Hello everybody,
I am currently using an android phone and consider to switch to WP8 after it has been release due to better hardware concepts etc.
I already read that WP7 apps are executed in a sandbox and therefore the whole process aint to be more "secure". Anyhow, Iam not concerned about a virus or malware.
My biggest aim is to keep my data private and to secure my privacy.
Regarding WP7 I could not find any hint about that topic. I cannot imagine that nobody cares about this topic around this OS !?
What I want is the following:
Set for each app what it is able to access (e.g. Access to contacts, location etc.)
Control internet access for each app
Maybe it already exists and therefore nobody talks about it, maybe it is technically not possible.... Just want to know
Thank you in advance for your help.
Regards.
WP7 (and presumably WP8) apps use a "Declared Capabilities" model for controlling access to resources like you mention. That is, if an app wants to access the network, it must declare ID_CAP_NETWORKING in its manifest. If it wants to access your contacts, it must declare ID_CAP_CONTACTS... etc. When you view an app in the Marketplace, you can see what capabilities it includes.
However, there's not really any fine-grained control over such things. For example, if you install an app that wants access to your contacts and your appointments, you can't tell it "OK on Appointments, but no Contacts access" short of modifying the app prior to installing (and if you did that, there's a good chance the app would crash when you ran it). Similarly, there's no user-controllable firewall on the phone; an app that specifies ID_CAP_NETWORKING can access anything that is available on the network.
I believe this is similar to the behavior of stock Android ROMs. The advantage that WP7 (and presumably also WP8, but it's too early to tell) has over Android in this regard is that apps go through a much more extensive review process. If an app needs to access your contacts, for example, it better have a good reason for this access and and it will (well, should) be rejected if it sends them off to some advertising company or something.
GoodDayToDie said:
WP7 (and presumably WP8) apps use a "Declared Capabilities" model for controlling access to resources like you mention. That is, if an app wants to access the network, it must declare ID_CAP_NETWORKING in its manifest. If it wants to access your contacts, it must declare ID_CAP_CONTACTS... etc. When you view an app in the Marketplace, you can see what capabilities it includes.
However, there's not really any fine-grained control over such things. For example, if you install an app that wants access to your contacts and your appointments, you can't tell it "OK on Appointments, but no Contacts access" short of modifying the app prior to installing (and if you did that, there's a good chance the app would crash when you ran it). Similarly, there's no user-controllable firewall on the phone; an app that specifies ID_CAP_NETWORKING can access anything that is available on the network.
I believe this is similar to the behavior of stock Android ROMs. The advantage that WP7 (and presumably also WP8, but it's too early to tell) has over Android in this regard is that apps go through a much more extensive review process. If an app needs to access your contacts, for example, it better have a good reason for this access and and it will (well, should) be rejected if it sends them off to some advertising company or something.
Click to expand...
Click to collapse
I see. So basically this means, that I could edit the manifest file of any application myself and set the level of access I want it to have, but the application will probably not work anymore.
For instance, I have an navigation app that wants access to my contacts to offer me a direct navigation option to my friends place as well as internet access for current traffic information. Do I need to trust microsoft, that they reviewed this app so well that it does not send my contact list to the software company ?!
Moreover, this way I cannot prevent microsoft for example to collect whatever they want from my phone, right ?
It is correct, that stock Android does not offer this function, too. However there is the possibility to root it and have apps installed that control all traffic, even those of the OS itself.
ntech3333 said:
I see. So basically this means, that I could edit the manifest file of any application myself and set the level of access I want it to have, but the application will probably not work anymore.
Click to expand...
Click to collapse
Yes. Applications are expecting to see all CAPs they request, as this is an all-or-nothing thing in WP. If you'd edit their manifest, the application could behave arbitrarily, and it would likely crash because an essential assumption it made - that being either it has the CAPs it requires or isn't installed - isn't applicable anymore.
Moreover, this would require at least a developer unlock, for some applications (for instance Skype) an interop unlock and for some applications (all XBL ones at least I think) a custom ROM.
ntech3333 said:
For instance, I have an navigation app that wants access to my contacts to offer me a direct navigation option to my friends place as well as internet access for current traffic information. Do I need to trust microsoft, that they reviewed this app so well that it does not send my contact list to the software company ?!
Click to expand...
Click to collapse
Yes. There is no way to partially grant permissions.
ntech3333 said:
Moreover, this way I cannot prevent microsoft for example to collect whatever they want from my phone, right ?
Click to expand...
Click to collapse
Microsoft makes the system. If they wanted to hide something in kernel mode, and wanted to hide it from all user accessible APIs, this would be easily done. Simply spoken, if you question Microsoft's commitment to their EULA, WP is the wrong OS for you.
ntech3333 said:
It is correct, that stock Android does not offer this function, too. However there is the possibility to root it and have apps installed that control all traffic, even those of the OS itself.
Click to expand...
Click to collapse
Without a kernel built from trusted sources, hiding data streams from all APIs is always possible for an OS maker.
ZetaZynK said:
Yes. Applications are expecting to see all CAPs they request, as this is an all-or-nothing thing in WP. If you'd edit their manifest, the application could behave arbitrarily, and it would likely crash because an essential assumption it made - that being either it has the CAPs it requires or isn't installed - isn't applicable anymore.
Moreover, this would require at least a developer unlock, for some applications (for instance Skype) an interop unlock and for some applications (all XBL ones at least I think) a custom ROM.
Yes. There is no way to partially grant permissions.
Click to expand...
Click to collapse
A custom rom, unlocking etc. is not an obstacle as long as it is possible and serves the purpose
In general I would assume, that any application should be able to run without an internet connection, since it could be possible that you are just not connected to the internet for some reason ?? Therefore, removing the CAP for internet access by editing the manifest file should not lead to any unwanted behavior. Or is it more like that, that all apps check their CAPs they requested on startup and not only when they want to access some ressource ?
This way it would be possible to remove internet access for any application I do not want to send data somewhere without blocking others and without the necessity to remove other CAPs.
Microsoft makes the system. If they wanted to hide something in kernel mode, and wanted to hide it from all user accessible APIs, this would be easily done. Simply spoken, if you question Microsoft's commitment to their EULA, WP is the wrong OS for you.
Without a kernel built from trusted sources, hiding data streams from all APIs is always possible for an OS maker.
Click to expand...
Click to collapse
Generally spoken, I trust nones commitment to any EULA or something. Microsoft, Apple, Google, they all have such documents and every few weeks something comes out that they are tracking you, (anonymously ) etc. Everytime the answer is something like "oh, what a mistake, of course it was not intended to be..."
Of course I do want have the comfort of a smartphone, a tablet pc or a computer, but I want to perserve and control my privacy to such an extend that I am satisfyed with it.
Even on a Windows computer I have got the possibility to control network traffic, to limit access for certain software etc., even to limit access for the OS. So why the heck nobody is interested to have that on a smartphone, why an smartphone must be an free bazar of private information everybody can have and do what they want with it ?
What I want and hope is, that with WP8 (since it will be the same kernel than the PC version) something like that will be possible. Just like on a Andriod phone, too where you can grant internet access for everything, even for system components individually.
Removing ID_CAP_NETWORKING will result in an exception (access denied, essentially) when the app tries to call a networking API. Since the app is probably not expecting that particular exception, it will probably crash. Some apps may have very broad exception handling on their network code and simply assume that they don't have access, though.
You don't really have any control like you describe on a Windows computer. You can set the firewall, sure, but then you're trusting Microsoft to not have some leak or backdoor in the firewall. You can write your own drivers to hook it at the kernel level, but then you're trusting Microsoft not to have a direct access to the HAL that bypasses the network driver stack. You can re-write the HAL (OK, not practically, but let's say "you could install another OS" instead) but even then you're still trusting the manufacturers of your motherboard, your CPU, your network interface hardware, your router, your modem...
At some point, you have to trust somebody. A big, publicly-held corporation with many users, a clear privacy statement, and a lot to lose if they screw up fits the bill is your best bet in most cases. Microsoft fits that bill just fine.
GoodDayToDie said:
You don't really have any control like you describe on a Windows computer. You can set the firewall, sure, but then you're trusting Microsoft to not have some leak or backdoor in the firewall. You can write your own drivers to hook it at the kernel level, but then you're trusting Microsoft not to have a direct access to the HAL that bypasses the network driver stack. You can re-write the HAL (OK, not practically, but let's say "you could install another OS" instead) but even then you're still trusting the manufacturers of your motherboard, your CPU, your network interface hardware, your router, your modem...
At some point, you have to trust somebody. A big, publicly-held corporation with many users, a clear privacy statement, and a lot to lose if they screw up fits the bill is your best bet in most cases. Microsoft fits that bill just fine.
Click to expand...
Click to collapse
Ok, what should I answer ? If you use arguments like that you can extend it to what ever you want.
At some point you need to be realistic when looking at security and privacy. There always can be/is a way to bypass systems on a low level basis to do what you intend to. So what ? You cannot pervent this in any OS.
But when using a third party software firewall that comes with its own drivers, you can be sure to certain extend that you have your networktraffic under control.
This is actually not the point I wanted to make about WP7 and probably WP8.
I understand, that for example an navigation app wants to have access to your contacts to offer you the option to navigate to your friends place. I also see, that this app wants to access the internet to get traffic information. But I do not want this app to have neither access to my contacts nor to the internet since I cannot know what data will be transmitted to the software developer. I even to not want them to do some statistics with me gps positioning. NO. as simple as that. What I do with my information is what I decide.
So what I especially do not like is, that most people in the world do not care about such facts at all. They are running behind apple like lemmings, willingly giveing them all information they have and being happy that everything works so fine on their device !? What the... ?
Anyway, it does not matter, my questions got answered, I will have a closer look at WP8 when it is out and see if it possible to keep my stuff under my control or not.
First of all, EULAs are a binding contract for the first parties, which means that if such a thing were to come out, and it is not a very obvious (actual) bug in the software (Apple's local geolocation data retention bug and Microsoft's bug in WP7 that may have determined the location before you pressed "OK" in the dialog are definitely such - they give nothing of advantage to the two companies), they have a problem named "breach of contract": There will be legal action by activist in such a case.
Then, your argument is valid, a firewall would be effective if you trusted the hardware and software environment. However, I wouldn't hold my breath for it: Firewalls or capability removers are just not fitting in the image of a smartphone. On Android, you also require root for this (important point here: a 3rd party device unlock, it does not come built-in - and apps could also stop working if you withdraw rights from them, since the code might not be prepared for such a scenario either), on an iDevice and Windows Phone it's not possible. It's very much the contrary of how smartphone makers would like to market their devices, a scenario where you might possibly not trust your apps - this could even scare users away from smartphones.
Therefore it is unlikely that WP8 will come with such a capability built-in. Even though WP8 will be sharing the kernel with WinRT, it should be noted that both, WP8 and WinRT will require mandatory UEFI Secure Boot from OEMs. It's likely that this cannot be broken at all unless every a very significant hole can be found that permits to breach the chain of trust or the devices' firmware can be attacked. Hence, it isn't even said whether WP8 can be rooted. If WinRT does not come with Windows Filtering Platform (WFP), it would be the same situation as is on WP7.
You are right, of course the EULA is the first thing to mention But about what legal consequences are you talking ? They will be fined to pay some million dollar ?! Ok, nice, but they still have my data. In this case they bought the information, that's all.
Anyway, I do not want to be paranoid and of course also here at some point you need to stop
To have root access on a device that you own is natural for me. I bought it, it belongs to me, that's why I should be the master on my device. For sure, this does not fit in the global tendency of "not to care about your device, just make it run", too.
On a windows computer I can have administrator privilidges as well. Why they do not want to give me this on my smartphone that claims to be a computer somehow, too?
By the way, WFP is quite a useless piece of invention. I once experimented with WFP for some software project on a windows computer and found out, that the same way I can change every rule someone created for the firewall, everyone else can do. Means: I created a rule to pervent skype to access the internet. Guess what ? Right, Skype detected that and 2min later it deleted my rule and created an own one to grant access again. What use does such a system have ?
There's a rather simple reason, "root" is a badword for most mobile manufacturers: piracy. On Android, that's a different story because you typically can install side-loaded applications, but on the iPhone or Windows Phone you require unlocks to pirate. Typically, piracy is not a practical option on them until you have a root unlock. (If you take a look at WP7, you either require an interop unlock or a custom ROM to have more than 10 unsigned apps - if you wanted to pirate, that would impose a very tight limit on the extend you can do such. Students are even limited to 3 unsigned apps). Root is something that circumvents the control systems of the manufacturer - something that neither Microsoft nor Apple have interest in.
WP and iOS have - compared to Android - very low piracy rates, so this is paying off. (For that matter, WP is probably more locked down than iOS: It took 8 months to public availability of an unlock for my HTC Titan; iOS is usually broken much faster)
I think you're confusing Windows Firewall with WFP. The latter is just a programming interface in the network stack, which allows applications to inspect, filter and modify packets in the network stack. It does not have any rules you could set therefore. Windows Firewall comes with rules, and Skype will - if it has proper privileges to do so - attempt to automatically permit itself in the Firewall.
About the EULA, no. In literally any modern country, data found to have been obtained illegally will result in a sentence to delete the data, to pay a fine and likely to pay the victims damages.
You see, that is the point. The possibility to decide upon your own device is taken away from you due to fears and prejugdes of the manufacturer. Why it always must be connected with piracy ? It means that everybody who wants to have root access on his device is potentially criminal and therefore it is better not to ask for it. Nice.
If you buy a modern house with automatic controlled sun blinds, heating etc. Would you accept, that there is a control room in your cellar, where only the company that built your house has access to? You are only allowed to switch on and off the light in your house. Even the sun blinds open and close whenever they want and tell you when you are allowed to look out of the window and when not. Just because you have no "root" access to change that and you need to accept it.
Fur sure, it is nice to have such system where the user has not rights since most users are not experts and causing mostly only problems where in the other way the system runs smooth and stable...
About WFP, yes I just saw that with Win Vista and Win 7 they introduced such way of filtering platform. I really mixed it up with the windows firewall manager that is accessable via API.
I never saw in any case where data has been found somewhere that users got paid damages. Did Apple do when they tracked their users ? I think no. Did they delete the data ? No they did not, they excused and said something like "oh, what a pitty, we will change that in our next update" Quite safe, isn't it ?
What you fail to see is that android is riddled with issues due to its openness, it is suffering in exactly the same way WM did, you may laugh of WM but android owes its roots to WM. Apple and MS saw the issues, and did something about it.
Yes that restricts you, but you and those like you, are a tiny minority, simply put they have bigger things to worry about, and that is average jo an jane blogs. they do not need that level off access and giving it to them is one of the reasons 10,000s of computers out there are nothing but bots used for DDOS attacks
Remember, WM was slated for being buggy and slow, the reality was far from that, but the networks and OEMs had so much control over the OS they literally screwed it sideways and the magic effect was that they didn't even get the blame, MS did! (ring any bells with android!)
Why didn't WP take off as well as it could have? easy, because firstly it didn't have cool roots to an ipod, secondly because MS tightened up on the OS so much it pissed off the networks, im sorry to say, its little to do with apps and side loading, that's just the first thing people think of when they are talking about something they know nothing about.
Networks like to do things their way and I think you will see their influence in WP8 a lot more, and because of that more than anything else, the networks will like it more, if they like it they will sell it, then you will see a larger uptake in it and thus more apps
anyhow, that's off topic, fact is this, security will only get tighter and rightly so, as much a that is a pain in the arse for you an I, that is the reality, you may have perfectly legit reasons for full access, but I can promise that most who want it probably will use it for something dodgy, MS and Apple can not afford to have a time bomb on their hands in the shape of android.
I fully agree with you !
Just for the protocol: I liked WM very much and I never considered it as buggy and slow, but ok that's another topic.
The reason why Iam using android at the moment is quite simple. There was no satisfying hardware available for any other system. Iphones are useless, for WM almost nothing was there that could be used as a smartphone and WP was likely to be replaced by something else. I was waiting for years that some manufacturer releases a smartphone that has a 2.3" display like a normal mobile. I hate those laptops people try to use like phones with 4" display and what ever.
Since Iam quit unsatisfyed with the quality of my sony ericsson mobile, Iam looking forward to get a Nokia phone again. Moreover, Iam really no fan of open source software since compatiblity is quite bad and the functionality is mostly not really reliable. Iam a heavy MS Exchange user and I do appreciate nothing more than be completely synchronized with my phone laptop and everything. Only WP8 can provide that... So, Iam dealing with it.
Related
I have Purchased the G1 Thinking the overall architecture of Open Source Application, Android API, Equality of Application bla bla.
But after see the Handset i think it only Open for Source Code
neither we can create own on Modified Images nor we can change the Device at Root level. Its same f*cking thing like Apple iPhone Jailed and no Root Access.
We got some Android SDK but whats the use we can Create same Application for iPhone and Windows Mobile also. Infact in WinMob we have thousand of Software running nicely.
I am very Disappointed the way G1 is Locked with the Open Source OS.
i think in the name of Openess G1 device have locked everybuddy to f**k around with T-Mobile and Google only Service. Android Market have very Little apps which can Surprise me after all that hype of Software Availability. Infact 1st Generation iPhone had more Application which Developers have Developed without help of any SDK from Apple. G1 really sucks.
Well, i regret that fact too, but in fairness they never said the device would be open. What they said was "You can make your own device and use Android on it".
It's sad that T-Mo didn't get the "open" part but in all case my hopes are with chinese device manufacturer who don't care for 5 minutes what you do with their hardware as long as you buy it. Or maybe OpenMoko but their design is really ugly
Okay, being able to type commands on the keyboard and have them executed as root from anywhere on the device IS NOT SAFE.
What happens when someone tells you to type rm -rf / and hit enter? Brick? YES from anywhere on the device. Even from the lock screen.
They are not locking down the phone again, they are fixing a MAJOR bug. The phone is not "Jailed."
its said when god closes doors he opens new ones
Since the door is closed, how to put your own native lib to the system? Is there any way to use native lib?
sadly i find both Android and iPhone OS as restrictive.
because nope of Future Manufacturer is gonna allow us the Flash the Customised Android to Phone unless we know the Private Key of that Manufacturer. There is nore of Legal way to do much powerfull Developements in Kernal , drivers or boot loader of Android etc. What we got is that Ugly ADB thing which itself is so much Restrictive. I feel like am developing the software again as what we have done in Java on Mobile for Sony Ericson etc.
Google could have offered us a Safe but Power full access to hardware for Customized OS. and they could also have safeguarded device from Possibly bricking by bad flashing.
I think Phone OS should more like Installing Linux / Windows into Computer rather then Boot loader and so on.
hetaldp said:
I have Purchased the G1 Thinking the overall architecture of Open Source Application, Android API, Equality of Application bla bla.
But after see the Handset i think it only Open for Source Code
neither we can create own on Modified Images nor we can change the Device at Root level. Its same f*cking thing like Apple iPhone Jailed and no Root Access.
We got some Android SDK but whats the use we can Create same Application for iPhone and Windows Mobile also. Infact in WinMob we have thousand of Software running nicely.
I am very Disappointed the way G1 is Locked with the Open Source OS.
i think in the name of Openess G1 device have locked everybuddy to f**k around with T-Mobile and Google only Service. Android Market have very Little apps which can Surprise me after all that hype of Software Availability. Infact 1st Generation iPhone had more Application which Developers have Developed without help of any SDK from Apple. G1 really sucks.
Click to expand...
Click to collapse
Well, I also miss a lot of stuff in G1 at least. System is so powerful, but closed, only thing in G1 is you can change batter if necessary and put bigger size transflash. I miss SIP, for every text entry I have to type using keyboard everytime. The other major issue, which Kaiser (Tilt) addressed very well, is removing battery cover to change SIM card. I have good number of Windows Mobile phones and iPhone before G1. I take different phone, whatever matches my belt or whatever I feel like, and changing SIM card is pain except for Kaiser and iPhone. G1 taking out the battery cover is so bad, it is like having older Dell desktop lying under the table and plugging a usb device. For older dell lattitudes, you have to knee down and push your usb cable angularly, otherwise it would either screw the usb port or you could push it for good time. The same goes to G1, you have open the keyboard, push the latch little and push your battery cover slowly to righside. Not a good idea, if you change phones daily like me.
Like the other one said, if you have root privileges, you could brick your device, if you don't have one, you don't know what you are doing. TMob and HTC screwed Google big time on this. I don't know how much control Google has on device makers and carriers. I see same pattern that Microsoft is struggling with WinMo devices here. At least in the case of Microsoft, we can easily play around devices without bricking like writing apps is easy, finding apps is easy and hacking device without bricking easy, at least if somebody doesn't have time to hack, they could easily look at our forum (XDA) and be creative.
my 2 cents.
--Ram--
I hate to say it but 99.9% of the customers T-Mobile is marketing don't care about having root access or installing operating systems on their phone or having easy access to their SIM card. I'm a programmer and I don't even care about that kind of stuff for my phone. The difference between this and something like the iphone is that you can write an app to replace pretty much anything you see on any screen on the phone and post it in the marketplace. Even with things like an on-screen keyboard there's no reason why it can't be done, there's just nobody who's made one yet. Hell, we already see apps that won't ever exist for non-hacked iphones(the 3 or 4 video players out there, tunewiki and other audio players, AndNav and things like the app that turns on your screen when you get an SMS message). If you really care about that stuff, return your G1 and get a OpenMoko or something similar.
I'm interested to see what the future holds for factory unlocked Android devices. Maybe T-Mobile decided the G1 cant be offered unless they have control over the firmware. When the handset manufacturer isn't tied down to these restrictions, it is possible that will grant root access by default.
As far as the possibility of bricking the phone, that is a stupid argument IMO. First of all, its my phone which I paid for which should give me the right to do what I want with it. Second of all, it should be brick proof to begin with. If I completely corrupt the filesystem, I should be able to go into the bootloader and and flash a new image to the device.
Hey mates.
Im looking for a wm 7 alternative to the quite nice app protector android app called Smart App Protector.
What i need is the functionality to restrict my wm7 devices so the users cant enter IE, Settings and other functions than those i want them to.
When a user tries to open the browser on a android device with the smart app protector installed, they get prompted for a password, which is exactly what im looking for.
If there isnt an app that does what im looking for, does anyone know a way to restrict at least internet trafic in IE, i still need data connections, but the users wont be allowed to use data except for 1 app.
My first impression of the wm7 - 7.5 is that its very restricted compared to Android devices :S
Thanks a lot for your help.
A quick for-the-record: No such thing as WM7. Windows Mobile is dead. Although some of the underlying code got re-used in WP7, the upper part of the Windows Phone stack is completely new, and the low-level stuff has changed considerably as well. What you're asking for would probably have been quite easy on WinMo.
On WP7, it's a lot harder. There are three ways I can think of. The first and simplest would be a well-modified custom ROM. Another is to modify the policy system to prevent launching iexplore, settings3, and similar programs, but have an app that (once the password is provided) allows changing those policies. Note that we don't yet have full control over the policy system (as a community; Heathcliff74 knows quite a bit but is busy with his Root Tools project). The third would be to try modifying the registry entries for certain operations. The effectiveness of this depends on whether apps are launched directly (by executable) or indirectly (by GUIDs in the registry). If it's the latter, the launch request could be routed through an authorization app first.
Bear in mind, the only one of these changes that is permanent is a custom ROM. Otherwise, the user could hard-reset the phone (losing all data on it but bringing it back to factory default configuration). It's possible to hard-reset just using the buttons; you don't even need to use the touchscreen.
Thanks for the correction, WP7 ofc
Im rather impressed by the performance of the OS so far, but it has many unforseen restrictions for my needs.
Since i only had the windows phone 7 for 1 day so far, i dont have much knowledge about changing what you are suggesting.
I know what you mean, but no idea how to do on WP7.
A custom ROM would be great indeed, but i dont have any experience in that field. Would be great to get a nice configuration tool with a gui to make the needed changes and then a tool to upload the new ROM to the phone...in that simple order
Im also looking for a solution to install software that was supported by windows mobile. Im checking out cheronwp7 at the moment to see if that can do the trick.
It seems a lot like WP7 is 99% consumer minded than business minded compared to old WM, a bit shame imo.
So i know a little bit about programming and computers and im curious why no one had pointed this out because of the extreme severity,
For those who arent aware xnpsy which is a spyware client for both android and iphone, has an exploit which allows remote install and root access to and iphone and android 4+
I dont know a whole lot about iphone but arent both android and iphones os based off the same thing?
Possibly sharing some libarys
Quote :
To keep the installation process as simple and quick as possible on Android, Xnspy has come up with the brilliant idea of Remote Installation Support. It’s a service for the users who wish there was someone else who could handle the technical part. If you are nervous and you think you can’t install Xnspy on the target phone, then Xnspy remote installation support is meant for you!
With the Remote Installation Support, Xnspy's customer support reps will be taking care of the entire download and installation remotely. You will only need a physical access to the device during that time and won’t have to do anything on your own.
The wording is very cute on there site but it still is a direct addmision that remote install is a do able.
What does this mean ? No phone is secure
Thanks for sharing. Only a "dead" phone is completely secure
I am a retired programmer with too much time on my hands; as such, I wrote a complaint to a regulatory body about how I can't install the operating system I want on my device because it will render it unusable (if I can't call for help on a phone because of drivers, what good is it?). I received a response requesting an interview with an officer who specializes in anticompetition cases and I would like to make sure I have my eggs all in one basket.
The current mobile phone market I liken to the desktop OS market of the 90s, where you had companies like Xerox, Microsoft, IBM, and so on; in the 90s, there were antitrust lawsuits where a particular company was accused of intentionally creating barriers to customers seeking to install software by other companies on personal computers. Obviously, that was settled in the 2000s, but IMO it did appear to make a positive change even if we are still fighting against IE. This may not be relevant, but that's what my mind went to when I realized I couldn't uninstall the Play Store.
Nobody uses "cellular telephones" as telephones anymore; instead, they are mobile computers. Computers in the 80s/90s had plenty of OS options (you may recall using OS/2 or BSD), but you can't do that with mobile computers... is that a good thing?
In my retirement, I'd like to develop and build a mobile phone operating system that is not android (nor lineageOS); this would either be Linux or BSD-based with a simple package manager, but the user would have the option to compile their own software also. This would ideally *not* hinder the underlying function of the device (i.e. telephony), but I don't see how manufacturers could be compelled to provide binary drivers. The current mobile market makes it obviously a very high barrier to entry for any who want to develop new operating systems for mobile computers. Is this anticompetitive? Perhaps not, but I'd like to hear some opinions and if you would kindly point me towards some resources I would appreciate it.
IMO the OS is not the problem - a command line based OS can be written by any talented student nowadays - preferably in C++, yes there are enough templates on the Internet, it is the device drivers what have to fit the hardware that make the whole thing difficult. I know that some OEMs put their device drivers' source code to the public.
jwoegerbauer said:
IMO the OS is not the problem - a command line based OS can be written by any talented student nowadays - preferably in C++, yes there are enough templates on the Internet, it is the device drivers what have to fit the hardware that make the whole thing difficult. I know that some OEMs put their device drivers' source code to the public.
Click to expand...
Click to collapse
To install a new OS on a phone, the phone must first be booted into a bootloader such that the 'image' of the OS can be loaded. The image for the OS should be built with the drivers present such that when booting, the OS kernel can load the relevant drivers as it probes the hardware in the phone, and then the software installed on the user layer can access that hardware through the relevant system calls. How possible is it for the bootloader to load a custom OS in the general sense? The majority of instructions I find are on enthusiast/developer websites with the actual manufacturers giving basically no input (that is to say, I haven't seen on manufacturer's websites or instruction manuals where they give instructions for booting your choice of OS).
Would it be fair to say that mobile developers, like Google/Samsung/LG/Amazon/etc are restricting users from being able to install their own OS on their device? Is driver access a reasonable thing to ask for?
Again, I'm retired, so I have time on my hands, but I'm old and there's realistically not a lot of that time left. I don't want to try developing my own BSD-based mobile OS if there's no way for me to install it on my own devices; that effort could go into another project if it is otherwise wasted. I suppose it is worth asking whether I should bother returning the bureau's request for an interview.
As advanced android users, we quickly became obsessed with rooting, unlocking, and controlling our phone. On the other side of the poker table, we have device manufacturers and carriers trying to lock the ecosystem down. It's curious to me how this came to be.
Looking at personal computers: I wanted to install linux on my personal computer because I am a developer by trade, so I installed linux. I took a USB, loaded the linux ISO, and followed the installer (actually I didn't, arch btw). I did not need to get unlock codes from my device manufacturer or my internet company, I just did it and no one complained (aside from windows who was glitching out as I tried to reboot)
This computer ecosystem feels healthy, it's my computer, and I can use it as I wish. I'm curious how and why android got to this point where 90% of manufacturers:
1. Don't allow unlocking
2. Make you jump through hoops to get an unlock code
3. Have hardware root checks
Of course, before we even start talking about verizon (they forgot to lock my pixel )
Is the fact that mobile devices are harder to unlock and modify them computers a flaw in android? Is there some actual reason life is like this?
That's even before we start talking about update cycles. I used my old computer for 10 years, going from god knows what to windows 10 before finally deciding that I just could not. My device manufacturer did not control the updates I got, they just came. Why is it the case that updates come from the manufacture, not directly from modifications to the android codebase? Shouldn't the manufacture just add "drivers" to the device to handle the peripherals?
I presume in some way google is complient with this, because android is based on linux, and linux has no such problems.
Many times, consumers that bootloader unlock their devices have no clue that they will lose features such as banking and Widevine D1; these users are oblivious as to what rooting truly does to their device and instinctively contact their OEM's support to get a device replacement as many times relocking the bootloader is impossible.
Verizon's thought process is somewhat similar, but there is likely a darker undertone to their practices: preventing bootloader unlocks and processes of the sort could aid them when blacklisting their devices, as there is no way to circumvent something tagged to a permanent IMEI kept by the same bootloader and firmware. There is a reason why T - Mobile requires you to have your device completely paid off before you can make any modifications to the system firmware.
Compared to laptops and computers, it is, generally, a one - time purchase and not an investment; carriers depend on their consumers to keep paying their devices off time and time again to make money.
Drivers are essentially non - existent on Android; the only thing that comes somewhat close is the kernel and any OEM modifications to the firmware.
Xryphon said:
Many times, consumers that bootloader unlock their devices have no clue that they will lose features such as banking and Widevine D1; these users are oblivious as to what rooting truly does to their device and instinctively contact their OEM's support to get a device replacement as many times relocking the bootloader is impossible.
Verizon's thought process is somewhat similar, but there is likely a darker undertone to their practices: preventing bootloader unlocks and processes of the sort could aid them when blacklisting their devices, as there is no way to circumvent something tagged to a permanent IMEI kept by the same bootloader and firmware. There is a reason why T - Mobile requires you to have your device completely paid off before you can make any modifications to the system firmware.
Compared to laptops and computers, it is, generally, a one - time purchase and not an investment; carriers depend on their consumers to keep paying their devices off time and time again to make money.
Drivers are essentially non - existent on Android; the only thing that comes somewhat close is the kernel and any OEM modifications to the firmware.
Click to expand...
Click to collapse
This explains why carriers do do this, and it makes sense, but how can they do this? The fact that should someone in the black box want to, loose control over my device no matter what I do is frankly scary. Could a laptop manufacturer do the same thing if they wanted to? (Ignoring the fact they could not because of the outrage). I had always thought somehow android as an operating system was connected to this, somehow complient, but perhaps it is really just a choice by the manufactures that android has nothing to do with. (Google could enforce this via GMS I think, but I don't expect them to)
Scaledish said:
This explains why carriers do do this, and it makes sense, but how can they do this? The fact that should someone in the black box want to, loose control over my device no matter what I do is frankly scary. Could a laptop manufacturer do the same thing if they wanted to? (Ignoring the fact they could not because of the outrage). I had always thought somehow android as an operating system was connected to this, somehow complient, but perhaps it is really just a choice by the manufactures that android has nothing to do with. (Google could enforce this via GMS I think, but I don't expect them to)
Click to expand...
Click to collapse
Chromebooks are a prime example of locking down the bootloader. So is the same with macOS laptops and related devices - albeit Apple lets you boot into other operating systems, the process to do so requires jumping through quite a bunch of loopholes due to Apple's Secure Boot, file system, etc.
Just to play devil's advocate for a moment (because in reality, I, too, prefer to own my equipment).....
Security can be a lot more critical on mobile devices than stationary devices like desktop computers. Even in *some* respects, compared to rackmount servers. This is because it can be pretty simple to grab someone's phone and do what you want with it. Having physical access to a piece of equipment is 99.999% of the task of breaking into it. Its relatively far fetched for someone to break into your home or a high security datacenter in order to gain physical access to your equipment, so the need to have it protected against the kinds of intrusions that become possible through physical access is much lower than it is on a phone, which you just might accidentally leave on the counter at a coffee shop.
And that is about the only part of the move towards lockdowns that I actually understand. The rest of it is either ill-conceived "security" or coercion to separate you from your money.