If you are concerned about security updates, you can check this report (updated 07/02/2018), providing information for device between 2011 and 2017 and report if your device is updated not.
This is a compilation of data based on official reports, official support responses and users feedback community.
Source : https://twitter.com/SecX13/status/961691443931820033
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
TD.
Again with this exaggerated focus on security updates. Am I the only one going "who the **** cares?" I mainly care about general OS updates, and even then I don't go around being angry for not getting it (if anything, I get more angry if the update is **** and I have to wait a long time for the next update to come along and fix the problems the first one brought). But not once in my life have I gone around thinking "hmmm, wonder when I can get my next security update..." This issue with security updates seems to be completely blown up by tech nerd sites and a small minority of enthusiasts online. Hell, I even consider myself a smartphone enthusiast, as I buy and sell phones for a living (and get to test virtually all flagship phones). But even I don't give a **** about this. I doubt the average consumer do either.
For a basic user this can be not so important, until he’s affected with a malware or other security issue.
This is more important for business company, organization and people that need minimum security, especially during this time with Meltdown, Spectre and also other malware affecting Android.
You can look this table like «*Brand that does good/bad job to update and maintain quickly/slowly your device*» not only with the security purpose.
Don’t forgotten that brands that does minimum security updates does also minimum and slower OS updates.
TylerD13 said:
Don’t forgotten that brands that does minimum security updates does also minimum and slower OS updates.
Click to expand...
Click to collapse
That's just wrong, and you know it. There's no real coherence between fast security updates and fast OS updates. A great example is how fast Essential is with security updates. They're not as fast updating to a newer OS version compared to, say Google, now are they? And that's even despite the fact that their interface is virtually stock Android and should be an easy job for them, as well.
Also, you exaggerate the security update’s importance by your talk about malware, spyware etc. issues being of importance. But the fact of the matter is that of all the phones I have tested and owned over the years, I have never ever run into issues with malware or any other kinds of security problems with my Android phones. That includes a ton of phones from Google, Samsung, Sony, LG, OnePlus, Huawei, Xiaomi, HTC, Motorola, etc. All OEMs with large variations in times they take to give security updates. It also includes 4+ year old devices that family members have; no issues there either. So this worry you seem to have is blown out of proportion. It's an issue no average user or even enthusiast really gives a **** about.
generalako said:
That's just wrong, and you know it. There's no real coherence between fast security updates and fast OS updates. A great example is how fast Essential is with security updates. They're not as fast updating to a newer OS version compared to, say Google, now are they? And that's even despite the fact that their interface is virtually stock Android and should be an easy job for them, as well.
Click to expand...
Click to collapse
There can of course be exceptions, but overall with main OS like iOS and Android this is most the time true.
Essential is not a good example, it’s a new and small company compared to other.
If your device brand don’t take care of your software with security update, there’s great probability that is the same with other updates.
i'd say it depends on how valuable your data and "transactions" on the smartphone is to you. if you dont giva a ****, so be it and maximum damage/risk is caller/sms fraud or some minor annoyances like crypto trojans and the like which exhaust your battery. if your doing banking apps, password save or or have other confidential data on your phone (test: you'd handover your photo gallery to a stranger?), then you might think again about your personal risk management.
my 2 ct.
Related
CRC1 patch is hitting the interwebs. Notable Android hacker JesusFreke issued the following update on his blog for those running JF1.51 US/EU builds:
http://jf.andblogs.net/ said:
OTAs in JFv1.51
July 19, 2009 If you are on the US or EU versions of JFv1.51, you’ll likely get an OTA update notification soon, if you haven’t already. I had accidentally left in the otacerts.zip file, which allows OTAs to be downloaded and verified.
For now, there are a few possible work arounds.
1. delete the otacerts.zip file manually. The file is at /system/etc/security/otacerts.zip But keep in mind if you use this method your phone will continuously re-down the OTA and try to verify it, which is bad on your bandwidth usage and your battery life
2. Replace /system/build.prop on your phone with the one from the ADP1 version of JFv1.51
3. chmod 000 the OTA file in /cache (unconfirmed solution, but is likely to work)
Or you can ignore the popups for now, and wait for my new release based on the new update (CRC1). I promise to “disable” the OTA mechanisms in a better way than simply deleting otacerts.zip
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
. I should be able to get something out soon (next few days)
In the meantime, even if you accidentally hit “accept” on the popup, it won’t be able to install the update when it gets into recovery, so you aren’t at risk of losing root access.
Click to expand...
Click to collapse
thank god, or should i say, thank jesusfreke
nice cant wait till the new buil is released thanx JF
Thanks for keeping us abreast!....
thats right i said it... abreast.
finally!
the freke himself has graced the masses! I feel bad i switched to cyaogen.... i guess i can maake it up to JF with a donation
pistol4413 said:
the freke himself has graced the masses! I feel bad i switched to cyaogen.... i guess i can maake it up to JF with a donation
Click to expand...
Click to collapse
Why do you feel bad? You're not betraying anyone as you're not obligated to just one dev. I appreciate all the devs out there, equally.
all in the family
no need to feel bad; CyanogenMod is a DF derivative
I wonder if he will make it support ext3
DOHCtor said:
Why do you feel bad? You're not betraying anyone as you're not obligated to just one dev. I appreciate all the devs out there, equally.
Click to expand...
Click to collapse
I know I shouldn't, but that's just the type of person I am. When I like something I become loyal to it weither it be a certian Rom or dev, or just something in general I guess. I call it loyalty some people call it being close minded
pistol4413 said:
When I like something I become loyal to it weither it be a certian Rom or dev
Click to expand...
Click to collapse
This kind of mentality can breed what is affectionately called "fanboyism".
Can breed, doesn't have to breed. Like I stay loyal to JF because I'm not a fan of roms that contain many ported apps. It's mostly bloat to me, as I don't need to take advantage of it all.
Cyanogen's roms would be interesting to give a try to sometime down the road. But I'm happy on my JF ADP build, it's close enough to stock (without the bloatware the US builds add in) to be compatible and runs light enough to work snappily.
"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."
The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices. Another pair of SMS bugs in the iPhone and Google's ( GOOG - news - people ) Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.
The new round of bugs aren't the first that Miller has dug up in the iPhone's code. In 2007, he became the first to remotely hijack the iPhone using a flaw in its browser. But while that vulnerability gave the attacker a similar power over the phone's functions, it required tricking the user into visiting an infected Web site to invisibly download a piece of malicious software. When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month. ("See: Hacking the iPhone.")
sourses
http://gizmodo.com/5325703/iphone-s...llow-every-iphone-in-the-world-to-be-hijacked
http://www.forbes.com/2009/07/28/ha...direct-gri.ms&utm_content=bookmarklet-twitter
i guess this is what that CRC1 patch was for
JF must be cooking up something real good because he's taking quite a while to release the CRC1 roms. I can't wait...
DOHCtor said:
JF must be cooking up something real good because he's taking quite a while to release the CRC1 roms. I can't wait...
Click to expand...
Click to collapse
yeah wish he would give us an update, if he's not going to release anything then i'd like to know so i can think about changing to someone else firmware.
Original posted at SkyJedi.com
Please vote it up on reddit
Charles Wolf released an interesting report to investors on the 19th. I couldn’t find it online so I requested the data directly from Mr. Wolf. Here it is I felt that is was fishy so I investigated a little more.
On page 9 of his report wolf has a quote to support the inferior nature of the apps within the android market place from this article.
Darrell Etherington, “Apple Loses Ground to Android, But the App Store Still Dominates” gigaom, February 9, 2011.
The vast amount of spamware (45,000 out of 100,000 apps in the Android Marketplace are spam apps) and the low number of top-tier game titles (20 for Android vs. 306 for iOS) and other app categories all play their part in making the Android app market a cottage industry compared to the profit-engine of the iOS App store.
Click to expand...
Click to collapse
Unfortunately this is never in the article or written by Darrell Etherinton, its a comment on the article from a user who goes by mrrtmrrt who signs his comment Mart. I’m still trying to track this guy down. But he loves commenting. InforWorld, Forbes, The Guardian, Marketwatch, and the list goes on.
In another quote, page 10, said to be from
Kyle Baxter, "Android Isn’t About Building a Mobile Platform,” tightwind.net,January 4, 2011
Android’s market may… be terrible in comparison to Apple’s App Store for paid applications… because… discouraging paid applications on the Android platform is in Google’s interest
Click to expand...
Click to collapse
The real quote is
For example, Android’s market may not be terrible in comparison to Apple’s App Store for paid applications just because Google hasn’t yet finished it; rather, discouraging paid applications on the Android platform is in Google’s interest.
Click to expand...
Click to collapse
A cleaver use of eliplise.
I wondered about the accuracy of his numbers and more importantly the accuracy of his interruption of the numbers from IDC. I requested the data from IDC directly and got this response from IDC PR.
Unfortunately, I can't share that data with you -- it's proprietary research that was unfortunately usurped by a Needham analyst and plastered all over the Web.
Click to expand...
Click to collapse
From what I gather from released un-usurped data, Nielsen April 2011, comScore June 2011, and most importantly of all IDC June 9th 2011, the same company Wolf quoted the majority of his data from, Android is in no shape to stop or slow down anytime soon. This data which covers that same time period as Wolf's report have drastically differnt trands. I think IDC sums it up best
IDC expects Android, which passed Symbian as the leading operating system worldwide in Q4 2010, to grow to more than 40% of the market in the second half of 2011. A significant and growing list of vendors who have made Android the cornerstone of their respective smartphone strategies is propelling the growth of Android
iOS was the third ranked OS going into 2011 and will remain a force in the mobile phone market throughout the forecast. After an initial explosive growth period, iOS is expected to grow at a more modest pace throughout the latter half of the forecast as the smartphone market matures and diversifies. Although a small market share decline is expected, IDC expects significant overall shipment volume growth through the end of 2015.
Click to expand...
Click to collapse
I got ahold of William A. Stofega, Program Director of Mobile Device Technology at IDC and got his opinion from the same dataset that Mr Wolf has.
Quarter over quarter there will be fits and starts for all manufactures. Android is a driver in terms of growth no matter whose numbers you look at. IDC see android as the leader in mobile right now especially with a huge growth in lower tier and emerging markets like China. Regarding Mr Wolf, its fine that he used our data, but IDC is unaware of his methodology of analysis. The bottom line is what the end of the year numbers will be.
Click to expand...
Click to collapse
I contacted Mr Wolf and asked for his methodology and dataset, but haven’t received a reply as of publication.
With the fact that Wolf's main source of data, IDC, sees Android as the leader and has the expectation of continued growth, the published numbers from multiple sources, I cannot see how Mr Wolf has reached his conclusions. He may have taken an extremely narrow subset of data to produce his numbers, but as IDC stated, its the end of the year numbers that matter, not a subset of data. Without his methodology and the dataset one cannot check his numbers, but if he cannot even cite a source correctly, I don't trust his statistical analysis skills. In the end I think that Mr Wolf wrote this report for shock value and to make a name for himself. I don’t think I am alone in that opinion.
Finally just a reminder, don’t believe everything you read, check the sources, and check to make sure the sources were quoted correctly.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sounds like what I thought was right, Charles Wolf is a publicity whore.
Forevermore, such shocking use of statistics shall be known as "pulling a Charlie"
Hello, this video shows that Android is two times less reactive than IOS.
http://youtu.be/bNc3yiz0vUo
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Does anyone know if Google plans to correct this?
Tank's
dreeck said:
Hello, this video shows that Android is two times less reactive than IOS.
http://youtu.be/bNc3yiz0vUo
Does anyone know if Google plans to correct this?
Tank's
Click to expand...
Click to collapse
From the video, it appears that this relates to a particular app (mini piano), so in that case, I'm not sure why it's Google's responsibility to improve the responsiveness of a third party piece of software.
That said, there are some very basic reasons for why iOS will invariably be smoother and more responsive than Android almost 100% of the time.
Put simply, iOS and Android both began their respective development at totally different times. Android started development during a time when the market was saturated with keyboard-centric devices like Blackberry's and such. There wasn't a whole lot of touch-screen proliferation, and even then, those devices with touch screens were still very proprietary and basically none of them offered multi-touch. As such, Android was never originally designed for multi-touch screens; that kind of functionality is more of an evolutionary adaptation than anything else really. Android's core design principles focus on multi-tasking and cloud service connectivity in order to maximize productivity. That's why Android has always more effortlessly been good at both of those things.
iOS on the other hand was designed from ground up to be used on a multi-touch user interface. As such, iOS products have been more focused on being UI-centric, while other functions take a lower priority. Basically, when the user interacts with the screen of an iOS device, the system will drop everything it's doing (if need be) just to make sure that the UI runs smoothly. For example, say you try to interact with a webpage as it's loading on an iOS device. The device will actually stop loading the page, as long as you are touching the device to interact with it. As soon as you're no longer touching it, the page will continue to load. This is also why multi-tasking was more of an afterthought than a core principle with iOS. Apple could have easily implemented some form of multi-tasking right with their first iPhone, but considering the resource limitations at the time, that would have come at the cost of an interface that wouldn't have been as smooth or responsive.
So, to sum up:
Generally speaking, iOS will almost ALWAYS have a smoother and more responsive touch interface than Android has (unless Google basically rebuilds Android for touch screens from ground up).
That said, Android will almost ALWAYS be a better at multi-tasking and integrating cloud services than iOS (unless Apple decides to basically rebuild iOS from ground up with a bigger focus on those services).
Which is better than the other? Well, that's up to you really; it's totally subjective. If you want a simple to use UI which is smooth and responsive, then maybe iOS is better suited for you. If a more diverse ecosystem with endless customization options and very powerful multi-tasking beasts are important enough that you can accept a reasonable cost in the UI smoothness, then Android is your best bet.
thank you for taking the time to respond
for this video, I tried a dozen pianos Android and I chose the one with the least latency.
The latency of Android is a real handicap. I am shocked that no one cares.
For my part I think this problem is caused by drivers
I know this is not comparable, but on PC there is ASIO4All, a pilot able to remove this latency (but just for Audio).
I have a Galaxy Note and I hope that Google will improve this problem.
The reason Google hasn't fixed this issue is because in order to fix this issue the Android UI would have to be completely reprogrammed to accommodate a fix. If they reprogram in that manner then it would basically make every device after the reprogram a legacy device and every application would have to be rewritten.
Sent from my ADR6350 using Tapatalk
"If they reprogram in that manner then it would basically make every device after the reprogram a legacy device and every application would have to be rewritten."
So if I understand it, Android will stay soft?
I am shocked to hear that. If true, I would not give much of its future.
Some applications are unusable with this latency, Apple can rest wisely. this is sad.
I read about it in an article from an interview with an ex Google employee. He said that a complete rewrite of the OS would have to take place
Sent from my ADR6350 using Tapatalk
Thank you for this information.
But in this article it says that ICS has undergone a complete rewrite. What do you think ?
http://www.brucebnews.com/2011/10/new-iphone-new-android-phones-new-windows-phones/
you should read record this video using a galaxy nexus. There is a lot less latency than you show on your video using 'mini piano lite '
It is impossible that you have touched an iPhone, otherwise you would not say that.
Everything I touch on my note have latency compared to the iPhone. And whatever the rom flashed.
To prove that I am not the only one to rave :
http://www.musiquetactile.fr/android-is-far-behind-ios/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Is it because Android is the most popular smartphone platform in the world right now, or is it because it’s just fundamentally easier to attack? In any case, Google’s mobile juggernaut Android continues to be the world’s biggest magnet for mobile malware. According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum,*Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform.
Symbian, whose market share is in rapid decline*and is being left for dead by its former parent Nokia, is down to 19% of all malware, compared to 62.5% two years ago. F-Secure predicts that it will go the way of the dodo bird and become extinct in 2013, as users replace their Nokia handsets with Android devices. Meanwhile, Windows Mobile, BlackBerry and J2ME each accounted for less than 1% of threat families in circulation in the year.
Breaking down progress over the past year, Android’s malware record appears to have seen a particularly bad spike in Q4 2012. F-Secure notes that in the fourth quarter it accounted for a full 96% of attacks. In fact, according to its records, all other platforms except for Symbian (at 4%) didn’t appear to have any malware threat families received at all.
Holding these up to Q4 market analysis, these figures are not proportionate to market shares for current sales, but they are somewhat more reflective of what devices are in circulation today.*In that sense, the shift between Symbian falling and Android rising is due to the fact that Android has been the biggest benefactor of Symbian’s decline.
“Malware in general has a parasitic relationship with its host,” writes Sean Sullivan, security advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013.”
In terms of what forms malware is taking, F-Secure says that 66% of detections were Trojans (malware masked as something else). F-Secure believes that Google’s increased security prompts, which it introduced with the 4.2 variant (Jelly Bean), should help bring that number down. However, if you look at Google’s most recent stats on distribution, released this week, Android 4.2 is only at 1.6% — meaning that this make take some time to come to pass. (For the record, Gingerbread 2.3.3 and upwards remains the most popular in terms of distribution, at 44%, with Ice Cream Sandwich at number-two with 28%).
Another major problem continues to be dodgy SMS messages: F-Secure notes some 21 of the 96 Android threat variants come from premium SMS that encourages downloads and sometimes end up as repeat problems by way of subscription services to which users unwittingly become subscribed. Then, users don’t know about this until the charge comes up on their bill — if they bother to scrutinize that bill, that is.
Interestingly, F-Secure also notes that those releasing malware have become more sophisticated in their reasons for infiltrating devices. Specifically, there’s been a significant shift in terms of malware attacks becoming financially motivated over the last several years, with financial gains now well outweighing those attacks that have been made in the past. Why the shift? It may be because malicious hackers were still learning the ropes for how to infiltrate devices back in the day.
Or it could be something else:*The rise in financial motivations also speaks to the fact that we as a population are using our devices for significantly more transactional services — and that makes them increasing targets for attacks aimed specifically at that fact. This is something that will eventually have to be squared with all the many ambitions and developments in the market today to turn our handsets into our default wallets.
Update: TC has reached out to Google for a comment, but a spokesperson says that the company does not comment on security company reports. Also worth pointing out a dissenting opinion on the above data from a reader in the comments below, highlighting that what gets identified as malware may sound more alarming than it actually is.
“F-Secure can say that anything is malware, even ‘dodgy sms’ which doesn’t fall under the definition of malware…. They say they detected trojans, but they didn’t explain what were their effects on the system, because if they did, everyone will know they’re not really trojans, that’s only what they want you to think,” he writes. “I’ve been using different droids for 3 years now, never had an issue with them. I’m a developer by the way.”
Be that as it may, there are more than security vendors putting out reports and warnings on malware and cybersecurity threats. Smartphones are still an emerging area — but a hugely popular one — and therefore remain a moving target
Source: techcrunch
thank you for sharing your valuable reserch
Hi, your post has helped me a lot in researching on this topic. It sure makes a lot of sense.
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
SoNic67 said:
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
Not just "Chinese" phones, else why are they contacting Google?
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SoNic67 said:
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
Click to expand...
Click to collapse
No I mean the security company Kryptowire are contacting Google, along with Blu. Does that mean a Google phone is affected or is it just as they have a sales channel? Probably the latter but it does raise a lot of questions about exactly & how much control they have of the manufacturing process across their supply chain. Whether it's the the actual phone or individual chips being programmed. And is there any attempt by companies that make products in places like China to check the phones that actually come off the line for compromises. I doubt it but it seems to be a security risk to me.
Of course we all have to trust someone or some company in some way as most things are not open. I to trust Google with much of my data & security.
(I have read several articles on this, but still not much info, all seem to be a rehash of the press release from Kryptowire)
Google code is not affected. This is part of the specific firmware that manufacturer puts in the phone and it is allowed to even be updated OTA.
Meanwhile if I root my device is considered "unsafe"... But that's the only way to see those files and act to remove them.
As much as I hate Apple, I am more and more tempted. At least they control all the manufacturing chain.
Can I load a custom firmware on my phone to eliminate this?
If you can unlock the bootloader, yes.
At the minimum you need root, to be able to disable/eliminate the software. The original article that I have linked has the details of the software names:
com.adups.fota.sysoper
com.adups.fota
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
...and not two days later another news emerges... hehe just when some may have thought they are any different
https://interc.pt/2gkn4dz
M4ti said:
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
who cares who finds it, so long as someone does. Rooting and deleting all the relevant files should work, I guess, but possible could cause some other issues, who knows.
Its pretty funny since most of the people reading those articles doesn't really understand it very well....people quickly jump into conclusion and think that Chinese Smartphone device secretly sending private information to China....
If you read the articles very carefully then you will realize that Shanghai Adups Technology Co. Ltd is a company that provide FOTA services, that means and manufacturers that use their services for OTA updates are likely to effected with the spyware not just Chinese Smartphone....their market share is exceeding 70% across over 150 countries and god know how many devices manufacturers & services operator have been using their services for OTA updates...