Just read this.. figured I'd share. Looks like it's getting fixed.. Nothing more to see.
http://money.cnn.com/2011/05/18/technology/android_security/index.htm?hpt=T2
nice hope they roll out the fix for our damned phones as well.
Good thing we have .4 available to use
It's really a non-issue. Basically someone with a packet sniffer can see some information as it's synced with Google. Big deal. They can do that with any OS its just most OS's don't sync that information to the cloud.
Big deal. All they have to do is encrypt the data on the phone before it sends it out. 2.3.4 already corrects the issue.
player911 said:
Big deal. All they have to do is encrypt the data on the phone before it sends it out. 2.3.4 already corrects the issue.
Click to expand...
Click to collapse
Not a big deal for current Android phones (and their users) that won't be receiving that 2.3.4 update?..
S0NiX0928 said:
Not a big deal for current Android phones (and their users) that won't be receiving that 2.3.4 update?..
Click to expand...
Click to collapse
Its called marketing..... They "scare" people into buying the newest of the new.... damn communists
Let alone its coming from cnn... What a creditable non biast truthful news site
Sent from my LG-P999 using XDA Premium App
nate420 said:
Its called marketing..... They "scare" people into buying the newest of the new.... damn communists
Let alone its coming from cnn... What a creditable non biast truthful news site
Sent from my LG-P999 using XDA Premium App
Click to expand...
Click to collapse
Well, for my own sake I really couldn't care less... If the evils of the world want your privacy they could get it whether you liked it or not. I choose to think my life really isn't that important in the grand scheme of things lol. However, I will say I should've checked the sources because as with CNN, and all the other corporate lapdog news outlets, they aren't worth your time in a quest for real, truly important news. Typically all the mainstream outlets generate is shock and awe material, or seek it if you will. They either hype the fearful & devastation or ignore the stuff that would otherwise get them sued by true the criminals to humanity: corporations. We are in a whistle-blower-beware sorta society right now... You either are going to get killed or defamed for speaking out these days...
Wow, ending the rant there, sorry.
Kinda surprised at the attitude regarding the crappy google software. I guess some do not care if their personal info is stolen and used in nefarious ways.
This is Google we are talking about. Not exactly a fine upstanding corporate citizen. They have been stealing info for years. They helped China round up protesters before the Olympics. They will do or say anything to make a buck.
The fact that their software is so buggy and compromising is hardly surprising. People just need to be aware of the type of company they are and be prepared to have anything on their phone stolen and used against them.
It is what it is. I have accepted who they are and I am carefull about what I use my phone for.
Android smartphones face data breach threat
http://www.ft.com/cms/s/2/905bb4d6-813e-11e0-9360-00144feabdc0.html#ixzz1Mo0FZQyv
Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software.
A trio of researchers at Ulm University in Germany found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices.
The attack works when unsecured wireless access points that imitate public WiFi hot spots that the phone has accessed before – such as a coffee shop chain – capture an authentication token.
That token can then be used by attackers to access and modify personal data in Picasa, Google’s photo site, Calendar and Contacts. Business customers using Google apps on Android are not affected by the weakness because all traffic is encrypted by default.
“The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data,” said the Ulm researchers in a posting on their website.
“Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored e-mail address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.”
Click to expand...
Click to collapse
jcbofkc said:
Kinda surprised at the attitude regarding the crappy google software. I guess some do not care if their personal info is stolen and used in nefarious ways.
This is Google we are talking about. Not exactly a fine upstanding corporate citizen. They have been stealing info for years. They helped China round up protesters before the Olympics. They will do or say anything to make a buck.
The fact that their software is so buggy and compromising is hardly surprising. People just need to be aware of the type of company they are and be prepared to have anything on their phone stolen and used against them.
It is what it is. I have accepted who they are and I am carefull about what I use my phone for.
Click to expand...
Click to collapse
I agree. It may not be a big deal to the typical user who is txting his girlfriend and emailing his mom.. but a subjective view of this doesn't make it a minor thing all of a sudden.
I have watched google grow ever since the dot com days. I've been an avid user of their products. There has been an obvious directional move by google for those that pay close attention.. They have gone from user/community focused.. and now they have intermixed that with a focus of business .. no different than any other company pleasing the shareholders..
For anyone to think for one minute that google is a friend that can be trusted with your private data, you better get your head out of the sand and take a harder look. They are a business trying to make money. They are not a friend who is trying to serve you and look out for your best interest. They may make it appear so. They may say so.. in order for us to think so.. But I guarantee you that in the midst of a board meeting, the last thing uttered out of their mouth is anything about servicing you and looking out for your best interest. Sure, they may make it appear like that.. .but the reason why they make it appear like that? So they don't lose you as a customer and they can gain customers. Yes, they must make a good product that pleases a certain group of society. But what is the root? To be your friend and buddy?They must maintain good customer service or you will not use their service or leave. <-- The root of that mentality = $$$$$$$.
I played the game of business for many years during the dot com days. I sat in many meetings. Yes, that's how it works. "Let's do x, y, and z.. to increase our bottom line, bring upon more customers, etc.. Then we can explain it to the employees and the customers in x, y, and z manner as to why it is good for them." <-- That's business. What we see is not the "root" of their behavior. Deception at its finest.
Anyone have more details on this?
http://www.prnewswire.com/news-rele...out-user-consent-or-disclosure-300362844.html
More specifically which phones?
Thanks
Dizzee said:
Anyone have more details on this?
http://www.prnewswire.com/news-rele...out-user-consent-or-disclosure-300362844.html
More specifically which phones?
Thanks
Click to expand...
Click to collapse
And that's why I'd never buy a Chinese phone! The Chinese Communist Party have their finger in everything mostly to control their own people (it could get very messy when their huge credit bubble bursts, but that's another story). But they would also leverage back doors for industrial espionage. Other governments should ban all their staff as well as their military from using such phones! Big multinationals too?
The worry for me is how much security testing are the likes of Google doing who are getting their phones like the Pixel built by Chinese companies? Are there any Chinese made chips or alterations made to the Google design at the factory? Is anyone checking? Probably not. Is Pixel affected? Why are they telling Google but not other large internet players? Makes me think it could be related to Google products. A very scary thought!
Those holes in the Baidu apk still have not been fully patched, that suggests to me it's state sponsored hacking! And so many apps like ES File Exporer had it, many still do. I just find it very strange that so many people go nuts about Google, Apple, Microsoft gathering personal data and yet stuff like the Baidu apk are hardly mentioned, this well be the same no doubt!
Rant over! Now to try and find some more details.
---------- Post added at 07:52 AM ---------- Previous post was at 07:45 AM ----------
Blu R1 is one device affected
https://arstechnica.com/security/20...oor-on-hundreds-of-thousands-of-phones/?amp=1
Their lawyer says "they are a private company who made a mistake" wtf!!!
---------- Post added at 08:10 AM ---------- Previous post was at 07:52 AM ----------
LOL, we'd never do anything that blah blah
http://blog.gsmarena.com/adups-responds-fota-misbehavior-micromax-smartphones/
....just sniff the traffic of ES File Explorer fir a while and this chinese story just gets a few more million participants
Some with good Android security abilities, pkease check out this thread. com.adups.patch on my phone this morning.
http://forum.xda-developers.com/gen...oming-mtk6737-64bit-t3385210/page39?nocache=1
IronRoo said:
And that's why I'd never buy a Chinese phone! The Chinese Communist Party have their finger in everything mostly to control their own people (it could get very messy when their huge credit bubble bursts, but that's another story). But they would also leverage back doors for industrial espionage. Other governments should ban all their staff as well as their military from using such phones! Big multinationals too?
The worry for me is how much security testing are the likes of Google doing who are getting their phones like the Pixel built by Chinese companies? Are there any Chinese made chips or alterations made to the Google design at the factory? Is anyone checking? Probably not. Is Pixel affected? Why are they telling Google but not other large internet players? Makes me think it could be related to Google products. A very scary thought!
Those holes in the Baidu apk still have not been fully patched, that suggests to me it's state sponsored hacking! And so many apps like ES File Exporer had it, many still do. I just find it very strange that so many people go nuts about Google, Apple, Microsoft gathering personal data and yet stuff like the Baidu apk are hardly mentioned, this well be the same no doubt!
Rant over! Now to try and find some more details.
---------- Post added at 07:52 AM ---------- Previous post was at 07:45 AM ----------
Blu R1 is one device affected
https://arstechnica.com/security/20...oor-on-hundreds-of-thousands-of-phones/?amp=1
Their lawyer says "they are a private company who made a mistake" wtf!!!
---------- Post added at 08:10 AM ---------- Previous post was at 07:52 AM ----------
LOL, we'd never do anything that blah blah
http://blog.gsmarena.com/adups-responds-fota-misbehavior-micromax-smartphones/
Click to expand...
Click to collapse
The difference is that those apps are made by and for the people of China where personal privacy is not a factor. Of people outside of China decide to use these apps then it is up to them to be smarter about what they install.
zelendel said:
The difference is that those apps are made by and for the people of China where personal privacy is not a factor. Of people outside of China decide to use these apps then it is up to them to be smarter about what they install.
Click to expand...
Click to collapse
The Chinese are doing exactly the same things their Western counterparts are. So, a good starting point is: if you live in the West, buy a smart phone with a Chinese chip. If you are in China, buy Qualcomm...
optimumpro said:
The Chinese are doing exactly the same things their Western counterparts are. So, a good starting point is: if you live in the West, buy a smart phone with a Chinese chip. If you are in China, buy Qualcomm...
Click to expand...
Click to collapse
Lol
NOT a bad idea at all ...
optimumpro said:
The Chinese are doing exactly the same things their Western counterparts are. So, a good starting point is: if you live in the West, buy a smart phone with a Chinese chip. If you are in China, buy Qualcomm...
Click to expand...
Click to collapse
Not even close. IF that is what they have to believing then well all I can say is look into it yourself. Also buying a China based device in the west doesnt always work out as many security protocols have china devices blocked for things like GPS and connection to some satellites. Some countries even have out right bans on where and if someone can own a china based device. Like my job. OEM like Xiaomi are banned from ownership or use. Hwauwei was also on that list for many years, to the point that they couldnt even connect to a gps sat if the device was in the states.
zelendel said:
Not even close. IF that is what they have to believing then well all I can say is look into it yourself. Also buying a China based device in the west doesnt always work out as many security protocols have china devices blocked for things like GPS and connection to some satellites. Some countries even have out right bans on where and if someone can own a china based device. Like my job. OEM like Xiaomi are banned from ownership or use. Hwauwei was also on that list for many years, to the point that they couldnt even connect to a gps sat if the device was in the states.
Click to expand...
Click to collapse
I didn't say to buy a Chinese branded device, but a device that has a Chinese chip. That's a big difference. Also, those restrictions are software based and could be reversed.
Xiaomi and Huawei are banned in some places in the US (mostly in companies that cooperate well with the US 3-letter-agencies), because they know that Chinese designed chips are "provisioned" (read backdoored) to be exposed to Chinese intelligence, while Qualcomm et all have US addresses. So, from the point of view of a privacy oriented Western consumer, it makes sense to have a device with a Chinese chip and certainly Not devices branded for your Country...
optimumpro said:
I didn't say to buy a Chinese branded device, but a device that has a Chinese chip. That's a big difference. Also, those restrictions are software based and could be reversed.
Xiaomi and Huawei are banned in some places in the US (mostly in companies that cooperate well with the US 3-letter-agencies), because they know that Chinese designed chips are "provisioned" (read backdoored) to be exposed to Chinese intelligence, while Qualcomm et all have US addresses. So, from the point of view of a privacy oriented Western consumer, it makes sense to have a device with a Chinese chip and certainly Not devices branded for your Country...
Click to expand...
Click to collapse
So you would rather a foreign country have the info then your own?
Not just them. As an example. The town I live in is home to a nuclear missile silo. Most business in the town have banned device lists and both of those are on it. You are right it could be reversed but it won't happen. Mainly not now with the current issues with China. I bet we start to see major import restrictions. Heck Trump already plans on increasing taxes for American companies that have outsourced to other countries. He wants to cut as many ties with China as he can and removing manufacturering plants from American companies will go along way.
Privacy is a joke these days to be flat out honest. People scream about privacy yet they post their public lives all over the Internet, they give their privacy away to companies like FB, Google and all the others.
zelendel said:
So you would rather a foreign country have the info then your own?
Not just them. As an example. The town I live in is home to a nuclear missile silo. Most business in the town have banned device lists and both of those are on it. You are right it could be reversed but it won't happen. Mainly not now with the current issues with China. I bet we start to see major import restrictions. Heck Trump already plans on increasing taxes for American companies that have outsourced to other countries. He wants to cut as many ties with China as he can and removing manufacturering plants from American companies will go along way.
Privacy is a joke these days to be flat out honest. People scream about privacy yet they post their public lives all over the Internet, they give their privacy away to companies like FB, Google and all the others.
Click to expand...
Click to collapse
I agree that privacy is a joke for those who post their lives on social networks and I am not talking about them. I am talking strictly about hardware backdoors (the ones hidden inside the chip). So, if I have no privacy, live in the West and know that my data is going somewhere, then I would rather it go to Chinese agencies, as opposed to domestic ones.. Or if I live in China, I would go out of my way to buy a phone with a US designed chip...
optimumpro said:
I agree that privacy is a joke for those who post their lives on social networks and I am not talking about them. I am talking strictly about hardware backdoors (the ones hidden inside the chip). So, if I have no privacy, live in the West and know that my data is going somewhere, then I would rather it go to Chinese agencies, as opposed to domestic ones.. Or if I live in China, I would go out of my way to buy a phone with a US designed chip...
Click to expand...
Click to collapse
That makes no sense really. You would rather a communist country monitor your data instead of your own that does it already anyway and wouldnt be learning anything they dont already know. You would be amazed at how much the US gov really knows about the average person. All it really takes is less then a day to learn every single thing about a person without ever touching their device. I mean heck Windows has more backdoors then a porn flick, and if people think they cant get into a linux setup as well then.......Here is my stance. My country does monitor me, I know this, I accept it. Its part of living in the country. Now do I want some other country knowing what I do? No not really.
zelendel said:
That makes no sense really. You would rather a communist country monitor your data instead of your own that does it already anyway and wouldnt be learning anything they dont already know. You would be amazed at how much the US gov really knows about the average person. All it really takes is less then a day to learn every single thing about a person without ever touching their device. I mean heck Windows has more backdoors then a porn flick, and if people think they cant get into a linux setup as well then.......Here is my stance. My country does monitor me, I know this, I accept it. Its part of living in the country. Now do I want some other country knowing what I do? No not really.
Click to expand...
Click to collapse
I disagree. I don't use social networks and the last time I used Windows was at least 10 years ago. I use software that I compile myself (including Linux). So, if my country is monitoring me, they have somewhat limited info. Also, I don't think China has any interest in monitoring me, as a private citizen who lives in the West. I know my country monitors everybody, but I don't accept it and to the extent I am able, I make their "work" more difficult...
Good afternoon mods, I'm sorry but I had to open a thread about this topic again.
It's absolutely not illegal to change your IMEI in most of the world. For instance, it's completely legal in the entirety of the US (see https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law).
As far as I know, the only known law in the whole of Europe (referring to the continent) that makes it illegal is in the UK and it's only illegal if you don't have the manufacturer permission. If you do, it's legal (see See 3.b https://www.legislation.gov.uk/ukpga/2002/31/section/1). And it's perfectly possible to obtain such permissions from some manufacturers.
There is one specific German law making it illegal if and only if IMEI change is done in the context of tampering with evidence after a crime. And not before if it's not tampering with evidence.
While I do understand IMEI change could be illegal (citation needed?) in some rather few authoritarian regimes like China or even India. It's absolutely not illegal (yet) in most of the democratic world including the US, the UK (if you have permission from the manufacturer) and the EU. But it would be a bit ironic to ban this based on the laws of such regimes as they probably wouldn't allow rooting/jailbreaking either.
I also do understand IMEI change is probably against the ToS of many mobile operators but there is a very large gap between violating ToS and violating the law.
In brief, there are certainly in my opinion not enough of those place (yet) to justify a blanket censorship of this topic when it's also clearly an important privacy issue and that Apps/Operators/Manufacturers and indeed authoritarian law enforcement are using the IMEI to track users and also to track dissidents/protesters (see BLM, see Kashmir, see Hong Kong, see Lebanon, see Belarus, ...)
I would like to kindly request mods to provide a citation of this being illegal before applying such a blanket ban.
This is not a troll at all. There have been numerous threads about this topic on XDA and this is a recurring issue of mods seemingly thinking this is illegal when it's not. The whole perceived illegality of IMEI change is in almost all cases hearsay without any legal base.
Thank you kindly for your consideration and hopefully you won't ban me for this.
(Just to be clear, this topic is not about asking a way to change IMEI but asking the mods to provide citations about the illegality of IMEI change when censoring such threads)
I can't think of a legitimate reason why someone would need to change their IMEI number unless they are doing something shady.
Regardless of if the process itself is legal or not, the reasons why you would need to do it are most likely not legal. I'm sure that's why it falls under the "Don't get us into trouble." rule on here.
byAidan said:
I can't think of a legitimate reason why someone would need to change their IMEI number unless they are doing something shady.
Regardless of if the process itself is legal or not, the reasons why you would need to do it are most likely not legal. I'm sure that's why it falls under the "Don't get us into trouble." rule on here.
Click to expand...
Click to collapse
Thank you for your answer.
The same reasoning could be used for MAC address randomization or for any other privacy feature such as XPrivacy or Magisk Hide ... Yet those are fine. All the banks and some apps (Netflix) will also argue you have no reason to root/jailbreak and subsequently hide the root/jailbreak if you're not doing shady things.
The same reasoning could be used for VPN/Tor users or those who use private DNS over TLS/HTTPS. If you have nothing to hide you have nothing to fear?
A good legitimate reason is for instance that all Banking Apps (and many others) require "Phone permission" which allows them to read the IMEI. This allows them to track you with an unchangeable UID. A much better UID than any other tracking ID generated by the OS.
Another good legitimate reason besides avoiding commercial tracking is to make illegal dragnet surveillance a bit less effective.
And last but not least, it can help people stay alive under highly oppressive regimes ...
But I'm not arguing to ethically accept something illegal. I'm arguing to not ethically reject something perfectly legal using a wrong reasoning such as its supposed illegality.
I don't see any legitimate reason for Apps/Operators/Manufacturers to be able to track users using unchangeable UIDs such as the IMEI. And again ... it's absolutely not illegal so why make it illegal or shady?
Sure it can be used for shady things ... But this is valid for anything. IMHO Shady people won't use this anyway, they'll just use burner phones. Why bother wasting time with IMEI change ...
In the end, fair enough ... XDA is of course not a public space in itself and they're free to moderate the way they want. I'm just arguing that mods shouldn't use the "It's illegal" reasoning when removing those topics.
Instead they should just say "We think it's too shady and we don't like it ... even if it's legal" ... But stating it's illegal is just factually incorrect in most of the world.
byAidan said:
I can't think of a legitimate reason why someone would need to change their IMEI number unless they are doing something shady.
Regardless of if the process itself is legal or not, the reasons why you would need to do it are most likely not legal. I'm sure that's why it falls under the "Don't get us into trouble." rule on here.
Click to expand...
Click to collapse
I have a rebuttal if may.
The act of changing an IMEI in itself is not legal. I'm also quite sure there are valid and legal reasons to do so. If the reasons were illegal then the act would be, too.
Also. It is not reasonable to throw out a blanket and say that everyone that would want to do this is up to something shady. Most people are decent, to label everyone as having nefarious intentions is counter-productive.
Just my humble opinion.....
Sent from my IN2025 using Tapatalk
---------- Post added at 09:02 PM ---------- Previous post was at 08:56 PM ----------
One more comment. Legal or not is not the issue here. The forum has rules in order to post here. One of them is related legal/illegal activity. Since this is a public forum accessable around the world there could be users from a country where this topic is not legal. For that reason XDA is well within their right to ban this particular subject matter and a few others, too.
Sent from my IN2025 using Tapatalk
hurlube said:
Good afternoon mods, I'm sorry but I had to open a thread about this topic again.
...
Thank you kindly for your consideration and hopefully you won't ban me for this.
(Just to be clear, this topic is not about asking a way to change IMEI but asking the mods to provide citations about the illegality of IMEI change when censoring such threads)
Click to expand...
Click to collapse
@hurlube First, please allow me to apologise that it really took a long time until I recognised this thread - and only by accident. XDA has not only 10+M members, it also hosts 3.5M+ threads with 78+M posts. If you count the number of moderators e.g. here and further consider that all moderators are volunteers and do this "job" for free besides their real life, real family and friends, real business and profession, I hope you can understand that there's no possibility at all to actively every thread and post if moderators' support, assistance or guidance is requested somewhere. We clearly depend on the single and all XDA members is this matter.
It's very unlikely that a moderator becomes aware of e.g. your thread unless a member reports the thread or a post via the report function or you mention or quote a moderator (like I did with you @hurlube). Another possibility is certainly a PM to a moderator but due to the reasons mentioned above it might be that a PM rests in a moderator's inbox unacted for days or weeks.
Now to the subject of this thread itself... Neither I nor my team mates say that the change or the edit of an IMEI is illegal everywhere. If you look at e.g. my post here, I stated with reference to rule no. 9 of the XDA Forum Rules:
Change/edit of IMEI is a legal offence in quite a few of countries; hence discussions or support in this respect is not allowed on XDA.
Click to expand...
Click to collapse
I didn't say that change or edit of IMEI is illegal everywhere. There're quite a lot of things that are legal and even encouraged in some countries while being illegal in other countries like freedom of speech and opinion, the right to demonstrate, suicide and active, passive or indirect euthanasia. I think I could most likely extend this list endlessly. Some countries protect authorship, copyright and ownership while in other countries even official agencies support their violation or plagiarism.
I think it's obviously difficult for a private website in the world wide web to follow a right and consistent way. XDA was founded back in 2003 by developers for developers (see xda-developers: The History -Part One-), and I believe this is still the trait of XDA. Allow me to quote the XDA Forum Rules:
XDA-Developers is based on the principle of sharing to transmit knowledge. This is the cornerstone of our site. Our members and developers freely share their experience, knowledge, and finished works with the rest of the community to promote growth within the developer community, and to encourage those still learning to become better.
Click to expand...
Click to collapse
We try to support developers and defend their ownership, while simultaneously enforcing GPL and the requirement to give credits when due, and we don't accept warez at all.
On the other hand, we don't want to lose sight of all other XDA members and users for whom we want to provide a platform to ask for help and support, to share opinions and experiences in a friendly, civil and respectful environment.
In order to implement above principles, this private website or platform has brought its own and already quoted forum rules into effect. And regarding the change or the edit of IMEI the XDA stance is like stated in my above linked post: We do not allow any kind of IMEI editing! However, if it's about restoring original IMEI/EFS that's not considered editing/changing hence allowed. And we also allow discussion and support regarding IMEI spoofing or masking as long as it happens on software level and the actual hard-coded board IMEI isn't tampered with. Thus it's allowed to post apps or (Exposed Framework) add-ons with this function that many use due to privacy concerns. But again, for sure we don't accept talks about using it for illegal purpose.
I hope I was able to clarify XDA's stance in this matter. And also allow me a very personal but very important remark to me: I do not censor any thread, and I've never observed that any of my moderator fellows does. But we clean a thread or post from anything that does not comply with the forum rules and always explain to the member whose post was affected the reason why we did that; this occurs most of the time privately by PM's but occasionally also publicly by an announcement in the thread. I really hope that you don't call this censorship!
Last but not least - and I apologise that I've to enforce our rules now as I became aware of your thread: The thread is obviously not related to the Oneplus 8 Pro i.e. I'm moving the thread to the General discussions section.
Stay safe and stay healthy!
Regards
Oswald Boelcke
Thank you very much for your answer Oswald.
hurlube said:
Good afternoon mods, I'm sorry but I had to open a thread about this topic again.
It's absolutely not illegal to change your IMEI in most of the world. For instance, it's completely legal in the entirety of the US (see https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law).
As far as I know, the only known law in the whole of Europe (referring to the continent) that makes it illegal is in the UK and it's only illegal if you don't have the manufacturer permission. If you do, it's legal (see See 3.b https://www.legislation.gov.uk/ukpga/2002/31/section/1). And it's perfectly possible to obtain such permissions from some manufacturers.
There is one specific German law making it illegal if and only if IMEI change is done in the context of tampering with evidence after a crime. And not before if it's not tampering with evidence.
While I do understand IMEI change could be illegal (citation needed?) in some rather few authoritarian regimes like China or even India. It's absolutely not illegal (yet) in most of the democratic world including the US, the UK (if you have permission from the manufacturer) and the EU. But it would be a bit ironic to ban this based on the laws of such regimes as they probably wouldn't allow rooting/jailbreaking either.
I also do understand IMEI change is probably against the ToS of many mobile operators but there is a very large gap between violating ToS and violating the law.
In brief, there are certainly in my opinion not enough of those place (yet) to justify a blanket censorship of this topic when it's also clearly an important privacy issue and that Apps/Operators/Manufacturers and indeed authoritarian law enforcement are using the IMEI to track users and also to track dissidents/protesters (see BLM, see Kashmir, see Hong Kong, see Lebanon, see Belarus, ...)
I would like to kindly request mods to provide a citation of this being illegal before applying such a blanket ban.
This is not a troll at all. There have been numerous threads about this topic on XDA and this is a recurring issue of mods seemingly thinking this is illegal when it's not. The whole perceived illegality of IMEI change is in almost all cases hearsay without any legal base.
Thank you kindly for your consideration and hopefully you won't ban me for this.
(Just to be clear, this topic is not about asking a way to change IMEI but asking the mods to provide citations about the illegality of IMEI change when censoring such threads)
Click to expand...
Click to collapse
Very odd. I'm an attorney who practices criminal law in Kentucky and Tennessee, specializing in appellate and posts conviction writs. I have two clients who are serving substantial prison sentences for allegedly spoofing the IMEI/MEID device identifiers on dozens of mobile devices for the purpose of bypassing blacklisting restrictions imposed as a result of the devices having been reported stolen, as well as some allegations of subscriber fraud. To give you an idea of just how substantial the sentences are, both defendants were middle-aged at the time of sentencing, and it is very likely.that neither of them will ever make it to get out of prison.
I'm sure my clients would love to know the precedent you are relying upon in your position that this practice is fully legal in the US. Such a precedent would surely invalidate their convictions and exonerate them both. Let me guess, your legal expertise and position are based on some jargon you read on Google. Everybody is a lawyer who has internet access these days.
Federal law and statutes enacted in all 50 states explicitly prohibit concealing the identity of a mobile phone by way of altering, modifying, spoofing or otherwise changing the device's unique identifiers. While some state statutes require an element of intent for conviction, most prohibit the practice regardless of mens rea (criminal culpability). In fact, the practice is considered so serious, the Department of Homeland Security and the United States Secret Service investigate and initiate prosecution of such offenses on the federal level. The involvement of these two agencies is a surefire indication that this very subject rises to the level of national security. You couldn't possibly be any more incorrect on this subject. Spreading such blatantly false information on a platform such as XDA is poison. I'm sure this BS has been read by a multitude of members and visitors.
You made reference to wanting citation of a specific law or authority prohibiting the practice of changing the unique identifiers of a mobile phone. I would direct you to the federal statute
18 U.S. Code § 1029Read the statute, its annotations, revisions, amendments and progeny very carefully. This is the statute the US Attorney's office will use to crucify you in the event you are caught.
For clarification, there is nothing illegal in rewriting an IMEI/MEID number that has been invalidated, wiped, corrupted or otherwise damaged on a mobile phone. This occurs quite often during procedures such as flashing firmware to a device without first making a backup of the /efs or /nvdata partitions. SP Flash Tool is notorious for wiping device identifiers, MAC addresses and other values unique to the device. It is often necessary to rewrite or fix these components in order to regain network, Bluetooth and WiFi functionality. I am referring specifically to changing device identifiers in a manner that would mask or conceal the device's true identity.
Viva La Android said:
Very odd. I'm an attorney who practices criminal law in Kentucky and Tennessee, specializing in appellate and posts conviction writs. I have two clients who are serving substantial prison sentences for allegedly spoofing the IMEI/MEID device identifiers on dozens of mobile devices for the purpose of bypassing blacklisting restrictions imposed as a result of the devices having been reported stolen, as well as some allegations of subscriber fraud. To give you an idea of just how substantial the sentences are, both defendants were middle-aged at the time of sentencing, and it is very likely.that neither of them will ever make it to get out of prison.
I'm sure my clients would love to know the precedent you are relying upon in your position that this practice is fully legal in the US. Such a precedent would surely invalidate their convictions and exonerate them both. Let me guess, your legal expertise and position are based on some jargon you read on Google. Everybody is a lawyer who has internet access these days.
Federal law and statutes enacted in all 50 states explicitly prohibit concealing the identity of a mobile phone by way of altering, modifying, spoofing or otherwise changing the device's unique identifiers. While some state statutes require an element of intent for conviction, most prohibit the practice regardless of mens rea (criminal culpability). In fact, the practice is considered so serious, the Department of Homeland Security and the United States Secret Service investigate and initiate prosecution of such offenses on the federal level. The involvement of these two agencies is a surefire indication that this very subject rises to the level of national security. You couldn't possibly be any more incorrect on this subject. Spreading such blatantly false information on a platform such as XDA is poison. I'm sure this BS has been read by a multitude of members and visitors.
You made reference to wanting citation of a specific law or authority prohibiting the practice of changing the unique identifiers of a mobile phone. I would direct you to the federal statute
18 U.S. Code § 1029Read the statute, its annotations, revisions, amendments and progeny very carefully. This is the statute the US Attorney's office will use to crucify you in the event you are caught.
For clarification, there is nothing illegal in rewriting an IMEI/MEID number that has been invalidated, wiped, corrupted or otherwise damaged on a mobile phone. This occurs quite often during procedures such as flashing firmware to a device without first making a backup of the /efs or /nvdata partitions. SP Flash Tool is notorious for wiping device identifiers, MAC addresses and other values unique to the device. It is often necessary to rewrite or fix these components in order to regain network, Bluetooth and WiFi functionality. I am referring specifically to changing device identifiers in a manner that would mask or conceal the device's true identity.
Click to expand...
Click to collapse
wow.....
so i'm not sure which is the case and which is worse, that you're a supposed attorney and miss-read the previous statements or that your a supposed attorney and don't understand the inherent difference of intent in 1029 versus what is being talked about here.
i don't mean offense by this, just very, VERY surprised at your whole statement here.
fair bit to unpack here to bear with it for a bit;
just about every causal line in 1029 is prefaced by "knowingly and with intent to defraud..."
obviously your clients intended to use stolen mobile devices and use them for some purpose, either that's cloning another IMEI or simply changing the IMEI to activate them on a new service line.
both ARE illegal acts since the originating device was a stolen device, this in turn then brings into effect 1029 (and also 18 U.S.C. § 2315). since they likely knew it was stolen and even if they used the excuse that they didn't know, after finding out it was blacklisted they went through the further trouble of changing the IMEIs instead of doing the right thing and reporting the devices and the seller which then further calls into question the legality of the means they came into possession of the devices as well as pointing more toward their intent to defraud the cellular carrier.
both those factors i'm sure played a HEAVY role in their convictions.
in a scenario where a legal owner of a device, that they purchased themselves wants to change the IMEI, they can (in the usa), one instance of a LEGAL reason to do so is to prevent undisclosed throttling by the cellular carrier and this is done quite regularly by carriers to varying degrees and regions.
for instance, they will sell you 50gb of hotspot usage but then drastically throttle your connection speeds of the devices behind that hotspot, all the while never disclosing that fact to the customer, often even after being confronted on the subject they will even state that they only throttle in times of high congestion (an easily disproved excuse, if the speed is significantly slower on a tethered device while the cellular device itself has massively better speeds at all times then it's not congestion)
the customer has paid for hotspot usage, not hotspot usage at a reduced speed. (though some are disclosed, if only in the contract text itself, the customer would need to check this first)
changing the IMEI of a hotspot to that of say, a tablet that the person also owns for instance, would bypass that throttling and allow the customer to get the speeds that they have in fact paid for.
this is in fact what this type of modification is most commonly used for.
in this scenario there is no defrauding taking place, the customer is paying for a service that they are using on hardware that they have legally purchased and are taking actions simply to get what they have paid for and what the carrier agreed to provide them per the subscriber contract, neither 18 U.S.C. §1029 or 18 U.S.C. §2315 would come into effect or question, thus the action is perfectly legal.
since as i'm sure you're aware, in the USA, unless there is a law that SPECIFICALLY states an action is illegal, then said action is LEGAL.
the law is restrictive not permissive; people don't need permission to go outside and take a walk down the road, it is not forbidden by law therefore it is legal.
as others have said, most criminals will just buy burner $50 phones from walmart rather than go through all this trouble to change the imei.
In
Mechcondrid said:
wow.....
so i'm not sure which is the case and which is worse, that you're a supposed attorney and miss-read the previous statements or that your a supposed attorney and don't understand the inherent difference of intent in 1029 versus what is being talked about here.
i don't mean offense by this, just very, VERY surprised at your whole statement here.
fair bit to unpack here to bear with it for a bit;
just about every causal line in 1029 is prefaced by "knowingly and with intent to defraud..."
obviously your clients intended to use stolen mobile devices and use them for some purpose, either that's cloning another IMEI or simply changing the IMEI to activate them on a new service line.
both ARE illegal acts since the originating device was a stolen device, this in turn then brings into effect 1029 (and also 18 U.S.C. § 2315). since they likely knew it was stolen and even if they used the excuse that they didn't know, after finding out it was blacklisted they went through the further trouble of changing the IMEIs instead of doing the right thing and reporting the devices and the seller which then further calls into question the legality of the means they came into possession of the devices as well as pointing more toward their intent to defraud the cellular carrier.
both those factors i'm sure played a HEAVY role in their convictions.
in a scenario where a legal owner of a device, that they purchased themselves wants to change the IMEI, they can (in the usa), one instance of a LEGAL reason to do so is to prevent undisclosed throttling by the cellular carrier and this is done quite regularly by carriers to varying degrees and regions.
for instance, they will sell you 50gb of hotspot usage but then drastically throttle your connection speeds of the devices behind that hotspot, all the while never disclosing that fact to the customer, often even after being confronted on the subject they will even state that they only throttle in times of high congestion (an easily disproved excuse, if the speed is significantly slower on a tethered device while the cellular device itself has massively better speeds at all times then it's not congestion)
the customer has paid for hotspot usage, not hotspot usage at a reduced speed. (though some are disclosed, if only in the contract text itself, the customer would need to check this first)
changing the IMEI of a hotspot to that of say, a tablet that the person also owns for instance, would bypass that throttling and allow the customer to get the speeds that they have in fact paid for.
this is in fact what this type of modification is most commonly used for.
in this scenario there is no defrauding taking place, the customer is paying for a service that they are using on hardware that they have legally purchased and are taking actions simply to get what they have paid for and what the carrier agreed to provide them per the subscriber contract, neither 18 U.S.C. §1029 or 18 U.S.C. §2315 would come into effect or question, thus the action is perfectly legal.
since as i'm sure you're aware, in the USA, unless there is a law that SPECIFICALLY states an action is illegal, then said action is LEGAL.
the law is restrictive not permissive; people don't need permission to go outside and take a walk down the road, it is not forbidden by law therefore it is legal.
as others have said, most criminals will just buy burner $50 phones from walmart rather than go through all this trouble to change the imei
Mechcondrid said:
wow.....
so i'm not sure which is the case and which is worse, that you're a supposed attorney and miss-read the previous statements or that your a supposed attorney and don't understand the inherent difference of intent in 1029 versus what is being talked about here.
i don't mean offense by this, just very, VERY surprised at your whole statement here.
fair bit to unpack here to bear with it for a bit;
just about every causal line in 1029 is prefaced by "knowingly and with intent to defraud..."
obviously your clients intended to use stolen mobile devices and use them for some purpose, either that's cloning another IMEI or simply changing the IMEI to activate them on a new service line.
both ARE illegal acts since the originating device was a stolen device, this in turn then brings into effect 1029 (and also 18 U.S.C. § 2315). since they likely knew it was stolen and even if they used the excuse that they didn't know, after finding out it was blacklisted they went through the further trouble of changing the IMEIs instead of doing the right thing and reporting the devices and the seller which then further calls into question the legality of the means they came into possession of the devices as well as pointing more toward their intent to defraud the cellular carrier.
both those factors i'm sure played a HEAVY role in their convictions.
in a scenario where a legal owner of a device, that they purchased themselves wants to change the IMEI, they can (in the usa), one instance of a LEGAL reason to do so is to prevent undisclosed throttling by the cellular carrier and this is done quite regularly by carriers to varying degrees and regions.
for instance, they will sell you 50gb of hotspot usage but then drastically throttle your connection speeds of the devices behind that hotspot, all the while never disclosing that fact to the customer, often even after being confronted on the subject they will even state that they only throttle in times of high congestion (an easily disproved excuse, if the speed is significantly slower on a tethered device while the cellular device itself has massively better speeds at all times then it's not congestion)
the customer has paid for hotspot usage, not hotspot usage at a reduced speed. (though some are disclosed, if only in the contract text itself, the customer would need to check this first)
changing the IMEI of a hotspot to that of say, a tablet that the person also owns for instance, would bypass that throttling and allow the customer to get the speeds that they have in fact paid for.
this is in fact what this type of modification is most commonly used for.
in this scenario there is no defrauding taking place, the customer is paying for a service that they are using on hardware that they have legally purchased and are taking actions simply to get what they have paid for and what the carrier agreed to provide them per the subscriber contract, neither 18 U.S.C. §1029 or 18 U.S.C. §2315 would come into effect or question, thus the action is perfectly legal.
since as i'm sure you're aware, in the USA, unless there is a law that SPECIFICALLY states an action is illegal, then said action is LEGAL.
the law is restrictive not permissive; people don't need permission to go outside and take a walk down the road, it is not forbidden by law therefore it is legal.
as others have said, most criminals will just buy burner $50 phones from walmart rather than go through all this trouble to change the imei.
Click to expand...
Click to collapse
Indeed you can change your IMEI if you are a device owner. If you get caught, however, you will be prosecuted. I see you read the language of the statute but failed to read the annotations, commentary, amendments and progeny. Perhaps do your full research on the applicable law and then try to debate the substantive language. My interpretation of the statute is not at fault. I have been litigating this statute for a number of years and know full well what it prohibits.
Click to expand...
Click to collapse
@Mechcondrid, there's a bit more involved in litigation than citing statutory elements. Did you happen to research the federal legal definition of "access device?"
You and I are on the same page in terms of the required mens rea (criminal culpability, i.e. intent) in the context of securing a conviction for access device fraud. The prohibition you're not seeing is the mere act of altering or modifying a device's unique identifiers. This act creates a prima facie case of possessing an unauthorized/counterfeit access device, without demonstrating the mens rea of intent to commit a crime. I'll be glad to hash this out in more detail when I get a few minutes free. So, the question arises, would a person be automatically prosecuted for changing the IMEI/MEID of a mobile device? Maybe, maybe not. Who knows? My point is, that technically speaking, the individual has committed a federal crime within the scope of a prima facie context, by altering the identity of the device, in and of itself. The US Supreme Court expounded upon the contextual meaning of prima facie in the case of Virginia v Black. 538 U.S. 343 (2003). For all intents and purposes of this subject matter, prima facie means evidence which on its first appearance is sufficient to raise a presumption of fact or establish the fact in question, i.e., altering the unique identifiers of a mobile device -- such as a cell phone. But again, when I get a few minutes free I'll hash out the precise points and authorities in the matter sub judice.
Viva La Android said:
@Mechcondrid, there's a bit more involved in litigation than citing statutory elements. This is your free lesson: did you happen to research the federal legal definition of "access device?"
You and I are on the same page in terms of the required mens rea (criminal culpability, i.e. intent) in the context of securing a conviction for access device fraud. The prohibition you're not seeing is the mere act of altering or modifying a device's unique identifiers. This act creates a prima facie case of possessing an unauthorized/counterfeit access device, without demonstrating the mens rea of intent to commit a crime. I'll be glad to hash this out in more detail when I get a few minutes free. So, the question arises, would a person be automatically prosecuted for changing the IMEI/MEID of a mobile device? Maybe, maybe not. Who knows? My point is, that technically speaking, the individual has committed a federal crime within the scope of a prima facie context, by altering the identity of the device, in and of itself. The US Supreme Court expounded upon the contextual meaning of prima facie in the case of Virginia v Black. 538 U.S. 343 (2003). For all intents and purposes of this subject matter, prima facie means evidence which on its first appearance is sufficient to raise a presumption of fact or establish the fact in question, i.e., altering the unique identifiers of a mobile device -- such as a cell phone. But again, when I get a few minutes free I'll hash out the precise points and authorities in the matter sub judice.
Click to expand...
Click to collapse
actually, yes i am familiar with the federal definition of it; I actually design, build and implement custom IoT CnC (command and control) systems, of which one connection option offered is embedded cellular modules (other options include point to point microwave links as well as satcom links like the U-Blox system).
I do this as part of my job for a DoD contractor, so reading up on the compliance requirements of it is basically required to design and sell these systems unless i'd like the company to run afoul of a number of DFARs regulations/clauses and various federal contracting laws/regulations.
i have to even go as far as what specific brands and SoCs i use in a design depending on the customer, contractual context and if it's DoD related or not.
i research and read far more about the legality of things than you would ever expect a system architect to do.
you are coming into the scenario under the presumption that the IMEI is only ever altered (or at least the majority of the time) for illegal or duplicitous means, while that is a possibility, equally a possibility (or even more likely since there is considerable effort and technical skill involved and criminals generally would want easier methods) is a legitimate reason to do so.
the assumption of prima facie evidence runs under the understanding that the particular action is distinctly common to allude to or point to the very likely commission of a crime and only in the absence of competing evidence.
even then it generally requires the prosecution to provide point by point evidence pointing to the confirmation or the support of the prima facie assumption.
someone gets caught with 5 lbs of marijuana (pre-decriminalization/legalization, but this is an apt example that happened quite a bit) and says it's for "personal use"; it's FAR more likely that amount was purchased with the intent to resell (prima facie) than it is that one person is going to go through 5 whole lbs of weed in any realistic amount of time.
i believe there is also the same kind of law concerning liquor reselling without a liquor license somewhere but the core concept remains the same.
a legal non-blacklisted device, active paid carrier account registered to the person in question, and the IMEI being from a device that is also legally owned by the same user and no other active device used on the network with that IMEI would all be competing points of evidence that are easily verifiable by both third parties and the carrier's own records in conjunction with various forms of proof from the person in question themselves.
in one non-DoD customer scenario (that i've actually had to deal with) a cat 18 lte module we had deployed and provisioned would continuously get throttled and deprioritized as a type of hotspot device when it was in fact a single node communications module due to some issue on the carriers backend management in the regional tower software (passadena, ca area to be specific), the module does not move and is simply in a location where running conventional wired or directed microwave networking infrastructure is both financially and physically infeasible; despite working with the carrier's enterprise support, every time we would get the modem back online to realistically usable speeds, about 72-84 hours later the module would again get deprioritized and return to sub megabit speeds on the upstream; this was a implementation that needed near-realtime data relay (less than 1 minute between data collection and upload/reception) which those kind of abysmal upload speeds completely blew out of the water.
after spending a cumulative 80 man hours attempting to work and troubleshoot with the carrier via normal support channels we decided to alter the imei using a cellular capable samsung tablet we purchased specifically to scavenge the IMEI.
The actual tablet itself is not and was never activated on any network and to this day sits on the server room shelf gathering dust and was never even turned on and had it's first boot setup performed.
i'd honestly be very surprised if the tablet is even still functional considering it's sat there for years in a discharged state.
this was a legal purchase, is not a duplicated hardware node on any carrier network and is being used to access a legally and properly registered service that is being paid for by the registered account owner.
so: no fraud, no cloned device on any network and everything registered as it should be regarding the account owners, simply what amounts to a system repair using IMEI modification.
to date (going on roughly 3 years now) this fix has been rock solid and the only service interruption has been when the local power supply failed after the NEMA enclosure gasket had gotten damaged from a local tech's improper closure of the lid.
there is no specific law (in the USA) forbidding the alteration of an IMEI in and of itself without consideration to the intent or specific actions/activity being performed with the completion of that modification.
a prima facie case would likely be valid if we are talking about an actual cell phone as opposed to a hotspot or other data only terminal since there is little to no legitimate benefit to altering phone IMEIs (smart phone IMEIs are already one of the highest priority devices on carrier networks behind enterprise and first responder/mission critical nodes) outside of some very specific and niche scenarios;
but again, there COULD be legitimate reasons to do so and much of those are relatively easy to prove or disprove with information external to the person that is in question.
Mechcondrid said:
actually, yes i am familiar with the federal definition of it; I actually design, build and implement custom IoT CnC (command and control) systems, of which one connection option offered is embedded cellular modules (other options include point to point microwave links as well as satcom links like the U-Blox system).
I do this as part of my job for a DoD contractor, so reading up on the compliance requirements of it is basically required to design and sell these systems unless i'd like the company to run afoul of a number of DFARs regulations/clauses and various federal contracting laws/regulations.
i have to even go as far as what specific brands and SoCs i use in a design depending on the customer, contractual context and if it's DoD related or not.
i research and read far more about the legality of things than you would ever expect a system architect to do.
you are coming into the scenario under the presumption that the IMEI is only ever altered (or at least the majority of the time) for illegal or duplicitous means, while that is a possibility, equally a possibility (or even more likely since there is considerable effort and technical skill involved and criminals generally would want easier methods) is a legitimate reason to do so.
the assumption of prima facie evidence runs under the understanding that the particular action is distinctly common to allude to or point to the very likely commission of a crime and only in the absence of competing evidence.
even then it generally requires the prosecution to provide point by point evidence pointing to the confirmation or the support of the prima facie assumption.
someone gets caught with 5 lbs of marijuana (pre-decriminalization/legalization, but this is an apt example that happened quite a bit) and says it's for "personal use"; it's FAR more likely that amount was purchased with the intent to resell (prima facie) than it is that one person is going to go through 5 whole lbs of weed in any realistic amount of time.
i believe there is also the same kind of law concerning liquor reselling without a liquor license somewhere but the core concept remains the same.
a legal non-blacklisted device, active paid carrier account registered to the person in question, and the IMEI being from a device that is also legally owned by the same user and no other active device used on the network with that IMEI would all be competing points of evidence that are easily verifiable by both third parties and the carrier's own records in conjunction with various forms of proof from the person in question themselves.
in one non-DoD customer scenario (that i've actually had to deal with) a cat 18 lte module we had deployed and provisioned would continuously get throttled and deprioritized as a type of hotspot device when it was in fact a single node communications module due to some issue on the carriers backend management in the regional tower software (passadena, ca area to be specific), the module does not move and is simply in a location where running conventional wired or directed microwave networking infrastructure is both financially and physically infeasible; despite working with the carrier's enterprise support, every time we would get the modem back online to realistically usable speeds, about 72-84 hours later the module would again get deprioritized and return to sub megabit speeds on the upstream; this was a implementation that needed near-realtime data relay (less than 1 minute between data collection and upload/reception) which those kind of abysmal upload speeds completely blew out of the water.
after spending a cumulative 80 man hours attempting to work and troubleshoot with the carrier via normal support channels we decided to alter the imei using a cellular capable samsung tablet we purchased specifically to scavenge the IMEI.
The actual tablet itself is not and was never activated on any network and to this day sits on the server room shelf gathering dust and was never even turned on and had it's first boot setup performed.
i'd honestly be very surprised if the tablet is even still functional considering it's sat there for years in a discharged state.
this was a legal purchase, is not a duplicated hardware node on any carrier network and is being used to access a legally and properly registered service that is being paid for by the registered account owner.
so: no fraud, no cloned device on any network and everything registered as it should be regarding the account owners, simply what amounts to a system repair using IMEI modification.
to date (going on roughly 3 years now) this fix has been rock solid and the only service interruption has been when the local power supply failed after the NEMA enclosure gasket had gotten damaged from a local tech's improper closure of the lid.
there is no specific law (in the USA) forbidding the alteration of an IMEI in and of itself without consideration to the intent or specific actions/activity being performed with the completion of that modification.
a prima facie case would likely be valid if we are talking about an actual cell phone as opposed to a hotspot or other data only terminal since there is little to no legitimate benefit to altering phone IMEIs (smart phone IMEIs are already one of the highest priority devices on carrier networks behind enterprise and first responder/mission critical nodes) outside of some very specific and niche scenarios;
but again, there COULD be legitimate reasons to do so and much of those are relatively easy to prove or disprove with information external to the person that is in question.
Click to expand...
Click to collapse
You make good points. The key term is "access device," which was amended by legislation fairly recently to include tablets, cell phones, desktop computers, laptops, etc. I certainly agree that there are legitimate reasons as to why device identifiers would need to be modified. Correct, while there is not a statute that expressly prohibits alteration of IMEI/MEID numbers, I am merely outlining the federal statutes by which the government prosecutes such offenses. Similarly, for example. the Commonwealth of Kentucky does not have a statute prohibiting vehicular homicide. So there is no statute expressly saying that you can't go out and drive recklessly and kill people. However, such offenses are prosecuted under the manslaughter or wanton murder statutes. Changing an IMEI can get you prosecuted under the federal statute prohibiting the counterfeiting of an access device. I'm by no means saying that Homeland Security is coming after anybody changing an IMEI. But what I am saying is that federal prosecutors can technically charge an offender. I don't personally know of anybody who has been charged merely for altering device identifiers in the prima facie context. The US government most likely prosecutes only those offenders who have acted with nefarious or malicious intent, such as trafficking in cloned cell phones and the like. But again, my only point is that it is technically possible.
You and I appear to be on the same page on this topic. The only debate has been semantics it seems, whereas we are both correct on the points we are making.
Lithuanian government warns about secret censorship features in Xiaomi phones
The Lithuanian Defense Ministry published a security audit on Wednesday for three popular 5G smartphone models manufactured in China, recommending that citizens avoid or stop using at least two of the three devices, citing privacy infringements and secret censorship capabilities.
therecord.media
https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf
PDF analysis attached.
Yeah I saw that. No big surprise...
You can get a used Note 10+ now for $400-800.
Just ordereded up a new one for $800.
Either way a better deal and it's a flagship phone with great performance... and no CCP junk.
Cleary not for European / Global International users apparently. Answer from Xiaomi :
Following the publication of our article, Xiaomi asserted its right of reply. Here is the manufacturer's full statement: “Xiaomi devices do not censor communications to or from its users. Xiaomi has never restricted or blocked the personal behaviors of users of its smartphones, such as searching, calling, browsing the Internet or using third-party communication software, and never will. We respect and are committed to fully protecting the legal rights of our community. Xiaomi fully complies with the General Data Protection Regulation (GDPR) of the European Union ”.
Click to expand...
Click to collapse
And in the pdf it's explain it's only with Mi Browser (no one use this ****)
With phone like Xiaomi (using M11 right now) I actually feel much safer rooting the phone, then use AdAway and AFWall+ plus to block suspicious system activities. This in addition to the usual debloating to get rid of as many Xiaomi related stuff as I can.
After implementation I did a quick check on pihole, no secret packets sent to Xiaomi it seems. Not comprehensive I know, but it gives me peace of mind.
Using the command line "iptables -nvL OUTPUT" I can see AFWall+ blocking all these system related traffic. My phone isn't impacted at all as everything remains operational. For the fun of it I also have this line executed whenever my phone boots:
iptables -I OUTPUT -m owner --gid system -j REJECT
"system" seems to be everything MIUI related. I can see this extra instruction blocking additional traffic, and nothing on my phone stops working with this. So it is there just for extra peace of mind.
seemebreakthis said:
With phone like Xiaomi (using M11 right now) I actually feel much safer rooting the phone, then use AdAway and AFWall+ plus to block suspicious system activities. This in addition to the usual debloating to get rid of as many Xiaomi related stuff as I can.
After implementation I did a quick check on pihole, no secret packets sent to Xiaomi it seems. Not comprehensive I know, but it gives me peace of mind.
Using the command line "iptables -nvL OUTPUT" I can see AFWall+ blocking all these system related traffic. My phone isn't impacted at all as everything remains operational. For the fun of it I also have this line executed whenever my phone boots:
iptables -I OUTPUT -m owner --gid system -j REJECT
"system" seems to be everything MIUI related. I can see this extra instruction blocking additional traffic, and nothing on my phone stops working with this. So it is there just for extra peace of mind.
Click to expand...
Click to collapse
One problem being the CCP's insidious goal of burrowing into all civilian devices and platforms.
The possibility of unknown hardware backdoors is real and virtually undetectable.
The CCP serves only it's own goals and interests.
One of their primary goals is to gather as much user data as possible by any means at their disposal. Still feel safe?
blackhawk said:
One problem being the CCP's insidious goal of burrowing into all civilian devices and platforms.
The possibility of unknown hardware backdoors is real and virtually undetectable.
The CCP serves only it's own goals and interests.
One of their primary goals is to gather as much user data as possible by any means at their disposal. Still feel safe?
Click to expand...
Click to collapse
Let's be realistic. And don't get me wrong. I strongly believe that CCP is as mean as it could be. But then, they have economic interests too. China is a country that significantly leans on export, and they don't want to be hurt more than they are (Huawei, other sanctions - India).
Therefore, I don't believe in hardware backdoors. Xiaomi and others even don't produce hardware themselves. Software is a different ballgame. Only evaluate the risk. Let's say that CCP would force companies to install spy software if it could be effectively covered. And what then? What's the difference? Do you trust non-Chinese phones considering that western Big Tech companies have autonomous power to spy everyone, censor everybody? They do it to the former US president, why you think that they won't do it to you?
And do you know that Apple is planning (maybe it is already implemented) to use AI to spy every iPhone pretending to seek children pornography? What is CCP different and how it can hurt you more than Big Tech which have been a long time unleashed and control your data as Orwell predicted without any restrictions or legal limitations?
The only solution are custom roms from transparent developers. And if it is not possible, totally debloated phone, no matter if it comes from east or west. With that kind of adjustment, I certainly trust any Chinese phone more than totally locked and nontransparent systems like iPhone.
Only relevant for Chinese users.
Also I prefer my data in the hands to people on other side of the world than in the hands of my own government.
As soon as you connect to the internet from any device, they have all your information already, it's just that they will use it for good or bad purposes.
nothing is safe
piskr said:
Let's be realistic. And don't get me wrong. I strongly believe that CCP is as mean as it could be. But then, they have economic interests too. China is a country that significantly leans on export, and they don't want to be hurt more than they are (Huawei, other sanctions - India).
Therefore, I don't believe in hardware backdoors. Xiaomi and others even don't produce hardware themselves. Software is a different ballgame. Only evaluate the risk. Let's say that CCP would force companies to install spy software if it could be effectively covered. And what then? What's the difference? Do you trust non-Chinese phones considering that western Big Tech companies have autonomous power to spy everyone, censor everybody? They do it to the former US president, why you think that they won't do it to you?
And do you know that Apple is planning (maybe it is already implemented) to use AI to spy every iPhone pretending to seek children pornography? What is CCP different and how it can hurt you more than Big Tech which have been a long time unleashed and control your data as Orwell predicted without any restrictions or legal limitations?
The only solution are custom roms from transparent developers. And if it is not possible, totally debloated phone, no matter if it comes from east or west. With that kind of adjustment, I certainly trust any Chinese phone more than totally locked and nontransparent systems like iPhone.
Click to expand...
Click to collapse
The CCP's primary target after its own citizens is the USA. Almost zero risk to a hardware backdoor; they could even blow it off as a vulnerability that was not anticipated or detected. A backdoor can lie dormant forever or be activated as needed.
The CCP is like that psycho b*tch gf that talks with demons.
You can't take a ride without getting stabbed
Apple just sucks. Aiding the enemy. They backed away from the user monitoring that their CCP masters taught them, for now.
Apple can't be trusted at all.
If if you're simple enough to buy an Apple...
you deserve what you get; a plain Jane you can't trust
blackhawk said:
Still feel safe?
Click to expand...
Click to collapse
Yes.
Because your profound statements didn't undo any safety measures I did to my phone, nor did they refute the validations of my tests that in fact showed the safety measures barred attempts to connect to Xiaomi servers.
They talk about this "MiAdBlacklistConfig" file that gets updated everyday and used by Mi Browser and other Xiaomi apps to check / censor "sensitive communications". It is there in my phone (funny content), but no update since the day I initially setup the phone. Also I erased Mi Browser. Even the core Xiaomi System Components is barred from reaching out to the internet etc etc etc.
seemebreakthis said:
Yes.
Because your profound statements didn't undo any safety measures I did to my phone, nor did they refute the validations of my tests that in fact showed the safety measures barred attempts to connect to Xiaomi servers.
They talk about this "MiAdBlacklistConfig" file that gets updated everyday and used by Mi Browser and other Xiaomi apps to check / censor "sensitive communications". It is there in my phone (funny content), but no update since the day I initially setup the phone. Also I erased Mi Browser. Even the core Xiaomi System Components is barred from reaching out to the internet etc etc etc.
Click to expand...
Click to collapse
If they did it right you'll never even know it happened... hardware embedded back doors aren't easily detectable when dormant.