Can i trust my chinese (Umidigi) phone for email, banking, passwords ? (Umidigi S2 Pr - Security Discussion

Please help, I am unsure what to do now that I received my Umidigi S2 Pro unlocked phone that I purchased from GearBest and waited a month to receive-- booted it up and ran malwarebytes on it only to learn it has two adware programs built into the system. Norton did not find anything except a KRACK (some sort of Key reboot wifi vulnerability???) risk (not sure if it is on the phone or just an alert for my home wifi?). I thought I was getting a nice smartphone at a good price, but now I am very worried if I can trust such a phone from china-- would it be safe to set up the phone for online banking, for email with my email username and password? Should I just sell the phone on ebay and go back to using my ASUS phone that I bought in the USA where I live? The Umidigi is such a nice looking phone, but if it is a security risk I certainly will not use it, I would then sell it and take the loss and learn the lesson, ugh.
Quicktouch apparently contains the following adware as detected by Malwarebytes: Android/Adware.Xinyinhe.CJ
TouchPal 2017 apparently contains the following adware as detected by Malwarebytes: Android/Adware.Cootek
^^^They are both system apps so they are not so easily removed.
Thoughts, advice?

Midiman55 said:
Please help, I am unsure what to do now that I received my Umidigi S2 Pro unlocked phone that I purchased from GearBest and waited a month to receive-- booted it up and ran malwarebytes on it only to learn it has two adware programs built into the system...
Click to expand...
Click to collapse
Your best bet is to post this question within one of the following threads that is specific to your question.
http://forum.xda-developers.com/showthread.php?t=1846277
http://forum.xda-developers.com/showthread.php?t=1620179
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT PROVIDE SUPPORT VIA PM UNLESS ASKED/REQUESTED BY MYSELF.
PLEASE KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

I also have a similar issue,
Have checked the threads recommended and they are totally irrelevant to the question asked, so here goes:
I bought a new Umidigi phone from an online store, now turns out it seems to be rooted, should I just throw it away or is there any resoanable explanation to why it is like that. Is there anything I can do to be able to use this phone with safety.
Thanks

Shmool said:
I also have a similar issue,
Have checked the threads recommended and they are totally irrelevant to the question asked, so here goes:
I bought a new Umidigi phone from an online store, now turns out it seems to be rooted, should I just throw it away or is there any resoanable explanation to why it is like that. Is there anything I can do to be able to use this phone with safety.
Thanks
Click to expand...
Click to collapse
Did a root checking or antivirus app say it's rooted? I knew these phones have adware & questionable issues around personal data, but didn't think they come rooted. Though maybe some third party with access to phone rooted it, was it sealed when you got it? ( Could also have been installed in factory by unauthorised person or at instructions of Chinese government (though probably only if you or your company is a high value target))

Don't waste your money.
I have Umidigi S2 Pro.
It has very low quality.
The touch screen is very hard to use.
Cheap plastic material with very poor build quality.
The battery real capacity is not 5000mah. The battery is not detectable by battery software. Perhaps only 3000mah
The camera is so blurry. You just get fuzzy pictures.
Too many applications crashed instead of 6GB RAM.
The worst thing it come without any guarantee.
It' nothing but wasting my valuable money.

Can you imagine the fallout for a company, trying to compete in the International Marketplace if just ONE of their products was found to be phishing? In fact it would be commercial suicide in their own countries too.
I have a Umidigi A3, bought for a third of the price of my similar spec Samsung, and I also found that certain apps stated the phone was rooted, but root checkers and superuser software all found this not to be the case. I always rooted my early phones to play around under the hood, but lately certain establishment apps would refuse to work stating security issues with root so I haven't rooted my last couple of phones.. I have had no such problems with my A3. My establishment apps check and wave my little A3 through with a smile. False positive? I'd say likely. The cost of the license to use the latest Google Android OS kind of negates the reasoning behind 'the phish' . I believe the tweaks needed to customise the OS to Umidigi products is what causes these false posies.
And the build quality is superb!! For the price I paid, it may be akin to a Mini in the vast world of mobile communications, but it's deck out with the shiny walnut dashboard and plush seats of a Mini Rolls Royce. Time will tell about it's reliability but so far I don't think I'll ever pay hundreds of pounds for a mobile phone again.

My whole take on this Chinese security question is this.
1st, Google is a bigger (biggest) privacy risk. They can access your phone anytime without you knowing (if they wanted to). But yet no one thinks twice about trusting them, plus most people allow them to save all their passwords and info. But yet it's no concern to most.
2nd, A lot of other phone companies have their internal chips produced in China. And if the Chinese really wanted to spy, it's gonna be built into the hardware.(backdoor) Heck the US government was doing this. Everyone forget?
A lot of these proprietary chips even have access to your internet so they can download their proprietary drivers in the background without your knowledge.
There is no true security. The backbone of the internet was built to share information not secure it. Security starts with you. Everytime you choose to have private information at a convenience, you sacrifice security.
And as far as post 1 which I know is a year old, but for anyone that stumbles across this. The adware that was detected was probably all from TouchPal keyboard. That app is so junk, it even installs apps on your phone. It's always preinstalled on provider phones and such.
Google shouldn't allow these apps to be approved and these companies need to be held accountable for allowing these practices.
Good luck and safe browsing!

aaron74 said:
...Security starts with you. Everytime you choose to have private information at a convenience, you sacrifice security.
...
Click to expand...
Click to collapse
Absolutely concur. Thanks very much for the very true statement. And I think especially that what I partially quoted above can't be stressed enough.
Maybe this falls into the same context?

thanks for your reply
IronRoo said:
Did a root checking or antivirus app say it's rooted? I knew these phones have adware & questionable issues around personal data, but didn't think they come rooted. Though maybe some third party with access to phone rooted it, was it sealed when you got it? ( Could also have been installed in factory by unauthorised person or at instructions of Chinese government)
Click to expand...
Click to collapse
HHi, thanks for replying. The bitcoin wallet app said it was rooted, so yeah. But there were other strange things, like the draw lines security lock already is set so that I can't change it or use it. I bought it on aliexpress "new". It came it its' package and everything in it only it had been opened. It was stuck at costumes for a while so it seemed as if they opened it and play with it a bit there, but then after I saw the rooted thing everything us looking phisy.
Honesty, regardless, having this device made me understand once and for all where all the money goes to with those top dollar phones and why it is so worth it. Cause yeah, you kind of have everything... But it all sucks. Screen sucks, camera sucks. Multitasking sucks. Battery sucks. Radiation feel sucks, and seems pretty sure security sucks. So yeah, you kind of have efrything, but the low quality is felt. Daily.

Chinese brand phones cannot be trusted. It's best to buy Japanese or American ones, at least they're more secure in terms of malware and Trojans.

Related

Blackphone opinions???

I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.

Verizon Refuses Telephone Support Based on Installed Apps

I don't know if this is general knowledge here, but I figured I'd relate my experience here in case it's informative for others. I've been having a ton of trouble with dropped calls on Verizon at my home. It's always been a marginal signal, but the last couple of months it's been impossible to use my phone at all. So I finally called Verizon and quickly was transferred to Level 2 support. The Level 2 support immediately jumped down my throat about having a rooted phone. When I asked them how they determine that I have a rooted phone the agent proceeded to list every app installed on my phone and explained that some of them only work on rooted phones. He was adamant that the reason for dropped calls was having a rooted phone and refused to provide any support.
It was news to me that our Verizon phones phone home and keep them informed as to what apps are installed on our phones, and that now Verizon is refusing to provide support to people that even have apps that require root privileges.
Depends on the state that you live in. The warranty is to protect against hardware defects and in some states Verizon will have to show that rooting or one of your installed apps is the cause of your issues.
You can always flash back to full stock and see if you still have drops. If so, call them up again...
I *am* full stock. I have literally changed nothing except to root the phone. Everything is pure stock ... even the Verizon apps and recovery are all still there.
GNRDuncan said:
I *am* full stock. I have literally changed nothing except to root the phone. Everything is pure stock ... even the Verizon apps and recovery are all still there.
Click to expand...
Click to collapse
It is not uncommon for carriers to refuse to support anything other then fully stock devices. You have to remember that root is a security risk as well and most will not support this.
Thanks. I get that. What surprised me wasn't that they wouldn't support a rooted phone, but that Verizon had a list of apps I'd installed (even apps installed directly by ADB). I wasn't aware that they had spyware on my phone that was monitoring what I do on the phone.
GNRDuncan said:
Thanks. I get that. What surprised me wasn't that they wouldn't support a rooted phone, but that Verizon had a list of apps I'd installed (even apps installed directly by ADB). I wasn't aware that they had spyware on my phone that was monitoring what I do on the phone.
Click to expand...
Click to collapse
That is part of the info that is sent to all carriers when they collect info for troubleshooting and stats. Some of that info is they grab a list of apps in the system and data/app partitions.
I wasn't aware they could read anything on my phone without my permission. I wonder what other information they can grab at will without me knowing?
It's legal in the US for providers to look at what their customers are using and installing on their phone?
Bloody hell... Over here a provider isn't even allowed to see which apps use up your data, all they can report is how much you used in total. The very idea that they'd be allowed to look inside your phone is... inconceivable in Europe.
GNRDuncan said:
I wasn't aware they could read anything on my phone without my permission. I wonder what other information they can grab at will without me knowing?
Click to expand...
Click to collapse
Thats the thing is you give them permission. No one ever reads it but it is in the TOS. You even agree to it when you first sign in to an android device about it collecting data from your device. As for other info they can get. Pretty much any and every website you go to, and things like that. Your contacts and stuff are pretty safe. If you consider storing them on google safe.
ShadowLea said:
It's legal in the US for providers to look at what their customers are using and installing on their phone?
Bloody hell... Over here a provider isn't even allowed to see which apps use up your data, all they can report is how much you used in total. The very idea that they'd be allowed to look inside your phone is... inconceivable in Europe.
Click to expand...
Click to collapse
You might not have noticed but you agree to it on every android device. ITs all part of troubleshooting system issues. Heck Google can even remotely remove apps from your device. Carriers in the US have far more control over the device because you dont tech own the device until you pay off your contract or unless you buy the device at full retail price.
An agreement that says "we may collect data about your phone" is not the same thing as "You give us permission to enter your phone at any time for any reason and collect whatever we want from your phone."
What app allows this one the phone? I will happily remove it.
GNRDuncan said:
An agreement that says "we may collect data about your phone" is not the same thing as "You give us permission to enter your phone at any time for any reason and collect whatever we want from your phone."
What app allows this one the phone? I will happily remove it.
Click to expand...
Click to collapse
Thats the thing. It does. Collecting data about the device, pretty much says that you give them the right to collect data about the device. This does include apps installed. IT is not as simple as an app. IT is built into the OS.
zelendel said:
You might not have noticed but you agree to it on every android device. ITs all part of troubleshooting system issues. Heck Google can even remotely remove apps from your device. Carriers in the US have far more control over the device because you dont tech own the device until you pay off your contract or unless you buy the device at full retail price.
Click to expand...
Click to collapse
Google is not the same thing as a Telecom provider.
Google makes your OS, a Telco just provides you with access to the network. There's a very large difference.
It's like the Ministry of Infrastructure being able to see your car's logs. The manufacturer can read out the car's system for troubleshooting, as they should, but the government branch that pours asphalt on roads has no business seeing what kind on music I listen to in my car!
Who am I kidding, the US Ministry of Infrastructure probably has recordings from how awful people sing in their cars synced to the exact GPS coordinate for every word.
Maybe I should explain that European devices are not truly Branded? The only branding they have are logos, tunes and a few apps that you can freely remove or add through the online appstores as well.
A lot of users have a SIMonly contract (just a SIM) and buy their devices, without any connection to their provider, in an independent store.
The whole system US providers have with their own privately locked devices that don't even allow eachother's 4G network, that's illegal here.
zelendel said:
Thats the thing. It does. Collecting data about the device, pretty much says that you give them the right to collect data about the device. This does include apps installed. IT is not as simple as an app. IT is built into the OS.
Click to expand...
Click to collapse
Your laws are very, very terrifying. No wonder the USA is such a bloody mess....
I thought the spying on citizens for money, corruption and dirty business practises wasn't that bad, but it seems I've had a very naive view of the USA. I'm utterly grateful I never followed my childhood dream of emigrating to the USA. They're one step away from a totalitarian corporate government... I'm starting to see why so many people keep referencing Skynet... The plot in Continuum (the TV show) is far more present-day and far less futuristic, it seems...
Over here "we may collect data about your phone" does not mean "We have the complete legal right to read everything you do, watch, install and write on your phone".
They must specify exactly what data, how they collect it and what they use it for, and any deviation from those specifications results in a hefty fine or even a suspension of business rights.
They're only allowed to look at your phone, not in it. They can't even connect your dialed numbers to your in-phone contacts on the bill. Even in their own app, you have to give explicit permission for that link.
zelendel said:
Thats the thing. It does. Collecting data about the device, pretty much says that you give them the right to collect data about the device. This does include apps installed. IT is not as simple as an app. IT is built into the OS.
Click to expand...
Click to collapse
Your interpretation of the term differs radically from my own.
Luckily we have AOSP, so if we know where the code that allows this is located we can remove it. Any ideas where to start looking? I'm new to all of this, but it would be worth getting into it if we really have to waste our time protecting ourselves from the businesses we have to patronize in order to function in a modern society.
ShadowLea said:
Google is not the same thing as a Telecom provider.
Google makes your OS, a Telco just provides you with access to the network. There's a very large difference.
It's like the Ministry of Infrastructure being able to see your car's logs. The manufacturer can read out the car's system for troubleshooting, as they should, but the government branch that pours asphalt on roads has no business seeing what kind on music I listen to in my car!
Who am I kidding, the US Ministry of Infrastructure probably has recordings from how awful people sing in their cars synced to the exact GPS coordinate for every word.
Maybe I should explain that European devices are not truly Branded? The only branding they have are logos, tunes and a few apps that you can freely remove or add through the online appstores as well.
A lot of users have a SIMonly contract (just a SIM) and buy their devices, without any connection to their provider, in an independent store.
The whole system US providers have with their own privately locked devices that don't even allow eachother's 4G network, that's illegal here.
Click to expand...
Click to collapse
Oh I know. I generally dont buy US based devices even though I live here. Also our carriers here put their own version of the OS on the device. Loaded down with bloat ware and added code.
GNRDuncan said:
Your interpretation of the term differs radically from my own.
Luckily we have AOSP, so if we know where the code that allows this is located we can remove it. Any ideas where to start looking? I'm new to all of this, but it would be worth getting into it if we really have to waste our time protecting ourselves from the businesses we have to patronize in order to function in a modern society.
Click to expand...
Click to collapse
Not that simple. AOSP is alot different then what comes on carrier devices. Carrier roms are closed sourced just like OEM roms like touchwiz, HTC sense and all the others.
Why do you think Verizon goes through such great pains to lock the bootloader. There is no way that I am aware of as they would just get the info from google as they collect the same info.
zelendel said:
Not that simple. AOSP is alot different then what comes on carrier devices. Carrier roms are closed sourced just like OEM roms like touchwiz, HTC sense and all the others.
Why do you think Verizon goes through such great pains to lock the bootloader. There is no way that I am aware of as they would just get the info from google as they collect the same info.
Click to expand...
Click to collapse
Google can't collect the data if the code that collects the data is removed.
GNRDuncan said:
Google can't collect the data if the code that collects the data is removed.
Click to expand...
Click to collapse
You could try but buy doing so you would lose all access to Google Apps. There is one project that I know of that is working to remove all Google stuff from Android. CM has the same plan but like I said you would lose all access to Google Apps in doing so. It's all part of just about every OS on the planet.
zelendel said:
Oh I know. I generally dont buy US based devices even though I live here. Also our carriers here put their own version of the OS on the device. Loaded down with bloat ware and added code.
Click to expand...
Click to collapse
Wise move!
They do add bloatware here, but all of it is just pre-installed apps that you can add and remove at your leisure. They're all apps that you can find on the Play Store (or Windows Marketplace, or Apple Store) and can install as a customer from another provider as well. The only code they're allowed to add is network optimisations.
They can't alter any of the system functions. Take the TNL firmware (T-Mobile NL), all it has is the My T-Mobile app and the T-Mobile logo+tune at boot. That's the entire branding. It's hardly worth the word 'Branding', all they did was slap a sticker on it and insert a businesscard, so to speak.
And you're free to just flash any other firmware, as flashing, rooting and using CustomROMS can't void the warranty due to the EU laws. Even KNOX 0x1 doesn't matter.
I do Samsung-based tech support for T-Mobile NL (which is why I know what they can and can't do here), and half my day consists of helping users flash the Unbranded firmware over the Branded one, through the official contact channels. Samsung will even do it for you if you take the device to a Service Center. Managed to wipe your IMEI? Take it to a Service Center with proof of purchase and they'll fix it for you in minutes. Sending in a device with a broken screen that has Cyanogenmod on it gets a new screen and returned to the customer under warranty.
The other half of my day is sometimes spend explaining to users why, due to privacy laws, a provider can't block an app or service from using up your data, and can't block malicious sms subscription services.
The EU council is filled with idiots, but they do have their moments. :laugh:
ShadowLea said:
Wise move!
They do add bloatware here, but all of it is just pre-installed apps that you can add and remove at your leisure. They're all apps that you can find on the Play Store (or Windows Marketplace, or Apple Store) and can install as a customer from another provider as well. The only code they're allowed to add is network optimisations.
They can't alter any of the system functions. Take the TNL firmware (T-Mobile NL), all it has is the My T-Mobile app and the T-Mobile logo+tune at boot. That's the entire branding. It's hardly worth the word 'Branding', all they did was slap a sticker on it and insert a businesscard, so to speak.
And you're free to just flash any other firmware, as flashing, rooting and using CustomROMS can't void the warranty due to the EU laws. Even KNOX 0x1 doesn't matter.
I do Samsung-based tech support for T-Mobile NL (which is why I know what they can and can't do here), and half my day consists of helping users flash the Unbranded firmware over the Branded one, through the official contact channels. Samsung will even do it for you if you take the device to a Service Center. Managed to wipe your IMEI? Take it to a Service Center with proof of purchase and they'll fix it for you in minutes. Sending in a device with a broken screen that has Cyanogenmod on it gets a new screen and returned to the customer under warranty.
The other half of my day is sometimes spend explaining to users why, due to privacy laws, a provider can't block an app or service from using up your data, and can't block malicious sms subscription services.
The EU council is filled with idiots, but they do have their moments. :laugh:
Click to expand...
Click to collapse
Yeah here that is not even close to being an option, I spent years working for Verizon Tech support. They try to void your warranty anyway possible. That is mostly due to the fact of the subsidized pricing for phones. Here you dont even really own the phone completely for almost 2 years after you get the device.
Service centers here are few and far between. All warranties go through the carrier. Carriers here love blocking apps. But then Like I said they have too much control over the devices.
zelendel said:
Yeah here that is not even close to being an option, I spent years working for Verizon Tech support. They try to void your warranty anyway possible. That is mostly due to the fact of the subsidized pricing for phones. Here you dont even really own the phone completely for almost 2 years after you get the device.
Service centers here are few and far between. All warranties go through the carrier. Carriers here love blocking apps. But then Like I said they have too much control over the devices.
Click to expand...
Click to collapse
The law changed here recently, nowadays the phone you buy with a subscription has to be charged separately. You basically buy the phone and split the payments over 2 years. You own it straight away, you can even sell it if you want, but you have to continue paying for it, even if you sell it, until you've paid it off. If you end the contract prematurely, you have to pay the remaining sum of the phone.
Warranty-based repairs here go through the shop you purchased it from. If you bought it directly from the provider, they handle the warranty. If you bought it from an independent shop or online store, (both of which also sell subscriptions with phones for the providers) they send it to Samsung. Even if you buy it with a subscription.
There are 12 Service Centers in the Amsterdam area alone. (They're not Samsung stores, we only have 2 of those (which is probably still quite a lot compared to the US, considering we only have 17 million inhabitants), but they're service points inside another store, often the stores of various providers. You can go there regardless of who you pay each months.)
(Sorry for the walls of text, I find these things very interesting xD)

Phone hacked need advise and guidance

Hi
I know that this will sound like another hacked story but I know what to do.
My phone got hacked couple of months back.i didnt know it was untill the hacker started to leave clues. It was then that i started really payibg attention to everything going on. but keeping quiet abort it so that he or she thinks i didn't know
I know of 3 incidents that may have conpronised my security coupled by the fact that I did not practice password hygiene or unique ones for all accounts. I know that its totally my fault and i am not goings to blane Android os. So please dont think of this as one of tjose posts
What i now need is help in understanding what tondo next.
Little details on what happens, lets say i get search for some one on Facebook. The same is Charles smith, I Finish off my search and open Instagram boom i see a pictures where recommended shows a google search page where Charles is written and the Google auto complete is giving options .
Happened twice
I tumlr and I don't really post anything in fact My blog is totally blank. Suddenly i have people followings me and they tend of hame my nick name as their user id .the id displays my WhatsApp status updates.
These and just two examples i have more but i think everyone gets whats going on.
things i have done to prevent such occurences factory formatting the phones mac abd router. Gotten new routers and ready to flash a custom firmware for them.
Password changes .everything.wps2 aes wifi password with random numbers upper case lower case n symbols
Passwords are written on paper without a electronic backup and under lock and key.
I thought that maybe its a key logger but i took my moto x2 n moto e2 to the service center and got them to re load official software.
Two days later bam the same thing.
Any suggestion on where the weakness is ?
The problem is that I am kind of tired if thi
Sent from my XT1092 using XDA Forums
Check account sync settings if it is on more applications can use various private data.
Sent from my A0001 using XDA Free mobile app
i dont understand?
can u explain , i have sync on should I not have it
on different note does anyone suggest rooting and installing something that can isolate and restrict data from being accessed. now i know that exposed does that and marshmallow will work that out. but any other guidance ?
Did you use a virus or malware scanner?
Are there any apps you didn't install on your phone?
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Semseddin said:
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Click to expand...
Click to collapse
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Jaytronics said:
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Semseddin said:
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Click to expand...
Click to collapse
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Jaytronics said:
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Humble apology accepted.
You may not like AT&T and Verizon for their tight stance against rooting.I don't like that as well. They're filling their devices with their bloatware and excluding some very useful features from their customers like hotspot for free. However, Anyone who owns an operator variant of a specific device have already signed a contract with his operator already accepted their terms and that's why they get their bloated and controlled devices for cheaper prices in long term instead of paying full in cash. That said, i see nothing wrong with AT&T or Verizon's policy of keeping their devices locked to death since rooting would take a stake from their business and that was not their agreement with their customers. This is not the subject of this thread for sure. Should add, i see nothing wrong if a contracted owner a device wants to take full potencial out of it by rooting since it is the only way for them to get rid of bs in their devices. This is another discussion, not related to this thread.
I will use the word " regular user " instead of "dope" since nobody have to be knowledgeful about android security. Being someone without a clue of android security wouldn't make them a "dope". I currently sport a Moto Maxx, a bootloader unlockable variant of Verizon Droid Turbo sold in Brazil. I paid about 150$ more just to be free of Verizon Bloatware for the exact same hardware. I could have paid 150$ less and bought a Verizon Droid Turbo but i didn't just because i knew i would have Verizons' bs running in my phone every second. There used to be a time for me when rooting was a must with android because i used to own devices bloated with Motoblur, having low amount of ram and storage as well as unavailbility of disabling/deleting of unwanted apps. Now, i have 3gb of ram and 64gb storage with near Vanilla Android experience with my phone. I asked myself, what the heck do i need rooting for ? The answer was easy : nothing.
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Semseddin said:
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Click to expand...
Click to collapse
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
optimumpro said:
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
Click to expand...
Click to collapse
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Just kiss each other already or dont say anything.
This thread is made by someone who needs help and you two both are taking it off topic instead of helping him. Now out of respect for that user, stop this endless conversation.
Semseddin said:
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Click to expand...
Click to collapse
This is not about respect, disrespect or disagreements. The facts (not opinions) remain: every operating system on Earth provides root or administrative privileges to users. However, it is not given to the same user when he turns to a smartphone. There is no security reason whatsoever why a user has root on computer and no root on a smartphone.
As I have already said, there are plenty of non-security reasons for the above: the main one being to prevent the user from removing advertising junk and spying malware inserted there by manufacturers, carriers and software providers. Kids love it (above three) and Mother (NSA) approves...
Every argument against root invalidates itself when applied to computer OS: remember the user is the same.
@its the peanut
Please stop patronizing. This is a security discussion thread and we discuss security, which is beneficial to the poor guy, the OP... :silly:
Semseddin, what do you do to stop fastboot?
rooting and knowledge go hand in hand, the OP states device is rooted, but sounds like hasn't got the interest to know what's behind the process. that is why we don't have the slightest piece of evidence that his device has been compromised. just the users opinion that it has.
having su and adb debugging at least allows them to logcat.

Is Rooting your device illegal?

Sorry if this question has been answered already, but I haven't found a recent (ie within a year) thread about this when I searched. I haven't rooted anything in years and I've just got a Galaxy Tab Pro and was looking into Rooting it. My friend who has an HTC One has also reached out to me asking me how to Root it.
When I started researching methods I kept running across articles that were stating that Rooting a device is now illegal? I've never heard of this before, is it true? Anyone have links to information that says otherwise?
No it's not but In most cases it will void your warranty. also most of the time you could always unroot your device. I used KingRoot to root my phone it's an app it was quick and simple.
Sent from my BLU STUDIO 7.0 II using XDA Free mobile app
It depends what you do with root. If you root it to "hack" or "snif" then you're doing a illegal thing. If you root it to costumise your Android then, you're not disturbing a privacy from another person or what else.
Hit the Thanks Button if I helped
You bought and own it. You can do what you like with it. Of course if it's a stolen phone and you're rooting it to mess with the IMEI, then that's another matter.
Does anyone have links to articles or information confirming this? Because all I can find are articles stating that it is illegal with the 2nd article below stating that "Tablets cannot be Rooted AT ALL" (*edit: apparently I can't post links yet)
godzillinois said:
Does anyone have links to articles or information confirming this? Because all I can find are articles stating that it is illegal with the 2nd article below stating that "Tablets cannot be Rooted AT ALL" (*edit: apparently I can't post links yet)
Click to expand...
Click to collapse
I don't know what you have been reading, but it's wrong. Root is perfectly legal. My Nexus 7 and Nexus 9 are both rooted.
Where are you getting this information? That part of the internet should just go ahead and die.
well like I said, I can't post links yet because I'm still 'new' but if you just Google Root and Illegal a bunch of articles come up (some contradicting the others, which is why I was looking for a definitive answer from somewhere.)
godzillinois said:
well like I said, I can't post links yet because I'm still 'new' but if you just Google Root and Illegal a bunch of articles come up (some contradicting the others, which is why I was looking for a definitive answer from somewhere.)
Click to expand...
Click to collapse
I think you don't quite get how search engines (google) works: you can google illegal and pineapples, and get a bunch of articles.
The only issue with rooting would be that it breaks/voids warranty in most cases, and if your device was obtained on contract i.e. still technically the property of your provider, then rooting might be against the terms of service - the consequence of which varying depending on the provider.
HypoTurtle said:
I think you don't quite get how search engines (google) works: you can google illegal and pineapples, and get a bunch of articles.
The only issue with rooting would be that it breaks/voids warranty in most cases, and if your device was obtained on contract i.e. still technically the property of your provider, then rooting might be against the terms of service - the consequence of which varying depending on the provider.
Click to expand...
Click to collapse
I wasn't searching for it outright, I was actually searching for the pros and cons of rooting since my buddy was interested, and a couple of the articles I kept running into kept mentioning the illegality part. Since I can't post links I just suggested that one Google Root and Illegal since someone actually asked where I got my information. I figured it would be easier than explaining all this and then telling him to Google "Pros and Cons."
Obviously I know how a search engine works, no need for the passive aggressive comments - especially when you provide no other help than what was already said.
godzillinois said:
I wasn't searching for it outright, I was actually searching for the pros and cons of rooting since my buddy was interested, and a couple of the articles I kept running into kept mentioning the illegality part. Since I can't post links I just suggested that one Google Root and Illegal since someone actually asked where I got my information. I figured it would be easier than explaining all this and then telling him to Google "Pros and Cons."
Obviously I know how a search engine works, no need for the passive aggressive comments - especially when you provide no other help than what was already said.
Click to expand...
Click to collapse
Sorry, wasn't meaning to sound that way, but your question is rather vague as there isn't one universal global law system - although arguably there should be for digital matters.
To fully answer there are several parts to look at; primarily does it violate local laws - in some cases it can be argued that it breaks copyright law. Additionally you need to question on if the 'broken law' is inforcable - inmost cases it is not and the said laws were made in a pre-digital age and haven't been updated to account for the current world. As an example - setting the wrong age (or a fake profile) on FB is technically illegal as it's against the TOS which is a legal document; but the proseccution of these lawbreakers isn't feasible or inforcable.
Although as i stated previously - this can be slightly different if the device isn't wholely owned by the user i.e. the device cost was covered by the network provider and essentially loaned to the user until the contract is over.
Fair enough - sorry to jump on you, so I guess to be more specific I was looking into the legality of Rooting devices that are out of contract in the US/Illinois. My friend's phone is older than 2 years well past his contract, and I bought a refurbished Wifi-only Galaxy Tab Pro which seems is stuck on Kit Kat for now.
I'm mainly looking to Root to turn off my back button and gain write access to my external SD card (as well as remove bloat) but the Wifi-tether I was finding in articles seems intriguing. Although that seems like if anything that came from Rooting would be illegal that would be it (and bootlegging paid apps of course.)
godzillinois said:
Fair enough - sorry to jump on you, so I guess to be more specific I was looking into the legality of Rooting devices that are out of contract in the US/Illinois. My friend's phone is older than 2 years well past his contract, and I bought a refurbished Wifi-only Galaxy Tab Pro which seems is stuck on Kit Kat for now.
I'm mainly looking to Root to turn off my back button and gain write access to my external SD card (as well as remove bloat) but the Wifi-tether I was finding in articles seems intriguing. Although that seems like if anything that came from Rooting would be illegal that would be it (and bootlegging paid apps of course.)
Click to expand...
Click to collapse
You can easily bootleg paid apps without root, so don't think that rooting is opening up the phone to the "dark side" of Android.
Rooting devices is not illegal anywhere in the US. It does, however, void your warranty and if you were to trade in the device for credit towards a new one they will likely not take it and force you to pay the difference.
But if you own the device outright (not on contract or paid full price), it is yours and you can do anything you like with it. You can root it, you can smash it with a hammer, or you can bake it into a cake. The possibilities are endless.
Even if you don't "own it" outright yet (i.e. are on a 2 year contract or pay monthly installments) you can still modify the device in any way as long as you finish your contract/agreement.
As long as you don't use root access to do illegal things, it's perfectly fine. Root itself is harmless.

Chinese phones and spyware - is rooting / custom firmware & ROM the answer?

So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
They could have embedded hidden backdoors in the hardware or worse.
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Fytdyh said:
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Click to expand...
Click to collapse
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
steveyc2 said:
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
Click to expand...
Click to collapse
Sorry about that.
At this point, I doubt there isn't a smartphone maker that does not track its users. From chinese makers to American makers, everyone tracks their users. Their data sells the best. At this rate, if you want to totally protect your privacy, don't buy a phone. Anything and everything can be tracked. Dumb phones and smartphones. So picking a smartphone isn't going to keep your privacy secure. You might have a say in how many people do you want to track you, based on phone's price.
steveyc2 said:
So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a reliable daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
Click to expand...
Click to collapse
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Be aware that no cell phone provides you with true anonymity.
xXx yYy said:
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Click to expand...
Click to collapse
yes i know i can do that- and the firmware too- my question was about the practicality of living with such a phone once done
xXx yYy said:
Be aware that no cell phone provides you with true anonymity.
Click to expand...
Click to collapse
Yes, aware of that, just trying to minimise exposure while still having a usable phone
blackhawk said:
They could have embedded hidden backdoors in the hardware or worse.
Click to expand...
Click to collapse
worrying but if one wipes the firmware and ROM then that would mitigate any hardware backdoor risks I would have thought?
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
sso003 said:
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
Click to expand...
Click to collapse
Some infos could go to an American proxy server then to Chinese. In order to be sure no one gets you data, learn to code and make your own rom and your own apps. Open source apps are an option if you know to check the source yourself.

Categories

Resources