The short version:
Let's get Google to change the market incompatibility from "You can't have this," to "Are you sure...?" Because quite honestly why waste precious minutes downloading an APK from some unknown source that for all you know could be tempered with and wind up ****ing up your device.
The teal deer version:
There are now numerous threads regarding this issue and I think it's time we had one that was the central place for us to discuss this issue as it's too scattered about and so far all attempts at remedying the issue have been either in vain or temporary. We shouldn't have to suffer so much over something so unnecessary.
The idea is sound, sure, but its ways of going about doing so are very wrong. In the event that an app doesn't work as expected, or at least in suspicion of such, it need only be noted as a warning to the user. So instead of seeing that black bar stating that we can't have app X and have the install button disabled, we should see that same black bar but with a warning and the install button enabled irregardless.
If big brother is worried that because the app is known to have issues on our devices then they need only to disable the ability to rate the app for that specific user. But that's about it, as it's fairer to both parties involved. We shouldn't have to go through the hassle of having to have to keep looking for ways around something that only goes to further slow down progress, or downloading and installing APK files every time there's an update to our apps (some of which were paid for)!
We need to attack the disease at its source rather than treat the symptoms.
What the issue is basically is that "power" users prefer to use tweaked settings that the market doesn't like despite the fact that those same apps Google deems incompatible, when installed as APKs, actually work flawlessly.
I figured we should have this thread focus on the following issues:
---------------------------------------
1. Have something of a Database (or at least a simple list for now) of all the apps that El Goog doesn't want us to install. Just to emphasize the issue as there are quite a bit of apps that work flawlessly and appear in the market, while others aren't (in some cases without the developer's own wishes or knowledge for that matter). And we then label them as working 100% perfectly well or buggy under conditions Y and Z.
We make the list of all apps that are known to be incompatible and actually are! So far I've not encountered a single one. And I've been using my freak device with its freaky settings for a year+ now.
2. This is something I'm still thinking about and am not 100% sure if should be done. Start a petition on Change.org and bring this to big brother's attention as he tends to ignore the little guy. In numbers there's strength.
3. Get a list of app developers who are aware of the issue and support our cause. The reason for three is because I've been in contact with one app developer who was turned down by big brother after pursuing help with this issue because they "don't provide support for custom roms." And it's OK that they don't, as it's reasonable enough. But give us the option of opting out if you think it's wise to, and opt in even if it might cause issue. We're adults for god's sake.
4. Make a list of currently available solutions to fix the so-called 'feature' while we're waiting for an actual fix.
I'll keep this post as updated as I can with the latest known and consistently updated fixes for this 'bug'. Yeah, I said it.
---------------------------------------
So far every single app I used worked flawlessly on my I9100 running CM10 with DorimanX custom kernel. I've set the DPI to 160 and I can't imagine myself going back to anything above that. And to emphasize, I've had these setting (or at least the DPI and CM) for so long now (about a year) that I forget sometimes that I'm using something that isn't exactly 'standard', per se.
I mean, if you can live with the default dpi then that's cool, good for you. But I've had a taste of the forbidden fruit, and now I can't go back. . . .
I'm not going to start crusading just yet. First I'd like your, the community of XDA, input on this issue before we do anything. If you have any suggestions or criticism you'd like to share with us, I'd like to hear it, personally. For I may be wrong about the whole thing. Call it, lacking in confidence.
Thank you.
Reserved, just in case.
Also reserved, just in case.
Well this is fantastic. Congrats on the nerve for writing this freakishly long post. That's what I was thinking since the moment I encountered "I'm sorry, but we think this won't work as planned on your device and we deem you stupid enough to make wrong choices, so we'll just put this install button on this shelf right here, where you can't reach it" error.
However, I just said screw it, there's tons of sites where I can just download what I want without anyone questioning my motives and whether it will work or not. Never thought of it as a big deal, just as a tougher way of doing stuff, but not much I can do about it.
To get to the point, I support this cause, will sign whatever I need to sign, but am to lazy to start it myself Just wanted to give you some support. If you're willing to put some more time into this, maybe this is the beggining of a revolution! Revolution of geeks with custom DPIs! But it's still something damn it!
Cheers mate!
Sent from my Desire HD using xda app-developers app
Thank you, Uros. I was happy to read your reply.
It seems that there is no interest in this, however. Very unfortunate, but I suppose if this is what the people want. . . . It was worth a try.
Thanks for your effort.
I am rather curious to know if this is because people were going "tl;dr" or they're genuinely not interested in having this issue fixed. I just need to know so that I could make the proper adjustments.
Granted, it would take a bit longer, but as Goethe said, "I apologize in advance, had I had more time, this letter would be shorter."
Or is it that most people believe that the odds of getting Google to listen to us are too small?
There's a reason why Google won't give us the option to install anyway, just as there's a reason as to why this probably hasn't been noticed by as many people as preferred.
It all comes down to noobs.
Regarding this thread, the noobs are probably coming across this thread and click because they're interested by the title. They see all the text and think "F&#k that!". Unfortunately, that is generally the noob mentality.
Maybe colouring some of the text and spacing it out a little bit more could help the cause, but only time would tell.
Now onto the matter at hand.
I personally don't think Google will allow us to install apps anyway (even though I think they should) because noobs are super dangerous to themselves. In general, noobs won't read which then means that if they go to install an app which isn't compatible and install it anyway, they won't read that it could potentially harm their device.
The other type of user to make a mistake when it comes to installing such apps, would be the general android population. After all, us here on XDA are but a small proportion of Android users globally. Just because we have knowledge about what should and shouldn't be on our devices and how to make things work which shouldn't, the average Android user isn't the same.
They'd probably see the message and simply think "It says it could harm my phone but it's a great phone so nothing will go wrong". That is where problems can then occur.
The noobs and the average android owner would then have mucked up their device in one way or another and would be blaming and complaining to Google (as if it was Google's mistake). That makes it cause more harm than good, hence why I don't think it will happen.
Just my 2 cents, of course
''Silence is golden, but duct tape is silver''
Related
I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section
http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
smockpuv said:
http://www.carrieriq.com/index.htm
I just heard about this and can't believe how little we know we are being spied on. Is this installed on the sensation? If so are there any ROMS which remove it? Am I just digging up old news or what does everybody else know about this?
Click to expand...
Click to collapse
Old news.
No this is not old news at all. This subject is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is trying to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
T-Macgnolia said:
No this is not old news at all. This subnet t is still being looked into and things are coming to light about it more and more. Yes this is very much on the Sensation. Me personally I am glad someone started a thread on it as it is something I feel everyone should be concerned with.
If you want to learn more about it just go to the XDA Portal and type in a search for Carrier IQ, CIQ, or just IQ and you will see there has been several stories in the portal about it and the dev that is Beloit.g to bring all of this CIQ BS into the view of the masses.
Also I have not looked to see but I imagen that there is some custom ROMs for the Sensation that has the CIQ removed from it. I beleive any of the CM7 based ROMs do not have it and it may be more you will just have to read the first posts in the thread by the chef that cooked the ROM.
Click to expand...
Click to collapse
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
malybru said:
Hi,
I found that ROM CLEANER does the business of removing all the offending crap.
Worth looking into.
Click to expand...
Click to collapse
The ROM just cleans bloatware and other things in HTC Sense to help the ROM run smoother. All devices have this CIQ on them, it is not an app but several things that are hidden deep in the ROM and has to be cooked out of the ROM. ASOP ROMs do not have it. Go read this article by azrienoch on it. Make sure to click on the links in the article too then you will have a better understanding of what I mean. You will also see why it is such a big deal.
Update to the current Carrier IQ fiasco with video proof
http://m.wired.com/threatlevel/2011/11/secret-software-logging-video/
Separate link for the youtube video for easier access.
http://www.youtube.com/watch?v=T17XQI_AYNo&feature=youtube_gdata_player
In the T-Mobile galaxy s 2 forums the carrier IQ the is in the kernel is that where it is in sensation? I can't find any of the know names in my wife's phone.
Sent from my SGH-T959 using xda premium
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
So, because tracking software is being put on many devices we use every day, we should not worry about it?
Perhaps if consumers were made more aware of things like this, they could stem the tide of invasive technology.
Sent from my Sensation using xda premium
ilostchild said:
I'm in the US and i read this over and over, and to be honest i can give to giggles of a squirting crap bout this, everyone takes this out of proportion and think its end of the world cause something in there is loggin your keys,
ITS IN EVERYTHING!! get over it already, its in your game consoles, in your laptops, in your PCS, just deal with it nothing you can do or say will change this
and lot of you will say no its not, BUT IT IS! think bout all the times your send a report of a crash on a pc or anything, deeping read ToS on consoles all have tracker/logger
Click to expand...
Click to collapse
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
tictac0566 said:
CIQ is definitely a whole new species of logging software, put onto your device by your friendly network operator.
I dare to say that there is absolutely no comparable spying software case so far. If you´d have fully studied about the software this thread is mentioning, you most probably would not have written your statement.
A key logger which records *everything* you type without encryption? A key logger which reads your SMS/test message even before you read it? Come on. This kind of stuff is *definitely" not "in everything". It may be in all network operator subsidized mobile phones (not only Android, but also Nokia and Blackberry affected) in the USA - but definitely not here in Europe.
Here, we actually have laws against such software - especially if it´s distributed by large organizations like network operators, this could result in multi-billion dollar fines. People here in Europe are not wiser, but they tend to fight a bit more against "big brother" who might be "watching you".
Click to expand...
Click to collapse
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
I wonder how this affects the speed and responsiveness of the phone's OS?
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
Yes that is true what you said but most people already know that cops can get your records from a phone company with a search warrant depending on how long that company keeps those records.
This is deferent, a third party collecting all information of what you do on your phone without your consent or knowledge is wrong. This company is also not the government so what right do they have without your consent.
Yes on a console, a PC, and1st and 2nd party apps on your phone you give consent for them to use various monitoring techniques but you have a choice, here with carrier IQ you are not giving that choice it is there and you have to use a crowbar to get it out of your phone.
I'm no fanatic but I do believe in the constitution. It is your right to give away your privacy but it is not for someone else to take it away from you.
Sent from my SGH-T959 using xda premium
ilostchild said:
i know what it does, and i still stand on my statement, as you and i type every letter on our keyboard it si being key logged to thats the sad truth of this an everything, no matter how you look or want to make aware to anyone its still exist and as technology grows so will this.. so either cry and complain bout it everytime some like this comes up or just say i know the fact im being watched but what else more can i do.. cause there is nothing you can do.. your normal house phones are being logged, not lot know this but there is KEY words that if you say in a conversation it picks up and sends a alert to the proper authorities..
its something to look and jus get over...
Also think bout it, when something goes truly bad, say a murder uses a phone officials can pick up they logging of calls and texts and read them back, so this loggin has been around for awhile so i dont understand why its becoming sucha big deal when its been around
Click to expand...
Click to collapse
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Shery4life said:
i just had the word with the guy who made the video and he told me that this only affect u.s.a people and this doesn't affect anyone living in eurpoe so if you live in uk, ireland and other part of eurpoe than you are fine.
Click to expand...
Click to collapse
Carrier is a global company. The company does have offices in London...
http://www.carrieriq.com/company/index.htm
And under the heading "About Carrier IQ"
http://www.sys-con.com/node/1865183
So European phones may have CIQ installed depending on what the mobile provider. Something that our friends over the pond
should research.
Sent from my SGH-T959 using xda premium
T-Macgnolia said:
You keep saying it is nothing you can do about it, well you could not be more wrong. You can take and S-off your device, unlock your device, root, or what ever the proper method is for your particular device to be able to flash a custom recovery. Then simple download and flash any AOSP ROM. This will give you a device without CIQ.
Now you must not have read the official withdraw of the S&D letter to TrevE that IQ posted a link to on their website. Go yo the XDA Portal and have a look a the latest article by orb3000. Obviously the message has gotten to IQ and I would say more than likely the Carriers. Yeah some say that the power users are a small group but it is a group with great power. When the people that a large force in building enthusiasm for devices and OS's speak out against something that they do not like, people tend to listen. Therefore it has a large chance of affecting sales, new contract signings, and contract renewals.
This whole attitude of people not being able to do anything about something people consider wrong, is such a epic fail. I mean if no one never tries to bring change to something then yeah sure nothing will happen. And the powers that be gains that much more control. But luckily people are starting to get tired of never having change and are starting to do something about this messed up world of ours.
Last thing, if you think this is a simple logging system. Again you could be more wrong. This CIQ has full access to your device, as well as full rights. It can not be killed, forced close, or uninstall. I will not go into any further details, but this is far from what IQ and the carriers want you to think it is.
Click to expand...
Click to collapse
Hi,
That is very well put.
If you sit back and do nothing, then nothing will get done.
The more people complain about this, the more something is likely to be done.
As far as the carriers are concerned, they probably think that no one knows that this stuff is even installed!
Its important to show our awareness of this situation, and complain about it.
How about Logging TestApp? I heard that this app helps you erase all the logging apps in the phone, including this one.
This issue just Made ABC news this morning
gtrplr71 said:
This issue just Made ABC news this morning
Click to expand...
Click to collapse
This issue made international news.
http://www.forbes.com/sites/andygre...ve-violated-wiretap-law-in-millions-of-cases/
Wow, at first i was reading this thread and had the same, "well whatever" attitude. But after just a couple of minutes googling and reading, this is really messed up. CarrierIQ has issued a cease and dismiss order against the guy in the video, along with threats to sue if he does not publicly apologize.
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Someone did it
Halfcab123.com
VNC/RDP and do everything from a command prompt.
tony yayo said:
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Click to expand...
Click to collapse
Lol been done already
GNeX
AOKP
FRANCOS LATEST KERNEL
& WHATEVER [MOD AT THE TIME]
This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?
Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse
I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse
I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.
Thats why I prefer stock ROM
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Ever heard of pdroid? Droidwall?
reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.
This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.
He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.
an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.
I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.
Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.
I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse
Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse
I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.
I'm not accusing anyone for anything. I am simply worried about all the different updates, ROMs, zips, binaries, hacks, etc. here on XDA.
I also understand that XDA cannot take any whatsoever responsibility what their users do and create. Everything that comes from these forums are used at each and everyones own risk.
What makes me worried is: It's so easy for anyone to hide "bad code" in commonly used binaries and bundle them with ROMs and updates, and noone will be the wiser.
Why now?
Well. I did install a nice "super-mega-duper-thunder" engine on one of my android devices, but as I am a suspicious person by nature, I always check up what these "update.zip" files contains first.
At fist I did not find anything suspicious, but after installing it. I noticed a higher demand on the data link, transmitting more data than usual.
I found out that the device is now connecting to various IP-adresses all over the planet, transmits some unidentified data and closes the connection. I don't know what's going on, but I find it kinda weird. I do not believe in coincidences either.
I cannot tell if it is some app I recently installed, nor if it is some zip-file I recently installed. I am still investigating this.
Again: I am not accusing anyone for anything... yet. I simply don't know what's going on.
It made me thinking: XDA might be the perfect springboard for anyone to distribute "bad code" to mobile devices, and reach a huge number of them without ever getting busted. How many ROM developers are there on these forums?... and how many have included spywares/viruses/trojans/etc. in their ROM or updated/hacks? ..and how many of us installs these ROMs and updates completely blind, never ever suspecting a thing?
After all. "trusted" developers are just those who haven't been spotted doing bad things... yet.
(I know. It looks like I am pulling everyone over the same edge. But how can one tell the difference between a good developer, and a bad one if both wear white hats?)
I understand that ROMs is hard to check, and thus the perfect target to hide bad binaries in.
Also easy to hide a few kilobytes of bad code inside /META-INF/com/google/android/ for instance.
Is there anything we, the users and developers, can do about this? To make sure that trusted/recognised developers really don't have anything to hide?
What can one sole user do to prevent or reduce the risk of getting bad code on their devices?
Antivirus?... aw.. .don't try that one. Only script kiddies get busted by antivirus softwares. A good developer write their own "bad code".
Perhaps one should just stay with the stock firmware?
Running custom software always has a risk, its best to stick to well known Devs and try and keep tabs on the feedback in the forum, eventually somebody will figure out if something stinks.. Don't just blindly flash any zip because it promises double data speeds or 4x the battery life from random members with a low post/thanks account.
Even stock software has it exploits.
super mega duper thunder engine?? lol... btw i feel best to keep a check on my data usage myself...(i still dun knw what android os transfers in background)
as my friend said in above post... best is to stick wid well knwn developers..