Related
Taken From XDA Portal
For the last few weeks, we have been intensely covering security and privacy issues that involve quite a few of the latest HTC devices (Sensation, EVO 3D, etc). It was discovered by XDA Recognized Developer TrevE that there are multiple apps and services that basically collect all sorts of information about our devices, their usage, and everything that is done on them to later on be sent to some Amazon cloud drive. HTC has come back a couple of times with official statements saying that the apps are indeed harmless and that the information collected is to basically help HTC and the carriers to improve their products and services to us. Moreover, they claimed that, at least, the HTC services can be opted out and they would stop collecting said information. Well, TrevE has been doing a lot of research as of lately and further proved that not only can these services not be turned off by regular means, but also has shown, by doing an experiment in a controlled environment, that the apps are inherently dangerous as they can be easily exploited by virtually any app that has android.permission.INTERNET enabled, which a ton of apps in the market currently do.
The kind of information that can be pulled from the device could be enough, potentially, to clone a device completely if the person receiving this knows how to do it. The app seems to allow the dump of virtually all stats and values by the device. Regardless of HTC’s motives to collect this information, the important part about this, and really the core of the issue, is that the information from these apps can be easily intercepted and sent anywhere to anyone. For the skeptics in the room, TrevE has put together a small demo app (proof of concept) that shows what could potentially happen when this is intercepted. He also has put together a Youtube video that shows exactly what is going on. It seems that the only real way to get rid of these services is by rooting the device and manually removing them, but there is no known way to remove them from an unrooted device.
HTC has been notified about the issue approximately 5 days ago and we are still waiting for a response, which they said they are working on. You will have to keep in mind that this is only the first app that TrevE is working on, and if you remember from previous articles, there are 5 of them. Long story short, you can expect one of these articles on XDA at least once a week for the next month or so.
Well, HTC, as you may see it, this is no longer about us wondering why you are getting our information, but it was discovered that whatever you are using to get it is simply not secure. For the sake of your customer’s privacy, we request that you take the proper measures and release any and all necessary patches to fix this for any and all devices being affected. This is about people’s data falling in the wrong hands, so please we ask that you take action on this soon.
HTCLogger allows any app that has access to android.permission.INTERNET on devices such as the evo3d to obtain full access to query sensitive info such as network/appusagestats/meid/esn/phone#/past 10 location broadcasts and last known locations/and more.
http://www.youtube.com/watch?v=YoTUkQ7SlNU&feature=player_embedded
You can find the original thread here. Also, you can check if you are vulnerable by using the app found in this thread.
Want something published in the Portal? Contact any News Writer.
Thanks TrevE for the tip!
More links regaurding new findings!!..
http://infectedrom.com/showthread.php/559-Vunerability-1-Android-Security-Elevation
and heres an app to check if you are vulnerable...
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
Does this help anyone?! LOL....Im sure NOBODY like BIG BROTHER WATCHING YOU!
lightninbug said:
Does this help anyone?! LOL....Im sure NOBODY like BIG BROTHER WATCHING YOU!
Click to expand...
Click to collapse
Well you kind of threw that out the door when you decided to buy an ANDROID device.. didn't ya ? LOL
so if you run something like cyanogen or miui am i right in thinking you would prob not be vulnerable, but custom sense based roms prob would be?
meegs said:
so if you run something like cyanogen or miui am i right in thinking you would prob not be vulnerable, but custom sense based roms prob would be?
Click to expand...
Click to collapse
Thats basically what Im thinking.. But who knows...For all we know the STOCK sms app is sending HTC all our texts...think of how many drug dealers/ or other illegal things people do that is uploaded to htc....I For-see a NEW AGE IN CRIME STOPPING upon us...and the general public doesnt even know it.
About the big brother watching you.
Why do you think Android is free? Companies like HTC and Google want you to spend as much time as possible on the internet so you can see the ads that pay their bills. That's the whole idea behind Android, cheap access to the internet so you can use Google products and see their ads. HTC is probably doing something similar here. HTC has access to lots of user data via the phones that they sell. This is valuable data to data miners who can sell their products using this information.
Personally I don't have a problem with this. But if you do it makes sense to stop using the internet
Call me crazy but I quite frankly don't care much about them knowing what apps I run or where my wifi network is located or where my phone has been. I voluntarily share that kind of information with Google in return for making my life easier by allowing my to use services like Google Maps and Google Search. Now if I were a terrorist or someone running from law enforcement I could see how this would bother me a lot more.
Moreover, if this information actually helps HTC improve the user experience on my next device (similar to how it has helped Google improve their services), I'll personally send it to them in a .zip file. It is troubling though that they kind of just take these kinds of stats regardless of your consent.
Anyway, let me know when they start listening in on my phone calls and reading my text messages. Maybe then I'll care more. -_-
EDIT: I still really do appreciate TrevE taking time out of his day to do this research and share his findings with the community.
Guys I think there trying to say that HTC or google is not gathering our info securely,and anyone with the knowledge can intercept our info from google or HTC. Say the president uses a HTC sensation,and a terrorist intercepts the presidents info that is suppose to go to google or HTC. Now that terrorist knows where the president is,etc. See how that's a problem? I sure don't want no crazed lunatic knowing were I'm at,worst,cloning my phone!
Sent from my HTC Sensation XE with Beats Audio using xda premium
brd912 said:
Guys I think there trying to say that HTC or google is not gathering our info securely,and anyone with the knowledge can intercept our info from google or HTC. Say the president uses a HTC sensation,and a terrorist intercepts the presidents info that is suppose to go to google or HTC. Now that terrorist knows where the president is,etc. See how that's a problem? I sure don't want no crazed lunatic knowing were I'm at,worst,cloning my phone!
Sent from my HTC Sensation XE with Beats Audio using xda premium
Click to expand...
Click to collapse
just in case we wondered why the president still uses a crackberry
Another reason to use Cyanogenmod. Yipee!
Sent from my Sensation using Cyanogenmod
I'm running a stock T-Mobile version of sense, rooted and when I installed the app, it says connecton refused, I looked for the app htclog.apk in /system/app and it's not there...
In ["TrevE!"] we trust!! OPT out!*CIQ's!* YAHOO, MSN, MSNBC, FORBES Magzn!!! "TrevE!!
Just seen this on **YAHOO** front page, Thank's TrevE!
Forbes Magazine on "TrevE"
MSN MSNBC!
"Eckhart says Carrier IQ's software, designed to monitor the performance of a cell phone on a network, is a "rootkit," spying on unsuspecting users. Carrier IQ says it is not."
"While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools," the company said in a recent statement. We've contacted Carrier IQ for more information.
I even made a video to let my subscribers know what he had done for the Android and XDA community, great find thanks to him.
heplful video helped me remove that crap from my htc. Treve rules
BaT420 said:
heplful video helped me remove that crap from my htc. Treve rules
Click to expand...
Click to collapse
They(CIQ) wanted a media storm, surfed the web and there it was.
Hmm, seems they didn't get it, a rootkit is something that hides from the user by running in a low level beyound the operating system, this does not imply any malicious intentions yet, so it definitely is. Thing is, they already stated that it does in fact log all phone connections and SMS (not the actual content they say), what apps are running on the phone and how much they utilize the cpu and even more, which i consider malitious personally, and send the informations to your carrier who should have those informations anyway except the app stuff. They say they collect this information to see if a disconnect happens due to a faulty cell tower to improve their network, but they should be able to get all this information's from their cell towers as well. Also they claim that they collect that app info to know what is causing battery drain on your device, but i think this should be handled in a different, more privacy respecting way.
--------------------------
tapatalked from vizio vtab1008
Jeeze I'm glad I run a custom rom and a custom kernel the day I got my phone. Gives my the shivers knowing that my carrier has that info. This would totally suck for federal agencies that use these CIQ infected devices.
Why is anyone the slightest little bit surprised?
This is an OS created by Google, a company that exists to collect data on you. By definition the more it invades your privacy, the better it is accomplishing its job description.
Chrome is growing in installations every day. This is a browser that exists to collect your data. Everything you type or click on while in that browser gets processed through Google's servers.
What do you think is going to happen when google comes out with a "free", stable, OS for pc's? How much of your activity do you think they'll be monitoring?
Google and Facebook are waging a war right now to see who becomes "big brother" through controlling your access to the internet. Wake up and smell the "long game" running.
Yes, I know CIQ is not a Google product.
Someone just turned derp up to 11
mid_life_crisis said:
Why is anyone the slightest little bit surprised?
This is an OS created by Google, a company that exists to collect data on you. By definition the more it invades your privacy, the better it is accomplishing its job description.
Chrome is growing in installations every day. This is a browser that exists to collect your data. Everything you type or click on while in that browser gets processed through Google's servers.
What do you think is going to happen when google comes out with a "free", stable, OS for pc's? How much of your activity do you think they'll be monitoring?
Google and Facebook are waging a war right now to see who becomes "big brother" through controlling your access to the internet. Wake up and smell the "long game" running.
Yes, I know CIQ is not a Google product.
Click to expand...
Click to collapse
Its the carriers that put this software on not Google. My nexus s has no sign of it. I'm custom rom since day one but have a nandroid of my stock image and nothing there.
Also your last statement is a bit tin foil hat isn't it?
Sent from my Nexus S using xda premium
slimdizzy said:
Its the carriers that put this software on not Google. My nexus s has no sign of it. I'm custom rom since day one but have a nandroid of my stock image and nothing there.
Also your last statement is a bit tin foil hat isn't it?
Sent from my Nexus S using xda premium
Click to expand...
Click to collapse
Not on the stock or custom roms for the Inspire either.
As for the foil hat. You think the new chip being installed on all US phones after tyebnew year so the government can force texts to your phone is only so they can send you a text? Yeah....I am not so sure about that lol
Surprise, surprise!
SPIEGEL has learned from internal NSA documents that the US intelligence agency has the capability of tapping user data from the iPhone, devices using Android as well as BlackBerry, a system previously believed to be highly secure.
Click to expand...
Click to collapse
-http://www.spiegel.de/international/world/a-920971.html-
I believe that smartphones are a gold mine not only for spying agencies but also for commercial behavioral trackers. I would wish to see more privacy-aware development from the XDA community.
I am aware of Xprivacy, OpenPDroid and Replicant. What other work is done to make Android more privacy friendly?
I agree .... just recently a criminal in my area was found and arrested after the police called his cell phone provider and had them track him for them... now it's good that a criminal was caught but the possibility of abuse of the tracking abilities of these phones is too risky for me .... I would love to see some privacy apps come out that can get a handle on this issue.
Here they need a warrent if they want to track your Phone through the provider and over here the providers wont give any info if they dont have to as far as i know.
Not Anymore i found the Backdoor Nobody belive me but Why
The name of the Backdoor is SevenEngine.apk delet it and no more Spying
Sent from my GT-S5830i using xda premium
Red Hack group said:
Not Anymore i found the Backdoor Nobody belive me but Why
The name of the Backdoor is SevenEngine.apk delet it and no more Spying
Sent from my GT-S5830i using xda premium
Click to expand...
Click to collapse
Well... If you perhaps looked into what that app is, you'd find that it's the engine powering Samsung stock ROM email services?
Before you claim something is a backdoor, and that removing it leads to "no more spying", what about some proper analysis of the app?
The app is not present on stock version of Android either
This app dont appear is service list and used this week 190 Gb data connection Oo explain !
Sent from my GT-S5830i using xda premium
Red Hack group said:
This app dont appear is service list and used this week 190 Gb data connection Oo explain !
Sent from my GT-S5830i using xda premium
Click to expand...
Click to collapse
If it's not in the service list, it's not a service...
190 Gb - really? I think you need to either check your stats are correct there, or look at the traffic you've sent/received in terms of Email.
You can't "call" a backdoor using these userland tools, as a good backdoor won't appear in them...
I would more worry about the millions of users who check e-mail on a device on public WiFi (secured with password or not).
So many people connect to POP accounts with the credentials sent in plain text format with no secure e-mail setup.
Same applies to some Apps not just the main App bundled with the system.
P.S. I am not talking about sending passwords by e-mail in plain text. (yet I worry for the masses that do that also.)
I am talking about those who have e-mail accounts setup on a device, but the e-mail client communicates with the e-mail server for log-in with an unsecured / unencrypted protocol.
zurpher said:
I am aware of Xprivacy, OpenPDroid and Replicant. What other work is done to make Android more privacy friendly?
Click to expand...
Click to collapse
Good thread, thanks has been given. Have a look into my signature. This is the project I am very fire and flame for at the moment. If you would like to know when being traced down by law enforcement agencies or police, participate in developing this awesome app!
NSA's sole purpose is spying, they will die but do this. They try to spy on everybody not just in USA but all over the world. Smartphones are not the only target. They put their hands on everything, I am sure Windows and other OS and most popular software are full of hidden back-doors inserted by NSA. Of course it is done without warrants. It is approved by secret judges in secret courts. Thanks Snowden and other guys to poor more light on this.
Im glad this forum was started... I am very excited about android security as well and for a good reason: I have a lot of highly confidential patient files on my phone and tablet and would never imagine of giving them up.
For the communtiy who want more : there's an app out of beta but still in developement called network connections. google it. It monitors the current live connections and their IP address. In my opinion very useful but i think its needs a rigerous run. Ive been using wireshark but thats a bit too hectic given my time constraints. Oh and the dev has graciously put the pro version for free download for this week only. so give that a try and let me know.
Of course, lets not kid ourselves into believing Android is secure from highly funded and powerful spying agencies.
aejazhaq said:
I have a lot of highly confidential patient files on my phone and tablet and would never imagine of giving them up.
Click to expand...
Click to collapse
Hahaha.. you suck in securing your files!
dharmabum02 said:
I agree .... just recently a criminal in my area was found and arrested after the police called his cell phone provider and had them track him for them... now it's good that a criminal was caught but the possibility of abuse of the tracking abilities of these phones is too risky for me .... I would love to see some privacy apps come out that can get a handle on this issue.
Click to expand...
Click to collapse
A cell provider can track you like this regardless of what type of phone you have. It's not a smartphone thing. All they need to do is see what cell tower your phone is connected too (any network, not just data). And since it's their tower they know where it is - hence they know your approximate location from you turning your phone on.
So if you don't want your provider to know where you are - don't connect to their network.
SecUpwN said:
Hahaha.. you suck in securing your files!
Click to expand...
Click to collapse
hahahaha... yeah but I have to work off my tablet and theres so much in a days work unless the precess is automated I doubt I can do it every single time. The others just will probably have a hard time with APG anyway ... for now im sticking with the hospital address.
I'll be back said:
NSA's sole purpose is spying, they will die but do this. They try to spy on everybody not just in USA but all over the world. Smartphones are not the only target. They put their hands on everything, I am sure Windows and other OS and most popular software are full of hidden back-doors inserted by NSA. Of course it is done without warrants. It is approved by secret judges in secret courts. Thanks Snowden and other guys to poor more light on this.
Click to expand...
Click to collapse
Ya
zurpher said:
Surprise, surprise!
-http://www.spiegel.de/international/world/a-920971.html-
I believe that smartphones are a gold mine not only for spying agencies but also for commercial behavioral trackers. I would wish to see more privacy-aware development from the XDA community.
I am aware of Xprivacy, OpenPDroid and Replicant. What other work is done to make Android more privacy friendly?
Click to expand...
Click to collapse
Of course they are a data gold mine.
At one time everyone was warning of the day we'd have ID chips implanted in us to track our every movement. No need for that, we all willingly submit by carrying phones.
There is no privacy software that will help you. Your carrier can be compelled by secret courts to hand over any metadata associated with your account. This is not isolated to the US. Canada is doing it too, and probably many other countries.
If you want privacy, you can't connect to any networks.
flar2 said:
There is no privacy software that will help you.
Click to expand...
Click to collapse
Have a look at THIS THREAD. It aims to develop a tool to at least warn people that they're being traced down. Developer missing. Post there and revive the project!
zurpher said:
Surprise, surprise!
-http://www.spiegel.de/international/world/a-920971.html-
I believe that smartphones are a gold mine not only for spying agencies but also for commercial behavioral trackers. I would wish to see more privacy-aware development from the XDA community.
I am aware of Xprivacy, OpenPDroid and Replicant. What other work is done to make Android more privacy friendly?
Click to expand...
Click to collapse
Really, all this NSA bs is nothing new. If you are just now aware that spy agencies can spy on you now, well welcome to the modern age. They could spy on your phone even before smartphones existed.
Now what they are mostly doing is "Data Mining" on top of being able to hear what you say and if you really think you can do something against it, think again. And BTW, every developed country does it. The whole evil NSA is just antiamerican propaganda. If you think the russians are not spying or the chinese are not spying, think again. Maybe this will ease your conscience a bit by knowing that everybody spies.
If you are afraid of being spied and you have valuable information, you should not be asking major geopolitical agencies to change their policy, instead you should get off the internet. These are matters of "National Security".
Wellcome to the information age.
Information is power.
shadowcore said:
Really, all this NSA bs is nothing new. If you are just now aware that spy agencies can spy on you now, well welcome to the modern age. They could spy on your phone even before smartphones existed.
Now what they are mostly doing is "Data Mining" on top of being able to hear what you say and if you really think you can do something against it, think again. And BTW, every developed country does it. The whole evil NSA is just antiamerican propaganda. If you think the russians are not spying or the chinese are not spying, think again. Maybe this will ease your conscience a bit by knowing that everybody spies.
If you are afraid of being spied and you have valuable information, you should not be asking major geopolitical agencies to change their policy, instead you should get off the internet. These are matters of "National Security".
Wellcome to the information age.
Information is power.
Click to expand...
Click to collapse
Too true, sadly.
So loving my note 3. I haven't rooted it yet or anything. As I want to see how the stock rom is for a month or so.
Something has been bugging me ever since I have started caring about my privacy and security. as every App I want to install wants to read my call log, control SMS's record conversations ect. when the app doesn't need to. for instance my favorite radio station. Thinks it needs the permission to know who I've called! What the hell for?
It's the reason I've begin to fall in love with Paranoid android ROM. I had it on my note 2. granted I couldn't use the S-pen at all as it didn't use touchwiz. but I found the ability to edit each apps security settings. worth the sacrifice!. (if anyone reads this. is there a way to put that into any ROM? the permissions editor?) I'd love to install it. but onto the pressing issue.
Samsung includes this magical service with the note 3 called Knox. now it's supposed to give you enterprise security.
When all it does. is constantly give me notifications that it's stopped certain programs from running.
when this morning I clicked the right button which too me to the permissions that Knox gets here they are
read phone status and identity
read, edit SMS's
full network access, ability to change network conns
retrieve running apps
prevent phone from sleeping
directly call phone numbers
Take pictures and video
Record audio
approximate location. Pinpoint location
Modify call contacts. read call log
add read or modify calendar events
read all web history, bookmarks ect
Modify or delete usb storage
Disable screen security
complete account control
Read dictionary terms
pair with any bluetooth
there is also lots of other non essential stuff. This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
jjbk said:
This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
Click to expand...
Click to collapse
I know a couple of CIO's that are wetting themselves over KNOX and they (and the DOD, CIA, and NSA for internal use) are the primary audiences. I'd like to assume that people in charge of protecting corporate data are smart enough to investigate the tools they are using to do that pretty thoroughly. My assumption is that the boatload of permissions KNOX requires are all tied to administering, monitoring, protecting, archiving, and deleting data off of devices being policed with MDM. Based on Huawei and Lenovo being cut out of acquisition opportunities and lucrative Western networking contracts because of their ties to the Chinese and "spying" I'd say the quickest way for Samsung to put themselves out of business and take Korea with them is to do what you're suggesting.
The KNOX is truly crap!
I had disable all KNOX after ROOT.
Samsung doing this KNOX thingy is full to crap! extremely useless!
jjbk said:
It's the reason I've begin to fall in love with Paranoid android ROM. I had it on my note 2. granted I couldn't use the S-pen at all as it didn't use touchwiz. but I found the ability to edit each apps security settings. worth the sacrifice!. (if anyone reads this. is there a way to put that into any ROM? the permissions editor?) I'd love to install it. but onto the pressing issue.
Click to expand...
Click to collapse
You can do this now with an unrooted Note 3. It's a sort of hidden feature of Android 4.3, but you just need access to an 'activity' called App Ops. There is a handy app in the Play store that creates this link for you:
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
Knox is also a device administrator and to work correctly it needs pretty much all permissions.
That's normal.
Sent from my SM-N9005 using XDA Premium 4 mobile app
jeromepearce said:
You can do this now with an unrooted Note 3. It's a sort of hidden feature of Android 4.3, but you just need access to an 'activity' called App Ops. There is a handy app in the Play store that creates this link for you:
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
Click to expand...
Click to collapse
Thanks. I got it. and started using it can't wait till paranoid brings out a good ROM. or something with full S pen funtionality. and then just install this on Thanks Once again
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
I just simply rooted and removed Knox, lots written about it - the secret agenda is nonsense.
jjbk said:
here is also lots of other non essential stuff. This is Freaking Alarming at the minimum. if no one is worried about this then its very sad! This screams NSA back door!
Click to expand...
Click to collapse
Of course Knox needs all these permissions - it is, essentially, a virtualised phone OS within a real phone OS.
Without those permissions, it simply wouldn't work!
Regards,
Dave
There is always this conspiracy theory :laugh:
Ppl need to cool down and chill.
foxmeister said:
Of course Knox needs all these permissions - it is, essentially, a virtualised phone OS within a real phone OS.
Without those permissions, it simply wouldn't work!
Regards,
Dave
Click to expand...
Click to collapse
There's no question KNOX is a nightmare for enthusiasts. But enthusiasts make up 5% of the market. XDA being the biggest enthusiast site on the web has 5M members; Samsung will sell 250M smart devices this year. The corporate market is probably 25-30% of annual smartphone sales. That's who KNOX is for and so far it's been extremely well received. I know of one company that's issued a mandate that all employees must use Samsung phones equipped with KNOX whether supplied by the company or via BYOD. If that happens enough Samsung's hit a home run with KNOX even if all 5M XDA members buy other phones. KNOX has been so successful LG's doing something similar.
http://www.engadget.com/2013/10/01/lg-gate-enterprise-security/
So ladies and gentlemen, KNOX and its ilk are here to stay.
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Your mentality sucks. Surely i can expect some kind of privacy on a personal device. Wether im doing something i shouldnt be or not.
BarryH_GEG - is completely right its aimed at Corp users and its very useful. - those that slag it off has no idea what it is and what its used for.
KNOX - is Samsung's version SELinux, since its now standard in Linux Kernel, all variations of Linux will have this feature and Andriod is an variation of Linux.
So if you dont like SELinux you better switch from Andriod smartphones as this will be standard soon no matter which OEM you choose.
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Putting KNOX aside, I want to understand your perspective on privacy.
Here's my perspective:
I have nothing to hide nor am I working in politics.
But with this backdoor technology, it IS a serious concern for journalists and honest politicians running against the current corrupted elite establishment.
Who (in the sex obsessed American public eye) will take their cause seriously after the establishment (with the help of NSA DB) releases a phone-sex tape or pictures of drunken high school pics?
In 2008, NSA workers told ABC News that they routinely eavesdropped on phone sex between troops serving overseas and their loved ones in America.
Click to expand...
Click to collapse
Who's to be the honest watchdog of the establishment if all journalists can be blackmailed with their personal info before they release their reports of establishment corruption?
This is not about something to HIDE.
It's about freedom and democracy.
Do you want your children to inherent a world where they can MAKE A DIFFERENCE or one where THEY CAN NOT??
You do know that Samsung is a Korean company - and a strongly nationalist one to the extent of a General Electric or. General Motors - right?
perosredo said:
You do know that Samsung is a Korean company - and a strongly nationalist one to the extent of a General Electric or. General Motors - right?
Click to expand...
Click to collapse
What does that have to do with whether it will comply with the laws in the country it wants to do business in?
Google a US COMPANY had to comply and censor results in many countries at the request of the foreign gov.
Twitter had to censor the posts of Arab Spring supporters at the request of their govs
BlackBerry a CANADIAN COMPANY had been pressured into releasing encryption keys to the Indian gov to spy on comms.
Samsung wants to do business in your country, does it not?
weedahoe said:
All this knox talk is funny. What are you really scared of?
NSA? No problem unless you're trying to hide something you should not be doing. If they want to see my search history or see my pics and read my emails, then go for it.
Click to expand...
Click to collapse
Agreed........... I deliberately take regular photos of my untrimmed white bits just for them.... :laugh:
jonlewi5 said:
Your mentality sucks. Surely i can expect some kind of privacy on a personal device. Wether im doing something i shouldnt be or not.
Click to expand...
Click to collapse
You better get off the internet now and any social site you might have ever been on. Lots of engines index everything you put out there so even though you think you delete it, its still there......somewhere
klau1 said:
I want to understand your perspective on privacy.
Click to expand...
Click to collapse
Anyone here's perspective on privacy really doesn't belong on XDA. It's one thing to talk about the impact of KNOX on device development, how to use (or not use) its functionality, and what its impact is to privacy and another to have general privacy discussions that belong on Reddit.
OP's question was asked and answered. KNOX's sweeping permissions are required for it to function. If people feel that KNOX could impact their privacy disable it or send Samsung a message by not buying their products. Just like Samsung's reaction to the negative coverage of Region Lock was to ignore it you can pretty much assume that'll be their position on KNOX too. I use KNOX so if there's some sort of nefarious activity it performs or my data gets compromised I'll report back. That's assuming I'm not captured by the CIA and renditioned to a foreign country and water boarded.
klau1 said:
But with this backdoor technology, it IS a serious concern for journalists and honest politicians running against the current corrupted elite establishment.
Click to expand...
Click to collapse
What backdoor technology? KNOX?
Unless you are running your own version of a mobile OS, compiled from source and having reviewed all the code to remove any backdoors, you are potentially vulnerable to all sorts of backdoors that Google, Samsung, HTC, Microsoft, Apple, or any other company may have inserted the ROM build you are running. KNOX changes none of this.
Privacy is an illusion, and always has been!
Regards,
Dave
I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.