Hi there all
I have an important question. As I have never been a huge fan of Gapps, and currently using 2 devices with Android, I have 2 questions regarding safety on those devices.
1st one: AOSP Rom, 4.4, no Gapps or anything Google's installed, just the open source F-droid, and sometimes downloading an app via Google Play download sites. I regularly update my Firefox web browser, but since I dont have any Google apps such as Play Services, does that mean that I wont get any important safety updates for my device?
Does this mean that, using any "not the latest" Android device without Google Play Services is a dangerous device? Do I really need it?
2nd device, Android 4.2 with Gapps installed (no custom rom), but with all Gapps deleted or disabled, including Play Store and Services. Also using the open source F-droid. Same question: is this device vulnerable?
I suppose they are vulnerable even with the latest Firefox installed, as Android bugs are not repaired at all. Is there anything I could do to make my devices safer? My 4.2 device is not able to be rooted as it is an unknown brand. My 4.4 device is the Sony Xperia T phone.
I only use my devices to check email, read the newspapers, do some Facebooking and Whats-apping and have some medical apps installed.
Many thanks for reading.
@ruben112 , not sure if this would be helpful , and you may have already seen ; but is an informative thread.
http://forum.xda-developers.com/showthread.php?t=2960077
"err on the side of kindness"
mrrocketdog said:
@ruben112 , not sure if this would be helpful , and you may have already seen ; but is an informative thread.
http://forum.xda-developers.com/showthread.php?t=2960077
"err on the side of kindness"
Click to expand...
Click to collapse
Thanks a lot for the thread, I had looked for some tutorials but hadnt found them yet! So newer Androids dont per se bring better security? And with some of those apps the security bugs get fixed too?
as i understand things AOSP is less intrusive than what some custom roms are based on. as far as android versions go , "stagefright" is a vulnerability that just got patched in lollipop (i think). but i believe there are sometimes tradeoffs , i.e. the newest may give more security while at the same time taking more control over an OS.
i am really hoping someone more knowledgeable will chyme in :what:. as far as apps go ; just look at what permissions are asked for by the app , some are quite unreasonable to say the least.
i personally never install gapps.
sorry i dont really know more.
"err on the side of kindness"
mrrocketdog said:
as i understand things AOSP is less intrusive than what some custom roms are based on. as far as android versions go , "stagefright" is a vulnerability that just got patched in lollipop (i think). but i believe there are sometimes tradeoffs , i.e. the newest may give more security while at the same time taking more control over an OS.
i am really hoping someone more knowledgeable will chyme in :what:. as far as apps go ; just look at what permissions are asked for by the app , some are quite unreasonable to say the least.
i personally never install gapps.
sorry i dont really know more.
"err on the side of kindness"
Click to expand...
Click to collapse
Thanks. That is exactly what Im wondering: I almost use no apps so they might have security issues but there should not be that many, OS updates on the contrary could in theory make your phone much safer, but do they do it and could the issues not be patched otherwise?
if you have way more knowledge than me about coding and such then you might be.able to patch it yourself.
i personally do not know any other way. but there probably is.
"err on the side of kindness"
Related
First, the new Droid Sans for the dev phone works great! If you haven't seen it, check the market!
That program, and some of the other apks, such as the one for flash seem to get a ton of really stupid comments in the market. Also, the market now seems to be too big, with not enough sub-categories to find things easily.
IMO, there should at least be a category for advanced users and developers only. (Maybe even one which you would have to sign in to visit, with a big disclaimer saying something like "These programs will not run on most G1s. They are programs for rooted or (don't know if Google will like the rooted part), developer's phones. Many of them are apk's for developers to make it easier for them to write better apps for you, rather than stand-alone-apps. If you are a developer, or an advanced user, please sign up to download the apps."
Is there a place to suggest improvements to the market to Google?
(Maybe I just am feeling nasty after looking at all those grade school comments in the market).
kathi17 said:
First, the new Droid Sans for the dev phone works great! If you haven't seen it, check the market!
That program, and some of the other apks, such as the one for flash seem to get a ton of really stupid comments in the market. Also, the market now seems to be too big, with not enough sub-categories to find things easily.
IMO, there should at least be a category for advanced users and developers only. (Maybe even one which you would have to sign in to visit, with a big disclaimer saying something like "These programs will not run on most G1s. They are programs for rooted or (don't know if Google will like the rooted part), developer's phones. Many of them are apk's for developers to make it easier for them to write better apps for you, rather than stand-alone-apps. If you are a developer, or an advanced user, please sign up to download the apps."
Is there a place to suggest improvements to the market to Google?
(Maybe I just am feeling nasty after looking at all those grade school comments in the market).
Click to expand...
Click to collapse
tbh i think that if you had a moderator (obviously not just the one ) who
monitored the market and removed stupid comments and who could even issue 24 hour bans or something it would improve things tenfold.
and about the rooted section, google wouldn't like it but what can they do? no matter what they release people will find a way to get root access again google might as well just release cupcake with root access already enabled.
If Google released cupcake with root access, there would be an awful lot of happy G1 users!
I see you have RC30, do you have auto rotate with your pictures? Now that I've got the new Droid Sans, everything except pictures seems to auto rotate. (although I've only tried one photo so far, I need to check others).
which app is for flash?
would u send me code for how to use different font in android
installed this app- this rocks.
debro012 said:
which app is for flash?
Click to expand...
Click to collapse
Action Script Reference. It doesn't do Flash, it's a help for Flash and Flex developers. (I added that in case there are any non developers reading this who think they are going to have Flash by downloading it).
Here I provide a half legal (I included the HTC drivers for the hardware...) stock AOSP (android-1.5_r3) ROM!
You can add Google Apps legally if you have bought a Google experienced phone by running this script on a linux-machine:
http://forum.xda-developers.com/showthread.php?t=564744
Features:
-No special features
-Just stock w/o Google apps
Download for G1:
http://www.4shared.com/file/135524283/e812c64f/dream.html
Instructions:
Unzip the file, then:
fastboot erase userdata
fastboot flash system system.img
fastboot flash boot boot.img
fastboot reboot
To Do:
I'm a lazy guy.
Next release will be cyanogenmod w/o googleapps.
Well does the rom working without all googles stuffs ?
Can we add them easily ?
Thanks for the new build, hope this googles' issue will be fine
It does work, but it's nearly useless.
I work on a windows version of my script which adds google apps legally.
I also will create a script for recovery.
I'll work on this ROM when I'm done with these, as soon as the scripts are ready, this ROM will get some goodies from Cyan.
Nice work Maxisma!
Its a good start
awesome bro
keep it up it's a start!
maxisma said:
It does work, but it's nearly useless.
I work on a windows version of my script which adds google apps legally.
I also will create a script for recovery.
I'll work on this ROM when I'm done with these, as soon as the scripts are ready, this ROM will get some goodies from Cyan.
Click to expand...
Click to collapse
Excellent.
With all this doom and gloom.
Surely this is the problem solved?
But what do you mean by google experience?
I know I got all the apps with my phone... T-Mobile G1...
Google Experience are all phones with Google Apps preinstalled.
Just some indian and russian HTC devices don't have it.
Out of interest would this boot fine without running the script?
I am presuming not, but i am just curious?
I would try it out, but at the moment I am not at home and only have 2g coverage on my phone so its a bit slow to download
Edit //
Could i (in theroy) install, boot and then use wget to download sam3 from slideme.org and then download a third party dialer / K9 etc... etc..
So use all third party apps
vixsandlee said:
Out of interest would this boot fine without running the script?
I am presuming not, but i am just curious?
I would try it out, but at the moment I am not at home and only have 2g coverage on my phone so its a bit slow to download
Click to expand...
Click to collapse
It boot's fine w/o the script ;-)
Not to rain on your parade, but ....
Hi Maxisma,
Not to rain on the parade, but ...
Per Google, this ROM is no more "legal" than any other ...
The following is taken from http://source.android.com/documentation/building-for-dream
* The Dream device software contains some proprietary binaries. For contractual reasons, these cannot be redistributed separately from the shipping hardware, but the provided script may be used to extract these binaries from your development device so that they can be correctly included in your build. These libraries include the openGL|ES library, the Qualcomm camera library, the HTC Radio Interface Library, etc. You need adb to be in your path, and you need your device to be configured for adb access. If you don't have adb already, do a generic build first, which will put it in your path.
Click to expand...
Click to collapse
Just my understanding of things.
~enom~
Interesting, i am going to have to have a look and a play later.
Cheers for the work (forgot to say that in my first post)
if you're interested on maybe trying to do this on your own:
http://www.johandekoning.nl/index.php/2009/06/07/building-android-15-build-environment/
Contrary to what you might think, a room w/o google apps is not entirely useless. Probably the major setbacks are the lack of market access, the lack of a YouTube player (we need to work on a port of Totem's Youtube implementation but for android), and a way to manage contacts (irrenhaus is looking at the posibility of setting up a Google Contacts sync), plus we'd probably need to write an utility to actually read/write contacts to and from SIM.
G-mail, you can acess from the browser (which, AFAIK, is still free and open source under the Apache Licence), Maps can be downloaded once we get Market access.
Other than that, a bone-stock android build will keep you connected to the internet, allow you to tether, allow you to run scripts, deliver your mms, give you camera and music player, have theme support, and ofcourse, make phone calls just like any other build will. You'll just have to go a bit off of your way to get apps, but again, that's the main drive here, either get acess to market of create a new one and invite app developers to submit their apps there too
enomther said:
Hi Maxisma,
Not to rain on the parade, but ...
Per Google, this ROM is no more "legal" than any other ...
The following is taken from http://source.android.com/documentation/building-for-dream
Just my understanding of things.
~enom~
Click to expand...
Click to collapse
That's dead on too, and I forgot about it. The issue would not be with google anymore though, but with HTC and it's hardware partners. This is what cyanogen realized, now that the spotlight is on rom development, companies will have watchdogs for re-distribution of binary code. If you own an ADP device, you can legally download the binaries from the HTC website and MAKE YOUR OWN BUILD (so redistribution targeting dream is out, unless we can talk to HTC about it), either that, or, as I've said before, move onto an open hardware platform so we can write our own drivers.
---edit---
By the way, I still don't agree with the whole feeling of gloom floating around here. This is only a change to the way we're doing things right now, but it doesn't hinder development in any way. If you're the kind of dev that's here for the praise, then yeah, you wont like it that now people will have to actually know what they're doing, so your fanbase will be reduced. I for one welcome the change. This rom, for example, can still be distributed without the HTC binaries and maybe have instructions for the user to download them, install them in their OTA package, and the actually flash the rom. But then that requires that people actually know what they're doing, since we can't legally provide them the finished product.
Also, it doesn't hinder improvement of the platform. None, I repeat, NONE of cyanogen's or other dev's work ever even touched the proprietary parts of the build, as this is nearly impossible without the source (I know, baksmali, but really, I'm trying to make a point here!...) and most of what made his work awesome was the behind-the-userland work; kernel's bfs patches, scripting, cpu time management, modifications to available source, for example, the settings package.
We can still improve the platform, we can contribute, and maybe this time around the way Google wanted people to, by submitting code for their consideration to have it maybe implemented in android's next build.
I'll be glad to see all the "OMG, MY PHONE WONT START" threads diminish as people realize that this will no longer be the place where you get it all dumbed down and easy to use.
hey just by simple curiosity, how do you then log into the phone, if this rom is google less? I presume you still need a google account to set up your machine right????
kmassada said:
hey just by simple curiosity, how do you then log into the phone, if this rom is google less? I presume you still need a google account to set up your machine right????
Click to expand...
Click to collapse
You don't need to login as there is no setupwizard.
jubeh said:
That's dead on too, and I forgot about it. The issue would not be with google anymore though, but with HTC and it's hardware partners. This is what cyanogen realized, now that the spotlight is on rom development, companies will have watchdogs for re-distribution of binary code. If you own an ADP device, you can legally download the binaries from the HTC website and MAKE YOUR OWN BUILD (so redistribution targeting dream is out, unless we can talk to HTC about it), either that, or, as I've said before, move onto an open hardware platform so we can write our own drivers.
---edit---
By the way, I still don't agree with the whole feeling of gloom floating around here. This is only a change to the way we're doing things right now, but it doesn't hinder development in any way. If you're the kind of dev that's here for the praise, then yeah, you wont like it that now people will have to actually know what they're doing, so your fanbase will be reduced. I for one welcome the change. This rom, for example, can still be distributed without the HTC binaries and maybe have instructions for the user to download them, install them in their OTA package, and the actually flash the rom. But then that requires that people actually know what they're doing, since we can't legally provide them the finished product.
Also, it doesn't hinder improvement of the platform. None, I repeat, NONE of cyanogen's or other dev's work ever even touched the proprietary parts of the build, as this is nearly impossible without the source (I know, baksmali, but really, I'm trying to make a point here!...) and most of what made his work awesome was the behind-the-userland work; kernel's bfs patches, scripting, cpu time management, modifications to available source, for example, the settings package.
We can still improve the platform, we can contribute, and maybe this time around the way Google wanted people to, by submitting code for their consideration to have it maybe implemented in android's next build.
I'll be glad to see all the "OMG, MY PHONE WONT START" threads diminish as people realize that this will no longer be the place where you get it all dumbed down and easy to use.
Click to expand...
Click to collapse
I could probably write a Java application that would allow the user to:
1) hook their google phone up over USB and grab the existing google apps off of it
2) point to the location of their proprietary drivers on a manufacturers website for download
3) point to a central location of legal ROMS for download
4) click an ASSEMBLE button to put it all together. The resulting update file would be like they have always been, but no illegal redistribution has taken place.
One little problem ...
Ohsaka said:
I could probably write a Java application that would allow the user to:
1) hook their google phone up over USB and grab the existing google apps off of it
2) point to the location of their proprietary drivers on a manufacturers website for download
3) point to a central location of legal ROMS for download
4) click an ASSEMBLE button to put it all together. The resulting update file would be like they have always been, but no illegal redistribution has taken place.
Click to expand...
Click to collapse
Hi Ohsaka,
One little problem with that is ... the manufacturers do not post the drivers (standalone) on their websites for download, they only redist with the hardware. Also, there are other library files as well, it's not only drivers.
~enom~
Simple fix.. just don't include it. People will have to "magically" find the drivers on their own.
If it boots, why is it nearly useless?
Hi,
i don't have a android phone yet. But i'm still a little bit frightened about data security there.
I read this article:
hxxp://w ww.theregister.co.uk/2010/06/28/google_remote_android_application_install/
I think normally you should decide yourself what to uninstall and what not.
So my question is - would it be possible to prevent Google from Accessing your phone, means prevent them from Installing / Uninstalling Applications.
Cause i hate this. My phone is my phone and they aren't allowed to play the "admin"
Regards
eagle
fear not
If you read further into this they are talking about malicious apps and it is done for the malicious app or apps only they are actually protecting your phone from being crippled and it is done systewide for those that use the market
APK's installed from SD can't be touched by Google. Only ones installed from the market can be removed. AFAIK so far they have only removed malicious apps(so far), but Googles definition of malicious is different to mine.
Hi,
thank you for your answers ! I know that they removed only a malicious app...but like mercianary already said: this time they only removed a malicious app ...
They could instead (of remote uninstall) just release a "fix" that you can download over the android market and this fix then cleans your mobile phone...
At least they can't remove stuff that you installed from SD ... this is good ...
But is there a way to modify the rom, so they won't have any access any more ?
Or can u disable this if you got root rights ?
Regards
eagle
P.S.
What else can google do with your phone ? What do they log ?
They take your soul. Piece by piece. Slowly over the years. Just like they do with every other product they give you for "free"
But that's another thread...
Sounds like humor but it's probably right :-/
The fact is ..:
I waited all time for Windows Phone 7. Thought that they would make it a good OS .. but now ... no Multitasking, ugly Menu ... it seems to me worse like the iOS (subjective opinion =) ) .
You don't have enough options/ settings and so on. It looks to me, like they try to copy Apple now, and they don't try to make it better =(
And now Android comes with tethering, Hotspot-Ability, a nice menu ... a "free" market , and so on.
Wouldn't i be afraid of Google i would choose it without hesitation.
You got any Pro Points for Win7 Phone ?
----
Don't get me started on Microsoft...
It's certainly possible to mod Market to disable this feature. Ofc you would need root to do this.
well with custom roms and rom specific apps you shouldn't have to worry because essentially you are loading and update zip so i think you'll be OK there and they would be morons to start randomly messing with peoples phones
Hi,
nice answers =) I like you I already got some
New Questions :
- Are there already such modified ROMS ?
- If not - will there be some ?
- @mercianary why i shouldn't get you started on Microsoft? Start please
What is your Fav OS ? Are you scared of google, too ?
I tried doing a search and couldn't find a relevant thread, but I have a few questions...
OK first, the issue that brings me here is the only web browser that I like (Boat) has long been dead and out of development, it's long not been on the play store but I've had the APK for a long time and just transfered it to every new phone I got so I could keep using it. I have tried finding a different browser, but I hate them all, none of them have any of the features I want. My last phone was running Android 9.0 and Boat was still working on it. Well, I got a new phone now (Pixel 4a 5g) that has Android 11 and boat still mostly works... except it crashes if I click the bar at the top to type in a URL and a few other bugs... but otherwise still works flawlessly.
1. So, I'm wondering first is it even OK for someone to look to hire a developer to basically update a dead app? Any website and contact information for the original developer no longer exists, but I don't know if it's OK for someone to take over a dead app like that, if it would be considered stealing or something.
2. Second, well if it's OK... I have the last APKs of the browser and I had used a guide to deconstruct the APK into a project thinking maybe I can figure it out and how to update it so that it still works but... yeah that's not happening. So I have the APK files and the already deconstructed into a project and was wondering where I can ask about hiring a developer just to basically update the app so that it still works (bug fixes only, not really making any changes to the look/feel/etc, just fix any bugs or code that's old and deprecated and doesn't work anymore)? And when I say hire, I mean like actually hire, with real money.
sardonicus87 said:
I tried doing a search and couldn't find a relevant thread, but I have a few questions...
OK first, the issue that brings me here is the only web browser that I like (Boat) has long been dead and out of development, it's long not been on the play store but I've had the APK for a long time and just transfered it to every new phone I got so I could keep using it. I have tried finding a different browser, but I hate them all, none of them have any of the features I want. My last phone was running Android 9.0 and Boat was still working on it. Well, I got a new phone now (Pixel 4a 5g) that has Android 11 and boat still mostly works... except it crashes if I click the bar at the top to type in a URL and a few other bugs... but otherwise still works flawlessly.
1. So, I'm wondering first is it even OK for someone to look to hire a developer to basically update a dead app? Any website and contact information for the original developer no longer exists, but I don't know if it's OK for someone to take over a dead app like that, if it would be considered stealing or something.
2. Second, well if it's OK... I have the last APKs of the browser and I had used a guide to deconstruct the APK into a project thinking maybe I can figure it out and how to update it so that it still works but... yeah that's not happening. So I have the APK files and the already deconstructed into a project and was wondering where I can ask about hiring a developer just to basically update the app so that it still works (bug fixes only, not really making any changes to the look/feel/etc, just fix any bugs or code that's old and deprecated and doesn't work anymore)? And when I say hire, I mean like actually hire, with real money.
Click to expand...
Click to collapse
First topic is about licence agreement and legal stuff. It is owned by "Boatmob, Inc." / "Digital Life International Limited" / "Crunchbase Inc.". Although the app was for free, it does not seem to be a free licences. But I am not an expert in this area.
About the browser app itself, I have seen that you were already active here: https://forum.xda-developers.com/t/boat-browser.3821682/
You either need a permission of the owning company and then maintain the app yourself (or via a hired dev), or you have to switch to another and still actively supported browser app.
Hi there,
Few months ago, I was told in XDA site that nowadays changing the ROM is not anymore the best way to de-google a device. Now it is better to de-bloat and tweak the device.
Do you agree with this statement?
Did you change the ROM in your device or only de-bloated it? Tell me your experience. Easy to install, need to root, unblock the bootloader, update, what is NOT working, speed, battery, ...?
I own a Samung Tablet S5e LTE few months old, under guaranty and would like to de-google it. I was thinking to change the ROM, is tit the best way?
What is your advice? If needed, what ROM to use? What way, software to de-bloat?
Many thanks
MrNice said:
Hi there,
Few months ago, I was told in XDA site that nowadays changing the ROM is not anymore the best way to de-google a device. Now it is better to de-bloat and tweak the device.
Do you agree with this statement?
Click to expand...
Click to collapse
Fully agree with this.
Thank you for your fast answer.
Could you be more specific and tell me why, how (big picture) and if you have experience what tools did you use?
People most times use terms "De-google" and "De-bloat" not knowing what they are really speaking of.
The Vanilla Android ( read: AOSP - today often called GSI ) is totally free of apps developed by Google ( topic: GMS ) and the service ( GFS ) they need to run, this because NOBODY basically needs these to operate a phone. But the overwhelming majority of the users of mobile devices want an Android what is extended by features, so they can download & install more apps, play games, listen to music, watch porn videos. OEMs respect this wish - they want to sell their products - and therefore typically add GMS & GFS to their Android OS, so it in reality becomes a Custom ROM.
Resume: Vanilla Android - and all ROMS that are based on Vanilla Android ( like Lineage OS and many others ) must not get "De-googled".
Bloatware ( or Potentially Unwanted Programs - PUP ) is software users don’t want, that burdens and slows down a mobile device. It usually comes pre-installed by vendors, manufacturers or carriers. IMO "De-bloating" is the first thing a user should do when starting up a new device.
Bloatware typically is installed as system-app, hence phone's Android must got rooted before you can start "De-bloating".
As I am not very skilled in Android, I appreciate your post.
I installed LineageOS 17.1 on my Samsung S6, it working fine, I am happy for the usage but the only issue I have is that I can't update. This is another story in another XDA forum.
My need are usual plus
Read books, music sheets, social networks, Internet TV, news, training, conference (low bit-rate), email, messaging, GPS travel, basic pictures,
some specific app for music practice (tuner, metronome), veg gardening (I need to find one suitable for me).
but no game, no HD movie (download or stream), no large download
Backup locally (I need to learn more), no cloud usage.
As I run GNU/Linux for around 20 y, I hate to have to register for account in any app from GAFAM and I don't want as much as possible give them my data. I try to select the app without tracker, FOSS and I block the permissions as much as possible.
If I can de-google this is the best for my mindset.
I understand that de-google or de-bloat, I 'll have to root so break Knox. Right?
I don't know if I need GMS and/or GFS for my use. Could you tell me? For what app it is mandatory?
With my S5e I want to be more cautious, I need a way as secure as possible to not brick it.
With all these info, what do you advice?
MrNice said:
Hi there,
Few months ago, I was told in XDA site that nowadays changing the ROM is not anymore the best way to de-google a device. Now it is better to de-bloat and tweak the device.
Do you agree with this statement?
Did you change the ROM in your device or only de-bloated it? Tell me your experience. Easy to install, need to root, unblock the bootloader, update, what is NOT working, speed, battery, ...?
I own a Samung Tablet S5e LTE few months old, under guaranty and would like to de-google it. I was thinking to change the ROM, is tit the best way?
What is your advice? If needed, what ROM to use? What way, software to de-bloat?
Many thanks
Click to expand...
Click to collapse
For the Tab S5e de-googling it is next to impossible with stock samsung rom. LOS works great on it and not too difficult to install, CRDroid works well on it but is better with google installed, /e/ rom was being developed for it but I don't know if they are still working on it. I built an /e/ rom locally for my Tab S5e last year and it worked very well. If you want to get away from google you need to ditch the OneUI or whatever they are calling it.
tek3195 said:
For the Tab S5e de-googling it is next to impossible with stock samsung rom. LOS works great on it and not too difficult to install, CRDroid works well on it but is better with google installed, /e/ rom was being developed for it but I don't know if they are still working on it. I built an /e/ rom locally for my Tab S5e last year and it worked very well. If you want to get away from google you need to ditch the OneUI or whatever they are calling it.
Click to expand...
Click to collapse
Thanks for you advice, I'll work on it soon.