Lithuanian government warns about secret censorship features in Xiaomi phones
The Lithuanian Defense Ministry published a security audit on Wednesday for three popular 5G smartphone models manufactured in China, recommending that citizens avoid or stop using at least two of the three devices, citing privacy infringements and secret censorship capabilities.
therecord.media
https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf
PDF analysis attached.
Yeah I saw that. No big surprise...
You can get a used Note 10+ now for $400-800.
Just ordereded up a new one for $800.
Either way a better deal and it's a flagship phone with great performance... and no CCP junk.
Cleary not for European / Global International users apparently. Answer from Xiaomi :
Following the publication of our article, Xiaomi asserted its right of reply. Here is the manufacturer's full statement: “Xiaomi devices do not censor communications to or from its users. Xiaomi has never restricted or blocked the personal behaviors of users of its smartphones, such as searching, calling, browsing the Internet or using third-party communication software, and never will. We respect and are committed to fully protecting the legal rights of our community. Xiaomi fully complies with the General Data Protection Regulation (GDPR) of the European Union ”.
Click to expand...
Click to collapse
And in the pdf it's explain it's only with Mi Browser (no one use this ****)
With phone like Xiaomi (using M11 right now) I actually feel much safer rooting the phone, then use AdAway and AFWall+ plus to block suspicious system activities. This in addition to the usual debloating to get rid of as many Xiaomi related stuff as I can.
After implementation I did a quick check on pihole, no secret packets sent to Xiaomi it seems. Not comprehensive I know, but it gives me peace of mind.
Using the command line "iptables -nvL OUTPUT" I can see AFWall+ blocking all these system related traffic. My phone isn't impacted at all as everything remains operational. For the fun of it I also have this line executed whenever my phone boots:
iptables -I OUTPUT -m owner --gid system -j REJECT
"system" seems to be everything MIUI related. I can see this extra instruction blocking additional traffic, and nothing on my phone stops working with this. So it is there just for extra peace of mind.
seemebreakthis said:
With phone like Xiaomi (using M11 right now) I actually feel much safer rooting the phone, then use AdAway and AFWall+ plus to block suspicious system activities. This in addition to the usual debloating to get rid of as many Xiaomi related stuff as I can.
After implementation I did a quick check on pihole, no secret packets sent to Xiaomi it seems. Not comprehensive I know, but it gives me peace of mind.
Using the command line "iptables -nvL OUTPUT" I can see AFWall+ blocking all these system related traffic. My phone isn't impacted at all as everything remains operational. For the fun of it I also have this line executed whenever my phone boots:
iptables -I OUTPUT -m owner --gid system -j REJECT
"system" seems to be everything MIUI related. I can see this extra instruction blocking additional traffic, and nothing on my phone stops working with this. So it is there just for extra peace of mind.
Click to expand...
Click to collapse
One problem being the CCP's insidious goal of burrowing into all civilian devices and platforms.
The possibility of unknown hardware backdoors is real and virtually undetectable.
The CCP serves only it's own goals and interests.
One of their primary goals is to gather as much user data as possible by any means at their disposal. Still feel safe?
blackhawk said:
One problem being the CCP's insidious goal of burrowing into all civilian devices and platforms.
The possibility of unknown hardware backdoors is real and virtually undetectable.
The CCP serves only it's own goals and interests.
One of their primary goals is to gather as much user data as possible by any means at their disposal. Still feel safe?
Click to expand...
Click to collapse
Let's be realistic. And don't get me wrong. I strongly believe that CCP is as mean as it could be. But then, they have economic interests too. China is a country that significantly leans on export, and they don't want to be hurt more than they are (Huawei, other sanctions - India).
Therefore, I don't believe in hardware backdoors. Xiaomi and others even don't produce hardware themselves. Software is a different ballgame. Only evaluate the risk. Let's say that CCP would force companies to install spy software if it could be effectively covered. And what then? What's the difference? Do you trust non-Chinese phones considering that western Big Tech companies have autonomous power to spy everyone, censor everybody? They do it to the former US president, why you think that they won't do it to you?
And do you know that Apple is planning (maybe it is already implemented) to use AI to spy every iPhone pretending to seek children pornography? What is CCP different and how it can hurt you more than Big Tech which have been a long time unleashed and control your data as Orwell predicted without any restrictions or legal limitations?
The only solution are custom roms from transparent developers. And if it is not possible, totally debloated phone, no matter if it comes from east or west. With that kind of adjustment, I certainly trust any Chinese phone more than totally locked and nontransparent systems like iPhone.
Only relevant for Chinese users.
Also I prefer my data in the hands to people on other side of the world than in the hands of my own government.
As soon as you connect to the internet from any device, they have all your information already, it's just that they will use it for good or bad purposes.
nothing is safe
piskr said:
Let's be realistic. And don't get me wrong. I strongly believe that CCP is as mean as it could be. But then, they have economic interests too. China is a country that significantly leans on export, and they don't want to be hurt more than they are (Huawei, other sanctions - India).
Therefore, I don't believe in hardware backdoors. Xiaomi and others even don't produce hardware themselves. Software is a different ballgame. Only evaluate the risk. Let's say that CCP would force companies to install spy software if it could be effectively covered. And what then? What's the difference? Do you trust non-Chinese phones considering that western Big Tech companies have autonomous power to spy everyone, censor everybody? They do it to the former US president, why you think that they won't do it to you?
And do you know that Apple is planning (maybe it is already implemented) to use AI to spy every iPhone pretending to seek children pornography? What is CCP different and how it can hurt you more than Big Tech which have been a long time unleashed and control your data as Orwell predicted without any restrictions or legal limitations?
The only solution are custom roms from transparent developers. And if it is not possible, totally debloated phone, no matter if it comes from east or west. With that kind of adjustment, I certainly trust any Chinese phone more than totally locked and nontransparent systems like iPhone.
Click to expand...
Click to collapse
The CCP's primary target after its own citizens is the USA. Almost zero risk to a hardware backdoor; they could even blow it off as a vulnerability that was not anticipated or detected. A backdoor can lie dormant forever or be activated as needed.
The CCP is like that psycho b*tch gf that talks with demons.
You can't take a ride without getting stabbed
Apple just sucks. Aiding the enemy. They backed away from the user monitoring that their CCP masters taught them, for now.
Apple can't be trusted at all.
If if you're simple enough to buy an Apple...
you deserve what you get; a plain Jane you can't trust
blackhawk said:
Still feel safe?
Click to expand...
Click to collapse
Yes.
Because your profound statements didn't undo any safety measures I did to my phone, nor did they refute the validations of my tests that in fact showed the safety measures barred attempts to connect to Xiaomi servers.
They talk about this "MiAdBlacklistConfig" file that gets updated everyday and used by Mi Browser and other Xiaomi apps to check / censor "sensitive communications". It is there in my phone (funny content), but no update since the day I initially setup the phone. Also I erased Mi Browser. Even the core Xiaomi System Components is barred from reaching out to the internet etc etc etc.
seemebreakthis said:
Yes.
Because your profound statements didn't undo any safety measures I did to my phone, nor did they refute the validations of my tests that in fact showed the safety measures barred attempts to connect to Xiaomi servers.
They talk about this "MiAdBlacklistConfig" file that gets updated everyday and used by Mi Browser and other Xiaomi apps to check / censor "sensitive communications". It is there in my phone (funny content), but no update since the day I initially setup the phone. Also I erased Mi Browser. Even the core Xiaomi System Components is barred from reaching out to the internet etc etc etc.
Click to expand...
Click to collapse
If they did it right you'll never even know it happened... hardware embedded back doors aren't easily detectable when dormant.
Related
I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.
There is an ongoing thread at the Official Flash Community about a possible "spyware" embedded in the firmware of TCL / Alcatel Flash Plus 2 and Flash 2 smartphones.
A local TV station might have also picked up on the story and is now following this as well.
You guys might want to check this out:
Code:
hxxp://community.flash3c.com/t/fp2-secretly-phoning-home-to-china-server/13708
Seriously though, is there still any Android smartphone manufacturer that we can still trust aside from Samsung?
Yes, Adups has already been found doing this before (see previous thread about Blu phone etc), they claim it's nothing to worry about but in my opinion it's is (especially for some people eg my sisters work duties has put her up against Chinese SOE's) due to the data sent & the identifying data & ability to make changes without user knowledge and possible the tentacles of the CCP government reaching into the company if it so chooses it could then monitor her & put her and her colleagues at risk given some of the dodgy countries she's had to go to.
Some of the guys are getting worked up about this on the crackberry forum as TCL is Blackberry's subby (though the thread quickly veered off to Blackberry hardware, so unrelated to the Adups issue).
http://forums.crackberry.com/genera...ding-customers-data-china-1095845/index4.html
FWIW, I agree with Sorinv & DaFoxGrey that it's possible (well to some degree) without Blackberry noticing as they would not test every phone for this sort of thing from every production run, and it may not trigger any connection unless under specific conditions. It could be done via a compromised employee flashing dodgy firmware or amended wafer negative when running a batch, though would be hard to pull off even by government agents. But that's all on a whole different level to the Adups issue, besides I don't think Blackberry phones have that app or Baidu apks etc so for them it should be a none issue, but for Chinese phones .......
As for trusting Samsung ..... they are part of a huge conglomerate with close links to an opaque government who are susceptible to influences of a few powerful families & others, so they would not be immune. Nor their employees being immune to blackmail to make changes. That said they are who I have put my faith in for the time being. At the end of the day we all have to trust someone, as I'm sure you are aware.
Trust is a matter of perspective. Most devices from China oem are expected to have e this as their government requires it to monitor its citizens. Which is completely legal there and why most devices from China are banned to be owned by US government employees. It's just the way it is.
If trust us a big thing then the last thing you should be buying is an oem device. Get a nexus and then you can see every bit of code you put into your device.
I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
My 1+7P does not have the Engineering Mode app. Those articles are 2 years old, so my guess is they don't ship with that app any more.
jdhedden said:
My 1+7P does not have the Engineering Mode app. Those articles are 2 years old, so my guess is they don't ship with that app any more.
Click to expand...
Click to collapse
Its not an app, its behind the scenes, its located in system/app folder, which can be debloated with root. But I have had been using OnePlus devices since OnePlus One with no issues, Identity theft or hacking. Always had bootloader unlocked and rooted.
markmywordz said:
I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
Click to expand...
Click to collapse
Yes it's possible to hack. This is a serious Memory Leak vulnerability in the chipset, where a hacker can chain multiple hardware level exploits to leak sensitive information in your CPUs TLB cache.
Chill man, we're using android OS, with all sorts of components from different manufacturers, in a digital age where privacy is a myth. You can't do anything if Snapdragon has a backdoor in their chipset, or your NFC/Bluetooth chip might have. Google knows everything about you and what you do on the phone.
You can't do anything to save yourself from the components you use (Google's OS, Different vendors chipsets, OnePlus's Phone), they all collect certain amount of data from you, and that's expected, everybody everywhere does it. And there's always a flaw everywhere that hackers are constantly using to hack your device (recent WhatsApp's bug which was actually a flaw in the SRTP protocol itself), they're called 0-days when they're discovered. Unless they aren't, you won't even know how many hackers have access to your data and your device.
So either don't use smartphone or any sort of connected digital equipment, or use it and stop worrying about hackers.
rootSU said:
Yes it's possible to hack. This is a serious Memory Leak vulnerability in the chipset, where a hacker can chain multiple hardware level exploits to leak sensitive information in your CPUs TLB cache.
Chill man, we're using android OS, with all sorts of components from different manufacturers, in a digital age where privacy is a myth. You can't do anything if Snapdragon has a backdoor in their chipset, or your NFC/Bluetooth chip might have. Google knows everything about you and what you do on the phone.
You can't do anything to save yourself from the components you use (Google's OS, Different vendors chipsets, OnePlus's Phone), they all collect certain amount of data from you, and that's expected, everybody everywhere does it. And there's always a flaw everywhere that hackers are constantly using to hack your device (recent WhatsApp's bug which was actually a flaw in the SRTP protocol itself), they're called 0-days when they're discovered. Unless they aren't, you won't even know how many hackers have access to your data and your device.
So either don't use smartphone or any sort of connected digital equipment, or use it and stop worrying about hackers.
Click to expand...
Click to collapse
Privacy is not a myth.
Only for privacy reason many users falsh a custom rom, use microg instead of google.
But Snapdragons already have a backdoor, Just like intel management engine it has build in engine(2nd OS) inside chipset(intregrate with ARM architecture)
>https://thehackernews.com/2016/03/android-root-hack.html?m=1
>https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/
>https://www.androidauthority.com/qualcomm-critical-flaw-chipsets-979708/
https://wccftech.com/security-exploits-put-snapdragon-powered-devices-at-risk-of-hacking/
markmywordz said:
Privacy is not a myth.
Only for privacy reason many users falsh a custom rom, use microg instead of google.
But Snapdragons already have a backdoor, Just like intel management engine it has build in engine(2nd OS) inside chipset(intregrate with ARM architecture)
>https://thehackernews.com/2016/03/android-root-hack.html?m=1
>https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/
>https://www.androidauthority.com/qualcomm-critical-flaw-chipsets-979708/
https://wccftech.com/security-exploits-put-snapdragon-powered-devices-at-risk-of-hacking/
Click to expand...
Click to collapse
The debate on this is endless, but I'd just say that you contradicted yourself by first saying that Privacy is not a myth, and then saying SD has a backdoor inbuilt.
Nobody buys a $700 phone with the latest chipset and 4G/5G connectivity to debloat and not install anything on it. As soon as you're on the internet, no matter custom rom, no matter what apps you have installed on it, you're giving up your privacy one way or the other.
If you truly want privacy, live a life like Richard Stallman, look him up, and see how he accesses the internet to maintain his privacy: https://stallman.org/stallman-computing.html
Richard Stallman said:
I am careful in how I use the Internet.
I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/git/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).
Click to expand...
Click to collapse
markmywordz said:
I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
Click to expand...
Click to collapse
Old articles that have nothing to do with the 7 Pro or any recently released OnePlus device.
If you are that worried, unlock the boot loader and root.
Then run an app that sniffs all traffic leaving the phone.
Moderator Announcement: Thread cleaned and closed as it developed into (nicely called) a political discussion and consparicy discourse.
XDA Forum Rules (excerpt):
...
2. Member conduct.
(...)
2.4 Personal attacks, racial, political and / or religious discussions: XDA is a discussion forum about certain mobile phones. Mobile phones are not racial, political, religious or personally offensive and therefore, none of these types of discussions are permitted on XDA.
...
Click to expand...
Click to collapse
On the CCP (Chinese government) spying on people outside of their country.
Why I don’t believe Bloomberg’s Chinese spy chip report
China can and has stolen the information it wants from US companies without using secretly embedded hardware, so why would it jeopardize its massive semiconductor industry?
www.csoonline.com
So here is my deal...
Does Lenovo put some sort of actual spyware on these?
How I define Chinese spyware. Hardware or software that in any way reports to the CCP.
As I am starting to wonder, even if they did, what would be the benefit of this outside of their region? They have no legal jurisdiction outside of their boarders. They don't know what my work is (government to plumber to McDonald's worker), so what would they do with random information? There is just too much data to process even for machine learning and deap learning systems.
I doubt they care about you as an individual (sorry) its more about the big data just like Google or Amazon like to collect.
I could be an influential tech manager, but if I buy the tablet from an American off of ebay who bought the device from China, they don't know who I am nor do they know that I was interested in that product, so how would they even notice spy on me specifically?
It just doesn't make sense.
BIG Data is just the mass collection of Data. Google uses it for adverting. Who knows what China may or may not use it for.
However, I have personally worked with; machine learning, deap learning, machine vision, and symbolic LISP.
There is too much data to suss out for any current computing system to zero in on a specific individual without an operator specifically looking for that specific individual.
what do you think? If you have links to support your point (or other sources) please post.
The CCP wants to collect as much data as possible on USA citizens including DNA, little doubt for race targeted bioweapons.
It's terrible.
India has the right idea. Most dopes install the data collecting malware with glee onto their devices to "socialize"
FB, Instascam, WhatsApp, Twitter, Tik Dock are all trashware at the best and outright spyware at the worst. Heavily laden with disinformation and selectively censored to further their globalist goals.
Chipsets can be designed with hidden remote backdoors that are nearly impossible to detect.
The CCP requires all China based companies to share any and all data, with them. Maybe ask that a few backdoors be added to hardware, firmware and software.
Get the picture? The goal is global domination by whatever means are necessary including bioweapons. It's not hypothetical anymore; the CCP is doing it.
WYSIWYG... booster shot anyone?
blackhawk said:
The CCP wants to collect as much data as possible on USA citizens including DNA, little doubt for race targeted bioweapons.
It's terrible.
India has the right idea. Most dopes install the data collecting malware with glee onto their devices to "socialize"
FB, Instascam, WhatsApp, Twitter, Tik Dock are all trashware at the best and outright spyware at the worst. Heavily laden with disinformation and selectively censored to further their globalist goals.
Chipsets can be designed with hidden remote backdoors that are nearly impossible to detect.
The CCP requires all China based companies to share any and all data, with them. Maybe ask that a few backdoors be added to hardware, firmware and software.
Get the picture? The goal is global domination by whatever means are necessary including bioweapons. It's not hypothetical anymore; the CCP is doing it.
WYSIWYG... booster shot anyone?
Click to expand...
Click to collapse
Again, it is too much data. I am not super pro CCP considering I am of Hebrew decent, WW2 etc.
However, I just can't fathom, what the zero context data will give them especially considering they have to filter it into catagories. Also, seriously, ai isn't intelligent, it DOES NOT understand CONTEXT. So, again, it would require an operator specifically looking for person xyz. You can have a specific keyword notification system, albeit you still require a human operator to verify the supposed findings. There is just too much data for any existing computer network or system to channel into classes the amount of data that would go through.
I need real world evidence not just people saying things.
this is why.
government abc saying they have the power to spy on you out of many many billions of people. you should be afraid of that government system because they can right? or is that just a claim.
Fear mongering doesn't work on me. I need proof.
we DO have proof that the CCP has infiltrated the USA government in its current sitting. albeit to make such a claim they can pin point someone specific without knowing a name in context is just false, without proof.
Cypresser said:
Again, it is too much data. I am not super pro CCP considering I am of Hebrew decent, WW2 etc.
However, I just can't fathom, what the zero context data will give them especially considering they have to filter it into catagories. Also, seriously, ai isn't intelligent, it DOES NOT understand CONTEXT. So, again, it would require an operator specifically looking for person xyz. You can have a specific keyword notification system, albeit you still require a human operator to verify the supposed findings. There is just too much data for any existing computer network or system to channel into classes the amount of data that would go through.
I need real world evidence not just people saying things.
this is why.
government abc saying they have the power to spy on you out of many many billions of people. you should be afraid of that government system because they can right? or is that just a claim.
Fear mongering doesn't work on me. I need proof.
we DO have proof that the CCP has infiltrated the USA government in its current sitting. albeit to make such a claim they can pin point someone specific without knowing a name in context is just false, without proof.
Click to expand...
Click to collapse
You have no idea of their capabilities unless you have a top secret security clearance. In which case you wouldn't be posting this at all... unless you're fishing.
Meh, do want you will...
US Lags Behind India on Blocking Chinese Apps, Including TikTok
News Analysis India sent a special Valentine’s Day gift to China on Feb. 14. Citing national security reasons, ...
m.theepochtimes.com
MOD ACTION:
Thread closed since no political discussions are allowed. Rule 2.4
2.4 Personal attacks, racial, political and / or religious discussions: XDA is a discussion forum about certain mobile phones. Mobile phones are not racial, political, religious or personally offensive and therefore, none of these types of discussions are permitted on XDA.
Click to expand...
Click to collapse
So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
They could have embedded hidden backdoors in the hardware or worse.
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Fytdyh said:
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Click to expand...
Click to collapse
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
steveyc2 said:
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
Click to expand...
Click to collapse
Sorry about that.
At this point, I doubt there isn't a smartphone maker that does not track its users. From chinese makers to American makers, everyone tracks their users. Their data sells the best. At this rate, if you want to totally protect your privacy, don't buy a phone. Anything and everything can be tracked. Dumb phones and smartphones. So picking a smartphone isn't going to keep your privacy secure. You might have a say in how many people do you want to track you, based on phone's price.
steveyc2 said:
So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a reliable daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
Click to expand...
Click to collapse
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Be aware that no cell phone provides you with true anonymity.
xXx yYy said:
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Click to expand...
Click to collapse
yes i know i can do that- and the firmware too- my question was about the practicality of living with such a phone once done
xXx yYy said:
Be aware that no cell phone provides you with true anonymity.
Click to expand...
Click to collapse
Yes, aware of that, just trying to minimise exposure while still having a usable phone
blackhawk said:
They could have embedded hidden backdoors in the hardware or worse.
Click to expand...
Click to collapse
worrying but if one wipes the firmware and ROM then that would mitigate any hardware backdoor risks I would have thought?
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
sso003 said:
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
Click to expand...
Click to collapse
Some infos could go to an American proxy server then to Chinese. In order to be sure no one gets you data, learn to code and make your own rom and your own apps. Open source apps are an option if you know to check the source yourself.