Related
Ran accross this article just now, relized you all had to read this. It appears HTC ****** up hard.
http://www.androidpolice.com/2011/1...e-numbers-gps-sms-emails-addresses-much-more/
Scary stuff.
I'm so damn tired of all companies taking the liberty to just monitor our lifes just how they like, no matter if its google, microsoft, facebook, apple or HTC. What anoyys even more is how we passivly is forced into accepting it, and just shrudd our shoulders about it. Reading this, I wish I was smart enough to strike back somehow.
The article says "Some Sensations" I'd like to know what that means
Good find.
Pikabat said:
The article says "Some Sensations" I'd like to know what that means
Click to expand...
Click to collapse
Try running the app...
errr ok this is scary though. i wanna ask what's htcLaputa.apk is?
Sent from my HTC Sensation XE with Beats Audio using xda premium
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
This is the example of how we/some of us just go used to this kind of things and started to accept things we never would have a few years back.
How exactly do you determine whats a trusted source? Obviously weve already had a bunch of malwares entering the market.
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
EddyOS said:
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
Click to expand...
Click to collapse
Im not using so much apps either, on the other hand I want to be able to try some "fun" app from androidmarket without fearing theft og my personal information.
Its not about paranoia to me, I couldnt care less about wheter or not some random dude can read my sms. But Im rather angry about the companies doing just as they like, mainly to direct commercials and ads conected to your personality. Did you know facebook, after their latest update, now saves a certain cookie after your logout and sends all urls you visit with your browser back to their server..?
Well, now Im going offtopic in my own thread.
Id like to see HTC comment on this atleast.
Again, if Facebook care if I open a YouTube video every now and then then that's up to them - I'm not interesting!!
Would be nice to see what HTC say but I'm not going to hold my breath!
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
I tried to run the app, seems like my Sensation is not affected (Dutch one, that is)
so, in order to gain any kind of advantage, those apps need to know this vulnerability exists, am i right? just deleted that apk file, along with some other ones.
As the Android Police blog appears to have melted, here's Aunty's take on it
http://www.bbc.co.uk/news/technology-15149588
Oh noes naughty people can access:
The list of user accounts, including email addresses (but apparently not usernames or passwords)
A log of recent GPS locations (so you can be stalked!!!!)
Phone numbers taken from recent call logs (so people you call can be stalked!!!)
SMS data, including recent numbers and encoded messages (meh if they want to read "Park 123 543" be my guest)
HTC's response:
"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible," the company said in a statement.
"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
jggonzalez said:
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
Click to expand...
Click to collapse
Remember it appears you are absolutely fine unless you install an app which is written to access the log files.
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video). The VNC thingie would also bug me cuz it is an app without any apparent use for the user and it does not serve a specific purpose - its just there until "someone" needs it. Now of course HTC wants to improve on user feedback and pulling it is much more convenient than asking for it, but if they want my opinion and see what I'm using they should at least ask me for it. That said, let's hope HTC addresses this problem in the very near future and does clarify why those apps are there and what purpose they serve. I will run the test app again after the next OTA for sure.
kwiggington said:
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
Click to expand...
Click to collapse
I don't think HTC is the problem.
I believe the problem is Google.
Ever go to the Google Android market place and see what they want to run in the background before they let you in?
I don't go near the place.
majesensei said:
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video).
Click to expand...
Click to collapse
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
xaccers said:
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
Click to expand...
Click to collapse
True, and I agree that this is not a scary thing for itself. I am not a fan of conspiracy theories, but think about a combination of things: The log is created and sits there. There is a VNC client embedded deeply in your system by your manufacturer for no reason, which gives access to your device from a remote location. I am from Germany and used to a debate about data preservation (which is illegal, in Germany), but there are other countries that have a much broader "grey-zone" for these kind of things. I wonder where those Sensations with the HtcLogger.apk are ([email protected]?). We are all running the same Android build (as long as we don't root our phones), some are affected, others aren't. I just find it weird, and I doubt that some rogue dev at HTC programmed these apk's just for the fun of it.
Hey guys,
I am trying to load mvelopes.apk and keep getting "Application not installed".
I have tried it from my "download" folder as well as "system/app" with no luck.
I took the apk from my phone, it was in a Titanium backup file (xxx.apk.gz) Could that be part of the problem?
Permissions are set to RW R R and root is the owner.
Any suggestions would be appreciated.
Without knowing what that app does, a possible reason for it not installing is that it has some dependency on other tools that either aren't enabled or are not available on the KF.
As an example, apps that use GeoLocation or the camera won't install because they are looking for hooks that just aren't there.
mvelopes is an app to manage personal budgets and money. It is associated with mvelopes.com and is a lot like mint.com.
Here is the Android Market Link
I would love it if somebody could see if they can load it on their device. Especially one that has market installed.
If you look at the Permissions tab it say's:
"FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power."
I think this is what is making it impossible to install right now, because it's looking for location services which aren't enabled on the KF. Perhaps with a custom ROM this might be possible in the future, but nobody knows for sure right now. Not all is lost, you just might have to wait a month or so to find out.
Thank you!
Thanks for looking into this and that would explain it.
I have also opened a ticket with Mvelopes requesting that they make it officially supported in the Amazon market.
I won't hold my breath as the ROM approach might be better once they get fully refined.
Thanks again!
bneilson said:
Thanks for looking into this and that would explain it.
I have also opened a ticket with Mvelopes requesting that they make it officially supported in the Amazon market.
I won't hold my breath as the ROM approach might be better once they get fully refined.
Thanks again!
Click to expand...
Click to collapse
I don't hold out hope that CM7 or any other ROM will help us here - Maybe they can spoof the location somehow to fool the app but it seems like your first instinct might have been right -- the onus is on the companies who build the apps to get with it and embrace the "tablet revolution". Basically apps designed for phone screens look silly on tablets; the wide bits of useless screen real estate are dreadful. Case in point - the Gmail app on the KF.
Light at the end of the tunnel tho - it seems that companies are suddenly realizing that "Tablet App" doesn't necessarily mean "iPad App".
Banking from my KF would be pretty awesome.
hoss12300 said:
I don't hold out hope that CM7 or any other ROM will help us here - Maybe they can spoof the location somehow to fool the app but it seems like your first instinct might have been right -- the onus is on the companies who build the apps to get with it and embrace the "tablet revolution". Basically apps designed for phone screens look silly on tablets; the wide bits of useless screen real estate are dreadful. Case in point - the Gmail app on the KF.
Light at the end of the tunnel tho - it seems that companies are suddenly realizing that "Tablet App" doesn't necessarily mean "iPad App".
Banking from my KF would be pretty awesome.
Click to expand...
Click to collapse
You may be right there, but I think Location Settings also include WiFi based geolocation as well as far as I'm aware? I'm not sure why such an app would require location settings anyway, it's a bloody budgeting app! Maybe the OP should approach the developer, and tell them they are missing out on the KF market here!
Someone should make a T-Shirt - Tablet App != iPad App
sl0ttedpig said:
You may be right there, but I think Location Settings also include WiFi based geolocation as well as far as I'm aware? I'm not sure why such an app would require location settings anyway, it's a bloody budgeting app! Maybe the OP should approach the developer, and tell them they are missing out on the KF market here!
Someone should make a T-Shirt - Tablet App != iPad App
Click to expand...
Click to collapse
Yep, in this context (the Mvelopes requirements) Wifi geolocation can only provide you with the coarse location, not fine. As you point out tho, its a banking app - why on earth does it need to know where you are within 50m (I'm pretty sure that's the radius)? Quizzical indeed. Perhaps if a Dev sees this thread some light can be shed on why this is 'necessary'.
Some nerdy stuff on the subject from the Android Dev Guide: Location and Maps > Obtaining User Location
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Rebel60 said:
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Click to expand...
Click to collapse
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Dark3n said:
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Click to expand...
Click to collapse
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Rebel60, feel free to peruse these threads and see if either is the right fit for you.
http://forum.xda-developers.com/showthread.php?t=1357056
http://forum.xda-developers.com/showthread.php?t=1179809
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
How is viewing aquired wakelocks helping the OP understand what aquiring a wakelock does, and why the app did it? It's not about who, but what and why. Any type of wakelock an app aquires prevents deep sleep and a wakelock can not be used to interrupt a device that is in deep sleep.
Again the question was not about blocking permissions, but why some apps want all those permissions and why no one seems concerned with the obvious privacy issue.
While PDroid does not require root to operate, it does require it to be installed, so in the end it still needs a rooted device.
Why did you install an app that needs a worrying permission for no discernable reason anyways?
Thanks for the general developer insult. Developers really are the greediest folks *sarcasm* of them all.
Where did you take that from? How many developers of greedy apps did you ask about the permissions they request?
You can't really make that assumption as just a requested permission doesn't do anything at all by itself and what the app is actually doing with it, is unknown without sourcecode.
...and now i jumped aboard the off topic train, damn
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is important. It allows the user to identify the trouble app and either tinker with its settings to reduce the wakelock or delete it altogether if the app is not important to the user. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes and change them to longer sync periods which would dramatically decrease those pesky wakelocks and save some battery life. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. This of course is only one of many applications this program can be used for.
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Rebel60, I hope you find a way to fully utilize your device without fear of privacy infringement or apps that excessively deplete your battery. There are many people on XDA with a passion for these devices. And many different opinions. Take the time to evaluate your options and pick the right solution for you.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is the issue. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. With that knowledge one could change their sync intervals and save precious battery life.
Click to expand...
Click to collapse
True, it would definitely help a user identifying battery drainers and in those cases it does not matter why the wakelock was aquired if it is what causes the drain. But the question was not about batteries, but about what/why wakelocks are and the description of the wakelock permission itself.
While BetterBatteryStats being a great tool, it does not answer that question. (Hence my offtopic remark)
Aerocaptain said:
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Click to expand...
Click to collapse
While bug reports or anonymous statistics are one part of it, i think most of the internet permission needs come from ads that are displayed. I don't use ads, so i'm a bit unfamiliar on that topic.
If solely googles licensing service is used, the internet permission is not needed, just the 'CHECK_LICENSE' permission (which is an extra permission just for that purpose).
It is also often used to update the welcome dialogs with news, if a dev does not want to release a new version everytime he wants to tell his users something.
Aerocaptain said:
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Click to expand...
Click to collapse
I'm not denying that there are greedy and or malicous devs out there. It was the 'plethora of greedy sometimes malicious developers' that threw me a bit off. I see you meant it differently, as you wrote 'in that minority'. As english is not my main language, i might have understood it a bit too harsh too .
Most of my work falls into the 'Tools' category, if you have question about them (or the permissions ), write me a PM.
I fully agree that everyone should have full control over their devices and i also think that users should have the possibility of choice (i.e. apple selecting apps that are published vs androids more or less freedom of apps, though one might have to sort through a 'plethora' of useless apps, i wouldn't trade it for apples store).
[I needed all those big quotes to reflect what i'm responding to as you seem to edit your posts alot after you made the. Makes it a bit difficult to answer ]
Thanks
Dark3n said:
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
Click to expand...
Click to collapse
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Rebel60 said:
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Click to expand...
Click to collapse
Whether your new to android or a veteran, XDA has all of the information you'll need to educate yourself. Rooting is not for everyone and should only be attempted by someone comfortable with the process. It does however open huge doors to more control and customization with your device. My advice to you is first get to know the Android platform for a few months. In the meantime do some research and see for yourself the pros and cons of rooting. There are dozens of threads with people that are in the same situation as you. Learn from them and talk with them. If you have a direct question about android, feel free to PM me. I'd be more than happy to help in any way I can. Good luck & enjoy your device.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Rooting is pretty simple if you invest some reading time. Just make sure to search alot before asking .
Also be aware that giving an app root access is equivalent to granting every possible permission there is and more.
I'm sure most users are not fully aware of that.
So allowing an app root access is a huge trust investment in the dev, don't do it for fishy looking apps .
Read the description
Try reading through the apps full description. A lot of developers will explain why their app needs those scary sounding permissions.
If they don't explain, you could always contact the developer (seems almost like google requires app listings to include a 'contact the developer' link somewhere).
First of all, I know if I say something bad about Android, I get negative replies and maybe the thread is closed. That was what I got when I posted some criticism about Android's application uninstall interface. I am not a troll, I have 3 Android devices, it is just I want it to get better. I also use Apple products, and recently I bought a Logitech mouse and couldn't get the back/forward button on my Macbook, so I searched Apple user forum, and I found some user had asked/complained about it. I was shocked at that the other user's response was something like 'why use forward/backward button, how difficult is it to press the back button on the screen'. Apparently for some people, when they are in love with something, they just cannot find anything bad about it.
Anyways, back to the main story, we all admire Android for its freedom. But it seems to me, that the freedom of developer is much larger than that of users. I often receive junk notifications from apps I have installed. One app sent a notification at 2 or 3 AM. You may say, "uninstall it then", but what if I have bought it and I need to use it?
iOS solves this problem by letting users disable notifications per application. I don't know if I can do similar thing by adding custom modification or using a custom ROM, but think about 'normal' people, they don't know how to do such things and they have not much time to spend their weekends doing that kind of things.
Freedom is a good thing, but there should be a mechanism to prevent its misuse, like laws in real life. And I think the user should have an easy access to such mechanisms. I mean 'easy', not installing custom ROM or through rooting.
That's only possible in Android 4.1 Jellybean. If you have a way to update your device, do it
RoberGalarga said:
That's only possible in Android 4.1 Jellybean. If you have a way to update your device, do it
Click to expand...
Click to collapse
^This
Unfortunately most of us are stuck running something older. Personally I think unwanted notifications from apps is a bad idea, and I will usually uninstall an app that does this just because I don't support devs that do this. Check to see if the app can have the notifications disabled in its settings.
Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
XSportSeeker said:
Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
Click to expand...
Click to collapse
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Droidriven said:
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Well, it's going to be offline, but still mobile.
I realize I'm still going overboard with it, but it's mostly for testing purposes... honestly, I'm not really all that paranoid about it, boring life with nothing to hide blah blah.
I wanna see if the tablet can even work if I take all those modules off (cameras, wi-fi, bluetooth, etc). I've tested some smartphones that can work perfectly well even if you physically disconnect cameras, not sure about the rest.
I also have another pet project to have a device that is still online, but with the most security and privacy oriented measures in place... so it's a bit of testing for that too.
The underlying purpose is to see if I can modify multiple types of devices to be used in highly secure and privacy oriented scenarios. Part of my curiosity as a journalist I guess. Already turned an old laptop into a locked down Linux machine, but I didn't do much on the hardware side.
Other stuff like encryption and a strong user login system would need to be in place in case of robberies and such.
In any case, think of it as a testing platform... I know no devices will ever be completely secure and private, but willing to do as much as possible with a single device and no specialized tools to enhance things.