Related
I bought a g1 last year. I rooted my phone. I fell in love with android and the great community behind it. I am an avid cyanogen mod user.
Google basically ripped out the great fun, learning experimence, and day to day usage i now have in android.
I know how this community feels about 'warez'. I know how this community feels about cyanogen and his contribution to not only us but an 'open source' environment to cell phones.
Well basically what i am getting to is that cyanogen may be legally wrong but what if a developer were to release roms behind closed doors? To torrents and newsgroups and not officially have a face behind said rom. If a developer were to do that, would xda support threads pretaining to that rom? Would all of us still download and love a rom like we do now? Or am i just wrong for getting to that?
If this thread is deleted i understand, but to me i will abandon android if it fails to prosper by the community like true open source software is intended.
Give it time, there are work arounds for ROM makers. Google distributes these applications freely, which means all ROM developers have to do is remove those apps from the ROMs, and give you an application which installs them.
The Android scene is not dead. This sucks, but we will get over it, even without Google's help.
*edit, gary beat me to it..this is in re: to the original post
your not reading before you type...
Google is pissed about him including certain components that were not official yet or closed source. We get over that, and we are back in business. Everyone is way over-reacting, just wait...they will get it figured out. He just cant legally be quite so cutting-edge anymore
I've hard talks of a script that will automatically DL the apps that aren't allowed, I hope that happens soon .
I understand work arounds and what not but do i not have the legal right to use googles closed source apps now that i bought my g1? It is like buying a new car from ford and then ford telling manufacturers of aftermarket products (like air filters or tires) they cant sell them because ford owns the patent to the left head light circuit and it in some legal sense interfers.
A new set of tires on my car is just as damn harmful as using a cyanogen made rom on my phone. I own the hardware, i should be able to do with it as i see fit. Cyanogen doesnt make his roms available to those who dont already own an android licensed product and doesnt do his work for profit that google doesnt see.
They have a legal right yes, but why excersize that legal right when only those who support you already (and if you download cm roms you will more then likely be a future supporter) will end up with the crap end of the stick.
All the crap recently with apple and google voice i have thought to myself that apple will be getting what they deserve by sure to come fines from the fcc. Now google punches us all in the stomache for supporting them and their alledged open source cause. None of us here, including cyanogen, did any actual wrong. If it plays out how it is apparent they want it, everyone loses.
~~Tito~~ said:
I've hard talks of a script that will automatically DL the apps that aren't allowed, I hope that happens soon .
Click to expand...
Click to collapse
our could we just not back up and put theme proper place in the update zips?
rondey- said:
I understand work arounds and what not but do i not have the legal right to use googles closed source apps now that i bought my g1? It is like buying a new car from ford and then ford telling manufacturers of aftermarket products (like air filters or tires) they cant sell them because ford owns the patent to the left head light circuit and it in some legal sense interfers.
Click to expand...
Click to collapse
Your analogy is flawed because software cannot be treated the same as tangible items. Anyway, the issue at hand is not your license to use Google's closed-source apps, it is the unauthorized distribution of these apps by "ROM" cooks.
It's more than just a few apps that are closed source, though; many of the fundamental pieces that allow the phones to function are proprietary, such as sync, the LED control, the radio control... Take it all out and you have a phone that can't phone.
danguyf said:
It's more than just a few apps that are closed source, though; many of the fundamental pieces that allow the phones to function are proprietary, such as sync, the LED control, the radio control... Take it all out and you have a phone that can't phone.
Click to expand...
Click to collapse
You really need to listen to the previous post. Anything that is required for our phones to run is not at question. Mod and distribute away. Led control , radio control, is not at question.
"That’s why we developed Android apps for many of our services like YouTube, Gmail, Google Voice, and so on. These apps are Google’s way of benefiting from Android in the same way that any other developer can, but the apps are not part of the Android platform itself. We make some of these apps available to users of any Android-powered device via Android Market, and others are pre-installed on some phones through business deals. Either way, these apps aren’t open source, and that’s why they aren’t included in the Android source code repository. Unauthorized distribution of this software harms us just like it would any other business, even if it’s done with the best of intentions."
Its the apps that are in question, not the underlying drivers, api's, libraries. So please and anyone else let's not overreact. Lets try to each help find a way to make this a non issue.
Johnny Blaze said:
You really need to listen to the previous post. Anything that is required for our phones to run is not at question. Mod and distribute away. Led control , radio control, is not at question.
Click to expand...
Click to collapse
Actually, LED, radio, SPL... that's all HTC's property. Even the leaked NBH files that allowed this scene to flourish solely belong to HTC.
So although Google's decision does not affect them, they still fall under the same category of "oh crap...".
This is bad news. The phone is essentially useless without the Gmail app (for sign-in on initial boot as well as contact sync) and Android Market (for downloading any apps). Then take Google Maps out of the picture, and may as well throw the phone out and get an iPhone. At a minimum, this means the days of custom ROMs are over.
RueTheDay said:
This is bad news. The phone is essentially useless without the Gmail app (for sign-in on initial boot as well as contact sync) and Android Market (for downloading any apps). Then take Google Maps out of the picture, and may as well throw the phone out and get an iPhone. At a minimum, this means the days of custom ROMs are over.
Click to expand...
Click to collapse
This is actually not true at all. The Gmail app is something that is currently being worked on. Google maps isn't that great (but it's available in the market) Like it's been said, give it time. This is just a hiccup that we'll all get over. Soon.
RueTheDay said:
This is bad news. The phone is essentially useless without the Gmail app (for sign-in on initial boot as well as contact sync) and Android Market (for downloading any apps). Then take Google Maps out of the picture, and may as well throw the phone out and get an iPhone. At a minimum, this means the days of custom ROMs are over.
Click to expand...
Click to collapse
Your hyperbole not only singles you out as an ignorant fool, it also highlights the fact you have no idea where the true innovations in Android are. It is not having native GMail or Youtube clients (which are nice), it is in things like dalvik and the ipc framework. These are pieces of code that do not have anything to do with whether Google apps are present or not on the phone (or if it even is a phone).
Few things about the Android as background;
1) Android is open source and is enough to run a device on its own.
1a) People will argue that it isn't, that proprietary binaries are required. This is a *hardware dependent* argument. Blame HTC for having proprietary closed source binaries. 'Droid works fine on an openmoko using all open source software. http://wiki.openmoko.org/wiki/Android
2) Not all of what is on your phone is actually part of AOSP, i.e. *market*, *gmail*, etc.
3) Open and closed source components can exist in the same system without conflict.
4) Any particular organization can develop BOTH open AND closed source components, and these can, in fact, exist in the same system without conflict.
The situation:
Cyanogen has been issued a cease and desist order by Google related to inclusion of closed source Google apps in "CyanogenMod ROMs".
The legal situation: These closed source apps are not licensed to Cyanogen for redistribution. Google does have the legal right to restrict distribution of said apps.
Why now: The most obvious recent change that could have prompted this order to happen now is the inclusion of the as-of-yet unreleased MARKET app. This market app, being unreleased, is in an unknown state. This app may not be finished testing, i.e., it may be quite buggy, to the point where it could do all kinds of nasty things, like MULTIPLE-CHARGING of customer's when they buy paid apps, releasing payment and/or account information to unauthorized targets, failure to put secure apps into secure locations or other vulnerability allowing easy copying of protected apps, OR OTHER vulnerabilities. That being the case, Google may be *WORRIED ABOUT POTENTIAL PROBLEMS* in the new market app (rightly, as it may not have completed testing and/or may have KNOWN issues).
Why the order against *all* closed-source apps: This is simple. How can they order the removal of *just one*? If they order the removal of *just* the new market app, the legal implication is that the other closed source apps *can* be redistributed, i.e. precedence is 9/10ths of the law -- they would be closing the door on the enforcement of those apps in the future, i.e., for security reasons since regarding the closed source apps, Google is legally liable for their correct function.
So would the ignorant people talking about how evil Google is for doing this, PLEASE STOP spewing your mouths off regarding things that YOU DON'T UNDERSTAND? You're not helping anybody.
EVERYONE should read this.
I will admit, this post made me re-think what is really going on. He is just the first to get a finger shook at him, the rest will follow unless the developers and Google get stuff squared away.
i still think google is acting like asswholes though.
I do to but thank you for looking at things clearly unlike alot of other people inlcuding my self at first but once i started thinking about the new market i understood google
Just curious here but can an open source app be developed to access Market? Or are the codes for accessing Market closed?
Makes sense now, Google Just don't want to be responsible for something like customer's info being stolen.. and have the masses calling or infront of their door with pitch forks inhand,,
Then,
Why didn't Google say this?
Instead, they patronize and belittle the community.
http://forum.xda-developers.com/showpost.php?p=4609612&postcount=3
I don't mean to attack the OP with this post.
It's just a question.
Most likely because they are a dev or a lawyer. They just don't like speaking English. They have to say it all complicated and then have someone else translate it for them.
i think that this is from a stupid lawyer team, and google just sent it for legal reasons, i think the dev team has nothing to do with this.... isnt this why the created android, to have an open source platform.... i think Cyanogen and google just need to come to a compromise, either that or we just dont use googles apps even though half of them have better counterparts in the market
i do know this, the law is the law. Is the law always perfect, hell no. Cyanogen did no wrong. He helped out every single one of us running an android powered phone.
Could something wrong happen with an experimental build? Ofcourse. That is why he has his own disclaimer. If you are smart enough to root your phone, you should be smart enough to realize potential dangers in running leaked and/or experimental code.
Google is being a douchebag for their actions. Htc doesnt issue cease and desist orders for all of you running hero and that directly involves their sales in their phones. How many windows mobile roms are on this xda forum? How many have been ordered by microsoft to stop distributing their work?
To me it is ridiculous google is doing this. I know they are legally right but that doesnt mean they should screw us early adopters of their software with lame and slow updates and a product that is obviously inferior to the coding and development of one man with the help of a few others.
The reason i bought my g1 instead of an iphone or windows mobile phone was because of this community. Now all of us have had the benefits of cyanogen in one way or another. I dont want to be a douchebag as well and not speak up for a man who has helped me out when he had no reason to do so
honestly cyanogen would have probably been fine had he left the new market out. fact is our phones came with the old version and thats what we payed for when we got them. if say on the g1 t-mobile decides not to offer and upgrade to 1.6 then that means there not going to pay google to have the new app on our phones so if we hack it and throw it on anyway then google doesnt make there money and we are in every way STEELING IT. if you worked for and got payed by google i bet it would upset you if people were steeling your product that you worked hard to create.
so do i agree they should force him to rethink some of his newer roms? yes
but i think the older ones that just have software our phones already came with should be left alone
AND i think we should be aloud to purchase the new software from google if we want it.
but google search google maps and all that crap has nothing to do with this as you can get them all FREE online this is probably 99% the new app being on peoples phones that didnt pay for it. you bought the original market when you bought your phone thats why google hasnt had a problem untill now.
everything set aside i love cyanogens work i love my 4.0.4.... i HAVE 4.1.11.1 saved i will probably even install it just to check it out if he doesnt come out with a stable version which is what i was waiting for. but if he comes out with a non google stable version i have no problem installing my old market onto it, i already have it backed up and ready to go. i payed for it and im keeping it no matter what rom i run! and i hope he keeps doing his thing im all for him and love what he does and would even pay for it if i had to! i hope this doesnt stop him and i hope they work things out. if he wants money for all the work hes been doing im sure people wont blame him and as long as it gives him insintive to keep going im happy!
my two cents
cy has been perfecting their roms and now that they got the tools that they need they are going to plagerize his programming and impliment it into their next great g phone....and the only way to say its theirs is by getting rid of any shred of evid that is out there
i understand what Google is doing..its upsetting but they have a point, they gave us an OPEN SOURCE OS, thats good enough, the devs make it a better, more fun, experience...so just shrug it off, rid it of ALL closed source apps.
Google should than allow the All Google apps available to those with Google Experience phones(before customizing with a ROM), they could make you register with your phones EMEI (maybe? if possible).
Also so this obviously means his ROMs arent here on XDA...What is XDAs stand on the situation? Were they pulled by XDA or did Cyanogen pull them?
I don't know if this has been suggested before. I've seen dev-team on iphone doing something similar: why don't you make an "installer" script that takes all Google APKs from the device (which has stock image) then flash the rom and reinstall the APKs.. This way you don't have to distribute google apks. Not sure if that's possible if there is some kind of encryption protection on Google apps, just a suggestion .
No matter what it was a mountain made out of a mole hill.
id just like to see google allow open access to their market place.
then put all closed source google apps on there for download just like any other apps.
However from what I understand its not as simple as this as they arent just apps there is a whole framework that goes with it. bah.
MS never sent a takedown notice
MS never sent a takedown notice to xda-developers.
Ready.........Fight!
http://googlefight.com/index.php?lang=en_GB&word1=Google&word2=Cyanogen
wshwe said:
MS never sent a takedown notice to xda-developers.
Click to expand...
Click to collapse
That is the stupidest thing I've ever heard;
1) xda doesn't host any wimo roms.
2) xda doesn't develop any roms at all -- that is up to the individual who does so.
3) How the hell would you know? MS probably did some real *****y stuff like sending goons to the modder's home, harassing the modder's wives, and issuing threats like "stop doing this, don't tell anybody we threatened you, and pay up $10,000 or we're taking you to court over it".
Just had to post to hear thoughts from you guys... Motorola has struck a deal to use Bing on Android phones in China (and maybe other markets, I guess)... Sounds whack.
http://www.reuters.com/article/idUSTRE62A0BB20100311?type=technologyNews
It's hard for me to say it but I kind of what Google to pull a Apple and stop this crap
There weren't supposed to be Android phones in China in the first place. They didn't have Google till recently if I remember correctly.
I think it is pretty rude to take an open platform, android, who's existence remains free due to the advertising revenue gained from users searching with google and using their apps, then chucking on a competitor's search engine on there. These guys are double dipping by using a free platform and using a business deal with other search engines to gain extra revenue from it.
Google does not do android out of love, Google is like any business, android is designed to make them money. These guys are cheating the system here.
AT&T and Motorola seem to try their outermost to f up the Android experience for their customers. Choosing Yahoo isn't really that bad, but Bing!? Come on.
Google needs to take better control over the Android mods the manufacturers and service providers can do, or we will be facing the dreaded software fragmentation everyone fears. There is actually something to be learnt from Apple, and that is to keep the OS as unified as possible to make development of applications easier. In no way do I condone Apple's total control scheme. I'm just saying Google should try not to let others pull the OS contents in all kinds of directions.
As bad as it looks,Google can't do anything,this is Android aka open source.
Thats the way it should be, No Lock ins, complete freedom.
Its a shame they have to do this for a little extra revenue...but thats what all PC makers do anyway.
Anyone who wants Google search can/will easily revert it back.
I agree it is a bit of dirt in the face, but honestly they just need to sell phones at this pt. The google integration runs deep, so ppl will still be enticed to get on the google bandwagon in general. Not to mention ppl can simply choose to use google search instead.
Microsoft is probably paying $$$ per phone to have their search engine as the first choice, but you guys need to think BIGGER.
AdMob for example in Apps. Advertising goes beyond pure www searching and this trend will grow.
I'll admit that I'm a Google fanboy... why? Because almost everything they do is done right and they're the anti-Apple. That being said, I want to think that Google left this "customization" possibility open for carriers and manufacturers intentionally, and that's one of the reasons it chose to establish its own online store. Any phone that is sold there will be all Google...
seanowns said:
I agree it is a bit of dirt in the face, but honestly they just need to sell phones at this pt. The google integration runs deep, so ppl will still be enticed to get on the google bandwagon in general. Not to mention ppl can simply choose to use google search instead.
Microsoft is probably paying $$$ per phone to have their search engine as the first choice, but you guys need to think BIGGER.
AdMob for example in Apps. Advertising goes beyond pure www searching and this trend will grow.
Click to expand...
Click to collapse
are you sure that google it's not paying also for being the default search engine in the current devices that have it? I don't think so, I'm pretty confident that they have a revenue sharing mode like they have with firefox. Maybe in this case the bid from bing it's bigger.
wow not good for android.
Google, yahoo & bing?
First an issue with multiple rom versions on different phones. Now
search engines?
Hate to say it but google needs to lock it somehow.
Open source while wonderful in business is a double edge sword.
Look at the whole tivo vs echostar scenario. Tivo opened their system echostar
ran with it.
DEFRAGMENTATION IS A MUST. Turn chrome os into the one and only google O.S for their devices and leave android open for everybody.
They should know how open source is not a profound business move.
I irony of using android and then locking it up is delicious.
GNOve said:
wow not good for android.
Google, yahoo & bing?
First an issue with multiple rom versions on different phones. Now
search engines?
Hate to say it but google needs to lock it somehow.
Open source while wonderful in business is a double edge sword.
Look at the whole tivo vs echostar scenario. Tivo opened their system echostar
ran with it.
DEFRAGMENTATION IS A MUST. Turn chrome os into the one and only google O.S for their devices and leave android open for everybody.
They should know how open source is not a profound business move.
Click to expand...
Click to collapse
seanowns said:
I agree it is a bit of dirt in the face, but honestly they just need to sell phones at this pt. The google integration runs deep, so ppl will still be enticed to get on the google bandwagon in general. Not to mention ppl can simply choose to use google search instead.
Microsoft is probably paying $$$ per phone to have their search engine as the first choice, but you guys need to think BIGGER.
AdMob for example in Apps. Advertising goes beyond pure www searching and this trend will grow.
Click to expand...
Click to collapse
Google apps don't show up on android phones unless google says they can.
Android > Manufacturer > Cell Provider
At any point, anyone can infuse whatever they want into android. in the case of the Nexus One, they squeeze in right before cell provider or instead of.
In the case of the Moto Backflip, Motorola would have to ask google to put in google apps. So moto is taking the vanilla android, adding their own stuff and whatever stuff the cell provider wants to add as well (yahoo/bing).
An adroid phone doesn't have to have google apps on it. If they choose to however they have to concede to google's rules, one of which is to not put any apps on it for the phone to have the "Google Experience".
The problem is these same people who choose default search engines will be the first to whine and complain when Googles "own" phones (N1) will get preferential treatment.
I think theres a fine line between open source and just creating watered down rip offs.
Android name will go through the mud with this specific level of fragmentation. OS updates are one thing this is changing the structure of day to day phone use entirely.
I also think theres a difference between letting the end user and community make changes to the phone OS , and letting a company lock in something entirely different.
Being open source doesnt necessarily mean you let someone else lock it down and turn the other cheek.
IMO Google should at least make it mandatory that all Android phones have that "Google" option when first starting up and ability to change later on. Let the end user decide not my ****in telco or country.
I heard on a podcast that on the motorola phones, the option to set the default search engine has been removed. So you are given bing whether you like it or not, you can search bing, or you can navigate to google then search. I know what most people will do, the easiest one.
I keep reading that bing gets more users every month, but it may seem that it is not necessarily people choosing to use bing, but bing is buying more users by doing deals like this.
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).