Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
"perception-point(dot)io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"
Another article here "databreachtoday(dot)com/zero-day-flaw-found-in-linux-a-8808" says that most android phones are vulnerable, even with SELinux enabled, and that it might just be harder.
I realize that I am not a developer and wouldn't understand at all how these vulnerabilities work, but I am just hoping that someone sees this. sorry I cannot post links yet.
Here's an active link for those interested- http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
I actually came here looking for discussion about patching this newly discovered vulnerability, but the OP's question is intriguing to the non-developer.
windowsman01 said:
Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
"perception-point(dot)io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"
Another article here "databreachtoday(dot)com/zero-day-flaw-found-in-linux-a-8808" says that most android phones are vulnerable, even with SELinux enabled, and that it might just be harder.
I realize that I am not a developer and wouldn't understand at all how these vulnerabilities work, but I am just hoping that someone sees this. sorry I cannot post links yet.
Click to expand...
Click to collapse
This is definitely something I'm interested in as well. I have a verizon galaxy s5 that my wife updated to latest lollipop and can't root it. If I could get super-su injected and then patch this it would be awesome!
I think there is potential.
However: "The vulnerability affects any Linux Kernel version 3.8 and higher. SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices."
windowsman01 said:
Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
Click to expand...
Click to collapse
some people are interested in it if you see the comments
https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f
jb789 said:
Here's an active link for those interested- http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
I actually came here looking for discussion about patching this newly discovered vulnerability, but the OP's question is intriguing to the non-developer.
Click to expand...
Click to collapse
A Dutch consumer organization (consumentenbond) is sueing Samsung for the lack of security updates on their devices.
Here a link in English.
Now i wonder. I have for example a smartphone from the Chinese manufacturer 'No.1". I think No.1 users will never get a update about for example 'Linux Kernel Vulnerability (CVE-2016-0728)'.
What do you think, is their a possibility that if the Dutch consumer organization wins the battle, that we can sue all Android device builders who lack the priority of Android security updates?
I just send this email to No.1, curious is they reply (guess not,probably select and past in trashbin) :
Hello No.1 employee.
First of all, i'm very satisfied about my No.1 X6800 smartphone.
But i'm a bit dissapointed when i ask a question as consumer, and don't get any reply of the manufacturer of my smartphone.
I asked long time ago for a recovery / update rom for the No.1 X6800 on your website as firmware download. I see other phones roms , but not the X6800 rom.
But now..
A big security leak is found in the Linux kernel. (Linux Kernel Vulnerability (CVE-2016-0728)).
So i hope that the build in update app of the X6800 will offer me a update in future days.
May i remind you for the next thing: Consumentenbond takes Samsung to court for its poor update policy for smartphones.
Here a link: https://www.consumentenbond.nl/nieuws/attachment/20160118_Consumentenbond_takes_Samsung_to_court.pdf
Then i think, isn't it your duty to give us consumers of No.1 smartphones Android security updates ?
Click to expand...
Click to collapse
Sounds like it's unlikely to be exploited on Android, but still, it should be patched:
http://www.zdnet.com/article/how-to-fix-the-latest-linux-and-android-zero-day-flaw/
Related
Would you be willing to make this project opensource for further development?
brotoo25 said:
Would you be willing to make this project opensource for further development?
Click to expand...
Click to collapse
No
alephzain said:
No
Click to expand...
Click to collapse
OK, are you willing to share the source with others?
brotoo25 said:
Would you be willing to make this project opensource for further development?
Click to expand...
Click to collapse
alephzain said:
No
Click to expand...
Click to collapse
k1mu said:
OK, are you willing to share the source with others?
Click to expand...
Click to collapse
@alephzain: Framaroot is, as I'm sure you're aware, a great, handy, easy-to-use app. I was able to root my Nokia X with it, and I'm truly grateful for you for creating the app. Yet at the same time I'm quite dumbfounded by this.
The Framaroot forum section is listed under "XDA Community Apps", although I don't understand how an app can be a "community app" if the community can't do as much with it as they should be able to. I'd have understood the decision to keep the source closed if this were a paid app, but it's not, and you already have a donation app on Google Play Store which enables people to donate to you as a way of saying "thank you for all your hard work and effort for putting this app together!".
Closed source is counterproductive and I'm sure that I'm not the only person out there who is always somewhat suspicious of closed-source tools; yes, you're a trusted developer and you're probably not going to steal my data/brick my device/burn down my house, but I can't be 100% sure if I'm not able to review the source and maybe even compile it myself.
You seem like a sensible person, so I'd request you reconsider this decision and weigh the positive and negative aspects of it.
If this was OpenSourced i'm sure the (exploits) would be patched by OEM's .
Then no root for you.
There are things that its better to keep closed source.. ( very few)
Root exploit methods are one of those things.
Regards
superdragonpt said:
If this was OpenSourced i'm sure the (exploits) would be patched by OEM's .
Then no root for you.
There are things that its better to keep closed source.. ( very few)
Root exploit methods are one of those things.
Regards
Click to expand...
Click to collapse
You give the OEMs too much credit. Sure, they might be interested in fixing flaws in their recent high-end/flagship devices, but older and/or discontinued devices -- such as the Nokia X, which I own and which is vulnerable to CVE-2013-2595* -- are extremely unlikely to receive such patches which'd have an impact on the rootability of the device.
Koushik Dutta wrote a free and open source Superuser management app. The app's README file answers the question, "Why another Superuser?" with multiple points, of which the first and most important is: "Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security". The same goes for unofficial ways to gain root access in my view.
* There is a GPLv3-licensed implementation of CVE-2013-2595 for several devices running a Qualcomm SoC, and it's been there for almost a year, so no matter how closed Framaroot stays (which I hope it won't), OEMs have been an opportunity to "fix" this "issue", but I'm not sure how many chose to fix it. In any case, the Nokia X -- which is what I care the most about, given that it's my Android device of choice for the time being -- is vulnerable to it and as such, I'd like a FOSS rooting tool built around this exploit. Framaroot is capable of rooting the Nokia X, but Framaroot is not FOSS (yet) and I unfortunately lack the relevant Android NDK experience, so I'm not able to build a "clone" on my own, and I haven't found anyone willing to build such a tool.
Security through obscurity isn't security, no matter how hard you try to tell yourself that it is.
Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
timmyhall83 said:
Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
Click to expand...
Click to collapse
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
jcase said:
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
Click to expand...
Click to collapse
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
timmyhall83 said:
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
Click to expand...
Click to collapse
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
jcase said:
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
Click to expand...
Click to collapse
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
timmyhall83 said:
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
Click to expand...
Click to collapse
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
jcase said:
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
Click to expand...
Click to collapse
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
timmyhall83 said:
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
Click to expand...
Click to collapse
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
jcase said:
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
Click to expand...
Click to collapse
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
timmyhall83 said:
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
Click to expand...
Click to collapse
The vulnerability can, that exploit as is can't as it requires user interaction.
More detections, more pop ups they show customers, more sales they get.
You have been given you answer here, and in the other two threads. I am closing this thread, please do not repost this question to other sections.
Hi there.
Just in case you missed it...Good news for everyone.
Since HackingTeam was hacked (and their source code was leaked) we all can root our devices like they used to do with their spy tool (they were able to root all devices included those with sepolicy enabled)
The exploits are publicly available (with the source code) hey devs, take a look.
https://github.com/hackedteam/core-android-native
Systems affected:
http://www.cvedetails.com/cve/2014-3153
http://www.cvedetails.com/cve/CVE-2013-6282
it's just a matter of time and a new wave of "rooting tools" will come out....
meanwhile do not update your systems 'cause the patches will roll out very quickly, I suppose.:laugh::laugh::laugh:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
Yeah, I guess not seeing the years 2013/2014 in the links wasn't obvious enough...someone just wants views/thanks..
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
towelroot was only one of the three exploits (+1 for the selinux injection).
The futex and put_user ones are brand new. moreover, in the code, you can see more hacks targeted at samsung devices AND knox.
Hello,
I got the ultra for about a month now, and frankly I am starting to get desperate since i couldn't yet unlock its potentials with the rooting. I have been trying different instructions on different websites, which turned out to be fake. rooting apps such as KingRoot fails, so I couldn't find a way!.
Just to be clear, I am very good at rooting any android device as long as I have clear instructions ,,, I mean with step by step guide I am the king of rooting :good:
Thanks for the supportm
While you are waiting for root, be sure to disable all automatic updates so that if root is found, the phone won't get patched accidentally to prevent you exploiting it.
speculatrix said:
While you are waiting for root, be sure to disable all automatic updates so that if root is found, the phone won't get patched accidentally to prevent you exploiting it.
Click to expand...
Click to collapse
True,
I seriously thought rooting an Android would be the same for all or most devices, i guess it's not!
Asus is going to release the bootloader utility for the ultra in a couple of months I persisted with their support services online and the last email I received informed me they are working on it.
I too contacted them, saying I was strongly considering the phone, but won't buy it without being able to unlock the bootloader. I am waiting for the reply.
If a bunch of people also contact them, perhaps they will realise that it really matters to some people and will promoted sales. OTOH, their customer service people might not understand and simply fob us off without passing the message on.
speculatrix said:
I too contacted them, saying I was strongly considering the phone, but won't buy it without being able to unlock the bootloader. I am waiting for the reply.
If a bunch of people also contact them, perhaps they will realise that it really matters to some people and will promoted sales. OTOH, their customer service people might not understand and simply fob us off without passing the message on.
Click to expand...
Click to collapse
where do I contact them?
https://www.asus.com/support/
I received a reply from them. Sadly it was a pre-formatted reply which simply included a link to their online return/repair/RMA service. Pretty pointless since I had specifically said I was *thinking* of buying but would only do so because as an android developer I need an unlocked bootloader. facepalm.
I sent a reply asking them to read my request more carefully. I don't expect much help from them.
I have tried to contact other Asus departments in the past and either never got a reply or only got a useless one.
Me getting desperate as well. The main reason I switched from iPhone to Android was trying its full potential and app development. It sucks they haven't released it yet. So let it be a lesson for the next Android phone I want to buy to do a through research in this forum.
I really want one of these phones but I must have root. I contacted the service centre asking when they will release a unlocked bootloader. Here is their responce -
"Thank you for contacting ASUS Service Care.
My name is Gilliant and it's my pleasure to help you with your problem.
We're so thankful to hear about your consideration of our product.
In regards to your concern, please be noted our new Zenfone series (ex: Zenfone 3, Zenfone 3 ultra, Zenfone 3 deluxe, etc) is not yet available with unlock bootloader tool. However, we also could not inform you the estimated release time of this tool since we don't have any available information yet. "
Sounds like it my never be release from that, so I'm not prepared to take the risk and get one early.
I got similar reply, and added they do not support rooting, like I don't know!
isn't there a way without Asus support? like a community or something!!
someone will almost certainly find a way to unlock the bootloader without Asus's help one day, but it may be a long time, and may be with some considerable risk to your phone.
so at the moment if you absolutely must have permanent root and unlockable bootloader, don't buy.
someone found that the Dirty Cow exploit worked on the Lenovo Phab 2 Pro, which has the same CPU, so there's a chance it might provide temp root on the AZf3U:
http://forum.xda-developers.com/showpost.php?p=69867475&postcount=2
maybe someone can get the binary and try it on the AZf3U?
I asked the guy, he responded with a link and I was able to build the binary using the NDK which I installed alongside Android Studio, and I did get root on my phone with it. I'm happy to share the binary if anyone wants to poke the AZf3U and see if it works.
This link says yes, the device CAN be unlocked/rooted and upgradable to android 7 as well. We're looking at the device, and hope to root, too. Anyone feeling lucky?
http://www.how-to-root.stream/2016/09/asus-zenfone-3-ultra-zu680kl-8130.html
.
hillg001 said:
This link says yes, the device CAN be unlocked/rooted and upgradable to android 7 as well
Click to expand...
Click to collapse
the date on the article means it's quite possibly bogus, given the AZf3U's general availability date.
Well, there are people who wrote 'thanks' for the info, so that would hint of its authenticity. In any event, our 3/ultra device is now on its way, being shipped to us even as i write this. If no one else is brave enough - I'll let you know how it goes once we get it up & running.
Is there someone with an AZf3U willing to trust me and try the dirtycow exploit?
I've uploaded the dirtycow exploit which I built using the Android Studio NDK to
http://www.zaurus.org.uk/download/CV...5195.built.tgz
there's two builds, one for for 32 and the other for 64 bit android
unpack and run on a linux box connected to the phone over ADB
the instructions on how to use it are here:
https://github.com/timwr/CVE-2016-5195
let me know if you need more help
Paul
speculatrix said:
Is there someone with an AZf3U willing to trust me and try the dirtycow exploit?
I've uploaded the dirtycow exploit which I built using the Android Studio NDK to
http://www.zaurus.org.uk/download/CV...5195.built.tgz
there's two builds, one for for 32 and the other for 64 bit android
unpack and run on a linux box connected to the phone over ADB
the instructions on how to use it are here:
https://github.com/timwr/CVE-2016-5195
let me know if you need more help
Paul
Click to expand...
Click to collapse
I'm willing to give this a go but I don't do Linux (way too much hassle and there's always something that doesn't work right out of the box). Is there a way to run this on a Windows machine? Or at the very least through a Hyper-V VM? (The issue with a VM would be access to the USB port...)
It should be possible to map your phone as a USB device through to a linux VM and try the process that way; any decent hypervisor should allow that, with virtualbox or Hyper-V. Create a linux VM using a distro of your choice, ubuntu 16.04 is popular, and then install Android Studio. Do a git clone and build the project. Warning, AndroidStudio is pretty huge, it will take a long while to download, I suggested minimising the number of Android versions you want to support to a minimum. You'll need the toolkit which includes fastboot and adb.
I also think it should be possible to adapt the process to run on a windows machine with a windows binary of ADB. Or, if you are willing, install Android Studio on your windows machine and add the NDK and then build this yourself, if that process would be more familiar.
Has anyone tried the bootloader unlock tool for the regular Zenfone 3 on the ultra??
hi,
I would really appreciate if someone could help answer these two questions for me :
1. I have to revert back to marshmallow from nougat, to use xprivacy with better compatibility. But the security patch of custom roms are not latest, mostly '16.
Is it something to look out for, security wise?
2. Are open source apps actually secure as compared to closed source ones? Yes their code is open but I heard they are more vulnerable to attacks. Please enlighten me.
Thanks.
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
juniecho said:
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
Click to expand...
Click to collapse
Thanks pal.
juniecho said:
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
Click to expand...
Click to collapse
shadowbone said:
Thanks pal.
Click to expand...
Click to collapse
Just be careful of what u doing and always be update your latest security patch and android.
Sent from my Pixel 2 XL using Tapatalk
JohnMichaelCost said:
Just be careful of what u doing and always be update your latest security patch and android.
Click to expand...
Click to collapse
Thank you for your advice But thing is cm13 for my device has its last security patch from dec 2016. And lineage OS 14.1 has latest security patch, but lacks xposed stability, especially for xprivacy, the one I need the most( because I am on No Gapps). So, that's the confusion I have.
And I completely go along with your words of being careful with what I do with my device.
After moving into a NoGapps environment I mostly use open source apps except for 2 or 3 apps whose functionality are not found in any apps on FOSS. Yet those apps from play store themselves have google analytics and measurement services in them. For a privacy freak like me, it is intimidating, I guess.
To be honest open source apps are just as secure as closed Sourced apps. The reason being is very few people are looking at either for security exploits. As for the security updates that is a personal choice. I don't put much worth to them as they are exploits that have been around since the beginning and Google is just pushing patches so they appear to be worried about security. Kinda funny coming from a company that makes its money from collecting and using personal data
zelendel said:
To be honest open source apps are just as secure as closed Sourced apps. The reason being is very few people are looking at either for security exploits. As for the security updates that is a personal choice. I don't put much worth to them as they are exploits that have been around since the beginning and Google is just pushing patches so they appear to be worried about security. Kinda funny coming from a company that makes its money from collecting and using personal data
Click to expand...
Click to collapse
Ooo.... Interesting. I didn't look at it in that perspective (regarding google and its patches). :laugh:
shadowbone said:
Ooo.... Interesting. I didn't look at it in that perspective (regarding google and its patches). :laugh:
Click to expand...
Click to collapse
Sounds familiar "android vs ios" sorry i mean open vs closed sources, the cloesd sources is very hard part for security longntime to hacked & hard finding the source "pay developer just like Apple"
Android other hand is open source is very cool unlike "cloesd sources" is updated everyday and developer are fighting against hackers to does not hacked the source
I will not to worried. Look my screen shot.
JohnMichaelCost said:
Sounds familiar "android vs ios" sorry i mean open vs closed sources, the cloesd sources is very hard part for security longntime to hacked & hard finding the source "pay developer just like Apple"
Android other hand is open source is very cool unlike "cloesd sources" is updated everyday and developer are fighting against hackers to does not hacked the source
I will not to worried. Look my screen shot.
Click to expand...
Click to collapse
Um not its not. Android isnt open source. Only AOSP is open source and that comes preloaded on 0 devices. Everything else is closed sourced. Even Google uses closed sourced files for their devices.
Also no one is looking at open source apps. Developers dont care about open source apps. As there is no money to be made from open source apps.
As for your screen shots. They mean nothing really as any hack would bypass it as it would happen when you are using the device. A perfect example is a built in screen recorder that then loads the videos up into a server when the device is asleep (Xiaomi is known for doing this)
Mobile security really is a myth. If someone wants your info (they really dont. They couldnt care less as your personal info is worth less then nothing) they can get it from social media sites easy enough.
zelendel said:
Um not its not. Android isnt open source. Only AOSP is open source and that comes preloaded on 0 devices. Everything else is closed sourced. Even Google uses closed sourced files for their devices.
Also no one is looking at open source apps. Developers dont care about open source apps. As there is no money to be made from open source apps.
As for your screen shots. They mean nothing really as any hack would bypass it as it would happen when you are using the device. A perfect example is a built in screen recorder that then loads the videos up into a server when the device is asleep (Xiaomi is known for doing this)
Mobile security really is a myth. If someone wants your info (they really dont. They couldnt care less as your personal info is worth less then nothing) they can get it from social media sites easy enough.
Click to expand...
Click to collapse
you're right. Android security So really is nothing special in fact.
May i ask you about Xiaomi why they are doing this ? And google vs AOSP ?
JohnMichaelCost said:
you're right. Android security So really is nothing special in fact.
May i ask you about Xiaomi why they are doing this ? And google vs AOSP ?
Click to expand...
Click to collapse
They are required to by the Chinese government. I take it you don't know much about how they do things. Here is a fast run down. China requires all data from its citizens to be monitored and recorded. This is part of the reason for China's great firewall. When people buy devices made for China this is something that happens.
As for Google vs aosp. Think about it this way. Why would you buy a pixel device is you can get all the same features from aosp? No money to be made there so not good business. Yes Google pushes a lot to aosp. But it is getting less and less. Heck even the base aosp apps have not gotten any real updates in years. Google wants you to use their closed Sourced apps. Allo, duo, Gmail, contacts, phone etc. If it wasn't for 3rd party developers like the ones here aosp apps would still be bare bones.
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
shadowbone said:
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
Click to expand...
Click to collapse
Just not to be worried about hacking our phone. Developer of app/google/aosp/etc. here to save us from hackers in fact maybe.....
But as for root,CFW,etc they doesn't hooked even you have gapp.
But hacking WiFi WAP so... i don't worries, just i said earlier "be careful what you doing" remember that.
If you need very privacy like "donald trump" [emoji13] so vpn your phone install x private and cover with your camera, encryption your phone and always be updated your apps/security patch and android of course.
Sent from my Pixel XL using XDA-Developers Legacy app
shadowbone said:
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
Click to expand...
Click to collapse
To be honest if I was really worried about security then root would be out of the question as it opens up doors that can be exploited. An example is a root binary that was found to work so it auto granted root to every app and removed the logs of it doing so.
The KRACK vulnerability is a whole other thing as patching a device is pointless if the router you are connecting to is not patched.
Just use common sense really. As long as Android pushes a lot of code open source there will always be issues like this that pop up. (its soo much easier to find exploits when you have access to all the code. And before you say it, no not as many people are looking for security threats as people think)
Thanks you guys for your valuable advice's. I'll make sure to keep a watch out. :good:
(might be this is off topic but i need your help guys)
Hi guys i need your help with my Old nexus 5 (stock never did ctf or rooted) and mtk phone as a same problem.
In google camera when I video mode it crash even open it please help me.
Nexus 5 and mtk phone are running both android 6.0 stock.
Any idea what happened ?
JohnMichaelCost said:
(might be this is off topic but i need your help guys)
Hi guys i need your help with my Old nexus 5 (stock never did ctf or rooted) and mtk phone as a same problem.
In google camera when I video mode it crash even open it please help me.
Nexus 5 and mtk phone are running both android 6.0 stock.
Any idea what happened ?
Click to expand...
Click to collapse
Have a take a look.
JohnMichaelCost said:
Have a take a look.
Click to expand...
Click to collapse
I'm not sure. Are you using official/stock build or some ported apk?
shadowbone said:
I'm not sure. Are you using official/inbuilt build or some ported apk?
Click to expand...
Click to collapse
Ok.. but thanks anyway is working again.....
i am officially build.
Sent from my Pixel XL using XDA-Developers Legacy app
JohnMichaelCost said:
Ok.. but thanks anyway is working again.....
i am officially build.
Sent from my Pixel XL using XDA-Developers Legacy app
Click to expand...
Click to collapse
You are Gonna have to run a logcat to find out. Chances are if you are not rooted or been messing around then it will be hard are.