Security of your app, preventing nulled copies - Android General

always someone out there trying to get something for free, hacking and nulling your apk's ... what is the best ways to prevent it for good?

anyone ?

Simple. Dont publish it. People will always find a way to crack it
Wayne Tech S-III

zelendel said:
Simple. Dont publish it. People will always find a way to crack it
Wayne Tech S-III
Click to expand...
Click to collapse
I been contacting the down stream ip providers and within 48hrs the sites get dropped off

zelendel said:
Simple. Dont publish it. People will always find a way to crack it
Wayne Tech S-III
Click to expand...
Click to collapse
Not true. Make your app authenticate against a server then serve the assets needed by your app. Force your users to update their apps if a new version is available. In fact I would even build an app with all its functionality built in files served remotely every time.
There are more aggressive methods with permissions. Some gullible users will install anything, even apps that read their SMS.
So yes, you can protect your app. The question is: is it worth the time you will spend developing the protection? And even if it is, will you charge just pennies for it? or will you charge $150 for it like this one but nobody will ever buy it?
https://play.google.com/store/apps/details?id=com.mobilesigma.mobilesqlservermanager

mauro1970mvr said:
Not true. Make your app authenticate against a server then serve the assets needed by your app. Force your users to update their apps if a new version is available. In fact I would even build an app with all its functionality built in files served remotely every time.
There are more aggressive methods with permissions. Some gullible users will install anything, even apps that read their SMS.
So yes, you can protect your app. The question is: is it worth the time you will spend developing the protection? And even if it is, will you charge just pennies for it? or will you charge $150 for it like this one but nobody will ever buy it?
https://play.google.com/store/apps/details?id=com.mobilesigma.mobilesqlservermanager
Click to expand...
Click to collapse
thanks im forwarding this to the dev ..

Related

Possible PSP-esque war between Google/Tmobile and hackers?

What does everyone think will happen with future revisions of Android in regards to the fork between the stock G1s with OTA updates and the hacked G1s with manual updates with the test keys?
Hopefully this doesn't turn into Sony's militant locking down of the PSP via every firmware upgrade. Even though I never owned a PSP, I thought it was absolutely insane that Sony would try so hard to keep people from using their purchased equipment in any way they wanted to.
I totally understand that Google had to release RC30 to shut down a GIGANTIC security exploit that could have (but not likely) been used compromise phones. I'm sure it's in their interest to keep a homogeneous G1 userbase but would they actively try to relock rooted phones?
I'm hoping they just leave the rooted G1s alone. Mostly because we bought the phones and they are OURS. We are obligated to stay with Tmobile until the contract is up because the price is subsidized but we are not obligated (in my opinion) to retain the software they were shipped with. Obviously if my phone has a software problem I won't be calling Tmobile. On the other hand, if there is a hardware defect I'm certainly reflashing RC30 and sending it back under warranty.
I would like to hear everyone's opinion. I think it was great that Tmobile UK was good enough to open a dialog about possibly allowing root access but I don't think they really understand what "root access" is or care as long as they sell phones under contract. I don't think Google really cares either since they have open sourced all of the OS that we are modifying which is in the spirit of Open Source Software anyway. I think as long as they get their marketshare, they will be happy.
I dont think so first off the psp hackers down load games so the dont have to pay for them they lose millions each year on the hackers...next i dont thnk that google would do this but t-moble might.But in my opinion i think they will as soon as they start hacking the pay apps. that will start later this year.
HOGWILD said:
I dont think so first off the psp hackers down load games so the dont have to pay for them they lose millions each year on the hackers
Click to expand...
Click to collapse
Hogwild hit the nail right on the head. I don't think T-Mo/HTC will engage in a drawn out battle to "steal" back root simply because there is no real financial motivation to do so. I'm of the mind that it's best not to begin speculating unless one of the aforementioned company takes a step in that direction. There's no point whipping up another possible flame-war over something that might never happen.
Ya I agree they are our phones 1 thing you left out not everybody is under contract some ppl paid full price on a prepaid 90 service plan then they get their unlock code. Some people didn't qualify for the upgrade price of 179$ and some people are under contract eiither of all three it is owned by the user the day they signed or paid. Tmobile won't take back a used g1 for failure to honor the 2 year agreement they will bill the customer.
So the whole open source push... and market. There and hundreds of. Thousands of programmers who make programs for the love of advancing "things" look how popular sourceforge is. So you get people who will create a program and demand a nominal fee say 14.95 the dev only gets 70% of the price and the wireless carrier get 30% for nothing. I . Defently there being an underground "market place" that bypasses that standard one to allow people to download free apps. The most exciting thing that everyone is about the market being a paid app is stopping all the comments of the retarded people in the market place
My 2 cents
diabolical28 said:
The most exciting thing that everyone is about the market being a paid app is stopping all the comments of the retarded people in the market place
Click to expand...
Click to collapse
There are a lot of idiots in the world with money to waste. Rest assured, the paid apps will have retarded comments as well.
qft
rabble:rabble
Wow I hate people that don't know what they talking bout. I wanna clear up a few thing. Being a psp dev I can tell you it wasn't bout the hacking and homebrew. the psp updates were to stop piracy. Btw most exploit on psp were by sony. If you own a psp atlease you would know a little about the scene. Secondly, the root bug is dangerous to us. Google own dev are helping us htc people are leaking tools and t-mobile always let us screw them over. So no it not gonna be no war going on it all for our safety untill the software is right. As you can see we're like test bunnys and when a bug you should be greatful that they release update. So while I love having root access it not that serious right now it just would be right to compare this to the iphone jailbreak scene. Once paid app are here I wouldn't be shock if update start coming to block test key and resigning to respect developer work. Read before posting and short answer no unless as needed
There's not going to be a homogenous Android ecosystem to begin with because each carrier will tailor it to their own needs, and possibly to each handset.
danguyf said:
There's not going to be a homogenous Android ecosystem to begin with because each carrier will tailor it to their own needs, and possibly to each handset.
Click to expand...
Click to collapse
Correct. And you can bet that there will be handsets running builds of Android not maintained by Google which will not run Android Market. Whatever carrier releases it will want to funnel that 30% revenue to themselves. I'm concerned that that fracturing of the ecosystem will impede overall market acceptance. And i'm not even talking about the inevitable outcome of Android "strains" that slowly become sdk incompatible with each other.
Here's a posting I made on android-platform and Dianne Hackborn's response:
Right, I'm thinking along the device manufacturer side of things. As
an imperfect analogy, is the Android team okay with manufacturers
producing their own Android builds which may be slightly incompatible
with each other (a la Symbian's various flavors), or will all
manufacturers be encouraged/required to adhere to some technical
requirements checklists in order to brand their phone as Android-
powered? (more like say Windows Mobile).
Click to expand...
Click to collapse
We won't, this is something we will be actively discouraging (or from a
positive perspective, doing whatever we can to encourage android devices
to be compatible).
Click to expand...
Click to collapse
Of course with an open source project "actively discouraging" can only go so far...
jashsu said:
Whatever carrier releases it will want to funnel that 30% revenue to themselves.
Click to expand...
Click to collapse
The carriers already get that 30%.
From the android dev blog
"Starting in early Q1, developers will also be able to distribute paid apps in addition to free apps. Developers will get 70% of the revenue from each purchase; the remaining amount goes to carriers and billing settlement fees—Google does not take a percentage. We believe this revenue model creates a fair and positive experience for users, developers, and carriers."
From what I've heard from Google folks, they aren't that interested in the root thing, that is more a carrier issue. However, the way people originally got root was a serious issue. Not directly because you could get root, but because it was an outright silly bug than could potentially raise havoc on your device if you happened to type the wrong thing on your keyboard.
JesusFreke said:
The carriers already get that 30%.
From the android dev blog
"Starting in early Q1, developers will also be able to distribute paid apps in addition to free apps. Developers will get 70% of the revenue from each purchase; the remaining amount goes to carriers and billing settlement fees—Google does not take a percentage. We believe this revenue model creates a fair and positive experience for users, developers, and carriers."
Click to expand...
Click to collapse
I imagine the billing settlement fees could be rather sizeable. I don't run a credit card processing company, but i've seen $.20 - $.30 per transaction thrown around. That's in line with Paypal's fees.
We'll see if other manufacturer/carrier matchups continue to use Android Market. I wouldn't be surprised to see them create their own markets though, simply because if it's possible and there's the slightest financial incentive to do so, eventually someone will do it.
I was in the PSP scene for a long time, admin at one of the largest PSP sites, net admin on the largest PSP IRC server, and had several contacts within Sony's Playstation department. So I know how the scene went pretty well.
Sony did not want homebrew for multiple reasons. The obvious one is ISO playback. No matter what they did, warez was possible. Even back before we had perfected the actual emulation, we could simply patch calls to disc0:/ to ms0:/ and load the EBOOT. If we hadn't figured out how (the first one to truly do it was UMD Emulator, which would patch many of the PSP calls to make it MUCH smoother/more compatible), we could simply expand on this.
The second reason is that we were stepping on their toes, so to speak. They wanted to have many more downloadable minigames that could be booted off of the memstick, something we did years before them. I doubt they liked that we were doing what they planned, and doing it much better/faster.
Thirdly, they were responsible for all bricked devices. Although their unbricking process has always been easy, it costs them time/shipping. It's still a pain and costly for them to do it massively.
This is why they combated it on the PSP so much. On the standard Playstations, they've never had to worry about it this much. They didn't have memory cards that you could easily throw ISOs on, they didn't have any easily loaded software that would allow you to boot them, etc. You had to buy hardware devices (hdloader, the swap program (ffs can't remember the name), or modchips). Pirating the PSP was SO much easier.
Now, onto the G1... a Google employee has already (off the record, speaking for himself, not Google) that they should have just given us root access, especially if HTC was going to be so careless with their NBH images.
If every one was given root access, cracking paid applications would be much easier. Well, that is the belief. In reality, cracking them will be a sinch. With easily done byte code modification, and resigning the APK, I doubt there's an application that CAN'T be cracked. As long as you could install apps from browser/SD card, you can crack them. Even if they locked it down to market only, we could spoof DNS servers and run "unofficial" markets with cracked applications. This wouldn't require root access at all.
(excuse any typos, it's 10F outside atm and I'm trying to smoke.)
Gary13579 said:
I was in the PSP scene for a long time, admin at one of the largest PSP sites, net admin on the largest PSP IRC server, and had several contacts within Sony's Playstation department. So I know how the scene went pretty well.
Click to expand...
Click to collapse
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
aron4588 said:
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
Click to expand...
Click to collapse
The last time I used my PSP was a year ago, as a flash drive so I could reformat my computer. I haven't actually *used* it in years, so anything you saw on QJ wasn't about the real Gary .
But yes that's me, and I was an admin at Dash Hacks.
aron4588 said:
I know you, your from www.psp-hacks.com huh Dash Hacks Network is my only source lol hey didn't you recently do some homebrew app i remember seeing something bout you on qj. lol your coding for g1 now? maybe a nice irc for g1?
Click to expand...
Click to collapse
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
diabolical28 said:
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
Click to expand...
Click to collapse
Lol what? fIRC lets you connect to any server and any channel.
diabolical28 said:
Yes please a "full irc client would be nice." there is a "irc client" if you can call it that in the market called Firc it is a neat program then you come to figure out the dev is running the only channel it can join as ops and Perm bans any user not on a G1. Also at his discretion. Seems to much like a plug to me soon enough he will add an ADbot you watch and people with accidently click the hell out of the ad links .
Click to expand...
Click to collapse
http://code.google.com/p/androidirc/

Privacy Concerns - Google Firmware

I am concerned that Google has their tentacles all throughout the OS, and I want to take all measures to stop that. I particularly don't like their search query tracking (I use ixquick) and their nav app, as their privacy policies are atrocious.
Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious.
Of course I'll not be using the apps of that-search-engine-everybody-uses. Removing them forthwith, in favor of whatever GPL open-source apps there are available for various functions. Using self-contained nav software like CoPilot or TomTom.
So, have any devs investigated whether Android phones home at any interval? Have measures been taken to privacy-enable the Android firmware?
I hear that HTC has some sort of 'phone home' function. How to neuter that?
What good is Wifi? Is it that you can use that when available, not using up 3G bytes? I am asking what use it is on a mobile in consideration of mobility and the security problems -- what uses can this be put to, and how to secure the phone?
Where is the best place to find open-source apps?
I'm curious about this as well, not so much from a privacy standpoint, but how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem? And actually Google apps aren't in the Android sources, so you won't have them after compiling. Yeah, two birds with one stone.
Also you could disable WiFi if you don't like it.
Tachikoma_kun said:
how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
Click to expand...
Click to collapse
Errr... what ROM and how many apps do you have installed? There is no "mysterious data" on clean system, but 25% of apps use data connection for various reasons.
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
The background syncing does not turn anything off as far as I know.
To my knowledge it allows 3rd party apps the ability to check if the user has flagged this, but they do not have to respect this flag.
Tachikoma_kun said:
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
Click to expand...
Click to collapse
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Brut.all said:
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem?
Click to expand...
Click to collapse
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
i think he meant either put up or shut up, which is a pretty reasonable statement.
IMO it's anonymous user data.... let them build cybernet
otherwise say no to the T.O.S that is your constitutional right if you have "privacy" concerns
Brut.all said:
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Click to expand...
Click to collapse
Thanks, will give that a try.
themapleboy said:
i think he meant either put up or shut up, which is a pretty reasonable statement.
Click to expand...
Click to collapse
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Brut.all said:
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Click to expand...
Click to collapse
u know what they say about assuming...... it always makes you look like a jackass
Yeah, I mean we're not playing with iOS4 or anything.
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
If you're still concerned, I suppose you could always opt not to install the Google Apps, but you'd be a bit limited, functionality-wise.
Sent from my Droid using XDA App
themapleboy said:
let them build cybernet
Click to expand...
Click to collapse
O' little do you know... many years ago I did work in Eastern Europe. You have no idea the paranoia a society can endure. For an idea, watch the old TV series Danger Man. Or the movie 1984.
If most young people share your view, it is a dark future. I'm glad I'll be dead.
herald83 said:
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
Click to expand...
Click to collapse
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
I smell a rat...
Quantumstate said:
...Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious...
Click to expand...
Click to collapse
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
A 52yo real estate developer, whose not a coder, but used to be a "cracker" and knows what is possible? Anyone else here think this doesn't make a bit of sense?
It's funny, but it sounds like someone is trying to stir up some FUD by making claims that Android is somehow doing an "All your data are belong to us...". I hope Apple aren't paying your cheques!
@perpetualmotionuk: Be advised that there is a difference between mathematics and decryption, and coding. Yes I can do some coding, but not at a level necessary to analyze and modify an operating system.
If Apple were paying my 'cheques', wouldn't I come in with some sort of proof that monitoring is taking place? Rather than asking what others have found?
Now, rather than trying to tear people down, why don't you use that considerable nose to investigate this yourself?
No one's seen anything about info leakage?
Quantumstate said:
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
Click to expand...
Click to collapse
Most of that data is pulled from search history, I suspect. Which you can disable, if I recall. Don't have my phone on me at the moment to confirm.
I just did a very simple test on an emulator: after ~15 minutes of running system there was 0 (zero, null) of network packets. Now I want to do the same on a device with clean system, but I think results will be the same or similar (SDK system is just normal Android - very similar to these from devices).
I have a feeling that even if I will catch zero packets as well, you will be asking whether Google send something mysterious through... errr... bluetooth? Some hidden antenna?
If you're worried about Google tracking your info...root the phone and don't install the Google apps. What do ya know...problem solved.
If you're still worried that people are tracking what you are doing see steps below.
1) Flush phone or give to a homeless guy to throw them off.
2) Destroy Computers.
3) Liquidate everything you own.
4) Walk into the woods and live off the land.
5) Kill self shortly after because they already have a file on you.
You say you're a 52 year old real estate developer...guess what...they're already tracking you. You're already helping to build "cybernet" just by living and breathing.
And if you are really worried about your "220 year old Constitutional Rights" then go read the Patriot Act and discover that you don't have ****.
I'm normally not one to flame...but you are an absolute idiot.
I'm not an English person, excuse for the syntax/grammar/... mistakes I'd could make.
hedjemunkee said:
I'm normally not one to flame...but you are an absolute idiot.
Click to expand...
Click to collapse
I don't understand WHY this person could be considered as "an absolute idiot" by ASKING if some 'data' are sent over the network through the phone.
Facebook, with it's ad system is sending information for each ad displayed (not alot, but still some !)....
ADS.GOOGLE do you have any idea about what's behind !?
I don't have the number (nobody have it) of webpages using it but it's huge. with this you can track navigation of people, establish profiles, link to a physical person. Without your consent.
I understand the concern of the "OP" here. I don't think the data sent are easy to "catch", or are systematically sent... maybe there is no, and you are paranoid. But it "COULD". So easily. I'm from the young tech generation.
And to quote
Quantumstate said:
If most young people share your view, it is a dark future. I'm glad I'll be dead.
Click to expand...
Click to collapse
People who don't ask themselve the question, or wich refuse to be open minded enough to consider the right to ask this question ... could be surprised very soon. I'm not directly affraid of "google". I'm affraid of those 'blind' people.
You'll be dead in less than 10years !? I hope we can share some of the darkness you're talking about. your parent's generation started it, you continued it.
Anyway, back to the topic.
Why in my pocess list i've : (app id number) com.ap.SnapPhoto:remote
even when I do not use the camera !?
...when I notice my battery is being used more than usual I check the process list and I find this...
What's this "remote" !?
Maybe "remote" refers to "another app wich launch this app"... ? Otherwise... wow.

[conspiracy theory] the government can tap phones even when on stand by....

Few days ago I was involved in a conversation where couple of people were sure that the government can tap our phones even when not in conversation but when they are actually in stand by on the table.
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
The counter-argument was that there might be backdoors in the ROM for example which enables the authorities to get sound from the mic directly without the need of the OS as an interface.
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
I guess if you're really that worried about it, there's always airplane mode.
Sent from my HTC PH39100 using xda premium
Worried about monitoring using a google/facebook/twitter device?
Pull some foil off your hat, and wrap it around the phone. Problem solved.
Just do what Eric says "Do no Evil" and who cares if the gummint is watching you!
I'm not worried at all as should be obvious if you actually read my post :>
Fking1 said:
I don't see how this can be done, but you as developers might want to provide some solid, technical arguments which would set the discussion once at for all
Click to expand...
Click to collapse
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Still, this doesn't tell you how it's done, but proofs that has been done and afaics is no problem to do it again.
If I remember correctly some time ago Indian government tried to force BlackBerry to backdoor their devices for Indian market.
So judge it for yourself, but don't think that this is some Atlantis conspiracy but is actually happening all over the place..
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
In all actuality if the gumment wanted to monitor you they already are....
Fking1 said:
Care to elaborate?
Also it will be enough if someone says why it's impossible to pull audio from the mic when the phone is on standby
Click to expand...
Click to collapse
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
chaki- said:
It's not impossible. Don't brick your head with such things. And why is that question anyway? Do you affraid that you can get caught?
If you are not doin anything against the law, after a while they would not even listen to you
Click to expand...
Click to collapse
well to be honest, i'm big time criminal in my country, so the answer to that question is critical to me :>
Fking1 said:
I tried to argue that when in stand by, android for example has very minimal processes going on, just enough to keep the time and realize when the power button is pressed or send notification.
Click to expand...
Click to collapse
Just because a listening device is not always on doesn't mean it doesn't exist. A single push notification can activate a hidden app or feature, should a government have installed it.
Indeed, there are "lost phone" apps on the market that let you do similar things (though I'm not sure about listening in per se, more like gps, alarm sound, take photos).
so, it's technically possible?
Fking1 said:
so, it's technically possible?
Click to expand...
Click to collapse
It is possible and google patented an ad technique that involved using the microphone to listen for background noises and words to produce better more personalised ad results but haven't implemented it yet.
Also you can remotely activate phone features as well as push data to a phone so yes it could be done but they would need at least an app installed on your phone to do so.
So unless you allow someone to install hidden apps on your phone there's no chance of it.
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Fking1 said:
Interesting.
What if the government forces Google, Apple and Rim to leave such backdoors accessible by them?
Android is open source but the kernel is not as far as i know?
Click to expand...
Click to collapse
even if thats the case: just flash an own kernel like we all do.
i don't think there's something in android, because it's open source. someone would see that..
and the kernel problem is solved when you flash another one i guess
but those normal ppl out there.. the weird ones who doesn't flash their devices, they are ****ed then. xP
but are the kernels we flash open source? I guess even with custom ROM you use the default google kernel, since if it haven't been open source in the first place, i don't think anyone has written it from scratch.
The more important question is, can something like this be hidden in the kernel, or it needs to run in the OS as normal, but hidden app?
Fking1 said:
Care to elaborate?
Click to expand...
Click to collapse
NSAKEY. I'd post links but I can't.
B33zal said:
NSAKEY. I'd post links but I can't.
Click to expand...
Click to collapse
NSAKEY?
post them sripped or PM me
Is it possible? Yes is it likely? No. At least in the US they would need to prove you were a threat to national security to get a judge to sign off on it.
The android kernel is open source completely.
As an example there is a root binary that grants root access without user prompt or notification of any kind. So while it can be done I would not worry about it much.
FEMA chip anyone?
Sent for a corner cell in Arkham
dmhdogpro said:
In all actuality if the gumment wanted to monitor you they already are....
Click to expand...
Click to collapse
Bingo
I do not worry about my Government, if they want me they
will come and get me (and I won't be able to stop them)
It is my fellow citizens whom scare me the most.
B33zal said:
Well, I'm no developer but if you are going to lurk deeper on backdoors, you'll soon find out that bigger corporations than Gooogle have implemented backdoors in their systems.
Click to expand...
Click to collapse
That is true and some EULAs even suggest that there is no privacy on the data commited to the systems. Simple software we use daily (specially in the MS Windows world) is gathering info about what data you search, what you download, what kinda documents you type, etc. Even cloud storage services have a EULA that guarantee you no privacy (Box, Dropbox, Google drive, etc)
As for Android, I highly doubt the problem lies in the operating system, since it is open source and anyone can take a look at it.
Now if you want a conspiracy theory, then read on...
Have you guys noticed how many of the browsers in Play Store are from chinese developers? Specially Dolphin, which many of you adore. Who can tell it isn't secretly sending your browsing habits to the Chinese government? How many people have been sniffing traffic to/from Dolphin (using tcpdump, for instance) to make sure it isn't doing other things?
Chrome (and Chromium) is another example: most people simply have to access their google accounts from these browsers. These browsers effectively send private user data to google. The question here is: how is google making use of such data and who is it sharing it with (for a profit or not)???
It's almost a paradox that in the information age we are more and more willing to have privacy but we have never shared so much of their personal lives with so many as we do now. Take, for instance, Facebook, Google+, Twitter,
I could go on and on... but I gotta some wifi sniffing to do right now and some wardriving later.

transfer phone and all apps on it to another user

i have a galaxy s2 with many free and paid apps on it. i wish to transfer ownership of the phone and all applications including paid ones to a friend so that he does not have to buy all the paid apps on it again.
i would think it is possible since i paid for use of them if i wish to give up use under my name and assign use to someone else using the same phone i should be able to. i cannot find a way to do this in play store or in appbrain.
does anyone have a clue how to do this or know where to point me for instructions?
i would have better luck contacting Abraham Lincoln than i would trying to contact google.
as it is the phone will probably try to self destruct once i change the gmail account it runs under so i want to have this in place in the stores so it can verify and re-get the apps if necessary without hassle since the stores would know that he owns the phone and apps..
any help would be greatly appreciated.
Cody
I think you should try to contact Abraham Lincoln, that seems like a good plan of attack. Just Google his contact info...
Sent from my SAMSUNG-SGH-I747 using xda premium
Apex_Strider said:
I think you should try to contact Abraham Lincoln, that seems like a good plan of attack. Just Google his contact info...
Sent from my SAMSUNG-SGH-I747 using xda premium
Click to expand...
Click to collapse
LOL might be.. they seem to think of everything i cannot believe they didn't think of this. transfer of equipment and associated 'licenses' is very common.
Titanium Backup
Sent from my CM10 KF w/ Tapatalk
sweeds said:
Titanium Backup
Sent from my CM10 KF w/ Tapatalk
Click to expand...
Click to collapse
i admit i am not familiar with titanium backup. outside of restoring any odd apps onto the phone so they run again, would that list the paid apps withi play store so when he gets an update to an app they wont try to charge him again? i want his apps account to totally recognize the s2 and all apps as 'his' without question so they will not try to charge him for them. i will have no rights at all to those apps on that phone. i have a galaxy note that i had to pay for all the apps again for it which is as it shoudl be.. it is a different phone...
i want to hand him the phone set up for his account such that when he goes to do anything with play store or appbrain they will recognize the phone and all apps on it free and paid, as his.
It is not possible to transfer apps from one user to another. It isn't even possible to transfer them to a different Google account that you use.
Read the Google terms and conditions and you'll see this on there - nothing you can do about it.
Sent from the darkest corners of my mind.
SimonTS said:
It is not possible to transfer apps from one user to another. It isn't even possible to transfer them to a different Google account that you use.
Read the Google terms and conditions and you'll see this on there - nothing you can do about it.
Sent from the darkest corners of my mind.
Click to expand...
Click to collapse
thank you. no i have not read their drivel. so then they on one hand scream freedom from being locked to a specific provider, and turn around and lock the phone in a far more sadistic and restrictive way. what we need is a company who believes in total freedom and implements such. they are no better than apple then..
wonderful.
i do not find a 'resolved/close' thread button so i will consider this thread closed.
Only one solution
gndmstr said:
thank you. no i have not read their drivel. so then they on one hand scream freedom from being locked to a specific provider, and turn around and lock the phone in a far more sadistic and restrictive way. what we need is a company who believes in total freedom and implements such. they are no better than apple then..
wonderful.
i do not find a 'resolved/close' thread button so i will consider this thread closed.
Click to expand...
Click to collapse
The only one solution is to put your gmail account on the phone of your friend. But of course he will have an access to all your mails etc, so I don't think it is a good solution !
HappyDr0id said:
The only one solution is to put your gmail account on the phone of your friend. But of course he will have an access to all your mails etc, so I don't think it is a good solution !
Click to expand...
Click to collapse
no. i did that once a few years ago for someone i trusted. that person abused the trust and bought all kinds of expensive apps and used my gmail email account as their own. i had to close everything out and start fresh so i will never do that again.
there is no earthly reason why a phone and all its installed apps cannot be moved from one account to another except google's apparent need for control or laziness in coding the proper routines.
gndmstr said:
thank you. no i have not read their drivel. so then they on one hand scream freedom from being locked to a specific provider, and turn around and lock the phone in a far more sadistic and restrictive way. what we need is a company who believes in total freedom and implements such. they are no better than apple then..
wonderful.
i do not find a 'resolved/close' thread button so i will consider this thread closed.
Click to expand...
Click to collapse
They may well use an Open-Source software for their devices, which is a fantastic thing, but they are a business and exist to make money. You don't 'own' the apps when you buy them - you are just getting the right to use them. Anything beyond that would be considered on-selling, even if you are making no money from it. Do you think that Apple would let you transfer apps to a different account? Or Microsoft for that matter?
SimonTS said:
They may well use an Open-Source software for their devices, which is a fantastic thing, but they are a business and exist to make money. You don't 'own' the apps when you buy them - you are just getting the right to use them. Anything beyond that would be considered on-selling, even if you are making no money from it. Do you think that Apple would let you transfer apps to a different account? Or Microsoft for that matter?
Click to expand...
Click to collapse
when you pay for an app you pay for a license to use that app. there is no reason why you cannot transfer that license to another person as long as you give up all rights to use that license yourself. i have done this with many microsoft applications and they support it. or at least they did as of the beginnings of xp. i would give the original disks to the person, remove the application from my machine and then i called msoft and advised them of the license transfer. they took the info and were happy. apple simply is not a contender in this situation. they are all about control. even moreso than microsoft and i would never have believed i just said that. dont get me wrong they make some incredible hardware and systems, i just totally am at odds with their business philosophies.

[Q] modifying .apk

I am not a developer, while I seem to have more knowledge than the daily user, I do not have the knowledge base to attempt the project that I am curious about. I work for a local tow company as AAA tow truck driver. AAA has provided all its contract stations with an android device that runs an app that is basically a native interface for a web based portal for dispatching the calls. To make a long story short if I were to log into the web interface from my E4GT I can view the dispatched calls ok and the office seems to be able to track me ok, but the native app on the AAA device seems to be able to update statuses while the web interface doesn't seem to actually send the information. I got a hold of the native app apk file and it installed ok, however it asks for a user name that the web interface does not ask for. I assume that this is to prevent people (like me ) from installing on devices that weren't approved by AAA. I was wondering if perhaps there was a way to modify the program to skip this step and allow me to move right in to the log in. If anyone can point me in the direction of someone who may be able to undertake this project for me, I know several people who would rather use their own devices than the AAA device which we are held financially responsible for if it ever is broken or lost. If I were able to run it on my device I could toss their device in a drawer where it will stay safe until I need to return it. Please help. I included the .apk file if anyone is interested in giving this a go.
The likelihood is that modifying this original app in any way works break the law.
AAA obviously paid for the app to be developed and they will own the rights to it.
I suspect that your request breaks the rules of XDA.
The app was downloaded fire free with no copyright permissions agreed to at this location. (I tried to post a link but I guess in too new, I have it tho if you need evidence] therefore I would assume no laws were broken. That web page is the web based program and allows you to download the app without agreeing to anything.
Sent from my SPH-D710 using xda app-developers app
Mark1537 said:
The app was downloaded fire free with no copyright permissions agreed to at this location. (I tried to post a link but I guess in too new, I have it tho if you need evidence] therefore I would assume no laws were broken. That web page is the web based program and allows you to download the app without agreeing to anything.p
Click to expand...
Click to collapse
You can post a link by sticking it in as clear text, with no 'http://' if you really need to.
Just because you are able to download it for free doesn't mean there are no inherent copyright and licences - you will often find them as part of the installation procedure.
OK here's the link. d3me.ersace.com/d3me/htmls/index.jsp
The AAA servers have been having issues over the last couple days so the website seems to be down right now. It actually has been making with really tough because all or calls are being dispatched late and customers aren't happy. But there were no permissions on the installation either. It installed fast and asked for a user ID that I'm assuming belongs to someone in their tech dept. That's all.
After that it should go straight to the contract station and driver log in.
Sent from my SPH-D710 using xda app-developers app
The website is up again. Feel free to check it out. I've been trying to get a hold of someone from AAA to talk about getting me a log on, but I have no response. I can't see how they could object to me using software that they want me to use. I just don't want to risk the device that they are holding me responsible for. Aside from the fact that I don't want to carry multiple devices around. I don't want to break any laws, but there doesn't seen to be any restrictions on this particular app.
Sent from my SPH-D710 using xda app-developers app
Mark1537 said:
The website is up again. Feel free to check it out. I've been trying to get a hold of someone from AAA to talk about getting me a log on, but I have no response. I can't see how they could object to me using software that they want me to use. I just don't want to risk the device that they are holding me responsible for. Aside from the fact that I don't want to carry multiple devices around. I don't want to break any laws, but there doesn't seen to be any restrictions on this particular app.
Click to expand...
Click to collapse
The website seems to be back down again, at least as far as I can tell.
I just checked it this moment. And it's up.
Sent from my SPH-D710 using xda app-developers app
Mark1537 said:
I just checked it this moment. And it's up.
Click to expand...
Click to collapse
Yeah, just discovered that it's an https:// not an http:// link
By pressing ACCEPT, you agree not to use this application while operating a motor vehicle, and agree to the other limitations with respect to the use of this application as described in the accompanying materials.
Click to expand...
Click to collapse
That would be implicit to the software as well, so I would assume that the 'accompanying materials' probably includes their restrictions of use.
Regardless, I can't see you getting anywhere without the username and password. I reckon that social engineering is likely to be more successful than hacking the app, but I may be proved wrong.
I'm finally getting some response from AAA, it was a handbook given during the training for the software. I have read through it and an struggling to find anything regarding the licensing or copyright infringement. I don't deny the ethical gray area that I am standing in, I am just trying to make my working life easier. If I can accomplish the task through the proper means by acquiring a log in of my own I will do that, I was just wondering if the same results could be achieved through alternative means.
Sent from my SPH-D710 using xda app-developers app
Mark1537 said:
I'm finally getting some response from AAA, it was a handbook given during the training for the software. I have read through it and an struggling to find anything regarding the licensing or copyright infringement. I don't deny the ethical gray area that I am standing in, I am just trying to make my working life easier. If I can accomplish the task through the proper means by acquiring a log in of my own I will do that, I was just wondering if the same results could be achieved through alternative means.
Sent from my SPH-D710 using xda app-developers app
Click to expand...
Click to collapse
Hi I know this is a little old but my station just up graded to the tablets also so I am in the same boat now and was wondering if you where able to get any further with this
nope
bearclaw001 said:
Hi I know this is a little old but my station just up graded to the tablets also so I am in the same boat now and was wondering if you where able to get any further with this
Click to expand...
Click to collapse
Noboy was willing to help either here or at AAA, however; if you are a reliable driver that doesn't need to be tracked everywhere that you go, justmake sure that your dispatch tells you when they send you a call and the web link will work. It will even track you if you leave it runnng. But there is no alert sound. So if dispatch just sends calls and doesn't tell you, its no good. Luckily I have been able to just deal with it for now. I'm extra careful with their device, and hopefully nothing will happen. But the tablets...... that sems pricey.
Mark1537 said:
Noboy was willing to help either here or at AAA, however; if you are a reliable driver that doesn't need to be tracked everywhere that you go, justmake sure that your dispatch tells you when they send you a call and the web link will work. It will even track you if you leave it runnng. But there is no alert sound. So if dispatch just sends calls and doesn't tell you, its no good. Luckily I have been able to just deal with it for now. I'm extra careful with their device, and hopefully nothing will happen. But the tablets...... that sems pricey.
Click to expand...
Click to collapse
To say "Noboy was willing to help either here or..." is rather unfair. Nobody here would have any benefit from modifying the application to do what you wished, even if they did want to get involved in the legal gray area, and you can't exactly expect a developer to simply spend hours or days taking an app apart in the hope of modifying it when there is no real reason for them to do so.
Your best bet always was, and still is, to go back to AAA and ask them. If enough of the drivers start doing so they may consider allowing installation on a different device - although they may demand the device by sent to them first for the installation so they can pre-enter the required log-on information.
not an insult.
SimonTS said:
To say "Noboy was willing to help either here or..." is rather unfair. Nobody here would have any benefit from modifying the application to do what you wished, even if they did want to get involved in the legal gray area, and you can't exactly expect a developer to simply spend hours or days taking an app apart in the hope of modifying it when there is no real reason for them to do so.
Your best bet always was, and still is, to go back to AAA and ask them. If enough of the drivers start doing so they may consider allowing installation on a different device - although they may demand the device by sent to them first for the installation so they can pre-enter the required log-on information.
Click to expand...
Click to collapse
My post was not meant as an insult, just a statement of fact. I always aknowledged the legal gray area, and more than understand why nobody would get involved. I guess I was hoping somebody might point me in the right direc,tion to accomplish the task on my own. I have since given up the task as I have stated already, and continue to utilize the various recources this site provides. I'm sorry you were offended, but once agan, it was not an insult. Have a nice day.
simple
Guys i know this is kinda a dead post but AAA locks the tablet to go to the one website only.. that is when you click on the "app" on the tablet, it is just opening the web page. its your shop number, password, truck id and user id.. no install needed.
If you install this on your own device (only some clubs allow "bring your own device") you need to enter the location url for your particular club usually http://spp.aaa.com/d3me*** where the *'s are your club number. Then you have to have an application username which is simply a password that gives you access rights to install the application. You will never see this on a club owned device like a cell phone or tablet provided by the club you are contracted for because it is preinstalled. So as "simple" as stated that is all you need on a club device but if you are trying to install on your device (which likely runs much faster and better anyway) then you need a club that allows BYOD to get the application installer password. (And no I wont post the installer password!)

Categories

Resources