Related
I was wondering if anyone knows a real answer for this. How easy would it be to cook in something that would send back your email login and password? Or other logins to stuff like banking sites. The people who make the roms seem to be hard working enthusiasts, but it still makes me nervous.
The reason I am asking this is because WM6.1 seems pretty buggy and slow and I was hoping that maybe updating to 6.5 would help, however Sprint is being super slow and vague (as usual) about if they will ever release an official rom.
And please no "then just don't use custom roms" replies. I am just hoping someone has some way to show that they are safe and then I will happily use it!
I was wondering the same thing. I don't use any cooked rom for anything banking related for this possible risk.
I know there are other threads that have the answer but can't find them maybe someone hid them?
Anyway what would the average chef gain, second of all how do you know a member of Opera or IE is not taking down your details or even Bill? "by that i mean there is more to worry about"
My point being chefs cook ROMs to give users better phones than stocks... Also the world of WM isn't laden with virus's/spyware so even doing so would be hard and no one would be bothered to spend there time considering how much time cooking consumes.
Just Hard-SPL your device and start flashing
I find cooked roms are the best! They are tweeked, customized, optimized, flexable, etc. Happy Flashing
Im still leary. Im going to wait until you all flash...then i will know its safe
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
FloatingFatMan said:
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
Click to expand...
Click to collapse
That is a very argumentative answer to a very simple and valid concern that allwires has regarding the security of using cooked rom's. Some people that use these rom's like to use their device's web capabilities for banking and for storing personal information and he brings up a very valid question regarding the safety of using these rom's for these purposes. Then you insult the poster by saying he or she is being paranoid when we all know that the capabilities for wrong doing via viruses and other malicious software are very valid concerns in this day and age. I would like to hear an intelligent and informative answer to this question since I'm sure as this sort of thing becomes more mainstream as it is bound through time to become there will be many more inquiries made as to the safety of their usage.
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
deedee said:
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
Click to expand...
Click to collapse
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
qqa92 said:
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
Click to expand...
Click to collapse
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
^^ And to add to Tim's comments. Just make sure you get your cooked ROM from an established chef if you're worried, and there won't be any problems.
Now, if the ROM was from someone with a tiny postcount and wasn't known, then you might have cause to think twice; but that's not going to happen here...
timmymarsh said:
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
Click to expand...
Click to collapse
Well then why not let the cat out of the bag. I'm just in here to see if I can get a large portion of the members in here's knickers in a twist so that they will all go out and buy my mobile AV since mine is the biggest one out there currently. Lots of potential there, in terms of cha-ching you have to agree. LOL!
There's also the option of downloading a kitchen and cooking your own ROM ... this method permits you to look at each package in detail.
Cheers,
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
I'm not sure what your reasoningn was to stop using email on the phone because of a failure to login to yahoo from a laptop. Did you notice any malicious activity on your yahoo account? Have you since? Have you changed that password? Just seems strange.
As for the security of cooked ROMS, I've never used one but I have a new phone coming and I'm going to try one from a reputable party here. I'm not nervous about it and I use online banking all the time. Here is why I am not concerned:
1.) As several people pointed out already, your PC is more vulnerable just because of sheer numbers. WinMo has a small market share and cooked ROMs would represent an even smaller market share. Even then, there are many custom ROMs to choose from. Then if EVERY user of a specific tainted ROM used their online banking on their phones, there is still little they could actually do with that information. For example, chase uses text messaging which means yes, someone could get my balance and stuff, but I actually have to login to the site to authorize my phone rather than login through the phone. So the information itself may or may not be useful. At the end of the day, it just wouldn't make the chef much money since there would simply be too few potential victims.
2.) The liklihood is very high that the perp would be caught by their peers and exposed in order to 1 - protect their own integrity, and 2 - get bonus points for being the one who exposed the bad guy (or girl). When you add this level of risk to the low reward, it just doesn't make sense. High risk, lots of work, little reward.
3.) Then of course, if someone fraudulently accesses your account, you can usually get that money back.
So I'm perfectly comfortable froma security standpoint. It's the stability standpoint I'm a bit concerned about but that's why I'm waiting till I get my new phone to try one out so I can go back to my old phone if it all craps out.
RedScorpion78 said:
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
Click to expand...
Click to collapse
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
startluvova said:
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
Click to expand...
Click to collapse
Hey there,
Way to go to ressurect an old thread
Nothing has changed, i have never heard of seen of a custom rom that has a virus cooked in, or one that has been intentionally created to spy on the user.
That said, i guess you have to make your own decision after reading the comments from some experienced chefs/flashers here
CHeers.
I am concerned that Google has their tentacles all throughout the OS, and I want to take all measures to stop that. I particularly don't like their search query tracking (I use ixquick) and their nav app, as their privacy policies are atrocious.
Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious.
Of course I'll not be using the apps of that-search-engine-everybody-uses. Removing them forthwith, in favor of whatever GPL open-source apps there are available for various functions. Using self-contained nav software like CoPilot or TomTom.
So, have any devs investigated whether Android phones home at any interval? Have measures been taken to privacy-enable the Android firmware?
I hear that HTC has some sort of 'phone home' function. How to neuter that?
What good is Wifi? Is it that you can use that when available, not using up 3G bytes? I am asking what use it is on a mobile in consideration of mobility and the security problems -- what uses can this be put to, and how to secure the phone?
Where is the best place to find open-source apps?
I'm curious about this as well, not so much from a privacy standpoint, but how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem? And actually Google apps aren't in the Android sources, so you won't have them after compiling. Yeah, two birds with one stone.
Also you could disable WiFi if you don't like it.
Tachikoma_kun said:
how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
Click to expand...
Click to collapse
Errr... what ROM and how many apps do you have installed? There is no "mysterious data" on clean system, but 25% of apps use data connection for various reasons.
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
The background syncing does not turn anything off as far as I know.
To my knowledge it allows 3rd party apps the ability to check if the user has flagged this, but they do not have to respect this flag.
Tachikoma_kun said:
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
Click to expand...
Click to collapse
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Brut.all said:
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem?
Click to expand...
Click to collapse
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
i think he meant either put up or shut up, which is a pretty reasonable statement.
IMO it's anonymous user data.... let them build cybernet
otherwise say no to the T.O.S that is your constitutional right if you have "privacy" concerns
Brut.all said:
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Click to expand...
Click to collapse
Thanks, will give that a try.
themapleboy said:
i think he meant either put up or shut up, which is a pretty reasonable statement.
Click to expand...
Click to collapse
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Brut.all said:
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Click to expand...
Click to collapse
u know what they say about assuming...... it always makes you look like a jackass
Yeah, I mean we're not playing with iOS4 or anything.
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
If you're still concerned, I suppose you could always opt not to install the Google Apps, but you'd be a bit limited, functionality-wise.
Sent from my Droid using XDA App
themapleboy said:
let them build cybernet
Click to expand...
Click to collapse
O' little do you know... many years ago I did work in Eastern Europe. You have no idea the paranoia a society can endure. For an idea, watch the old TV series Danger Man. Or the movie 1984.
If most young people share your view, it is a dark future. I'm glad I'll be dead.
herald83 said:
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
Click to expand...
Click to collapse
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
I smell a rat...
Quantumstate said:
...Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious...
Click to expand...
Click to collapse
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
A 52yo real estate developer, whose not a coder, but used to be a "cracker" and knows what is possible? Anyone else here think this doesn't make a bit of sense?
It's funny, but it sounds like someone is trying to stir up some FUD by making claims that Android is somehow doing an "All your data are belong to us...". I hope Apple aren't paying your cheques!
@perpetualmotionuk: Be advised that there is a difference between mathematics and decryption, and coding. Yes I can do some coding, but not at a level necessary to analyze and modify an operating system.
If Apple were paying my 'cheques', wouldn't I come in with some sort of proof that monitoring is taking place? Rather than asking what others have found?
Now, rather than trying to tear people down, why don't you use that considerable nose to investigate this yourself?
No one's seen anything about info leakage?
Quantumstate said:
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
Click to expand...
Click to collapse
Most of that data is pulled from search history, I suspect. Which you can disable, if I recall. Don't have my phone on me at the moment to confirm.
I just did a very simple test on an emulator: after ~15 minutes of running system there was 0 (zero, null) of network packets. Now I want to do the same on a device with clean system, but I think results will be the same or similar (SDK system is just normal Android - very similar to these from devices).
I have a feeling that even if I will catch zero packets as well, you will be asking whether Google send something mysterious through... errr... bluetooth? Some hidden antenna?
If you're worried about Google tracking your info...root the phone and don't install the Google apps. What do ya know...problem solved.
If you're still worried that people are tracking what you are doing see steps below.
1) Flush phone or give to a homeless guy to throw them off.
2) Destroy Computers.
3) Liquidate everything you own.
4) Walk into the woods and live off the land.
5) Kill self shortly after because they already have a file on you.
You say you're a 52 year old real estate developer...guess what...they're already tracking you. You're already helping to build "cybernet" just by living and breathing.
And if you are really worried about your "220 year old Constitutional Rights" then go read the Patriot Act and discover that you don't have ****.
I'm normally not one to flame...but you are an absolute idiot.
I'm not an English person, excuse for the syntax/grammar/... mistakes I'd could make.
hedjemunkee said:
I'm normally not one to flame...but you are an absolute idiot.
Click to expand...
Click to collapse
I don't understand WHY this person could be considered as "an absolute idiot" by ASKING if some 'data' are sent over the network through the phone.
Facebook, with it's ad system is sending information for each ad displayed (not alot, but still some !)....
ADS.GOOGLE do you have any idea about what's behind !?
I don't have the number (nobody have it) of webpages using it but it's huge. with this you can track navigation of people, establish profiles, link to a physical person. Without your consent.
I understand the concern of the "OP" here. I don't think the data sent are easy to "catch", or are systematically sent... maybe there is no, and you are paranoid. But it "COULD". So easily. I'm from the young tech generation.
And to quote
Quantumstate said:
If most young people share your view, it is a dark future. I'm glad I'll be dead.
Click to expand...
Click to collapse
People who don't ask themselve the question, or wich refuse to be open minded enough to consider the right to ask this question ... could be surprised very soon. I'm not directly affraid of "google". I'm affraid of those 'blind' people.
You'll be dead in less than 10years !? I hope we can share some of the darkness you're talking about. your parent's generation started it, you continued it.
Anyway, back to the topic.
Why in my pocess list i've : (app id number) com.ap.SnapPhoto:remote
even when I do not use the camera !?
...when I notice my battery is being used more than usual I check the process list and I find this...
What's this "remote" !?
Maybe "remote" refers to "another app wich launch this app"... ? Otherwise... wow.
I can't post links yet. Just Google: iPhone tracking your location
This has already been posted once, but because it is a big deal I wanted to draw more attention to it. As most of the people on XDA run rooted phones and custom ROMs, I would like to know if our favorite ROM developers have happened upon anything "interesting" regarding location data baked into stock ROMs/AOSP ROMs/Cyanogen (God forbid), or any other suspicious behavior.
I don't want to see people freaking out, or pointless jokes about tin foil hats, I'm interested in a discussion regarding our Android devices and location data and the storage of that data.
We all know that Google tracks our searches and some location data in order to provide targeted advertising. This is fine, because I would much rather see an advertisement for a 2012 concept car or screenshots from TES:Skyrim instead of something Macy's or Vagisil related. I'm more concerned about unauthorized people gaining access to this data. If I need to get rid of my Droid X with Fission 2.5.7 to protect my younger siblings or my fiancée or my future child, I want to make that decision with HARD DATA to back it up.
~NDK
[EDIT: Mods may move this if necessary, but my question is really directed towards developers and their (much deeper) understanding of Android and how it operates.]
Lookout keeps me safe.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
It may keep your phone safe, yes. Allowing Lookout to track my phone was convenient for a while, but I realized that in 4 years of smartphone ownership I had never lost my phone do to my invention of the ASSPAT. That's right, the Automated Self Search for Phone And Things. I do it every time I leave the house! Anyway, Lookout ended up being just another useless app that added nothing to my Android experience and subtracted battery life. (Although I saw minimal battery life change and actually liked that app.)
On topic, please ask your dev if they have ever happened upon anything suspicious in digging through the Android file structure.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
really? how sure can you be abt that? you know that any app that has root rights can do practically anyth to your phone don't you?
Few days ago I was involved in a conversation where couple of people were sure that the government can tap our phones even when not in conversation but when they are actually in stand by on the table.
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
The counter-argument was that there might be backdoors in the ROM for example which enables the authorities to get sound from the mic directly without the need of the OS as an interface.
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
I guess if you're really that worried about it, there's always airplane mode.
Sent from my HTC PH39100 using xda premium
Worried about monitoring using a google/facebook/twitter device?
Pull some foil off your hat, and wrap it around the phone. Problem solved.
Just do what Eric says "Do no Evil" and who cares if the gummint is watching you!
I'm not worried at all as should be obvious if you actually read my post :>
Fking1 said:
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
Click to expand...
Click to collapse
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Still, this doesn't tell you how it's done, but proofs that has been done and afaics is no problem to do it again.
If I remember correctly some time ago Indian government tried to force BlackBerry to backdoor their devices for Indian market.
So judge it for yourself, but don't think that this is some Atlantis conspiracy but is actually happening all over the place..
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
In all actuality if the gumment wanted to monitor you they already are....
Fking1 said:
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
Click to expand...
Click to collapse
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
chaki- said:
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
Click to expand...
Click to collapse
well to be honest, i'm big time criminal in my country, so the answer to that question is critical to me :>
Fking1 said:
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
Click to expand...
Click to collapse
Just because a listening device is not always on doesn't mean it doesn't exist. A single push notification can activate a hidden app or feature, should a government have installed it.
Indeed, there are "lost phone" apps on the market that let you do similar things (though I'm not sure about listening in per se, more like gps, alarm sound, take photos).
so, it's technically possible?
Fking1 said:
so, it's technically possible?
Click to expand...
Click to collapse
It is possible and google patented an ad technique that involved using the microphone to listen for background noises and words to produce better more personalised ad results but haven't implemented it yet.
Also you can remotely activate phone features as well as push data to a phone so yes it could be done but they would need at least an app installed on your phone to do so.
So unless you allow someone to install hidden apps on your phone there's no chance of it.
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Fking1 said:
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Click to expand...
Click to collapse
even if thats the case: just flash an own kernel like we all do.
i don't think there's something in android, because it's open source. someone would see that..
and the kernel problem is solved when you flash another one i guess
but those normal ppl out there.. the weird ones who doesn't flash their devices, they are ****ed then. xP
but are the kernels we flash open source? I guess even with custom ROM you use the default google kernel, since if it haven't been open source in the first place, i don't think anyone has written it from scratch.
The more important question is, can something like this be hidden in the kernel, or it needs to run in the OS as normal, but hidden app?
Fking1 said:
Care to elaborate?
Click to expand...
Click to collapse
NSAKEY. I'd post links but I can't.
B33zal said:
NSAKEY. I'd post links but I can't.
Click to expand...
Click to collapse
NSAKEY?
post them sripped or PM me
Is it possible? Yes is it likely? No. At least in the US they would need to prove you were a threat to national security to get a judge to sign off on it.
The android kernel is open source completely.
As an example there is a root binary that grants root access without user prompt or notification of any kind. So while it can be done I would not worry about it much.
FEMA chip anyone?
Sent for a corner cell in Arkham
dmhdogpro said:
In all actuality if the gumment wanted to monitor you they already are....
Click to expand...
Click to collapse
Bingo
I do not worry about my Government, if they want me they
will come and get me (and I won't be able to stop them)
It is my fellow citizens whom scare me the most.
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
That is true and some EULAs even suggest that there is no privacy on the data commited to the systems. Simple software we use daily (specially in the MS Windows world) is gathering info about what data you search, what you download, what kinda documents you type, etc. Even cloud storage services have a EULA that guarantee you no privacy (Box, Dropbox, Google drive, etc)
As for Android, I highly doubt the problem lies in the operating system, since it is open source and anyone can take a look at it.
Now if you want a conspiracy theory, then read on...
Have you guys noticed how many of the browsers in Play Store are from chinese developers? Specially Dolphin, which many of you adore. Who can tell it isn't secretly sending your browsing habits to the Chinese government? How many people have been sniffing traffic to/from Dolphin (using tcpdump, for instance) to make sure it isn't doing other things?
Chrome (and Chromium) is another example: most people simply have to access their google accounts from these browsers. These browsers effectively send private user data to google. The question here is: how is google making use of such data and who is it sharing it with (for a profit or not)???
It's almost a paradox that in the information age we are more and more willing to have privacy but we have never shared so much of their personal lives with so many as we do now. Take, for instance, Facebook, Google+, Twitter,
I could go on and on... but I gotta some wifi sniffing to do right now and some wardriving later.
I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.