... That IP is Google, which has nothing to do with your post about a 'virtual root', OS on USB, or whatever.
See this: http://172.217.3.238.ipaddress.com/
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
SoNic67 said:
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
Not just "Chinese" phones, else why are they contacting Google?
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SoNic67 said:
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
Click to expand...
Click to collapse
No I mean the security company Kryptowire are contacting Google, along with Blu. Does that mean a Google phone is affected or is it just as they have a sales channel? Probably the latter but it does raise a lot of questions about exactly & how much control they have of the manufacturing process across their supply chain. Whether it's the the actual phone or individual chips being programmed. And is there any attempt by companies that make products in places like China to check the phones that actually come off the line for compromises. I doubt it but it seems to be a security risk to me.
Of course we all have to trust someone or some company in some way as most things are not open. I to trust Google with much of my data & security.
(I have read several articles on this, but still not much info, all seem to be a rehash of the press release from Kryptowire)
Google code is not affected. This is part of the specific firmware that manufacturer puts in the phone and it is allowed to even be updated OTA.
Meanwhile if I root my device is considered "unsafe"... But that's the only way to see those files and act to remove them.
As much as I hate Apple, I am more and more tempted. At least they control all the manufacturing chain.
Can I load a custom firmware on my phone to eliminate this?
If you can unlock the bootloader, yes.
At the minimum you need root, to be able to disable/eliminate the software. The original article that I have linked has the details of the software names:
com.adups.fota.sysoper
com.adups.fota
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
...and not two days later another news emerges... hehe just when some may have thought they are any different
https://interc.pt/2gkn4dz
M4ti said:
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
who cares who finds it, so long as someone does. Rooting and deleting all the relevant files should work, I guess, but possible could cause some other issues, who knows.
Its pretty funny since most of the people reading those articles doesn't really understand it very well....people quickly jump into conclusion and think that Chinese Smartphone device secretly sending private information to China....
If you read the articles very carefully then you will realize that Shanghai Adups Technology Co. Ltd is a company that provide FOTA services, that means and manufacturers that use their services for OTA updates are likely to effected with the spyware not just Chinese Smartphone....their market share is exceeding 70% across over 150 countries and god know how many devices manufacturers & services operator have been using their services for OTA updates...