Verizon to Push AppFlash to gather all the datas! - Verizon Samsung Galaxy S7 Edge Guides, News, & Dis

What absolute [email protected]
So... how do we get around this?
The First Horseman of the Privacy Apocalypse Has Already Arrived: Verizon Announces Plans to Install Spyware on All Its Android Phones
Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app.
Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices.
The AppFlash Privacy Policy published by Verizon states that the app can be used to
“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.”
Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information:
“AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.”
And what will Verizon use all of this information for? Why, targeted advertising on third-party websites, of course:
“AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.”
In other words, our prediction that mobile Internet providers would start installing spyware on their customers’ phones has come true, less than 48 hours after Congress sold out your personal data to companies like Comcast and AT&T. With the announcement of AppFlash, Verizon has made clear that it intends to start monetizing its customers’ private data as soon as possible.
What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and blocks privacy-enhancing tools from being distributed through the Play Store. Adding another company that automatically tracks its customers doesn’t help matters any.
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.

AppFlash is just a custom bloated version of the Google Search Bar with intense focus on data mining. This is essentially a widget, which belongs to a package, which should be able to be disabled/uninstalled depending on its implementation. You may need a rooted phone to fully remove it from the system - but time will tell. Either way, this will end up in my pile of other Verizon 'Services/Apps' that are either uninstalled or frozen.
the_rev said:
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.
Click to expand...
Click to collapse
I find this comment amusing - eluding that 'hackers' don't probe every single aspect of a system and it's software, but now that this application is going to be pushed you better worry!

Calm down. The sky isn't falling yet.
"UPDATE: We have received additional information from Verizon and based on that information we are withdrawing this post while we investigate further. Here is the statement from Kelly Crummey, Director of Corporate Communications of Verizon: "As we said earlier this week, we are testing AppFlash to make app discovery better for consumers. The test is on a single phone – LG K20 V – and you have to opt-in to use the app. Or, you can easily disable the app. Nobody is required to use it. Verizon is committed to your privacy. Visit www.verizon.com/about/privacy to view our Privacy Policy.""
https://www.eff.org/deeplinks/2017/...e-has-already-arrived-verizon-announces-plans
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.

Averix said:
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.
Click to expand...
Click to collapse
This. Vote out every single person who voted to repeal what we've spent years fighting for. They let their own monetary gains guide their decisions and not what's best for the people, which is what their job is.
It's absolutely baffling to me how many people just don't give 2 fks about having companies mine personal and sensitive information about them. The classic "If you don't have anything to hide, then what does it matter" argument instantly enrages me.
Sent from my Samsung Galaxy S7 Edge using XDA Labs

just calm down.. I've been telling everyone about this for past 4 years.its not just this app.but hard bedded in every device..the only way to get rid of any of it is educate yourself on removing it. .as for the comment about hackers knowing the weaknesses​.hes absolutely right...the good amd bad hackers.not all of us are bad.

All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.

tx_dbs_tx said:
All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.
Click to expand...
Click to collapse
The main issue is the blatant disregard by our government to even acknowledge the American people's privacy. Of course this all comes down to money and corruption as usual. For a simpler solution to a lot of these issues is remove all of the lobbyists, but I digress.

Look at it this way people. No one is pointing a gun at your head making you use cell phones social media, etc. If you don't want to be spied on buy a house in the mountains with no outside connections and enjoy life.

Related

[Q] Security Threats to Smartphone Users are on the Rise

IT'S BEEN LONG TIME SINCE I HAD VIRUS PROBLEM WITH MY DEVICE
BUT PEOPLE JUST PUT IT TOGETHER ,THIS ARTICLE IS 90 % TRUE.
ME PERSONALLY USING ANDROID BUT THIS OS IS OPEN SOURCE AND I DON'T THINK GOOGLE FORGOT ABOUT SECURITY TOOLS . IF I'M GOING TO BE A VICTIM OF DATA THEFT DEFENSIVELY I'LL CHANGE TO DIFFERENT OS.
http://techpp.com/2011/07/04/why-security-threats-to-smartphone-users-are-on-the-rise/
*** Why Security Threats to Smartphone Users are on the Rise
Guest Post by Fergal Glynn.
It’s in the news more and more. The number of viruses, malware, and a number of other ‘virtual illnesses‘ affecting smartphones has already caused billions of dollars in damage. In fact, a recent study by Juniper Networks estimates malware attacks on Android have increased by 400%. But why the sudden interest? They’re a better target, and here’s why:
Smartphones hold more information
Today, phones are a portable hub for all the information in our lives, including business and personal. This means, with one hit, a hacker could potential gain all of your personal and financial information, in addition to gaining the information they need to penetrate a business infrastructure. With that, they simply need to set up a spear phishing attack, and the hackers can access full range of sites, accounts, and systems.
Free Internet is not so Free
Is your favorite free WiFi spot is really free? Or, is it a fake network set up by someone with less than honorable intentions? Because many smartphones automatically connect to open networks (and save them for future use!), it makes them a prime target. Once someone malicious has gained access to your smartphone, they can gather all of your account details, passwords, personal information, financial details, and other informational gems you send through your phone.
No Security Software
Just like a car thief looking for unlocked doors and keys in the ignition, hackers will prey on the easiest targets they can find. Most of the time, this means smartphones. And why not? They often connect to open WiFi networks and usually don’t have any sort of security software installed. Therefore, once attackers gain access, there’s nothing stopping them.
Users Aren’t Aware of the Risks
Because many people who own smartphones think they’re immune to attacks, hackers can ‘live’ in a phone for months or even years without being detected. Imagine the sheer amount of information you share during the year. With that kind of information, banks, business sites, email accounts, personal identities, and all sorts of networks would be at risk. To make matters worse, any attempts by the attackers to gain additional information would be even harder to detect because they would be better able to disguise their phishing attempts.
More Opportunities For Attacks
Smartphones use the Web, SMS, email, voice, apps, and many other methods to communicate with other people and devices. This leaves them wide open to a number of different attacks and gives a determined hacker more options than he’d have with a regular computer. In fact, experts believe it’s even possible for hackers to use the device’s microphone to record voice communications and scan them for calls containing useful information such as those made to a bank or credit card company.
Real Life Threats
Because of their portability, smartphones are much easier to steal than laptops or other communication devices. To make matters worse, many users don’t lock or secure their phones, and even fewer use location services. This means, once a thief gets his hands on a phone, they can access everything, and the user can’t even wipe the phone clean to minimize the damage.
The best way to protect against mobile attacks is to be aware and prepared. To start, install security software, use secure connections, invest in locate and remote wipe services, use strong passwords, and minimize the amount of information you store or use on your smartphone. After all, the more ‘doors’ you close to attackers, the less likely you are to become their victim.
****
OUR DEVICES DOESN'T HAVE THAT MUCH SECURITY THAT WE NEED . AND ALMOST ALL APP THAT YOU INSTALLS IT'S READING YOUR PHONE CALL IDENTITIES EVEN YOU CAN'T BE SO SPECIFIC WITH EACH APPS THAT YOU INSTALL AND CHECK'EM ALL , IS THERE ANYWAY TO AVOID SUCH DISASTER?

20 Companies That Sell Your Data – And How to Stop Them from Doing So

There's a shadowy underworld of websites that claim they can help you perform background checks. Called "data brokers," these sites are the ultimate scam artists. Not only do they rip folks off and sell their user's data, their services can be used by criminals to hunt down potential victims. And there's nothing illegal at all about what they're doing.
Who are these companies and how can you stop them from selling your data? Read on to find out.
What is a Data Broker?
A data broker is a website that crawls public records for sensitive information like names, addresses, credit card histories, and even relatives and neighbors names. These sites work either by appealing to folks' narcassism or by their desire for stalkerish behavior. The site MyLife.com, for example, pitches its search as "See Who's Searching for You." But then, once you've entered your data, it's theirs forever, and now they can sell it to others.
Among the most notorious data broker websites is BeenVerified.com. Been Verified has received thousands of complaints from the Better Business Bureau for its shady business dealings. According to SafeShephard.com, the company has run over 20 million background checks, meaning around 1 in 12 Americans have been spied on.
You're supposed to be able to remove your information from BeenVerified but, as shown in complaints to the FTC, personal information re-appears a mere 3 months after the demanded opt-out. BeenVerified also doesn't allow users to cancel their contract easily and then charges monthly fees while spamming users on a daily basis.
Who's Involved?
Here's a list of some of the biggest data brokers on the web:
•Intelius
•Zabasearch
•Archives
•PeopleLookup
•US Search
•PeopleFinders
•PeekYou
•PublicRecordsNow
•USA People Search
•Epsilon
•White Pages
•MyLife
•PIPL
•PeopleSmart
•Radaris
•PrivateEye
•Spokeo
•RapLeaf
•Acxiom
•BeenVerified
How Can I Get the Info Removed?
While the government has yet to step in and demand protection over our personal data (essentially protecting public documents from the companies that want to use them), a website called SafeShepherd will remove your information from these sites for a monthly fee of $14 or a yearly fee of $65. I suppose the reason why the fee is re-occuring is because these sites tend to put information back up even after they say they've taken them down. It's a sizeable chunk of change, but invaluable if you'd like to protect your privacy from unwanted attention long-term.
While I understand why someone may want to search public records before hiring someone or going on a date, the reality is that these websites also help would-be criminals stalk innocent victims. Sure, the information could be snagged by going to the county courthouse, but these sites make the information much, much easier to find. That's what makes them so dangerous.
If you want to be on the safe side, try out SafeShepherd.

[GUIDE] Some incredibly simple things to protect YOUR PRIVACY!

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The term "privacy" means many things in different contexts. Different people, cultures, and nations have a wide variety of expectations about how much privacy a person is entitled to or what constitutes an invasion of privacy. Information or data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of, privacy in the collection and sharing of data about one's self. Privacy concerns exist wherever uniquely identifiable data relating to a person or persons are collected and stored, in digital form or otherwise. In some cases these concerns refer to how data is collected, stored, and associated. In other cases the issue is who is given access to information. Other issues include whether an individual has any ownership rights to data about them, and/or the right to view, verify, and challenge that information.
This post does not intend to address the many definitions of privacy or the many technical means of protecting and invading one's privacy. There are already many posts addressing this aspect and brief search can turn up lots of answers for you.
This post is only intended to help the least technically savvy among us in maintaining some small amount of data security and privacy without getting very technical about things. It was derived from many diverse sources on basic privacy.
Note that I do NOT have a DONATE button anywhere.
I am not looking for donations.
If you feel that you should donate something, by all means,
send it to your favorite XDA developer and/or XDA itself!
And don't be shy about the
button for the many posters who were of help to you!
Recently, a friend handed me his phone and asked me to take a picture. “What’s the password?” I asked. “I don’t have one,” he said. I think I must have had a puzzled look on my face as, I suppose, I tend to grimace when someone I know tells me they’re choosing not to take one of the very simplest steps for privacy protection, allowing anyone to look through their phone with the greatest of ease, to see whichever messages, photos, and sensitive apps they please.
So, this post is for you, big guy with no password on your Galaxy/iPhone/Nexus/whatever, and for you, girl who stays signed into GMail on your boyfriend’s computer, and for you, person walking down the street having a loud conversation on your mobile phone about your recent doctor’s visit of that odd ailment you have. These are the really, really simple things you could be doing to keep casual intruders from invading your privacy.
1 Password protect your phone! It is one of the simplest things you can do to most devices (smartphones, tablets, etc.) with the least amount of effort. Many people tell me it is “annoying” to take the two seconds to type in a password each time before using the phone. Gimme a break, everyone!. Choosing not to password protect these devices is the digital equivalent of leaving your home or car unlocked. If you’re lucky, no one will take advantage of you. Or maybe the contents will be ravaged and your favorite speakers and/or secrets stolen. If you’re not paranoid enough, spend some time reading entries in Reddit, where many Internet users go to discuss issues of the heart. A good percentage of the entries start, “I know I shouldn't have, but I peeked at my gf’s phone and read her text messages, and…” Oh, and before you pick a password like "123456" or "password" do yourself a big favor and visit the Worst passwords of all time web page! No laughing allowed!
2 Turn on 2-step authentication in GMail (that is, if you use GMail, of course). The biggest conclusion you can derive from the epic hack of Wired’s Mat Honan is that it probably wouldn't have happened if he’d turned on “2-step verification” in GMail. This simple little step turns your device into a security fob — in order for your GMail account to be accessed from a new device, a person (you?) needs a code that’s sent to your phone. This means that even if someone gets your password somehow, they won’t be able to use it to sign into your account from a strange computer. (How it works - video) Google says that millions of people use this tool, and that “thousands more enroll each day.” Be one of those people! Yes, it can be annoying if your phone battery dies or if you’re traveling. Of course, you can temporarily turn it off when you’re going to be abroad or phone-less. Alternately, you can leave it permanently turned off, and increase your risk of getting epically hacked. Which do you like better?
3 Put a Google Alert on your name! This is an incredibly easy way to stay on top of what’s being said about you online. It takes less than a minute to do. Go here: http://www.google.com/alerts; anyone can do it easily. Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries. Enter your name, and variations of your name, with quotation marks around it. Boom. You’re done. Now, that wasn't too tough, was it? I didn't think so. :-]
4 Sign out of your Facebook / Twitter / GMail / etc. account! Do it each time you are done with your emailing, social networking, tweeting, and other forms of general time-wasting. Not only will this reduce the amount of tracking of you as you surf the Web, this also prevents someone who later sits down at your computer from loading one of these up and getting snoopy. This becomes much more important when you’re using someone else’s or a public computer. Yes, people actually forget to do this, with terrible outcomes. Incidentally, if you have the Chrome browser on your PC and you use “incognito” (Ctrl Shift N) or Internet Explorer and you use “InPrivate” (Ctrl Shift P) you will automatically be logged out when you close the window, and no cookies or passwords will be stored. Pretty cool, right?
5 Don’t give out your email address, phone number, or zip code when asked. Hey, if some scary (or weird) looking dude in a bar asked for your phone number, you'd say no, wouldn't you? But when the person asking is a uniform-wearing employee at a local store, many people hand over their digits without hesitation. Stores often use this info to help profile you and your purchase. Yes, you can say no. If you feel badly about it, just pretend the employee is that scary looking dude!
6 Change Your Facebook settings to “Friends Only.” I really thought that by now, with the many Facebook privacy stories which have been published, everyone would have their accounts locked down and boarded up like a cheap Florida house before a hurricane. Not so. There are still lots and lots of people on Facebook who are as exposed on the internet as Katy Perry at that water park. Go to your Facebook privacy settings and make sure the “default privacy” setting isn't set to "public"! If it’s set to “Custom” make sure you know and understand any “Networks” you’re sharing with.
7 Use unique passwords for every site you go to. This sounds really difficult but - surprise - it is quite simple! Password managers come in many sizes and flavors these days. They will generate complex passwords and remember them for you. Protect yourself against phishing scams, online fraud, and malware. Many of these apps have versions you can use on your computer as well as on your tablet and phone. Some are free and some cost money. Your choice. Here, let me show you how simple it is to find a bunch of them: http://bit.ly/V4xehO! As I said, there are many - the one I use is this one here.
8 Clear your browser history and cookies on a regular basis. Do you remember the last time you did that? If you just shrugged, consider changing your browser settings so it is automatically cleared every session. Go to the “privacy” setting in your Browser’s “Options.” Tell it to “never remember your history.” This will reduce the amount you’re tracked online. Consider one of the several browser add-ons, like TACO, to further reduce tracking of your online behavior.
9 Read the posted privacy policy. Boring, isn't it? Every web site has one and likely for a good reason. Have you ever seen the XDA Privacy Policy? Yup, that's just what I thought!
In conclusion, here's one from the Wall Street Journal's Law Blog.
As I said, this is not a technical article but it may make you think if it does the job right.
Sixth Circuit: No Expectation of Privacy in Cell Phone GPS Data
Drug dealers, beware. Your pay-as-you-go phones probably have GPS. And, according to a federal appeals court in Cincinnati, police can track the signal they emit without a warrant.
The U.S. Court of Appeals for the Sixth Circuit ruled that the Drug Enforcement Administration committed no Fourth Amendment violation in using a drug runner’s cellphone data to track his whereabouts. The DEA obtained a court order to track Melvin Skinner’s phone, after finding his number in the course of an investigation of a large-scale drug trafficking operation.
The DEA didn’t know much about Mr. Skinner or what he looked like. They knew him as Big Foot, the drug mule, and they suspected he was communicating with the leader of the trafficking operation via a secret phone that had been registered under a false name. Agents used the GPS data from his throw-away phone to track him, and he was arrested in 2006 at a rest stop near Abilene, Texas, with a motorhome filled with more than 1,100 pounds of marijuana.
Mr. Skinner was convicted of drug trafficking and conspiracy to commit money laundering. On appeal, he argued that the data emitted from his cell phone couldn’t be used because the DEA failed to obtain a warrant for it, in violation of the Fourth Amendment.
The question in the case was whether Mr. Skinner had a reasonable expectation of privacy in the data his phone emitted. It’s a question that several courts are wrestling with. Federal law enforcement authorities, as in this case, say that investigators don’t need search warrants to gather such information.
Justice Department lawyers argued in a court brief that “a suspect’s presence in a publicly observable place is not information subject to Fourth Amendment protection.”
Judge John M. Rogers, writing for the majority, agreed:
There is no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured pay-as-you-go cell phone. If a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal. The law cannot be that a criminal is entitled to rely on the expected untrackability of his tools. Otherwise, dogs could not be used to track a fugitive if the fugitive did not know that the dog hounds had his scent. A getaway car could not be identified and followed based on the license plate number if the driver reasonably thought he had gotten away unseen. The recent nature of cell phone location technology does not change this. If it did, then technology would help criminals but not the police.
He was joined by Judge Eric L. Clay. Judge Bernice B. Donald, who concurred but disagreed with the majority’s Fourth Amendment reasoning, said the DEA couldn’t have figured out the identity of Mr. Skinner, the make and model of his vehicle or the route he would be driving without the GPS data from his phone.
“It is not accurate…to say that police in this case acquired only information that they could have otherwise seen with the naked eye,” she wrote. “While it is true that visual observation of Skinner was possible by any member of the public, the public would first have to know that it was Skinner they ought to observe.”
A lawyer for Mr. Skinner didn’t immediately respond to a request for comment.​
Comments? Suggestions? Ideas? They are all welcome.
Flame wars (relating to privacy or otherwise) are not. :-]
[GUIDE] Some incredibly simple things to protect YOUR PRIVACY - Part 2
Cameras on smart phones, getting better with each generation of new devices, allow people to take pictures or videos on the go and transmit these images by e-mail or post them to the Web. With phone in hand, unexpected sightings of celebrities can be snared with a flick of the wrist (turning the celled into the 'snaparazzi'), as can chance encounters with pretty girls or gorgeous sunsets. Their impact can be great for both good and evil.
Not too long ago two men lit themselves on fire in protest. But only one of them is credited with starting a revolution.
The difference between the two? Mobile phones recorded Mohamed Bouazizi, a Tunisian fruit vendor, as he set himself ablaze in despair over his economic plight. Those videos kicked off the wave of 2011 Arab Spring demonstrations.
Abdesslem Trimech, the other man, fell into relative obscurity. (Source: The Mobile Wave: How Mobile Intelligence Will Change Everything by Michael Saylor)
Back in 2005, a retail fraud investigator for one of the larger chain stores said that while he was still unable to capture a usable image of a credit card from even the then newer camera phones, he has been able to grab readable images of all account and routing info from the personal checks customers have produced at the checkout. Check writers, he says, have a tendency to "lay out" their check books on the writing counter at the registers and keep them stationary enough to obtain a clear image of all the personal information printed on the check. He has also tested this theory with camera-equipped palm tops and has found that with the adjustable resolution he has been able to get a pretty clear picture, with zoom, from a reasonable distance away (3-5 feet). So at this point in time, as phone cameras get better and better, your credit card might still be secure but your personal check might not be.
So, what personal information does your mobile phone reveal about you? Do you know? Do you care?
It seems that many people are slowly becoming more aware of the pitfalls and the mobile-privacy concerns.
According to reports, 54% of cell phone users in the U.S. have decided not to install an app once they discovered how much of their personal information it would access. (The amount of sensitive info an app can access typically is indicated by the "permissions" the app requests, listed on its information page.)
Also, nearly one-third of mobile app users report uninstalling an app from their phone because they learned it was collecting personal information they didn't wish to share.
We need to first be aware and also be willing to actively take steps in order to protect our own privacy. Children of all ages need to be carefully taught as well.
Okay, but what about students? Do students have an expectation of privacy on their cell phones while at school?
The short answer to this in the U.S. is a qualified yes. Whether educators have the authority to search the contents of student cell phones depends on a lot of factors. The key issue in this is the standard of reasonableness. According to New Jersey v. T.L.O (1985) students are protected by the Fourth Amendment to the U.S. Constitution which protects citizens against unreasonable searches and seizures. In T.L.O., the Supreme Court goes on to say that the standard that law enforcement officers must reach to conduct a search (probable cause that a crime has been committed), is not required of educators. In general, the standard applied to school officials is whether the search is “justified at its inception and reasonable in scope.” (See When can educators search student cell phones)
What information should children be taught NEVER to reveal?
The suggestions depend on their age. Common 'wisdom' suggests the following:
Elementary School Kids should NEVER share (their own or another’s):
Age
Full Name
Address
Phone Number
Name of School
Password Information
Images (with possible exception depending on parental involvement)
Middle School Kids should NEVER share (their own or another’s):
Age
Full Name
Address
Phone Number
Name of School
Password Information (even to friends)
Most Images (At this age, kids get into social networking and will be sharing images via cell phones and digital cameras. Parents should focus on limiting the images their children share online)
High School Kids should NEVER share (their own or another’s):
Address
Phone Number
Password Information (even to friends)
Offensive or Sexually Suggestive Images or Messages
If you managed to get this far there must have been something that concerned you.
Congratulations! Learning more about privacy is the first step.
Here's one more little trick you might try since you spent all the time getting here. :highfive:
Want to have an unlisted phone but would not like to have to pay monthly for it? Ask your phone company to replace your last name with another name - your grandmother’s maiden name or something that you never use. This will cost a few dollars, but works very well. Many phone companies will do this for you. No monthly fees for having your number unlisted and as soon as you hear someone calling you Mr. {your grandmother’s maiden name}, you can either block the number or request to be put on the company’s Do Not Call List or <fill in the blank of your choice>. Note that Caller ID takes its information from the phone book, so you will be identified as Mr. {your grandmother’s maiden name} on Caller ID units of people you call unless you turn this feature off.
Another helpful addition to the listing (available in some areas) is: "(data line)", meaning that the phone number is connected to a fax or computer and not to a live person. Check with your local company if this option is available.
Some time ago, in a concerted effort, multiple ACLU affiliates filed a total of 381 Freedom of Information Act (FoIA) requests in 32 states, asking local law enforcement agencies to disclose how they are using mobile phone location data.
The FoIA request in North Carolina struck gold: a copy of an official Department of Justice flyer, dated August 2010 that explains exactly what data is retained by Verizon Wireless, T-Mobile, AT&T, Sprint, and Sprint division Nextel. There's an enhanced copy on the ACLU website.
The eye-openers:
All of the mobile phone companies keep details about the location of cell towers used by every phone, for a year or longer.
All of the mobile phone companies keep records about voice calls and text messages received and sent for a year or longer. Verizon stores the contents of every text message for three to five days. (The others don't keep the text.)
IP session information -- tying your phone to an IP address -- is kept for a year by Verizon and 60 days on Sprint and Nextel.
IP destination information -- which IP addresses you connected to -- is stored for 90 days at Verizon and 60 days on Sprint and Nextel.
The ACLU is gathering information on what steps local police have to go through in order to acquire that stored data: warrants, formal requests, emergencies, possibly even informal procedures. They're also trying to figure out how law enforcement agencies share the data and how long it is retained.
There doesn't appear to be any sort of uniform nationwide policy or widespread judicial precedent.
The ACLU is also looking at law enforcement requests to "identify all of the cell phones at a particular location" and "systems whereby law enforcement agents are notified whenever a cell phone comes within a specific geographic area."
If you have been concerned about privacy and location data being leaked sporadically on your iOS or Android or Windows Phone device it seems you have been looking at very, very small potatoes!​
Comments? Suggestions? Ideas? They are all welcome.
Flame wars (relating to privacy or otherwise) are not. :-]
[ Another place holder ]
[GUIDE] Some Incredibly Simple Things To Protect Your Privacy!
If you find this thread helpful then do not forget to
Rate: *****
Submit thread as News Tip
If you find a particular post is helpful, please click on the Thanks button
If you are using XDA App or Tapatalk, long press on the post and select :good: Thanks
Thanks ny_limited - I just did all these!
Cheers
Tom
Szczepanik said:
If you find this thread helpful then do not forget to
Rate: *****
Submit thread as News Tip
If you find a particular post is helpful, please click on the Thanks button
If you are using XDA App or Tapatalk, long press on the post and select :good: Thanks
Thanks ny_limited - I just did all these!
Cheers
Tom
Click to expand...
Click to collapse
Appreciate the kind works, Tom, but.. This thread is for the non-technical ones among us. I suspect you are more technical than I am thus you hardly qualify to be here.
Thanks for the tips.
For extra protection, there's quite a few security apps on the market that will lock whatever information sensitive apps you want locked, usually with the same security options that your phone offers i.e. Password, PIN, pattern etc.
Just search "app lock" in the play store, for those interested.
--> dominating your screen from my t-mobile gs3, powered by: FreeGS3 R7 "Resurrection"
Complacency is one thing that most if not all internet/mobile/computing user have. I always advocate "Do not remember my password" while browsing from any form of medium to my friends. You never know when you will get compromised. Just leave your computer for a moment, your friend with malicious intent can extract all your private information with a simple and obtainable usb trick..
Even the thing most personal to me, my mobile phone, has no sites on "Log me in always" checked.
I hope websites would leave the box unchecked, as sites I visit always encourage user to have that option enabled. E.g. Ebay, Facebook..
Post # 2 has been updated just in case you need more reading material.
ny_limited said:
Post # 2 has been updated just in case you need more reading material.
Click to expand...
Click to collapse
like 1 better :good:
coohdeh said:
like 1 better :good:
Click to expand...
Click to collapse
Agreed. I guess I really didn't need the 3rd placeholder after all.
---
Spes in virtute est. (via XDA app)
This article is just over a year old but still makes good reading if you haven't seen it yet.
Few people would willingly carry around a device that tracks their movements, records their conversations, and keeps tabs on all the people they talk to. But, according to documents recently released by the American Civil Liberties Union, cell phone companies are doing all of that -- and may be passing the information on to law enforcement agencies.
"Retention Periods of Major Cellular Service Providers," an August 2010 document produced by the Department of Justice, outlines the types of information collected by various cell phone companies, as well as the amount of time that they retain it. On some levels, this is reassuring: Verizon (VZ) is the only company that holds on to text message content, and they erase it after 3-5 days. However, text message details -- the information about who you text with -- is retained for a minimum of a year, with some companies keeping it for up to seven years. In other words, that little back-and-forth you had with Bernie Madoff back in 2007 will be on the books until 2014.
Complete article is here
Click to expand...
Click to collapse
The privacy buck stops with the user
Yes, those terms of service are annoying. They're usually too complicated and too long, and users who want a certain mobile app will be inclined to click 'next' without actually reading the fine print, even if they're worried about what rights they're signing away. Still, "cellphone users need to take responsibility for their own data," maintains Steve Durbin, global VP of the Information Security Forum.
Click to expand...
Click to collapse
​
Cellphone and smartphone users have a love-hate relationship with mobile apps. While they love the functionality and enhanced user experience they bring to the table, clearly many hate the perceived privacy intrusions, suggests a newly released report from the Pew Internet & American Life Project.
More than half -- 54 percent -- of app users surveyed decided against installing a cellphone app when they discovered how much personal information they would need to share in order to use it. Thirty percent uninstalled an app that was already on their cellphone because they learned it was collecting personal information that they didn't wish to share.
Many cellphone users take additional steps to protect the personal data on their mobile devices, including backing up photos, contacts and other files -- tasks performed by 41 percent of those surveyed. Some 32 percent have cleared the browsing or search histories on their phone, and 19 percent have turned off the location-tracking feature due to privacy concerns.
Finally, 12 percent of cell owners say that another person has accessed their phone's contents in a way that made them feel that their privacy had been invaded.
The complete article was written by Erika Morphy and published in the E-Commerce Times in September.
i just know that you can monitor the keywords via google alerts
some useful information here. Thanks a lot!
More cell phone privacy notes
Police Searches of Cell Phones
You may have a legitimate expectation of privacy of the information stored in your cell phone, and so a search warrant may be needed before a police officer can look at your phone's data. However, an officer has the authority to search a cell phone when the search is "incident to an arrest." The search is deemed similar to an officer that searches a closed container on or near a person that he's arresting.
Traditional search warrant exceptions apply to the search of cell phones. Where the accessing of memory is a valid search incident to arrest, the court need not decide whether exigent circumstances also justify the officer's retrieval of the numbers from your cell phone. Police officers are not limited to search only for weapons or instruments of escape on the person being arrested. Rather, they may also, without any additional justification, look for evidence of the arrestee's crime on his person in order to preserve it for use at trial.
Illegally Intercepted Communications
Most people would think that public broadcasting of an illegally intercepted cell phone conversation would be illegal. Well, the US Supreme Court has found that (U.S.) the First Amendment allows an illegally intercepted cell phone conversation to be shared with others when the conversation involves matters of significant public interest. The lesson here is to be careful because technology has increased the chances that your cell phone conversations are being recorded and could be made public or used against you.
Cell Phone GPS Tracking
Although there are many advantages to cell phone GPS tracking, there are also privacy concerns. As most people carry their cell phone with them at all times, the ability is in place to track the exact movements of all individuals. Cell phone GPS could prove useful in saving lives during emergencies.
For these reasons the (U.S.) Federal Communications Commission (FCC) requires wireless network providers to give the cell phone GPS tracking location information for 911 calls that have been made from cell phones. This is known as E911. The law on E911 is fairly explicit. It allows carriers to provide tracking location information to third parties for E911 emergency calls only, however not under any other circumstances whatsoever without the consent of the cell phone owner. Recent court hearings have disallowed the requests of law enforcement agencies to obtain cell phone GPS tracking information from the cell phone companies for suspects in criminal investigations.
The complete article was written and published on Lawyers.com.
Instagram says it now has the right to sell your photos
Instagram said today that it has the perpetual right to sell users' photographs without payment or notification, a dramatic policy shift that quickly sparked a public outcry.
The new intellectual property policy, which takes effect on January 16, comes three months after Facebook completed its acquisition of the popular photo-sharing site. Unless Instagram users delete their accounts before the January deadline, they cannot opt out.
Under the new policy, Facebook claims the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes, which would effectively transform the Web site into the world's largest stock photo agency. One irked Twitter user quipped that "Instagram is now the new iStockPhoto, except they won't have to pay you anything to use your images."
"It's asking people to agree to unspecified future commercial use of their photos," says Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation. "That makes it challenging for someone to give informed consent to that deal."
The complete article is written by Declan McCullagh and published in c|net.
Thanks to FameWolf for the link!
Horrible Autoplay Video Ads Are Coming to Facebook
Facebook will unveil a new video ad product that will auto-play commercials upon arrival, executives told AdWeek's Jason del Ray. This most annoying addition, which will allow advertisers a chance to slap unsolicited videos all over the Facebook news feed, is expected to launch by April 2013, the sources say. And, to reiterate, yes, these will be the same variant of videos that pollute the ESPN.com homepage — the ones that start without you asking them to.
Facebook, which has been trying just about every kind of new ad it can this year, has not yet decided if these commercials will automatically play with or without sound. But in either case, you can bet they'll be a pain — and you can expect plenty of frustrated users. On the desktop version of Facebook, the vids will expand "out of the news feed into webpage real estate in both the left and right columns -- or rails -- of the screen," explains del Ray. Meaning: they will be everywhere. Also, for people who use a million tabs on older computers, imagine a ton of video playing over and over: slow-load city. Add a little audio in the mix and we can already see the confused masses looking for that one tab with the unwanted sound coming out of it. Oh, yeah, this is a really great idea, Facebook. As if you weren't full of those this week already.
The complete article is written by Rebecca Greenfield, published in The Atlatic Wire
ny_limited said:
Instagram said today that it has the perpetual right to sell users' photographs without payment or notification, a dramatic policy shift that quickly sparked a public outcry.
The new intellectual property policy, which takes effect on January 16, comes three months after Facebook completed its acquisition of the popular photo-sharing site. Unless Instagram users delete their accounts before the January deadline, they cannot opt out.
Under the new policy, Facebook claims the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes, which would effectively transform the Web site into the world's largest stock photo agency. One irked Twitter user quipped that "Instagram is now the new iStockPhoto, except they won't have to pay you anything to use your images."
"It's asking people to agree to unspecified future commercial use of their photos," says Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation. "That makes it challenging for someone to give informed consent to that deal."
The complete article is written by Declan McCullagh and published in c|net.
Thanks to FameWolf for the link!
Click to expand...
Click to collapse
Instagram has backed off the language in its new privacy and terms of service policies that set off a significant firestorm online. Instagram cofounder Kevin Systrom posted on the company’s blog under the title “Thank you, and we’re listening”. Whether you believe him or not you can read more about it at Forbes.
Happy New Year, everyone!
Enjoy the festivities!
Will see you all next year!
New 2013 CA laws affect online privacy, homeowners, schools
From protecting your online privacy to party buses, there are 750 new California (USA) laws taking effect in 2013.
The complete KABC-TV (Los Angeles) article of January 1, 2013 can be found here.
[USA] New laws keep employers out of worker social media accounts
Employers in Illinois and California cannot ask for usernames and passwords to the personal social media accounts of employees and job seekers under laws that took effect on Jan. 1.
Illinois Gov. Patrick Quinn in August signed legislation amending the State's 'Right to Privacy in the Workplace Act.'
California Gov. Jerry Brown signed legislation adding the prohibitions to the State's Labor Code in September.
The two states join Maryland, Michigan, New Jersey and Delaware in implementing such privacy laws.
Full ComputerWorld article: http://bit.ly/118L2tM

[Q] extent to which google tracking built in to Os

Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?
jaifora said:
Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?
Click to expand...
Click to collapse
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!
setmov said:
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!
Click to expand...
Click to collapse
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.
nerotNS said:
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.
Click to expand...
Click to collapse
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!
setmov said:
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!
Click to expand...
Click to collapse
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
* AntHalService
* XiaomiServiceFramework
* Cleanmaster
* com.xiaomi.gamecenter.adk.service
* com.duokan.airkan.phone
Click to expand...
Click to collapse
None of them are Google apps. All of them are 3rd party. For example, my nexus 4 with stock Android doesn't have these apps, therefore no data is sent.
nerotNS said:
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
None of them are Google apps. All of them are 3rd party.
Click to expand...
Click to collapse
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!
setmov said:
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!
Click to expand...
Click to collapse
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.
nerotNS said:
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.
Click to expand...
Click to collapse
That's right, we don't have to be afraid of Google to use our data like Xiaomi, but....here is what I know for sure:
(copied from Xiaomi thread)
The point is that is not important what OS you are using, or what is the phone manufacturer. All of them send your data to their "masters". Said that, let's take a look at google. The first time you boot your precious phone, and you connect to the net, Google will receive your IMEI, your phone number, your location (based on network or gps, depends) an all the data you have on your phone. Ok, I know, I know, they are the owners of the Android OS, and they can do whatever they want, and you will never know what they are doing if you have a stock rom, You will not know what they are doing as a power user with highly customized rom as well. Why? Well, because their API. To be clear, the API, also known as "application programming interface (API) specifies a software component in terms of its operations, their inputs and outputs and underlying types. Its main purpose is to define a set of functionalities that are independent of their respective implementation, allowing both definition and implementation to vary without compromising each other.(as per wikipedia)" in not always an "open source project" and the Android core platform API is not "open source" at all, even in the "AOSP" project. The point is that when you use an android platform, if you want it or not, Google receive your data. Let me go further....a month or so ago, Google has implemented their Gmail policy, and started a new monitoring program against pedophilia, and at my point of view, this is a good thing, but, you have to know what's going on. actually they scan every email in your inbox and to or from their Gmail service searching for clues. If they find something, then you're screwed, because they know who you are. Believe me, they know! But this is not the point, so, where they store all the infos on you, and your Gmail account, when they find nothing? Oh, of course on their servers in the US!!! Based on the Patriot Act, the "Agencies" do not need any kind of "court order" to take a peek inside your life. They can do whatever they want, and actually they are doing it. Google will never say NO, and it's obvious why. Based on what is above mentioned, all the US based companies do the same. Unfortunately, the most of the world use Android, even if the manufacturer is Chinese or Vietnamese or whatever else. If you strip Android apart because all of that and you want your privacy back, you will find an interesting thing, that your Android will no more work correctly, and you will find it unusable. This is exactly because the core functionalities that spy on us. We can discuss this as much as we want, but these are facts. To be completely sure that no one is spying on you, someone would have to rebuild the whole Android system, but without a lot of money and the right "crew" this will never happen. Same thing you can expect from Apple (no need to mention the leakage of their cloud system) or Microsoft. Xiaomi, also use services that need your personal data...cloud, sms, mms, whatever, and by buying their product you agreed with them. They will not stole your credit card, but their "agencies" will know who you are, and what you do. But, to be honest, they will do you nothing if you are a non-Chinese citizen. I have never seen Chinese Agencies doing something to the rest of the world, but I have seen US agencies doing bad things to their citizens and the rest of the world. So, let's be honest and admit it, as much as we talk about laws, no one is protected by them. If you are gonna buy a phone, you have to face the fact that you will be under surveillance and monitored. If you have the luck and you live in Switzerland, then you're ok, if not, well....face it, you are SOL. You have just to understand that no provider, manufacturer or OS developer will never solve this issue, because there is no interest.
About AOSP: (from their site!!!)
- First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. -really? YES!
- Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices, and we turn to releasing the source code. hmm....
- In some releases, core platform APIs will be ready far enough in advance that we can push the source code out for an early look in advance of the device's release; however in others, this isn't possible. - hahahaha, ask yourself why!!!
And this is just for start. This is not an app-related issue, we are talking about Android CORE! I love Android, I am using it actively and I am happy with it, it's just that sometimes I feel that this is not fair, but hey, who am I to told them what is or it's not fair? Is not a matter of OS, nor device. All have the same core functionality! NO PRIVACY for them! Accept it or not, these are facts.
I'll start with this:
First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices.
Click to expand...
Click to collapse
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).
nerotNS said:
I'll start with this:
Government regulatory certification means that the device being certified is build and in compliance with the laws of the specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).
Click to expand...
Click to collapse
@nerotNS I am not going to make a discussion with you, on some points you are right, on others, you're very wrong! I would love to be like you!
So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?
QUOTE=nerotNS;56965212]I'll start with this:
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).[/QUOTE]
So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Well, you can always turn on Androids built in Device Encryption (if you don't mind slower r/w speeds). Combine that with a firewall and what you mentioned above and I think you're good.
unclefab said:
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Click to expand...
Click to collapse
@unclefab - well said!!!
I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! Yes guys, when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage! You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device! I am no developer, and I am not calling myself as such, but I know what I am talking from a security stand point! I am not a conspiracy theorist, and I will not tell you what I am doing for living, but definitely I know what I am talking about! Some times people are definitely dumb! Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?Are you aware what a little cookie can do? Are you aware why they use fake cell towers? Are you aware why they collect your data? Ads improvement? Service Improvement? Court orders? Really? Google isn't storing your data? Or Facebook even worse? Can't you really see what is going on? You can think I am an idiot, but as @unclefab said, trust no one! I am telling you this as a fairy tale, you can or can't believe me, but check for yourself and you'll see!
nerotNS said:
Well, you can always turn on Androids built in Device Encryption (if you don't mind slower r/w speeds). Combine that with a firewall and what you mentioned above and I think you're good.
Click to expand...
Click to collapse
No you're not good to go! Not if you're trying to avoid gov. agencies! And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time (at this time only Lollipop is causing issues to decrypt) !!! But hey, you have any right to believe otherwise!
Just a little off topic example....do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
@unclefab finally someone with some common sense!!! BRAVO!!!!
I am really glad you have elaborated my post! Probably the most will not even see what we wrote here, but hey, someone maybe will be able to learn something new!
Again...BRAVO!!!!
unclefab said:
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Click to expand...
Click to collapse
setmov said:
@unclefab - well said!!!
I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! Yes guys, when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage! You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device! I am no developer, and I am not calling myself as such, but I know what I am talking from a security stand point! I am not a conspiracy theorist, and I will not tell you what I am doing for living, but definitely I know what I am talking about! Some times people are definitely dumb! Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?Are you aware what a little cookie can do? Are you aware why they use fake cell towers? Are you aware why they collect your data? Ads improvement? Service Improvement? Court orders? Really? Google isn't storing your data? Or Facebook even worse? Can't you really see what is going on? You can think I am an idiot, but as @unclefab said, trust no one! I am telling you this as a fairy tale, you can or can't believe me, but check for yourself and you'll see!
No you're not good to go! Not if you're trying to avoid gov. agencies! And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time (at this time only Lollipop is causing issues to decrypt) !!! But hey, you have any right to believe otherwise!
Just a little off topic example....do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Click to expand...
Click to collapse
unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now setmov I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.
nerotNS said:
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.
Click to expand...
Click to collapse
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck
@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:
unclefab said:
@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:
Click to expand...
Click to collapse
setmov said:
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck
Click to expand...
Click to collapse
I apologize for the mistype I didn't mean unclefab, I meant setmov with his "stupidity" remark.
As for you, I HAVE been around the world quite a lot more than you think. And in case you haven't noticed, I said that you need to give your name ONLY if on contract. I even said that using prepaid doesn't include this. And even according to the Patriot Act they still DO NEED at least a search warrant, otherwise it would be breaking the US Constitution. All the examples you gave above may be true, but you forgot to mention the fact that it was all placed PUBLICLY AND WILLINGLY. The aftermath is a completely unrelated thing. And yes, even though I am 18 I k of quite a lot of the matter as well as other things. Assuming something about someone based on age is immature to say the least. And finally you told me to search Linux kernel NSA. Mate, if you believe everything on Google, I hope you have anti alien cannons in your house. Also claiming that westerners are "rich and arrogant" is considered nationalism. Don't do it, it's bad. Plus everything I learned, I learned on my own. Not in a "good school". As setmov said, as far as I'm concerned the discussion is over, I don't want this to become a public fight. If you wish further talk, you can contact me in a PM.

Do you think GDPR has been effective?

As Louis Rossmann keeps pointing out, the devices we buy today are no longer fully owned by us. It has almost become like we only pay for purchasing the hardware, but pretty much everything after that isn't under our full control, including the decision to replace a component (if it is broken).
The software that drives the hardware requires a whole lot of permissions (many of which are unnecessary for core functions) to be granted, and the hardware would be useless if those permissions aren't granted. The user is completely unaware of this when buying the hardware. So the money he paid for the hardware would be completely useless if he doesn't agree to the things that the software forces him to agree, AFTER THE SALE/ PURCHASE!
And then on top of everything is the Privacy Policy! Alteast 50% (and I'm being extremely conservative here) of the features you would want from any app is locked behind a Privacy Policy that:
1. No one reads or understands
2. Most of these Privacy Policies are simple copy-paste from standard templates. The makers of these apps too have no idea (forget control) about them.
3. 'Data collected and shared with 3rd parties will be handled in accordance with their respective Privacy Policies' is a total rubbish statement.
Even the most basic apps such as the gallery, file manager, music player, video player, etc. are locked behind Privacy Policies, and the apps won't work if you don't agree to them. This is ridiculous. And more so because these are new 'agreements' that are presented to you 'post the purchase'.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
GDPR passed by the EU is a welcome step in protecting user privacy, but is completely ineffective. All it does is to force OEMs or app developers to show a Privacy Policy message (that no one reads or understands), and then everything is the exact same as before.
Should data collection be stopped completely? But if not, should there be very strict regulations on what data can be collected? Should stock apps and software be allowed to collect data or have any sort of privacy policies, given that the customer paid to use the hardware out of the box, without having to agree to new contracts/ agreements he is completely unaware of at the time of purchase?
One of the very 1st screens that you see when you setup a phone (such as a brand new phone or a factory reset phone) is the OEM Privacy Policy. This is an agreement you weren't aware of when you bought the new phone.
This is an agreement you MUST agree to use a product that you already paid for. There isn't a choice available here.
Agreements must be presented BEFORE a payment is required, not after!
It is only a handful of companies that are the end users of data collected, such as Google, Facebook, and the OEM themselves. All the apps that collect data are essentially just a medium for these companies to collect user data. Most app developers themselves have no use for the data collected, except for passing them on to these companies in return for some payment.
Their declaration that 'Data is collected to improve the app or service provided' is mostly a lie.
Regulating what data is actually collected, and whether services such as those offered by Meta (formerly FACEBOOK) should even be allowed is something regulators must seriously look at.
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
wenyendev said:
First, what do you mean by "GDPR has been effective"?
There are differences between
1. GDPR does not include all the aspects of privacy violation, for example, your specific case is not included in GDPR;
2. GDPR is not properly enforced, ie. your privacy is violated under GDPR, but you cannot use GDPR as a weapon for your defense.
If 1, you can do nothing about it. It's legislators' job.
If 2, you have to look into the definition of privacy violation and articles of relevant sanctions in GDPR.
For me, if you are targeted by personalized contents (based on your personal data), with or without your knowledge, and have no way to opt out, I believe, your privacy is violated, and the third parties should be sanctioned for that.
Click to expand...
Click to collapse
GDPR, from what I know, is ONLY ABOUT OBTAINING USER CONSENT for collecting data about the user. Or atleast that is how the implementation has been.
Without user consent, data cannot be collected, which essentially results in the individual not being able to use the device, as that is how companies have ensured compliance.
This is like going to a car dealership, paying for a car in full and taking delivery of the car. Now when the user starts the car, he is presented with a legally binding agreement that he MUST ACCEPT in order to be able to drive the car. Was the user aware of this agreement BEFORE the purchase? The answer is NO!
This defeats the purpose of ensuring user privacy that one would expect from a regulation like the GDPR.
Has GDPR been formulated in a way that protects user privacy? It is safe to say NO! All that it has done is to present the user with a policy statement that must be accepted, and there is no choice that the user has in respect of being able to use the device without accepting those.
More importantly, as pointed out in #3, the data is being collected by hundreds and thousands of apps, which by themselves have no control or use for the same. And all data ends up with a handful of corporations who process them in ways that are not clear to the user.
For example, most smartphones now come with Meta Services pre-installed. What is this service doing? I don't see an option to opt-out of it and still be able to use the device. OEMs don't allow for such services to be uninstalled either, so user has to rely on 3rd party tools to have them removed, and the process almost always has a negative implication on warranty.
It is time regulators all over the world start working in implementing laws in genuine ways that prevent corporations from abusing user privacy.
Then, that is not a question of consent, but of bowing your head or not.
Submit to my terms, and you will get this or that. Otherwise, you cannot use my apps, services.
It's like legalizing lynching, your privacy is violated, and the third parties remain unpunished, laws like GDPR are merely cosmetic.
At philosophical level, what we have discussed above could possibly (and humbly) be summarized in one sentence "which is to be master", from Lewis Carroll's "Through the Looking-Glass".
“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean — neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master — that’s all.”
Click to expand...
Click to collapse
A relevant legal case in history was Liversidge vs Anderson during WWII.
Liversidge v Anderson - Wikipedia
en.wikipedia.org

Categories

Resources