Chrome2Phone -- Exploitable? - Nexus One General

Had the thought that perhaps the new feature, to send your nexus a direct link from your computer, might be exploitable by some unfriendly people.
What do you all think the risks are, if any?
If it can tell your phone to open the browser and launch a website, whats to stop someone from telling your phone to buy ten thousand copies of Conan the Barbarian, or destroying itself and catching on fire. Kidding of course, but you get what i mean.

Very difficult. It'd be just as likely as someone stealing your Gmail account.

Mmm, ok. Thought I would ask
It has the potential, under the right circumstances, to be used for evil though! EVIL!

I'm not entirely sure, but from what I understand all intents go through google servers. I assume google is doing checks for malicious behaviour on their end.

Don't you have to register a phone to a gmail account and be logged into that account to send to the phone?
Haven't tried the app myself make it wouldn't make sense any other way ;-)

You have to be logged in. And i thing info is sendt via google servers, so unless someone steals your google account, i think you should be safe

it only triggers the browser or maps. I guess the risk would be real, but on the phone side you have the option to set it to do nothing but notify you FIRST prior to any action. If you didn't initiate anything, then you could click cancel at that time.

chromiumcloud said:
it only triggers the browser or maps. I guess the risk would be real, but on the phone side you have the option to set it to do nothing but notify you FIRST prior to any action. If you didn't initiate anything, then you could click cancel at that time.
Click to expand...
Click to collapse
one of the things being worked on is making the phone dial a number selected on the browser. that could get interesting

I believe that Google are running a closed beta at present too, so the only people that can write apps that use cloud messaging will have been vetted by Google.

All the components of the extension (chrome extension, android application and application server) are open source, what prevent anyone from developing an other extention that use google cloud service to communicate with android ?

ludo218 said:
All the components of the extension (chrome extension, android application and application server) are open source, what prevent anyone from developing an other extention that use google cloud service to communicate with android ?
Click to expand...
Click to collapse
All of the messages go through the Google servers

As I understand, the application engine part of the extension (which runs on google application engine) register itself to "the cloud" using google api. Anyone should be able to use these api, no?

It most certainly could be exploited. I can think of a javascript exploit that would work right now.
However the consequences of an exploit are severely limited by the security model that Android uses. Something can not run in another security context unless you allow it to.
The day "Chrmoe2Phone" asks for root access is the day it should be removed from your phone. Until then they most it could do is tell an app to do something that you've already allowed that app to do (which could arguably be undesirable things).
The user needs to explicitly permit all security privileges in Android remember (read that app install page with security details!). If it can do something, you've permitted it to do so.

tanman1975 said:
one of the things being worked on is making the phone dial a number selected on the browser. that could get interesting
Click to expand...
Click to collapse
That is true, but if i recall correctly, when you choose a phone number link from the browser, it will bring the number up in your dialer application, but you must initiate the call with the green call button, so there is a level of security there.

actually this could be a pretty nifty security feature. Is the phone gets stolen how great would It be to able to enable the gps, camera or mic? Given proper security protocols of course...

@tanman1975
Didn't think of that one. T'would be a very powerful tool against the robbers out there. Nice.

Related

4million people downloaded data-stealing Android app

http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Mike Luttrell | Thu 29th Jul 2010, 08:30 am
A seemingly innocuous Android app that let users change their phone's wallpaper has actually been stealing private user information and may have been downloaded millions of times.
Users should be concerned if they downloaded an app from "Jackeey Wallpaper." While it does perform the functions described in the app download page, it also ends up taking the phone's Internet browser history, mobile phone number, every single text message, and voicemail password. That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
http://phandroid.com/2010/07/29/another-app-stealing-data/
[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.
We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.
Click to expand...
Click to collapse
So no SMS, browsing history or voice mail password taken.
FOR REAL?!?!
All your data belongs to somebody else
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Free isn't free: http://www.androidpolice.com/2010/0...t-all-your-data-are-belong-to…-somebody-else/
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
It's not like it doesn't show you the stuff when you install apps.. And this "Genome Project" thing is out of context nonsense.... 14% of free apps have access to your contacts. You realize that includes IM programs, SMS programs, Email programs, etc....
If you install a wallpaper app that requests access to your Accounts and Contacts, well....
http://www.cyrket.com/search?q=Jackeey+Wallpaper
I don't see such permissions on the 2-3 I looked through, but maybe specific ones did.
Another thing about this "lookout" app and Genome Project.. Look at the permissions on their app on the market:
Permissions: ACCESS_COARSE_LOCATION , ACCESS_FINE_LOCATION , ACCESS_NETWORK_STATE , CLEAR_APP_CACHE , DISABLE_KEYGUARD , GET_ACCOUNTS , INTERNET , MANAGE_ACCOUNTS , MODIFY_AUDIO_SETTINGS , PERSISTENT_ACTIVITY , READ_CONTACTS , READ_LOGS , READ_OWNER_DATA , READ_PHONE_STATE , READ_SMS , READ_SYNC_SETTINGS , READ_USER_DICTIONARY , RECEIVE_BOOT_COMPLETED , RECEIVE_SMS , VIBRATE , WAKE_LOCK , WRITE_CALENDAR , WRITE_CONTACTS , WRITE_SETTINGS , WRITE_SMS , WRITE_SYNC_SETTINGS , WRITE_USER_DICTIONARY , com.android.browser.permission.READ_HISTORY_BOOKMARKS , com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
What if the 'AV' software itself turns out to be the one stealing data? If anything could, it could.
we get that all apps ask for permission to allow access to our location, contacts, emails etc....but to gather our private info and sell them to China.....thats messed up.
time to sue.
That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
question:
if this app was downloaded and used by US government....would it be considered as a SPY? lol
It's a big deal, but it illustrates very well that android users are in a ffa environment without someone looking over their shoulder to protect them.
It's good and bad. Some people will call bad on google for not protecting them, but others will see it for the truth of it and know they have to cover their own ass.
Wouldnt a functional firewall app work for this?
cutting off apps access to non essential portions of data...but also from data transmitting?
Flixster is malicious??
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
and what about all the gmail notifiers?
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
bwolmarans said:
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
Click to expand...
Click to collapse
The same things are possible for a regular computer as well. You can connect to a site and it could execute a download that then snoops your keystrokes and uploads them somewhere.
The difference (so far) is that on android you have to install an app to do that.
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
This will happen more and more. Mobile is where people are doing most of there communication and beginning alot of banking.
Not just Android all mobile OS.
Like I said a zonealarm/lilsnitch like app would be of great use. Even if logging or reading they still need to communicate out. An easy low mem/bat/cpu usage app that monitors this behaviour would go along way.
This is becomming a bigger issue and we do need some type of security alert monitor!
http://www.newsfactor.com/story.xhtml?story_id=13100EVAC2WI
"Mobile apps on Android-powered smartphones and Apple's iPhone can disclose more personal data than most users realize, security vendor Lookout revealed Wednesday at the Black Hat USA 2010 conference in Las Vegas. Rather than being malicious, users often give the apps permission to access data when they are installed...."
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Opps missed this post prior to posting my thread...
http://forum.xda-developers.com/showthread.php?t=739446
Arcarsenal said:
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
Click to expand...
Click to collapse
100% sure , I checked out the IP involved , and it pointed directly to their website !!!
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
GldRush98 said:
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
Click to expand...
Click to collapse
Use it then, who cares anyway ..!
Hope u get your gmail account hacked ...
samagon said:
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
Click to expand...
Click to collapse
Easy to say, but how do you 'verify where they come from and what they do'?

BBM, iMessage... what are the chances?

so since apple released whatever 'iMessage' for all apple products and its exclusive and what not, and all blackberry devices have BBM, how much do you gander android will release its own form of IM within the coming months before the release of icecream sandwich?
revamp of G-Talk... maybe? LOL that thing seriously need a big overhaul anyway.
a penny for your thoughts?
I personally like the idea of GTalk how it is now. They could just make sure its installed on every phone and maybe even put it on the first screen.
I like having it cross-platform and even available on the desktop.
Most of my friends have Android now, so more and more people are moving to GTalk.
I wish they would come out with a better desktop client though that'll do video rather than relying on the web one.
I think GTalk should be a feature they advertise more. Its already available on every Android phone, uses push for 2.2+ and works really well.
It would be cool
I would like to see google sync google talk across devices. Not sure if it could kill off SMS like everyone thinks though.
ethridgt said:
I would like to see google sync google talk across devices. Not sure if it could kill off SMS like everyone thinks though.
Click to expand...
Click to collapse
The nice thing is that it uses Jabber, so there's lots of clients out there that will support it...all with their own feature sets. So its easily cross-platform, just not always the official app.
I think iMessage is going to be hugely popular as it looks like it's built right into the normal SMS messaging application in iOS and is going to be automaticly used any time you are sending a message to another iPhone user. Once people get used to using the combined messaging app, it's going to be nearly impossible to convince iPhone users to install a 3rd party chat app.
I now think it makes sense for RIM to open up BBM to other platforms, as they have the best chance of getting people to install their app, and if they are going to lose customers to iPhones and Androids (which is clearly happening), it would be in their best interest to at least keep them as BBM users.
Frankly, Google really dropped the ball by not seeing what a big problem all of these propietary chatting protocols are going to be for alternative mobile platforms. Many people in places like Canada (where blackberry and BBM are very popular) fear switching from blackberry as it means giving up all of your BBM contacts, and it's going to be the same thing for iPhone users soon. We needed an open spec protocol like XMPP to be the dominant protocol so that anyone can make a client for any device, but there are parts of Google Talk that just don't meet what people are looking for.
Google Talk needs at least the following, in my opinion:
- Remove the ability to log out
- Delivery (and maybe read) status for messages
- Improved group chat (currently the implementation is clumsy and inconsistent)
- Improved media transfers (photos and videos, but also contacts and locations)
- Combine SMS and Google Talk applications into one messaging super app, like iMessage.
The biggest problem with Google talk is its currently not widely available on every android phone.
Google doesn't need to revamp gtalk. It just needs to make Disco the default messaging program like Apple has done with iMessage. It would need to add MMS and remove the requirement for creating groups before sending messages but I can't imaging either would be too difficult to do before ICS is released.
http://techcrunch.com/2011/05/23/google-disco-2/
Been wishing this was in gtalk since 1.6. I dont think they need to combine it with the SMS app if they keep the green circle next the contacts name when they are signed on in Gtalk.
If they updated the BB and IOS apps to work with the new Gtalk apps it could dominate. But like google maps with navigation, they reserve group chats and video chatting to the web client and android users.
http://www.cultofmac.com/androids-going-to-help-apples-imessage-kill-off-sms/99831
PrawnPoBoy said:
I think iMessage is going to be hugely popular as it looks like it's built right into the normal SMS messaging application in iOS and is going to be automaticly used any time you are sending a message to another iPhone user. Once people get used to using the combined messaging app, it's going to be nearly impossible to convince iPhone users to install a 3rd party chat app.
I now think it makes sense for RIM to open up BBM to other platforms, as they have the best chance of getting people to install their app, and if they are going to lose customers to iPhones and Androids (which is clearly happening), it would be in their best interest to at least keep them as BBM users.
Frankly, Google really dropped the ball by not seeing what a big problem all of these propietary chatting protocols are going to be for alternative mobile platforms. Many people in places like Canada (where blackberry and BBM are very popular) fear switching from blackberry as it means giving up all of your BBM contacts, and it's going to be the same thing for iPhone users soon. We needed an open spec protocol like XMPP to be the dominant protocol so that anyone can make a client for any device, but there are parts of Google Talk that just don't meet what people are looking for.
Google Talk needs at least the following, in my opinion:
- Remove the ability to log out
- Delivery (and maybe read) status for messages
- Improved group chat (currently the implementation is clumsy and inconsistent)
- Improved media transfers (photos and videos, but also contacts and locations)
- Combine SMS and Google Talk applications into one messaging super app, like iMessage.
Click to expand...
Click to collapse
+1, I totally agree with you.
It really has to be promoted. I have a lot of friends with Android devices whom doesn't even know that Gtalk exists, it's a real pain. It needs the option to login with a kind of a "PIN" maybe just like RIM has.
VicToR_AC said:
+1, I totally agree with you.
It really has to be promoted. I have a lot of friends with Android devices whom doesn't even know that Gtalk exists, it's a real pain. It needs the option to login with a kind of a "PIN" maybe just like RIM has.
Click to expand...
Click to collapse
why use a pin though? that just creates more hassle for everyone. why not just tell them to add your gaccount which has everything integrated... your number/whatever you want to share.
FaithCry said:
why use a pin though? that just creates more hassle for everyone. why not just tell them to add your gaccount which has everything integrated... your number/whatever you want to share.
Click to expand...
Click to collapse
Because as I can see, some of my friends with an Android device don't even use Gmail accounts, and there's when the problem using Gtalk begin!
VicToR_AC said:
Because as I can see, some of my friends with an Android device don't even use Gmail accounts, and there's when the problem using Gtalk begin!
Click to expand...
Click to collapse
Fair enough...but then are you telling me they aren't downloading any apps from the market then? And thus not optimizing the android system already? Because if they can access the market they should be able to use g chat ...
Sent from my Nexus One using XDA App
For it to work, any message system has to integrate with the default messaging app. Otherwise, it will be a failure. Apple did get iMessage right by integrating it with the sms app and make using it automatic (without any user input to setup).
^wait, so how does the phone know if the receiver is an iOS user and that the receiver has an internet connection? For iPads, there are no phone numbers associated with the devices. So how does iMessage integrate with the SMS app?
Currently you can see if the person is on gtalk in the SMS app by a green dot next to their name. That seems perfectly fine by me.
NexusDro said:
^wait, so how does the phone know if the receiver is an iOS user and that the receiver has an internet connection? For iPads, there are no phone numbers associated with the devices. So how does iMessage integrate with the SMS app?
Click to expand...
Click to collapse
Actually, even iPad 3G users have a phone number (it just isn't visible to the user). My guess is it will do contact matching (which will check the contact's email against itunes accounts and the phone number). The phone number will probably be automatically registered to your account when you login to your phone with your itunes account. So it isn't hard to do that simple matching.
moelester518 said:
Currently you can see if the person is on gtalk in the SMS app by a green dot next to their name. That seems perfectly fine by me.
Click to expand...
Click to collapse
Which sms app? I don't see any green dots (or spaces for them) in the default app, or handcent.
I'm on CM7. Is this a feature in stock roms?
bozzykid said:
Actually, even iPad 3G users have a phone number (it just isn't visible to the user). My guess is it will do contact matching (which will check the contact's email against itunes accounts and the phone number). The phone number will probably be automatically registered to your account when you login to your phone with your itunes account. So it isn't hard to do that simple matching.
Click to expand...
Click to collapse
But what if I switch between iphones and other phones all the time?
J.L.C. said:
Which sms app? I don't see any green dots (or spaces for them) in the default app, or handcent.
I'm on CM7. Is this a feature in stock roms?
Click to expand...
Click to collapse
You can see who's online on Gtalk on the stock contact list.
NexusDro said:
You can see who's online on Gtalk on the stock contact list.
Click to expand...
Click to collapse
Yep, you can. But the contact list isn't an sms app

Google drops Exchange ActiveSync. What does it mean for Windows Phone?

Starting February 1st 2013, Windows Phone users won't be able to create full Gmail accounts on Windows Phone. Does Microsoft have a plan?
This afternoon Google has announced the discontinuation of their support of Exchange ActiveSync (EAS aka the standard for many who use email) after January 30th 2013. The question you may be wondering is, how does it affect Windows Phone?
More here from Windows Phone Central http://www.wpcentral.com/google-drops-exchange-activesync-what-s-it-mean-windows-phone
Is this going to affect you ? I sync email, contacts and calendar from google so will this be shut off to existing users who are already setup at the end of January ?
I don't really want to move all my gmail stuff which is work related to microsoft, and I also don't want to give up my 820 so this has thrown a spanner in the works for me.
This means:
1. If you already have your Gmail account set up as a Exchange ActiveSync account on February 1st, it will continue to work for you.
2. If you try to add a new Gmail account (or delete your existing one and try to re-add it, or get a new phone/device/tablet) after February 1st, you will no longer be able to connect it as an Exchange ActiveSync account, which means no tasks, calendar, and contacts.
3. Calendar sync has already been disabled, so if you try to add a Gmail account and sync your Calendar to your phone as of yesterday, it will no longer sync your Calendar.
4. You can still connect your Gmail e-mail using IMAP or POP3, so mail will continue to function after February 1st. Though you may have to recreate your account so that it works properly.
5. This affects any device that uses Exchange ActiveSync as a way to sync information through Google. So not just Windows Phone, but Microsoft Outlook, some older Nokia and Sony devices, other random devices/phones.
Ah thanks
Sent from my RM-825_eu_euro1_217 using Board Express
If you are using Google Apps and hosting a custom domain, nothing should change for you. As far as I know, even Calendar sync still works. However, Google Apps no longer offers a free version, that happened about two weeks ago, most likely in preparation for killing off EAS.
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
jasongw said:
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
Click to expand...
Click to collapse
OOH, wow, I didn't know they offered that for free, I was about to buy an exchange email thru rackspace! Might have to give that a go.
jasongw said:
A few months ago this would have really irked me, but when I decided to try Outlook.com, it won me over. More importantly, thanks to Microsoft's free Live Domains hosting service, I've moved all my private, custom domains over to use Outlook.com as the default provider.
It's a safe bet that Microsoft will never discontinue support for Exchange Activesync, so I'm actually really happy. Plus, the deep integration with SkyDrive and other MS services means, simply enough, that I don't really give a **** what Google does anymore. I don't use their mediocre online office tools, nor their Drive service, nor their excellent but ultimately irrelevant in the face of Nokia, maps service. On top of that, the TubePro app for WP8 is far superior to the Google provided Youtube app on iOS or Android, so again, I'm not at all worried.
Windows phone 8 doesn't *need* Google.
Click to expand...
Click to collapse
Could I please ask something about the Live Domains thing. What sort of control do you get on top of a normal Outlook.com account? Can you switch off ads like with a Google Apps account? I have a free Apps account right now and not sure whether to pay for it or move to an Outlook.com account and switch my domain over to Microsoft.
Http://domains.live.com to sign up.
What you get when you setup your domains for the Outlook.com servers, which is fairly simple (it involves proving domain ownership via DNS TXT record creation, and assigning new MX records to point to Microsoft's servers), is basic but robust. You can't turn off ads, but what you can do is create as many free email accounts as you want. Each is an official "Microsoft Account," which means of course that you get the same access to SkyDrive, office web apps, People (for contacts), Calendar, and so on, all wrapped in the sexy new UI. As the admin, you do have access to delete these user accounts, so ideally you won't be a **** to those you give accounts to .
If you want, you can also give away free email accounts on your domains. The first 500 are automatic and free, after that you have to ask them to up your limit, but it's still free (not sure if there's an upper limit, but it's something I'd like to test .
The Outlook.com UI of course offers gobs of advanced filtering options that are user manageable.
Screenshot of the main Control Panel UI attached. There are several more pages of options I didn't show because of course they have personal data, but suffice to say there are a fair few options. Plus, you can do co-branding if you want, which is slick in and of itself.
Now that I think of it...I need to set something up for that
The Jones said:
Could I please ask something about the Live Domains thing. What sort of control do you get on top of a normal Outlook.com account? Can you switch off ads like with a Google Apps account? I have a free Apps account right now and not sure whether to pay for it or move to an Outlook.com account and switch my domain over to Microsoft.
Click to expand...
Click to collapse
Awesome reply. Thanks.
Sent from my RM-825_eu_euro1_217 using Board Express
Google will be removing Google sync support for WP. They called it "Winter Cleaning".
So Google contacts and Calender sync will not be available.
I say, if Google is rejecting WP, then Why doesn't Microsoft STOP Android OEMs from using Microsoft's PATENTS. Those Patents for which Android OEMs need to pay to Microsoft for every Android device they sale.
Sent from my GT-S5570 using xda app-developers app
Apourv said:
Google will be removing Google sync support for WP. They called it "Winter Cleaning".
So Google contacts and Calender sync will not be available.
I say, if Google is rejecting WP, then Why doesn't Microsoft STOP Android OEMs from using Microsoft's PATENTS. Those Patents for which Android OEMs need to pay to Microsoft for every Android device they sale.
Sent from my GT-S5570 using xda app-developers app
Click to expand...
Click to collapse
because that there is more income than all of windows phone
Win.
Inviato dal mio ST26i con Tapatalk 2
Hate it when companies stop providing features just to push themselves and make other services/companies look bad.
Google's been a **** to Microsoft for a while now. Google pushes the abysmal mobile site that works on my ancient Nokia 5200, instead of the nice version to iOS and Android, to WinPhone7, the Youtube app is ridiculous, no maps. I bet Microsoft is a **** to Google too, but this whole thing sucks.
So then Microsoft goes around and doesn't give Google+ any love (Google+ is still trying to force me to use it, but I wont have any of it.)
Google's increasingly getting on my nerves and being more and more pushy, like a stalker. Reading my mail to push me ads, saving my searches to push me ads, it's just pissing me off. It's been consistently useless for all except domain name searching (For eg. if I want to find the official site for a product). Bing needs to up it's game so I can move to an alternative.
Apple is a master at this game too - they don't want to improve their touch APIs for WebKit, or make it open. They wont show any love to Microsoft's alternative touch API which even Chrome and Firefox people are supporting.
I'm trolling google everyday by using adblock.
Yeah, in 2013 ppl still don't know that such a tool exists...ffs
mcosmin222 said:
I'm trolling google everyday by using adblock.
Click to expand...
Click to collapse
that's a big 10-4....
As far as "reading my email" goes, anyone that isn't encrypting their emails is fooling themselves if there is any belief it is private, at any point along the intraweeb.
To support google's ecosystem, which MS will have to if they want to be competitive, they will need to adopt CalDAV and CardDAV, which is no bad thing because it gives us consumers choice.
The days of pushing proprietary technologies are, thankfully, over.
But how are consumers affected by these kind of technologies? It is not as obvious as using WP over android, or the other way around.
Microsoft exchange is still used by the overwhelming majority of people on this planet. Pretty much every single email service, apart from the one provided by Google and some business specific emails, uses this system. Almost every single email user on the planet has another email address than google.
Google is just afraid of microsoft cutting their services, that's all.
As a email user of this planet, I could not care less what technology lies behind my email address. It could MS exchange, it could be google's new framework. I don't care. And why? because the end result is basically the same: I can check my email address.
On the other hand, dropping support of such services disrupts my ability to check my email from my WP, for example. Now what? I don't see any benefit from that, only more tiresome things to do. Will I see Windows Phone as the problem? Hell no!. Google will be my problem. Will I drop google services? very likely.
Just as a side-note, the only google service is use is their search, because bing is nowhere near as powerful in my region.
mcosmin222 said:
But how are consumers affected by these kind of technologies? It is not as obvious as using WP over android, or the other way around.
Microsoft exchange is still used by the overwhelming majority of people on this planet. Pretty much every single email service, apart from the one provided by Google and some business specific emails, uses this system. Almost every single email user on the planet has another email address than google.
Click to expand...
Click to collapse
Eh, no. This is completely wrong. Exchange is but no means used by 'the overwhelming majority of people'. In business maybe, consumers no way.
Google have over 425 million users on gmail, Yahoo over 310 million and most people use either IMAP or POP3. Very, very few consumers are willing to pay for exchange.
uuh. You;re right, I was thinking about something else lol.
anyway
You said...
To support google's ecosystem, which MS will have to if they want to be competitive, they will need to adopt CalDAV and CardDAV, which is no bad thing because it gives us consumers choice.
Click to expand...
Click to collapse
How is this favoring the customers? My point is, if google is doing something to break what it is working, how will this be beneficial for users?

[Q] Using a Nexus 4 without sending every private piece of info to Google

I got my N4 a couple of days ago. It's my first foray in the Android world.
The requirements that I am hoping to meet are pretty simple:
1) I want to be able to call contacts and send text messages
2) I don't want Google tracking my contact list
3) I don't want Google tracking my location
4) I don't want Google tracking my browsing history
5) I want to be able to use the Play store to download 3rd party apps. I didn't buy an N4 to use it it like a dumbphone. Logically, the Play store shouldn't require constant access to my contacts, location or browsing history.
I am making this post to get help meeting the above requirements. Despite seeming really basic, I'm running into trouble, and I think I will need frequent help. This thread can act as a journal that hopefully other people can follow.
What I did so far is immediately flashed the N4 to AOKP, and applied the OpenPDroid patches (though I've yet to use OPD). From a blank slate start, I declined to create an account, disabled location access, etc, during the startup wizard.
Adding a contact round 1
I was able to create a local, unsynced contact.
Using the Play store
I was forced to sign up for a gmail account, which is normal. I declined to "keep this phone backed up with my Google Account". I then went in Settings > Account and disabled sync for everything, including Contacts. I also disabled background sync in the power controls.
Adding a contact round 2
I am now unable to add a contact without being forced to sync it with my BS gmail account. When I click "Add Contact" in the phone app, a dialog says "Your contact will be synced with [email protected]" and my choices are either "OK", "Add other account", or to cancel out by clicking Back.
So I'm already stuck. Once a Play account is created, I am now unable to do something as basic as adding a contact without sending it to Google. Can someone tell me how to get past this obstacle?
That's how Google makes their money! Your only options are to either start using the amazon app store only or side loading apps if you don't want Google involvement. Good luck.
Sent from my Nexus 7 using xda premium
Why? Like they don't have all your information already? You freely give your information to everyone when you use the internet. Congratulations. You are not that special.
Sent from my Nexus 4 using xda app-developers app
Eurotrash: always in this sort of discussions there's people like you who essentially advocate shutting up and taking it. "That's how things are" is not an acceptable solution to my problem, or I would not have made this post. There IS a way around the creeping, and someone knows it. My last resort is blocking every Google service from accessing the Internet except Play. I'm asking here because I'm hoping there's a less extreme solution that other people can use.
Gotzadroid: I will hold out for a better solution. Amazon appstore will likely be limited. Sideloading is not possible because many devs don't provide APKs
I know you can get an app to block individual permissions of other apps: https://play.google.com/store/apps/details?id=com.stericson.permissions
It requires root. Not sure about the contacts and other stuff you wanted to block, im assuming you've disabled location services.
Why not try flashing like cm10 and not flashing gapps so no Google apps? Then just manually downloading the apps apks and sideload the ones you need?
Sent from my Nexus 4 using Tapatalk 2
Didn't think my post lacked clarity, so hopefully this will be clearer:
My ONLY problem right now (we'll leave the rest for later) is that the Phone app, an essential app if I want to use my phone for making calls, an app that isn't even part of Gapps, doesn't let me add a local contact without sharing it with Google. That's it. Forget everything else in my post.
So my simple question is, how do I add my friend Bob to my contact list, locally in phone memory or on the SIM card or whatever, without telling Google I'm friends with Bob and giving them his phone number?
MachinTrucChose said:
Didn't think my post lacked clarity, so hopefully this will be clearer:
My ONLY problem right now (we'll leave the rest for later) is that the Phone app, an essential app if I want to use my phone for making calls, an app that isn't even part of Gapps, doesn't let me add a local contact without sharing it with Google. That's it. Forget everything else in my post.
So my simple question is, how do I add my friend Bob to my contact list, locally in phone memory or on the SIM card or whatever, without telling Google I'm friends with Bob and giving them his phone number?
Click to expand...
Click to collapse
As previously mentioned, try flashing a rom without gapps
OK, try this. Make a dummy gmail account for the play store only. Get all the apps you want and then sign out of gmail. Only sign back in when you want another app. That should keep Google from syncing all your info.
Sent from my Nexus 7 using xda premium
Michealtbh said:
As previously mentioned, try flashing a rom without gapps
Click to expand...
Click to collapse
The Phone app is not a part of gapps. It came on the stock ROM before I flashed gapps on it. I didn't try it before adding gapps, are you saying it will change behavior and no longer prompt me to sync when I try to add a contact?
I gotta go to sleep, I'll do more tests tomorrow evening to test this (and wait for your reply to the above question in case you misread my posts).
If the answer to the above question is yes, this would immediately beg another question: how do I install 3rd party apps from Play without flashing gapps?
gotzaDroid said:
OK, try this. Make a dummy gmail account for the play store only. Get all the apps you want and then sign out of gmail. Only sign back in when you want another app. That should keep Google from syncing all your info.
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
That's what I did in the OP (2nd bolded step). I created a dummy account cause Play requires it. That became my main Google account on this phone (since I declined to set up an account prior to that). That's the account Google tries to sync my contacts to when I try to add a contact.
I looked in the Gmail app, there's no way for me to sign out. All I can do is add more accounts.
A similar thread from the galaxy nexus forums: http://forum.xda-developers.com/showthread.php?t=1589367
However, I'd also be interested in a deeper insight on why you're trying to do this. Fear of the big brother? Or just proving a point?
We know before buying an android phone that everything is tied to that Gmail address; now you want to cut that tie but maintain full functionality. Well, that probably doesn't work. And if it at the end does, why going through all that trouble? If a different platform offers all that then..
Why you bought an android phone in the first place? Just curious
Sent from my Nexus 4 using Tapatalk 2
You can try downloading or side loading the app "contacts+" then sign out of your dummy gmail account. You can get a sim to USB hub online and plug your sim into the hub and into PC to add contacts directly to sim. I don't know if there's a way to export contacts to sim anymore unless I'm guessing developers somehow add that feature. So look into CM or another well built ROM and ask some questions.
Good luck
Sent from my SCH-I605 using xda premium
MachinTrucChose said:
The Phone app is not a part of gapps. It came on the stock ROM before I flashed gapps on it. I didn't try it before adding gapps, are you saying it will change behavior and no longer prompt me to sync when I try to add a contact?
I gotta go to sleep, I'll do more tests tomorrow evening to test this (and wait for your reply to the above question in case you misread my posts).
If the answer to the above question is yes, this would immediately beg another question: how do I install 3rd party apps from Play without flashing gapps?
Click to expand...
Click to collapse
Stock rom comes with gapps already loaded.
Most custom roms come without them and they must be flashed separately. If you choose not to flash them you aren't even given an option to sign into your Google account at first boot, so there will obviously be no option to sync your contacts.
Your phone will be crippled and you'll have to find workarounds for many things. I don't think you'll be able to use Maps for example. To install apps you'll have to download and install the apks or use an alternative app market like SlideMe or Amazon
What's there to hide? They're just contacts
Sent from my Nexus 4
Google doesn't care what your Aunt Bertie's phone number is. All they use the data for is to customize ads for you, and if you're going to be seeing ads anyways they might as well be relevant to you.
Sent from my Nexus 4 using xda app-developers app
It's disappointing that the thread is taking the direction of Google advocacy rather than finding a technical solution to my problem, hopefully this post answers your questions and we can stop arguing about this.
Drakkula4 said:
You can try downloading or side loading the app "contacts+" then sign out of your dummy gmail account.
Click to expand...
Click to collapse
How do I sign out of my dummy gmail account?
Vangelis13 said:
A similar thread from the galaxy nexus forums: http://forum.xda-developers.com/showthread.php?t=1589367
However, I'd also be interested in a deeper insight on why you're trying to do this. Fear of the big brother? Or just proving a point?
We know before buying an android phone that everything is tied to that Gmail address; now you want to cut that tie but maintain full functionality. Well, that probably doesn't work. And if it at the end does, why going through all that trouble? If a different platform offers all that then..
Click to expand...
Click to collapse
Nope, not full functionality. I can avoid using all gapps. The only required Google service is the Play store, which is the primary gateway to non-Google apps. I would use Email over Gmail, Navfree over Maps, etc.
The next paragraph is meant as a reply to the 5 posts essentially saying "tinfoil hat, trust Google!".
This is supposed to be an open phone, allowing the user to do what they want, compared to the big bad iOS. That's why I bought it. Now I find out Google is insisting on taking something extremely private (my social graph) even when I don't want to give it to them. I respect my friends' privacy, and I don't want an intersection of my online and offline lives being made by some 3rd party with intentions I don't trust. The insistence is starting to creep me out. You can provide convenience and still respect basic privacy, look at Mozilla with Firefox Sync: even they don't see the data you sync. I'm not even asking for that much, just respect my wish to draw the line at real-life stuff. I guess I shouldn't be surprised, this is the company banning people using pseudonyms on Google+.
The most disappointing thing in all this, is that you have 5000 custom ROMs being developed, which mainly differ in pointless GUI BS like scroll animation speed. Not a single one of those projects thought to provide a way to make the phone usable without giving up extremely private data. AFAIK only 3 guys are working on privacy stuff, and even those guys' patches and apps don't protect you from the Eye of Google.
chrisrozon said:
Google doesn't care what your Aunt Bertie's phone number is. All they use the data for is to customize ads for you, and if you're going to be seeing ads anyways they might as well be relevant to you.
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
What if I don't want tailored ads? Or what if I only want tailored ads by tracking the online activity I'm willing to submit to them, and I feel it should be my my right to draw a line? Many people are not comfortable seeing an intersection of online and real life activity. I am one of those people.
MachinTrucChose said:
Didn't think my post lacked clarity, so hopefully this will be clearer:
My ONLY problem right now (we'll leave the rest for later) is that the Phone app, an essential app if I want to use my phone for making calls, an app that isn't even part of Gapps, doesn't let me add a local contact without sharing it with Google. That's it. Forget everything else in my post.
So my simple question is, how do I add my friend Bob to my contact list, locally in phone memory or on the SIM card or whatever, without telling Google I'm friends with Bob and giving them his phone number?
Click to expand...
Click to collapse
Simple question deserves simple answer, only thing I can think of, go to settings > accounts > google > tap your account email address > and uncheck the things you don't want synced with google.
Hopefully it works and you will just have a local copy of everything then.
Again just flash like cyanogen mod since you have to flash gapps separate. Then don't flash gapps and your phone will have nothing to do with google.
Sent from my Nexus 4 using Tapatalk 2

[Q] Textsecure integration?

https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?
SHAWDAH said:
https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?
Click to expand...
Click to collapse
Hmm.
1) All of it would have to get reviewed for security. I know pulser has looked at some of CM's other solutions and found vulnerabilities.
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.
TextSecure definitely looked interesting until seeing that it requires gapps.
wkwkwk said:
TextSecure definitely looked interesting until seeing that it requires gapps.
Click to expand...
Click to collapse
Yea its stupid, he partially justifies it here https://github.com/WhisperSystems/TextSecure/issues/127
He also said this
"If you want alternatives to things like GCM, you have to either build them or help the people that are. I would love to use a different push service, but they don't exist.
Likewise, if we want an alternative to Play, we have to build it. What exists now (f-droid) has a centralized trust model, so we're building something else."
Entropy512 said:
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.
Click to expand...
Click to collapse
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.
palpitations said:
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.
Click to expand...
Click to collapse
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.
I got myself a tinfoil wide-brim to match my duster...
I'll have to get a 4.4 capable phone in the future so I can get OMni.
Entropy512 said:
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.
Click to expand...
Click to collapse
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Once again, a solution has been made, which is smart, has good features, but is crippled in the security area, due to making things "easy to use".
The specific issue is that, from what I can see, at least right now, there is no way to tell if a message is going to be sent encrypted or unencrypted. It's no good knowing AFTER the fact - you need to know before it is sent how it will be sent.
Additionally, if you are using encryption, from what I can see, the message is actually sent over the internet. This means there is a central repository of users stored on a server somewhere. That is centralisation, centralisation is bad... As I raised back at the time, there are side-information risks.
While the new implementation may well eliminate some of these, I am not convinced this system provides the level of anonymity that some may desire. My worry is that since the original idea was conceived, where a user's phone number being available to CM was not seen as a concern, that any solution has been architected without considering every aspect of security.
Securing correspondence via SMS would be very nice to have done properly. But this is simply a "hook", that takes what you *think* is an SMS, and sends it over the internet. There are plenty of people in the world (particularly developing nations), where they have poor, or limited, access to the internet. SMS can be a lifeline for them.
There are also many places (some incredibly large), which regularly and routinely block internet services they disagree with (not at all looking at China here...) - it is important that any system works worldwide, and is resistent to easy "blocking".
I would personally prefer to see the actual messages sent over SMS... That means if you have no internet connection, you can still send the SMS. And you can do so ENCRYPTED, rather than unencrypted.
At the end of the day though, until you can tell 100% whether something will be sent encrypted or unencrypted, you can't trust a system. The server operator may also gain useful metadata in this case (though not ideal, your carrier already gets metadata for SMS).
Tl;dr, it looks nice, but we need to look at everything here, and consider that not everyone has internet access all the time. After key-exchange is complete (I would like offline key exchange via NFC and QRcode (on the screen) as well, for in-person identity verification), we need to ensure that a user can securely communicate without internet connectivity.
Until then, this is just a smaller rival to iMessage. And hey, maybe that's a good thing... But for my money, it's not a secure SMS system...
Thoughts welcomed.
pulser_g2 said:
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Click to expand...
Click to collapse
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?
slashslashslash said:
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?
Click to expand...
Click to collapse
The thing is, since everything is sent via the Internet, there are plenty of other existing ways to send encrypted messages over the Internet where *you can be sure the message is encrypted*.
Pulser touched on my initial concern (which I held off on voicing until he chipped in) - To determine whether to send a cleartext SMS or send the SMS via an Internet message, the app needs to know whether the recipient is "enabled" with this service. There are two ways to do this:
1) The sender explicitly configures the app to say that recipient Y is capable of receiving encrypted SMS
2) The app does some form of peer-to-peer negotiation
3) The app sends data associating your phone number with an account on another service to a centralized server. This appears to be what CM's solution is doing. Which is kind of silly - This is an app for extremely privacy-conscious people, that is enabling widespread data collection of mappings between a users' phone number and other accounts.
Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.
optimumpro said:
Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.
Click to expand...
Click to collapse
Stop spreading this your uninformed opinion everywhere.
I answered each and every one of your "arguments" in your original thread:
http://forum.xda-developers.com/showpost.php?p=51818980&postcount=10

Categories

Resources