Related
US government mandates special "emergency alerts" chip in all cell phones by 2012
Yet another Big Brother measure destined to shove presidential messages to every cell phone user, eat battery juice, and add to the phone's cost:
A new national alert system is set to begin in New York City that will alert the public to emergencies via cell phones. [...] starting next year, all cell phones will be required to have the chip that receives alerts [...] The Droid X already has the chip. The system will use GPS technology to send geographically-targeted alerts: information about public safety threats, Amber Alerts for missing children, and presidential messages. Users can't opt out of the presidential messages. [The alerts] eventually might include audio and video content.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Below is a summary I cobbled together from the scarce information provided by the FCC here and here, and from press coverage.
The service is called "Personal Localized Alerting Network" or "PLAN" (technically called the "Commercial Mobile Alert System") and is scheduled to be available in New York by the end of 2011 and throughout the United States by April 2012, as a consequence of the Warning, Alert and Response Network (WARN) Act passed by Congress in 2006, which allocated $106 million to fund the program[1].
All new phones will be required to have the special chip, and according to AT&T spokesman Robert Quinn, some iPhones and Android phones already have it. It is confirmed that the Droid X (released in June 2010) does support PLAN and has a special "Emergency Alerts" app. Although this means the chip has been out there for at least one year, there is no precise list of which phones have the chips.
Carriers that will participate ahead of schedule are AT&T, Sprint, T-Mobile and Verizon. The alerts will be text-like messages of 90 characters or less, and they'll be geographically targeted using GPS technology (does this mean that the chip will send your location continuously?). Alerts will be accompanied by a unique attention signal and vibration (helpful to people with hearing or vision disabilities). The PLAN alert will appear as a pop-up text, different from regular text messages. PC World reported that the alerts "eventually might include audio and video content".
Alerts will be pushed via wireless carrier cell towers, but are designed to not suffer from the congestion that can affect regular SMS text messages.
The CMAS Third Report and Order mentions that cost recovery is left as a decision for carriers: they may choose to absorb the costs themselves, or pass them on to customers.
Phones that already have the PLAN technology
* Motorola Droid X (sources)
* Sanyo Innuendo (source: Sprint spokesperson Crystal Davis, 571-288-6806, crystal.davisATsprint.com via Business Wire)
* Sanyo Vera (source: as above)
* Sprint "plans to launch more PLAN-capable mobile devices later this year, and include PLAN technology in all new Sprint phones by the end of 2011." (source: as above)
Has anyone heard of this? It's been 3 weeks since the news was out and I haven't seen any followup in the media. The technical information is also extremely scarce. A few questions can be raised.
Concerns with the PLAN chip
UPDATE: see a comment from reddit, which addresses most of these issues.
1. Why is there so little precise technical information on a measure that will affect every single phone manufactured since 2012?
2. The cited reason for having an extra chip embedded in each cell phone is that the current SMS infrastructure can get congested in times of emergency. However, PLAN still uses wireless carrier cell towers to push messages (as opposed to a different frequency, like the ones used for radio clock synchronization or GPS). The GSM standard already supports Cell Broadcast (CB) messaging. This FCC paper from 2007 states that "Cell broadcast is already resident in most network infrastructure and in most phones, so there is no need to build any towers, lay any cable, write any software, or replace terminals". What is the exact justification of the extra chip? If the existence of the chip is a misunderstanding of the media, then why don't existing phones work with the system already? Why do we need new phones that are "PLAN-capable"?
3. Why limit the system to 90 characters of text, instead of relying on the existing multimedia message infrastructure, which can be used to send, for example, such critical information as a photo of an evacuation map? Also, the system is not backward compatible with the over 300 million mobile phones already in place in the United States, while using SMS is (more on these issues). It will take a few years (5?) for all phones to support PLAN. How many lives will be lost in the meantime? SMS is available now. Also, old people, the ones most likely to be affected by certain kinds of emergencies, tend to use very simple phones and to be very late adopters of new technology. Their phones do support SMS though.
4. Does the technology use GPS, as BBC mentions? The battery drain and surveillance implications are major.
5. Users can't opt out of “Presidential” messages. What safeguards are in place that would prevent an oppressive government from abusing this technology?
6. The design of the system is not available. How can the users know that it won't be abused? The chip could be programmed to snap a picture from the phone's camera, or to covertly record audio, upon receiving a certain signal. Remote activation of a phone's microphone has already been done by the FBI using the so-called roving bug.
7. What is to prevent the government-required software from receiving a certain signal or message which would disable the cell phone or its Internet access (useful in times of civil unrest, as has been seen in the Arab Spring revolts)?
8. Will rooting phones or custom ROMs become illegal, especially if one modifies the function of how the PLAN network interacts with the smartphone?
Sources and media coverage
The only first-hand press coverage I've seen dates from May 10-11, and there's been nothing since.
* National Emergency Alert System Set To Launch In NYC, with audio from the announcement. 800+ users comments, mostly against the idea. "For now, the alerts are capable on certain high-end cell phones but starting next year, all cell phones will be required to have the chip that receives alerts."
* Engadget - text of the press release. "Participating carriers are including PLAN chips in their new phones, and many recently purchased phones already have the chip and only will require a software upgrade."
* Wired: Bloomberg, FEMA, FCC Detail NYC Emergency Notification System: "The assembled wireless-company executives, including AT&T CEO Randall L. Stephenson and Verizon CEO Ivan Seidenberg, pledged their support for the system and said new devices will be equipped with a PLAN chip. [...] a list of compatible phones would be posted soon on the FCC’s website [...] Officials didn’t go into detail about the technical specifications of the new network."
* PC World: FCC Calls for Mobile Alert System (2008): "The alerts initially would be text only, though with vibration and audio signals for people with disabilities. They eventually might include audio and video content." (confirmed at FCC's site)
* MacDailyNews: U.S. gov’t mandates special chip in all cellphones; users can’t opt out of presidential messages: "It will use GPS technology and will send some of the alerts based on the location of the phone user."
* Daily Mail UK: Don't write off a text message from the president as a prank: It's an emergency and he might just save your life...: "A special chip is required to allow the phone to receive the messages"
* NY Times: Emergency Alert System Expected for Cellphones: "special chip [...] is currently included in some higher-end smartphones like the latest iPhones"
* USA Today: Cellphones get emergency alerts: "Some current cellphones, including some iPhones and some Android phones, already have the circuitry required to receive PLAN alerts. The iPhones that have the capacity to get alerts, says AT&T's Robert Quinn, will require software modifications. New AT&T phones due out in October will be PLAN-ready."
* NY Post: "Officials said at least three models already have the chip: the Droid X, the iPhone 4 and the Innuendo." The emergency alert feature and app (which can't be uninstalled) are confirmed on the Droid X. Note that the Droid X was released in July 2010.
* BBC: Mobile phone emergency alert system to launch in US: "Mr Bloomberg unveiled the Personal Localized Alerting Network, or Plan, on Tuesday, explaining that the system will implemented through a special chip installed on new mobile phones. The system works through GPS technology and will send some of the alerts based on a user's location."
* AFP: US alert system targets mobile phones: "The alerts will be text-like messages of 90 characters or less."
* Associated Press: Cellphone alert system announced in NYC: "A special chip is required to allow the phone to receive the messages. Some smartphones already have the chip, and software updates will be available when the network goes online later this year."
* FEMA page - no technical details, and nothing beyond what the press said
* slashdot and reddit
Specs
CMAS/PLAN specs I dug up. They seem to indicate that Cell Broadcasts will be used, but all specs are paywalled from $125 and up.
Hadn't heard about this at all. I'm not for it, I don't see why I can't just opt-in to a service like this, no special chip required at all. When I was in college, after the VA Tech shootings the University started a service to alert everybody in case of an emergency. Hell, my job has an automated system that tells us when there's an unexpected closing. But apparently the government needs a chip for that purpose. Absurd.
How much you wanna bet there's going to be a lot more in that chip than just something allowing you to receive warning messages.
How about full on tracking and voice recording?
Patriot Act.
Call me naive, but I'm not as paranoid about this. Sure, the gubmint does all sorts of monitoring they shouldn't, but going so far as to install a special chip in every cell phone in the country? They can't hide that. It's out in the open, to be dissected and shown to the world for what it is. I can't imagine they'd do something so brash. They'd never live it down.
I Am Marino said:
How much you wanna bet there's going to be a lot more in that chip than just something allowing you to receive warning messages.
How about full on tracking and voice recording?
Patriot Act.
Click to expand...
Click to collapse
I seen sum videos on yutube dat most new cellphones r bein tapped to hear your voice conversations bcuz of terorist acts
I see the Tin-Foil hat brigade have come out in force..
How is this not a good thing?
The Police cannot be everywhere at once, but the public is! If a child goes missing and a member of the public sees them, how is that not WIN for the child?
If you haven't done something wrong, then you don't have to worry..
But wait, that's not the discussion is it? It's healthy to be a little bit skeptic, but paranoid? Not so much.
The "nothing to hide" argument again
BazookaAce said:
If you haven't done something wrong, then you don't have to worry..
Click to expand...
Click to collapse
This is the common "nothing to hide" argument. It suffers from four problems:
* aggregation: if you bought a book on cancer, that won't raise any flags, but if you bought a wig as well, that suggests you're undergoing chemotherapy, something you might not want to be known
* exclusion - people are most of the time unaware of what information is being kept or tracked about them. When they accidentally find out to what extent they are being monitored, the reaction is one of shock.
* guilt by associaton - since you have no idea how your information is used and aggregated, what if some of the purchases you make or places you visit happen to match a pattern observed in actions of government enemies (not terrorists, but "hostile or critical journalists, campaigning lobbyists, businessmen who are likely to sponsor rival parties, people who oppose the party leader's favourite idea of the year")? Once you get on a watch list, even due to an error, it's extremely hard to get out of it. Read Hasan Elahi's story of how he was inadvertently detained by FBI agents in 2002, and since then, he publishes everything he does online, so that he can be monitored properly ("The government monitors your movements, but it gets things wrong. You can monitor yourself much more accurately").
* distortion - if you buy books on cellphone hacking, the government might think you want to thwart surveillance or avoid a roving wiretap; while you might simply be doing security research or writing a novel
More at http://tinyurl.com/debunk-nothing-to-hide .
Why can't they just send a text message out to everyone like they do in a lot of universities? Sounds like a waste of money.
Send text messages instead
panchopunk said:
Why can't they just send a text message out to everyone like they do in a lot of universities? Sounds like a waste of money.
Click to expand...
Click to collapse
Exactly. We have all the infrastructure we need for text message; they are fast, cheap, and don't require forcing manufacturers to add yet another chip into the phone.
Did someone say the sekrit word?
dandv said:
Exactly. We have all the infrastructure we need for text message; they are fast, cheap, and don't require forcing manufacturers to add yet another chip into the phone.
Click to expand...
Click to collapse
There is money to be made. If each chip costs $10 to install. Think of all the denirro they are going to make. Plus some sort of upkeep tax to pay the director head(read: ol'bud) with.
what better way to keep track of ppl than a chip in a cell phone? Come on ppl...EVERYBODY has cell phones. Next its gonna be RFID tags under ur skin...
666...
... wow this is the biggest bull ever... text are easier require less effort and are less invasive... talk about wasting taxpayer dollars
New World Order
The Extreme invasive Big Brother gov show continues...
Personally, I like the idea of getting alerts like this, and I think their execution does make some sense. Let me explain: In order for them to use the text message infrastructure to do a mass broadcast, they would first have to get the message to the service providers who would then have to transmit the message to their customers - adding in potential points of failure. Or, they would have to get the providers to hand over a list of all current cell phone #'s to send the alerts directly (which would cause even more uproar) and would cost manpower on both sides in order to keep that list up to date. With the new chip/firmware, it takes all of that out of the equation - no "middle man" needed and the government doesn't have to maintain a list of phone numbers. I'm also guessing that the way you would opt-out would be to essentially turn off the chip through a software switch.
That being said, as much as I understand the thought process and them wanting to be able to broadcast messages to all cell phone users, I too would much rather it be an opt-in type of service - which would negate my entire argument above
Hmm... a government required chip in every cell phone? I'm not usually a conspiracy kind of person, but why do I get the feeling that no good can come of this?
STOP WASTING MY PRECIOUS HARDWARE SPACE!!
They could've used that spot to place some other chip to improve the phone and just make an app or something
Sent from my SAMSUNG-SGH-I897 using XDA App
abrigham said:
With the new chip/firmware, it takes all of that out of the equation - no "middle man" needed and the government doesn't have to maintain a list of phone numbers.
Click to expand...
Click to collapse
Those are good points. Also, in times of emergency, the phone network might become congested, while broadcasting to the chip is essentially a multicast message, which can't suffer from congestion.
As long as the chips are not identifiable and don't transmit information back, I'm okay with them (minus concerns about extra cost and battery drain). They'd be like a GPS receiver, or an atomic clock receiver.
But how can we verify that? Who will manufacture them? Will their hardware and software designs be public? Probably not, so as not to increase the risk of abuse by those who'd love to spam millions of people.
abrigham said:
That being said, as much as I understand the thought process and them wanting to be able to broadcast messages to all cell phone users, I too would much rather it be an opt-in type of service - which would negate my entire argument above
Click to expand...
Click to collapse
Unfortunately, that wouldn't work, due to human psychology: people are way less likely to opt into a service that has dubious benefits, and opting in takes effort.
For example, consider organ donation in case of a fatal traffic accident: in Germany, which uses an opt-in system, only 12 percent give their consent; in Austria, which uses opt-out, nearly everyone (99 percent) does. The only difference is in the organ donor registration form:
Germany: Check this box if you would like to be an organ donor.
Austria: Check this box if you would not like to be an organ donor.
abrigham said:
I'm also guessing that the way you would opt-out would be to essentially turn off the chip through a software switch.
Click to expand...
Click to collapse
But you can't opt out of presidential messages. And one can imagine those messages being used for more than emergency alerts. The US lives in climate of terror that makes Americans believe that TSA pat-downs improve security (they don't, they kill people because more take the freeways instead of planes, and about 500 extra people die each year in traffic casualties; plus $4B in lost business).
Presidential messages you can't opt out of are an easy way to escalate the fear-mongering with "terror threat alert" messages. They can later serve as a political platform capable of previously unbelievable reach, pushing the presidential propaganda down the throat of hundreds of millions of cell phone users.
But if we think like psychologists again, what will be the government's response to the comment above? Probably something like "People who hate the presidential messages will just ignore them, so calm down".
And that is exactly the problem: potential mass indoctrination of those who are mildly in favor of the regime, or who are neutral, or not pissed off enough with it. And this is how you get the most converts; not by targeting those vehemently against your opinion. And converts equals votes.
This is total MOD EDIT: LANGUAGE I don't want "them" sending me crap! If they want ppl to hear them then the U.S. gov. Can make a MOD EDIT: LANGUAGE app!
Sent from the Drivers Seat of my Suby txting and Driving doing 100MPH+ in a school zone! Ha.
By now anyone who has an Android phone has heard about CarrierIQ, CIQ or IQAgent. Business Wire in London announced on June 8th:
LONDON--(BUSINESS WIRE)--Carrier IQ, today announced availability of a new Application Analytics module that will enable mobile operators and device manufacturers to monitor application performance and usage across multiple mobile device platforms, including tablet devices. Carrier IQ’s technology provides mobile network operators and device manufacturers with invaluable insights into the performance of various devices and networks from the user’s perspective. Carrier IQ’s solution is deployed on over 150 million mobile devices including smartphones, feature phones, data cards, radio-equipped devices, downloadable agents and now tablet devices.
Click to expand...
Click to collapse
For the few who may be scratching their heads wondering what CarrierIQ is...
Steve Topletz, a member of an international group of hackers, human rights workers, lawyers and artists that fights internet censorship and promotes the right to privacy has described it as follows:
Carrier IQ as a platform is designed to collect "metrics" at any
scale. What I found it to hook into is far beyond the scope of
anything a carrier needs - or should want - to be collecting.
Carrier IQ sits in the middle of, and "checks" the data of, SMS and
MMS messages. It listens for and receives every battery change
notifications. It hooks into every web page you view, and every XML
file your device reads. It receives every press of the touch screen.
It 'sees' what you type on the physical keyboard. It reads every
number you press in the dialer. It can track which applications you
use, what 'type' they are, how often, and for how long. It hooks into
data sent and received.
Click to expand...
Click to collapse
Information on CarrierIQ can also be found in the ACS SFR Epic4G ROM discussion thread and a thread I started requesting information from Epic4G Dev's here.
References to CIQ have been found deeply embedded Epic4G
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
Makes you wonder what might be in the closed source.
The Android platform, like Linux, is based on openness. I am calling on all Android developers, programmers, hackers and users to band together as a community and come forward with any information you may have on CarrierIQ.
I am asking all those with the knowledge and resources to delve deeper into this issue to please do so and help spread the truth.
For anyone who wishes to contribute confidentially and anonymously please email:
CIQINVESTIGATION @ VERIZON dot NET
Below are some of the most recent statements made by Sprint in response to questions concerning CarrierIQ:
“The software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We (Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.”
“Removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.”
“I appreciate you taking the time to speak with me today. I understand your concerns about the Carrier IQ software and how it can access personal information on the device. As discussed on our call, we are committed to protecting our customers personal information.”
Click to expand...
Click to collapse
My questions were directed towards Sprint about CarrieriIQ and the Samsung Galaxy S Epic4G because that is my service and phone. I would love to hear from others on their experiences when questioning their carriers about CarrierIQ on Android phones.
I have contacted CarrierIQ, Inc., Google and Samsung Mobile US requesting comment on the above statements and other direct questions.
I have a quote from a telephone conversation with Samsung technical support that I am hoping to be able to release soon. After receiving the statement in response to a question about CarrierIQ I sought legal advice and was advised to give Samsung Mobile US's PR company, Edelman PR, the opportunity to comment on it prior to making it public.
I received a response yesterday to my questions about the capabilities of CIQ from a group that has disassembled IQAgent & CarrierIQ.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ data collection and transmission capabilities are basically set the same across all Sprint Android offerings. (exception Nexus S)
Click to expand...
Click to collapse
Lets recap
IQAgent & CarrierIQ run as a backgroud service on boot.
CarrierIQ logging is set to OFF
CarrierIQ is collecting data and transmitting it on the fly without logging it.
The data CarrierIQ is collecting is basic metrics.
The surveillance capabilities of CarrierIQ can be activated through remote update running in the background at any time by Sprint.
hmmmmmm very interesting.
I am actually quite surprised by the apathy of Android users and consumers in general when it comes to privacy and protecting their personal information.
In just a few months this software has gone from 90 Million installations to over 150 Million across multiple smartphones, feature phones, tablets, etc...
Your next phone will most likely have CarrierIQ or a similarly capable software installed on it unless we make our voices heard now.
k0nane said:
What Is Carrier IQ? Why Should We Care?
3/31/2011: Hello, Slashdotters!
11/14/2011: Hello, XDA and Android media!
XDA author egzthunder1 has published an article on CIQ, with LOTS of information provided by developer TrevE. If you did not come here from that article, please click HERE to read it.
Put simply - and bluntly - Carrier IQ is a software package buried deep within Android by Samsung at the behest of Sprint. It has been in active use since the time of the Moment, if not before. The company that develops it, also known as Carrier IQ, bills it as "Mobile Service Intelligence". In their own words,
On its own, that description can vary from harmless, to worrying, depending on how you look at it. It's not until one drills deep down into the system and ferrets out every piece of the software that one truly knows what it contains. As some of you might remember, we took the first steps toward disabling the Carrier IQ software with the release of SyndicateROM and Xtreme Kernel 1.0. That, however, didn't even scratch the surface.
Carrier IQ's native libraries are plainly visible - libiq_client.so and libiq_service.so in /system/lib. During every boot, this service is launched - you can see it in Settings > Applications > Running Services as "IQAgent Service". These native libraries are called by non-native (Android application) libraries located in ext.jar (the client) and framework.jar (the service). Removal of these (rather obviously-named) libraries alone, be it the .so files or the libraries in framework or ext, will, obviously, break boot. So I had to dig deeper. To make a long story short, reference to the IQ Service and IQ Client were littered across the deepest portions of the framework, and some of the most basic functions of the Android system as we know it.
Carrier IQ as a platform is designed to collect "metrics" at any scale. What I found it to hook into is far beyond the scope of anything a carrier needs - or should want - to be collecting. Carrier IQ sits in the middle of, and "checks" the data of, SMS and MMS messages. It listens for and receives every battery change notifications. It hooks into every web page you view, and every XML file your device reads. It receives every press of the touch screen. It 'sees' what you type on the physical keyboard. It reads every number you press in the dialer. It can track which applications you use, what 'type' they are, how often, and for how long. It hooks into data sent and received.
I and my fellow users ask Samsung and Sprint - why do you want this information? Why do you need it? Why is the capability in place?
The only saving grace - if there is one - to this nasty, ten-legged mutant spider is that its logs are off by default. During the investigation process, I was able to enter its UI. Below are two screenshots of it.
That being said, the question still must be asked - why is the service even running? Why does Sprint and Samsung feel the need to leave a dormant monster in every one of its most loyal customers' phones?
Here's the most important part (tl;dr): the Carrier IQ service is a drain on battery life and performance. In testing, I and others noticed a significant rise in Smartbench scores and overall system 'snappiness' after Carrier IQ's removal. In addition, with it removed, a prominent tester saw 30 hours of battery life, with heavy use, on the stock battery.
Thanks for the long read!
(continued in post below)
Click to expand...
Click to collapse
This Carrier Iq and its nasty shenanigans were discovered a while ago and removed from roms.
What was the point of it anyway? Why was it put into stock roms? For the governments of the world to keep a close eye on the people? Ha Ha Ha
Sent from my R800i using XDA App
Pronounced "say candy", the goal of SecAndy is to come up with as secure and private of an OS as possible. So as not to reinvent the wheel, we'll base this initiative on our open source code of choice (Android or maybe other developers' choice).
I am not a developer myself but I can without a doubt, because of former professional experiences, organize a project and gather the right people together as a community in order to make sure that project sees the light of day after it has acquired a life of its own if needed, which I think we will agree is something that this kind of project requires because of the scrutiny it will quickly attract.
I am officially calling upon this post all interested developers that could help us fork Android or other open source OS.
Let's get a kickstarter funded and let the party begin. I will update you later today on the advancement of such.
This thread welcomes constructive ideas and developer participation, but here are beginning requirements we'll need to fulfill eventually to privatize and secure android :
- default browser allowing custom search engines such as https://ixquick.com or duckduckgo
- default system search pointing to those custom engines for online component
- control of gps at firmware level to allow full disability
- peer to peer file exchange (think BitTorrent sync) with 1024 to 2048 bit encryption
- implementation of secure sms and mms exchange (think textsecure)
- implementation of encrypted voice channels (think redphone or SIP with end-to-end encryption)
- root vpn for all online access
- systemwide warning of insecure solutions (example : wanting to use gmail or regular email)
- PGP transparent email solution
- Tor option for root vpn (subject to mitm attacks but more on that later)
- peerguardian type auto-updated database to identify suspicious IP address ranges
- systematic in-out firewall control auto updated with peerguardian database and community based rules database
- hardened malware protection and app permissions with automatic permission audit based on application type
- full device encryption and lockup (in case of unauthorized user)
- full remote wipe out and bricking with auto IMEI reporting (in case of theft, might have to be amended because of attack vector)
- full remote location capability with real time tracking (that one might have to be scratched, high security risk because of attack vector)
This obviously doesn't cover all the bases but would be a good start... I know a lot of these options can be implemented with a mismatch of apps and custom Roms but having it all at an OS level AOKP style would greatly help in building an android by the people for the people community that could eventually loosen the stranglehold of less than transparent corporations.
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
e-motion said:
60 views in 24 hours and not one comment. Obviously I'm approaching this the wrong way. More news at 11.
Click to expand...
Click to collapse
I don't want to be insulting, but no programming work has been done on your part, and you're just asking for people to dive in this project to get managed by someone they never heard of. It's not really surprising no one has commented yet.
I understand what you're saying but any comment, even if only just to show interest in such a project, will be key to drive developers to it.
I might not have started any development but I have clear understanding of how to design secure solutions. I can't go into details of why that is, however you can clearly see with my 2nd post that some research has been done. If I wanted a solution for me alone, I could just go on with my own little pudding of custom ROM and security apps.
However, because of the recent news events that SHOULD have awaken this population, I thought now might finally be the right time to try to get such a project off the ground. But without anyone even showing any interest, why would any developer be drawn to it ? If people would rather focus more on content consumerism than on what might happen under an umbrella of spooks that they're paying for with their taxes, then they have learned nothing from history and deserve what's coming to them, simple as that.
This is NOT a development thread in case you haven't noticed, so telling me I haven't developed anything yet is not even relevant.
In case anyone cares, this will be moved shortly in the t-mobile Note 2 Android development thread as a Touchwiz proof of concept ROM. Little steps, little steps...
Sent from my SGH-T889 using Tapatalk 2
mobile sec
While I am not a developer I would be interested in this project. I've been thinking about this a bit lately given recent events. I think a useful privacy preserving security related app and phone combo might have these features:
-some way to separate the baseband processor (radio) from the OS. It seems most phones share memory with the radio and this fact can and has been exploited. Own the bb processor and you own the phone. Perhaps a 3g dongle plugged into an android phone in host mode would work. Some of these usb "data only" radios can be unlocked for voice too. I believe a rooted phone with IP tables/firewall running would be much more secure than a conventional mobile phone.
-an anonymising network for connecting to servers/peers. I think the i2p network is well suited for this purpose. Rather than connect to services that are not designed with your anonymity/privacy in mind, connect to hidden/darknet servers that make it extremely difficult to ascertain your real IP and location. Perhaps an i2p router running on your home computer relaying i2p traffic while also maintaining a long lived encrypted connection to your mobile in order to "push" data to it. In this way the user benefits from the anonymising network, contributes to the network, but doesn't have the battery drain of relaying packets from the phone (if this is even possible).
-end-to-end encryption. Perhaps OTR messaging for texting and perhaps openPGP for transferring binary files as I don't believe file transfer in OTR is available at this time.
-an app that uses the above network that is capable of sending/receiving encrypted text, audio, video, gps location etc and does not leak any personal information that you don't want leaked. XMPP might be a good choice (with perhaps out-of-band binary transfers for efficiency). Giving your unique identifier to another person that is using the same app would allow you to communicate with them while not revealing your phone number, imei, imsi, etc. There would be some latency in the communication especially with binary transfers but I would gladly accept that for the added security.
anyway, just wanted to add this to the conversation and hope to see this project take shape as we definitely need more security enabled os's and apps.
This posts here to increase the effect of sending my phones and other devices targetedly hacked files and file contents to the correct places to help forward the progress of patching the in routes and exploits used to conmlrimise my devices. im not mass generically hacked like all content marketing oriented loa pricepoint device users are. im also targetedly hacked, being a poster of evidence of organized crime. how i know this is surveying the various search results of numerous parts of code grep'd through for everything from 'usually' to 'when the' and the like and finding undocumented code); analytics traces reports screenshots etc i need to send to the correct agencies labs and engineers to effetiely take an opportunity one rarely has, not a whole lot more luck needed just to expose what ive found to get help swnding it all to the right researchers.., here to also overstep and des mceibe a social engineerig aspect to this criminal co-perogative that seems to be boiled down to a method or science always changing specific tech understanding apartide line that one would say would be inperceptible if not being lóoked for. These effects are already known, ask any journalist or researcher whos benefitted from the use of tor. do u ever get o ly search results fro. 2013 2014? ueah thats not right its 2022 and those are whats been whiddled down as passable as results to you that will derail your presumptive expectation to find usefull relevant info. like free black market oligarchay totalitarianiasm censorship of good info by masses of evil black hearted tyranical rulers. What is or was being done was not unlike untargeted hacking, wasnt unlike stalking, wasnt unlike gaslighting, was engineered by heinous psychologists under a larger tech side of a harasment as a service outfit utilizing specific individually itemized psychological attacks managed and administered from a heirerarchal chain of command involong hassers unbeknownst (effectively anyone), and salaried operative sabetuer assailant rights violators harassers, being orchestrated by a few headpieces workong to effect intimidation, harm, debilitation, eventual ruin of targets. im a lucky one to have escaped their heretounforsceen murderous grasp... technical implementation and phychological advice, and the client criminal operations, all likley make io the types involved.. and some .MOs? . A score is kept of each targets perceptable work toward outing the criminal client(most dont continually announce display post what they know under threat to their familys, i fly in the face of these intimidations and threats as ofton as possible, or as necessary. they especoally anger me and i ofton
make sure to give a speech about it if needed bwcause id say thaTs the proverbial time and place for that
the stalker or stalkers will note it all and interfere suggesting or positing jackassedly outloud (the two harasser grouping lends to this) which is being pumped as audio to the tatget , only filtered down to narrow effective frequency bands of audible sound. a effort to disturb distract frustrate is debilitating especially at length. i have audio recorsdngs of this subliminal harassment,¹¹¹i will post and have posted online. Undocmentble and likely undocumented (ie unprovable) aspects of reality, of which there are many, are derived contrieved etc by the stalkers one after the next and projected subliminally to the target as heassments, threats, psychosis induction, all to kéep reports from going to police, knowlede of anythining relevant or related from being learned basically preventing anything the target might do in the course of a day,, randomly or specifically or especially if ostensibly they were heading to the police station printing store etc. a target has to endure : Internet is filtered
friends are threatened and harssed the programs on anyones phone in the vicinity re beiing montoped to know if recording or video apps start running. Im not the only person who knows bout what i videod and posted, many involved are plausibly victims, many benefiting, profiting, buying àre monstors heartless soulless murderous enemys to mankind. How i got targeted? i was attacked by two guards at a high rise, recorded it incidentally, posted it online, in the bckground is evidence of the activities of aug fifteenth sixteenth twentyeighteen, some largescale illegal sex crime party for high rolling invertebrate clients, and not just in the background, but my interactions with the guards upclose are all evidence and the 15 mins of video as i exited the vicinity all contain evidence. They usually keep anything like video taken on a cell phone contained and from ever reaching the net, but i was recording to disk and feeling extra like it was a miracle i survived the attack gonna take the disk out for safe keeping minded also, gonna post immediately minded after evading immedite stalker harassers traveled on foot strategizing for 12 hours, went forward in visiting an art school campus, visiting the library and uploading over a simple Vpn to youtube (browser built in one if i remember correctly). My civil rights activism prior to this gave me some ability to evade gang stalker harassments, and all in all i had been being targeted digitally and had some upload strategy to use because of the same, the civil rights and land use activism i was doing videoing and posting. So the stops were pulled and full scale cmpaigns were deployed to psychologically or otherwise send me into ruin in a way that would be indetectible in any way as being foul play or at least un reportably or documentably, because tens if not hindreds had to have noticed the oddities of patterns and diversions from the norms of everything everywhere variousley i frequented. stalkers effirts were all made with intention to have effect but also to effectively obscure what was being done, why, what crime there was to reported if any, and any routes or reasons provable that i might have to seek relief from foundations for the crimes against me, so as to be able to persist and continually attack playing any and all angles of various of psychological and physiological attacks through incetivatized or otherwise achieved malfunction or alternate to normal operation of things ... this is where conputers come in, my devices were and still are if im being realistic used for and integral in facilitating this, but not without a lot of code paper trail i was expected not ever to be able to ascertain knowledge of or obtain. Largescale distributed obscured attack on individual targets isnt always viable, but ofton is it would seem... In the curse of weathering this attack i achieved slowely progress in my life , trancendance above and beyond the thercheous pitfalls and all that laid out figuritvely to ensnare me, and have atained for myself many if not a few more of my life goals as well. I have explained and exposed the immediate harassments and stalking to those being subjected to its immediate and side effects, and a page long list of other focused intentional sometimes subtle corrective or stimulating vitalization of some sort to the social and interpersonal climate within which i live life ive been, seeing as how it was being accurely poluted. it wasnt always easy or obvious but certainly something of the needed necessary and natural reaction type of measure i believe either way i know i have succeeded in the various ways i went about keeping my life from falling apart. Somewhere in these outcomes, milemarkers, graduations and self afirmations i categorically became, non susceptible to a certain category of sheer wall affront to a person who is targeted. socially, technically, socially correctovely, verbally, orationally, (speech giving?), attritionally effectively strategically, in one too many ways they cant effect their zero click exploit on one Kyle Varela, as it were, and now im here, right pretty much where id be, only here in my hand is alot of the info needed to disenfranchise those who this computer based evasion of my privacy and much worse was undertaken by, to help potentionally a lot of people, to help the world operate one incriment less innificiently... But i have to delve into realms unknown to turn in the files and doing so will continue to make it self aparent in its non accomplishability approached alone by just me. ...Leading to my posts reason.
Stated: source help, advice, and leads into and about the most suspicious of the many entrys and code snippets within the uploaded files all taken from systems i was using, and i believe is likley to contain evidence provingthY the disfunctionalityt of my devices software and hardware was intentional identifiable and ultimately hopefully reportable and patchable.
This post will be finished with attachments after getting initial post up. Just a moment