Hi all, I have a major concern about privacy and all the 3rd party data collectors...
A lot of apps are uploading user info and stats to companies like Flurry, pinch media etc.
I'm about to make the move from iphone OS to android, and i'm looking for a opt out to keep my privacy intact.
Saurik creaded PrivaCy for the jailbreak community that enabled on\off toggles for the 4 major companies.
My issue on iphone was that Pinch Media alone gathered the following information without my knowledge :
* iPhone’s unique ID (imei)
* iPhone model
* OS version
* Application version (in this case, camera zoom 1.x)
* If the application is cracked/pirated
* If the iPhone is jailbroken
* Time & date I start the application
* Time & date I close the application
* My current latitude & longitude
* My gender (if Facebook enabled)
* My birth month (if Facebook enabled)
* My birth year (if Facebook enabled)
I want the option to chose weither or not this kind of info gets collected and distributed.
I've looked into this issue on the android platform, and it seems like there's no option other than not to install the app.
Take for instance Locale. To my knowledge it uploads my imei nr (+lot of other info) to Flurry, whilst i do see the developers need to gather info, and I do not see why my imei number should be uploaded at all.
When I get my android phone I can only chose NOT to install locale, but I just want to prevent it from uploading such info..
Can anybody create a toggle, preferably one that doesn't aquire root, or some guide as to hosts file editing, or a firewall app that will give me this control over my device?
regards
-e
just add a line in hosts file like the following for each website you want to block:
127.0.0.1 some.company.com
Fantastic, thanks mate.
Unfortunately I will have to have root permissions to edit the hosts file.
(it might take time before the htc desire gets root)
(edit: unless theres another way to get write permissions for that file..?)
If I do mess with the hosts file I'd be keen on adding a fair few entries to block ads too..
Since the hosts file gets loaded in ram at bootup, will there be any noticably difference in speed due to the size increase?
regards
-e
could you please post the host-file or the addresses/ip's of the companies your gonna block?
they should be of interest for everybody here
1. You will need root access.
2. The change shouldn't impact the performance in the least. Any local host lookup is always faster than DNS lookup. Meaning that it should increase performance in cases where it finds the match in hosts file, although I doubt if you will notice it.
3. I wouldn't worry about RAM. The host file, even if you add a hundred entries, given that each line consumes 100 bytes, should still be under 10kb.
Great to hear. Thanks for the replies.
@fabsn: I'll post my hosts file as soon as I get this working.. (gimme a few weeks to get my phone, move to android and root
Although: I'd be keen on using the adblock app in androidstore (the one that modifies the hosts file), but my manual changes will break every time I update the app.
I'll try to get hold of the dev to se if he/she might add these info collectors (like Flurry) in another version so that people can get "the best of both worlds"
By the way: I wish all devs that utilizes info collection in their apps could just provide users with an opt out, then my problem would be solved...
-e
http://textbin.com/x6430
Here is a complete "phone home" list for the iPhone. A lot of this will directly apply to android as well, so perhaps a nice soul here at the forum could compile the most useful adresses for me (I'm writing on my phone and it's a b**** to do this on)
the list is taken from: i-phone-home.blogspot(dot)com/
so credit goes to that community.
I really want to combine this with the hosts file that jamesisbored/droid has for adblock..
I will test this once desire hits my mailbox and someone finds root.
-e
This sounds like a great idea. Once a comprehensive list is compiled it should be passed on to "bigtincan". I know myself and a lot of other people use their "ad free" app to block ads using the same method mentioned by Ady above. Although they may be blocking them already and I don't know. I've never looked closely at the host file.
http://bigtincan.com/downloads/android.html
Any progress made on this end?
ady said:
1. You will need root access.
2. The change shouldn't impact the performance in the least. Any local host lookup is always faster than DNS lookup. Meaning that it should increase performance in cases where it finds the match in hosts file, although I doubt if you will notice it.
3. I wouldn't worry about RAM. The host file, even if you add a hundred entries, given that each line consumes 100 bytes, should still be under 10kb.
Click to expand...
Click to collapse
I am new to modding my phone, would you be so kind as to go into more detail how to do this. Specifically, what is this "Hosts file" you speak of? I do have root access and searched my entire phone for a file like that with no joy.
Also, the links provided to possible host data do not work, can somebody update that?
Thanks!!!:laugh:
You may be interested in the MOAB (mother of all adblockers) thread here on xda. Best ad blocker out there, imo, if you haven't already. Sorry, I can't link it now.
Sent from my SCH-I545 using Tapatalk
Related
To the many excellent folks here at xda-developers.com, I'm releasing MobilMon 0.5 for free.
I wrote a simple app that monitors file system access (specifically, file creation, deletion, or modification). This sort of tool can be invaluable when you are trying to figure out what's happening on your system. You can export the findings to a log file.
It's pretty bare bones at this point, but that was somewhat intentional. I wanted to see what folks wanted out of such an app before spending more development time on it.
Check it out, and let me know what you think: http://www.mobilmon.com
wow! thank you! this is pretty much exactly what i was wishing for ever since i started playing around with new apps and such on my phone.
it's a great help for just before a system backup. for example, i have SPB backup set to run every other morning. let's say it runs on Saturday at 5:00am. I install some apps and do some random things from 8:00am to 9:00am. 9:30am, my phone crashes. I reset to 5:00am, and I lost all that stuff i did from 8 to 9. now i know! thanks for this app.
Feature changes
A couple of things I was considering:
1. CSV EXPORT. Would it be better to leave the plain text formatting for easy readability, or format it for CSV export?
2. DIRECTORY. I was originally going to include the ability to change the directory (i.e. something other than just "\") but that would involve some significant work on my part. And, I'm not sure if you'd really want to do that anyway.
3. VIEW FILE READS. As delivered, it monitors file adds, deletes, and changes - not reads. This was done intentionally for performance reasons. Would people want to see all the file reads, even if it bogged the device down?
This is awesome! I haven't seen anything else like it, so I am really happy to see someone from the xda-forums to make this magic!
I think that you should add in the view file reads, but only as an option. Maybe also an option to select which operations you want logged (eg. when I only want to see the files created, and not deleted). Although being able export to CSV would give me the same results, but with some editing.
3. VIEW FILE READS. As delivered, it monitors file adds, deletes, and changes - not reads. This was done intentionally for performance reasons. Would people want to see all the file reads, even if it bogged the device down?
Click to expand...
Click to collapse
Many thanks for the app.
It would be nice to have (even as a separate app) something like mamaaich's file monitor: http://forum.xda-developers.com/showthread.php?t=247425, with ability to start/stop and good frontend - to capture all file activities in the whole system.
It helps a lot to find frequent, unintended system file reads (in most cases - draining batteries)
monitor lost memory
i wonder if you could add some powerful memory mgmt to check where my pda memory is lost and what is the process,application or service which is causing memory leaks or using too much memory. maybe you could draw a graph or monitor memory usage during time for all processes. when i start my pda i have 48% free ram, after a day i am back to 80% without any visible app running.
Thanks!
Thanks
Thanks for the good feedback; I'll look into making it where you can select the types of events to monitor and then go from there.
Good lead on mamaich's program - I wasn't aware of it. I will take a look. I'm all about working smarter, not harder
Hello,
I stumbled over this (admittedly quite old) thread on the search for a windows-mobile version of something like iTunes FolderWatch or iPad ShutterSnatch.
Would it be possible to extend MobiMon such that an action can be triggered once a new file is found? In my case that action would be to start a picture viewer with the newly created file name as a parameter.
Scenario: Send pictures I take with my camera to my Windows Mobile Phone (HTC HD2) via FTP (MochaFTP) through an Ad-Hoc Network directly from the camera (using Eye-Fi). MobiMon would recognize the new file and fire up the picture viewer. This way, the latest picture taken will be shown on HD2's big display right after the shot was taken.
Of course, if there is a more streight-forward way of doing this (like a picture viewer with integrated FTP-Server ) I'd be more than happy to hear about it!
Regards and a happy new year!
Alex
Yes, it's possible.
In regards to your inquiry, it's programmatically possible, but would require a re-write. This has to do with the way things are instantiated. Whether I could afford the time to do it is a different question
1. What is the target OS?
2. Do you have the means and skills to adjust my code and compile it yourself if I just pointed out the changes needed?
allright, heres my question:
is it possible to add (i.e)tray/taskbar icon showing card r/w activity?
I am thinking not exactly about this specific project, but general idea related to it.
Need an apk that signs my update.zip files from titanium blackup.
I don't understand why it hasn't been done. The code to do it is already in java! Search the forums for testsign.jar
I know everything you need to do to get it done but I don't have a development environment at my disposal. Help me out and I'll show you how to convert your jarred up code libraries to run on android!
Please and Thank You.
* edit - this question has been solved by brainmaster! ZipSigner if you find this application helpful please thank him below.
- Posted via mobile
New application proposal: ZeroNetAccess (ZeNA?)
Concept: an app that can block other apps network access.
Market alternative: DroidWall (root only, low market potential)
Methods: Maybe by modifying the apk manifest and resigning? Im not sure if there is a framework you could subclass for this.
Why: i turned off stats reporting for an app and i saw it writing reports to the web from logcat. Google took our rights away by not letting us do this from the application settings. Its my device and i have to pay the bill not google or the rude ppl who made the app. I will never understand why we were not given the right to administer mobile data access rights.
Potential: highly lucrative. People want to save money nowadays. In that respect voiding phone warranty for root access may not sit well with potential customer.
- Posted via mobile
Avid Droidery said:
New application proposal: ZeroNetAccess (ZeNA?)
Concept: an app that can block other apps network access.
Methods: Maybe by modifying the apk manifest and resigning? Im not sure if there is a framework you could subclass for this.
Why: i turned off stats reporting for an app and i saw it writing reports to the web from logcat. Google took our rights away by not letting us do this from the application settings. Its my device and i have to pay the bill not google or the rude ppl who made the app. I will never understand why we were not given the right to administer mobile data access rights.
Potential: highly lucrative. People want to save money nowadays.
- Posted via mobile
Click to expand...
Click to collapse
For rooted devices try DroidWall
Application Proposal: Web Page to PDF/HTML Safari Plug-In
Concept: Seriously?
Why: Cant save pages from the browser I safari always reloads the page when you come back to it from other activities (pointless nethog!) whats the friggin cache for anyway? It is better to save an article copy that you could view on the computer later or add to your info library if you write books or do any kinda technical research than it is to save a bookmark that may become 404 not found. Researchers nightmare!
Methods: execute shell command wget on page source. Use regular expression to get media list. Build directory tree. For each media call wget. Done.
Potential: medium. Not many people are so technically inclined.
Usefulness: extremely high, especially with zip/+email caps.. Roundabout source code viewer for nosy/curious folks.
Average potential, stream lehigh usefulness I would sell for a buck 99. Free (1 ad per saved page, no zip email)
- Posted via mobile
3rdstring said:
For rooted devices try DroidWall
Click to expand...
Click to collapse
Thank you! Will do!
- Posted via mobile
Application proposal: WarBastard
Concept: wardriving app featuring google my maps! Maps are shared globally by locale. Signals can be pinpointed by triangulation through cross reference of mac address, signal strength and previously detected locations in a global locale based database. While we are at, throw in a google navigation intent, and a compass with distance to closest accesible AP! Dont stop there! I wonder where that cell tower is located?
Purpose: to aid weary travellers and cheap bastards to connect with their loved ones and services over open networks. Services could also be used for cellular network signal diagnostics across hundreds of thousands of devices.
Potential: astronomical I would pay 5 bux. Better yet 12 bucks per year. Free (1 ad per download of database, 1 ad per connect to AP. Possibly integrated with APs for increased revenue potential across the board.) The map data can also be used to find good places to set up an advertising AP 4 even more potential earnings.
Anybody wanna pay me to sit around and do this all day? Lol.
SERIOUSLY you are looking at my qualifications. Asking 50k p. yr. to start Project Mgr./Analyst/Sr. Developer. consulting options available. Willing to relocate. Pm for inquiries/proposals.
- Posted via mobile
Avid Droidery said:
Need an apk that signs my update.zip files from titanium blackup.
I don't understand why it hasn't been done. The code to do it is already in java! Search the forums for testsign.jar
I know everything you need to do to get it done but I don't have a development environment at my disposal. Help me out and I'll show you how to convert your jarred up code libraries to run on android!
Please and Thank You.
- Posted via mobile
Click to expand...
Click to collapse
You should use the search function: ZipSigner.
It implements in the Titanium Backup and signs it on your wish.
brainmaster said:
You should use the search function
Click to expand...
Click to collapse
You are correct. I should never have assumed that this wasn't already in the market. Actually I didn't really plan to use this to sign titanium backups. For my purpose however the concept is the same.
* edit Human beings arent the fastest search engine but collectively we are the most accurate information sources on the planet. feel free to quote me on this
I thought that it would be better to ask someone who might know than it would be to search for something that may not exist. If I had access to a computer I would have no questions to post. Only answers! Being that I am stuck on my android for the time being, I appreciate all the help I can get!
Thank you for providing me with another helpful for resource!
* Edit: Dear brainmaster, words cannot express my level of gratitude! I am truly overjoyed by the passing of this shortcoming. Signapktic is exactly what I was looking for and I never would have found this application had it not been for your assistance. The topic of this thread is kick ass apps wanted. Even though this is an application that no longer needs to be developed (because real developers don't reinvent the wheel unless absolutely necessary,) you have met or exceeded the topic issue with flying colors!
- Posted via mobile
New application proposal: Launchpad Homescreen Widget
Concept: a widget that will pop up an on screen menu (complete with icons) onClick similar to pc desktop start menus. Customizable shortcuts Horizontal or vertical (and scrollable) layouts by preference and Customizable folders.
Why: I would rather have a feature like this than an app drawer any day. This would allow individuals to organize launcher short cuts by task. It would also be great if it were possible to open files in the system such as pdf, video, music or text files with appropriate application. Another great feature would be the ability to launch shell scripts. I have searched the market and nothing like this was found.
Potential: high. will save customer time allow them to become more visually organized and task oriented as well as adding more visual appeal to the home screens. $5.99 I would buy it! Time limited trial only.
- Posted via mobile
I'm a programmer; I don't do Sales, I don't do Marketing LOL
I'm working on an app that has my partner and I debating on pretty much a daily basis. I'll try to explain best as possible without too much detail.
The app takes a pre-loaded database (a "template") from assets folder and loads into the app. Works fine. Thing is, there will be more templates, probably up to 20 for which we want to charge (we're talking small amounts here).
So, here is the debate we're having:
1. Create 20 apps with each having the one template. Easy as hell for me but goes against my programming standards as to why have 20 apps when ONE does the work? NOTE: Does not need any permissions
2. Create one app, ask user for template on startup, download from cloud. A little tougher, but not much. Problem here is that what if they want 2 templates? Or 5? We want to charge for each template. I could do "AppName +2" or "AppName +5"
versions and charge accordingly. NOTE: Max templates a user would have is probably 5.
3. In-app purchasing...I've read about this. Not so easy. You either hide content (and over bloat your app or code a mechanism that allows Joe to have in-app purchase app, but not Julie). Google makes clear note of this in their docs. NOTE: my bloat would be about a 7,000 row database on user's phone.
So, just looking for some other opinions...all comments welcome!
TIA,
Roots
From what I can understand, I think # 1 is the most tried and true method, as most launchers with themes work this way. The upside for you as far as making money is concerned is that there are people who want all their options, whether or not they will ever use them... I have been guilty of it myself with lp+ themes. I've paid for ones I'll never use, because it's there and most apps tend to be in the "impulse buy" price range.
I agree, #1 is your best option, it may require a lot more work as far as deploying goes, but it is the most reliable method.
Interesting! Thank you for your replies.
A little more information...the templates (e.g. database) will probably never change from initial download, so that update is a moot point.
One thing I didn't think about is creating and SAVING 20 keys!!! Yikes. I've lost those before...very bad situation when that happens. Not to mention 20 distinct package names.
One thing I didn't think about is creating and SAVING 20 keys!!! Yikes. I've lost those before...very bad situation when that happens. Not to mention 20 distinct package names.
Click to expand...
Click to collapse
You can sign all packages with the same key.
As of package names, all you need is to change the application package not the code packages. The ADT has a tool for renaming application packages.
1. Create 20 apps with each having the one template. Easy as hell for me but goes against my programming standards as to why have 20 apps when ONE does the work? NOTE: Does not need any permissions
Click to expand...
Click to collapse
Here is my suggestion, although I never tried it:
Create 20 apps for templates with no logic at all.
For each one of these apps:
(1) Put a single template file in the res/raw folder
(2) Create an Activity that doesn't do anything at all (call finish on onCreate).
(3) Set intent-filter for your null activity with android.intent.action.MAIN and your own custom category.
Create 1 main application with all application logic and code but with no templates at all (or just one default template).
(1) Search for installed templates using PackageManager.queryIntentActivities with an Intent that match Intent.ACTION_MAIN and your custom category.
(2) Read templates using Context.createPackageContext, getResources of the created context, getIdentifier to find the id of the template file and openRawResource to actually open it as an InputStream.
There are other methods to share resources, take look at android:sharedUserId.
Interesting concept, but if I read it right, I sill need 20 "dummy" apps to go with the main "driver".
I've got some time to mess with this because I have to implement drag and drop on some ListViews. I might just end-up coding the in-app purchase stuff.
EDIT: LOL, I can't wait till I can afford an iPad and port all my stuff to iOS
Version Alpha 0.6.0 is now available
I'm back! Not dead yet, I promise. This is actually a relatively small update in terms of user-facing features, with only one really big new thing - support for file uploading - but that's a lot bigger than it might sound. It's the first write support I've implemented in the server, and it also required some fairly massive updates to the HttpServer component (support for binary requests, for POST parameters, for MIME multipart parsing). These will be built upon in forthcoming versions to add support for things like registry editing, in-browser file viewing (possibly editing), and so on. There are also a large number of small fixes and improvements that I've made over the last two-weeks-shy-of-a-year, which should make the server faster, more robust, better able to support concurrent connections, and lighter on device resources. Finally, while the app still targets WP8.0 and should run on 8.0, it now is designed for 8.1 compatibility (especially the AllCapabilities version).
Previous update (0.5.6): This version is mostly bug fixes and UI changes. The biggest changes are: clearer display of weird registry data types, the server now consumes fewer threads (it used to spawn them with wild abandon) and does faster string compares, the app version is now shown on the phone, error pages are now better, if you launch the app without a WiFi IP address it'll offer to take you to the WiFi settings page, connections are no longer closed as soon as the app starts sending a response, and the server now defaults to using the Connection: keep-alive header, with a two-minute timeout. The last change, combined with the second-to-last, should hopefully both do away with the tendency to have the app fail to display a page. However, I shouldn't have *needed* to switch it to "keep-alive" - using "close" should have worked - but it still veeeery occasionally would kill the connection early. Agh. Anyhow, this is better in the meantime.
DevDB offers me a support / Q&A thread. Please use that thread to ask questions; don't PM me unless it needs to be kept private for some reason!
ISSUES ON WP8.1:
It *should* work to deploy the app with "Application Deployment", but if you have a problem try deploying with "Windows Phone Application Deployment 8.1" instead.
Problems have been reported in the past when the app is installed to the SD card. It's small, though; putting it on internal storage shouldn't be a problem.
RESOLVED The AllCapabilities version included a few capabilities that were present in 8.0 but removed in 8.1. Those capabilities have been removed; the AllCapabilities version now deploys and runs on capability-unlocked WP8.1 phones.
IN CASE OF OTHER ISSUES: Please provide a *detailed* error report - what phone and OS version you have, what hacks you've installed, what Webserver version you're running, what you do to get the error to occur, and exactly *what* occurs - and I'll fix it as soon as I can! There's a DevDB section for posting bug reports, and you can also use CodePlex if you want.
I finally implemented file upload! I'll work on getting more stuff like that (file delete, possibly file rename/move/copy, various registry edits), hopefully soon! I also hope to add support for different areas, like an "Applications" path, a "Processes" path, a "Services" path... eventually. Many of those are really hard without good privileges. I'm also looking at moving the server to a background process and making the app just a control UI for it, adding support for authentication and/or HTTPS, adding some stylesheets to the web UI, adding caching, and much more. I did finally implement Connection header support.
Once again, the XAP is published twice. One is a fairly standard XAP that any phone can sideload, and the second has many exotic capabilities to enable viewing of (and writing to) slightly more of the file system and registry. The standard XAP has had its list of capabilities expanded to pretty much all of them that can be used without interop-unlock. The high-capability variant requires not just interop-unlock, but the additional capability-unlock hack available in the interop-unlock thread. The AllCapabilities version now works with WP8.1; sorry for the long delay on that!
An item of note: the AllCapabilities version (or either version, on WP8.1) can open other drives in the file system. On phones with an SD card, it is mounted at D: and you can browse it as normal. Credit to @hjc4869 for this discovery!
DESCRIPTION: This is a simple webserver app which can enumerate those files that are in folders readable from the sandbox, can download and upload (access permitting) files, can browse the registry, and can display the contents of registry values of any type. It runs on WP8.x (not yet tested on W10M). It is a spiritual successor to the Functional Webserver / WebServer (Mango) projects from WP7. This version is still missing a lot of functionality as I decided to implement it from scratch, but it is advancing swiftly. Note that there's no access controls implemented; use it on a public network only at your own risk!
Instructions are simple: sideload the XAP, connect to WiFi (required), run the app (called "WebServer Native Access"), point a web browser (on a PC or phone that is also on that local network) to the URL that the app displays. You should get a basic index page. Click on a Filesystem or Registry link to begin browsing the phone. There's a textbox near the top of all filesystem pages, type in a path there (for example, "C:windows" with no quotes) and hit Enter or click Get Files. You'll see a list of the contents of that folder. Click on a file to download it or a directory to open it. There's also a box for uploading files, one at a time, to the current directory. Navigating the registry is similar, except you'll need to specify the registry hive and then the path from that hive (or no path, to access the root of the hive).
As of v0.6.0, uploading files is finally supported! Other modifications (editing files, creating, deleting, or changing registry keys or values) are currently not supported. They will be "soon" although my personal testing suggests that basically the whole registry, and most of the file system, is off-limits for writing unless you use restricted capabilities.
You might see an error code (error 5 is "ACCESS_DENIED", you'll see it a lot; I should replace it with an appropriate 403 or whatever). Or you might see a status 500 message because of an exception in the server. Or the server may just crash (hopefully not so often anymore...). I'm making it more resilient, but there are still bugs. Please report any previously-unreported issues you find, including how to reproduce them, and I'll fix them if possible.
Also feel free to request features or changes; I'll implement them if reasonably possible. The app is a mixture of C++ and C# code; I could probably have done it all in one or the other but wanted to have a C++ component in case I ran into something that wasn't available in C#, and although it probably would have saved some time, I decided that hacking up a web server in C++ was maybe not the best idea.
The source code is on Codeplex, at the following projects: https://wp8webserver.codeplex.com/ for the server and the app (C#) and https://wp8nativeaccess.codeplex.com/ for the native access wrappers (C++). You may have to fix up the reference paths to get the C# component to see the C++ component correctly. The code is reasonably well documented, but let me know if you have any questions. Permission to re-use the code or components is granted under the MS-PL (Microsoft Permissive License) as posted on Codeplex.
Go forth and find cool stuff!
Version history (see the git commit logs for more detail:
07 July 2013 - 0.2.0: Initial release, FS only, 920 downloads (source: 652 downloads)
14 July 2013 - 0.3.2: initial registry, HTTP server and web app encapsulation, source on Codeplex, 225 downloads
0.3.3: bugfixes, 454 downloads
0.4.2: basic registry values display, 86 downloads
0.4.3: bugfixes, 326 downloads
0.4.6: multistring registry values, bugfixes, updated libraries, first AllCapabilities version (950 downloads), 453 downloads
25 Oct 2013 - 0.4.8: binary and long registry values, formatting and bugfixes, 451 downloads AllCaps, 201 normal
22 Dec 2013 - 0.4.9: all registry value types, better threading, proper resume, remembers port, 97 downloads AllCaps, 53 normal
24 Dec 2013 - 0.5.0: background operation using Location APIs. Downloads: 1011 AllCaps, 963 Normal
20 Jul 2014 - 0.5.1: More capabilities, better navigation. Downloads: 358 AllCaps, 352 normal
07 Aug 2014 - 0.5.3: .REG export, better traversal, bugfixes. Downloads as of 0.5.5 release: 260 AllCaps, 164 normal
10 Oct 2014 - 0.5.5: Bugfixes and back-end work. Downloads as of 0.6.0 release: 140 AllCaps, 113 normal
25 Oct 2014 - 0.5.6: Bugfixes and UI tweaks. Downloads as of 0.6.0 release: 1720 AllCaps, 1334 normal
12 Oct 2015 - 0.6.0: Binary requests, file uploads, bugfixes.
XDA:DevDB Information
WebServer Native Access, Tool/Utility for the Windows Phone 8 General
Contributors
GoodDayToDie
Source Code: https://wp8webserver.codeplex.com/
Version Information
Status: Alpha
Created 2014-10-17
Last Updated 2015-10-12
I'm going to use this space to mention something that's pretty cool:
J. Arturo of http://www.komodosoft.net is using a modified version of the HTTP server that powers this app in the ShareFolder app (http://www.windowsphone.com/s?appid=e2b9c82e-eaa1-4a3b-9d4a-8a2933a8bdb4) to support opening video files directly from Windows network shares! This was done to work around a limitation of the WP8 media control: it can only source from an isolated storage file or a HTTP URL. By running a server in the background and streaming the video file through it, and pointing the video player control at the localhost URL, it becomes possible to play the file on the phone without first copying it to the app's isolated storage. A very cool way to solve the problem! Also, reviewing the changes that were made to the network code of the server pointed me toward those threading fixes I made that have hopefully much improved version 0.4.9.
Please note that the updated version of ShareFolder with this feature may not yet be available, although it should be soon. It is a commercial (paid) app, but the author sought and received permission to use my code (although the license does not require such permission be received).
What exactly is the problem with sockets? I am battling myself with sockets atm too, maybe we can share knowledge?
Strictly speaking, the problem was with the phone's limited subset of the Sockets API forcing me to access it through functions I wouldn't normally use (asynchronous everything, SocketAsyncEventArgs and lambdas and AutoResetEvents and so on everywhere...) but I've got a pretty good handle on it now, at least for the System.Net.Sockets.Socket and its friends. The new .NET 4.x ones (using the async keyword and all) are in a different namespace; I didn't mess with them. They are more abstracted from the Bekeley sockets interface that I'm used to from C, but they are also (supposedly) more user-friendly, especially if you don't feel like writing all your own thread management code (and in fairness, I should re-write the webserver's threading to use threadpools; they're better for this type of work).
If you want to ask questions about the topic, I suggest starting a new thread (possibly in the Q&A subforum, although it's also dev related...) and I'll answer if I can.
GoodDayToDie, just an idea: how about sharing your source code via CodePlex or GitHub?
Oh man, this is pretty nice! GoodDayToDie does it again!
So far, I can read \Windows, the current install folder which you access just by typing "." with no quotes and the current application folder by typing ".." I can access the .dlls, .winmd and AppManifest.xml from the current install, but from everywhere else, it goes boom. This is a great step towards something awesome though!
EDIT:
I was wrong. For some reason, when you click on a folder it's trying to "download" it, rather than chdir. I can get pretty far into the Windows directory.
THAT's what you meant by "Click on a file (note: there's no current way to tell the difference between files and folders) to download it.
You might see an error code (error 5 is "ACCESS_DENIED", you'll see it a lot). Or you might see a status 500 message because of an exception in the server. It's getting a lot more resilient but there are surely still some bugs. ".
If you see a folder, just type the full path to it instead of clicking on it and you will be able to read the contents.
ANOTHER EDIT:
I just found a file inside of the \Windows\System32 directory named [guid].devicemetadata-ms (It's easier to just search for "devicemetadata-ms"). It's a cab file with some metadata about WP8 with a sign.cat and packagesign.cat file in the archive. I don't know what these files could potentially be useful for.
New version in a day or two (busy tonight). Features I plan to implement (not necessarily in the next version or at any particular time):
File upload (IsoStore and, of all crazy things, install directory are writable. I think I'll put a flag on each FS page that says whether the current dir is writable...).
File deletion (where possible, of course).
File and Directory distinction in the listing (clicking a dir should open it, not error out).
Filesystem index page with links to folders that can be accessed successfully (since the root isn't readable).
Some more file info (size, probably attributes, possibly permissions).
Possibly an option to preview a file (as plain text) without downloading it.
Some kind of background mode (the server uses minimal resources when not actively servicing a request, so I'll see if I can get it to work in the background, perhaps by abusing the music transfer agent...)
Some kind of offline mode (at least basic file browsing within the app, as an alternative to using the web interface, though I might just make a second app for that).
Source code changes: separate the server code from the webapp / phone app code (move it into its own project).
Source code changes: move to a hosted version control service, probably CodePlex (good suggestion sensboston).
Maybe add an icon and such...
Any other suggestions?
I also want to try experimenting with various non-standard capabilities and see if I can get access to more of the system . I've already added the ability to access removable storage, but I've also found a bunch of really weird and frequently undocumented capabilities in the OS's policy configuration files, and I need to look into those... The interesting (and possibly the uninteresting) ones are probably blocked for unsigned sideloaded apps, but it's worth checking on anyhow.
Yeah sorry, I should have been more explicit about clicking on dirs. not working in 0.2.0. Also, it's "unofficial" but if you check the URL bar you'll see a URL parameter called something like "pattern" (by default, it's *) and if you change that, you can filter the results. For example, "foo*.exe" (note: no quotes!) will search for EXE files whose names start with "foo". Among other uses, this makes it a lot faster to load large dirs like System32. This will be added to the UI at some point. Also note that URL decoding is applied correctly to querystring parameters (Probably already noticed with the path sometimes written using %5C for \) so you can add special characters that way if needed, though currently any of them but \ will probably just cause an exception.
...
Actually, does this filesystem support Alternate Data Streams? If so, you should be able to download them by appending a : and the ADS name to the filename in the download URL...
OK, so that was a new version in five days. Sorry, stuff takes time.
The source code is now on Codeplex. The native access portion is at https://wp8nativeaccess.codeplex.com/, and the web server portion is at https://wp8webserver.codeplex.com/. Both are licensed MS-PL and use Git for version control. The full XAP is also available for download from the Webserver project on Codeplex.
GoodDayToDie said:
OK, so that was a new version in five days. Sorry, stuff takes time.
The source code is now on Codeplex. The native access portion is at https://wp8nativeaccess.codeplex.com/, and the web server portion is at https://wp8webserver.codeplex.com/. Both are licensed MS-PL and use Git for version control. The full XAP is also available for download from the Webserver project on Codeplex.
Click to expand...
Click to collapse
You are a god. I'll be sure to post my findings .
Hmm. When I first load up WebServer File Access then access from my laptop, I get the main page then the program crashes on my phone. It seems to hold a lock on to the socket as i can no longer access port 9999 from any other device when re-opening the app. I can access it again when I reboot, but the same thing happens.
EDIT: I think it may be due to the WiFi at work... it's junky. I'll try again when I get home. I was just able to browse some directories.
Wow, that's completely unexpected... I can beef up the error chacking and handling around the listener port though. That part of the code is really straightforward, so I actually haven't hardened it very much. I can also put in a Finally block to close the socket and/or mark the socket as re-usable so that other apps (or the same one again) can listen on it in the future.
I also plan to add support for setting your own port, but that doesn't solve the underlying problem. I'll put in more error reporting as well, to enable better debugging. Thanks for the report! Always good to have users report problems so I know where to prioritize fixes.
GoodDayToDie said:
Wow, that's completely unexpected... I can beef up the error chacking and handling around the listener port though. That part of the code is really straightforward, so I actually haven't hardened it very much. I can also put in a Finally block to close the socket and/or mark the socket as re-usable so that other apps (or the same one again) can listen on it in the future.
I also plan to add support for setting your own port, but that doesn't solve the underlying problem. I'll put in more error reporting as well, to enable better debugging. Thanks for the report! Always good to have users report problems so I know where to prioritize fixes.
Click to expand...
Click to collapse
I tried the app at home and it DOES crash on the first hit of the home page, but I'm able to open it up again and it works fine.
The new version 0.3.3 should be more rebust; try it and let me know if you still have issues. If you do, let me know what the exception message is (and any other info you can provide) and I'll try to track it down.
Downloading really big files should also work now. The app will read and push files in smaller chunks (the code to do this existed in the NativeAccess library before, but wasn't used).
a simple SDK?
Dear Sir
Will it be possible for you to make some sort of SDK from this so other developers can integrate this into their apps and enable browsing isolatedstorage?
Sorry if it is a stupid question.
Bruce_X_Lee said:
Dear Sir
Will it be possible for you to make some sort of SDK from this so other developers can integrate this into their apps and enable browsing isolatedstorage?
Sorry if it is a stupid question.
Click to expand...
Click to collapse
With the restrictions in permissions, this app only allows browsing of the app's isolatedstorage locally. You are able to use the IsolatedStorage API within your app to browse files and directories already.
snickler said:
With the restrictions in permissions, this app only allows browsing of the app's isolatedstorage locally. You are able to use the IsolatedStorage API within your app to browse files and directories already.
Click to expand...
Click to collapse
That's right. What I want is to allow the end user to be able to browse the isolatedstorage. Imagine I have a video download app, I want the user to be able to transfer those downloaded videos from the app's isolated storage to, say, a PC.
One can do this by integrating the webserver code into the said app.
Bruce_X_Lee said:
That's right. What I want is to allow the end user to be able to browse the isolatedstorage. Imagine I have a video download app, I want the user to be able to transfer those downloaded videos from the app's isolated storage to, say, a PC.
One can do this by integrating the webserver code into the said app.
Click to expand...
Click to collapse
Ahh I see what you mean now. That sounds like a pretty nice idea. I think more research needs to be done to see whether it would even be allowed in the marketplace.
The webserver portion is stand-alone (builds to its own .NET DLL with no dependencies on the other parts) and has a pretty clean interface. You'd need to implement the web application portion of it yourself - the thing that generates the response pages for a given request - but the HttpResponse class in the server does a lot of the work of that for you; you basically just specify the content you want to send (as a String or byte array) and it sends it.
A little intro:I spent a lot of time with malware on windows and which apps/settings can actually protect you. By working with malware you also get a lot of background info on how people / companies / governments can steal your privacy from you and how to protect yourself against it. When I decided to care about all that, I noticed that a lot of "security forum experts for PCs" have no clue about Android and its risks although probably the same if not more data is stored on our phones than on our PCs. So I decided to do some background research, worked with Android malware and played around with the different ways and options that can protect your security & privacy.
When I am looking for a security setup then I want one that is reliable & easy-to-work-with but also lightweight on the system. I don't want my security setup to cripple down my system.
I have done similar guides for Windows and as I haven't seen anything likewise for Android I thought I would give it a go.
What can you do to protect your security & privacy:Security - Firewall: To block incoming / outcoming traffic per app or per IP/DNS/Port. Can drain the battery and be a pain to configure on Android.
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Security - SuperSU: To actively manage which apps will get "unlimited" root access.
Security - Password manager: Use a password manager for all your passwords. Built in password managers (e.g. browser, ftp, mail ,etc) aren't really a save solution (even with the so called "master password"). Apps like KeePass offer a lot more than just having all your passwords stored safely. It lets me open apps + automatic login with just 2 clicks (e.g. FTP, SSH, Mail, Browser,...). It let's me create unique password so that I won't be using the same password on all websites. And there is still a lot more.
Security & Privacy - DNS: Change the DNS-Server you use to something like NortonDNS which will protect you from malware/phishing sites as well as semi-bypass the tracking of browsing behavior by your phone/internet provider. The DNS provider/resolver that you use (usually your phone/internet provider) will transform the domain you want to access into the IP adress of the desired server (the one which hosts the website you want to visit). This means that what ever domain you are going to browse will be transmitted to your DNS provider... so choose one carefully ! Also the better the connection to your DNS provider is (and the better the providers connection to the world-wide-web is) the faster your domain requests will be processed.
Security & Privacy - VPN: An easy way for attackers in your network (especially open & free wifi's) to steal data from you are MITM (Man In The Middle) attacks. They can modify SSL certificates which means even using HTTPS might not always be safe or simply read your network activity (such as logins which includes accounts + password). By using a VPN all the traffic that leaves your device will be encrypted and routed directly to a safe receiver which means no one can interrupt your traffic and sniffs (read) it.
Security & Privacy - SSH-Tunnel: Using an SSH-Tunnel has pretty much the same effect as using a VPN but the difference is you have to configure each app that you want to use the SSH-Tunnel. I prefer this method on Windows as I can encrypt only the traffic of my browser/mail/communicator while playing games or other apps will use the non-encrypted (and often faster) internet connection. Sadly there is no app on Android that in my opinion works flawlessly as SSH-Tunnel client.
Security & Privacy - Adblockers: We all know adblockers. They block ads and trackers to protect your privacy and some of them (e.g. mdl-malwaredomainlist) also protect you from malware & phishing websites.
Privacy - App Ops: App Ops or similar apps let you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
Privacy - Android 5.x disable allowed certificates: Every website and every (good) app will have a certificate that Android and also AV's check online to see if the website/app is trustworthy. Out-of-the-box Android allows many questionable certificates from governments and companies that might sell their certificates to websites/app that are not so trustworthy. Since Android 5.x you can remove/add certificates to disallow governments or companies that sell their certificates to questionable websites/apps.
Privacy - Encrypt your phone: By encrypting your phone you ensure that no one who finds your phone will be easily able to read anything saved on your phone. Not even by entering the recovery mode. It may slow down the performance a bit and increase battery drain slightly, but for me (Nexus 6) I had no troubles so far.
You can make that list longer by using only secure apps for communication (e.g. encrypted chats with Telegram or using Firefox and add-ons such as HTTPS-Everywhere) but I think that is more advanced and takes away the freedom and choice of readers/users. So I will stop here as I think I have covered the basics and most important things.
Which setup should you choose?Well first of all I recommend using only apps/services of companies that you can trust. E.g. companies that exist for a long time but haven’t done any questionable actions in the past. I have been a long-time-user of Comodo but looking at what Comodo has allowed itself in the past made me choose something different. On Android a good example are sms/call blockers. There are many options to choose from for example one is produced by a company named "NQ Security". Now do your google work and you will find some details that either makes you think of this company as trustworthy or not. Or maybe there are other companies with the same product which you would rather trust?
One thing to notice is that in the end your setup should cover most if not all aspects that I have mentioned above. Now you can either choose to use many different products (e.g. if they are free) or use on paid solution that covers everything at once. In any case, don't forget about stuff that might get installed but be useless to you. E.g. at some point I found my setup to have 3 different call blockers and 4 different sms blocker installed.
I have made a list of a few picks that I would recommend:
Must-HaveSuperSU / Rooted device (Click for Google play): 99% of all apps & configurations listed here will need your device to be rooted. Also SuperSU gives you a good overview about which apps have root access and is a good tool to configure those apps.
Override DNS (Click for Google play): It automatically changes the used DNS Server for 2G/3G/4G/WIFI to whatever you want (e.g. NortonDNS which has malware & phishing protection but also is one of the fastest DNS providers available world wide). Currently it is the only app that works with Android 5.x.
AdAway (Click for download link): Lets you block ads, tracking, malware and phishing sites. I recommend the standard sources + www.malwaredomainlist.com/hostslist/hosts.txt
App Ops (Click for Google play): App Ops lets you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
KeePass2Android online/offline (Click for Google play): KeePass2Android comes as two different apps that you can choose from in the GooglePlayStore. One supports online syncing via various services so that you can sync your password database on all your devices (Android, Windows, OSX, Linux, iOS,... ). The other option is called "KeePass2Android offline" which completely removes all features that would require an internet connection. The App doesn't even have permissions for internet connections ! If you don't know KeePass, it is one of the oldest password managers around. It is opensource, has a lot of plugins and the leightweight but feature rich app supports nearly every device & operating system. On Android you can even log into websites from the browser via KeePass2Android by clicking -> Share -> KeePass2Android -> Log into your database -> it will automatically get the right login data for the website you are currently browsing and pastes it into the login fields. My personal setup: KeePass2Android offline with another syncing/backup app that will sync my passwords via my own server. On my laptop I use KeePass with a plugin which replaces my browsers built-in password manager with KeePass.
GSP - Good Security Practice (Recommendations)Disable untrusted certificates (Android 5.x) (Mozilla Firefox list of allowed certificates): Use a source you trust and check what certificates they usually allow in their software (e.g. Mozilla Firefox). Then check that with what is enabled in your Android's security settings and disable whatever Android has enabled but e.g. Mozilla Firefox doesn't.
A very recommended app is "Trust Manager (Click for Google play)" by Bluebox. It lists all certificates on the phone and sorts them by categories which makes it easy to disable all untrusted certificates within two clicks.
Encrypt your phone: Enable encryption of your Android device.
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
VPN if you use public WIFI: I also recommend the use of a VPN from a trustworthy VPN provider. They don't cost too much and improve your security & privacy on public wifi a lot. Avast offers a great VPN service. Actually their app makes their services superior to me comlared to other VPN providers and apps. You might want to try the Avast VPN 14-day-trial.
Firefox (HTTPS-Everywhere + Adblock Edge) > Chrome: Firefox seems to be the winner in terms of privacy and security. But on my system Chrome is a lot faster than Firefox.
TextSecure > Telegram > WhatsApp > Facebook: Telegram was my favorite choice until @muppetmania and @bmstrong informed me about flaws and trust issues with Telegram. Instead it is highly recommended to use TextSecure. It is available on iOS and Android. Feature wise it might not be as good as Telegram (e.g. missing desktop client for windows/osx/linux) but I believe that this is a fair trade for privacy.
The bottom line
I tried to give a little overview of what kind of protection is available and what it does. I also added my choice of tools which will provide you with protection. It is up to you to decide whether it is useful in your case (based on your phone-behavior) and if you are willing to pay money for it or rather use free services. I will gladly help you with any questions or configuration/setup related things. Please let me know if you have any suggestion or corrections so that I can improve this thread !
Useful resources / links
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
https://youtu.be/seNHe5oMquw
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/
https://securityinabox.org/en
http://www.infoworld.com/article/29...managers-for-pcs-macs-and-mobile-devices.html
https://www.reddit.com/r/trackers/comments/30xtk9/trackers_security_and_you/
AV tests & comparisons:
http://www.av-test.org/en/antivirus/mobile-devices/
http://www.av-comparatives.org/mobile-security/
Thanks to:
Yuki2718 @wilderssecurity.com for teaching me a few things
@bmstrong for useful links and suggestions
@muppetmania for pointing out flaws and trust issues with Telegram !
Changelog:
01.08.2015 - Removed Telegram and replaced it with TextSecure
28.06.2015 - Updated useful resources & links
08.06.2015 - Updated useful resources & links
06.06.15 - Added "Trust Manager" by Bluebox to quickly and easily disable a punch of root certificates. Also added Avast VPN app
22.05.15 - Added a good link/explenation on non-trustworthy certificates that are installed on mobile devices out of the box ( https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/ )
18.04.15 - Added ressources for AV tests and comparisons
07.04.15 - Added more useful resources & links
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
10.03.15 - Added useful resources & links
06.03.15 - Added "password managers" and "KeePass2Android online/offline" as recommended password manager
01.03.15 - Added a more detailed description of DNS and why you should care about it
28.01.15 - Fixed typos and grammar
zakazak said:
Changelog:
28.01.15 - Fixed typos and grammar
Click to expand...
Click to collapse
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
bmstrong said:
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
Click to expand...
Click to collapse
Thanks, I might add those later but I wanted to keep this guide as "easy" as possible so that every "normal" android user could increase his security and privacy with simple tools in a short time. E.g. yubikey is awesome and a very interesting topic but not very handy for the average guy?
01.03.15 - Added a more detailed description of DNS and why you should care about it.
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Good suggestion, I have a few more and will add both (your link) and my stuff to the thread
KeePass2Android offline + KeePass on desktop + syncing via own server = win !
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Aaaaand it's done ! Added password managers to the OP.
zakazak said:
Aaaaand it's done ! Added password managers to the OP.
Click to expand...
Click to collapse
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
bmstrong said:
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
Click to expand...
Click to collapse
bmstrong said:
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
Click to expand...
Click to collapse
Thanks ! I added all the links to the OP and mentioned you for giving such great feedback and suggestions
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
bmstrong said:
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
Click to expand...
Click to collapse
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
zakazak said:
10.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
Click to expand...
Click to collapse
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
bmstrong said:
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
Click to expand...
Click to collapse
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Utini said:
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Click to expand...
Click to collapse
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Cyclu said:
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Click to expand...
Click to collapse
You are right, XPrivacy seems to be a really nice tool but I haven't been able to try it myself (as it is not compatible with Android 5.x) which is the reason why I haven't added it to the list yet
I might give it a try on my Nexus 4 with Android KitKat !
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
bmstrong said:
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
Click to expand...
Click to collapse
Once again thanks for your input. I added them to the OP but I am still really busy with my job/reallife. I hope I can improve the OP soon.
Question about choices
Utini said:
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
Click to expand...
Click to collapse
Hi, I've been juggling this question for a few days now and I'm hoping you will have an answer to assist me. First, I have read your post and this is absolutely what I have been looking for for the past few weeks. Thanks has been given and I hope you keep this up. Second, I read the wildersecurity link but still do not have an answer to this question.
Why choose ESET Premium over BitDefender. Can you tell me what one offers that the other doesn't? I've been leaning to BitDefender only because I have and use an Android Wear device. Again, thank you for any assistance or time.