Some of the things that BIG TECH (Google, Facebook, Apple, Microsoft, Amazon, and others) uses to identify you:
1. IP address
2. Browser Fingerprinting
3. Device Fingerprinting
4. Location, Nearby scanning, Beams, GPS
5. Advertiser ID
6. Always Listening (voice commands)
7. Your demographic details
IP address
This is the same for all devices connected to the same WiFi network. This address is called the Public IP address, which is the address assigned to your WiFi router by your ISP. Using this, Big Tech can track all the accounts that use the same IP address. So, Big Tech knows who all are living in the same household, who all are working in the same place (if you connect to your work WiFi), etc.
Browser Fingerprinting
Websites can track full details of your browser, which in conjunction with other forms of tracking (like cookies), can be used to create your virtual profile, your interests, your online activities, etc. Google, Facebook, Amazon, etc, have trackers in pretty much all the websites, so even if you don't use your account in those sites, BIG TECH can still track you by connecting the dots.
Using Private/ Incognito browsing isn't all that private as one is made to believe.
Device Fingerprinting
This is similar to, but more advanced form of tracking compared to Browser Fingerprinting. They record details of your device like make, model, display resolution, operating system, time zone, GPS, sensor data, Information About Things Near Device (i.e Wi-Fi Access Points, Cell Towers, Bluetooth-enabled Devices, etc.).
You can change your browser, network, location, etc. But you are unlikely to change your device as frequently. You can be easily tracked using Device Fingerprinting.
Location/ Nearby Scanning/ WiFi/ Low Energy Bluetooth/ GPS
You can change your physical location, but it is highly likely that you will move with your family. So even if you use completely new accounts, they can still track you through your family members' accounts. That's how Facebook recommends same 'Friends' to you even if you use a new account.
Your device is constantly communicating with the tech around you - mobile towers, WiFi routers, Bluetooth devices, GPS, etc. That setting of 'Scanning Always Available' under Location Settings helps in improving this accuracy.
A new technology is in works that will allow tracking of your device even when it is switched OFF! Spyware is essentially being installed at the hardware level and your devices would be under surveillance 24x7.
Advertiser ID
As the name suggests, this is your Virtual Identity containing your interests, online activity history, etc that is provided to advertisers (even if anonymously) for targeted advertising.
You CAN reset this ID on all devices (Android, iOS, Windows, macOS, etc.) to reduce the amount of information advertisers know about you (even if anonymously).
Always Listening
The most privacy disrespecting feature. Your gadgets are constantly listening to you, waiting for your commands. All your personal conversations are recorded. Next feature will be Always Watching! They will develop some interesting application for this feature (like they did for identifying the music around you) and sell you devices that is constantly recording you using cameras!
Your Demographics
Name, Phone number, Date of Birth, Gender, and other details that you provide when creating your account. They have pretty much made it mandatory to give correct information without which you cannot create an account.
Your personal details, contacts, meta data of pictures and videos on your device, etc everything will be linked to identify you from your virtual identity.
CONCLUSION
No matter how hard one tries, he will leave several footprints about himself if using tech. The only way to avoid tracking is to completely give up on use of gadgets and communication devices. VPNs/ TOR Network won't protect you.
FUN FACT
ALL BIG TECH companies, including chip makers are American companies!
Software: Google, Apple, Microsoft, etc.
Hardware: Qualcomm, Intel, AMD, Apple, etc.
Social media: Facebook, Instagram, YouTube, Twitter, etc.
Streaming Services: Amazon, Netflix, etc.
News channels too (there are no journalists anymore; only media-persons)
....you name it: all are American companies! This isn't a mere coincidence!
So you know where all the data goes! And who does all the spying!
I bought a brand new phone and set it up WITHOUT any account. I have installed a few apps, including Revanced Extended with microG (not signed in to any account).
Guess what:
The YouTube feed is pretty much filled with the same recommendations and content from channels I have subscribed to on my other devices where I have signed in. đź«Ł
Here's another example:
How was my store visit inside a shopping mall tracked?
I was inside a shopping mall yesterday for a few hours. One of the shops/ store is an outlet of a well known electronics retail chain. I have purchased something there several months/ years back. I was inside this store yesterday too, but only...
forum.xda-developers.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Exactly what was written in OP.
Fake narrative building, creating false public perception and influencing people's mindset is why this is done. Everyone knows who controls all the technology and who has all the money in the world.
Yet people believe in the Chinese CCP crap because the biggest spy in the world has created an infrastructure that sells such stories to them.
That's all metadata! And you can stop most of it by installing Adguard with some common filters and setting require VPN for all connections. (this setting is hidden on quite some China OS Chinese phones).
And the same inforamtion is tracked by Chinese phones on global OS.
If you have a China OS Chinese phone - your actualy message content is censored and tracked. Get two China OS phones and send a message with some text about Winnie the Pooh and Xi Jinping - good luck receiving it...
You can notice that after any text message you receive the China OS spyware will send information to Chinese servers.
But yeah - it's okay for their global phones. Just not for the ones for Chinese market (=China OS). Cannot remove their dialer software because than their phone content analysis wouldn't work anymore and so on.
Just be happy you don't live in China. Spying there is on another level - but they are quite transparent about it. Everyone knows about it - unlike Europe/USA where people aren't so aware of what is tracked and what not.
It will upload any website you visited and much more.
And yeah an Iphone China OS or Samsung China OS will spy/censor just like a China OS Chinaphone. It's government policy (and that was the reason for google back some years to pull out of China/not start there. But that was in the good old don't be evil times - which are sadly over.
extremecarver said:
That's all metadata! And you can stop most of it by installing Adguard with some common filters and setting require VPN for all connections.
Click to expand...
Click to collapse
Some day it will be known that VPN was a big scam. It was just a tool used by spying agencies.
extremecarver said:
Just be happy you don't live in China. Spying there is on another level - but they are quite transparent about it. Everyone knows about it - unlike Europe/USA where people aren't so aware of what is tracked and what not.
Click to expand...
Click to collapse
That is the whole point. As mentioned in the last section of OP, everything you do online is being tracked continuously. Just that one country does it openly, while the other does it stealthily, covertly, and on a much much larger scale.
Tor was created by DARPA / Department of defense. They track everything.
immortalwon said:
Tor was created by DARPA / Department of defense. They track everything.
Click to expand...
Click to collapse
And they have made people believe they cannot be tracked.
TheMystic said:
Some day it will be known that VPN was a big scam. It was just a tool used by spying agencies.
That is the whole point. As mentioned in the last section of OP, everything you do online is being tracked continuously. Just that one country does it openly, while the other does it stealthily, covertly, and on a much much larger scale.
Click to expand...
Click to collapse
Local VPN surely isn't scam. You can check rules yourself. Other VPN depends on the provider
Thread Locked.
This thread like other threads of this nature has gone into politics and is locked.
Related
Recently, researchers from the Cheetah Mobile Security Lab have found a dangerous Trojan, dubbed Cloudsota, pre-installed on certain Android tablets. Tablets infected with this Trojan are still on the shelves of Amazon, ready to be shipped to customers around the world.
Origin: Complaints from victims
This Trojan has existed for quite some time and victims have been consistently asking for help at Android forums like XDA, TechKnow and others.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
A few complaints from customers can be found on Amazon as well.
Evil: Malicious activities of the Cloudsota
The Cloudsota Trojan enables remote control of the infected devices, and it conducts malicious activities without user consent.
The CM Security Lab has detected that Cloudsota can install adware or malware on the devices and uninstall anti-virus applications silently. With root permission, it is able to automatically open all installed applications. Furthermore, we found that the Trojan replaces the boot animation and wallpapers on some devices with advertisements. Cloudsota also changes the browser’s homepage and redirects search results to strange ad pages.
Impact: More than 153 affected countries
According to our rough estimation, at least 17,233 infected tablets have been delivered to customers hands. The estimation is based on anonymous data collected by Cheetah Mobile. Since many tablets are not protected by anti-virus applications, the number may actually be significantly greater.
What’s worse, these tablets are still available on many online stores, including the huge retailer Amazon. While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.
Over 30 tablet brands have been pre-loaded with this Trojan, among which the most severely affected are the no-brand tablets with Allwinner chips. Over 4000 such tablets have been sold to customers across the world.
We have notified companies involved whose products are found with pre-installed Trojans. We advised those manufacturers to investigate their system firmware carefully, but unfortunately none have responded yet. We assume that the unbranded tablet manufacturers do not pay any attention to user feedback, nor do they have the capability to offer a solution to this problem.
Over 150 countries are affected by this Trojan, with Mexico, USA and Turkey suffering the most.
A large number of customers have left comments on Amazon.com grumbling about the advertisements and popups. These tablets share some similarities that all of them are low-priced and manufactured by nameless small-scale workshops. Here is an incomplete list of the questionable tablets on Amazon. (More details please refer to the Appendix)
Decompile: Technical analysis of the Trojan:
When we discover a questionable tablet, we send a notification to Amazon explaining the issue. We are assured that Amazon can corroborate our messages with its customers complaints and reviews.
Red “Demo” on the screen
Many users reported that their tablets were locked down into demo mode, with a large red “demo” text on the screen all the time. Based on our analysis, the red “demo” is not generated by the Trojan. The source of the red demo exists in the system component package-SystemUI.apk
As soon as the device is booted, the malicious code in SystemUI.apk will be executed to examine whether the malware com.clouds.server (viz., the Trojan cloudsota) has been installed in the tablet, if not, the code will try to get one, and if it fails, it will draw a big red “Demo” in the center of the screen.
Auto restoration after reboots
Even if we remove the Trojan, it will reappear after reboot.
As the Trojan is embedded in boot.img /cloudsota/CloudsService.apk, it is able to restore itself when a user reboots the device, meaning that it is very hard to get rid of.
Every time the device reboots, the code in the script init.rc will restore the Trojan.
The code that restores the Trojan:
Block browser’s homepage
When users boot the device, Cloudsota will visit the Trojan creator’s server frequently (about every 30 minutes), in order to obtain operating commands. Commands to change the browser’s homepage are as follows:
We intercepted some data:
http://download.cloudsota.com/homepage/1427791194/homepage
Install Apps silently
Similar with the homepage block, the Trojan gets a list of applications to push from the cloud server and silently installs these apps to the system directory of users’ devices. Generally, users are unable to remove them.
We obtained some information about the Trojan’s implementation:
http://download.cloudsota.com/apk/ota/1438999935/CalendarService.apk
http://download.cloudsota.com/apk/ota/1440569351/CloudsService.apk
http://download.cloudsota.com/apk/DSB/393/dsb_aijian2.apk
http://download.cloudsota.com/apk/MopoPlay/4314/MopoPlay.apk
http://download.cloudsota.com/apk/maxthon/2915/hgnormal_remote_master.apk
Other detected behaviors:
The Trojan is also able to:
1. Change the boot animation of the device. (Users have to bear the annoyance of advertisements even when booting.)
2. Uninstall the applications in your device. (Mainly uninstals anti-virus apps and root tools which offer protection to your device)
3. Set your wallpaper to advertisements. (Every time you tap the home button, you will see the nasty advertisements)
4. Activate whatever applications on your device
5. Create pop-up advertisements
Knowing all the malicious activities of this Trojan, we understand why these tablets are so cheap.
Conclusion: Attackers may from China?
We have confident proof showing that attackers from China are behind Cloudsota.
1. The code we extracted from the Trojan links to the WHOIS information on the server of www.cloudsota.com. It is clear that the server is registered in Shenzhen, P.R. China.
Registry Registrant ID:
Registrant Name: QIU BIHUI
Registrant Organization:
Registrant Street: xixang baoan district
Registrant City: shenzhen
Registrant State/Province: guangdong
Registrant Postal Code: 518101
Registrant Country: China
Registrant Phone: 1-368-255-2849
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
2. Much of the code is written in Chinese characters.
3. The manufacturers of tablets are from China.
Solutions and Recommendations
For infected users: We have published manual removal instructions on our blog.
For online stores: We suggest these dealers more strictly vet their product vendors.
For tablet buyers: Do not take the risk of trying tablets from nameless manufacturers just to save some money.
For this report, we refer to many materials from the following websites and organizations, and we greatly appreciate their kindness and support!
Special Thanks to: www.Techknow.me / www.Techknow.one
For more details of the users' reviews on Amazon and related information of the Trojan, please refer to the Appendix.
manual removal instructions http://www.cmcm.com/article/share/2015-11-09/840.html
Appendix https://drive.google.com/open?id=0B1CH2n58TrbiOWs2eGdjaW50RFk
manual removal instructions http://www.cmcm.com/article/share/2015-11-09/840.html
Appendix https://drive.google.com/open?id=0B1CH2n58TrbiOWs2eGdjaW50RFk
There is no such thing as a nameless manufacturer. This article doesn't even name the offending companies.
I'm guessing these might be the cheap manufacturers. Still a problem..
Almost every Chinese mobile have Cloudservice.apk malware installed.
Holy COW!
Including the replica phone at the most.
A useful post, but as @jayvl said, the offending companies were not listed.
Sent from my ASUS_Z00AD
OwnPush
We know that push messaging is a key tool for developers to keep users engaged with their apps/services and to deliver timely content. Right now there's little or no choice in the way of push services outside of Google Cloud Messaging (GCM), which is a problem if you value control and security or want to reach the billion-or-so users without access to Google Mobile Services on their devices. As a result of working on XDA Labs and a few other internal projects, we at Fastboot and XDA have built an alternative to GCM that we want to make generally available.
OwnPush is:
- End-to-end encrypted: With GCM, all messages go through Google, which acts as the gatekeeper between developer and user. We know that Android users value their privacy, and OwnPush messages are encrypted (seamlessly and by default) from the developer's server, all the way through to the end device. This means that we (and anyone else in the path) can't get into your push messages. Like it should be.
- Simple to use: Push messages can be delivered to any device running Android, whether tablet or phone. It works over Wifi or mobile data, and it's very simple to use. To aid in implementing OwnPush in your applications, we will be providing libraries for major backend platforms to help with handling the encryption and signing process.
- Battery-light: GMS is fairly heavy on the battery, as it's got a huge number of features tied together, including location logging and Google accounts. OwnPush is as lightweight as possible.
We are still finishing things off, but we're looking to start working with developers on helping them integrate OwnPush in their apps. In the spirit of XDA, we'll be making it open source, although we need to finalize the details. You'll be able to include our (tiny, open source, easy-to-read) library in your app, and the rest will come automatically. We'll be working on some simple integration guides for the server side, so it's easy to send push messages using almost anything.
Below is a high-level overview of how ownPush works.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What can this be used for?
OwnPush has the capability to be the driving force behind some really cool ideas, from a fully open-source PC-to-phone push system, to building real-time secure messaging platforms. OwnPush can do everything that other options can do, and it's more secure to boot! OwnPush enables you to keep your users informed while not impacting battery life. We hope that the uses for OwnPush are limited only to your imagination.
Open source tools are easier to work with, tweak and play with, and learn from. There's no reason to use the proprietary Google Services library just to get push messages working! Coupled with XDA Labs, you can start to build an ecosystem without relying on Google at all, and without them being able to shut your developer account down!
About Fastboot Mobile
We're a small, venture-capital free business. No external influences or pressures on how we work. We're developers like you, and we believe in giving people a real choice.
If you're interested in this, and want to get involved and have a play, please let us know via the thread or our contact form. At the moment, we're also looking to raise awareness of the technology behind OwnPush to the wider community. Together, we can make the default for push messaging secure, and perhaps even bring about an end to sending "secure login tokens" via SMS messages! We're looking to bring OwnPush to as many people as possible, so if you (or your business) have a need for properly secure push messaging, please get in touch.
OwnPush Usage Examples
OwnPush Performance Examples
For an example of what OwnPush can offer regarding battery savings, we setup a test with a Nexus 9 over a 20hr period. The test application used OwnPush to keep alive a server connection (typical ping <-> pong) once every 4-5 minutes and a push notification randomly sent every 2-10 minutes
Nexus 9 CPU usage over 20hrs running OwnPush
Application Resource usage
Google Services Resource usage over same time period
This looks great, thank you . The one thing I don't see mentioned anywhere is the possibility of self hosted servers. Is this something which you currently have plans for? I think it would be a bit odd to offer such a great decoupling from Google, only to replace that coupling with Fastboot Mobile. The option of self hosted push servers is even more critical when you think of the possible issues Fastboot Mobile may face down the line. With no obvious business model, what guarantee do we as developers have that the ownPush servers will still be around 2yrs from now? GCM on the other hand is backed by Android developers themselves, and has become such a critical infrastructure that we're essentially guaranteed its existence for years/decades.
Edit: The developer talked about this on reddit. You can find the discussion here: https://www.reddit.com/r/Android/comments/440euy/ownpush_open_source_endtoend_encrypted_push/czmfgnl
Where can I follow the progress of this project? Sorry, I am new to XDA. Thanks.
Sent from my Nexus 7 using Tapatalk
What license is planned? LGPL or Apache2?
Exciting news!
Very exciting, looking forward to testing this !
evilSquirrel said:
Where can I follow the progress of this project? Sorry, I am new to XDA. Thanks.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
I would guess that this thread would hold that information in the future too
evilSquirrel said:
Where can I follow the progress of this project? Sorry, I am new to XDA. Thanks.
Click to expand...
Click to collapse
We'll keep this thread updated as appropriate.
jumoog said:
What license is planned? LGPL or Apache2?
Click to expand...
Click to collapse
We will be releasing under LGPL (version TBD).
OwnPush Demo Applications
Hello All,
We are happy to provide some more information about OwnPush today
Everyone involved with OwnPush has been hard at work getting the service to a level that we can demonstrate to the world, this has ended in the creation of two demo applications that we have published over the weekend.
These demo apps are as follows :-
RSS Demo
An RSS web service and corresponding android application, the webservice checks the RSS feed (BBC World News) rapidly and when a new item becomes available it is pushed with a link to the android application over OwnPush. The android application then shows the notification to the user. This demo shows the power savings that can be gained by using OwnPush.
OTP Demo
This demo is constructed from a simple web service and its android application counterpart. This makes use of the secure nature of OwnPush to send fast, safe, and secure passwords to an Android device. After the apk is installed & registered on the android device the user is shown a short, unique device ID that they can enter on a simple web form. On submission of this form the OTP is randomly generated and sent to the device securely.
For both of these demo applications we have published APKs for you to install and the code for the web services and android app (allowing any developers an insight into how they can implement OwnPush when it is fully available)
To find out more about these demo applications please visit our website demo.ownpush.com
I have been searching for a replacement to GCM and I would like to say thank you and that this is amazing, i cannot wait to start using it!
universelove said:
I have been searching for a replacement to GCM and I would like to say thank you and that this is amazing, i cannot wait to start using it!
Click to expand...
Click to collapse
We're excited to be able to let the cat out of the bag, so to speak. Please reach out via our website so we can stay in contact. In addition, check out our GitHub for more information about the demos, implementation, etc.
I guess since there hasn't been any code changes on Github in 3 months I guess this project is dead?
Sandman-007 said:
I guess since there hasn't been any code changes on Github in 3 months I guess this project is dead?
Click to expand...
Click to collapse
Nope the project is far from dead, we have been working internally to get a full demo system up and running. We have also supplied test accounts and app registration information to a handful of developers to get some feedback on how we can improve the current system (outside of normal bugfixes ect.)
We have also worked on testing with the new doze implementation on N and general stability fixes within the android service
If anyone is looking for more information on OwnPush please don't hesitate to drop me a line via PM on her
I am currently using CM 12.1 GApps-free and microG as alternative to GApps. microG seems to have GCM functionality. Is this app works well with microG?
will you develop plugin for Unity to all mobile platforms?
Can work push other app notify or not? Thanks,,,
Any more developers/users want to see a new push service
after come across own-push, I'd like to make a push service or continue with something working
as a contractor, some of my Europe clients ( startups ) really want to find a clean google free app.
at the quality of commercial pushy. Yet, free and well-known will be better.
as a developer, I want to add iOS + web push support so that no need to manage too many platforms.
single server to server API + end-to-end encrypted by a good algorithm to ensure no MITM issue.
use UDP will be even more battery friendly
make a tiny open source service possibly acceptable by major open ROMs , so all apps share same socket and same service.
or as a short term goal, the first app start the service; other apps connect to it. ( concept borrowed from github.com/vieux/OpenUDID )
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
SoNic67 said:
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
Not just "Chinese" phones, else why are they contacting Google?
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SoNic67 said:
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
Click to expand...
Click to collapse
No I mean the security company Kryptowire are contacting Google, along with Blu. Does that mean a Google phone is affected or is it just as they have a sales channel? Probably the latter but it does raise a lot of questions about exactly & how much control they have of the manufacturing process across their supply chain. Whether it's the the actual phone or individual chips being programmed. And is there any attempt by companies that make products in places like China to check the phones that actually come off the line for compromises. I doubt it but it seems to be a security risk to me.
Of course we all have to trust someone or some company in some way as most things are not open. I to trust Google with much of my data & security.
(I have read several articles on this, but still not much info, all seem to be a rehash of the press release from Kryptowire)
Google code is not affected. This is part of the specific firmware that manufacturer puts in the phone and it is allowed to even be updated OTA.
Meanwhile if I root my device is considered "unsafe"... But that's the only way to see those files and act to remove them.
As much as I hate Apple, I am more and more tempted. At least they control all the manufacturing chain.
Can I load a custom firmware on my phone to eliminate this?
If you can unlock the bootloader, yes.
At the minimum you need root, to be able to disable/eliminate the software. The original article that I have linked has the details of the software names:
com.adups.fota.sysoper
com.adups.fota
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
...and not two days later another news emerges... hehe just when some may have thought they are any different
https://interc.pt/2gkn4dz
M4ti said:
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
who cares who finds it, so long as someone does. Rooting and deleting all the relevant files should work, I guess, but possible could cause some other issues, who knows.
Its pretty funny since most of the people reading those articles doesn't really understand it very well....people quickly jump into conclusion and think that Chinese Smartphone device secretly sending private information to China....
If you read the articles very carefully then you will realize that Shanghai Adups Technology Co. Ltd is a company that provide FOTA services, that means and manufacturers that use their services for OTA updates are likely to effected with the spyware not just Chinese Smartphone....their market share is exceeding 70% across over 150 countries and god know how many devices manufacturers & services operator have been using their services for OTA updates...
The internet is full of discussions about WhatsApp's new Privacy Policy and a lot is being said about how they negatively impact users' privacy. The issue is primarily this: SHARING of data with other FACEBOOK apps and services.
While a lot of concerns have been raised, there is no article that I have found which tell us HOW this new change is going to impact us negatively.
Here is what WhatsApp collects from its users (and going to share with FACEBOOK beginning February 2021):
Your Name
Phone Number
Email Address
Contacts (Full Address Book)
IP Address
Coarse Location
Profile Picture
Device ID
User ID
Advertising Data
Product Interaction
Crash Data
Performance Data
Other Diagnostic Data
Customer Support
Other User Content
Hardware Model
Operating System
Battery level
Signal strength
Time zone
Status
Those who use WhatsApp Payments service, the following additional info collected will be shared:
Payment Info
Purchase History
The question is this:
How is this change going to adversely impact users?
WhatsApp does NOT have access to the contents of your messages, voice calls, video calls, etc as these are E2E (end-to-end) encrypted. So it is NOT clear how the new change in privacy policy is such a big deal. Here are some potential scenarios:
1. The backups you create (locally as well as in the cloud) are reportedly NOT encrypted (although I doubt this). Does that mean WhatsApp will have access to your messages and other stuff? And use these in ways you are not comfortable with?
2. I don't know if Facebook REQUIRES users' phone numbers during registration. If that isn't a mandatory requirement, this is what can (or will) happen:
Since WhatsApp has full access to your address book (or contacts), it will now start 'recommending' your Facebook profile (if you have one) to your address book contacts on Facebook, even if you want to stay anonymous.
3. If you interact with Business accounts on WhatsApp, details of your interests/ enquiries/ purchases would be collected and shared with FACEBOOK. Chats with Business Accounts are NOT E2E encrypted, so that information will be shared with FACEBOOK to serve ads to generate revenue.
If you are a Facebook user, much of the above information is probably already available with FACEBOOK.
Apart from the above, I really can't think of how this new change in Privacy Policy will affect users' privacy.
Are people just having herd mentality and making too much noise over nothing?
Hope someone can throw some clarity on this.
With a lot of difficulty, I have found an example of HOW the new change in Privacy Policy can adversely affect users:
Here is an example:
Let's say A and B are married. A is having extramarital affair with C. Now A and C are secretly conversing over WhatsApp without B's knowledge.
With the new policy change, WhatsApp will inform Facebook about the frequent conversations between A and C. Please note that the contents of this conversation is NOT shared, because WhatsApp itself doesn't have access to it. But only the fact that the two are in constant touch with each other over WhatsApp, and if they are meeting up, then that detail too will be shared using location data!
Facebook will think A and C are friends, so it will start showing friends recommendation to A's contacts. In other words, Facebook will start recommending C's profile to B. B will now wonder who is C . And somehow figure out the relationship between A and C.
Do you now understand why FACEBOOK is evil and why the new privacy policy is unacceptable?
Thank you for your info.
I have to say I slightly disagree, since WhatsApp and Facebook are both closed-source, there is no way to confirm that they stick with End to End encryption 100% of the time, do it at all, or even use robust encryption algorithms. Plus, we all know the shady stuff Facebook already does with user information and selling it to advertisers. In fact, before this update to the privacy policy WhatsApp has probably already been collecting user information or something along the lines of that, so you are right in the sense that this new privacy policy update probably won't change much.
Some misinformation clarified:
WhatsApp privacy policy update: Don’t fall for these false claims
WhatsApp's new privacy policy has caused some concern among users. but don't believe all that is being circulated about the messaging app.
indianexpress.com
DarkLight72 said:
I have to say I slightly disagree, since WhatsApp and Facebook are both closed-source, there is no way to confirm that they stick with End to End encryption 100% of the time, do it at all, or even use robust encryption algorithms. Plus, we all know the shady stuff Facebook already does with user information and selling it to advertisers. In fact, before this update to the privacy policy WhatsApp has probably already been collecting user information or something along the lines of that, so you are right in the sense that this new privacy policy update probably won't change much.
Click to expand...
Click to collapse
While nothing can be ruled out, we will still give them the benefit of doubt and accept their word on conversations being E2E encrypted.
If you are using WhatsApp AND Facebook, there isn't going to be much difference because if you have Facebook app installed on your device, it already has much of that info which will now be formally shared.
If you are using WhatsApp but NOT Facebook, you still aren't going to see any difference because what is Facebook going to do with the information it receives from WhatsApp?
With the new privacy policy, WhatsApp is only making arrangements to save itself from litigations. What I mean is information sharing was already happening at some level, which is now only being formalized. Users will hardly see a change.
It will only make a difference if you quit both. That way you can stay away from evil FACEBOOK.
Answering your questions about WhatsApp’s January 2021 Privacy Policy update | WhatsApp Help Center
faq.whatsapp.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi all,
My appologies up front for asking this question as I realize its fairly general and dependent upon my security requirements... Just got a new SGS22ULTRA and need some guidance on getting it secured.
Background info:
--- I never use any cloud services to backup, store, or use applications or files.
--- I only use Software that I can purchase a one time license, download it and use it directly from my devices. No yearly rotating fees, monthly fees, services, nothing.
----All files including media, movies, music, I purchase hard copies, DVD, CDs, So I own the actual movie, music, licenses, etc...
---- I dont use any streaming services, or paid subscriptions, news services, etc...
With the above stated I am hopefull you all can provide me with some direction on what is the best ROM to secure and lockdown my phone for privacy and security. Amongst obvious reasons I truly hate having a green leather Ikea sofa following me around and popping up everywhere.... I truly dislike the constant tracking, monitoring, etc.... any thoughts or suggestions I would be grateful to hear.
Thankyou all in advance
A bigger question is backup without using cloud. No SD card means you lose all data on internal memory in a crash and burn, every time.
Crashes rarely happen but not rare enough. A drop can have the same result.
Kill bixby, and keep location off unless needed for starters. No social media or shopping apps installed, ever. Disable Samsung, app, carrier and Google feedback. A firewall with logging be very useful.
This setting change to globally block ads:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Ratfink11 said:
Hi all,
My appologies up front for asking this question as I realize its fairly general and dependent upon my security requirements... Just got a new SGS22ULTRA and need some guidance on getting it secured.
Background info:
--- I never use any cloud services to backup, store, or use applications or files.
--- I only use Software that I can purchase a one time license, download it and use it directly from my devices. No yearly rotating fees, monthly fees, services, nothing.
----All files including media, movies, music, I purchase hard copies, DVD, CDs, So I own the actual movie, music, licenses, etc...
---- I dont use any streaming services, or paid subscriptions, news services, etc...
With the above stated I am hopefull you all can provide me with some direction on what is the best ROM to secure and lockdown my phone for privacy and security. Amongst obvious reasons I truly hate having a green leather Ikea sofa following me around and popping up everywhere.... I truly dislike the constant tracking, monitoring, etc.... any thoughts or suggestions I would be grateful to hear.
Thankyou all in advance
Click to expand...
Click to collapse
There is nothing like this, you will always be tracked by someone (read Google, Samsung, Facebook or whatever). You want privacy and no tracking? Get a firewall and block everything but you'll cripple the phone and your experience.
Rapier said:
There is nothing like this, you will always be tracked by someone (read Google, Samsung, Facebook or whatever). You want privacy and no tracking? Get a firewall and block everything but you'll cripple the phone and your experience.
Click to expand...
Click to collapse
Cookies, cookies everywhere... it's amazing how much data they pack away even on a good browser. I just clear the data every week or two.
A grossly handicapped phone isn't much fun or very useful.
So phone OS that focus on privacy and security such as Copperhead, Graphene, etc... dont work? Im not out for perfection, and like I said, I dont use streaming services or cloud based apps, I dont use google play, or anything like that. Any apps I use work directly from phone or I build my own apps to function as I need.
Im looking to plug as many privacy security holes as I can and figured, hopefull someone was working on a custom ROM that helps with this.
Thx
Ratfink11 said:
So phone OS that focus on privacy and security such as Copperhead, Graphene, etc... dont work? Im not out for perfection, and like I said, I dont use streaming services or cloud based apps, I dont use google play, or anything like that. Any apps I use work directly from phone or I build my own apps to function as I need.
Im looking to plug as many privacy security holes as I can and figured, hopefull someone was working on a custom ROM that helps with this.
Thx
Click to expand...
Click to collapse
You'll likely end up with a can full of worms to chase down or live with. It will make troubleshooting exponentially harder especially on a new model like this.
Why buy a Sammy flagship and not use it's many features and customizations? You can lock it down fairly well without going totally fort Knox on it.
I think you bought the wrong phone for your specific needs. A Pixel device would have been the better choice.
Its been a while since logging on... I got hit with the nasty dirty stinky pipe linux kernel. Hard reset phone, etc.... So, if I may ask for some assistance... is there a link to how to lockdown, privacy, etc... for S22 Ultra? Unfortuneatly as awsome as this phone is I find it has automated capabilities surpassing my permissions and desires.... If someone can help me update my intelligence level and verify I have Overseer Mode turned off I would be gratefil.... thanks for all your suggestions and frankness.... best regards
Ratfink11 said:
Its been a while since logging on... I got hit with the nasty dirty stinky pipe linux kernel. Hard reset phone, etc.... So, if I may ask for some assistance... is there a link to how to lockdown, privacy, etc... for S22 Ultra? Unfortuneatly as awsome as this phone is I find it has automated capabilities surpassing my permissions and desires.... If someone can help me update my intelligence level and verify I have Overseer Mode turned off I would be gratefil.... thanks for all your suggestions and frankness.... best regards
Click to expand...
Click to collapse
Not sure how it got in. Be helpful to know the vector used to compromise your device ie web surfing, download or installed app. Nasty little bugger.
You need the patch if you're on Android 12 if Samsung has released a patch for it.
Since I'm still running 9... no worries about this exploit. So much for Gookill's security hype.