Related
I wrote this On Xperia Neo General forum but it belongs to here much more.
Original thread at: http://forum.xda-developers.com/showthread.php?t=1447095
Click to expand...
Click to collapse
Introduction
I have not seen much talk about security in XDA.
First, here's just one informative link talking about using and developing apps and security risks involved.
http://www.technologyreview.com/comp...1/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
In my honest opinion. If someone keeps files like ccinfo they have to worry about being jacked then they deserve it. Should it happen. U shouldn't keep things on your phoney don't want the rest if the world to have
Sent from my Cyanocrack using Xparent Blue Tapatalk
You don't need to keep credit card info on phone, your using the credit card via Market or logging in to bank on phones browser is enough to intercept your credit card info. Your browser may show you xxxxxxxxxxxx+"last four digits only" but that doesn't mean the data to and from your device doesn't contain exact credit card number. It's encrypted, but that is merely a minor inconvenience for a hacker.
That is why being rooted is not advised to everyone. Mainly if they don't know what they are doing. Also customs roms are not for everyone. People flash them cause they think its cool and don't understand what they are doing. That is their problem. People should pay attention to the permissions that am app asks for. Common sense is the best protection. Main reason I don't do anything that deals with a bank on my phone.
Raoa said:
I have not seen much talk about security in XDA.
Click to expand...
Click to collapse
There's talk. It's just not on important yet, because the android device is not being marketed like an OS is with a personal computer.
However, the more we do on our phones, the more we'll realize it needs protection like firewalls. We catch a few like CIQ or the Wimax exploit, but it's going to get worse as we advance in our integration. We do need to start now before exploits get worse and stay ahead of the curve.
Until that time, 4G exploits and root kit programs will run freely on our devices that houses a lot of our personal information.
Plus, for some stupid reason, there are a lot of people who think Linux is immuned to viruses and security holes due to it's code transparency. Android is being mainstreamed. It will soon be a continuous target like other existing popular software programs and operating systems.
And that's why iOS is far superior even without widgets or live wallpapers.
Something to think about.thanks for posting.
Sent from my HTC Glacier using XDA App
alex2792 said:
And that's why iOS is far superior even without widgets or live wallpapers.
Click to expand...
Click to collapse
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
mattfox27 said:
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
Click to expand...
Click to collapse
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
I am not an expert on iOS nor do I have any wish to even know or use it, because Apple buys from suppliers that emply child labor and sweatshops.
When Linux started spreading around people also thought it has no viruses.
Same story repeats with every software.
For each different OS it takes merely time before people start to notice that their OS has viruses/trojans/spyware too. That doesn't mean their OS is not targeted. You should expect all sorts of thieves to use any and all opportunities.
Secondly OS does not matter so much as the matter that your device is connected to wifi, data, bluetooth, et or not. IP addresses, MAC, IMEI, etc they all stay the same on every platform. No matter which OS, they all connect to wireless networks, cell network, data, bluetooth, etc which all have set standards.
So someone wanting to track, spy, get your private info simply has to intercept the data your device sends to any network. If you don't use strong encryption to send info via network then it is easy to "wiretap" you.
Why is there so much spam, viruses, spyware in internet today? It's because the software managing internet is not made to be so secure. If it were secure then it would also be more private and safer for people to chat over net.
So not only OS's need to be more secure, but the very internet itself needs to be reformed.
This relates to SOPA and PIPA. Had those two bills been passed the next step would have been logically to make changes to all networks so you'd be more easily trackable, hackable, "wiretappable". It's simply logical, cause SOPA, PIPA were so defunctly worded as if asking/preparing for a third bill to regulate the networks.
So we must make sure that internet will be reformed for the private users and not for greedy corporations. We would not need to buy anti-spyware, anti-virus software if the internet were truly engineered for the welfare of humanity.
You could use any OS, bugged or not and not be afraid of loosing your property or privacy if the internet would stop such acts before they could harm you, the individual who is supposed to truly and freely benefit from the services; either for free or for honest price, but now you are robbed and think it is good to pay the thieves.
Raoa said:
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM.
Click to expand...
Click to collapse
Please elaborate. The sandbox does prevent one app from reading the data of another, such as the CC info from the Market.
Also, are you sure Market sends the entire CC number? There's no reason for it to send it, the transaction is performed on Google's servers.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Click to expand...
Click to collapse
Are you talking about viruses or malware? Please don't conflate the two.
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just before xmas an iphone developer admitted to deliberately uploading malware in his ios app to show malware can easily affect iphone.
http://m.intomobile.com/2011/11/08/security-expert-sneaks-malware-into-iphone-app-store/
That was for normal iphones. For jailbroken ones there are more malware apps.
Dave
Sent from my LG P920 using Tapatalk
Raoa, your absolutely right.
I've had the exact same thought recently
Its like the overall view of the Android landscape is ridden from real security apps, for the simple purpose of have the platform as open as possible. And while this is good for developers and users of this and other serious forums, its also open for the "dark" communities as well.
I often ask myself, if the ROM devs onboard have these thoughts themselves, as in, what is my source of this modded apk, is is straight from the Market or from another dubious, (do I dare say chinese forum, just an example)
And how clean is my code really?
And is all mods just legit just cuz they are from here?
I love that we have so many ppl having a desire to mess around with the OS, but I miss, as you say, the talk about having a go on security as well.
I dont know, but I do think that awareness, as you initial post direct us to, should be raised, as a natural step for any serious dev and users in general on XDA, to be more aware, of the code.
Im on my first year as an Android user, and ofcourse did have to gain root on my splendid Sensation. Why?, cuz I needed the security tools requiring root.
Ask again, why? Cuz I came from Winblows 7, and know what a jungle software is, and that is is indeed exploitable, like hell, you might say.
And Im gladd I did gain s-off and root, cuz its really really needed fo youre just a little concerned about your privacy in, mails, sms, location, usage pattern, netbanking, dropobox deposits of your ****, some might even be work related and therefore hold more than just your own privacy.
And then there is what you mentioned, our devices unique ID's, the intent "app install referrer" to "plug" you into admob/google analyzer and so on.
I love one guy here, Treve, who made the HTC tool for scanning for ****, Logging Test Tool, and in version 10, he made it aware of admob/mobclix/analytics, and my god it find a lot...
So Treve, please, if you read this, just go on, as every version you make is getting finer and finer.
We could learn from this guy, and others here that got more code-insight.
What we CAN do as a community at the very least, is to share our knowledge and tips for securing our phones.
HOST filtering, code scanning of apks and so on. using AV's and firewalls and so on.
Right from the start I noticed that Android is not a clean OS, nor is its app market, and I noticed this cuz I have another splendid little Linux system at hand, Smoothwall Express with url filtering and proxy enabled
and My god is Android and its aps LEAKING!
Have a look in your urlfilters on a standalone firewall the step after your wireless android phone, and watch how much **** is going on.
Well, I can tell you for a start that I have added atleast 100 new domains to my custom urlfilter, besides the casual downloadable HOST filters around the net, like the ones found in AdblockPlus and so on. But after android, heh, you need more than just advertising filtering, that much I can say.
Just as an example, like those you mentioned, I have one too, that I was made aware of by Avast on my phone tonight, that ChompSMS was being flagged as malware/trojan.
I thought, **** man, why this crap, Im quite fund of Chomp, really.
So I thought, no, imma let more that Avast on my phone have a go.
So I File Expert dump the full apk, and uploaded it for a scan on virustotal, just for the sake of it. And whatta'ya know, ClamAV, GData, Kaspersky, NOD32, and Sophos flagged it as that same Plankton.G variant as my on-phone Avast.
Great, I thought (sarkasm intended)
I thought a bit further and picked up APK Multi-Tool, had a decompile and a content-scan for just "http" in is readable code.
12 different domains is mentioned so far, and I didnt even poke in all of its xml's, just the smali's
I know android is by a far stretch advertising born, and ofcuz the app devs have a right to earn their money, no doubt about that, and I gladly pay for the good ****, like most ppl here believeably do, but.. 12 different .com's mentioned in its code is a no go for me.
I have earlier used Privacy Blocker, and Privacy Inspector from XEUDOXUS in the market, to make permission scanning, beside using LBE/HOST/Avast, and I like those two aps, the Inspector one is free but only can scan.
The paid Blocker can "repair" as a feature, but its not maintained enuff, so it often fails to make installable apks, so not really worth it for me anymore, but as a free too, it can tell you more about those permissions you mentioned.
But enuff said from me for now, lets just collect and share our tips and tricks, ALSO for security, not just developing ROM and mod's and hacks, as thou they are fine, if not to say, so cool and great, but, we need to be secure too.
Please do not polute the discussion with IOS vs Android and what not, cuz thats not the purpose of it, even thou it definitly concerns (g)A(r)pple products too.
Sincerely, Omnius
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Iphones can get viruses they come through SMS's and other sources not as bad as android apple keeps there market much more under control, but everything is vulnerable i work in a security team for a big corp and believe me nothing is safe.
Check these articles out i just found them on google.
I remember a while ago maybe a year or so there was a huge security hole in IOS5 and Mac waited a long time to tell the public and release a patch. The one major problem with Apple is when there are security threats they really try to keep it hush...Iphone's OS is tight but not totally secure. Its not viruses either its moslty just malware that charges you tons of money in texting i saw once an iphone that turned into a bot and at midnight it would dial a 900 number and just sit there all night at like $20 bucks a minunte then disconnect when it felt the phone move.
http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/
http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
I wouldn't be so fast to praise MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
The problem is the "Average Joe" doesn't even look at those or doesn't know what they mean. I see so many viruses/malware/open security holes just because of user error its insane. Almost 90% of security breaches or problems originate from the end users not paying attention or just not knowing or caring. Also another thing i see so much when new clients call me with there servers melting down and all there banking info being stolen is they haven't installed any updates on there servers since they were set up 2-5 years ago. I worked for a large industrial supply company and all there servers running MS Server 2008 no updates had been installed and they were using AVG free on there main SQL server...INSANE LOL
Then theirs the users, "my computer was fine until my friend on facebook wanted my SS# and mothers maiden name and insisted i open his email attachment, now its acting weird what do you think is wrong?"
Brutal
what is the 4g exploit that you are talking about? And is it only with wimax or is lte part of it as well?
Oneiricl said:
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
Click to expand...
Click to collapse
It's absolutely amazing that people are willing to put up with something so ridiculous.
Sent from my SGH-I897
tl;dr I'm new, I'm not a very knowledgeable developer, I have an idea that I want your opinion about.
Heyo Peoples,
I'm new and I like to think a lot about cool new stuff with mobile devices (web, software, hardware, etc). I've been thinking a lot recently about how people like to use mobile devices, and how we might use them in the near future--thinking past what's being done now, and into what comes next.
I've been wondering for a while why there isn't an existing piece of functionality on mobile devices that allows a user complete control of the device and every piece of information on it. Imagine a GUI except instead of graphics, it's like interacting with a person. (aside: first person to say Siri should be shunned like an Amish girl who went to a movie theater).
Is it outrageous to say that you should be able to pick up your phone and have it find anything, from anytime in the past that you have done with or on it? I know that would take mountains of data, but is it silly? In it's most basic form, this would just be a search feature. In it's most eloquent form it could be an operating system. Imagine being able to ask your phone what you did last Wednesday, or maybe where you were. What if it could recall emails or documents based on date, time, location where you were when you wrote it, keyword, or contact, based on verbal interaction? What if it tracked data usage by application, or allowed you to measure and optimize system performance with a verbal command (ex. "Shut down all apps except for Google Maps" or "How much data am I using per minute").
Is it too early to start wishing for an interface like that computer on Paycheck (horrible movie with Ben Afleck) or Cortana in Halo? Is this type of interface impractical or implausible?
If you were to make something like this, would it have to be a new operating system built from the ground up, or could you develop an app to do this, or could you hack Android to do it? I welcome all of your feedback.
Lots of questions, and I have very few answers.
Jujubes said:
tl;dr I'm new, I'm not a very knowledgeable developer, I have an idea that I want your opinion about.
Heyo Peoples,
I'm new and I like to think a lot about cool new stuff with mobile devices (web, software, hardware, etc). I've been thinking a lot recently about how people like to use mobile devices, and how we might use them in the near future--thinking past what's being done now, and into what comes next.
I've been wondering for a while why there isn't an existing piece of functionality on mobile devices that allows a user complete control of the device and every piece of information on it. Imagine a GUI except instead of graphics, it's like interacting with a person. (aside: first person to say Siri should be shunned like an Amish girl who went to a movie theater).
Is it outrageous to say that you should be able to pick up your phone and have it find anything, from anytime in the past that you have done with or on it? I know that would take mountains of data, but is it silly? In it's most basic form, this would just be a search feature. In it's most eloquent form it could be an operating system. Imagine being able to ask your phone what you did last Wednesday, or maybe where you were. What if it could recall emails or documents based on date, time, location where you were when you wrote it, keyword, or contact, based on verbal interaction? What if it tracked data usage by application, or allowed you to measure and optimize system performance with a verbal command (ex. "Shut down all apps except for Google Maps" or "How much data am I using per minute").
Is it too early to start wishing for an interface like that computer on Paycheck (horrible movie with Ben Afleck) or Cortana in Halo? Is this type of interface impractical or implausible?
If you were to make something like this, would it have to be a new operating system built from the ground up, or could you develop an app to do this, or could you hack Android to do it? I welcome all of your feedback.
Lots of questions, and I have very few answers.
Click to expand...
Click to collapse
This is probably not as far off as it seems. The developers of "Utter" have come along way in the right direction. You should maybe approach them with your ideas. Not all of them of course . Save some for yourself.
One problem I see is semantics. "Shut down all apps except for Google Maps" sounds good - but do you really mean ALL apps ? The line that would be walked is one where the developer must train the program to not necessarily do what they ask, but do what they WANT. It gets trickier when you realise that some people who aren't your average users might want to test things and shut down an app (in this case) that an average user would never want shut, where they might mess up their phone beyond their ability to repair if they did.
I think speech is a great tool to interact, though I'm not going to be a person to use it. I don't think speech will ever become a default unless there are other technological advances that change how we interact with the world. It's annoying enough to hear someone gabbing loudly to another human on the phone, do we really want people gabbing AT their phones as a default interface ? I think privacy is a driving factor that will keep sound from being a major interface - perhaps it could work for in home applications, but out in public people may not want to announce to the world who they are calling, what they are looking for, or what site they're logging on to, et cetera. Until there's technology to make voice and sound less "public", I don't see this being the future of phones - it's more of a nice thing to have as an "extra" for when a person is comfortable using it.
But, hey, maybe we'll get used to wearing Google Glass and talking to ourselves all the time - or we'll get in-ear buds or implants where we can choose to hear the outside world or not. Just exploring the possibilities here.
I do think it's a big "outrageous" to have infinite backup. Just take a look at how much data companies like Amazon and Facebook acquire on a per-day basis. Think about how much data you use on a daily basis. I don't have the money or desire to be buying new HDDs every other week. Maybe in the future there will be a technological revolution that allows for mass amounts of data to be stored in even smaller spaces. But current technology in that regard is still very expensive and persnickety - read about high capacity SD cards and how fragile they can be and about data needing to be "refreshed" or they can become corrupt. There are lots of issues that make backing up everything you do impracticable.
And, again - privacy concerns. Do I really want my computer to know what I did last Wednesday and who I was with ? What if someone stole my computer or phone and had access to that information ? If we had the technology to do that, who's to say that current encryption would be "enough" - or that someone wouldn't go ahead and try to hack it anyway if they felt finding out basically everything about you was worth brute-forcing your phone or whatever they'd do in the future ? And have no password or a crappy one - even easier for them to know EVERYTHING about you, now.
Highly visual and talk-activated computers are absolutely great for games, movies, and TV. Why ? They function as narrative devices. They allow the actor to say or explain things they otherwise wouldn't have said out loud for personal, practical, or security reasons. They can become characters in their own right. People like those big screen computer displays where the characters are poking things all over and up and down - it looks cool. But not so cool is having your arms get tired from reaching up and around all the time. Not so cool is having to tell the computer out loud what kind of special images you want to search for when you have house-mates living in the next room over.
Just some thoughts. If you have other or counter ideas, go right on ahead.
Hello guys, this is a small article cum question thread. After reading please give me your views.
When we buy a phone and we start with our gmail id.
They forcefully sync all data, even the gallery (picasa).
I mean why is Google entering in our life so much..
They have every single detail. Contact , location, whereabouts, preferences, taste, when we get up/ sleep...
Every single data is with Google.
Now Google glass... Its too much interference...
I feel like being spy by a person name Google. Prove me wrong, I will be glad.
Before Android, I had Nokia phone. I never felt being spy every time.
I have spend lots of money on my Android phone but im feeling insecured every moment.
Why Google force all to sync the data/ why Google wants to enter in everyon's life?
Are we purchasing Android phones for being monitored 24x7?
Let me know your views too..
Thank you.
Disclaimer:
I am not an apple fan. I have shared experience and beyond this I don't have intension to degrade the goodwill of gaint Google.
Supporting links for this thread
http://m.firstpost.com/tech/how-to-stop-googlefbspyingyou-220138.html?page=1
http://m.youtube.com/#/watch?v=imbkac40t38&desktop_uri=/watch?v=imbkac40t38
Endless....
We've all heard about the "big brother". Before the TV reality shows there was only books and stories about it, there were wars for power and world dominance. May be my words are too strong, but think about it - there are strong arguments in DBZo07's post, don't you think?
Google may be one of the reasons for the next World War. I am sure that there will be one - all of the major civilizations before us have disappeared for various reasons, most of them connected with war and the will of dominance. We will wipe ourselfs too or will become "human androids".
I think that we should think about what will be the next kind of terrorism? I doubt it will be for petrol, gold, money... it will be about information, communication, privacy - and Google are getting even more and more into our life, as DBZo07 have observed. It was only 8 years ago when for most of us smartphones were a joke and look now - hybrids, phonepads, padphones, tablets, docking stations, virtual HDD's (cloud storage)... Now can you leave without Viber, skype, facebook, gmail? No, you can't and if you could you will be searching for better replacements.
When you put all of the things it really seems too much. What if someone uses the information we share virtually each day? What if someone wants more than just money to share or store our information or to communicate with each other? Now they want our money, but tomorrow?
May be someone will want more from us tomorrow... may be we will start to sync our dreams for more efficient sleep time.
Or probably my arguments are nonsense and no one will let these thing happen. I hope so and I believe so - you should believe too
Yes it is bad, but just do like everybody disliking this state, deactivate all you can that allow google to "follow" you.
At the end, androïd is not linux, androïd is "google is watching you OS", so make all you can to hide yourself.
Maybe one day, we'll have a "pure" linux system for smartphones.
@mutha88 : that's what , we are forced to believe Google like God. Turning off auto sync may ease our mind. But still who knows about which data is being snatched with our data plan on all times in the very owned OS of Google. I still can appreciate Microsoft Windows, which is carring on from years after years still there is sense of personal private life being secured.
No doubt Google is an award winning innovative company but why getting personal to the extent of choking privacy.
On other hand, consumers are least concern about privacy now a days. Very trusted Microsoft is trying hard to penetrate phones and data stealer Google is having large pie of market share. It is we who made Google survive and in return we have loss of privacy.
@BombinBasta : yeah, but for development of any OS needs finance. Linux is free open source, hardly people donate. And Microsoft has enough money to carry on their development. Apple already charges too high for thier devices. Whereas Google... makes money from phones, market, various products and who knows what they make from every details of their users.
Seriously, as i heard from childgood that evil ends when they cross thier limits... will there be end of Google anyways!!! I wonder.
May be I'm wrong but their are no proper justifications from Google for interference.
Sent from my GT-I9082 using Tapatalk HD
u cant be free of data collection by google...
even if u never sync ur data and use internet on ur android(even if it a vanila AOSP android ) there is code in that to give the data to google.
in todays age of information technology....information/data is everything...WHO HOLDS THE DATA...HOLDS THE POWER TO RULE THE WORLD...
DBZo07 said:
@mutha88 : that's what , we are forced to believe Google like God. Turning off auto sync may ease our mind. But still who knows about which data is being snatched with our data plan on all times in the very owned OS of Google. I still can appreciate Microsoft Windows, which is carring on from years after years still there is sense of personal private life being secured.
No doubt Google is an award winning innovative company but why getting personal to the extent of choking privacy.
On other hand, consumers are least concern about privacy now a days. Very trusted Microsoft is trying hard to penetrate phones and data stealer Google is having large pie of market share. It is we who made Google survive and in return we have loss of privacy.
@BombinBasta : yeah, but for development of any OS needs finance. Linux is free open source, hardly people donate. And Microsoft has enough money to carry on their development. Apple already charges too high for thier devices. Whereas Google... makes money from phones, market, various products and who knows what they make from every details of their users.
Seriously, as i heard from childgood that evil ends when they cross thier limits... will there be end of Google anyways!!! I wonder.
May be I'm wrong but their are no proper justifications from Google for interference.
Sent from my GT-I9082 using Tapatalk HD
Click to expand...
Click to collapse
You act like Microsoft doesnt do the same thing. When ever you use any of their programs it is the same. Privacy is a moot point if you use the internet for anything. You would be amazed how many times your personal info is used. Use a Shopping card to get discounts? Tracked. Use a CC for anything? Tracked. Buy anything on line? Tracked. Use any social networks? Yup tracked again.
It is not just Google. If you trust MS so much then why not get a WP?
k2wl said:
u cant be free of data collection by google...
even if u never sync ur data and use internet on ur android(even if it a vanila AOSP android ) there is code in that to give the data to google.
in todays age of information technology....information/data is everything...WHO HOLDS THE DATA...HOLDS THE POWER TO RULE THE WORLD...
Click to expand...
Click to collapse
This information again shocking.. will there be a respect for privacy is a big question..
Is there any way that code being blocked ...
zelendel said:
You act like Microsoft doesnt do the same thing. When ever you use any of their programs it is the same. Privacy is a moot point if you use the internet for anything. You would be amazed how many times your personal info is used. Use a Shopping card to get discounts? Tracked. Use a CC for anything? Tracked. Buy anything on line? Tracked. Use any social networks? Yup tracked again.
It is not just Google. If you trust MS so much then why not get a WP?
Click to expand...
Click to collapse
My bad.. Microsoft still a good sided. I'm not promoting Microsoft but everybody have used Windows and this hunger for data wasn't found, maybe Microsoft is too smart to do silently but there is a chance that it may or may not be true. Google openly does all stealing I mean who is going to held them!! We the users are just watching being used all time.
When I took Android , i wasn't aware of Google's hunger for information..
In the end, everyone is happy without Google's justifications...
Sent from my GT-I9082 using Tapatalk HD
I would like to point out that you are under no compulsion to connect an android phone to a Google account. You only need to connect your account if you want to avail of their services such as Play Store, syncing contacts, etc. If you can do without them, then by all means you can disconnect your Google account.
Sent from my Nexus 10 using Tapatalk HD
sidthegreatest said:
I would like to point out that you are under no compulsion to connect an android phone to a Google account. You only need to connect your account if you want to avail of their services such as Play Store, syncing contacts, etc. If you can do without them, then by all means you can disconnect your Google account.
Sent from my Nexus 10 using Tapatalk HD
Click to expand...
Click to collapse
I completely agree...
As for me I don't like Google's spying so I uninstalled all their apps, including network location and Google framework service, and I use alternative apps for gtalk or Google play. And recently I even made a new email at Yahoo's. I know Yahoo spies as well, but since android is Google at least I don't put all my eggs in the same basket.
If like me you are very privacy concerned there are ways to cut the abusive permissions most apps use.
You need to be rooted, and then use apps like appsettings (in conjunction with xposer app), permissions denied, rom toolbox, greenify, privacy blocker, and the best (but unfortunately not available for all roms) : pdroid and its variants like open pdroid and the like.
For example, recently I downloaded the Yahoo app. Before to start using it I put it through privacy blocker and then changed the imei value and other nosy informations with fake values (thank you privacy blocker and respect to xeudoxus its developer). Then I opened appsettings and blocked other unwanted permissions (thank you rovo and tungstwenty, respect). Finally I started to use it, and when I'm done checking my mails I greenify (thank you oasisfeng and respect) the app to avoid background usage.
Of course when one does such things one doesn't get notifications as soon as a new message arrives, but as for me I don't care since I don't need, and don't want, to be connected and hence spied, 24 hours a day.
It's relatively easy to get rid of the spying, but of course you will loose 2-3 features.
It's up to you...
I did the same with my browsers (opera mini and dolphin), privacy blocker+ appsettings+greenify, and with Mozilla I use an add-on called self destructing cookies.
Another thing is that not only Google spies on us, actually everyone does.
Just have a look at the permissions used by your system (default) applications, it's insane moreover that when one blocks those abusive permissions the apps still work. Don't think that it would be any better with a custom room, it's exactly the same story with cyanogen mode or aosp or pa etc.
What I do is that I remove most system apps (keeping like 10 for my tab, and 20 something on my phone, which means that I uninstall over 100 system apps, exactly 160 on my tab's recent jb upgrade) and replace them with third party apps that are easier to control and whose permissions are easier to block. And of course I block everything I can, system and user apps alike.
One of these days when I have time I'll write a more precise guide on these matters...
unclefab said:
I completely agree...
As for me I don't like Google's spying so I uninstalled all their apps, including network location and Google framework service, and I use alternative apps for gtalk or Google play. And recently I even made a new email at Yahoo's. I know Yahoo spies as well, but since android is Google at least I don't put all my eggs in the same basket.
If like me you are very privacy concerned there are ways to cut the abusive permissions most apps use.
...........
One of these days when I have time I'll write a more precise guide on these matters...
Click to expand...
Click to collapse
Sir, this is what I wanted to know. Thank you very much for your valuable time and experience shared here. I know this is serious concern and people like us need a way to be have a sound sleep without virtual spies.
About permissions, Google chrome takes permission to use camera and mic without and command by user.. I mean why Google needs it...again another why...
Your reply was very helpful, thank you...
keep updated me here when you can...
Stay blessed..
DBZo07 said:
Sir, this is what I wanted to know. Thank you very much for your valuable time and experience shared here. I know this is serious concern and people like us need a way to be have a sound sleep without virtual spies.
About permissions, Google chrome takes permission to use camera and mic without and command by user.. I mean why Google needs it...again another why...
Your reply was very helpful, thank you...
keep updated me here when you can...
Stay blessed..
Click to expand...
Click to collapse
My pleasure, I'm happy if I could help you...
Google chrome is one of the worst browser when it comes to privacy. If you want to keep on using it try to block the unwanted permissions like camera and mike with appsettings. The problem is that sometimes apps crash after having their perms blocked, and in this case what I do is just uninstalling and looking for another one that does the same job, fortunately there is no shortage of apps on the web
If you can't manage to tame Google chrome just use Mozilla. It has some abusive perms as well but they can be disabled for sure (I use it). Not with appsettings though but with permissions denied (another privacy app, quite powerful but one has to use it with care).
Just get the apps I recommended in my first post (some are paid but they are well worth the money) and start playing with them, in no time you will regain your privacy.
And uninstall as many system apps as you can...
Good luck!
Oh, I nearly forgot! Read my post in the following link, it tells which apps are safe to remove for the galaxy grand:
http://forum.xda-developers.com/showthread.php?p=39395506
They anonymize all of the usage data as much as possible. If you don't like using Google services but still want to be able to download apps from the Play Store, go into Settings -> Accounts -> your Google account(s) -> uncheck all of the boxes for syncing various services.
Every company collects information on usage in order to better their products and find out how people are using them. They're not reading all of your emails (yes, their computers scan them to show you relevant text ads, but that's all) or coming to your house to film you while you're in the shower. You guys are overreacting. There is not one company who doesn't collect usage data. And if they don't, then they're doing it wrong, because they're developing their products and services blindly. Google is pretty clear about their data collection policies.
unclefab said:
My pleasure, I'm happy if I could help you...
Google chrome is one of the worst browser when it comes to privacy. If you want to keep on using it try to block the unwanted permissions like camera and mike with appsettings. The problem is that sometimes apps crash after having their perms blocked, and in this case what I do is just uninstalling and looking for another one that does the same job, fortunately there is no shortage of apps on the web
Click to expand...
Click to collapse
You do realize that Chrome has the Microphone permission so that it can hear you when you use voice search, among other things, right? Your computer browser can also access your webcam and microphone...
I care about privacy as well, but you guys are wearing tinfoil hats. Google does not care about you. They just want to know how to further develop their products.
Product F(RED) said:
You do realize that Chrome has the Microphone permission so that it can hear you when you use voice search, among other things, right? Your computer browser can also access your webcam and microphone...
I care about privacy as well, but you guys are wearing tinfoil hats. Google does not care about you. They just want to know how to further develop their products.
Click to expand...
Click to collapse
Of course I know that this perm is for the voice search, an app that I don't use either.
And I know that in 2013 it's not such a big deal if those big companies collect data about us, apart from spamming us with advs.
But I don't know how it will be in 10 our 20 years, and when I see the way our "democracies" go I rather understand now how to make myself invisible, better to prevent than to cure.
Imagine if Hitler had had this technology...
Those days are gone? I don't think so, the Yankees had Bush for eight years, the French had Sarkozy for five years, they were not modern Hitler but they were going in the same direction, cutting rough in the people's freedom.
They didn't go as far as Hitler but who knows what will happen in the next decades. I'm 44 and since the 90 ies I've seen a worrying drift towards less and less freedom, and it won't get any better for sure, it will only get worse.
Anyway, it's not only about this, it's about those apps using my data plan without asking, depleting my phone's battery and slowing my ram. If Google wants infos he has to pay for it, and I have to agree to sell him those infos.
Cuz my phone didn't come for free, I had to pay for it and I don't see why I should use my data plan to help big Google and co...
unclefab said:
Of course I know that this perm is for the voice search, an app that I don't use either.
And I know that in 2013 it's not such a big deal if those big companies collect data about us, apart from spamming us with advs.
But I don't know how it will be in 10 our 20 years, and when I see the way our "democracies" go I rather understand now how to make myself invisible, better to prevent than to cure.
Imagine if Hitler had had this technology...
Those days are gone? I don't think so, the Yankees had Bush for eight years, the French had Sarkozy for five years, they were not modern Hitler but they were going in the same direction, cutting rough in the people's freedom.
They didn't go as far as Hitler but who knows what will happen in the next decades. I'm 44 and since the 90 ies I've seen a worrying drift towards less and less freedom, and it won't get any better for sure, it will only get worse.
Anyway, it's not only about this, it's about those apps using my data plan without asking, depleting my phone's battery and slowing my ram. If Google wants infos he has to pay for it, and I have to agree to sell him those infos.
Cuz my phone didn't come for free, I had to pay for it and I don't see why I should use my data plan to help big Google and co...
Click to expand...
Click to collapse
It's more like, "by using the software on this phone, you agree to Google's data collection policies." Either create your own ROM that doesn't include the code, or don't use the phone. You could go to Apple and use an iPhone, but they do the same thing. Microsoft does the same thing with Windows Phone. Palm did the same with WebOS. Seriously, there's nowhere you can go where anonymous data isn't collected to develop products.
I am glad that there are few more people who take their privacy seriously and knowledgeable enough to know what happening inside phones.
I strongly believe that this topic needs mass exposure. Millions of innocent people don't know what's happening and the risks. Take this topic to social networks and spread. For my part I will post this thread link on Facebook, Twitter and WhatsApp.
I would also wish that some of our great developers would come forward and help in this matter.
Thanks for starting this thread.
I knew people will feel thus topic as paranoid. But that's preference.
No problem, speak against topic or support this topic, you will help other members have clear picture of what I want to say. After all critics have role to play too. So thanks to all.
@unclefab thank you for your comment which helped me get my words meaningful.
@silentvisitor that's what I had planned to get the topic wide exposure. Hope, there will be respect for privacy oneday.
Revolutionary changes are required and that can be just hoped.
The only hope I can see is that when the country itself recognises this as an issue than it can impact on world... more and more country joins the cause the stronger will be the impact.
These are just hopes and how future will play that God knows.
Sent from my GT-I9082 using Tapatalk HD
Product F(RED) said:
It's more like, "by using the software on this phone, you agree to Google's data collection policies." Either create your own ROM that doesn't include the code, or don't use the phone. You could go to Apple and use an iPhone, but they do the same thing. Microsoft does the same thing with Windows Phone. Palm did the same with WebOS. Seriously, there's nowhere you can go where anonymous data isn't collected to develop products.
Click to expand...
Click to collapse
Yep, true, and actually Apple is worse.
What I don't like, beside the fact that they hijack my connection, my battery and my ram (and I mean, not only Google but most apps), is that they create files about us. It's ok as long as we have a democracy but as I previously said I'm not very optimistic about democracy in the future, remember the infamous patriot act in the States...
For example, Google knows that mister uncle fab has a gmail account. It knows as well that uncle fab goes on this and that website and reads this or that page, buys this and that online, has this and that app on his phone, goes here or there (thank you GPS and Google now) and stops here or there, listens to this or that kind of music, watches this or that movie, takes this and that picture and so on.
Eventually they have a file about uncle fab, and know a lot about his life and his taste.
Suppose now that uncle fab is a commie and someone who disagrees with the invasion of Iraq and Afghanistan, and that he's a muslim who has traveled to some of the so called axe of evil countries (which I did by the way, that's why I take this example, but fear not for I'm no terrorist )
What would happen? If uncle fab lives in the States he may be in serious trouble and get invited to a nice all included stay in Guantanamo, eventhough he's not a terrorist.
Well that's just an example but seriously, what happens with all those files they gather about people? Not to mention facebook, you know what I mean, their data base is huge and includes pictures.
What will they do with those files in the event of the government turning fascist or half fascist?
I'm not a terrorist but I have some convictions and some ideas that would make me a bad guy for a fascist regime and that would bring me to jail.
Don't get me wrong, I'm not a bad guy
But, amongst others, I seriously dislike the State's foreign policy and sincerely think that the wars in Iraq and Afghanistan are crimes against mankind that should bring their authors (Bush and his friends) in front of the international court. I do think as well that endeavors like wikileaks are very good ones and that their informants shouldn't be trialled.
I do think other things as well, it's my right, but under the Bush administration I would have been called a bad American and if they had caught me I would have won a free stay in Guantanamo.
During the Mac Carthy area I would have been called a commie because of my anti capitalistic ideas and would have been sent to jail.
Etc, etc...
So eventhough I'm not a bad guy I rather stay as invisible as I can, no-one knows what will happen in the future but from my point of view it looks pretty grim to say the last.
Regarding your remark about building my own Rom I agree, it's on my list of to do things.
But let's see first how the Mozilla os goes, and if the devs behind the Linux on android project manage to make it work properly for a daily use.
At the end of the day it's a matter of choice as you said, if someone doesn't like Google one can uninstall its apps.
You know, I spent hours playing with the apps I mentioned in my previous posts and I can say that no app knows my imei or my location, and that the only apps I allowed to connect with the internet are my browsers and the Yahoo app whose abusive perms I blocked.
Of course the browsers know my ip but that's all they know and I don't care about it, and if one day I did then I would use a vpn app or tor/orbot.
So I don't see how anyone could squeeze any data from me...
Oh, I just found this on the forum, give it a read:
http://www.xda-developers.com/android/say-sayonara-to-the-play-store-part-1/
If you want privacy, go move to a rainforest in South America or something. Get rid of your phone, computer, internet connection, etc. What you guys are asking for is ridiculous. You want free products handed to you on a silver platter. These companies need something in return. At the very least, they need the information they collect to understand their userbase. I'm a marketing major and computer science minor. Really, I understand that privacy is pivotal to you guys, but you're demanding something pretty ridiculous. This is ANONYMOUS usage data.
Sent from my Galaxy Note 2
Product F(RED) said:
If you want privacy, go move to a rainforest in South America or something. Get rid of your phone, computer, internet connection, etc. What you guys are asking for is ridiculous. You want free products handed to you on a silver platter. These companies need something in return. At the very least, they need the information they collect to understand their userbase. I'm a marketing major and computer science minor. Really, I understand that privacy is pivotal to you guys, but you're demanding something pretty ridiculous. This is ANONYMOUS usage data.
Sent from my Galaxy Note 2
Click to expand...
Click to collapse
You sound very straight forward. Your comments are brainwashing. You have better way of critical thinking, its appreciable. As a marketing guy you know user have different preferences and taste.
Rarely people are concern about privacy which is not letting this being called as an issue.
Data is used anonymously, is this justified?
Even Facebook says this, than why it has photos and name in their database?
How come Facebook/Google recognize face with exact name if data is anonymous..
Can any of data stealers come forward and give just a short justification and proof about how data is being used?
Sent from my GT-I9082 using Tapatalk HD
As Fred as stated, everything you do is tracked and monitored. This is nothing new really, been going on for years. There is only one way around it. That is to remove yourself from all things as stated above. You would be amazed how many times your personal info changes hands on a daily basis. Even utility companies track your usage. Your cell carrier does the same thing. Now I understand wanting privacy but total privacy is a myth that in this day and age is not an option. Now I dont trust the Gov in any way shape or form, to the point of not buying any device that has the fema chip installed. Which is 99% of the devices in the US.
Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?
jaifora said:
Hi, I am wondering to what extent Google has built into the android OS, ways of collecting data on the user, even when the user does not open a google account and uses only side loaded apps. ? Does anyone know the answer to this?
Click to expand...
Click to collapse
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!
setmov said:
Read this thread, even if it's about Xiaomi, on the 2nd page you will find your answer!
Click to expand...
Click to collapse
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.
nerotNS said:
I've read trough the second page and couldn't find what you're aiming at. So far as I can see it's only about xiaomi ROMs and their proprietary apps, that cause the security holes.
Click to expand...
Click to collapse
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!
setmov said:
What you were asking is actually just the same! Short answer: Google is in your phone at a API level, and there is no way to get rid of it!
Click to expand...
Click to collapse
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
* AntHalService
* XiaomiServiceFramework
* Cleanmaster
* com.xiaomi.gamecenter.adk.service
* com.duokan.airkan.phone
Click to expand...
Click to collapse
None of them are Google apps. All of them are 3rd party. For example, my nexus 4 with stock Android doesn't have these apps, therefore no data is sent.
nerotNS said:
It's not the same as the API itself is not the thing that sends the data. The apps that USE those APIs are the ones that route the data.
The apps on the thread
None of them are Google apps. All of them are 3rd party.
Click to expand...
Click to collapse
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!
setmov said:
An app has not to be Google proprietary. Android is!!! Are you aware of what info are sent out of your android phone without you will be able to intercept them? You are right, apps are sending info, as also Google per se are collecting info, all the time. Please, don't believe me, actually I'm suggesting you not to believe me, but sooner or later, you'll see! There is no firewall, root, or any other trick able to stop them or control them! The only way is to strip Android apart, and recreate a new API, but then, bye bye functionality!
Click to expand...
Click to collapse
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.
nerotNS said:
Android is open source, if there were serious security exploits they would have already been found and patched out. If not by Google itself, then by 3rd party developers. It's true that Google collects data like your location, but ONLY if you allow it. Also, even if you're correct, disabling the internet will help anyone who's paranoid enough. Besides, the xiaomi thread deals in stuff a lot more serious (eg. money) than the misc data such as the % of time you spent playing a game. All in all, while it's possible to exploit Android and steal data from incautious users, Android as a system doesn't sell or give your key info (user, pass, card no etc.) to anyone.
Click to expand...
Click to collapse
That's right, we don't have to be afraid of Google to use our data like Xiaomi, but....here is what I know for sure:
(copied from Xiaomi thread)
The point is that is not important what OS you are using, or what is the phone manufacturer. All of them send your data to their "masters". Said that, let's take a look at google. The first time you boot your precious phone, and you connect to the net, Google will receive your IMEI, your phone number, your location (based on network or gps, depends) an all the data you have on your phone. Ok, I know, I know, they are the owners of the Android OS, and they can do whatever they want, and you will never know what they are doing if you have a stock rom, You will not know what they are doing as a power user with highly customized rom as well. Why? Well, because their API. To be clear, the API, also known as "application programming interface (API) specifies a software component in terms of its operations, their inputs and outputs and underlying types. Its main purpose is to define a set of functionalities that are independent of their respective implementation, allowing both definition and implementation to vary without compromising each other.(as per wikipedia)" in not always an "open source project" and the Android core platform API is not "open source" at all, even in the "AOSP" project. The point is that when you use an android platform, if you want it or not, Google receive your data. Let me go further....a month or so ago, Google has implemented their Gmail policy, and started a new monitoring program against pedophilia, and at my point of view, this is a good thing, but, you have to know what's going on. actually they scan every email in your inbox and to or from their Gmail service searching for clues. If they find something, then you're screwed, because they know who you are. Believe me, they know! But this is not the point, so, where they store all the infos on you, and your Gmail account, when they find nothing? Oh, of course on their servers in the US!!! Based on the Patriot Act, the "Agencies" do not need any kind of "court order" to take a peek inside your life. They can do whatever they want, and actually they are doing it. Google will never say NO, and it's obvious why. Based on what is above mentioned, all the US based companies do the same. Unfortunately, the most of the world use Android, even if the manufacturer is Chinese or Vietnamese or whatever else. If you strip Android apart because all of that and you want your privacy back, you will find an interesting thing, that your Android will no more work correctly, and you will find it unusable. This is exactly because the core functionalities that spy on us. We can discuss this as much as we want, but these are facts. To be completely sure that no one is spying on you, someone would have to rebuild the whole Android system, but without a lot of money and the right "crew" this will never happen. Same thing you can expect from Apple (no need to mention the leakage of their cloud system) or Microsoft. Xiaomi, also use services that need your personal data...cloud, sms, mms, whatever, and by buying their product you agreed with them. They will not stole your credit card, but their "agencies" will know who you are, and what you do. But, to be honest, they will do you nothing if you are a non-Chinese citizen. I have never seen Chinese Agencies doing something to the rest of the world, but I have seen US agencies doing bad things to their citizens and the rest of the world. So, let's be honest and admit it, as much as we talk about laws, no one is protected by them. If you are gonna buy a phone, you have to face the fact that you will be under surveillance and monitored. If you have the luck and you live in Switzerland, then you're ok, if not, well....face it, you are SOL. You have just to understand that no provider, manufacturer or OS developer will never solve this issue, because there is no interest.
About AOSP: (from their site!!!)
- First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. -really? YES!
- Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices, and we turn to releasing the source code. hmm....
- In some releases, core platform APIs will be ready far enough in advance that we can push the source code out for an early look in advance of the device's release; however in others, this isn't possible. - hahahaha, ask yourself why!!!
And this is just for start. This is not an app-related issue, we are talking about Android CORE! I love Android, I am using it actively and I am happy with it, it's just that sometimes I feel that this is not fair, but hey, who am I to told them what is or it's not fair? Is not a matter of OS, nor device. All have the same core functionality! NO PRIVACY for them! Accept it or not, these are facts.
I'll start with this:
First, the software gets built into a system image for a device, and put through various forms of certification, including government regulatory certification for the regions the phones will be deployed. It also goes through operator testing. Once the release is approved by the regulators and operators, the manufacturer begins mass producing devices.
Click to expand...
Click to collapse
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).
nerotNS said:
I'll start with this:
Government regulatory certification means that the device being certified is build and in compliance with the laws of the specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).
Click to expand...
Click to collapse
@nerotNS I am not going to make a discussion with you, on some points you are right, on others, you're very wrong! I would love to be like you!
So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?
QUOTE=nerotNS;56965212]I'll start with this:
Government regulatory certification means that the device being certified is built in compliance with the laws of a specific country. That includes building materials, but is mostly focused on radio frequencies. This is to ensure that you don't get a "wild" device with random frequencies (since it has various radios for ex. GSM, GPS, Wi-Fi etc.) which can disrupt the normal functionality of a GSM tower for example. It also ensures that the device is safe (that's what we need FCC for), in terms of radio waves radiation. Operator testing means that when the device is being sold via a carrier like Verizon, AT&T etc., it is compliant with their proprietary software (more commonly known as bloatware) as well as that the device will work properly on their frequency bands. This is the main reason OTAs for Carrier devices are usually quite late compared to the "stock" or OEM devices.
Now about that Gmail scanning service, it doesn't mean that they STORE the results of the scan, they could be read only, meaning that their bot goes over the contents, but doesn't save anything on their servers (this was an issue earlier, but due to lawsuits, Google had to stop saving data, and delete the data already saved).
Next, it's true that Google receives your IMEI, but only AFTER you log in to your Google account. And this is not that they can sell it to someone, but to help identify that particular device on your account for uses of Google services (for example the Google Play web interface; if you had two same device models on your account how would you know which is which?), and IMEI is easy to get and since it's unique it fits the purpose. Your location is used for the same purpose, and even that is not pinpointed exact location but approximate location (which serves the purpose, but isn't intrusive). There is also the use of services such as the Android Device Manager which is a good thing, since it helps find and lock lost/stolen devices. Again, for this you need a unique identifier, and location (in this case precise).
Also, depending on your country of residence they DO have to get at least a court order with reasons for the investigation in order to access your files.
Further down the road, an API can't do anything by itself, it's sort of something that enables an APP to do something. Now that's a big difference, because you can't say "That API sent my data". It' the app that USES the specific API that transmits the data to a 3rd party. That's two worlds apart, because an app we can easily block via a firewall or even delete it completely if we find the need to.
Finally, agencies such as the NSA, FBI, or any other state agency don't have much interest in an ordinary person. There just isn't much to find about a regular citizen, as they don't really care about your every day life (setting up private meetings, sending pics to each other etc.).[/QUOTE]
So, between you, you seem to be saying that an android phone can definitely send info to Google via an app, but you disagree on whether there is anything built into the API which sends info to Google independently of any app which can be clearly seen in the OS. I am wondering if there is anyone who actually knows the answer to this, through being involved in the development of the OS, other than a Google employee who may not be free to tell the truth, if the answer would be unpopular. I wonder if a user can be free of their snooping simply by not opening an account or using any of their products, or whether the only solution is to wait for a truly independent developer to produce a stable, quality device?
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Well, you can always turn on Androids built in Device Encryption (if you don't mind slower r/w speeds). Combine that with a firewall and what you mentioned above and I think you're good.
unclefab said:
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Click to expand...
Click to collapse
@unclefab - well said!!!
I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! Yes guys, when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage! You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device! I am no developer, and I am not calling myself as such, but I know what I am talking from a security stand point! I am not a conspiracy theorist, and I will not tell you what I am doing for living, but definitely I know what I am talking about! Some times people are definitely dumb! Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?Are you aware what a little cookie can do? Are you aware why they use fake cell towers? Are you aware why they collect your data? Ads improvement? Service Improvement? Court orders? Really? Google isn't storing your data? Or Facebook even worse? Can't you really see what is going on? You can think I am an idiot, but as @unclefab said, trust no one! I am telling you this as a fairy tale, you can or can't believe me, but check for yourself and you'll see!
nerotNS said:
Well, you can always turn on Androids built in Device Encryption (if you don't mind slower r/w speeds). Combine that with a firewall and what you mentioned above and I think you're good.
Click to expand...
Click to collapse
No you're not good to go! Not if you're trying to avoid gov. agencies! And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time (at this time only Lollipop is causing issues to decrypt) !!! But hey, you have any right to believe otherwise!
Just a little off topic example....do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
@unclefab finally someone with some common sense!!! BRAVO!!!!
I am really glad you have elaborated my post! Probably the most will not even see what we wrote here, but hey, someone maybe will be able to learn something new!
Again...BRAVO!!!!
unclefab said:
It's not about API, it's about what data apps can access and what is sent over the internet, and it actually goes much further than what most people think.
Use apps like Network Log or Network Connections and give Wire Shark a try, and track which IPs apps connect to.
You'll be surprised...
On my Samsung, after I had removed all the google spyware (erggghhh, I mean google apps) and about 150 stock apps, I saw that the kernel was connecting to some google related IPs and to google's DNS, eventhough I had set the phone to use Open DNS in the resolv.conf file, and that the android system was calling home (read "at google's central office in mountain view, California") everytime I connected (note that my phone had never been linked to any google account whatsoever).
Some of the IPs could easily be blocked by using a firewall script, but for some others and for the DNS leaks I had to patch some jars in /system/framework.
One thing is that it differs from phone to phone, I've checked on a Lenovo and there is much less of such unwanted connections.
Is it embedded in the AOSP code? Maybe, I don't use AOSP or CM based roms so I can't tell, but what I can tell is that it's funny to see people screaming about Xiamoi when it's the same elsewhere.
Anyway, if one wants to protect oneself it's possible albeit a bit involved.
First is first, root.
Second, use Xprivacy and a good firewall like AF+.
Then, make a script to block inbound and outbound disturbing IPs.
So, am I good to go now?
Not yet, let's get a step further...
You need now to decompile some of your system apps and some of your jars, and track lines refering to specific websites and DNS.
- Note that if you really are privacy concerned you should uninstall as many system apps as you can (only 11 left on my phone) and replace them with third part apps that are much easier to restrict and have less privileges. Forget about google spyware (erggghhh and sorry again, I mean google apps), facebook spyware-apk, what's app etc... -
That's it?
Still not, there's more!
Xprivacy is a fantastic tool, but due to android limitations it can't restrict ids for the android system.
Have tou ever heard of android.id, build.serial, ro.boot.serialno, ro.serialno etc.? And what about the serial_no and the mac in the efs folder? And the cpu info in proc? And the serial_number in sys?
- I'll deliberately stay vague on those matters, only people that know what they are doing should mess with that kind of stuff. -
Those are ids specific to your device and of course they identify you, that's what they are meant for!
An example, have a look at the wpa_supplicant.conf localised in data/misc/wifi. You'll see that it has your serial_number which means, and experts please correct me if I am wrong, that everytime you connect on the wifi your serial_number gets sent.
You want to change it manually?
Yeah sure, edit it directly from the file. Now start you wifi and check again the serial_number, you are back to the original value.:cyclops:
I'm not sure whether, if your firewall script is well done and if Xprivacy has been well configured (read "VERY restrictively configured"), those ids leaks or not, but since I like to have more than one protection layer I've edited all of them.
Some ids are easily changed using setpropex or an init script, some are harder and require boot.img editing, but I won't explain any further since as written above only people knowing what they do should play with that stuff.
If all of the above has been done I don't think that anyone can get much data from your phone, but I'm not a security expert and I'd like to hear what you guys think.
Note 1
Trust no one.
I found that apps I had created for testing purposes were requesting my serial, my MCC and my MNC upon installation, eventhough I hadn't given them access to that data neither in the code nor in the android manifest), and then I found that nearly all apps request the same.
Does it come from the IDEs (I have tried with two different brands and it was the same) or does it come from the android OS itself?
I have risen the issue here but nobody seemed interested and nobody blessed me with any relevant answer. Was it that they thought I was unworthy of their attention, or was it that they just didn't know? Or both? Who knows but once more I tell you, TRUST NOONE!!!!
Note 2
Someone said that the NSA and other agencies don't have much interest in a regular person which is true, but they nevertheless gather as much info as they can about as many people as they can, just in case.
In the 50's it was illegal to be a communist in the USA, if cell phones had existed at that time Mac Carthy would have found his job greatly eased.
During the Bush era it was either one was with him or one was against him and was dubbed a bad american (even if one wasn't a terrorist but simply agains Bush's policies), with Guantanamo around the corner if one was suspected of too much empathy with the arab victims.
What's next?
They decide what is subversive and what isn't, and maybe one day you could be subversive because you are against capitalism, or against globalisation, or sympathetic to the people that defend their land agains US invasions and US backed puppet governments.
Or because you rooted your phone?
Keep your eyes open and stay aware guys...
Click to expand...
Click to collapse
setmov said:
@unclefab - well said!!!
I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! Yes guys, when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage! You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device! I am no developer, and I am not calling myself as such, but I know what I am talking from a security stand point! I am not a conspiracy theorist, and I will not tell you what I am doing for living, but definitely I know what I am talking about! Some times people are definitely dumb! Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?Are you aware what a little cookie can do? Are you aware why they use fake cell towers? Are you aware why they collect your data? Ads improvement? Service Improvement? Court orders? Really? Google isn't storing your data? Or Facebook even worse? Can't you really see what is going on? You can think I am an idiot, but as @unclefab said, trust no one! I am telling you this as a fairy tale, you can or can't believe me, but check for yourself and you'll see!
No you're not good to go! Not if you're trying to avoid gov. agencies! And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time (at this time only Lollipop is causing issues to decrypt) !!! But hey, you have any right to believe otherwise!
Just a little off topic example....do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Click to expand...
Click to collapse
unclefab said:
"I completely agree with you. I have also tried to rise some awareness, but I keep seeing answers like "agencies don't have much interest in a regular person" and those are the first that are wrong (or are working for "someone")! "
Yeah, I've noticed the same, and they sometimes remain suspiciously silent on other subjects (like the questions I asked in my previous post or the issue I rose about illegitimate perms in home made apps), so I start to think the same than you.
Which means that we re back to the:
TRUST NOONE!
"when you first start your phone, and connect to the internet, in that very first moment, Google will receive your data, no matter what you did to restrict the leakage!"
True, that's why before to connect for the first time one should do the things I mentionned in post #12, plus some other settings that I will explain about in a soon to come tutorial on how to secure one's phone.
"You don't connect to internet? No problem, your operator will receive the same thing when you put their sim into your device!"
True again, but there's an easy way to bypass that.
First, don't give your real name when you buy a phone (sounds obvious but most people don't even think about it).
Second, don't give your real name when you buy a sim (same remark as above).
Third, with Xprivacy, AF+ Firewall, AppSettings, a firewall script, some init.d scripts etc. I don't think one's operator can get much in terms of private data out of the phone, apart from the sim imsi, the phone number and how many credits left there are.
To secure the internet connection use Tor, your operator will know that you use it but it won't know anything else.
It still knows who we are calling, for how long etc. when we use the phone functions and AFAIK there's no way to prevent that, except maybe by using those apps that encrypt communications (I can't comment on that since I don't use my phone to phone or to text, and anyway I don't believe in encryption, see below).
But then comes common sense and the TRUST NOONE concept, if you call mum for her birthday you can use your phone, if you want to make a sensitive call use a public phone.
"Are you "people" aware that Google has a direct line (yes a "red phone" connect directly with the gov.?"
Yep, the same applies to Microsoft and Skype, Facebook, Twitter, Apple etc.
It's true that they don't really care about us for now but still, they gather as much data as possible in case one day they need to chase people like you and me because of a new anti subversion law.
"And just to be fully clear, encryption will help you with the local thief, any gov. agency will break it in no time"
I agree with you, and I even think that encryption is dangerous cuz it gives people a false sense of security. I don't think there's any encryption that can resist a two storeys computer, and there probably are anyway backdoors everywhere regardless of what their devs claim.
The same applies to Linux, it has been compromised by the NSA since 2003.
Open source, the code can be reviewed blah blah, yeah, sure, and who reviews it?
Who has weeks to spend reading boring lines of code?
The schema is simple, as soon as you have an app, a website or an operating system, or whatever that becomes relatively popular, the men in black come knocking at your door.
Unless you have been clever enough to hide properly, but most of the time that's not the case (see how easily they caught silk road, how easily they trace anonymous hackers, the list goes endless).
You want another example?
After Snowden's revelation many so called secure emails have popped out here and there. I've tried quite a few and guess what?
You can't use most of them if you are on Tor with java script disabled. The funny thing being that you still can use gmail or yahoo without java script, interesting isn't it?
Now back to encryption, instead of using it once more one has to use one's common sense:
DO NOT store sensitive data in your phone, that's it.
If you have sensitive data keep it on an usb stick, or a hard disk, the idea is to have it on a support that is not web connected.
"do you think this is the work of some hacker: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance"
Hehehe, the only question is which men in black agency made it.
The US? China? Russia? The zionist? India?
Click to expand...
Click to collapse
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now setmov I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.
nerotNS said:
You guys are way too paranoid. First off, if you're all into don't track us down, why are you using the Internet in the first place? Now for the technical part.
The kernel is trying to get the the DNS because guess what? DNS is needed for Internet connectivity. Android is a smartphone and many of its services rely on having an Internet connection. So it's rather normal that a system-level part is trying to establish a network connection. OEM kernels have more of this compared to AOSP because they use their proprietary services.
And sure, you can use 3rd party apps, but they too can contain tracking data, and prior to 4.4/5.0 core system apps were open source, and you still don't have to use gapps.
Next, you can't change hardware embedded data like serial numbers for a number of reasons, security being one of them. If it was that easy you could never track down stolen phones for example. Much like a motor engine serial number in a car. Same goes for IMEI. Then you spoke about the past. Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online.
Further, yes you ARE good to go. Androids built in encryption system is pretty tough. If your bootloader is locked down, you have no custom recovery, it ain't that easy to get to your data (excluding nexus devices, because of their development nature this can be relatively easily bypassed). Plus, they'd have to have physical access to your device.
They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account. I've already explained why, plus it's for their statistics for example the number of active android devices, new Android device activations on a daily basis etc.
You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists.
Calling encryption dangerous is ridiculous to say the least. And yes, even "two story computers" are gonna have a bad time cracking it. Ever heard of a 256-bit AES?
Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too.
Conclusion: Yes, there are ways to compromise security and data. Yes you can block most of those ways. But this level of paranoia is ridiculous to say the least and sounds like something I'd see in a conspiracy TV commercial. Reading trough your posts here I half expected to see "The end is nigh. Hide your children!" kind of sentence. If you believe that we're all monitored, then throw your router trough the window, smash all your tech, and live in a candle lit room. But please don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV.
Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance.
Click to expand...
Click to collapse
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck
@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:
unclefab said:
@neronS
"Things change over time, it's not the Cold War ETA anymore. Next yes, court orders. According to international law they DO NEED a court order to see your data. And even that is done only in high profile criminal cases. You can read quite a lot about privacy laws online. "
Saying that shows that you are either very young, or that you have never left your home town, or both.
It's not the cold war anymore, true, now it's the so called war on terror, the US allways need to have an ennemy (before that back in the 90's it was the war on narcotics, but you may have not heard about it).
International laws you said?
You think the States care about those laws?
Did they care about it when the UN said that the invasion in Iraq violates such international laws?
Have you heard about the Abou Ghaib jail? That was another nice example on how international laws are followed by the States.
Apart from that, have you heard about corrupted indian officials tracking indian facebook users that expose their scamms?
Have you heard about that indonesian atheist that got severely beaten up by an angry mob because he had declared on his facebook account that he doesn't believe in god, and that endded up in jail (the atheist, not the mob) for blasphemy?
Have you heard about that bangladeshi blogger that may be executed cuz he wrote on his blog that he's an atheist?
You want more examples?
Oh yeah, I almost forgot, the states, the country of freedom and democracy, the country where you need a court order.
What a joke!
Have you heard about all what the US did these last 200 years? And have you heard about what the US is currently doing in 2014?
I guess you didn't, hence your last reply...
But as for me I did, and that's why I can't trust such a country. That said, I can't trust the european, the chinese, the indian or the russian either, not to mention the middle eastern, as I already said I trust NOONE...
"They won't receive any of your "precious" data except your rough location and serial numbers as well as your IMEI that will be bound to your Google account."
Really?
What about permissions like access fine location (precise gps location), read sms, send sms without the user's knowledge, write sms, read bookmarks, write bookmarks, read contats, write contacts, read call log, write call log, read contact card, read user dictionary, get accounts on the device, perms that can be found in apps where such perms are not needed, you want more?
Have a look at all the data leakage when you connect to the internet, and you'll see that it's not only about a few digits...
"You say you don't use a real name when buying a phone? Well tell me then, what about ID cards? You fake them too when signing a contract? Buying a prepaid SIM card doesn't need a name anyway. And buying a phone? Same thing, unless bought on contract, in which case the ID card problem persists. "
You have just proved once more that you have never been away from home.
The vast majority of android users are people from emerging countries where one can buy a phone without giving one's name (so no need to fake anything) and the same applies for the sim.
Those people are not rich arrogant westerners, who think they know everything because mum and dad sent them to a good school, and they don't have any subscription cuz in most of those countries it doesn't exist or if it does it's very limited.Those people buy prepaid credits when they have money, that's it.
How many people in the States? 315 millions.
How many people in western Europe? About 300 millions.
Add Canada, 30, Australia, 20, how many is that?
India, 1.2 billion or even more.
China, 1.2 billion and counting.
Africa, nearly 1 billion.
Indonesia, 250 millions.
Maybe you should leave your hometown and travel a bit, the world doesn't end in the west's boundaries.
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else. There are tens of thousands of people PAID to do this. It's not a single guy doing it. Plus just because YOU find it boring, doesn't mean everybody else finds it boring too. "
Do a search with "linux kernel nsa", you will learn a lot.
" don't spread unfounded fear on a public forum based purely on your assumptions, or on what you see on a TV. "
Well, I haven't seen it on the tv, I have seen it on the field and I know very well what human beings are capable of, which you obviously don't.
So please, don't spread unfounded reinsurance that everything goes fine, that google and the governments are ok, just because a guy talking on their behalf on the tv said they are.
Then, you can call me a conspirationist or whatever, I don't care, I didn't write those posts for people like you but for people that have their eyes open.
"Now unclefab I'm speaking directly to you. Calling other people stupid because they don't agree with you is a direct violation of xda's rules. Please refrain from doing it again. Thanks in advance"
Where did I call anyone "stupid?
You, on the contrary, said that:
"Finally saying that nobody reviews "boring source code" is ignorant if nothing else".
So son, instead of playing mister moderator maybe YOU should watch a bit your language.
Ah the kids of today...:silly:
Click to expand...
Click to collapse
setmov said:
@nerotNS
- First thing, I've wrote "Some times people are definitely dumb!" not @unclefab! Please prove me that what I wrote is not right!
- Second, everything WE said is right! Why are you trying so hard prove it otherwise?
- Third, you can see what you have the ability to see! Maybe in your country the prosecutors, law enforcement agencies or else, need a court order, in the US they don't! You know why? Because of Patriot Act! Maybe you don't even know what this is, and you haven't seen the effect of it, but this doesn't mean it not exist!
- Fourth, you have your believes, and I have mine, so I will respect that and not try to change yours, and for me this discussion is over!
To the OP @jaifora, men, believe what you want, you have the right to!
Good luck
Click to expand...
Click to collapse
I apologize for the mistype I didn't mean unclefab, I meant setmov with his "stupidity" remark.
As for you, I HAVE been around the world quite a lot more than you think. And in case you haven't noticed, I said that you need to give your name ONLY if on contract. I even said that using prepaid doesn't include this. And even according to the Patriot Act they still DO NEED at least a search warrant, otherwise it would be breaking the US Constitution. All the examples you gave above may be true, but you forgot to mention the fact that it was all placed PUBLICLY AND WILLINGLY. The aftermath is a completely unrelated thing. And yes, even though I am 18 I k of quite a lot of the matter as well as other things. Assuming something about someone based on age is immature to say the least. And finally you told me to search Linux kernel NSA. Mate, if you believe everything on Google, I hope you have anti alien cannons in your house. Also claiming that westerners are "rich and arrogant" is considered nationalism. Don't do it, it's bad. Plus everything I learned, I learned on my own. Not in a "good school". As setmov said, as far as I'm concerned the discussion is over, I don't want this to become a public fight. If you wish further talk, you can contact me in a PM.
The single most important, most debated subject of being online - privacy and security.
While security is undisputed, privacy aspect is.
So what exactly is the concern? As normal people in normal professions (which is easily more than 90% of the population), is there a need for worry?
For a long time since I started using smartphones, I had a natural inclination towards remaining anonymous and private online. I would always use incognito browsing for everything I do online, never create an account with a service as much as possible (e.g. I would watch YouTube videos without signing in), etc.
With time, I began realizing that I am actually missing out on so many interesting things that matter to me, and much of the content that would interest me would be made available to me without much effort using machine learning and artificial intelligence, an area where huge investments are being made.
So slowly I started accessing content and using services with my Google account. Over time, everything from Google feed to YouTube videos were showing me content that I am interested in, and sometimes they were so intelligent that I have been amazed with the whole technology that is at works. Surely, you cannot expect a doctor to give you the right prescription without giving him complete details about your problems. You can't talk privacy there. So unless the system learns what you like and what you don't, there is no way it will present stuff (including ads) that will be interesting to you.
With that said, why are are we overemphasizing this aspect of our lives? Is the privacy lobby inflating the privacy problem more than is necessary? Especially since much of what Google learns (according to them) about you is private, and only you can access/ control it, and also because the open-source alternatives are overrated. I say overrated because there are no audit reports (from trustworthy audit entities) available. Their codes may be available for audit, but is there a trustworthy source that is actually auditing them? Are the platforms where they are available being audited? So the issue of privacy and security applies to these platforms too, and more so because they aren't scrutinized as heavily as Google products and services.
As far as more personal info is concerned, like location, age, gender, searches I perform, accounts, mobile number, etc - Google already has all those because I provided them with much of that info when I created my account. Sure, one can always provide fake info for some of them. But if you use 'Find my Device', you are pretty much giving away your location to Google REAL-TIME. While this can potentially be misused, how else is Google supposed to help you if you were to lose your device? Mobile numbers and email addresses are necessarily required to be correct because they are needed when you are locked out of your account. They are the only means to get your account back.
While I am a strong proponent of privacy, I also feel that too much is made out about a lot of stuff that aren't really something to worry about. Those stuff are essential to get the service we expect in return, in other words, putting technology to use.
That said, it is still important not to give anyone a free hand over data, and there has to be several layers of checks and balances, and accountability for safeguarding and using them.
All that said, my current position is this. Make best use of the technology at hand, because if you don't provide the necessary inputs, there cannot be a proper output.
As with some things that we do online which we might want to keep completely private, use a non-google browser (like Firefox Focus or Duck Duck Go) in incognito mode with Duck Duck Go search engine.
For everything else, use GOOGLE (assuming there is accountability and severe penalties for violations).
Reserved for additional info.
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Sridhar Ananthanarayanan said:
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Click to expand...
Click to collapse
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Ultramanoid said:
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Click to expand...
Click to collapse
You spoke of making 'reasonable compromises' on the MiX thread.
I have only elaborated the same. How does it matter if Google learns what I like to search on the internet? I am willing to give them that information so that they can provide me with content I am interested in, so that my news feed is mostly content I like to read/ watch, and little garbage. In the process, if they are showing me ads relevant to me, what is wrong with it?
My view is based only on this premise that this is how my data is being used. I have never had a financial security issue (like money being stolen from my account) because of what Google learns about my internet activity.
Also, I am assuming that Google won't learn anything about the searches I may do in incognito mode. They are supposed to respect the privacy. I'm aware they have been sued for not adhering to it strictly.
So assuming that they stick with usage of data as per their declared privacy policies and in accordance with laws, what is the problem?
Sridhar Ananthanarayanan said:
You spoke of making 'reasonable compromises' on the MiX thread.
Click to expand...
Click to collapse
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Ultramanoid said:
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
Click to expand...
Click to collapse
I think the moment you are online, you are presenting yourself to be tracked. No matter what tools you use to safeguard your privacy, a country's intelligence has an upper hand because they have the resources and much more advanced technology that is not commercially available.
They can also set up something like the link you shared as just another means to track you (by misleading you into believing that you are remaining private and anonymous).
I think one can truly stay private only by staying away from technology. Otherwise, you are just opening yourself up for tracking.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
indestructible master said:
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
Click to expand...
Click to collapse
This is not a source code ... Just because it says source code, it doesn't mean it's a source code. That's a zip file containing the OEM firmware from Xiaomi.
indestructible master said:
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
Click to expand...
Click to collapse
As I said, we are overemphasizing on many of the things and linking them to privacy. Much of the seemingly private things have no bearing in real life, even when made public. Because, no matter where you are, you have to adhere to the local laws and your internet activity isn't important (unless one is into prohibited activities).
It is a very niche segment of people (like those working for intelligence, journalists, etc.) that must pay special attention. For most others, there isn't too much to worry about, as long as the companies providing services adhere to data regulations and act with responsibility.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
It's not the case with few established ROMs. Lineage OS comes to mind. As they encourage people to build ROMs from source. But device support is problematic. That's why I turn to custom ROMs. It's a great idea, but I thought XDA ROMs guaranteed security with the GPL and Open source philosophy. But it's being violated all over the place.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Ultramanoid said:
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Click to expand...
Click to collapse
I didn't say that OEMs make their source codes available. I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition. There is lot of benefits by doing so because OEMs can use this as an opportunity to push sales of their own devices. Example is the clipboard scandal of OnePlus, as well as others.
Compare that to custom ROMs. There are so many custom ROMs available for popular devices. Official builds, unofficial builds, nightlies, etc. etc. The ROMs are available for free. Who cares to audit/ scrutinize these? No one cares because there is nothing to gain. This is also because a very minute % of Android users actually install custom ROMs. So no one cares.
Just like root, the need for custom ROMs is decreasing by the day. OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices. And now the Google-Qualcomm partnership that is making these upgrades easier and faster. Unlike in the past, OEMs are much faster in releasing security updates today.
Lineage official builds, in my experience, isn't feature rich like some other custom ROMs or unofficial forks of Lineage. People may opt for Lineage official builds primarily for two reasons:
1. Debloat their OEM software like those from Xiaomi, Huawei, even Samsung.
2. OEM has stopped providing official support (this is now changing because 3 to 4 years of official support is synonymous to life of the device because a large % of people usually buy a new device every 3 or 4 years).
Some of the developers of custom ROMs are arrogant arses. That's another reason to tell them to eff-off.
Sridhar Ananthanarayanan said:
I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition.
OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices.
Click to expand...
Click to collapse
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
One thing is to express an opinion, another to give facts.
Ultramanoid said:
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
Click to expand...
Click to collapse
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Ultramanoid said:
One thing is to express an opinion, another to give facts.
Click to expand...
Click to collapse
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Sridhar Ananthanarayanan said:
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Click to expand...
Click to collapse
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Ultramanoid said:
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Click to expand...
Click to collapse
You are simply exaggerating it.
Like the saying goes, better to trust the known devil than the unknown angel.
Cheers!