Database Info

T-Mobile *trick* to lock root?

Just curious, but let's say that we go to the market and find a cool new program.
Turns out, while it installs something such as a new IM client, it locks the phone up.
Is it possible? Can they change firmware from a software title? Just a random paranoid thought

Not quite sure by what you mean "locks the phone up" but if you mean make changes to the settings because you have root and left it open, yes. This has been addressed and if you have root, you should have already secured it. If not, you have 2 choices, a: realise you might not be a user in need of root, or b: go read how to secure root (with a password).
I have been an advocate of root on the G1 from the start, even while everyone was saying "users do not need root". I am recently starting to notice a lot of issues with users having root and blindly running apps they do not know about, or bricking their phones because they are running complex system commands without knowing what it is doing. Keep in mind, root = god as far as the phone is concerned. You can and probably will kill your phone if you are not careful. I would advise you obtain root, secure it and do not touch it unless you know what you are doing. This will give you the ability to use things in the future that require root while still keeping you somewhat safe.
Also, this is not directed only at the author of this post, but anyone who has posted in the last few days who is making changes they do not fully understand, running programs that require root without knowing what access they are giving it, or anyone who follows my advice and upgraded to root "just incase" but doesnt know what to do with it.
I do not want to see a massive rush of users returning "rooted" G1's to tmobile and getting refunds/exchanges and have tmobile suddenly think this is an epidemic and start really working hard to secure the phone. That would not be good for anyone, but that is where were are headed.

Technically, yes...
Just like nuuneoi's Orientation program runs as superuser without letting you know...
I don't see them being that sneaky, though... It probably would provide ground for a class-action suit if it comes from T-Mo.

how can we sue? i didn't read the fine print, but i would imagine flashing a modded version of android would break their TOS

d0nkey said:
how can we sue? i didn't read the fine print, but i would imagine flashing a modded version of android would break their TOS
Click to expand...
Click to collapse
I'm just speculating... It just seems sneaky and evil...
I assume the TOS relates to the actual "service" (haven't read it, either). They can ban me from T-Mobile, but they better not maliciously install their poop-infested code in phone.
P.S. People are gang-bang suing for the early cancellation fees, even though they all signed the contract.

npace said:
I'm just speculating... It just seems sneaky and evil...
I assume the TOS relates to the actual "service" (haven't read it, either). They can ban me from T-Mobile, but they better not maliciously install their poop-infested code in phone.
P.S. People are gang-bang suing for the early cancellation fees, even though they all signed the contract.
Click to expand...
Click to collapse
Um...the fact is, Google is allowed to kill any software they think is "bad". This has been public a year before the phone's release.
Now, I have downloaded the patch and installed it (to have a pop-up asking if it's ok to run root)
However, many of us are new to nix commands as I am myself. How do you assign a password to root?

momentarylapseofreason said:
Um...the fact is, Google is allowed to kill any software they think is "bad". This has been public a year before the phone's release.
Now, I have downloaded the patch and installed it (to have a pop-up asking if it's ok to run root)
However, many of us are new to nix commands as I am myself. How do you assign a password to root?
Click to expand...
Click to collapse
Code:
su
passwd

God mode for my phone? Yes please.
Stop with the fear tactics regarding the dangers of root access. People actually going through the trouble of figuring out how to do are aware of the risks. It will never be an issue of phones returned, because an unlocked phone return is an immediate dealbreaker, warranty void, and most people understand that.
But the desire for freedom. Maybe I have to move to another country but this lock down bullsh*t on U.S. phones in particular is a real nuisance.
They track us with the gps, FBI can listen in thru the mic even when the phone is off, they have the remote kill switch.... at least let me install the apps i want with root access for the love of Chr*st.
Give us the freedom we seek from a Linux OS.
F*cking FREEDOM!!!!!!!!!!!!!!!!

strangethingz said:
God mode for my phone? Yes please.
Stop with the fear tactics regarding the dangers of root access. People actually going through the trouble of figuring out how to do are aware of the risks. It will never be an issue of phones returned, because an unlocked phone return is an immediate dealbreaker, warranty void, and most people understand that.
But the desire for freedom. Maybe I have to move to another country but this lock down bullsh*t on U.S. phones in particular is a real nuisance.
They track us with the gps, FBI can listen in thru the mic even when the phone is off, they have the remote kill switch.... at least let me install the apps i want with root access for the love of Chr*st.
Give us the freedom we seek from a Linux OS.
F*cking FREEDOM!!!!!!!!!!!!!!!!
Click to expand...
Click to collapse
The warranty wouldn't be void so long as you flash back to RC29 or 30 without the mods (both avail online)... just FYI

Nice to know consumers and civilians still have a trick or two left up their sleeve in this over-controlled greed filled market.

strangethingz said:
God mode for my phone? Yes please.
Stop with the fear tactics regarding the dangers of root access. People actually going through the trouble of figuring out how to do are aware of the risks. It will never be an issue of phones returned, because an unlocked phone return is an immediate dealbreaker, warranty void, and most people understand that.
But the desire for freedom. Maybe I have to move to another country but this lock down bullsh*t on U.S. phones in particular is a real nuisance.
They track us with the gps, FBI can listen in thru the mic even when the phone is off, they have the remote kill switch.... at least let me install the apps i want with root access for the love of Chr*st.
Give us the freedom we seek from a Linux OS.
F*cking FREEDOM!!!!!!!!!!!!!!!!
Click to expand...
Click to collapse
You have just shown that your post count is probably even with your "read" count. If you had been reading this and other forums you will see that lots of users are installing root, running commands they find in random posts, installing apps without knowing what they do etc... For you to come in here saying everyone knows the risks is absurd. Also, if you had read anything here, you would see that numerous users are on their "new" or "second" G1 after having bricked it somehow and returned it for a replacement. At the time being tmo doesnt seem to know how to tell if a phone has been tweaked, but they will soon.
Spend some time upping your read/post ratio and then come back with your opinions.

Dude, come on... I appreciate the typical response about reading through the massive forum before posting...
The point is... We pay a lot for these things, we are monitored and we have control switches all over the place.... when it comes to tweaks, people want
FREEEEDOOOOM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
And you speak against Freedom?

No, I am speaking against someone who makes a post about nothing using non factual bits of information and uses "FREEDOM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" and thinks that repeating that will bring him a following because its just such a cool word to use with all them purdy exclamation points!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.

strangethingz said:
They track us with the gps, FBI can listen in thru the mic even when the phone is off, they have the remote kill switch.... at least let me install the apps i want with root access for the love of Chr*st.
Click to expand...
Click to collapse
And they steal food from your refrigerator when you're not looking!

JesusFreke said:
And they steal food from your refrigerator when you're not looking!
Click to expand...
Click to collapse
You have no idea what you are talking about... that is the NSA, so please only speak when you are sure about your answer.

Darkrift said:
You have no idea what you are talking about... that is the NSA, so please only speak when you are sure about your answer.
Click to expand...
Click to collapse
Sorry! I stand corrected

JesusFreke said:
And they steal food from your refrigerator when you're not looking!
Click to expand...
Click to collapse
So that's where that leftover slice of pizza went... CASE CLOSED!

strangethingz said:
God mode for my phone? Yes please.
Stop with the fear tactics regarding the dangers of root access. People actually going through the trouble of figuring out how to do are aware of the risks. It will never be an issue of phones returned, because an unlocked phone return is an immediate dealbreaker, warranty void, and most people understand that.
But the desire for freedom. Maybe I have to move to another country but this lock down bullsh*t on U.S. phones in particular is a real nuisance.
They track us with the gps, FBI can listen in thru the mic even when the phone is off, they have the remote kill switch.... at least let me install the apps i want with root access for the love of Chr*st.
Give us the freedom we seek from a Linux OS.
F*cking FREEDOM!!!!!!!!!!!!!!!!
Click to expand...
Click to collapse
They can listen in thru the mic even when the phone is off, first I've ever heard of that!!!

jashsu said:
So that's where that leftover slice of pizza went... CASE CLOSED!
Click to expand...
Click to collapse
Funny... I swear they like to mess with me and take something but leave something else. LOL I think I found your leftover pizza

strangethingz said:
GPeople actually going through the trouble of figuring out how to do are aware of the risks.
Click to expand...
Click to collapse
Dude. Do you HONESTLY believe that? Go to the Ubuntu forums and read the new header at the top of EVERY forum about not posting malicious commands, cos too many people said 'oh, run rm -rf to fix that!' and too many people who had no idea what that did RAN IT. People don't bother to check up on what stuff does before they run it, they just go 'oooo, this will do what I want? Cool!'

[Q] Xoom Security - Preventing Factory reset

I'm installing tracking tools on my Xoom but someone could easily do a factory reset to get rid of them.
Is there a way to prevent a factory reset or make it realy hard to do? or is there a way to modify the rom image so that these apps are installed by default?
Essentially i want to make sure that the only way to get rid of the tracking tool is to flash the roms...
note: I have a rooted Xoom with Android 3.2

If you want to prevent people from clearing the device memory from the Settings UI, you can simply password protect your entire tablet (or portions of the software using App Protector or similar software). You may also want to lock down ADB and Android Market app installs
I don't think that most people would be smart enough to know how to get to the recovery screen from a fully powered down device, since it's model specific.

willverduzco said:
If you want to prevent people from clearing the device memory from the Settings UI, you can simply password protect your entire tablet (or portions of the software using App Protector or similar software). You may also want to lock down ADB and Android Market app installs
I don't think that most people would be smart enough to know how to get to the recovery screen from a fully powered down device, since it's model specific.
Click to expand...
Click to collapse
While this is a good suggestion, I could quite easily figure out how to get to recovery from any given device. It's really as simple as Googling it. Granted though, most people won't even know what recovery is!
OP, I'm not sure that what you want is available but I'd be very interested in finding this out also!

The thing is that i want people to be able to use it or more specifically connect to a wifi allowing me to...
- Remotely take picture of them...
- keyloging all their facebook/twitter/paypal passwords
- get the location of the device with the gps
And use the information to destroy their life before sending the cops in for the picking...
If the device locks completly they would more then likely trow it in a garbage or have somme tech wiz manualy reset/flash it. My main goal is to bait an idiot into using it and raising the difficulty of resetting the device.

Vellius said:
The thing is that i want people to be able to use it or more specifically connect to a wifi allowing me to...
- Remotely take picture of them...
- keyloging all their facebook/twitter/paypal passwords
- get the location of the device with the gps
And use the information to destroy their life before sending the cops in for the picking...
If the device locks completly they would more then likely trow it in a garbage or have somme tech wiz manualy reset/flash it. My main goal is to bait an idiot into using it and raising the difficulty of resetting the device.
Click to expand...
Click to collapse
This strikes me as you wanting to leave a trap allowing you to phish someone's details, more then you wanting to protect your device from theft. Perhaps you are planning to leave the Xoom out for the use of coworkers or fellow students, and harvest their data?
Up until the "keyloging all their facebook/twitter/paypal passwords" you seemed a bit paranoid and draconian, but reasonable...after that, I got a bad feeling about this. Even if you do want it to deal with a possible thief, keylogging their Paypal passwords would make you just as guilty of a crime as the tablet thief...and likely just as open to prosecution.

...leave a trap allowing you to phish someone's details...
Click to expand...
Click to collapse
LOL! i admit it may sound like it at first glance. I dont plan leaving it or go "phishing" like you said. I'm not the kind of having the money to trow 500$ and crossing fingers.
All i want is raise my chances of recovering the device should it get stolen. If it's locked then they will just trow it in a garbage or have someone flash it. If it's unlocked then they can use it allowing me to trace it.
would make you just as guilty of a crime as the tablet thief
Click to expand...
Click to collapse
I dont plan using the data my self... I was thinking more like posting the thief details on 4chan or other sites like these and post banking info free on underground sites. I dont want their money.
You cant blame me wanting to turn the life of a thief into a living hell for stealing from me

actually we can, you're allowing him to be stolen from all because he stole your tablet? Anyway, just flash tiamat rom 2.0 and add all of those apps to the "first install" or something folder and be done with it.
Just because he stole something of yours doesn't mean you should be alright with him being stolen from. An eye for an eye makes the whole world blind dude.
Vellius said:
I dont plan using the data my self... I was thinking more like posting the thief details on 4chan or other sites like these and post banking info free on underground sites. I dont want their money.
You cant blame me wanting to turn the life of a thief into a living hell for stealing from me
Click to expand...
Click to collapse
Actually, we can. That's still considered identity theft to a certain extent thus him stealing a 500$ tablet (which may be illegal but no where near identity theft) and then you posting about it in a public forum, thus incriminating yourself. You're pretty open to prosecution now.

Guide: How to haxor anyone that takes your tablet!
Alright, how you want to do this is by taking your left shoulder and putting it infront of you, running at maximum speed, then colliding with a wall. This guide was made to show you, GROW UP AND DEAL WITH YOUR TABLET BEING TAKEN! There are methods for you to be able to get it back if someone does a factory wipe (Tiamats install on first boot folder comes to mind) but aside from that, you shouldn't really have to worry about this, I mean grow up, people have -cars- stolen every day and not all of them have onstar. Deal with the fact your tablet got stolen, file a police report, and cry yourself to sleep. That is all.

OK, this is getting a bit sketchy here. We're not going to discuss how to commit identity theft on XDA, even if the person who steals the tablet is a criminal.

Are we (ROM Flashers) Idiots?

This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?

Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!

This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!

I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"

Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse

I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse

I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer

I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.

Thats why I prefer stock ROM

finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong

Ever heard of pdroid? Droidwall?

reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.

This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.

He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.

an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.

I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.

Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.

I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse

Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse

I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.

[KNOX] Searching for users with root, active SELinux and a not tripped Knox

Hello,
I'm involved in trying to collect information regarding Knox, the illegal destruction of private property and possibility to run unknown code and I badly
looking certain configurations to get more answers.
If someone has root, not tripped Knox and preferably SELinux set to "Enforcing", please send me a message! Your help is needed!
I was too late. The "Rules update #16" that blocked "Root de la Vega" was pushed to my phone against my will. Other got it as well.
That means they already have some form of control and disregard your configuration. What can they do more?
With an SELinux they can control your device as they wish if they configure it to hide processes that run, as of today, unknown code.
I'm an "BOFH Unix kick ass consultant" by trade. I know how nicely you can do this. "Living in a box". Oh yes.
This is about our future, the right for privacy and the right to do what we want with out own private property!
The extreme measures taken against just obtaining root are disproportionately harsh. If they succeed, others will follow.
We might end up with iNdroid in a few years. I want to prevent that. But we need more knowledge. They destroy evidence if you trip Knox.
Rooting is not illegal, but the active action of destroying someones property with indent is, whatever cause, warranty claims or not.
There will be consequences. But we need more information, and you who have a Note 3, just as me, can help. The key can be your phone.
Knox is not "just a flag". It have attached code. It sabotages your system both software and hardware. Scrambled software. Wifi permanently
damaged, to name a few. I know, from my S4, and have it verified from source. But that code is run once and then gone. Are there more E-fuses?
Dumping hardware has made at least one device totally bricked. Not even the Power button worked. It was stone-dead.
Also:
If someone has a way of obtaining it without tripping Knox please contact me. I'm willing to take the risk of tripping Knox since this is more important then
some warranty.
I've been working in this for two months now and the more I learn the more I start to question if this isn't a bad movie with Kevin Costner...
No opt-out. Enforcement of this "Enterprise" solution. On your private phone? Think! The money this must cost? You want a return of investment!
Rooted phones cost that much? I don't buy that. You have an unique certificate that binds YOU to your phone. You and your phone are bound as one.
What if 3rd-party malicious code get hands of that? Viruses exist, even on Play. But your Antivirus can't run because it can't access the parts it must have
higher right to read check your programs. I rather run a firewall and deny permissions of programs that want way too much.
A "file manager" doesn't need to read your contacts. A game doesn't need to use your camera. But you can't prevent that.
Knox prevents that. Because you can place a document in a container... I rather use my freeware AES-program that encrypt documents on the fly.
Until we know more the device should be considered as not safe. Why is Samsung stonewalling the question so many have asked?
"What is the extent of the damage made?". I think we have the right to now that, don't you? Many has tried. "Heavy damage" is so far the best we got.
So please, if you still have root and not a crippled device, please contact me. Your help is the only way I see is possible right now.
All the best,
Abs (Yes, I need to update my tag, since I have so much new)

Hi. I've root, not tripped knox and with selinux set to enforcing.
Enviado desde mi SM-N9005 mediante Tapatalk

Absolon said:
Hello,
I'm involved in trying to collect information regarding Knox, the illegal destruction of private property and possibility to run unknown code and I badly
looking certain configurations to get more answers.
...
I was too late. The "Rules update #16" that blocked "Root de la Vega" was pushed to my phone against my will.
...
Click to expand...
Click to collapse
Sorry, if you missed the incredibly obvious checkbox in Settings / Security = Auto update security you really don't look like the right person to trust with full root access on my phone.

xclub_101 said:
Sorry, if you missed the incredibly obvious checkbox in Settings / Security = Auto update security you really don't look like the right person to trust with full root access on my phone.
Click to expand...
Click to collapse
It got pushed about the moment I turned on my phone the first time. So as I said. I missed the opportunity
But thank those who instead of making sarcastic comments, already sent a message and offered help instead. :good:
I'm sure that the large group who got their phones destroyed really value you and your opinion, Xblub
But be careful so you don't trip it. You would not believe how easy that is!
Would be sad if you also got your phone devastated by the unkindly spirits at Samsung.
Let's hope we find a solution before that happens, right?
And please, if more want to help out please mess me, there are so many who got their phones destroyed and Samsung will not stop itself.
It will only be worse. But you can help stop this while we still have a change.
Next phones will have Knox chipped and then even Xblub will be sad
/Abs
Edit: Of course I meant Xclub.
As noted, easy to make a mistake. Like wanting Xclub to write "ls" when I really meant he should run
#!/bin/bash
//usr/bin/tail -n +2 $0 | g++ -o main -x c++ - && ./main && rm main && exit
main(_){_^448&&main(-~_);putchar(--_%64?32|-~7[__TIME__-_/8%8][">'txiZ^(~z?"-48]>>";;;====~$::199"[_*2&8|_/64]/(_&2?1:8)%8&1:10);} (Please don't run it!)

Ahh @Absolon, Was wondering where you had gotten too.
To be honest, I just tripped mine soon as I got it. removed the Stock ROM and just went custom. However... What I have noticed is knox.eventsmanager runs regardless of ROM and IF KNOX is uninstalled.. So probably running /hiding somewhere in the bootloader (at a guess anyway)..
All this KNOX talk is getting complicated now, it's a 50-50 split I think with people tripping/keeping it. - Samsung have forced it upon us, and unless we custom flash (and lose warranty in parts of the world) we are screwed.

radicalisto said:
Ahh @Absolon, Was wondering where you had gotten too.
To be honest, I just tripped mine soon as I got it. removed the Stock ROM and just went custom. However... What I have noticed is knox.eventsmanager runs regardless of ROM and IF KNOX is uninstalled.. So probably running /hiding somewhere in the bootloader (at a guess anyway)..
All this KNOX talk is getting complicated now, it's a 50-50 split I think with people tripping/keeping it. - Samsung have forced it upon us, and unless we custom flash (and lose warranty in parts of the world) we are screwed.
Click to expand...
Click to collapse
I have not touched the Note 3 yet, but I tripped the S4 when they sneaked it in. My Wifi works though, Like a Us Robotics 56K modem, but well..
So what did you experience? I just got the reports from the S4.
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
But pray tell, after you broke Knox. What did you notice? Still have that sticky bootloader? Any Wifi, gfx, other issues? Any issues with
programs that got removed or that Play stopped working?
All info is needed and I really need constructive people here. I don't need access to someones phone. But I need to collect things.
So even if you can't Android or the SEL that I'm after I can guide through. So let's stop this before we have it in a nice chip next year?
Doesn't that sound like a really good plan?
/Absie

Absolon said:
I have not touched the Note 3 yet, but I tripped the S4 when they sneaked it in. My Wifi works though, Like a Us Robotics 56K modem, but well..
So what did you experience? I just got the reports from the S4.
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
But pray tell, after you broke Knox. What did you notice? Still have that sticky bootloader? Any Wifi, gfx, other issues? Any issues with
programs that got removed or that Play stopped working?
Click to expand...
Click to collapse
I don't think you can tell the difference once Knox is tripped. The only obvious thing that sticks out is you have more RAM/HDD available and the phone feels slightly faster. As for Play and Apps not working, I am yet to see any issues (only play issues I have ever had have been No connection, when there clearly is one. After a few refreshes it loads up. Now bear in mind, My connection isn't weak, I've been on the internet via the browser or on an app when I have switched to Play and experienced this) - Not to mention a stupid notification yapping at us telling us we are wrong to use something on a phone we legally own.
Absolon said:
All info is needed and I really need constructive people here. I don't need access to someones phone. But I need to collect things.
So even if you can't Android or the SEL that I'm after I can guide through. So let's stop this before we have it in a nice chip next year?
Doesn't that sound like a really good plan?
/Absie
Click to expand...
Click to collapse
Aww I dread to even think what Samsung will enforce on us next time. There should be an option when you purchase the phone, if you're gonna use it for corporate use, then have KNOX installed via a code they print out. - But to us the everyday user. All it's doing is
*Taking up space on OUR phones
*Running cheekily in the BG
*As you stated, banning access to certain parts of the phone, which IF exploited, our AV's etc cannot reach.
To say we (well most of us) live in a free world, when it comes to us being consumers... they like to shaft us several times over.

Absolon said:
If someone has root, not tripped Knox and preferably SELinux set to "Enforcing", please send me a message! Your help is needed!
Click to expand...
Click to collapse
I feel your frustration. I would much rather an open hardware platform with none of this KNOX business. It's starting to get ridiculous...
It sounds like you've already got help, however I too have an un-tripped KNOX, w/ SELinux enforcing and would be happy to help out.

lispnik said:
I feel your frustration. I would much rather an open hardware platform with none of this KNOX business. It's starting to get ridiculous...
It sounds like you've already got help, however I too have an un-tripped KNOX, w/ SELinux enforcing and would be happy to help out.
Click to expand...
Click to collapse
Not all have the same configurations and not all have the same level of knowledge. But that is not a problem.
As I said. I don't want into your phone, I want you to collect info. So I gladly take any help I can get. Send me a private message.
Because I need as many as possible to verify things. Don't be shy! I don't bite. That hard

Destruction of data INSIDE the knox container after gaining root (which is a vulnerability in itself) is not data manipulation of any sort.
Tripping the counter will just void your warranty (as you would expect anyway!) and disable the knox container completely - it will NOT cause any other issue whatsoever to your device.
The System Security Policy service resets with a factory reset (so you can now go to the security tab and disable auto update).
Security Policy blocks known vulnerabilities that can give access to unauthorised root permissions and potential malware attacks.
Knox as a container can be opted out by uninstalling the knox application.
Knox as a counter is an integrated security measure and in no way should you ever be able to turn it off.
Security Policy is an active security system and you should not have the option to turn it off - you can prevent updates to the policy however.
Tripping the counter will not cause any hardware/software damage (!! An E-FUSE triggering is not damage, it's doing the job it is designed to do in case of compromising the system !!) - it will prevent you from using the knox container which is no longer safe after root and prevent you from getting warranty because you void it by rooting since the middle ages anyway - WiFi issues, dead devices and whatnot are not related in any way as most N3 users here are already using the device with knox tripped.
If you want root privileges you automatically lose your warranty and access to knox, nothing more nothing less.
PS: Update 16 blocked kingoapproot and vroot (which are technically malware), not root de la vega, the new bootloader blocked root de la vega because it's an exploit to gain root.

Absolon said:
...
The problem of tripping or not tripping is not if this would be a flag because it's not. It's a lot more and I have it confirmed.
But since I can't obtain root without tripping Knox on my Note 3 right now I won't do it until the holidays are over and then claim hardware warranty
and let that play itself out.
...
Click to expand...
Click to collapse
While the first line falls close to what a conspiracy theorist would say the second one is an interesting point where more attention would be useful.
It can be argued that in the context of EU law the HARDWARE warranty is different than the SOFTWARE warranty, and that a manufacturer can not evade providing the first.
The thing is - to the best of my knowledge Samsung has never (so far) denied HARDWARE warranty based on knox flag status - so in that regard you might have a starting point in case you want to set some precedent - and I would LOVE such a precedent to be set (in a way that protects the consumer)!
Other than that all the stuff on how knox is used by Samsung to spy on you and follow your every move is really not helping anybody's cause (except maybe Samsung's).
My final point on this matter is that people with a LOT more technical knowledge on the subject than Absolon here (people like Chainfire or AndreiLux and plenty other) have commented on this, so people should really learn more about the subject before starting the wrong crusade born out of conspiracy theories. Don't get me wrong - I WANT my consumer freedom, but I would also like that when legal precedents are set on the subject to have them set the right way, for the right reasons and with the right evidence (which will not be destroyed in court by Samsung lawyers in a day or less).

I'm following a good advice and removing any further comments.
I really want to work in a constructive manner and I do not with to petty fight. So please.
If anyone else want to help explore, please message me. We are on different levels of knowledge but that is all what XDA is about. To learn and to help!
All the best,
Abs

If I trip KNOX and my phone will need a repair will this work?
[INFO][EU] Rooting and Flashing don't void the warranty

EdisDee said:
If I trip KNOX and my phone will need a repair will this work?
[INFO][EU] Rooting and Flashing don't void the warranty
Click to expand...
Click to collapse
As said, there are different views. Skander has one experience and that can be for one version.
For the I9505 the Knox did cause damage to the hardware and I did collect reports of findings and the majority was Wifi,
If this is the same for Note 3 I don't know. I write that I know, and what I think. We have free speech and I can have my thoughts and so can others.
It's rudeness and bluntness that should be avoided and I know that irony sometimes doesn't do as well on paper as in real life, but believe me, irony is the only thing that keeps me alive now days ;P

So when turning on a GN3 for the first time immediately disable updates before you DL the bad firmware/bootloaders?

Edbert said:
So when turning on a GN3 for the first time immediately disable updates before you DL the bad firmware/bootloaders?
Click to expand...
Click to collapse
On ANY MODERN PHONE (if possible - for instance you will not be able to do that on any iphone) you should:
- start the phone once without any SIM card and without entering/activating any form of WiFi - this will guarantee that your phone will not connect first to the Internet
- check/set any relevant settings regarding security and software updates - for instance on Note 3 those are two separate settings, and the security one seems to be activated "by default"; currently the firmware update is not really activated "by default" since it WILL ask you pick a country and agree to some EULA
- either way, once you have disabled things (I also disable mobile data at this point) you can then power-off and insert your SIM, then enable WiFi and do whatever else you want to do.
I am not saying that it is "normal" to be this way, but since it is then you better be prepared for it!

Tripping knox won't break your WiFi or anything on the Note 3.
If you break it yourself by messing with it that's another thing.
Do keep in mind that your warranty is void by rooting but this depends on the seller or carrier.

Skander1998 said:
Tripping knox won't break your WiFi or anything on the Note 3.
If you break it yourself by messing with it that's another thing.
Do keep in mind that your warranty is void by rooting but this depends on the seller or carrier.
Click to expand...
Click to collapse
Abit ridiculous though. Why they would want to avoid advance users like us to root our phones? Knox was implemented for corporate user or uses. But they jolly well know most of their customers are average users which are not completely working on highest intel in any agencies which require knox to be used. Their marketing strategy failed to the max. Focusing knox on both the corporate users and normal users. Secondly knox to them is both a security measures and a so called warranty tracker. By warranty rooting as does damage your phone software but not hardware unless extreme cases whereby people oc'd their phone to be rocket-ed out of their pockets. Hmm. Rarely i've heard root causes phone to be burnt or caused a crack to the screen or buttons alignment.
Sent from my SM-N9005 using XDA Premium 4 mobile app
---------- Post added at 05:46 AM ---------- Previous post was at 05:39 AM ----------
MxFadzil92 said:
Abit ridiculous though. Why they would want to avoid advance users like us to root our phones? Knox was implemented for corporate user or uses. But they jolly well know most of their customers are average users which are not completely working on highest intel in any agencies which require knox to be used. Their marketing strategy failed to the max. Focusing knox on both the corporate users and normal users. Secondly knox to them is both a security measures and a so called warranty tracker. By warranty rooting does damage your phone software changing of roms baseband kernel etc but still baseband all those stuff are still needed by the original manufacturer release not by cyanogemod for example new baseband are aquired by new tw rom new builds except for kernels which are aquired by githubs made by respective developers... But not hardware unless extreme cases whereby people oc'd their phone to be rocket-ed out of their pockets. Hmm. Rarely i've heard root causes phone to be burnt or caused a crack to the screen or buttons alignment. Rooting are the only way for us to try a new android platform build release by google... To wait for manufacturer release maaan could be months down the road. Sigh.
Sent from my SM-N9005 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Sent from my SM-N9005 using XDA Premium 4 mobile app

MxFadzil92 said:
.too long.
Click to expand...
Click to collapse
They do not stop you from rooting, they just re-affirm the million year old knowledge that rooting voids your warranty!
Bricking smartphones from rooting is very common, so does flashing kernels and whatnot, flashing kernels can actually allow someone to cause actual hardware damage to antennas, CPU's and GPU's and even kill the screen (in the note 2 for example, flashing an s3 recovery will burn the digitizer permanently)
Rooting also invalidates Knox's security completely, and any data there should be protected so they make it self destruct (the container) when rooted and the flag is there so after unrooting (and potentially having a still infected system) no one can activate a container anymore on the Smartphone.
This has side effects like the inability to root without detection, but the regular users you are talking about will not root their devices and so is 90+% of the users.
Knox is not an issue and nothing new, flashing anything from 2010 on any device voids your warranty, now it voids it with a permanent marker so you can't fool them and technically illegally get a repair from a broken warranty.
You break warranty terms even one of them, you don't get it.

xclub_101 said:
On ANY MODERN PHONE (if possible - for instance you will not be able to do that on any iphone) you should:
- start the phone once without any SIM card and without entering/activating any form of WiFi - this will guarantee that your phone will not connect first to the Internet
- check/set any relevant settings regarding security and software updates - for instance on Note 3 those are two separate settings, and the security one seems to be activated "by default"; currently the firmware update is not really activated "by default" since it WILL ask you pick a country and agree to some EULA
- either way, once you have disabled things (I also disable mobile data at this point) you can then power-off and insert your SIM, then enable WiFi and do whatever else you want to do.
I am not saying that it is "normal" to be this way, but since it is then you better be prepared for it!
Click to expand...
Click to collapse
And with a company that does fair play you don't have to worry that they push something you don't want on your phone.
And they do. Don't be too sure that just because you turned your settings off that it protects you, because if you read through posts you will see that people got updates pushed, disregarding whatever setting you had. And that is certainly not fair play
But to answer your question. First. Just dropping names here and there doesn't do it. To ride on someones "fame" to gain more authority and merit to your post is bad rhetoric.
You should be able to do that on your own.
Yes, there are many who are way better then me, but the nice thing is that when you asked them, they know they once been there themselves and don't feel the need to project personal problems and anger on some random person they never met.
Just that we passed the 100 post mark and XDA automatically put a "senoir" next to the name means nothing more then we are good at bull****ting online,
Doesn't tell if you are 1337 or a n00b. Even if you post 10000 post doesn't mean that you have any deeper understanding.
But new users don't know that, and treating others without respect scares them away. Makes them afraid to ask. Who wants a snotty answer back on their first post?
So please. Make this a constructive place. If you are angry I recommend Reddit/Imgur/Flashback. There you can project whatever you want or need.
I don't know how to code a single line in Java!
But I'm awesome in C64 Basic!! And I managed to write "Hello World" in BF!
And I know several Asm's and I coded mostly in C (and C++ when it was still readable) and did my VHDL/Erlang-hell period (and I tested like 20++ other languages, some enforced during my master but some just for fun. I can write "Hello World!" in Sun's start eeprom!) but that was looong time ago. So I'm "rusty". Old. There are so many nifty new things. But then. Mostly I use something invented 200 years ago - A stethoscope. But there is a new COOL one! BT! With noise reduction and spectrum analysis! No more things that hurt in my ears! For the little sum of 1500 € it's yours!..... Bleh.
But I'm not ashamed of that! I can learn if I want. XDA is a great place for that. Even have their own Android University!
I'm fairly good with Unix. Even made money of it. For over 8 years. And the good with that is that some things we still use today haven't changed since 1973!
And I worked some with hardware but I need a new JTAG. Know a good one? So many to choose and I don't know the quality or what is needed?
Do the board even have pins or do you have to weld them? I hate welding!
You say conspiracy. I say concern and worry.
Why are people starting to get worried?
It's not as much as conspiracy then more why they are behaving like they do?
The fact is simple - the unknown
The word SELinux has come to more people now since it's mandatory in 4.3. The "moblie magazines", M3, Android** talks about the "news in 4.3".
But what is SELInux?
So people turn to the trusty Wikipedia for answers: Wikipedia - SELinux
And the first lines they see are
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides the mechanism for supporting access control security
policies, including United States Department of Defense-style mandatory access controls (MAC).
SELinux is a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to
separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security
policy enforcement.[1][2]
The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.
Click to expand...
Click to collapse
That is what people see!!
I can bet some even read "police" and not "policies". The see all this and that SCARES THEM.
With the recent scandals in mind of NSA hacking everything including the Germans Chancellors phone, an alley??
And here, the American spy-outpost towards Sovjet/Russia since 1947. We have also a 3-letter agency. And not many weeks ago there where front pages that they shared the databases with each other. So is that so hard to understand?
So to get from the unknowns they start to look
So you turn to Samsung for answers, And they treat you like cattle. And they stonewall you? No transparency whatsoever.
They reminds me of Nokia when they also went into "grandiose mode" and also through they could do whatever they please because of their total dominance. But they forgot one thing. The consumers got more and more unhappy. And they was their sole income. And when get got that in their heads it was too late. What are they now? Decimated to nothing. Trying desperately with a yet another attempt by Microsoft that is deemed to fail. How many times have Microsoft tried to get in on the hand-held market? I lost count.
And then they start to Google. XDA turns up like the first thing. Find their phone and see "Knox?"
(SELinux==NSA) --> Enterprise solution? On my private phone? Encryption? Damage? Container? What do I need THAT for?
"I don't want THAT on my phone! NSA. Enterprise. Container? Where is the opt out? There are none? I was NOT informed of this!"
That is what I find that worrying and I share that with many others.
Yes, some say it's just a flag. Not on S4. Look how many got problem with Wifi. I got them as well. And I knew when I broke my Knox.
Since SS goes all this trouble to hinder you to gain root access that they even had an E-fuse that does cause hardware damage.
To prevent "Triangle Away"? As your friend if he believes it's because of that?
I don't have to use SELinux to run code past your nose, root or not, but SELinux does it so much easier, since you can define it do hide processes from normal users and it has the possibility to run 3rd-party code. You know that, right?
Since we don't know what is run on the phone you can't be sure it's not something with some intent? So why not investigate it? What is going on in the phone?
Aren't you curious? I am. I would love to be able to root? Can I after #16 on MJ7?
But sure ask them, please. Give it a try
Ask them for example why Wifi stopped working after Knox was tripped on your S4?
Ask them what the extent of the damage they have done?
Ask them where this "Efuse data" is, on what address-range so you can avoid it? Data for a flag? Wasn't that just burned in?
Ask them why you can't update with Kies anymore? Wasn't that just a flag?
Ask them anything.
And I'm sure you will get a message back (if you get any) from "Steve". The poor overworked guy that serves the whole world and he always seems to write the same? We compared. He sits and write the same text over and over? "Sorry, we can't divulge this information at the moment".
Poor Steve!
Come back to the mother-continent! I promise, we've stopped flogging, guillotine, quartering and we changed the stake for a steak!
We have much more fun! 6 weeks of full paid vacation. Here in Sweden we have Polar bears! While we sit in our igloos and make watches.
And we have better beer as well!
If you see turning of a setting as a merit I think you should add that to your CV (and I was not alone in this).
I did as 99% of all do. Unpack the phone. Skip the instruction. Put in the sim and the sd-card and then turn it on.
BAM! I don't even think I had the time to enter my Gmail?
But you didn't. Great!
Here your knowledge would be useful! Help your fellow XDA members. In the spirit of XDA!
Can you dump the phone? Not block-wise but by reading the whole contact of the eeproms?
Can you compare your fstab and it sizes? Do they correspond to the space you have? If you dump them and compare it to the first, Do the differ much is size (a bit is natural)?
Can you use parted and list the partitions? Are all mounted? What rights do they have? Can you read them all?
The security policies in /system. What do they contain? See anything strange?
Can you compare what processes you see as a user and root?
Can you list the rules loaded in the kernel? MAC? (I think you need to compile the commands for it or get it from some Arm dist, they are not included)
Strace some processes that you don't recognize?
The kcryptd? What do they work against?
What files are open and locked? What does the stat say?
See kvm? Or are you in a kvm?
Here you can actually ACT and DO something constructive and concrete or is this just, as from my compressor, high pressured air comming from your side?
Time will tell I guess.
For the others that have messaged me: A BIG BIG THANK YOU!
And no, I don't have enough volunteers, if you do have this configuration, mess me. Or test sometime from test list. The dumping should be used by experienced users but you can do a lot on that list and you can zip and sent me some files. Rules, Pipe out the process lists.
I don't care how much you can or can't. Ask away! We started at the beginning somewhere and I will do my best, ask around, and TOGETHER, we might get some result, because we want to DO something and maybe we CAN help right? Either we find something or we don't. If we are sure and can say "The system seems clean". That would calm a LOT people down. Including me.
/Abs
And with this I won't go into more arguments about this. It's enough. I saw this as an excellent solution to see and check. Not to argue.
I already lost too much time on bla bla bla. I want to spend the time I have on things that matter. My friends that have their phones destroyed.
Use the list or make another! All seem to have their own experiences/views. Samsung must love this division.
Just DO something! Like in all research: Stipulate, challenge, prove, disprove, confirm, dismiss. Start over.
If you need to vent, you can PM me as well, Xblub.

Blackphone opinions???

I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.

Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.

I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.

I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:

I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.

orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.

Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app

JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.

I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527

SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it

The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path

There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527

d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org

if they want to spy on us they can ... that's it...

More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:

The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.

This phone is the biggest scam lol.

hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able

iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!

Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.