Related
At the risk of being attacked for being a total noob, I must say this.
<rant>
I have an ipad.
I have an iphone 3gs. Apple won't let me tether the iphone 3gs to my ipad, because they are evil and greedy (for no other reason).
And because they are evil and greedy, I've chosen to buy another phone (htc desire) that I was told would wifi tether because it was running the latest version of android bla bla bla. You get the picture.
I should have done my home work. Turns out, I have to root the phone? Which could brick it, and cause a nightmare of issues. Also, the wifi tether doesn't actually work properly. You have to manually assign an ip address and can only use WEP. Bah!
HTC doesn't even support syncing the phone to a MAC. You can tell they are really interested in gaining market share (not).
Am I the only person who just wants this phone to tether to an iPad and do the other normal phone things with no hassle? I'm all for advancing technology by way of bricking your expensive phones etc. But sometimes things should 'just work' *laughs at self for saying something so apple'esque*
</rant>
Just plug it up with the USB... the Desire has built in tethering capabilities.
Nope.
Whiterin said:
Just plug it up with the USB... the Desire has built in tethering capabilities.
Click to expand...
Click to collapse
With a macbook, no it doesn't.
With an iPad. Definitely not.
wtf
p.s. This isn't a Theme and App topic, so to the mod who moved it. wtf?
This is about android development for the HTC Desire.
Blame Steve Jobs for that. He does not allow it.
This is not Android issue.
Sirako5 said:
With a macbook, no it doesn't.
With an iPad. Definitely not.
Click to expand...
Click to collapse
gogol said:
Blame Steve Jobs for that. He does not allow it.
This is not Android issue.
Click to expand...
Click to collapse
I know it's not an Android issue, but android exists to offer alternatives to Steve Jobs and apples monarchy. So I was hoping somebody would figure out a way successfully create a wifi tether application that works without rooting and potentially bricking the htc desire. Maybe the android people at google could make this an out of the box feature, to cut into apple's market share.
Well, if tethering is disabled on apple devices, then it's probably not going to work (for very long at least) even with a root or a new feature.
When your phone creates a wifi network, how would the apple device know what it is? If you ensure your wifi network is a standard protocol, the mac, iPad whatever can't tell. It just connects, provided the phone does the wifi part properly.
iPhone developers created myWi, works with no issues at all. Costs $10 bucks.
I'd pay $20 bucks for a working version on the HTC Desire.
wifi tether work after rooting.. install "wifi tether", you can find it in android market..
then read this guide:
1) started wifi tether on desire
2) connect iPad (or any other device) to desire wifi network
3) set ip static on iPad (or any other device):
IP address 192.168.2.100
subnet mask 255.255.255.255
gateway 192.168.2.254
dns 192.168.2.254
4) ping with terminal emulator command :
ping 192.168.2.100
5) killed ping
6) goto safari (or any other internet browser) and surf on web .....
100% working
Yeah,
I get that you can get it working, and I appreciate your tips.
However the point remains, that as a consumer, and purchaser of a phone that is meant to compete with the iphone. I should not have to root my htc desire, and screw around with ip addresses and subnet masks, just to get this phone to do something my iphone can do.
Get it?
Your iPhone can't do it though. If it could you wouldn't be ranting in here, would you?
If you are unhappy with having to actually do something that requires very, very little effort then I suggest you stick to Apple products.
Both apple & HTC disable these options for many reasons. At least you can by pass this block in your HTC via rooting. Just follow all the great advice from these forums and you'llbe safe. And if you brick your phone it sounds like you can afford a replacement as you already have a iphone, ipad, htc, etc
-------------------------------------
Sent via the XDA Tapatalk App
randomsuffix said:
Your iPhone can't do it though. If it could you wouldn't be ranting in here, would you?
Click to expand...
Click to collapse
My iphone CAN do it. It's called mywi. I explained this in the first post.
randomsuffix said:
If you are unhappy with having to actually do something that requires very, very little effort then I suggest you stick to Apple products.
Click to expand...
Click to collapse
I'm unhappy that HTC doesn't make the phone sync with a MAC by default. I'm also unhappy that creating a wifi from the phone is something you need to root the phone to do. I'm also unhappy that to do it on a HTC Desire requires additional steps which include ****ing around with ip address's and subnet masks.
I'm right when I say, that HTC and the Android community need to spot the market share and steal it.
Not everyone can be bothered figuring out how to download roms and root phones. If this functionality came out of the box, it would be a major selling point.
I'm unhappy that HTC doesn't make the phone sync with a MAC by default. I'm also unhappy that creating a wifi from the phone is something you need to root the phone to do.
I'm right when I say, that HTC and the Android community need to spot the market share and steal it.
Not everyone can be bothered figuring out how to download roms and root phones. If this functionality came out of the box, it would be a major selling point.
Click to expand...
Click to collapse
I agree that the things you stated would be sweet to have. I've rooted my Desire just to tether and to run Apps from SD. However, WiFi tethering still isn't hassle free. Sure I'll use it if I really have to, but at this point it certainly isn't something.to show off to people. Symbian phones can do it without hacking, using Joikuspot app (currently $5). Come to think of it, doesn't the Palm Pre also offer WiFi tether out of the box?
I've had the Desire for 2 weeks now, I kind of like it, but find that Android isn't really much more open than iPhone OS. On a jailbroken iPhone, I can do pretty much everything, I can on my rooted Desire, except for the obvious things as is LED flash and Flash Lite in the browser. None of which are really great.
About syncing with your Mac, comming from an Apple only set up I had the same issues. I suggest you try googling for SyncMate and you probably already know DoubleTwist for syncing media.
As last word of advice, keep your iPhone, I sure will mine.
-------------------------------------
Sent via the XDA Tapatalk App
Sirako5 said:
I'm also unhappy that creating a wifi from the phone is something you need to root the phone to do. I'm also unhappy that to do it on a HTC Desire requires additional steps which include ****ing around with ip address's and subnet masks.
I'm right when I say, that HTC and the Android community need to spot the market share and steal it.
Not everyone can be bothered figuring out how to download roms and root phones. If this functionality came out of the box, it would be a major selling point.
Click to expand...
Click to collapse
You're unhappy about this, you're unhappy about that. You can be unhappy as much as you want but that's how it's working right now. I know that it's a hassle using Wi-Fi tether on the desire right now. But it'll get better. You can't just say "Make it so" and expect it'll be done. The guys on this forum are trying the best they can. You don't like it there are alternatives.
And as you said in the first post, you would have known all these issues if you informed yourself better before purchasing the phone, and not complain that this is somehow a problem that android or the devs here created.
You are wrong and sound stupid. Wifi tethering is not free nor is it an option so if you want it you have to root your phone. Why should wifi tethering be free? Not to mention the palm pre plus and palm pre pixie come with the app from Verizon, the sprint versions do not. The evo comes with sprint hotspots. If you don't have a hot spot app blame your carrier not android moron.
Sent from my Nexus One using Tapatalk
Your iPhone can't do it though. If it could you wouldn't be ranting in here, would you?
Click to expand...
Click to collapse
My iphone CAN do it. It's called mywi. I explained this in the first post.
If you are unhappy with having to actually do something that requires very, very little effort then I suggest you stick to Apple products.
Click to expand...
Click to collapse
I'm unhappy that HTC doesn't make the phone sync with a MAC by default. I'm also unhappy that creating a wifi from the phone is something you need to root the phone to do. I'm also unhappy that to do it on a HTC Desire requires additional steps which include ****ing around with ip address's and subnet masks.
I'm right when I say, that HTC and the Android community need to spot the market share and steal it.
Not everyone can be bothered figuring out how to download roms and root phones. If this functionality came out of the box, it would be a major selling point.
Click to expand...
Click to collapse
If ya can't be bothered why bother getting one in the first place. And people come here for help with rooting and ROM s that's what the whole sites about.
If you not rooting or have questions rooting related then ask on a forum for USERS not devs.
Sooo glad I never went an got a iPad poo. Even better the HP tablets out soon.
An if your out with it ipoo just sit in McDonald's and get free WiFi or just buy a WiFi router..........
-------------------------------------
Sent from my HTC Desire
If you don't have a hot spot app blame your carrier not android moron.
Click to expand...
Click to collapse
Well it doesn't have anything to do with the carrier if one's not living in the US. I can tether my phone as much as I want. In Europe we pay for data volume not for the way we use it. Sadly the US trends seem to be spreading to the EU more and more, so maybe one day our freedom of consuming mobile data will end also.
-------------------------------------
Sent via the XDA Tapatalk App
Sounds like you should have just bought an old 2nd hand crappy winmo 6.1 device and used the wifi tether on that with the sim out your iPhone.
You people are ****ing nuts. (Excluding the nice mac user who wrote some nice things about his experience)
If we could go back a few hundred years, you'd be the kind of people trying to convince yourselves and others, that the african american slaves should be happy with what they've got, and that the right to vote and full pay is pie in the sky and shouldn't be free.
If HTC and android figured out a way to make wifi tether come out of the box, do you think HTC phones sales would drop? or increase?
If HTC offered supported software to tether and sync their phones to macs, do you think their phone sales would drop? or increase?
I'm not asking for something that is impossible or expensive. It is not included out of pure laziness. It's not included because you're happy with what little you get for free from the hard working developers in this community who are working on it, because there is no alternative.
To the iphone guy who advised I keep my iphone. You're right. I will. It was stupid of me to expect HTC and android could come close to replacing it. And I imagine this will continue to be the case until HTC learns to take care of their apple users who are wishing to defect.
Ok so I have another noob question. Do I need some kind of firewall and antivirus program on my tab? I mean I spent a ton protecting my laptops and desktops, so is the tab already somehow pretty well protected or do I need something?
And if so what do you recomend
Sent from my SCH-I800 using XDA App
Get Lookout from market, it's free. Thats what I use as a antivirus program. It has some other extra features with it too.
By default Android does not accept connections from the outside unless you tell it to.
So for a firewall, to stop applications from accessing the internet (wifi or 3G) you can try Droidwall. It doesn't work with ClockWorkMod though because of the older version of busybox built in to it. So if you are not using ClockWork for your recovery, it should work.
There are very few (only heard of one so far) viruses that have hit smartphones as of yet. But it is good to be prepared.
you do NOT need an antivirus for an android device as it is present... All those reports you see of viruses on android are done by the company MAKING the antivirus software
drksilenc said:
you do NOT need an antivirus for an android device as it is present... All those reports you see of viruses on android are done by the company MAKING the antivirus software
Click to expand...
Click to collapse
What do you mean it is present? I didn't know android came with antivirus software. Yes, I have heard teh argument that antivirus software company are the ones making the viruses. But the fact is ( whatever the truth is) if you get hit with one, its still a pain. Since its free for now, go for it.
PS. Viruses has been on a decline though for computers and none made for smartphones yet. Lol maybe symanctec is had to cut cost and got rid of their programmers. I know Mcafee just got sold to Intel. Or maybe they are all waiting for the right time to release them when everyone's guard is down. Do I smell conspiracy Either eay, if the stuff on your phone is important, protect it.
You don't need one.
bpt888, drksilenc didn't mean the antivirus app makers were making viruses, he said that they were the only ones reporting on them.
What has been reported so far have not actually been viruses. It seems you have fallen into the trap those who make apps like lookout want people to fall into.
They report on things like, apps requesting device id's etc. You can see that an app will do this by looking at the permissions it asks for. eg, no need for an "antivirus" app.
If you actually read the "virus" reports from these companies, you'll see nothing is needed.
There are no viruses on Android.
None
Zero
Nil
Android anti-virus programs are a worthless waste. Actually less than worthless, as these useless programs just slow down your system for no benefit.
Android isn't Windows, it doesn't have holes the hackers can easily drive through.
If you concerned about your privacy install firewall (Droidwall for example) and tune its setting to block wallpaper or some other apps connecting to somebody you don't know.
Sometimes applications request internet access without good reason raising doubts in their purpose.
You will need to obtain root privileges to run firewall. Ironically this might lower your Tab protection against network intrusion. However, none of this is known threat unless you unknowingly install trojan and any other malware.
No virus software needed. Seriously it is a waste of time.
Sent from my SCH-I800 using XDA App
Geletis said:
Android isn't Windows, it doesn't have holes the hackers can easily drive through.
Click to expand...
Click to collapse
Sorry, but this is just FUD.
Windows is far more secure than most people give it credit for - it's just that it is the target for 99% of all attacks because it is so ubiquitous.
If and when Linux achieves some sort of relevance on the average consumer desktop, I'd expect to see a lot more attacks targeted its way and a corresponding increase in security issues.
Regards,
Dave
foxmeister said:
Sorry, but this is just FUD.
Windows is far more secure than most people give it credit for - it's just that it is the target for 99% of all attacks because it is so ubiquitous.
If and when Linux achieves some sort of relevance on the average consumer desktop, I'd expect to see a lot more attacks targeted its way and a corresponding increase in security issues.
Regards,
Dave
Click to expand...
Click to collapse
I agree, but surely the way that Linux (and Android) is made makes it inherently more secure? Without root access there's not much that can be done to truly compromise a Linux system, and Android sandboxes everything
TheGrammarFreak said:
I agree, but surely the way that Linux (and Android) is made makes it inherently more secure? Without root access there's not much that can be done to truly compromise a Linux system, and Android sandboxes everything
Click to expand...
Click to collapse
I agree there's a certain degree of additional security provided by sandboxing, but we've already seen APKs (e.g. Z4Root) that can gain root access, so it's not infallible. It is one of the reasons that I use Chrome on all platforms - if you check out Pwn2Own, Chrome has yet to fail, and that it mostly due to sandboxing - however, it is not a panacea!
There is definitely an element of "security through obscurity" around non-Windows OS's. Note the use of the word "element" - I'm not saying that Linux or any other OS are insecure, just that they are attacked less than Windows.
The point is that modern Windows is far more secure than most people realise - any OS given the same amount of attention by the "bad guys" in comparison to others. Vulnerabilities exist in all OS's and will continue to found and exploited.
I'm in full agreement that currently the real security threats on Android are down to users not paying enough attention to the permissions that an app requests when it is installed, but this will likely change as Android gains popularity.
I do pay attention to the apps I install, so I personally don't feel the need for any kind of security suite on Android at present.
Regards,
Dave
Cool, thanks for your thoughts.
Sent from my Galaxy Tab
Im rather clueless as to how Android tablet encryption works and any limitations it may give you.
Does anyone here encrypt and if so any downsides (speed , rooting , roms , etc ?)
I will not encrypt, because that will affect performance for sure. Even a tiny bit, I don't want it
xManMythLegend said:
Im rather clueless as to how Android tablet encryption works and any limitations it may give you.
Does anyone here encrypt and if so any downsides (speed , rooting , roms , etc ?)
Click to expand...
Click to collapse
Not sure if it was the 10.1 or the 8.9 that had hardware encryption built in but Samsung does have hardware encryption.
Have we found anything more about this? I was under the impression that both devices would have the hardware encryption, but there is very little discussion of this one way or the other.
Given that Samsung seems to be targeting the enterprise market with all the fancy Cisco and SAP features, it would make sense that they included hardware encryption as well.
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
I'm not an expert on these exploits but wanted to share.
https://thehackernews.com/2017/05/oneplus-mobile-vulnerabilities.html
1 - 3 : disable auto update & download only from oneplus site ?
4 : I've never used public wifi anyway, the speed sucks.. lol
While these are not exploits per se, somethings are to consider.
1. I consider the ability to downgrade a plus. This makes attacks 2 and 3 irrelevant. Yes it's possible and for a good reason.
2. Public WiFi are to be avoided. At all costs. No device is truly save.
What I consider a serious problem is the transmission over http. There is no good reason to not use https nowadays. Every connection should use it and there is no excuse not to. It's easy, cheap and has no downsides.
But really, to leverage those "exploits" the attack would either need to be able to sign the update with OnePlus private key or downgrade your phone and then carry out an attack over a bug that was already present. Not impossible, but complicated and highly unlikely.