Android vs iPhone - A comparison of Security Models - Nexus One General

Since there have been so many security discussions going on for Android and iPhone, I did a short post on the topic comparing the security models of both. Do chime in with your comments all
Android vs iPhone: Security Models

One point about the "sandbox".
You already pointed out that Apple doesn't have "permissions", but that also affects the sandbox. An app doesn't have to ask permission to get your personal data and they would have no way of stopping it even if it did.
Android not only requires the app to ask for the permission when you install it, they can also enforce that restriction if the permission wasn't requested. The Android sandbox does not allow code to do things it never advertised because it is running tightly controlled bytecodes that can be statically proven to only access the information it was given permission to access.
On the contrary, iOS apps can run any code without any controls other than what the reviewer observes.
So, the "permissions" and the tighter control of the Android sandbox combine to make the apps even more tightly restricted.
One thing I would love to see added to Android is the Blackberry style of permissions where each request can be set to "allow, ask each time, disallow" so you can disallow an app from using a permission it requested, or even allow it, but require the OS to ask you to verify each time the app uses that capability. Right now Android says "this is what it *WILL* do and if you install it I won't do anything to restrict it - either accept this or don't install the app" which is very limiting.
There are quite a few apps that I've installed which asked for permissions that it isn't important for me to give them. I want to use their main feature, but the programmer went and added what they thought was a nifty unrelated feature and that secondary feature requires permissions. If I only want the main feature then I should be able to disallow the unnecessary "addon" permissions. (To name an example - a Zip file browsing app that wants to kill tasks? Really? Why? Oh, because the developer thought it was cool to add a task killer to every app in the market. D'oh!)
Also, the lack of this per-permission "line item veto" capability is teaching Android users to just blindly accept an apps permission requests because they all sound daunting even for benign apps and so they learn to stop thinking about it and the permission granting is really just noise for the sheep for the most part. Granted, there are a few security conscious users that will push back when apps request permissions outside of their needs, but it would be better if the average user would see every time an app does something suspicious, rather than just letting it happen willy-nilly under the covers and the security conscious would have better tools to investigate their suspicions by verifying that the app only generally does use the capabilities when it is about to do something worthwhile.

^^ I totally agree with what you say.. And the ability to revoke certain permissions from the app at certain times is what i desire as well. .This is something that always makes me doubtful when installing apps.. They should atleast do this for the internet permission. I know I can do this by rooting my phone but I want to be able to do it without rooting...

Related

Regarding ROOTED Hero or any Droid phone..

Taken from an user in Androidforums.com ...
that kind of crossed my thoughts when I rooted my phone, what is the possibility though?
n0gik said:
This is a wonderful thread - and my apology if I've missed this question here or anywhere else.
Regarding 'rooted' Hero (or any other Android) phones, once they're rooted, can you set a root password? ('passwd' command after issuing 'su' command)
It would seem to me that leaving the superuser unprotected, with escalated execution privileges NOT protected, then downloading/installing a maliciously written application could become an issue. I'd hate to see thousands (millions?) of Android phones become disabled, DOS attack points or spamming mailer daemons.
Just trying to make an educated decision before rooting.
Click to expand...
Click to collapse
no answers????
I've not done much research on the subject however the superuser apk is there to protect us with custom roms so you can be protected from potentially malicious applications.
We really cant set a password on our root, especially since this is not a "Full" linux distro, it's very watered down to fit and run "well", this includes the SElinux. The SuperUser app offers protection, when an app runs that requires Root, superuser kicks in and asked Always Allow, Allow, Dont Allow, Never Allow.
Given, superuser probably has its weeknesses all security apps do and anyone with the smarts to figure out the loop holes will. It's a cell phone, not your bank account or medical records. I can't see you or anyone carying anything too private on it, maybe some corp. emails. Viruses happen, luckily there doesn't seem to be to much circulating in the way of Android. There are even a few AV apps on the market if you look for them.
The only app I have that requires root is WiFi Tether. Maybe, oneday, when we get full kernel source someone can protect our root a little better than it currently is. If having an Android phone has taught me anything, it is that Google security policies must be Garbage. Look at how they protect paid apps, if I was a Dev that wanted to make money on his code there is no way I could cope with only having stuff in a protected folder. Looks like they would have to make their own software protection, and some have.
Lcarpenter, thanks for answering.
I can breathe a little better now..

Looking for developer opinions on a security guide for new android users

Hello XDA
I've written a security guide I have posted to quite a few Android communities/forums. This guide is intended for new users to Android so probably doesn't apply to anyone here. But I do think Android users deserve solid advice from the experts and with all the media scare tactics going around, now more than ever.
However, I was hoping that if some Devs had the time, they could give some of it a quick read. I'm hoping to get a more informed developer opinion on whether I missed anything or am mis-representing something or another. I'd like to make sure that my information is as accurate as possible, and since Android is a community thang, I figure why not ask some other devs if they want to have a look and chime in.
The one topic I havent really yet covered is rooting, so I know at least that much is missing.
Thanks in advance and please feel free to post all feedback -- positive/negative/or your favorite cheesecake recipe.
=================================
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
The reason that this is important to know is that it means Android is very unlikely to ever get a 'virus' in the traditional sense. Part of the reason why is because Linux is a fairly secure operating system that protects various parts of itself from other parts. This is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later. Also due to some bad choices by Google, there are a few exceptions to this rule that we'll talk about in the permissions section.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Types of Dangerous Programs
Probably the biggest/most common threats from applications on Android are:
1) When the developer/app tricks the user into giving the app permissions it does not need to do its job
2) When the app hides malicious code behind legitimate permissions.
3) When the app tricks the user into entering in personal information or sensitive data (such as a credit card number)
There are various ways malicious developers (also knowns as hackers or crackers) accomplish this. We'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams (sometimes).
Spyware
Spyware is used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Often times this includes keystroke loggers to steal passwords or credit card information. Some people include certain types of Advertising tracking in this category (sometimes called Adware, see below). However that's a much larger debate we wont cover here.
Phishing
Phishing and spyware are closely related. They work on a similar principle: tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Contrastly spyware would try to hide itself from being known to the user. One way to think about the difference is that phishing is masquerading while spyware is hiding, but the end goal of stealing your data is the same.
An example of this would be a app or website pretending to be affiliated with your bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does, include any service where someone might want to steal your identity or password.
There have been known successfull phising attacks releated to at least one bank on Android.
Virus
The definition of virus used to be more all-encompassing. These days that term has been replaced by malware. Virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus send emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Trojan Horse
A trojan horse is really just a specific type of virus. It merely refers to the idea that the app pretends to be something useful or helpful or fun for the user while actually causing harm or stealing data. This term is often used to describe spyware and phishing attacks as well.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service to the user of dubious quality. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
Warez
This is a term you'll sometimes hear referring to 'pirated' or unlicensed software. Often times warez forums and websites will offer "free apps" or "apks" (Android Package).
Don't be fooled by these sites, and do NOT download these files and load them to your phone. These files are stolen from the real developers by unscrupulous people who have no regard for the work put into apps by the developers, or the law. Often times they will even try making money off of the advertising on their "warez" forums. They are profiteers that do the entire Android community a great disservice, and hurt the developers. Furthermore this is very often the most popular 'vector' (method) of attack that malware writers use. Some go as far as stealing apps and putting them on the Android Market itself under different names.
If you are a user that cannot access the paid Android Market, there are alternatives these days. The most trustworthy markets (in my opinion) are the following:
- Android (Google) Market
- Amazon Appstore
- SlideMe
- Archos AppsLib
- AndAppStore (possibly)
- AndroidTapp (possibly)
- Verizon's Market (not sure if this is live yet)
- Motorola's Market (not sure if live or where, might be focused on Latin America?)
Other than these markets, I would not advise anyone to download and install an app from anywhere else.
However there are a few exceptions related to open source. These are places that independent developers can upload free and/open source apps. They don't guarantee your safety (nothing does) but they are not warez sites and are much more likely to be safe.
Open source or free apps: (very likely safe, not warez)
- XDA Developers
- Googlecode
- GitHub
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world, but any sane person with a reasonable head on their shoulders knows that a few good habits can keep you safe for a long, long time in whatever you do. Here are a few tips I have learned from many years as a professional software developer and from reading these forums that have many people smarter and more knowledgeable than I about Android
Read the comments in the Market
This should go without saying. Before you download any applications, be sure to read the comments. Don't just read the first three either, click through and see what people are saying. This can also help you understand how well an app work on your particular phone or your particular version of Android. Comments should also be read EVERY time you update an app.
Check the Rating
Any app that fails to maintain abpve 2.5 stars is likely not worth your time. If you are brave enough to be one of the first few to download an app, this does not apply to you. Nevertheless almost all good apps have between 3 and 5 stars. To me, this is just a general rule to help find quality apps.
Check the permissions
There are many things an app can do to, and for, your phone. But anything an app can do is told to you when you download and install it. Before you download and install an app, you will be shown a list of permissions the application is requesting. Read them. Try your best to understand them in terms of what the application is supposed to do for you. For example, if you download a game of checkers, and the Market warns you that it wants to be able to read your contacts, you should think twice and probably not download it. There is no sane reason a game of checkers needs to know your friend's phone numbers.
To see the permissions given to an application after installation, go to the Market, press [menu], then [downloads] or [my apps], then select the app, press [menu] again, then press [security].
Below I have a list of some of the most commonly used permissions. The list has explanations of how important they are, what they do, and what types of apps might legitimately need them. This should help you get a basic understanding of what to allow and when to skip an app. Please feel free to ask about a permission or let me know if I have missed any.
Check the developer's website
Make sure the developer has a website and not just some Wordpress blog. This is often again a good indication of quality as well as safety. If the developer cares about their app they will likely have a relatively nice looking website or, if they are open source, a site on Google Code. Note: sites on Google code are NOT verified or approved by Google. However, open source is usually (but not always) more likely to indicate a safe application.
NOTE: This is not definitive indicator if a developer is good or bad, just one more peice of information you can use. Their are a lot of exceptions to this particular rule, as a lot of Good devs might not have anything more than a Blogger blog, and a lot of bad devs could just point to a nice looking site they have no affiliation with. However, the developer's website can be helpful just as an extra peice of information you can use in making your decision about the developer or app.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use the same diligence as if you were installing it for the first time. Reread the permissions to see that it is only asking for what it needs and no more. Reread the comments to see if anything has changed in the opinions of the users and to see if it still works for your phone. If you see that an application says Update (manual) next to it, that means the developer has CHANGED the permissions they are requesting from the version you have on your phone. This is not necessarily a bad thing -- but it should indicate that you should pay a bit closer attention to the permissions and re-evaluate them as needed.
If you are still unsure, ask around -- the community is your anti-virus
If you see an app you want, but it seems to be asking for more permissions that it should, or it's comments and ratings are mediocre, go ahead and ask about the app in these (and other) forums. You will often find dozens if not more people who know the answers and another whole bunch wishing to know the answers to the same questions you have.
I can't stress this point enough. This is the best part about Android. The community are usually the first to identify any Malware or dangerous programs, and are the best resource for finding quality apps.
Beware the Sockpuppets, Shills, and Spammers
However, like anything, don't believe everything you read. Someone who comes into a forum telling you an app is the "best" may be what's referred to as a sockpuppet or shill. I tend to be wary of people with low post counts, or who have unreasonably high praise for what seems a simple app, or anyone using the word "best" in a forced context.
Now these people are not all bad, some may just be excited, or not speak english as their first language. But it's common for sockpuppets to use the term "best" to try and get better search rankings on Google. Saying things like "Best Android App" "Best GPS." Other tell-tale signs include when they mention software for iPhone or other platforms without actually answering questions. Or just generally seem like their post is out of context or overly general (think about how horoscopes are made for everyone to relate to them). I often get spam on my blog that says things like "best blog post! love your writing style, you put things in perspective for me" which makes no sense when my blog was about my new app.
This is a fine line a very much a grey area though. Sometimes it can be very hard to tell if someone is a spammer. If you see a post or comment in the market you suspect is spam on a forum, report it to the mods, don't reply and start an argument.
Posting your own comments
After you have downloaded an app you can post you own comments. The comment will be visible to all other android users but it will only show your first name. To do this go into the Market and press [menu] > [downloads]. You should see five empty stars at the top which you can tap to rate the app. Once you have rated the app you should see an option to add a comment under the stars.
Being a good user
While this guide is about security, I think it's important to point out how to be a good user too. Android is a community and stems from open source and will only ever be as good as both it's developers and it's users.
So, if an app is crashing on you, try emailing the developer before uninstalling and posting an angry comment. Anything you post in the market will stay even if you have uninstalled the app, and you could do serious harm to a developer's reputation if you post very negative comments.
If you think the developer just made a mistake, or didnt support your phone, work with them. If they are unhelpful, then you can consider giving them a bad rating. This is especially true for free apps in the market. Remember that you, as a user are not "entitled" to perfect free apps. Most developers do not have Google's enginnering and QA team backing them up and even Google makes mistakes.
And while it's frustrating when things don't work, imagine how frustrating it is when you put long hours into something but make a mistake -- and then because of that mistake you can never fix the damage done by a rude commenter.
What does Google do to protect us?
Unfortunately at the moment, not a lot. They do police the market to a small extent and investigate any reports of malware. They several instances of Malware and actually remotely uninstalled the applications from users phones.
However, the Market is not like the Apple App Store or Amazon Appstore, there is no screening of applications before they are posted to the market. There are no draconian procedures or lengthy approval processes that developers have to go through to post applications. All that a developer needs to do is to 'digitally self sign' his or her application before posting it. This helps Google track any developers with ill intent, but it's just a way to manage malware after it is discovered.
What about Wi-Fi?
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website your are trying to connect to. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street.
[guide continues below]
Permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.
NOTE: there are also some backwards compatibility decisions Google has made that will grant apps targeting 1.5 or earlier two permissions you may never see requested. It is my belief this is a security hole, but not a large one. The permissions are Read Phone State and Identity and Write/Delete files from the SD. I will elaborate on those below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Services that cost you money
make phone calls
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However this is not a common to cheat people in today's world. Legitimate applications that use this include: Google voice and Google Maps
Services that cost you money
send SMS or MMS
This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call feature above, it could cost you money. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
Storage
modify/delete SD card contents
This permission is of high importance. This will allow the applications to read, write, and delete anything stored on your phone's SD card. This includes, pictures, videos, mp3s, and even data written to your SD card by other applications. However there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very very commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to): camera applications, video applications, note taking apps, backup applications.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your personal information
read contact data, write contact data
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. The one exception to that rule includes typing or note taking applications and/or quick-dial type applications. Those might require your contact information to help make suggestions to you as you type. Typical application that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Your personal information
read calendar data, write calendar data
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
Phone calls
read phone state and identity
This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it's perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 2 unique numbers that can identify your phone. The numbers are the IMEI, and IMSI. Many software developers legitamately use these numbers as a means of tracking piracy though.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your location
fine (GPS) location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications. This can sometimes be used for location based services and advertising.
Your location
coarse (network-based) location
This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location. This can sometimes be used for location based services and advertising.
Network Communication
create Bluetooth connection
Bluetooth (Wikipedia: Bluetooth - Wikipedia, the free encyclopedia) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: Sharing applications, file transfer apps, apps that connect to headset out wireless speakers.
Network Communication
full internet access
This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone, this is one of the setting it would definitely have to ask for.
However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this.
You will have to be very careful with this setting and use your judgment. It should always pique your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more. This permission can also be used to serve Advertising, and to validate that you app is licensed. (See DRM for more info).
Network communication
view network state, view Wi-Fi state
This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi.
System tools
Prevent phone from sleeping
This is almost always harmless. An application sometimes expects the user to not interact with the phone directly sometimes, and as such would need to keep the phone from going to sleep so that the user can still use the application. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock 'dock' views and many more.
System tools
Modify global system settings
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However there are a lot of these setting that are perfectly reasonable for an application to want to change. Typical applications that would use this include: Volume control widget, notifications, widgets, settings widgets.
System tools
read sync settings
This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
System tools
Write Access Point name settings
I need a bit of clarification on this setting myself. I believe this relates to turning on and off wifi and your 3G data network. (if someone can comment and clarify I would greatly appreciate it and update this guide to reflect). Essentially however I believe this to be similar to the 'modify global settings' permission above.
System tools
automatically start at boot
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in an of itself, it can point to an applications intent.
System tools
restart other applications
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However that application should have the option of immediately restarting itself.
System tools
retrieve running applications
This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in an of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
System tools
set preferred applications
This permission is of moderate impact. It will allow an application to set the default application for any task in Android. For instance clicking on a hyperlink in your email will bring up a browser. However if you have more than one browser on your phone, you may want to have one set as your 'preferred' browser. Typical legitimate applications that require this permission include any applications that replace, compliment, or augment default Android functionality. Examples of this include web browsers, enhanced keyboards, email applications, Facebook applications and many more.
Hardware controls
control vibrator
This permission is of low importance (but could be lots of fun). As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Hardware controls
take pictures
This permission is of low importance. As it states, it lets an app control the camera function on your phone.
Your accounts discover known accounts
This permission is of moderate importance. This allows the application to read what accounts you have and the usernames associated with them. It allows the app to interact with permission related to that account. An example would be an app that was restoring your contact, would discover your google account then sned you to Google's login screen. It doesnt actually get to see your password, but it gets to work with the account.
Development Tools read logs
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensistive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps.
What Does it All Mean? This Sounds so Scary!
It might sound that way but it is not, by any means, scary. The power of the market is actually due to the fact that developers are free to post updates and applications much more quickly and easily. But despite the security risks that this model creates, there is an incredibly powerful deterrent to malware in the community itself. Lots of people on these boards and in the market eagerly try out new apps and report back the safety and quality.
Again, the community is your best anti-virus app.
last updated: March 23, 2011
This guide by Lost Packet Software is licensed under a Creative Commons Attribution-No Derivative Works 3.0 United States License.
Good post.
Yes, well written and informative. As a developer, it's good to get this information into user's hands who may not know how permissions work. And the author makes some good points on how to be safe without massive fear of EVER downloading an app
Thanks to OP for a nice article. Do you mind if I copy it and post it on my website? You can send me a PM. Of course, I will cite you as the original source
Thanks much guys,
@Rootstonian
Yes you can copy it, but copy the one from my site http://alostpacket.com/2010/02/20/how-to-be-safe-find-trusted-apps-avoid-viruses/ as it has a few less typos.
It is licensed under the creative commons license (no derivative works, must attribute to me). This means you are free to copy/republish but you have to copy the whole thing and not change it.
Well written and informative! Thanks.
Ok, thanks. I'll either copy it in its entirety or just use the link you provided if that's ok.
Regardless, you work will be properly cited
Again, well done.
thanks much guys.
Also curious if anyone has found any errors or inaccuracies or misrepresentations etc.
Brilliant post.

Cobwebs growing on Windows phone 8 blogs and forums

At least with windows 7.x you could switch ROMs and side load useful apps, with this safeboot thing and Microsoft's lame attitude to give us more of the features and apps that we want it's no wonder why Windows Phone 8 fourms and blogs are so boring. Way to go Microsoft.
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Nobody has been able to find an exploit yet , but I don't really mind lack of activity in forms though as long as cobwebs don't settle upon the entire ecosystem itself we'll be fine
DavidinCT said:
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Click to expand...
Click to collapse
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
sinister1 said:
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
Click to expand...
Click to collapse
Agreed, it's the same *****ing over there sometimes. Don't get me wrong, it's a good site if you want new and useful Windows Phone news. This site used to be a WM haven, just like PPCgeeks was. As that is all there was at the time, we had WM and BB...they were all mainly used by business people or hackers like ourselves.
WP7.x was pretty hackable after a while (with custom roms for most phones and interop unlock for about 90% of the models) so it was pretty active but, now with everyone moving to WP8 (ex WP7 users and converts) and No hacks yet, it's slowed down to almost nothing.
Android is mostly hackable and most phones have or NEED a custom rom, so this became a haven for Android users. And for now, as long as they are not going in this area and trolling, there is no issue with it or at least, I don't have an issue with it.
I do think it's a matter of time, they will find a exploit in WP8. I know why MS locked it down, once WP7 was hacked, it opened the doors for the pirates and some people took advantage if it. Sure there was some cool underground apps but, it just opened the system for the pirates. They wanted to lock down WP8 to make the higher end DEVs come and create the apps and games people want, to grow the system.
Nokia was paid pretty well to make a change to WP and over all they are doing very well with it...and their market is growing.
I'm stil deciding if I am going to pick up the Lumia 928 or stick with my HTC 8X(full price, Not giving up my unlimited data)....Hmmmmm... I just wish I could use Advanced Config to get my custom tile colors back
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Personally I like the very secure nature of my windows phone, I have rimmed more than my share of devices over the years, so its kind of refreshing to k ow this nuts hard to crack. Nokia did take a big risk but I think its been good for both companies. Nokia has done well with exclusive apps in a starved market and there devices are aimed well at a growing group of android overloaded users. With apps like tumble, netflix, Hulu and others coming over the devices are getting more main stream support and with time that will pay good dividends too. All in all I have found little reason to "root" this device other than for the hell of it. They come pretty lean on apps out of box. The biggest thing people seem to be trying to do is get tethering to work without paying out to a carrier for it. Personally if that's basically the reason your wanting to rom so bad, go back to android its far easier get going. I ramble now though, to sum up phone runs great unrommed, clean eco system and very secure setup makes for an all around pleasant device. I think special rimming is more or less unneeded for these devices. Been running unrommed windows mobile 7 and 8 now for about two years collectively. Have android tablets all rommed and a s3 rommed as a backup device.
Sent from my RM-878_nam_usa_100 using XDA Windows Phone 7 App
Meh... I considered WP7 without hacks to be nigh-unusable, even though I stuck with a stock ROM. No way to have apps open files automatically, for example (but I could manually add the registry entries, and could write apps that knew how to handle them). No way to access the filesystem (but I could sideload Kindle ebooks using homebrew file managers). No way back up app data or messages (except with homebrew). Minimal control of theming (as a class, this was one of the biggest homebrew categories). No real control over multitasking (I like that the default behavior is so conserving of battery life, but sometimes I don't *want* Puzzle Quest 2 or Fruit Ninja to have to go through its entire launch process just because I switched tasks or let the phone sleep for a bit!). Severe limit on sideloaded apps (I have over 30 of them, counting small utilities that that I developed, and not counting outdated versions, redundent apps, or anything else I removed). No listener sockets (though this didn't require a very fancy hack). No C++ code reuse (same as the server sockets). No way to tell how much space each app was using (but there's a homebrew for that).
WP8 fixes many of the worst problems. We can now register filetype handlers (though Kindle still doesn't register .MOBI or .PRC, so no more sideloading my ebooks for now...), use native code (with restrictions, but it's better than the default on WP7), and theme our phones (well, a litttttle bit more than before; still not enough). They added some much-requested features (SMS backup, variable text size, ability to control the browser app bar at least a bit, WiFi on while sleeping, Skype integration) and of course the change in OS brought many other improvements (multi-core, removable SD cards, higher resolutions, etc.). However, it still has some big problems of its own. True multitasking is still very limited. Data backup is still iffy. Still no filesystem access (or ability to do anything outside an app sandbox except the official Settings tools). Still very limited sideloading.
I promise you, though, people are working on it. I'm one of them, and several of the other names you know from WP7 hacking are as well.
People like GoodDayToDie & netham45 make the windows forums so much fun to follow
nikufellow said:
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Click to expand...
Click to collapse
Yea but, I am on Verizon....After a release of a model it will take 6 months for Verizon to get a phone that is almost outdated on release.
The 8X is so limited on space that it's driving me nuts, If I find app or game I want to try, I have to uninstall a Paid app to install it. It's getting too old. 8X on format is 11.5gb and the Lumia 928 is 23.5gb, a little over double the space might be worth it, depending on what I can get it for, of course.
The blogs are dead because places like XDA that centralize around modding your phone to improve performance isn't necessary when WP8 software already performs flawlessly. Go to blogs like WPCentral and the Windows Phone community is alive and well swapping out our black Lumia shells for yellow and talking about games and apps. Pretty much doing what we should be doing on a phone, not repairing phones that came broken.
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
I've been wanting to root/unlock my Lumia for one purpose only, sideloading my own developed apps. It's gruesome to try an app in the emulator all the time, but in a month that will be fixed with an AppHub account. And after that my real purpose for rooting/unlocking is gone.
Always fun to see what's possible on the unlocked device though, code-wise.
Sent from my Lumia 920 using Board Express
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
If there is one thing I do not understand about the new SDK APIs, is why on earth an app can not register itself to open file formats reserved by the system. IMO thats the most retarded idea ever implemented in the history of computing. And to make the retarded thing completely retarded, they made it so most common files are handled by system apps, so you can not override the file association.
I am really wondering what is microsoft going to do about these things. If they really want a marketplace full of games, facebook, youtube and instagram apps, then they should stick to their current plan. WP will never get useful in a broad sense.
I hope the update this fall brings new stuff, otherwise the platform will die soon.
GoodDayToDie said:
Flawlessly? ... You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
Although I don't agree with much of his bill-of-particulars, I have to agree with GDTD's sentiment.
Probably, modders need to correct deficiencies. I'm down with MS or anybody else who steps up. I'm in no hurry to crack my OS open right now, though.
I am especially offended at Microsoft's pitiful PDF reader attempt. And some of the apps in the store make me squint. I want to see the author "Google" emblazoned on my YouTube app, not a third party dev. I sure hope MS is putting these apps under a microscope.
The joy of homebrew (and of a developer forum, like this one) is, even if your goals are different from mine, it's possible for you to make your own changes to the device. It's yours; you control it. That's what security *means*, or at least what it's supposed to mean: you (the owner) are in control of what happens.
Ever since the iPhone, though, the trend has been twoards more and more lockdown, taking control away from the device owner and branding this as "security". I don't like it, so I aim to break it. Ideally, we break it in ways that only work with a local attack; I don't want somebody else able to control my device (that really would be the opposite of security)... but I do want to control it myself!
Part of the problem is that there have been no updates in recent months. Portico came out, Nokia dropped some new firmwares last month. But largely, nothing has changed in WP8 since launch. Personally, I find that boring. Maybe I should have an Android phone on the side to keep me entertained with updates, but I find Windows Phone much more usable day-to-day.
It has been more than 6 months since the WP8 launch, and GDR1 didn't really add much. Microsoft should have planned to have GDR2 out by now, even if it meant postponing some features for GDR3. I think most of us would rather have small quarterly updates to WP8, rather than a massive upgrade once a year. It's starting to feel like WP7 and the Mango anticipation all over again, now that it sounds like WP8.1 might be delayed into 2014. Hopefully they come through with their vaporware enthusiast program to keep our attention in the meantime.
I agree with the OP. Cobwebs on this side of the section totally. A thread in a week may be? But there is something I often read on many forums. People who are happy (I know it's a very wide term) with their devices, I.e don't run into problems with their devices, see no need to lurk around. So actually, it is a good sign. It shows how well-thought after a WP device is.
And GoodDayToDie, even though I agree with everything u've noted down, I don't quite believe WP needs all of that.
Still no app data backup machanism. - Umm...Data Sense?
Still no custom themes. - Fair Enough, but again, WP IS NOT meant to be themed to the T
Still no way to sideload XAP files (unless they are "company apps") without a PC. - I believe this is for security reasons.
Still no filesystem access. - Why do you even want that when the system is running flawless, (yes the same word u scorned at.)
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?) - LOL! You gotta be kidding me right?
Android has the worst permission management I have ever seen in my adult life. Android gives wayyyyyyyyyyyyyy more information out than any OS out there.
Still no way remove "Settings" apps. Umm..u sure u want that?
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking). Multi-tasking is really good with WP8.
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it). - Fair enough, but not a deal breaker either.
Still no way to change the default browser or email client or dialer. - I believe you are again entering the territory of themeing, already replied above. Every OS comes with it's own email client. I don't see the point here.
Still no way to install apps to the SD card. - Fair enough. By far the best point in your list.
Still have only limited access to Bluetooth. - In what way?
Still no way to browse, much less edit, the registry. - Again, WHY? WHy mend it when it's not broken.
Still no way to sideload large numbers of (non-"company") apps - U can download the app(paid or otherwise) from the App store on your computer, put it on the SD card and say install from the Store App on the phone. Simple?
DataSense has nothing even remotely to do with backing up (and restoring) app data; where'd you get that idea? Vital feature that homebrew eventually made avaialble in WP7 but is missing in WP8.
"IS NOT meant" nothing! Somewhere under all that sandboxing and locked-down UI is a general-purpose OS running on top of highly capable hardware. It's "meant" to be whatever the owner fo the device *wants* it to be, including (in the case of many, many people if the popularity of WP7 homebrew apps is any sign) theming. Stop being an apologist for Microsoft; it's one thing to say "extensive theming wasn't implemented because other features were higher priority" but when you start trying to tell me that I'm not supposed to theme it, you seriously need to put down the Kool-Ade. Besides, the very claim is ludicrous to the point of disingenious; have you *seen* the WP8 ads? They all stress the customizability of the Start screen. To the point of suggesting you can "meet" a person simply through how they have their phone set up... those ads freaking scream "customize me!" Then you discover there's only a handful of pre-set colors, two background styles, and the ability to mess with the tiles; nothing else.
No, it is quite absolutely *not* for "security" reasons. Security means the owner of the device controlling the device's behavior. If somebody else (like, for example, the manufacturer of the device) is controlling its behavior, that is not security; it's lockdown. The sideloading restriction can only be called security if it's not your device but actually belongs to Microsft. Screw that. Besides, that argument makes no sense anyhow; if I can pay my $99 and sideload with a PC, why can't I sideload without one (or without paying)? The marketplace has DRM to mitigate piracy and that's a darn weak excuse to cripple a device anyhow.
When I can load my Puzzle Quest 2 savegames and other game progress and high scores, copy my PGP keychain, sideload my Kindle ebooks into the Kindle app (yes, this is possible on WP7), extract or replace the built-in audio files, and delete the junk which accumulates in the OS and uses up storage space (without hard resetting the device), then I will stop considering the level of filesystem access a problem. Until then, "running flawless" is quite worthy of scorn indeed.
Wow, I seriously question your reading comprehension. I never mentioned Android in this point, or anywhere else (except to point out that it has a lot of homebrew). But, for your information, the default permissions / capabilities handling in Android is just as broken as in WP8. The difference is that with Android, it is possible (CyanogenMOD did this, for example) to install apps without actually granting them all the permissions they ask for. On WP7, this wasn't properly possible yet, but I was working on a system to do it that hooked the app install process and allowed people to uncheck app capabilities they didn't want to permit.
Um yes, I'd like to remove the non-functioning Samsung apps (until they are fixed) that are taking up space on my phone's storage and making the Settings list longer. I can always re-install them if needed. Every other carrier or OEM app is removable; why should these get special treatment just because they have a field in their app manifest that says "install me in the Settings hub"?
Multitasking - true multitasking, where multiple apps can run at once - is nigh-nonexistent on WP8. Aside from things like audio background agents and once-every-30-minutes-you-get-a-few-seconds-of-CPU-time scheduled tasks, there basically isn't any multitasking (of third-party apps) at all. Fast app switching is *not* multitasking; every app aside from the main one is suspended, unable to do amything until brought into the foreground.
Changing file associations obviusly isn't a deal-breaker, or I wouldn't be using the phone... but definitely a problem. Windows has offered the ability to control file associations since at least Win95, and I think it was possible in 3.1 as well...
Changing the default browser and email client and calendar and dialer aren't "theming" by any conventional definition, but the point made above about theming stands anyhow: it's a matter of personalization. It can also be a matter of functionality (for example, the built-in email client can't handle S/MIME encrypted email at all and has no PGP integration). Or a matter of usability (I use folders a lot; it's a pain needing to expand a menu to get to them)! Or something else... the important point is that it should be possible. Every OS comes with an email client, but every OS except iOS (and WP) allows you to change the default email client, too. This isn't even hard to implement (the relevant registry keys were present on WP7, at least; carrying over the API to control them wouldn't have been hard at all); it's once again a case of Microsoft intentionally restricting what you can do with your phone. If I wanted a mobile OS designed by a control freak, I'd buy an iPhone...
Nothing more really needs to be said here, except that with filesystem access (create a symlink or junction in the apps folder, for example) this would be possible...
Many BT profiles, such as HID devices (for mice and keyboards), are missing from WP8. So far as I know, apps can't use the Headset profile either; the pseudo-turn-by-turn navigation on WP7 would give its instructions via the car's BT if possible, but Nokia/Here Drive must use the phone's speakerphone speaker instead.
When I can change default browser and text editor, create my own themes, enable features that a ROM shipped disabled (have you seen the thread by the guy who can't get visual voicemail?), sideload high-privilege apps (without paying for the privilege), and remove root certificates of CAs that I don't trust (in WP7, these were stored in the registry), then I will stop considering the level of registry access to be a problem.
If they're from the store, they aren't really sideloaded, just downloaded on a different machine. I'm talking homebrew, stuff that the isn't yet, or never will be, or *can't* be (because it breaks some policy of Microsoft's, or requires high privileges to work) put in the store. Besides, many of the most popular WP8 models don't have an SD card slot at all.
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
The only thing I can agree with you on is the file system, bluetooth, and not being able to override the default apps associations (seriously, the default apps is the most retarded idea ever).

[Q] Virus or Android now Untamed?

Hello Good People of XDA
I have been a i9506 owner for quite long, had a 9100 before,
I am used to root and mess with apps to customize things to my wim,
at the best of my knowledge (I lack android programming skills, but I can do things with terminal and filesystems).
All that before to say I am not totally a noob, but my lack of technical knowledge might bite me there.
System wise, I am under 4.2.2, rooted, unknow sources are not allowed, system check for apps is allowed,
I have an antivirus (more than one, but only one works each day, just to be sure I don't miss things)...
My problem is that I recently found out that some apps, actually system apps, blocked
with Titanium backup, or with gemini app manager, or app quarantine,
were actually running anyway.
They are marked as blocked in my app manager, but can still be force closed,
and they appear in battery displays (most of these under the android system block, in the list of services/apps used),
and in process running when using Ccleaner apps.
Also, my battery display show GPS is activated, while when I go into options, all boxes are off or unticked.
I thus wonder what's happening?
How is it possible to have these schrödinger apps tamed and blocked like I want them.
I want these to shut down and only work when I DO ALLOW these, for them not to suck my battery or do unauthorized chores like tracking me when I don't want.
How is it possible that they even behave like that? In i9100, I never observed that in Android 4.0.
I wonder if Google didn't change the workings for making us unable to disactivate what we don't want to work, which was pissing them off.
They already change the permissions displays in the market so permissions as intrusive as "contacts/sms message/USB stockage" are considered "not relevant/important",
while they are depending on the announced display of the app.
But I don't want to go on the "conspiracy route" (I am not like that, I am a pragmatist and I just observe facts, like these apps, with sensitive access, not being able to be deactivated), so let's focus on the technical part:
such apps were Maps, Samsung sync adapters, NFC service , Google Agenda/Contact synchronisation, sysscope, context provider, etc.
That's a lots of things that are supposed to communicate to cloud or other devices, with feels lot like a gaping flaw in the armor...
I want a phone and a tool, not something that track me or put me at risk of being stolen by somebody with technical knowledge.
Am I alone?
Thanks for any insights.
Blocked apps still working
I don't know if my title was too unclear, so I would like to change the title but am unable to do so?
Is it please possible for a moderator to do it (with the title of this post)?
Thanks by advance.
I feel like it is a true problem not being able to block some apps,
or even more, to believe they are blocked while they perfectly perform in the background,
and display activity only in secondary reports, not under their respective "buttons"/information tabs.
I wonder abourt the technical reason to such behavior.
Then delete those apps or block some of the permissions with an app (eg Privacyguard).
It's my opinion that an antivirus app (at the moment) is a waste of resources. Just think before you install something. Also if you are worried about security, you should always run the latest version of Android. 4.2.2 is an old version.
Lennyz1988 said:
Then delete those apps or block some of the permissions with an app (eg Privacyguard).
It's my opinion that an antivirus app (at the moment) is a waste of resources. Just think before you install something. Also if you are worried about security, you should always run the latest version of Android. 4.2.2 is an old version.
Click to expand...
Click to collapse
Thanks for your answer.
Well I don't want to delete system app when they might be useful at time.
I just want them to behave correctly, that is, not work when they are blocked.
That is not a solution to say "uninstall this", while the true problem is Android general behavior here.
I didn't installed system apps, they came with the thing, and all of them are not bloatware.
"NFC service" is something I want to keep for when I am ready to use it,
but I don't want to let it free and unleashed because of the opening it leaves on my phone.
Same goes for bluetooth, synced backups and so on.
I don't want backups on the cloud, so I deactivated the options, and blocked the apps.
Why are they running? It is not normal!
And my old version is maybe not secure, but actually trying 4.3 hasn't changed anything,
and I only suspect this to be some "new feature".
The antivirus is a waste for scans, I agree, still it has useful firewall features that justifies in itself its uses.

Root done right

WARNING: This is not a place for you to come to say how great you think Chainfire is. I'm not calling his character into question, only his methodologies and the character of the outfit he sold out to (and I don't question the act of selling out, that's business, pays the bills, and puts kids through college). The debates about what people prefer and why are as old as the first software. And of course, I will not tell you what to do, no matter how much I disagree with you. If you UNDERSTAND what I have to say, then THIS software is for you. If you don't, you are probably better off with binaries.
The root situation on Android 5.x left a lot to be desired. There was basically just one distributor of a functional substitute user command (su), and it was binary. Recently, ownership of that binary and all of its history has become the property of a previously unknown legal entity called "Coding Code Mobile Technology LLC". While it was presented as a positive thing that that entity has a great involvement with android root control, this is actually a VERY frightening development.
The people at CCMT are no strangers to the root community. They have invested in, or own, a number of popular root apps (though I am not at liberty to disclose which ones) - chances are, you are running one of them right now. I believe SuperSU has found a good home there, and trust time will not prove me wrong.
Click to expand...
Click to collapse
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
You don't know the owners, and they are distributing a binary, so who the heck knows WHAT is going on.
Now a few important considerations with respect to your security and privacy;
1) Obfuscated binary cannot be sanely audited.
2) Function of this binary depends on the ability to manipulate selinux policies on the fly, including RELOADING the policy altogether and replacing it with something possibly completely different. Frankly, I've never heard a single reason why this should be necessary.
3) While a root control application may give you nice audits over other software that is using its service, it can *EASILY* lie about what it is doing itself. It can delete logs, it can share root with other applications that they have made deals with, it can directly sell you out to spammers, etc.
That is WAY too dangerous, and not worth the risk.
Frankly, you are safer if you disable selinux AND nosuid, and just run the old style of root where you set a copy of sh as 6755. And that is FRIGHTENINGLY dangerous.
So not satisfied with this state of root, and especially now with a new unknown entity trying to control the world, we bring you the rebirth of the ORIGINAL Superuser:
https://github.com/phhusson/Superuser
https://github.com/lbdroid/AOSP-SU-PATCH (this one is mine)
From the history of THAT Superuser:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
Yes, look at the Superuser repo above and see whose space it was forked from.
Note: This is a work in progress, but working VERY well.
Use my patch against AOSP to generate a new boot.img, which includes the su binary.
Features:
1) selinux ENFORCING,
2) sepolicy can NOT be reloaded.
3) It is NOT necessary (or recommended) to modify your system partition. You can run this with dm-verity!
The source code is all open for you to audit. We have a lot of plans for this, and welcome suggestions, bug reports, and patches.
UPDATE NOVEMBER 19: We have a new github organization to... "organize" contributions to all of the related projects. It is available at https://github.com/seSuperuser
UPDATE2 NOVEMBER 19: We have relicensed the code. All future contributions will now be protected under GPLv3.
*** Regarding the license change; according to both the FSF and the Apache Foundation, GPLv3 (but not GPLv2) is forward compatible with the Apache License 2.0, which is the license we are coming from. http://www.apache.org/licenses/GPL-compatibility.html . What this means, is that it is *ILLEGAL* for anyone to take any portion of the code that is contributed from this point onward, and use it in a closed source project. We do this in order to guarantee that this VITAL piece of software will remain available for EVERYONE in perpetuity.
Added binaries to my the repo at https://github.com/lbdroid/AOSP-SU-PATCH/tree/master/bin https://github.com/seSuperuser/AOSP-SU-PATCH/tree/master/bin
These are *TEST* binaries ONLY. Its pretty solid. If you're going to root, this is definitely the best way to do so.
The boot.img has dm-verity and forced crypto OFF.
The idea is NOT to use as daily driver, while I can make no warranties at all regarding the integrity of the software, I use it myself, as do others, and its pretty good.
What I would like, is to have a few lots of people try it out and report on whether things WORK, or NOT.
IF NOT, as many details as possible about what happened, in particular, the kernel audit "adb shell dmesg | grep audit". On non-*nix host platforms that lack the grep command, you'll probably have to have to add quotes like this in order to use android's grep: "adb shell 'dmesg | grep audit'".
How to try:
0) Starting with a CLEAN system.img, get rid of supersu and all of its tentacles if you have it installed, if it was there, it will invalidate the tests.
1) Install the Superuser.apk. Its just a regular untrusted android application. Yes, there is a security hole here, since we aren't (yet) authenticating the communications between the android application and the binaries, or validating the application by signature, or anything else that would prevent someone from writing a bad Superuser.apk. This is on the list of things to do.
2) fastboot flash boot shamu-6.0-boot.img
3) test everything you can think of to see if it works as expected.
Note: there are some significant visual glitches in the android application, but nothing that makes it unusable.[/quote] @craigacgomez has been working on fixing up the UI. Its really paying off!!!
How you can reproduce this YOURSELF, which we RECOMMEND if you feel like daily driving it (in addition, make sure that you UNDERSTAND everything it does before you decide to do that, you are responsible for yourself;
You can build it any way you like, but I do my android userspace work in eclipse, so that is what I'm going to reference. Import the project from phhusson's git, including SUBMODULES. Right click the Superuser project --> Android Tools --> add native support. The library name you choose is irrelevant, since it won't actually build that library. Right click project again --> Build configurations --> Build all. This will produce two binaries under "libs", placeholder (which we won't be using), and su. You need the su binary. Then right click project again --> run as --> android application. This will build Superuser.apk, install it, and launch it.
Next:
repo init -u https://android.googlesource.com/platform/manifest -b android-6.0.0_r1
repo sync
Then apply su.patch from my git repo.
UNFORTUNATELY, the repo command isn't smart enough to apply a patch that it created itself. That means that you are going to have to split up the patch into the individual projects and apply them separately to the different repositories. This isn't that hard of a step though, since there are only FOUR repositories I've modified... build/ (this just makes it possible to build with a recent linux distro that doesn't have an old enough version of openjdk by using oraclejdk1.7. The boot.img doesn't actually need the jdk to install anyway -- its just part of the checking stage, so its up to you.), device/moto/shamu/, external/sepolicy/, system/core/.
After applying the patches, copy the su binary you generated with eclipse into device/moto/shamu/
Then ". build/envsetup.sh; lunch aosp_shamu-userdebug; make bootimage". That should take a minute or two to complete and you will have a boot.img built from source in out/target/product/shamu/
NEW UPDATE!!!!
While I haven't yet gotten around to running a complete cleanup (very important family stuff takes priority), I *HAVE* managed to find a half hour to get on with the Android-N program. If anybody takes a peek at the AOSP-SU-PATCH repository on the AOSP-N branch, you should find some interesting things there.
One warning first though... I updated the patches to apply against the N source code, and then updated some more to actually compile, and compiled it all. BUT HAVE NOT HAD THE OPPORTUNITY TO TEST IT YET.
Nice thing you came up. Sounds awesome.
We should have an alternate to all LLC thing, no matter how much respect (I owe you Chainfire thing) we got for the man who created CF Root (since Galaxy S days) and SupeeSU.
wow, tyvm for this! Will definitely test for ya and let you know.
I already applied your patch, built my own binaries and the boot.img but won't have a chance to test anything until tomorrow. Would love to get this %100 working fine and yeah, will use this from here on out instead of supersu.
Thanks again and yeah, will post when I have something ^^
I will be following progress closely, as should others. Without something like this, many in the community may naively let a corporate entity control root access on their devices. This is extremely frightening, it may not happen right away but if you believe the an entity will not monetize or exploit the current situation I believe you are sadly mistaken.
I could be wrong, however, it's not a risk I will take lightly and no one else should either.
Thanks for this.
Nice work!! Will be following this thread closely.
Time for me to learn eclipse. And do a heck of a lot more reading.
Larzzzz82 said:
Time for me to learn eclipse. And do a heck of a lot more reading.
Click to expand...
Click to collapse
Just note that I use eclipse because I'm used to it. Its become the "old" way for android dev.
i just paid for superSU is this the same people?
TheLoverMan said:
i just paid for superSU is this the same people?
Click to expand...
Click to collapse
I'm not sure what you are asking... are you asking if I am in any way affiliated with supersu, then you probably failed to read the first post in this thread altogether.
Charging money for a binary blob to use root on your device is borderline criminal, and unquestionably immoral. I'm sorry to hear that they got something out of you.
This is pretty great. I'll be watching this as well.
Perhaps this is not the place to take the tangent but why does root behave as it does and not more similar to a standard linux distro? It seems like it would be much more secure to have a sudo function as opposed to an all encompassing root. I'll admit I'm not that familiar with the inner working of the android OS but off hand I can't think of any program that absolutely needs to be automatically granted root every time it wants to run (I'm sure there are but even in this case the power user could chown it to standard root).
Wouldn't it be much more secure if you had to go in to developer options (which are already hidden by default) and turn on the option for sudo. This would then require a sudo-user password (perhaps even different than the standard lock screen password). Need to run a adblock update? Enter the password. Need to run Titanium backup? Enter the password... etc. Much more secure than a push of "accept".
Sorry for off topic but it's always made me wonder and seems like it would be root done right (see how I tied that back to the topic ) If elevating programs/tasks to a superuser was more secure perhaps it would not need to be such an issue...
^ Some root functionality is just too common for a Linux like sudo password to be usable at all. I'll give 2 examples:
1. Since Lollipop Google disabled access to mobile network settings for third party apps. Now it's only possible with root. I have an app that together with Tasker automates my network changing. That network app needs root access EVERY time there is any changes to the connected network and when it wants to change the settings.
Phone connects to a different cell tower? Root needed to detect this and determine the mobile network status.
You can figure how many times this is required per day.
2. I use Greenify to force some misbehaving apps to sleep after the screen goes off. It needs to request root every time it wants to sleep one of those apps. In other words every time I use them, after my screen goes off and I turn it back on I'd be facing both my secure lockscreen and the sudo password.
There's are plenty of other apps that need to request root access on a regular basis. These were just a few examples. If you only need root for TiBu then a sudo password type of security measure would work. In my case all I'd be doing with my phone would be typing that password again and again.
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Sent from my Nexus 6 using Tapatalk
Interesting thread. Thanks for your work....subscribed
doitright said:
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
Click to expand...
Click to collapse
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
I've read a few articles suggesting that they would prefer to prevent people from rooting their phones (partially so that they can monetise Android Pay - which requires a Trusted Computer Base, which means unrooted - as well as controlling Ad Blockers, which affect a revenue stream). I also suspect that only a tiny minority of Android users - and most of them are probably on here - actually root their devices.
Regardless of the motives, having a technological monoculture is never a good thing, especially when it is delivered as a binary owned by an unknown organisation.
(No disrespect to Chainfire - I have had many years of root access to my devices thanks to his efforts.)
scryan said:
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Click to expand...
Click to collapse
Not quite.
"root" is the *name* of a privileged user, with user id of 0.
The "su" command (short for substitute user), is used to substitute your current user for another user, but most particularly root.
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Philip said:
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
Click to expand...
Click to collapse
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
urrgevo said:
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Click to expand...
Click to collapse
Nope. The root directory can be setup to be accessible by specific users just by applying the appropriate permissions to the files.
The root directory and root user are not specifically related.
doitright said:
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
Click to expand...
Click to collapse
Because the "third party" might actually be Google (or an organisation funded by them).
---------- Post added at 15:05 ---------- Previous post was at 15:02 ----------
doitright said:
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Click to expand...
Click to collapse
Shouldn't need to su to root to do this - that's what setuid and setgid are for.

Categories

Resources