Related
Just read this article via gizmodo and this is definetly a must have for some of us who are paranoid which is just about everyone .
Overview
A joint study by Intel Labs, Penn State, and Duke University has identified that publicly available cell-phone applications from application markets are releasing consumers' private information to online advertisers. Researchers at the participating institutions have developed a realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones. In a study of 30 popular applications, TaintDroid revealed that 15 send users' geographic location to remote advertisement servers. The study also found that seven of the 30 applications send a unique phone (hardware) identifier, and, in some cases, the phone number and SIM card serial number to developers.
Source:http://www.appanalysis.org/
It´s not released yet. Are there any other similar monitoring apps out there? This was something I´ve been thinking / worrying about since getting my sgs 3 weeks ago...
Near enough every app you install requires / wants at least full internet access. Not sure what private data is accessible, but this is a great source for profiling and could of course be used maliciously.
markwil said:
It´s not released yet. Are there any other similar monitoring apps out there? This was something I´ve been thinking / worrying about since getting my sgs 3 weeks ago...
Near enough every app you install requires / wants at least full internet access. Not sure what private data is accessible, but this is a great source for profiling and could of course be used maliciously.
Click to expand...
Click to collapse
It looks like it will be soon.
Where can I get TaintDroid?
We will be making TaintDroid open source. Information to obtain the TaintDroid source code will be posted to this page.
Won't be an APK though, they have updated to say it's need to be built in to the ROM. Source should be realised and nothing stopping the modders from adding to their ROMs.
Update for those interested in installing TaintDroid: Tracking how apps use sensitive information required integrating our software into the Android platform at a low level. As a result, it was not possible to implement TaintDroid as a stand-alone app. Instead, to use TaintDroid you must flash a custom-built firmware to your device, similar to a number of popular community-supported Android ROMs. In the coming days we will open-source our code through a publicly-accessible repository. Please send an email to [email protected] if you are interested in receiving a notification when the source code is available. Thank you for your interest in TaintDroid!
Click to expand...
Click to collapse
That works for most off us here who are rooted.
Sent from my Nexus One using XDA App
Sounds interesting, but I have to laugh at the use of the word 'taint'. Was DurfDroid taken?
The source code and instructions for compiling into kernel (Nexus One) are now given at the site:
http://appanalysis.org/download.html
This cannot be installed as an app (.apk), it's a compile into your own kernal effort at this stage.
【ROM 4.3.1【UN-OFFICIAL PURE AOSP】InsomniaAOSP【10/22/13 v.1.0】
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Open Source
What is the Android Open Source Project?
We use the phrase "Android Open Source Project" or "AOSP" to refer to the people, the processes, and the source code that make up Android.
The people oversee the project and develop the actual source code. The processes refer to the tools and procedures we use to manage the development of the software. The net result is the source code that you can use to build cell phone and other devices.
Why did we open the Android source code?
Google started the Android project in response to our own experiences launching mobile apps. We wanted to make sure that there would always be an open platform available for carriers, OEMs, and developers to use to make their innovative ideas a reality. We also wanted to make sure that there was no central point of failure, so that no single industry player could restrict or control the innovations of any other. The single most important goal of the Android Open-Source Project (AOSP) is to make sure that the open-source Android software is implemented as widely and compatibly as possible, to everyone's benefit.
You can find more information on this topic at our Project Philosophy page.
What kind of open-source project is Android?
Google oversees the development of the core Android open-source platform, and works to create robust developer and user communities. For the most part the Android source code is licensed under the permissive Apache Software License 2.0, rather than a "copyleft" license. The main reason for this is because our most important goal is widespread adoption of the software, and we believe that the ASL2.0 license best achieves that goal.
You can find more information on this topic at our Project Philosophy and Licensing pages.
Why is Google in charge of Android?
Launching a software platform is complex. Openness is vital to the long-term success of a platform, since openness is required to attract investment from developers and ensure a level playing field. However, the platform itself must also be a compelling product to end users.
That's why Google has committed the professional engineering resources necessary to ensure that Android is a fully competitive software platform. Google treats the Android project as a full-scale product development operation, and strikes the business deals necessary to make sure that great devices running Android actually make it to market.
By making sure that Android is a success with end users, we help ensure the vitality of Android as a platform, and as an open-source project. After all, who wants the source code to an unsuccessful product?
Google's goal is to ensure a successful ecosystem around Android, but no one is required to participate, of course. We opened the Android source code so anyone can modify and distribute the software to meet their own needs.
What is Google's overall strategy for Android product development?
We focus on releasing great devices into a competitive marketplace, and then incorporate the innovations and enhancements we made into the core platform, as the next version.
In practice, this means that the Android engineering team typically focuses on a small number of "flagship" devices, and develops the next version of the Android software to support those product launches. These flagship devices absorb much of the product risk and blaze a trail for the broad OEM community, who follow up with many more devices that take advantage of the new features. In this way, we make sure that the Android platform evolves according to the actual needs of real-world devices.
How is the Android software developed?
Each platform version of Android (such as 1.5, 1.6, and so on) has a corresponding branch in the open-source tree. At any given moment, the most recent such branch will be considered the "current stable" branch version. This current stable branch is the one that manufacturers port to their devices. This branch is kept suitable for release at all times.
Simultaneously, there is also a "current experimental" branch, which is where speculative contributions, such as large next-generation features, are developed. Bug fixes and other contributions can be included in the current stable branch from the experimental branch as appropriate.
Finally, Google works on the next version of the Android platform in tandem with developing a flagship device. This branch pulls in changes from the experimental and stable branches as appropriate.
You can find more information on this topic at our Branches and Releases.
Why are parts of Android developed in private?
It typically takes over a year to bring a device to market, but of course device manufacturers want to ship the latest software they can. Developers, meanwhile, don't want to have to constantly track new versions of the platform when writing apps. Both groups experience a tension between shipping products, and not wanting to fall behind.
To address this, some parts of the next version of Android including the core platform APIs are developed in a private branch. These APIs constitute the next version of Android. Our aim is to focus attention on the current stable version of the Android source code, while we create the next version of the platform as driven by flagship Android devices. This allows developers and OEMs to focus on a single version without having to track unfinished future work just to keep up. Other parts of the Android system that aren't related to application compatibility are developed in the open, however. It's our intention to move more of these parts to open development over time.
When are source code releases made?
When they are ready. Some parts of Android are developed in the open, so that source code is always available. Other parts are developed first in a private tree, and that source code is released when the next platform version is ready.
In some releases, core platform APIs will be ready far enough in advance that we can push the source code out for an early look in advance of the device's release; however in others, this isn't possible. In all cases, we release the platform source when we feel the version has stabilized enough, and when the development process permits. Releasing the source code is a fairly complex process.
What is involved in releasing the source code for a new Android version?
Releasing the source code for a new version of the Android platform is a significant process. First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. This is an important phase of the process, since it helps shake out a lot of software bugs.
Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices, and we turn to releasing the source code.
Simultaneous to mass production the Google team kicks off several efforts to prepare the open source release. These efforts include final API changes and documentation (to reflect any changes that were made during qualification testing, for example), preparing an SDK for the new version, and launching the platform compatibility information.
Also included is a final legal sign-off to release the code into open source. Just as open source contributors are required to sign a Contributors License Agreement attesting to their IP ownership of their contribution, Google too must verify that it is clear to make contributions.
Starting at the time mass production begins, the software release process usually takes around a month, which often roughly places source code releases around the same time that the devices reach users.
How does the AOSP relate to the Android Compatibility Program?
The Android Open-Source Project maintains the Android software, and develops new versions. Since it's open-source, this software can be used for any purpose, including to ship devices that are not compatible with other devices based on the same source.
The function of the Android Compatibility Program is to define a baseline implementation of Android that is compatible with third-party apps written by developers. Devices that are "Android compatible" may participate in the Android ecosystem, including Google Play; devices that don't meet the compatibility requirements exist outside that ecosystem.
In other words, the Android Compatibility Program is how we separate "Android compatible devices" from devices that merely run derivatives of the source code. We welcome all uses of the Android source code, but only Android compatible devices -- as defined and tested by the Android Compatibility Program -- may participate in the Android ecosystem.
How can I contribute to Android?
There are a number of ways you can contribute to Android. You can report bugs, write apps for Android, or contribute source code to the Android Open-Source Project.
There are some limits on the kinds of code contributions we are willing or able to accept. For instance, someone might want to contribute an alternative application API, such as a full C++-based environment. We would decline that contribution, since Android is focused on applications that run in the Dalvik VM. Alternatively, we won't accept contributions such as GPL or LGPL libraries that are incompatible with our licensing goals.
We encourage those interested in contributing source code to contact us via the AOSP Community page prior to beginning any work. You can find more information on this topic at the Getting Involved page.
How do I become an Android committer?
The Android Open Source Project doesn't really have a notion of a "committer". All contributions -- including those authored by Google employees -- go through a web-based system known as "gerrit" that's part of the Android engineering process. This system works in tandem with the git source code management system to cleanly manage source code contributions.
Once submitted, changes need to be accepted by a designated Approver. Approvers are typically Google employees, but the same approvers are responsible for all submissions, regardless of origin.
You can find more information on this topic at the Submitting Patches page.
Compatibility
What does "compatibility" mean?
We define an "Android compatible" device as one that can run any application written by third-party developers using the Android SDK and NDK. We use this as a filter to separate devices that can participate in the Android app ecosystem, and those that cannot. Devices that are properly compatible can seek approval to use the Android trademark. Devices that are not compatible are merely derived from the Android source code and may not use the Android trademark.
In other words, compatibility is a prerequisite to participate in the Android apps ecosystem. Anyone is welcome to use the Android source code, but if the device isn't compatible, it's not considered part of the Android ecosystem.
What is the role of Google Play in compatibility?
Devices that are Android compatible may seek to license the Google Play client software. This allows them to become part of the Android app ecosystem, by allowing users to download developers' apps from a catalog shared by all compatible devices. This option isn't available to devices that aren't compatible.
What kinds of devices can be Android compatible?
The Android software can be ported to a lot of different kinds of devices, including some on which third-party apps won't run properly. The Android Compatibility Definition Document (CDD) spells out the specific device configurations that will be considered compatible.
For example, though the Android source code could be ported to run on a phone that doesn't have a camera, the CDD requires that in order to be compatible, all phones must have a camera. This allows developers to rely on a consistent set of capabilities when writing their apps.
The CDD will evolve over time to reflect market realities. For instance, the 1.6 CDD only allows cell phones, but the 2.1 CDD allows devices to omit telephony hardware, allowing for non-phone devices such as tablet-style music players to be compatible. As we make these changes, we will also augment Google Play to allow developers to retain control over where their apps are available. To continue the telephony example, an app that manages SMS text messages would not be useful on a media player, so Google Play allows the developer to restrict that app exclusively to phone devices.
If my device is compatible, does it automatically have access to Google Play and branding?
Google Play is a service operated by Google. Achieving compatibility is a prerequisite for obtaining access to the Google Play software and branding. Device manufacturers should contact Google to obtain access to Google Play.
If I am not a manufacturer, how can I get Google Play?
Google Play is only licensed to handset manufacturers shipping devices. For questions about specific cases, contact [email protected].
How can I get access to the Google apps for Android, such as Maps?
The Google apps for Android, such as YouTube, Google Maps and Navigation, Gmail, and so on are Google properties that are not part of Android, and are licensed separately. Contact [email protected] for inquiries related to those apps.
Is compatibility mandatory?
No. The Android Compatibility Program is optional. Since the Android source code is open, anyone can use it to build any kind of device. However, if a manufacturer wishes to use the Android name with their product, or wants access to Google Play, they must first demonstrate that the device is compatible.
How much does compatibility certification cost?
There is no cost to obtain Android compatibility for a device. The Compatibility Test Suite is open-source and available to anyone to use to test a device.
How long does compatibility take?
The process is automated. The Compatibility Test Suite generates a report that can be provided to Google to verify compatibility. Eventually we intend to provide self-service tools to upload these reports to a public database.
Who determines what will be part of the compatibility definition?
Since Google is responsible for the overall direction of Android as a platform and product, Google maintains the Compatibility Definition Document for each release. We draft the CDD for a new Android version in consultation with a number of OEMs, who provide input on its contents.
How long will each Android version be supported for new devices?
Since Android's code is open-source, we can't prevent someone from using an old version to launch a device. Instead, Google chooses not to license the Google Play client software for use on versions that are considered obsolete. This allows anyone to continue to ship old versions of Android, but those devices won't use the Android name and will exist outside the Android apps ecosystem, just as if they were non-compatible.
Can a device have a different user interface and still be compatible?
The Android Compatibility Program focuses on whether a device can run third-party applications. The user interface components shipped with a device (such as home screen, dialer, color scheme, and so on) does not generally have much effect on third-party apps. As such, device builders are free to customize the user interface as much as they like. The Compatibility Definition Document does restrict the degree to which OEMs may alter the system user interface for areas that do impact third-party apps.
When are compatibility definitions released for new Android versions?
Our goal is to release new versions of Android Compatibility Definition Documents (CDDs) once the corresponding Android platform version has converged enough to permit it. While we can't release a final draft of a CDD for an Android software version before the first flagship device ships with that software, final CDDs will always be released after the first device. However, wherever practical we will make draft versions of CDDs available.
How are device manufacturers' compatibility claims validated?
There is no validation process for Android device compatibility. However, if the device is to include Google Play, Google will typically validate the device for compatibility before agreeing to license the Google Play client software.
What happens if a device that claims compatibility is later found to have compatibility problems?
Typically, Google's relationships with Google Play licensees allow us to ask them to release updated system images that fix the problems.
Compatibility Test Suite
What is the purpose of the CTS?
The Compatibility Test Suite is a tool used by device manufacturers to help ensure their devices are compatible, and to report test results for validations. The CTS is intended to be run frequently by OEMs throughout the engineering process to catch compatibility issues early.
What kinds of things does the CTS test?
The CTS currently tests that all of the supported Android strong-typed APIs are present and behave correctly. It also tests other non-API system behaviors such as application lifecycle and performance. We plan to add support in future CTS versions to test "soft" APIs such as Intents as well.
Will the CTS reports be made public?
Yes. While not currently implemented, Google intends to provide web-based self-service tools for OEMs to publish CTS reports so that they can be viewed by anyone. CTS reports can be shared as widely as manufacturers prefer.
How is the CTS licensed?
The CTS is licensed under the same Apache Software License 2.0 that the bulk of Android uses.
Does the CTS accept contributions?
Yes please! The Android Open-Source Project accepts contributions to improve the CTS in the same way as for any other component. In fact, improving the coverage and quality of the CTS test cases is one of the best ways to help out Android.
Can anyone use the CTS on existing devices?
The Compatibility Definition Document requires that compatible devices implement the 'adb' debugging utility. This means that any compatible device -- including ones available at retail -- must be able to run the CTS tests.
Click to expand...
Click to collapse
SOURCE
Click to expand...
Click to collapse
INITIAL RELEASE 10/22/2013 @ 5:54 am
Click to expand...
Click to collapse
InsomniaAOSP v1.0
Click to expand...
Click to collapse
Standard Core gapps
Click to expand...
Click to collapse
WORK IN PROGRESS ALL MAINTAINERS COLLABORATE IN GIVING CREDITS
Click to expand...
Click to collapse
Android Open Source Project
CodeKill13
Ubuntu
Linux Mint
Github
Flar
Peter Poelman
itsme
Stericson
JesusFreke
CyanogenMOD
AOKP
PacROM
Rootbox
Evervolv
ParanoidAndroid
slimroms
Team-Hydra -Device Trees-Kernel
Team Horizon
The mikmik
AndroidSpin
Android Police
VanirAOSP
CodefireXexperiment
albinoman887
TheMuppets
Htc
Samsung
TheBr0ken
snuzzo
T-Macgnolia
ljjehl
Saif Kotwal
pr0xy man1Ac
Djwuh
ammikam
!I am not responsible for anything that happens to you or your device as a result of flashing this rom. If you decide to install this rom then you've taken responsibility for any risks involved !!
reserrrrved
Nice to see another 4.3.1 rom for our sensation
Keep the good work, will flash it tommorow
Sent from my HTC Sensation using XDA Premium 4 mobile app
Looks good shall test in the morning , thanks
Sent from my HTCSensation using Tapatalk
Tried it already from DK's thread on other forum.
There are issues with languages, not everything is translated to russian for instance.
Also there are plenty of CM ringtones, why is that?
WiFi hotspot is not working, cannot even detect an access point.
Launcher has weird wallpaper alingment, that doesn't fit at very left or right...
All these are minor issues to polish in the future.
Oh, why there's a theme engine, is it a part of AOSP now or a bonus from CM?
I'm glad see another pure (or maybe not so much) AOSP ROM.
Since there's no new SuperXE ROMs we welcome the new effort with a big smile on our never well shaved faces.
Noobel said:
Tried it already from DK's thread on other forum.
There are issues with languages, not everything is translated to russian for instance.
Also there are plenty of CM ringtones, why is that?
WiFi hotspot is not working, cannot even detect an access point.
Launcher has weird wallpaper alingment, that doesn't fit at very left or right...
All these are minor issues to polish in the future.
Oh, why there's a theme engine, is it a part of AOSP now or a bonus from CM?
I'm glad see another pure (or maybe not so much) AOSP ROM.
Since there's no new SuperXE ROMs we welcome the new effort with a big smile on our never well shaved faces.
Click to expand...
Click to collapse
hahahah..I agree with this " our never well shaved faces".. New ROM to play with....Good job
Nice to see it's playing again. Don't let our Senny dead.
oooo another AOSP for my Sensation! Bring it on! Thank you!!
---------- Post added at 04:35 AM ---------- Previous post was at 04:34 AM ----------
Any listing of what is working and what is not?
Good work, i'll try it
anyone got any feedback on this one?
Sage said:
anyone got any feedback on this one?
Click to expand...
Click to collapse
Yes, +1, feedback is important for the rom cooker
Is this really pure AOSP without any mods?
I mean "stock" android 4.3.1 ?
Just for the record that I am not running this rom anymore and the bugs I noticed and know of are:
Quit hours not working
Clock Widget settings gives a FC
Setting the navigation bar in Insomnia setting will FC the system UI and can't be recovered and need a factory reset
Browser and the Mail-App have a screen glitches.
I saw this InsomniaAOSP purity test!
Hi everyone,
I always thought that Nexus devices comes with a pure AOSP version with some little closed-source extras, like GApps (Google Mobile Services, Play Store, Gmail, YouTube, Maps...) or hardware drivers. And for a "librist" like me, it seems fine : OS and main userspace parts are opensourced, and Google services are closed-source. All was fine in my beautiful world.
But with some search, I discovered that every time that Google push an AOSP apps on the Play Store, it is actually a closed-clone of the AOSP one.
For example :
AOSP Keyboard is not Google Keyboard (=missing gesture)
Camera is not Google Camera (=missing Photosphere)
Launcher is not "Google Experience Launcher (GEL)" (=missing Google Now Integration, normal, but also transparency)
Music is not Play Music
Search is not Google Now
recently : Email (not Gmail)
etc.
I was not worried about "additionnal closed source services/app of Google in Android" as they are what they are : additionnal.
But the new politic of Google seems to be "we have our Touchwizz/Sense of our own, now".
The main problem is : as far as I can see on the GIT source and with Android Emulator, when Google begins to develop his "alternative closed source apps of an AOSP opensource apps", the AOSP apps seems to be abandonware.
You can compare the look of Google Search (and disable Google Now, to compare properly without Google closed services) and AOSP Search. AOSP Search seems to be from FroYo design... The same with Music player.
What's your point of this situation? Does Google try to make his own front-end interface to AOSP Android like Samsung Touchwiz or HTC Sense?
What devices comes with AOSP by default and not "Android by Google" now, if Nexus is no more the case?
BONUS : Jean-Baptiste Queru, head of AOSP, resigns from Google. I don't know what happens to replace him...
Note : I am French so, if my English is not easily-readable, please forgive me .
*bump*
Here is a point of view of an official Android developers from Google (source : arstechnica[DOT]com/information-technology/2014/02/neither-microsoft-nokia-nor-anyone-else-should-fork-android-its-unforkable/?comments=1&post=26199423)
There is a good discussion to be had about Microsoft using Android, and a lot of good reasons for them to not do so... which makes it especially unfortunate that instead this was turned into yet another article here of increasingly specious and misleading claims about the "open-sourceness" of Android and Google's hidden plan to Control Android And Then The World.
First, let's make a clear statement. If Android was to be in the same position as Windows is in the PC industry, we'd have a radically more open computing environment, where it is a lot easier for small players to compete against the dominant platform on a more level playing field. I don't think anyone can argue against this. When we were designing and implementing Android at Google, this was actually one of our goals -- to create a more level playing field for everyone -- and that design perspective hasn't significantly changed over the years.
So let’s start with the setup:
Quote:
Google has worked to make Android functionally unforkable, with no practical way to simultaneously fork the platform and take advantage of its related strengths: abundant developers, and abundant applications.
Already we see the clear bias that the article is going to take. There is however another way to state this: Google provides a lot of value on top of Android, with an ecosystem that is difficult to compete with, of cloud-based applications and services that are useful to users and developers. This is at least as true a way to describe as the quoted statement from the article, and I will argue it more accurately states the situation.
The arguments start out soft, but still misleading:
Quote:
The first is the Android Open Source Platform (AOSP) codebase. This provides the basic bones of a smartphone operating system: it includes Android's version of the Linux kernel, the Dalvik virtual machine, and portions of the basic user interface (settings app, notification panel, lock screen).
AOSP is far more than the basic bones of a smartphone operating system. It is a complete smartphone operating system. The examples you provide for what it includes are very misleading -- what about the launcher, contacts app, dialer and phone app, calendar app, camera and gallery and on? The fact is, if you build AOSP today and put it on a phone, you will have a pretty fully functioning platform.
The thing you don’t have is stuff related to cloud services, and this is not an evil secret plan of Google, but a simple fact we have been clear about from the initial design of the platform: Android as an open-source platform simply can’t provide any cloud services, because those don’t run on the device where the platform code runs. This is a key point that seems to be completely missed. If you want to understand what Android is, how it is designed, and how the pieces fit together, you must understand this point.
One of the things that is interesting about platforms today vs. the traditional desktop is that these cloud services are becoming increasingly central to the core platform experience. This presents a special challenge to an open-source platform, which can’t really provide such cloud services as part of the standard platform implementation. In Android our solution to this is to design the platform so that cloud services can plug-in and integrated with it in various ways. These may be stand-alone apps like Google Play Music, they may be plug-in services like the calendar and contacts sync providers, they may be Google proprietary APIs on top of the platform like Google Play services.
Note, however, that in all of these cases the platform has been designed to provide an open, flexible, and rich enough API that these Google services can be delivered using the same standard SDK that other app developers use. This is part of the goal of creating a more level playing field for everyone. (There are some exception where things are very difficult to safely expose to developers, but they are rare -- the Play Store’s privileges for managing your apps is one, and even there we do provide in the platform side-loading APIs so that other app stores can be implemented.)
So, GMS is Google’s proprietary code implemented on top of Android for interacting with Google’s services. There is nothing nefarious about it being proprietary -- it is interacting with Google’s proprietary back-end services, so of course it is proprietary.
Thus this makes perfect sense:
Quote:
The split between AOSP and GMS is not constant, either. Google has slowly been migrating more and more functionality to GMS. For example, in the latest Nexus 5, the core phone user interface—the thing that you use to launch apps and show icons—has been rolled into the GMS Search app.
What has happened here? Google now has their own launcher that integrates with Google’s back-end services. And what is wrong with this? Why is this worse than Facebook or Yahoo doing their own proprietary launcher? It is bizarre to complain about this, especially when Google has open-sourced everything else in their launcher except the parts that are specific to their proprietary services!
And this is the same thing:
Quote:
Similarly, APIs have made the move. AOSP contains a location API, but GMS contains a newer, better one, with additional features. Google encourages developers to use the GMS API, and the AOSP Location API mostly dates back to Android 1.0, and hasn't seen any substantial changes since Android 1.5.
First, it s very misleading to act like the platform’s location manager has been unmaintained since Android 1.5. Important features like passive providers and criteria-based updates were added much later than that; but, even ignoring verifiable facts, the Google Play services location APIs didn’t appear until last year, so what you are actually implying with this is that Google basically didn’t do any significant improvements to location from 2009 to 2013. Probably not true.
The reason for the introduction of Google’s location API, however, is again because of back-end services. Location has become increasingly dependent on cloud services: for a while now network-based location, but increasingly more things. We went for a long time with parts of the platform’s LocationManager basically not implemented because it couldn’t be, with the need for some proprietary thing to be dropped in on top of it to have a fully functioning API. As time went on this became an increasingly bad situation because we don’t want our platform to be defining APIs that it can’t also provide an implementation of, to serve as the basis for everyone to share and a reference for how it should work. So, the decision was made that Google should take responsibility of further evolution of that API since that evolution is increasingly tied to cloud services.
Quote:
Each new release increases the level of integration with Google's own services, and Google is moving more and more new functionality to GMS, leaving AOSP a barebones husk.
This is such an exaggeration that it is really hard to know how to address. AOSP is a barebones husk? Please. AOSP is far richer and more powerful today than it was in 1.0, 1.5, 2.0, or 3.0. And most importantly, one of the things we have been doing over the years is providing increasingly rich facilities for any cloud services provider to plug in to the platform. For example, in the most recent 4.4 release we have our very extensive new storage framework API, which Google uses to provide their Google Drive services to any application, and allows any other cloud storage provider to do the same thing, operating on equal footing with Google.
Quote:
That's not a small category, either, since features such as in-app purchasing are in GMS.
This gets emphasized as a significant point, but, honestly, how would you propose that in-app purchasing not go through GMS? Some general platform API to allow the app to do an in-app purchase with whoever wants to be a “purchase provider?” I can’t imagine this being a solution that people will be happy with.
Quote:
Technically, however, a company with sufficient development resources could provide its own GMS replacement. The overhead would be not insignificant, especially as—to ensure optimal compatibility—the replacement would have to replicate not just correct functioning, but any bugs or quirks of the GMS implementation.
Of course, the vast vast vast majority of the work here is implementing the back-end services in the cloud, not the proprietary glue code that runs on the device. Failing to address this is deeply missing about what is going on.
Quote:
There are also lots of little awkward aspects of the GMS API; it includes such capabilities as "share with Google+" which few companies have any real counterpart to.
In other words you don’t have your own social network, so you can’t implement Google’s API for sharing to its social network? Okay, then just have the API do nothing? Or heck, share to Facebook?
Quote:
Another example: there is an API for handling turn-based multiplayer gaming. A company could implement this API and have its own server infrastructure for managing the gaming sessions, but obviously these gaming sessions would be completely separate from Google's gaming sessions, fragmenting the player base in a way that game developers are unlikely to be keen on.
Now this could be taken as just a good argument for why Microsoft wouldn’t get as much of a competitive advantage by using AOSP, since they would still be competing with Google’s cloud services. But then it is immediately followed by:
Quote:
As an added bonus, should the ultimate resolution of Google's long-running legal battle with Oracle be that APIs are, in fact, copyrightable, this kind of wholesale reimplementation of GMS would become legally actionable. Google could, if it chose to, shut it down through the courts.
Where in the world did this come from? Google is the one fighting against that. Microsoft actually filed an amicus brief supporting Oracle. Yet you write this almost as if this case would serve part of Google’s evil plan to control Android?
Quote:
The second option—AOSP with a few extra custom extras—has the upside of providing an opportunity for Microsoft to integrate its own services… It would certainly mean omitting any high-profile title using in-app purchasing, so, say, Plants vs. Zombies 2 or the latest iteration of Angry Birds would be out.
It’s strange to focus on in-app purchasing here. The issue is that you don’t have the Google Play store, so you need to get app developers to publish their apps on your own store. In fact providing a compatible in-app purchasing API and otherwise making it easy for them to publish their app without changing it is probably the lesser problem.
Quote:
Google has pushed very significant pieces of functionality into GMS, including messaging and the Chrome browser. The AOSP counterparts are buggy, feature deprived, and by at least some accounts, barely maintained. If a company wants to use AOSP without GMS, it has a lot of work to do if it wants to produce a high quality experience. The open source parts just aren't good enough.
Again the exaggerations. Chrome is available open-source as Chromium (of course without the integration with Google’s back-end services, but why in the world would Microsoft want those?). What parts of AOSP are “buggy” compared to Google’s stuff? In fact a lot of Google’s proprietary apps are built on top of the corresponding AOSP app -- that includes Google’s Launcher, Calendar, Email, and even Gmail now. Messaging has diverged from Hangouts, but Hangouts is deeply integrated into Google services, and there is a similar situation with Music. It would be nice if some of these apps were better maintained, but (a) there are lots of equivalent apps (often based off the AOSP version) that people have written which you could license and use, and (b) implementing these apps is pretty small potatoes compared to all the cloud services Google provides.
Quote:
For Microsoft, the effort required to build a GMS workalike on top of AOSP is going to be comparable to the effort required to build the Windows Phone shell and APIs on top of Windows.
Again, the vast majority of work here is providing the back-end cloud services. Not, as keeps being implied, the proprietary bits that Google has running on Android.
Quote:
Moreover, it still implicitly gives Google control over the platform. Various aspects of how Android is used are determined by the underlying APIs: sharing between applications, for example, is done in a particular Android way. Any platform using Android in this way would have only a limited ability to take the platform in a different direction from the one Google chose.
Okay this is just weird. Yes, the Android platform has a well-defined sharing facility, and if you want to have an Android-compatible platform you will want it to work the same way. Just like, I don’t know, Ubuntu has a C library and you probably don’t want to change that. How in the world is this different from every other open-source platform in the world? How is Google being all controlling here?
Quote:
The fourth option—use AOSP with an entirely new software stack on top—gives freedom and flexibility, but to what end? The kernel isn't the important bit.
Wait, what? The only way I can figure out how to interpret this is to suggest that they use Linux (the kernel) but nothing above it. That can’t be what you mean, right? I honestly have no idea what this is supposed to be saying, except that it again seems to be implying Google is being all nefarious.
Quote:
If Android were an open platform in the way that Firefox OS or Ubuntu for smartphones were an open platform, the forking suggestion would make more sense.
I’ll admit I am not super-familiar with these two, so I have a question: what are the things that they have that are not in AOSP?
And finally we have further blanket statements about how Google’s goal is to make Android increasingly closed, AOSP isn’t real open source, etc, etc. I’ll just leave with the final sentence:
Quote:
Suggestions that Microsoft scrap its own operating system in favor of such a fork simply betray a lack of understanding of the way Google has built the Android platform.
Actually, I don’t think you have an understanding of how Google has built Android. I have been actively involved in designing and implementing Android since early on, and it was very much designed to be an open-source platform. Part of that design was to allow Google (or anyone) to build integrated cloud-based services on top of it, and that aspect of Android design has gotten richer as the years go on. What you are concerned about is not a design problem in Android, but the richness of Google’s cloud-based services.
At least Android creates a much more equal playing field for others to compete with Google’s services than is provided by the proprietary platforms it is competing with. I also think a good argument can be made that Android’s strategy for addressing today’s need to integrate cloud services into the base platform is an entirely appropriate model for a “real” open-source platform to take.
Click to expand...
Click to collapse
Hi,
I am inquiring about the possibility of having stripped down Android version, along with our special engineering app, be made into an image that can be cloned to about 200 tablets. The app will run in Android 10 but it may need some tweaking. We have the source code from our developer.
There is no need for all parts of the Google experience with exception of the browser, mail and Google drive. Connectivity via wifi and bluetooth is required and all bloatware including games must be eliminated.
We have a deal with Lenovo for the tablets. So model number will be available when we purchase them.
We have no concerns with breaking Lenovo warranty with regards to rooting the tablets. We would be glad if they weere.
We also need something that we could use to clone the images over to the tablets before we ship them.
Thank you.
hello world
unfortunately one sees more and more so called 'custom roms' including GApps by default
this brings up a question: is this legal?
as an example reading:
Google apps are the proprietary Google-branded applications that come pre-installed with most Android devices, such as the Play Store, Gmail, Maps, etc. Due to licensing restrictions, these apps cannot come pre-installed with LineageOS and must be installed separately. The Google apps are not required to boot or run LineageOS, however many users find them beneficial to take full advantage of the Android ecosystem.
Click to expand...
Click to collapse
SOURCE: https://wiki.lineageos.org/gapps
or something like this:
Take note that Open GApps does not provide you with any license for Google’s APKs included in the package. The Open GApps packages merely provide a convenient way to sideload APKs to your device. It is your own responsibility to obtain the proper permissions by e.g. buying an OHA-licensed device with pre-installed Google Apps and/or acquiring the applications from Google’s Play Store.
The pre-built packages from OpenGApps.org are provided ONLY as courtesy by OpenGApps.org without warranty of ANY kind, under the terms that they can be freely used for personal use only, and are not allowed to be mirrored to the public other than OpenGApps.org.
Click to expand...
Click to collapse
SOURCE: https://opengapps.org/#aboutsection
one can even read:
Custom ROM developers, however, can’t easily bundle these Google apps and services with their builds. As these apps are not using the Apache or GPLv2 license, bundling them within the ROM presents legal challenges.
Click to expand...
Click to collapse
SOURCE: https://www.xda-developers.com/download-google-apps-gapps/
as i am not an expert i hope this post can help to answer the question.
furthermore it will help to create some kind of orientation.
Hmm...
As far as XDA is concerned. We allow gapps in ROM.
The gapps thing was between Cyanogenmod and Google.
It's legal to run those apps on devices whose manufacturers signed up with Google.
On other devices, it was not allowed by Google
CyanogenMod had a device that was not CTS compatible so they received DMCA which prevented them from distributing ROMs with gapps.
So it depends on whom you are asking.
You can argue, "If you have purchased a device and the manufacturer has paid a license to run Gapps then you can run those gapps on your device. "
or you can argue "Google has allowed you to run gapps only on firmware approved by google so you shouldn't run gapps"
Regardless they have systems in place to prevent you from not using apps like Gpay via PlayIntegrity/SafetyNet.
@karandpr
the vast majority of all xda-topics are about:
gpay/safetynet not working help urgent now!!!
so one can asume, it ist prevented by g and so not legal
please be so kind and help me find one so called 'custom-rom-gapps-included'
that can provide a proper licensed gapps
Tom Mix said:
@karandpr
the vast majority of all xda-topics are about:
gpay/safetynet not working help urgent now!!!
so one can asume, it ist prevented by g and so not legal
please be so kind and help me find one so called 'custom-rom-gapps-included'
that can provide a proper licensed gapps
Click to expand...
Click to collapse
You can still access play store to download apps.
You can use apps that don't use SafetyNet.
Just because apps throw attestation failure doesn't mean it is illegal to run gapps.
SafetyNet | PlayIntegrity matches device firmware and root status.
Once you unlock Bootloader ,SafetyNet can flag it as Unsafe.
This is an old article on how safetynet works but the base of how it works is similar.
SafetyNet: Google's tamper detection for Android · Yiannis Kozyrakis ~ blog
thoughts on mobile security
koz.io
Technically SafetyNet is an API that is used by other apps to detect whether phone is rooted/BL unlocked or not.
Let's say you have a BL locked phone which runs Stock Android 13, and then you have a BL Unlocked phone which runs the same firmware.
However, in the later case SafetyNet will throw attestation failure.
Thats how safetynet is supposed to work./
I found a quite old article but it explains why the majority of AOSP ROMs are licensed when flashed onto compatible devices.
There are two kinds of Android forks - 'compatible' and 'non-compatible'. 'Compatible' Android forks are those that are based on the Android Open Source Project (AOSP); comply with the Android Compatibility Definition Document (CDD); and pass the Compatibility Test Suite (CTS).
'Compatible' forks may or may not include Google apps (gApps) or Google Play Services, but, because they're 'compatible', gApps and Play Services can be sideloaded or added later by users, meaning they can participate fully in the Play app ecosystem. Examples include CyanogenMod and the MIUI OS.
Google-certified CyanogenMod phones Oppo N1 and the OnePlus one have passed Google’s CTS and CDD, meaning that they officially run Google's apps and access the Google Play Store out of the box.
'Non-compatible' forks are built on AOSP, but are built to run their own ecosystems. Examples of 'non-compatible' Android devices include the Amazon Fire phone and the Blackphone with PrivatOS.
source: https://deviceatlas.com/blog/android-forks-why-google-can-rest-easy-for-now
As I understand, CyanogenMod haven't lost a lawsuit, they simply stepped back preventive of the power of Google.
My conclusion, if one is able to install GMS/Play Services, the device is compatible - hence legal.
@alecxs
very interesting article at deviceatlas! thanks for the link
the most interesting part is:
Custom ROM-makers like Cyanogen aren’t OEMs, so the same rules don’t apply to them – passing the CTS, compliance with the Android CDD. If the custom ROM is flashed onto a ‘compatible’ phone, then everything is gravy… except for the pesky issue of Google apps, which need to be licensed. Cyanogen found this out the hard way in 2009, when Google slapped lead developer Steve Kondik with a Cease and Desist letter, the gist of which was that he wasn’t licensed to distribute Google apps with CyanogenMod.
Click to expand...
Click to collapse
indeed no lawsuit just:
ingenious solution: users could Google-ify their CyanogenMod installations by backing up the Google parts already on their phones, and reactivating them after installation – without incurring Google’s wrath.
Click to expand...
Click to collapse
so flashing afterwards is okay, but not distributing with custom-rom
All those post sound to me like Liability Notices that if you use Gapps. They are not liable for any of the content given or damage to you. So They don't get sued for content you download from it or basically any liability that could develop. In so many words. You can't sue them if you use the unlicensed apps and the content creators can't sue them and have to sue you the user instead if you obtain from their service paid content. So idk. If you want the answer to this I'd call a lawyer or just don't use Google services and avoid all apps that require the use of Google and you shouldn't have a issue.
Tom Mix said:
so flashing afterwards is okay, but not distributing with custom-rom
Click to expand...
Click to collapse
both is fine on compatible forks.
@alecxs
maybe it is a language-barrier on my side but the article
and the other sources state that it cant be bundeled,
though flashed afterwards
even the g-lawyers said no! and bundled distribution was omitted.
and regarding LOS in particular one can assume that
the distribution of 'LOS-roms' including gapps is not allowed
Tom Mix said:
even the g-lawyers said no! and bundled distribution was omitted.
Click to expand...
Click to collapse
It doesn't matter what google lawyer says. As long as there is no court verdict nothing prohibits you to bundle gapps for compatible devices.
I payed for all my modding software from google. the programers are msging the google is a bumb bussness on playstore. really about playstore its got other investments not everyone 2$ 4$ app people. Ill creep my mods with luck on my shoulder tweaken on my stuff. lol sick