Security Issues...? - Hero CDMA General

Just read this piece of information...
http://www.thisandroidlife.com/2010...om-infected-iphones-and-android-handsets.html
I've always thought about this ever since a buddy of mine coded a little bot to do about the same thing to an online game.
Anyway,the real question I guess is, What can be done to prevent these types of thing from happening? What do you think?

Doesnt Android tell you everything a program is going to access before it's installed? I ALWAYS read that.

The only thing that this article is trying to point out is that non tech savvy users, which are probably a lot of Smartphone users won't really understand or care to know the "details" of the apps and what its all going to do, as such; they're more prone to installing these malicious apps. On top of that, they were showcasing that right now, they've only taken the GPS coordinates from the phone, but if they wanted to - passwords, messages, etc could be taken from the phone without anyone ever knowing.
I think this is good, it makes people more aware and allows us to be more cautious. Not mention, it's becoming obvious that Mobile data/traffic is easy to target and probably even easier to trick users (than on computers) because of lack of security and the notion that ones' phone cannot be "hacked" or what not.

hm
i had to go threw SlideMe.org to get a app because my bank blocked Android Market lol anyway. They sent out a server wide warning that app was bad last night.

BTW is there an app which logs where and what your phone sends? Like "littlesnitch"?
http://tinyurl.com/o9568k

There's not much that can be done about this, and it's a perfectly legitimate threat.
Yes, the app DOES tell you what it will be doing, but nearly any app that has Network access and Fine Location, especially if it does grab your GPS coordinates for something in the app itself, could send stuff behind the scenes and you'd be completely unaware.
I definitely don't think this will be the last time we'll hear about this sort of malicious app.

Negrito said:
Doesnt Android tell you everything a program is going to access before it's installed? I ALWAYS read that.
Click to expand...
Click to collapse
Of course but you don't know EXACTLY what the app is doing with the info(unless you tear it apart).Like in the example a weather widget,of course its going to use gps.So what if another app that can access your phones info that would typically need to, but is broadcasting that info to a remote server.If you get what I'm, trying to get at.
Edit: What kmart said...lol

The only truly saving grace of these phones about the sensitivity of location awareness with respect to paranoia of the same, is that we can pull the battery and remove any doubt that the phone cannot disclose its function or location.
There was an article I read a while ago that the Fed's had issued over 3 million location requests last year to Sprint on users - warrant-less! How's that for Paranoia!!!
But all these apps in the market has the Buyer Beware tag so, of course at some point or another it will be exploited! For the most part, the idea of location awareness and marketing/advertisement and or service oriented provisioning is a great concept. The openness of the Android system to provide the same - will undoubtedly have it's shortfalls. A Good Firewall app that notifies and asks for approval prior to transmitting info or accepting connections from an app would go a long way to controlling potential problems. Just like a PC, which basically these phones have become.

well, considering I don't go on any financial sites from my phone, there's not much they can get off it...do they want my school email password? Have at it...they can read those worthless emails if they want (heck, even send a nice threatening email to my profressors for all I care lol).
Not to mention that my phone gets wiped a few times a week, just like so many other people here, there's not much they can get unless they can manage to hack into my google account and steal my credit card info...in which case, they won't be able to spend much on that account, since there's nothing in it lol.
This is as bad as "big brother" listening to my phone calls. What do I care? lol. If someone wants to know where I am, then by all means, let them know where I am. I'm not doing anything of interest to them.
On a side note, we apparently have caught the attention of the mods in this sub-forum, and have become a "family forum" according to a different thread lol.

tatonka_hero said:
On a side note, we apparently have caught the attention of the mods in this sub-forum, and have become a "family forum" according to a different thread lol.
Click to expand...
Click to collapse
Hey Tatonka! Lol, wassup? hahaha, but if you could, please elaborate? I know it's off topic, but I'm happy to be apart of the Android Family hehe...
And oh... is there any PGP type Android app that anyone might be familiar with? Lol, just thinking about it with this topic, lol...

I was thinking about that 'Firewall App' idea.Maybe that could be done,it would definitely be something worth looking into.
In response to totonka's post,i hear you.I'm the same way,BUT there are plenty of people who do have sensitive info/files/pictures(you know what I'm talking about) that surely wouldn't want ANYone to have access to.That's just how it is.I'm just thinking of the tons of people who don't even know that this is even possible.

casperlt1 said:
I was thinking about that 'Firewall App' idea.Maybe that could be done,it would definitely be something worth looking into.
Click to expand...
Click to collapse
My thoughts also, but I don't know if it is a true Firewall or just handles calls...

A security issue is still a security issue even if it doesn't affect you, and an invasion of privacy is still an invasion of privacy even if you don't care about it. Not trying to start any sort of flame here, please don't take it that way. Just mean to say that if you wait to take a stance on a known problem until it becomes YOUR problem, haven't you maybe waited too long?

Related

Email to MOTO

Okay guys so we know all attempts at hacking the bootloader to circumvent the efuse hasn't worked. I feel that the only way to crack this thing open is with the keys from MOTO. Its a slim chance it will actually work but if enough people complain and flood their inboxes somethings bound to happen. maybe. hopefully. Well I sent in an email to tech support and got a cookie cutter response that you can see below. I then was playing around with possible email addresses for the Co-CEO Greg brown I finally landed on his email with the help of someone else and his email is [email protected] I sent him an email to which he forwarded to a PR person I'm guessing and got a cookie cutter response. This pisses me off. Let's do something about it. Everyone send your emails to to that guy requesting the keys. Make the subjects not all locked bootloader or he won't even look at them I'm guessing. This is ridiculous and we need to take a stand. If you don't like the idea then that's fine but to everyone else send an email.
Sent: Wednesday, November 17, 2010 2:30 PM
To: Brown Greg Pres CEO-CGB025
Subject: locked bootloader
Greg,
Please provide me with the keys to my phone. I purchased this phone and I should be able to do what I want with it. How would you like it if you purchased a car and the dealership put a lock on the hood not allowing you to access the engine. You would then have to go to that dealership each time you wanted anything done even though you are a mechanic yourself. This is exactly what is happening here. I'm tired of you guys locking down devices that a consumer has purchased. If I should so choose to do stuff that would violate warranties then that's all on me. You can reply with the keys.
Thanks.
Click to expand...
Click to collapse
Their reply
Thank you for contacting Motorola. Your e-mail below was forwarded to me to address for Mr. Brown.
Motorola's primary focus is the security of our end users and protection of their data, while also meeting carrier, partner and legal requirements. The Droid X and a majority of Android consumer devices on the market today have a secured bootloader. In reference specifically to eFuse, the technology is not loaded with the purpose of preventing a consumer device from functioning, but rather ensuring for the user that the device only runs on updated and tested versions of software. If a device attempts to boot with unapproved software, it will go into recovery mode, and can re-boot once approved software is re-installed. Checking for a valid software configuration is a common practice within the industry to protect the user against potential malicious software threats. Motorola has been a long time advocate of open platforms and provides a number of resources to developers to foster the ecosystem including tools and access to devices via MOTODEV at http://developer.motorola.com.
Thank you,
Anne Arroyo
Motorola Consumer Advocacy Office
Click to expand...
Click to collapse
COME ON GUYS.
What's the email address? It's worth a shot.
Sent from my DROIDX
bkjolly said:
What's the email address? It's worth a shot.
Sent from my DROIDX
Click to expand...
Click to collapse
It's in the OP.
Email sent I will post it when I get the response.
Sent from my DROIDX
motorola don't care
You will get the same response... they feel they are protecting the end user which is us.... but also those who don't care to mod their droid x. They are operating under the excuse that someone may take the information and create a virus that would be able to take customer information... atleast that is the bull they are feeding the public. Not using the common since in their heads say... "we left the drod 1 unlocked and nothing significately bad happened." and they also like to say it will void the warranty.. bla bla bla... so no matter what you do all you will get is bullsh*t bullsh*t BULLSH*T.... until someone comes up with a valid excuse and manages to get through to an actual person... cause I would be willing to bet that... that is an automated response based on subject slash specific words in the body. no one with any power reads them and if they see anything envolving bootloader it is replied to in that fashion no matter what.
better off
You would be better off complaining if they don't want to unlock the bootloader, then they need to come up with a better more inventive and visualy apealing UI, cause BLUR is crap.
Motorola is starting to piss me off
Ubermicro13 said:
Motorola is starting to piss me off
Click to expand...
Click to collapse
Same. They say they support the open policy but that's BS. I love the phone but will probably not buy another one. That being said I knew what I was getting into prior to buying the phone with the locked bootloader/eFuse. However, this being my first android phone I didn't realize how addicting customizing could be. ie. roms/kernals. well, I can imagine how addicting it would be.
emailed
just emailed greg..
Guy, think about this for a second.
What CAN'T we do to this phone that we're already doing, besides maybe an optimized kernel? WITH efuse in place, the devs have managed to implement overclocking, voltage mods, easy rooting, system ROMing, etc. Its my understanding that with the D1, OCing and voltage mods were done by customizing the kernel. Well, here we are with the DX and doing it easily with the bootloader still locked down.
Now, I'd like to see that bootloader unlocked for the sake of doing it, but still...um, we've already gotten around much of what we were prevented from doing in the first place and all under efuse's nose.
Aggie12 said:
Same. They say they support the open policy but that's BS. I love the phone but will probably not buy another one. That being said I knew what I was getting into prior to buying the phone with the locked bootloader/eFuse. However, this being my first android phone I didn't realize how addicting customizing could be. ie. roms/kernals. well, I can imagine how addicting it would be.
Click to expand...
Click to collapse
Haha I'm on the same boat as you, It is indeed addicting.
The whole point of motorola locking down the bootloader was to prevent people from gaining the type of access we want. I know that the BL situation is annoying, but I was also aware of it when I bought the device. Personally, root and tethering are all that I want; otherwise, I would have bought a DI or Fascinate.
Not trying to hate, but i have seen multiple failed "outraged email drives" directed at motorola over the months
Sent from my DROIDX using XDA App
davisbs999 said:
The whole point of motorola locking down the bootloader was to prevent people from gaining the type of access we want. I know that the BL situation is annoying, but I was also aware of it when I bought the device. Personally, root and tethering are all that I want; otherwise, I would have bought a DI or Fascinate.
Not trying to hate, but i have seen multiple failed "outraged email drives" directed at motorola over the months
Sent from my DROIDX using XDA App
Click to expand...
Click to collapse
That's fine. I'm not looking for the approval of your nor anyone else. It was merely a chance for me to vent my frustration towards the man. And I know we have come far but it's more of the principle that they still have so much say with the device even though we own it.
Why don't just send them your custom ROMs so they can approve they are within their "QA"? huh?
Dany0 said:
Why don't just send them your custom ROMs so they can approve they are within their "QA"? huh?
Click to expand...
Click to collapse
I agree with that. Elect a team to build the ULTIMATE ROM and send to Moto. Show them what the devs can accomplish along with our user support.
We have to provide resistance and keep the pressure on them to stop this kind of lockdown for the future of modding/hacking devices.
Why ultimate, first we have to see what kind of roms they accept and which not. Then everyone will send it's own ROM.
And then we will sue them.
And then chuck norris... oh nothing
jasonm4046 said:
You will get the same response... they feel they are protecting the end user which is us.... but also those who don't care to mod their droid x. They are operating under the excuse that someone may take the information and create a virus that would be able to take customer information... atleast that is the bull they are feeding the public. Not using the common since in their heads say... "we left the drod 1 unlocked and nothing significately bad happened." and they also like to say it will void the warranty.. bla bla bla... so no matter what you do all you will get is bullsh*t bullsh*t BULLSH*T.... until someone comes up with a valid excuse and manages to get through to an actual person... cause I would be willing to bet that... that is an automated response based on subject slash specific words in the body. no one with any power reads them and if they see anything envolving bootloader it is replied to in that fashion no matter what.
Click to expand...
Click to collapse
I actually put it in my email not to give me that bull because everyone with half a brain knew it was a lie and that everyone that read it was laughing at Moto for thinking people were that stupid.
Sent from my DROIDX
SirBrass said:
Guy, think about this for a second.
What CAN'T we do to this phone that we're already doing, besides maybe an optimized kernel? WITH efuse in place, the devs have managed to implement overclocking, voltage mods, easy rooting, system ROMing, etc. Its my understanding that with the D1, OCing and voltage mods were done by customizing the kernel. Well, here we are with the DX and doing it easily with the bootloader still locked down.
Now, I'd like to see that bootloader unlocked for the sake of doing it, but still...um, we've already gotten around much of what we were prevented from doing in the first place and all under efuse's nose.
Click to expand...
Click to collapse
The reason this is important is Moto's security gets tighter with every update. If we let them get away with it without at least trying to do something about it then they will continue to make security tighter and harder to work around. When other Manufacturers see that Moto got away with it they'll follow and eventually all phones will be locked down to the point that everyone is running the same Vanilla OS. The bootloader have a work around now but if we don't speak up it may not one day. They had no legitimate reason to lock the bootloader down it was just a show of force. Efuse is step one. So if you don't want Android ruined by the Manufacturers and Carriers speak up now. The Droid X is okay with a locked bootloader but they still put a leash on it and they're going to keep tightening it as long as we let them. Others will follow just watch HTC has already stared.
Sent from my DROIDX
Anyone want to start a web page for an online petition for Manufacturers not to lock down their phones? I would do it but I don't have the know how. But if we email this guy and start a web petition we have more of a voice. Call in to RadioAndroid and let the public know it's out there. This isn't just Moto we're fighting. We can stop other Manufacturs before they start or at least try.
Sent from my DROIDX
bkjolly said:
Anyone want to start a web page for an online petition for Manufacturers not to lock down their phones? I would do it but I don't have the know how. But if we email this guy and start a web petition we have more of a voice. Call in to RadioAndroid and let the public know it's out there. This isn't just Moto we're fighting. We can stop other Manufacturs before they start or at least try.
Sent from my DROIDX
Click to expand...
Click to collapse
There have already been two online petitions done.

"Mobile Device Privacy Act" would prevent secret smartphone monitoring

Ars said:
Recent controversy sparked by the installation of monitoring software [k0: CIQ] on millions of smartphones has led US Rep. Edward Markey (D-MA) to propose a requirement that carriers and phone makers inform consumers about the presence of monitoring software and gain their "express consent" before collecting and transmitting information from phones.
The controversy started a couple months back [k0: almost a year ago] when a developer [k0: hi TrevE] publicized the widespread use of Carrier IQ software, which phone manufacturers and carriers use to monitor what happens on a smartphone. While Apple, Samsung, HTC, AT&T and others all said the software is used only as a diagnostics tool to improve network and service performance, congressmen started denouncing the use of Carrier IQ, and class-action lawsuits were filed.
Click to expand...
Click to collapse
http://arstechnica.com/tech-policy/...ould-prevent-secret-smartphone-monitoring.ars
Discuss.
To me the whole CIQ debacle smelled of FUD and never really concerned me. It seemed obvious to that my carrier already has access to any data I transmit across their network, with or without any additional software installed on my device. Sure CIQ enabled the carrier to potentially (key word) access more sensitive data that I was not necessarily transmitting across their network. However I'm more concerned that I'll lose my phone and some random stranger will get access to all the naked pics of me on it... Not really because I don't store sensitive data like that on an insecure device like my phone. This feels a lot like the "Warning: Hot coffee is hot!" labels.
machx0r said:
This feels a lot like the "Warning: Hot coffee is hot!" labels.
Click to expand...
Click to collapse
Not commenting on the rest, the whole "hot coffee" lawsuit has an untold story that most people have never seen. I suggest you - and everyone reading - watch the documentary (from HBO, find it whereever you stream/download things from) Hot Coffee. I can guarantee it'll change you view on that case and the idea of "frivolous lawsuits" forever.
machx0r said:
However I'm more concerned that I'll lose my phone and some random stranger will get access to all the naked pics of me on it... .
Click to expand...
Click to collapse
That's awesome. Lol. I've said the same thing. They can monitor any message or call sent across the network anyways. I never understood what the big deal with a software, that was set to be inactive anyways, was. Malintent is the only thing to be scared of, and this never reeked of anything malicious, IMHO.
Sent from my SPH-D700 using Tapatalk
azyouthinkeyeiz said:
that was set to be inactive anyways
Click to expand...
Click to collapse
http://phandroid.com/2011/12/16/carrier-iq-by-the-numbers-26-million-sprint-handsets-900000-for-att/
Inactive... except for those 26 million.
And 1.3 million at any one time actively reporting.
k0nane said:
Not commenting on the rest, the whole "hot coffee" lawsuit has an untold story that most people have never seen. I suggest you - and everyone reading - watch the documentary (from HBO, find it whereever you stream/download things from) Hot Coffee. I can guarantee it'll change you view on that case and the idea of "frivolous lawsuits" forever.
Click to expand...
Click to collapse
I respect you immensely k0, but frivolous lawsuits should not be in quotations nor a matter to take lightly. Of course there is a reality of using certain cases to further the tort reform movement, but this is just as shameless as any publicity stunt or "shock" image.
To dismiss all claims of frivolity because of mainstream examples, however, is naive. Such cases have almost single handedly driven the cost up and quality down of healthcare to where it stands today. And this is but one arena affected by the greed of humans. Hot coffee aside, it is a reality that should not be dismissed.
Neither here nor there, though. Way off topic. I support this bill.
Sent from my SPH-D710 using xda premium
squshy 7 said:
To dismiss all claims of frivolity because of mainstream examples, however, is naive. Such cases have almost single handedly driven the cost up and quality down of healthcare to where it stands today. And this is but one arena affected by the greed of humans. Hot coffee aside, it is a reality that should not be dismissed.
Click to expand...
Click to collapse
I generally agree. Yes, it's off-topic, but I'll clarify a little bit before letting it go - I think that claims of frivolity are often overblown. It is an absolute fact that there are greedy ambulance-chasing lawyers, rent-seeking plantiffs, and idiots who would award them large sums of money for nothing. I agree that this often contributes to the rising costs of health care. My point was that not all of what's deemed 'frivolous' by the mainstream media and the anti-consumer lobby actually is frivolous, and that some of the more-known cases like the hot coffee suit are vastly misreported and misunderstood. That's why I recommend(ed) further research - do your own homework, and watch the doc. Then do more homework. I didn't expect to come out with a different perspective... but I did.
I could be wrong, but I think that this is a non-issue.
Why?? Well I am glad you asked.
You know that two year contract we committed to when we purchased the phone? I am 99.999999999% sure that in there it says that they may monitor our usage for QC already in there. So if this passed, the providers would just say it is part of the contract that no one ever reads, but you accepted when you got the phone (which I believe it already is to date).
Unfortunately I don't ever foresee them making this an option that can be shut off. Basically it will say we do it, and if you don't like it go to another provider. Problem is all of the other providers will say the same exact thing.
Just my .02
Milkman00 said:
I am 99.999999999% sure that in there it says that they may monitor our usage for QC already in there.
Click to expand...
Click to collapse
Absolutely nothing related to CIQ is mentioned anywhere in the Sprint terms of service nor any device-specific terms of service.
I checked. Thoroughly.
Tinfoil hats, anyone? Ill pass them out for free!
Sent from my SPH-D700 using XDA App
austin420 said:
Tinfoil hats, anyone? Ill pass them out for free!
Click to expand...
Click to collapse
I want three!
austin420 said:
Tinfoil hats, anyone? Ill pass them out for free!
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
This is the rights activist thread, I think you misclicked. You must have thought this was the paranoia thread, common misconception.
Sent from my SPH-D700 using xda premium
I see we've got some intelligent, I-can-think-for-myself types in here. Let's agree to just figuratively hide in here and discuss XDA-related matters: I've about had it with wading through all the bull**** in the other threads!
On topic: while I did get the impression that CIQ-gate got wildly blown out of proportion, I also like the general idea of this piece of legislation. Thanks for the link, k0nane.
k0nane said:
Absolutely nothing related to CIQ is mentioned anywhere in the Sprint terms of service nor any device-specific terms of service.
I checked. Thoroughly.
Click to expand...
Click to collapse
Nothing related to CIQ specifically??? That I wouldn't doubt. Are you saying though that there is nothing in the contract that says (something to the effect) that they may use tools to check tower strength and QC??
If it isn't in there, to comply with this new law they will just add it in there (as will all the carriers), and we will probably be right back to square one anyway.
Milkman00 said:
Nothing related to CIQ specifically??? That I wouldn't doubt. Are you saying though that there is nothing in the contract that says (something to the effect) that they may use tools to check tower strength and QC?
Click to expand...
Click to collapse
Nothing related to CIQ's functions (claimed and real). Nothing even remotely close.
k0nane said:
Nothing related to CIQ's functions (claimed and real). Nothing even remotely close.
Click to expand...
Click to collapse
you must notve read the privacy policy mentioned several times in the terms and conditions...
http://www.sprint.com/legal/privacy.html
We collect personal information about you in various ways. We may also get information from other sources and may combine it with information we collect about you.
Information that we automatically collect.
We automatically receive certain types of information whenever you use our Services. We may collect information about your device, your computer, and online activities. For example, we collect your device's and computer's IP address, the date and time of your access and the type of browser you use. We also collect information about your device's and computer's operating system, your location, and the Web site from which you came and then went and Web sites you visit on your device. We may link information we automatically collect with personal information, such as information you give us at registration or check out.
Information we collect when we provide you with Services includes when your wireless device is turned on, how your device is functioning, device signal strength, where it is located, what device you are using, what you have purchased with your device, how you are using it, and what sites you visit
Click to expand...
Click to collapse
this goes on for pages.
austin420 said:
this goes on for pages.
Click to expand...
Click to collapse
I did read it.
"We will aggressively log and transmit dialer keys pressed and detailed records of apps installed and used" (see here) is never mentioned. "What you have purchased with your device" does not cover that in any way, and "how you use your device" is so vague that any competent lawyer could knock it down instantly. Everything specifically listed can be collected by existing network services without CIQ.
This debate has been hashed out many, many times already. I created this thread just to link to current news.
i dont know about aggresivly, (your word i guess?) but why does it hurt for them to log keystrokes (in the dialer only) when they already have access to that info?
ciq is just a network metrics tool. it helps them improve the network (witch until lately was badly in need of improvments).
austin420 said:
i dont know about aggresivly, (your word i guess?) but why does it hurt for them to log keystrokes (in the dialer only) when they already have access to that info?
ciq is just a network metrics tool. if it helps them improve the network (witch until lately was badly in need of improvments).
Click to expand...
Click to collapse
They don't have access to keystrokes pressed. They have access to calls made - big difference. Dialer codes are used for more than just phone numbers, as you know.
CIQ had its legitimate uses. It was designed as a network metrics tool, and it may have helped improve the network. I don't debate that. Its functions, though, go beyond - tracking the apps I install and use is NOT legitimate. It implementation and use was done very poorly. If all had been done differently from the beginning, I would have had less of a problem with it. But it wasn't. And hey, look, now it's gone.
k0nane said:
They don't have access to keystrokes pressed. They have access to calls made - big difference. Dialer codes are used for more than just phone numbers, as you know.
CIQ had its legitimate uses. It was designed as a network metrics tool, and it may have helped improve the network. I don't debate that. Its functions, though, go beyond - tracking the apps I install and use is NOT legitimate. It implementation and use was done very poorly. If all had been done differently from the beginning, I would have had less of a problem with it. But it wasn't. And hey, look, now it's gone.
Click to expand...
Click to collapse
all good points, i still think it all fell well within the t&cs and privacy policy, but hey, now its gone! thanks ko!

Data-Miner Android L

I am starting to think that I am not going to use Android L.
Look at this. So, Search, from thegreatestdataminingcompanytheworldhaseverknown is now metasticized throughout the Android OS. Every page, every app, calls out to thatsearchengineeveryoneuses. It's even listening when the phone's OFF! I'll say that again: it's listening all the time. And there's no way to disable it! Coming from Intelligence, and as I've never trusted them, I've always deinstalled most G**gle apps, but now it appears their creepy circus-colored fingers have permeated throughout.
I realise that my point of view will strike many Upright Citizens as shocking because, after all, 'we can trust them'. All I can say is, our public education system has failed us. (Hint: If you are not paying for a product...
... you are the product)
Time for me to start looking into Linux options. Failing that, I'll just stick with Carbon 4.4.4, which serves fine. Oh, I'll probably try Andriod L, but I'm pretty sure now of what I'll find.
Interesting read. I never trusted them when it comes to your data and listening. Lol
If they want to watch me look at tits and asses, so be it
And the Moto X has had always on listening since release, better just throw the phone away and get a dumb phone...
Sent from my Moto X
How do they decide who to listen too? That's a lot of people to eavesdrop on. ?
Quantumstate said:
. . .
It's even listening when the phone's OFF! I'll say that again: it's listening all the time. And there's no way to disable it! Coming from Intelligence, and as I've never trusted them, I've always deinstalled most G**gle apps, but now it appears their creepy circus-colored fingers have permeated throughout
......./QUOTE]
Reading that post says to me that the phone listens when the screen is off, not when the phone itself is off.
There are also options to turn off the "search from any screen" feature.
So I guess I am not quite as paranoid as you, yet.
Maybe that's why fewer devices have removable batteries; so we can't turn them off all the way.
Click to expand...
Click to collapse
murso74 said:
If they want to watch me look at tits and asses, so be it
Click to expand...
Click to collapse
You have a misconception of your importance. This, you were trained into though, so you come by it honestly.
Darth said:
How do they decide who to listen to? That's a lot of people to eavesdrop on.
Click to expand...
Click to collapse
Doesn't matter. With a security mindset you assume it's always you. Ask Schnier.
marvin02 said:
Quantumstate said:
. . .
It's even listening when the phone's OFF! I'll say that again: it's listening all the time. And there's no way to disable it! Coming from Intelligence, and as I've never trusted them, I've always deinstalled most G**gle apps, but now it appears their creepy circus-colored fingers have permeated throughout
Click to expand...
Click to collapse
Reading that post says to me that the phone listens when the screen is off, not when the phone itself is off.
There are also options to turn off the "search from any screen" feature.
So I guess I am not quite as paranoid as you, yet.
Maybe that's why fewer devices have removable batteries; so we can't turn them off all the way.
Click to expand...
Click to collapse
Ya, but what proof do we have at this point that it's not listening when actually -off-? I have none. (ref: OnStar) If you deal in sensitive matters, would you give them the credit? I wouldn't.
Looking into this, I find there is no viable Linux alternative, as we used to have with Opie. So either I block everything G**gle with an independent app like Android Firewall, or do with 4.4.4.
Oh no! Now everyone will know about my life because I'm super-important.
I'm not going to even try to say that Google does no wrong and doesn't use most of the data we send to it for advertising, but they don't listen to you, the phone does.
The phone listens for certain frequencies of sound in certain orders, if it doesn't see those, it keeps looking. It doesn't record every single thing said and send it to Google, it only sends what you say to it (everything past "OK Google").
It's the same way a button works. Nothing records when a button isn't pressed, but things records when it is.
As for the rest of Google, they do make their living off of a free service, what more can you expect? I'd rather pay for a no ad version of their stuff instaid, but untill that's possible, that's just the way it works if you want those beautiful services.
i really couldnt give a flying hoot nannies @#$% about that i have got absolutely nothing to hide. i read an artical a while back that the CIA tracks anybody who is "tor curious" hi CIA i really dont care if you're reading this because im on you internet monitoring list or whatever. i am not doign anything that i dont have the right to do. Damn i love the US. anyhow if your concerned about that what about this than?
Quantumstate said:
You have a misconception of your importance. This, you were trained into though, so you come by it honestly.
Doesn't matter. With a security mindset you assume it's always you. Ask Schnier.
Ya, but what proof do we have at this point that it's not listening when actually -off-? I have none. (ref: OnStar) If you deal in sensitive matters, would you give them the credit? I wouldn't.
Looking into this, I find there is no viable Linux alternative, as we used to have with Opie. So either I block everything G**gle with an independent app like Android Firewall, or do with 4.4.4.
Click to expand...
Click to collapse
It's simple my friend...... A smartphone is not for you then. Get an old flip phone and no one will spy on you. ?
No tablet or computers with cameras or microphones either.
New cars have Bluetooth... Not good.
Some TV's and video game consoles have cameras. Gone.
Can't think of anything else just yet. ?
Yeah.. it's not recording and streaming everything you say. The always listening feature isn't going to decipher everything you say until it matches the hot word, that would kill your battery. It's only kicks in when it detects multiple tones in a certain order.. I don't even know why I'm typing this, think what you want dude, that's not how it works. Keep your conspiracy theories to yourself.
bluebloomers said:
I'm not going to even try to say that Google does no wrong and doesn't use most of the data we send to it for advertising, but they don't listen to you, the phone does.
The phone listens for certain frequencies of sound in certain orders, if it doesn't see those, it keeps looking. It doesn't record every single thing said and send it to Google, it only sends what you say to it (everything past "OK Google").
Click to expand...
Click to collapse
The phone has a co-processor which is independent of the main system. Sure, its main function is to watch for keywords and instigate searches based on commands, but it can also be co-opted. I'm not saying any more because apparently I'm frightening a few people here who don't want to face it.
Darth said:
It's simple my friend...... A smartphone is not for you then. Get an old flip phone and no one will spy on you. ?
No tablet or computers with cameras or microphones either.
New cars have Bluetooth... Not good.
Some TV's and video game consoles have cameras. Gone.
Can't think of anything else just yet. ?
Click to expand...
Click to collapse
Nice trivializing there, Darth. Of course I've hardened what I have, and since this is such a touchy subject I'm not giving any hints. You have no idea who I am or why I bring this up.
You guys just blithely hand over all your contacts, your network of friends, your calendar, the websites you visit, your searches, your location 24x7, hell your very phone calls. I feel sorry for younger people these days who have no idea that all their online activity will follow them around -forever-. The stupid things they say online, being victimized by bullies, all will follow them to every future job application, every romantic engagement, and their future neighbors will know more about them than they can imagine. And I feel sorry for those whose self-esteem is so low that they feel worthless.
You just have no idea what prostrating yourself to the authorities like this, means. You have no idea what it was like in East Germany or Soviet Russia, much less where we're headed. You've never read 1984 or Fahrenheit 451. And you will pay the price by a subtle enslavement which is too abstract for you to understand, without an education. Something will smell bad but you will never be able to figure out what it is nor do something about it.
I am not here to bicker or school you. I was just trying to do y'all a favor by giving you a perspective that you may not have seen, with everyone so anxious to be "licking your lollipops". I tried to help, but some of you are too cool for me.
Thanks for that. Maybe you should unmask yourself and make a proper point rather than misguiding, misinterpreting and mistakenly telling everyone that they are stupid. Oh yes, and telling everyone what they may or may not have read (wrong on both counts).
Where did you get your education? Were you ever told to think for yourself? Let's go back over that last one again, as modernity tends to gloss it... Were you ever told to think for yourself?
Sent from my XT1052 using XDA Free mobile app
^ completely agree
Yes, I know. I'm the bad guy, lol.
See, this is why no one any longer shares any real information with you on The Internets. You feel frightened of what you are doing when I demonstrate why... and so you senselessly take it out on -me- rather than getting your own sh*t together. Good job there.
kboya said:
Oh yes, and telling everyone what they may or may not have read (wrong on both counts).
Click to expand...
Click to collapse
Don't lie. No one will believe you after a while.
Remember, privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
Cardinal Richelieu understood the meaning of surveillance when he famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Watch someone long enough, and you will find something to arrest -- or just blackmail -- with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.
We do nothing wrong when we make love or go to the bathroom. (the adults here, anyway) We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.
If we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that --either now or in the uncertain future-- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
How many of the adults present have paused during conversation in the past four-and-a-half years, suddenly aware that we might be eavesdropped on? Probably it was a phone conversation, although maybe it was an e-mail or instant-message exchange or a conversation in a public place. Maybe the topic was terrorism, or politics, or Islam. We stop suddenly, momentarily afraid that our words might be taken out of context, then we laugh at our paranoia and go on. But our demeanor has changed, and our words are subtly altered.
This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein's Iraq. And it's our future as we allow an ever-intrusive eye into our personal, private lives.
Liberty requires security without intrusion, security plus privacy. Widespread surveillance is the very definition of a police state. And that's why educated people must champion privacy even when we have nothing to hide.
The level of stupid in this thread astounds me. If someone wants your information or something of yours, they're going to get it. It doesn't matter if your phone is always listening or not.
Sent from my Moto X
'Good job' there, eh, "imnuts".
Giving up is not the answer.
i love how, when everyone doesn't jump on this tools bandwagon, he turns on the forums.
Op is as a TROLL!
Thread is ridiculous!

The b**tard snooping advertising

I know it is bad and one reason I have always rooted, but this is getting ridiculous.
I take a certain medication. It is not a well known medication and besides my doctor, only my wife and mother know I take it and the name of it.
I can't even recall discussing it much, or ever even emailing about it to anyone except my Insurance company to file a complaint about them not covering it.
To my utter disbelief it started appearing in ads when I surf the web.
I knew it was bad and privacy is not real, but this actually got to me.
I am still trying to figure this one out.
Anyone had a similar experience? This is friggin nuts.
That was one of the main reasons why I would root my phone, to get rid of CarrierIQ or anything else that might have been added by Verizon to collect information on searches I may have previously done.
Hardknockz313 said:
That was one of the main reasons why I would root my phone, to get rid of CarrierIQ or anything else that might have been added by Verizon to collect information on searches I may have previously done.
Click to expand...
Click to collapse
rooted with the DE edition- how do i get rid of carrieriq ?
There is a way to manually remove carrier iq from phones, but I honestly don't know how to do it myself. I've seen threads in the past that told you step by step how to do this process, so I'm sure you could probably search XDA for a "How to Guide". I know that most roms that developers make have Carrier IQ removed, so if you don't want to remove it yourself, then using a custom rom would be your best bet.
first see if you have it
https://play.google.com/store/apps/details?id=org.projectvoodoo.simplecarrieriqdetector
sprintuser1977 said:
I know it is bad and one reason I have always rooted, but this is getting ridiculous.
I take a certain medication. It is not a well known medication and besides my doctor, only my wife and mother know I take it and the name of it.
I can't even recall discussing it much, or ever even emailing about it to anyone except my Insurance company to file a complaint about them not covering it.
To my utter disbelief it started appearing in ads when I surf the web.
I knew it was bad and privacy is not real, but this actually got to me.
I am still trying to figure this one out.
Anyone had a similar experience? This is friggin nuts.
Click to expand...
Click to collapse
Sounds like you have Google interest specific ads enabled still. Try this:
https://support.google.com/ads/answer/2662922?hl=en
KennyG123 said:
Sounds like you have Google interest specific ads enabled still. Try this:
https://support.google.com/ads/answer/2662922?hl=en
Click to expand...
Click to collapse
thanks for showing me this!
I'm not sure Carrier ID is on the Note 4... well atleast my Dev Edition
sprintuser1977 said:
I know it is bad and one reason I have always rooted, but this is getting ridiculous.
I take a certain medication. It is not a well known medication and besides my doctor, only my wife and mother know I take it and the name of it.
I can't even recall discussing it much, or ever even emailing about it to anyone except my Insurance company to file a complaint about them not covering it.
To my utter disbelief it started appearing in ads when I surf the web.
I knew it was bad and privacy is not real, but this actually got to me.
I am still trying to figure this one out.
Anyone had a similar experience? This is friggin nuts.
Click to expand...
Click to collapse
How can you even say it was your device, it could have been from 100 other sources. I agree that's a big reason to run root to have control but these days even if u think you are carefully 100s of vendors know what you use, like, buy.....

Kingroot

Root app that claims to root all android devices. I'll save you the trouble of trying, cause it does not work on the Fire TV. There are videos of devices being rooted that were unrootable before, but for some reason it does not work on the Fire TV, but it does work on Fire phone and Amazon tablets. Hopefully in the future it will work on the Fire TV.
I read the apk is not safe. Rumors about the root app which connects to chinese server and sends private data (but it could be just not true). Can anyone confirm?
Regards
I think the app is safe. Everyone always thinks devs are tryin to hack peoples devices and it never happens, so I doubt this app is any different. Also if people are worried then they probably shouldn't keep persnal info on their devices. If anyone hacked aany device I own they would get nothing. I never use my SS number, i never leave active cards on my Amazon account, so if my device gets hacked ther hacker is wasting his time. Maaybe they can hack my email or Facebook, but all they'll get from them is spam. I only use Facebook to connect wwith apps, and my email accounts are atleast ten years old and not one person I know has my email adresses, cause I only use them to be ble to signup for other website accounts. All of my imprtant info is stored in the cloud that I call my brain, and no hacker can get to it.
Didn't try it, but reddit is reporting it doesn't work.
Edit: Looks like someone got it to work after a factory reset.
Also, it is naive to trust running something where they don't release the source. Your device, do what you want though.
They didn't release the source for the same reason other devs sometimes don't, cause they do not want google to know how they are rooting devices. Whatever exploit(s) they are using would become useless if they releassed the source. I already posted that it does not work on the Fire TV, but it does work on a lot of other devices. I simply made this thread because people were gonna hear about Kingroot and try it so I figured I would save them some time. Also, it may work on the Fire TV in the future.
porkenhimer said:
They didn't release the source for the same reason other devs sometimes don't, cause they do not want google to know how they are rooting devices. Whatever exploit(s) they are using would become useless if they releassed the source. I already posted that it does not work on the Fire TV, but it does work on a lot of other devices. I simply made this thread because people were gonna hear about Kingroot and try it so I figured I would save them some time. Also, it may work on the Fire TV in the future.
Click to expand...
Click to collapse
I don't want to argue that credible devs release their source. But whatever, it is a leap of faith. There is rarely harm done. But best to be cautious.
And sorry for the optimism. The successful root was on the Fire PHONE. You are correct, still no luck on the stick or TV. It will come eventually for those waiting.
Let's suppose it does do something naughty. Root, install Clockwork, then overwrite the whole firmware with a pre-rooted one. Problem solved.
can anyone confirm if this works after a factory reset.. we should act on this soon before the hole is closed.
"I think the app is safe."
thanks! super-lol. I don't even know how to.
"do not want google to know how"
triple-lol. as if google is not extremely aware of open defects internally and/or on CVE / MITRE. huh I guess I kinda-sorta did know how to.
google fixes its **** near-immediately. the reason $RANDOM_DEVICE is rootable is because the actual-downstream-vendor is too lazy/cheap to push updated binaries.
too lazy to type more of the obvious. more on this here: http://forum.xda-developers.com/showpost.php?p=60697482&postcount=28
part XVII: efuse. efuse. m. f. ing. efuse. do people seriously not know about this by now?!
Does efuse factor in at all regarding future root methods? Or is it pretty much void now that we can unlock bootloader? That was a huge deal months ago, and now I hear lots of talk about new root exploits without anyone commenting on efuse.
psycon said:
can anyone confirm if this works after a factory reset.. we should act on this soon before the hole is closed.
Click to expand...
Click to collapse
The person actually said it worked on the Fire Phone after resetting, not the Fire TV, but if you are willing to reset your Fire TV, try it and let us know if it works.
I am trying out the app now. I used the air mouse app in the app store to navigate. The app was designed for a touch screen. I am trying on my fire stick first. Will report back.
Brad
tarvoke said:
"I think the app is safe."
thanks! super-lol. I don't even know how to.
"do not want google to know how"
triple-lol. as if google is not extremely aware of open defects internally and/or on CVE / MITRE. huh I guess I kinda-sorta did know how to.
google fixes its **** near-immediately. the reason $RANDOM_DEVICE is rootable is because the actual-downstream-vendor is too lazy/cheap to push updated binaries.
too lazy to type more of the obvious. more on this here: http://forum.xda-developers.com/showpost.php?p=60697482&postcount=28
part XVII: efuse. efuse. m. f. ing. efuse. do people seriously not know about this by now?!
Click to expand...
Click to collapse
Yes Google is aware just like Apple is aware of exploits, but have you ever read the devs working on IOS jailbreaks? They openly state that they have jailbreaks for new firmware and even post videos of them jailbreaking it, but refuse to release jailbreaks until after dev builds are over and the actual firmware is out because they do not want Apple to fix the exploit they have used. Its basically the same wiith Android, but the only difference is there are no dev builds from google. The app is safe. Tell me the last time you installed something that ruined your credit, stole your identity or personal info. I am guessing it has never happened to you, just like it wouldn't if you installed Kingroot. If not releasing the source means they are not legit then that must mean 99% of developers are not legit. I do not have the source for Angry Birds, but that would not stop me from installing it if I chose to. People are too paranoid about being hacked. Really think about it, what is someone even gonna get if they hack your device?? And wouldn't it be your fault if they got any of your personal info in the first place? They have been telling people for around 20 years not to put personal info on their computers so if people are dumb enough to do it then its kind of their own fault. People know better than to smoke too, but they still do it. Long story short, even if someone was gonna go to the trouble of hacking someones phone, they would go for someone that actually has something they want, like someone famous. Its like when people say they have haters, when nobody really hates them. Who is gonna waste time hting someone that flips burgers, when there are better people to hate on? Nobody wants to hack our phones, trust me.
I tried it just now with KingRoot versions 3.4.1.157 and 4.0.0.233 on my german FTVS with blocked updates. Both times there is the sad looking Android head (and the number 13804 in the second version).
I had the same result. no go.
bnick007 said:
I am trying out the app now. I used the air mouse app in the app store to navigate. The app was designed for a touch screen. I am trying on my fire stick first. Will report back.
Brad
Click to expand...
Click to collapse
Did you do a reset first? It apparently works for some devices only if they are reset. Some people said it worked on the Fire Phone without resetting, but others are saying they had to reset before it would work. I would do it, but I do not feel like resetting my device. Maybe someone will do reset and try it on The Fire TV and the stick and report back so we will know if it works. I predict it won't work, but if someone is willing to try on the box and the stick after resetting, that would be great.
porkenhimer said:
Yes Google is aware just like Apple is aware of exploits, but have you ever read the devs working on IOS jailbreaks? They openly state that they have jailbreaks for new firmware and even post videos of them jailbreaking it, but refuse to release jailbreaks until after dev builds are over and the actual firmware is out because they do not want Apple to fix the exploit they have used. Its basically the same wiith Android, but the only difference is there are no dev builds from google. The app is safe. Tell me the last time you installed something that ruined your credit, stole your identity or personal info. I am guessing it has never happened to you, just like it wouldn't if you installed Kingroot. If not releasing the source means they are not legit then that must mean 99% of developers are not legit. I do not have the source for Angry Birds, but that would not stop me from installing it if I chose to. People are too paranoid about being hacked. Really think about it, what is someone even gonna get if they hack your device?? And wouldn't it be your fault if they got any of your personal info in the first place? They have been telling people for around 20 years not to put personal info on their computers so if people are dumb enough to do it then its kind of their own fault. People know better than to smoke too, but they still do it. Long story short, even if someone was gonna go to the trouble of hacking someones phone, they would go for someone that actually has something they want, like someone famous. Its like when people say they have haters, when nobody really hates them. Who is gonna waste time hting someone that flips burgers, when there are better people to hate on? Nobody wants to hack our phones, trust me.
Click to expand...
Click to collapse
This is by far the most misinformed thing I have ever read.
Please just stop.
jpeg42 said:
This is by far the most misinformed thing I have ever read.
Please just stop.
Click to expand...
Click to collapse
Not misinformed at all. Talk to any financial expert or online securities expert and they would laugh in your face if you told them you stored personal information on an electronic device. The best place to store information is in your brain. You know your ss number so why put it in your device? You have a credit card or debit card so why put it on you device when its in your pocket? People get viruses on their computers, but most of the time those are meant to cause havoc, not to steal your info. When hackers want to take stuff they try taking it from systems like department stores and banking systems, not people with $100 in the bank. Maybe you should get informed about who online hackers are stealing from, cause in most cases they are not trying to steal directly from everyday people. If the common persons info gets stolen its usually stolen from somewhere else, like a bank or department stores online system, and not from your devices.
jpeg42 said:
This is by far the most misinformed thing I have ever read.
Please just stop.
Click to expand...
Click to collapse
I agree. Can we keep this post on topic. Namely Kingroot. I'm not really interested in your long winded post either. I don't want to discourage devs from looking into a potential root because the thread turns into a pissing contest. That appears to be what happened with the thread about CM12 on the fire tv.
Thanks
porkenhimer said:
Not misinformed at all. Talk to any financial expert or online securities expert and they would laugh in your face if you told them you stored personal information on an electronic device. The best place to store information is in your brain. You know your ss number so why put it in your device? You have a credit card or debit card so why put it on you device when its in your pocket? People get viruses on their computers, but most of the time those are meant to cause havoc, not to steal your info. When hackers want to take stuff they try taking it from systems like department stores and banking systems, not people with $100 in the bank. Maybe you should get informed about who online hackers are stealing from, cause in most cases they are not trying to steal directly from everyday people. If the common persons info gets stolen its usually stolen from somewhere else, like a bank or department stores online system, and not from your devices.
Click to expand...
Click to collapse
you realize that when you make a post that long, only that one person read it right?

Categories

Resources