Related
http://www.gamesindustry.biz/articles/us-government-rules-iphone-jailbreaking-legal
(You need to register, it's free but still, here's the article):
The US copyright office has modified the Digital Millennium Copyright Act to allow the bypassing of security measures on various electronic devices – including mobile handsets such as the Apple iPhone.
This effectively means that iPhones and iPads may be legally 'jailbroken', thus enabling the installation of games and programs that Apple has not sanctioned or has actively banned from the App Store.
This is despite the hardware company's previous attempt to claim jailbreaking violates its copyrights.
Similarly, Android devices may now be 'rooted'. The amendment also permits the software modification of "video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works."
However, such circumventions are only permitted under specific circumstances. The installation of illegally obtained – i.e. pirated – software remains a no-go, so the exemption solely applies to lawfully-obtained applications that cannot otherwise be installed to a device.
Additionally, the purpose of any bypass should be "primarily to promote the security of the owner or operator of a computer, computer system, or computer network."
In other words, to test for security flaws or vulnerabilities. However, mobile devices carry an additional permission: "enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset."
The extent to which a jailbreak would need to prove either security or interoperability was their purpose in the unlikely event they went to court is unknown for now, as are the repercussions of developers hacking Apple devices to test their as-yet unauthorised applications.
However, it will likely prove a blow to a company that has fought hard to retain tight control of software installations on its portable gadgets.
While jailbreaking is now permitted under certain circumstances, it will still void the warranty of a device
Alec Meer
Deputy Editor, GamesIndustry.biz 27/07/2010 @ 09:04
Click to expand...
Click to collapse
Nice post FRiKiNFRoG i'm loving it, can't wait to get my X10a rooted, just about a week old but hav'nt had the time to sit down and take care of it. Hope it's the same for Canada.
I read the courts reviewed the ruling of phones being legal to root, but then judged that Tablets were a different story. I heard that with tablets to legally be able to root, you have to contact the manufacturer and get permission per ruling. I know this is bogus to many people, and most of you here I assume wouldnt care either way what the courts rule. So this thread is about the legality of the issue, not really meant for debate. I just want to know if it is considered legal to root the Nexus 7, is it allowed?
Righteous Joe said:
I read the courts reviewed the ruling of phones being legal to root, but then judged that Tablets were a different story. I heard that with tablets to legally be able to root, you have to contact the manufacturer and get permission per ruling. I know this is bogus to many people, and most of you here I assume wouldnt care either way what the courts rule. So this thread is about the legality of the issue, not really meant for debate. I just want to know if it is considered legal to root the Nexus 7, is it allowed?
Click to expand...
Click to collapse
Where did you read this? Doesn't sound right to be honest, not sure how rooting a tablet would differ in a legal sense from rooting a phone, they are near enough the same device after all. Ultimately it is your device that you own so you are free to do with it as you wish, its not as if you're rooting will have a major impact on anyone else. Unless you are caught installing pirate apps which would be considered as illegal.
Writing "I read [...]" and then not following up with a source means you completely lack credibility
Maybe you are referring to the decision cited in these sources
http://www.theverge.com/2012/10/25/3556740/copyright-dmca-jailbreak-unlock-mod-ruling
https://www.federalregister.gov/art...pyright-protection-systems-for-access-control
Take your time and read these sources
Also take your time to read up on material by senior xda members on the difference between rooting your device and unlocking your bootloader. It basically renders your "illegal to root" statement completely invalid.
Moving back to the Nexus 7, although the ruling is vague as #@!$ when it comes to tablets, your not forcibly breaking open the bootloader; its practically an on/off switch on the N7--Google is not coming after you.
The common belief that jailbreaking is legal is wrong. US Digital Millennium Copyright Act was challenged, and it was accepted that it's legal to "jailbreak" a device for the purpose of carrier unlock, but not for other purpose.
As most tablets don't have 3G and thus no carrier......
Jailbreaking is illegal for iPad.
But unlocking and rooting a Nexus 7 is a whole different story. You don't need a exploit, thus you are not breaking any protection, that is why it is legal.
At least in the EU.
Sent from my GT-I9300 using xda app-developers app
There is a further distinction that can be drawn. In the case of an Android tablet it is using an OS that is in effect free of any restrictions - so you can "copy the book, change it and publish it, provided you acknowledge the source", contrast this with Microsoft and Apple ......sue,damages etc.
CrazyPeter said:
The common belief that jailbreaking is legal is wrong. US Digital Millennium Copyright Act was challenged, and it was accepted that it's legal to "jailbreak" a device for the purpose of carrier unlock, but not for other purpose.
As most tablets don't have 3G and thus no carrier......
Click to expand...
Click to collapse
You are incorrect good sir. The jaillbreaking exemption, which is no longer valid, didn't come about from a legal challenge. It was granted by the Librarian of Congress under the normal review process that takes place every three years. Furthermore, rooting phones for purposes of installing and operating legally obtained software is also exempted.
To address the OP, there's a lot of FUD going around about rooting tablets. The factual reality is that absolutely nothing at all has changed. Rest assured that, contrary to the sensationalism from some, the sky is in no danger of falling.
Sent from my Nexus 7 using Tapatalk 2
If rooting a tablet (tablet computer) is illegal, then why don't we get only user account on windows (Administrator account locked) and when we install Ubuntu, why are we not only provided with our user folder and don't have access to anything else? It's exactly the same. I don't know why Android, as basically another one of oh-so-many Linux distros would be the only one, where you are not aloud to access root folders? Linux is open source, and it is your right to be provided with root access.
And since the purpose of root on Android is not installing cracked apps (you can sideload them with enabling 'outer sources'), I see absolutely no reason, why wouldn't it be legal.
Is editing your BIOS settings on PC legal? Again, I don't see why different rules would apply to desktop then to smaller version of PC (which smartphones pretty much are).
You bought the device, it's yours. Even if you decide to take it to another carrier, you paid them, you accepted the contract, you pay penalty in case you cancel the contract sooner. Just because I bought a car in Germany, doesn't mean it's suddenly illegal to drive it in Slovenia.
iOS is different issue. It's not open source, but again I don't see why jailbreaking would be illegal. Of course, installing cracked apps is different, but that's illegal anywhere.
This kind of garbage bugs be to no end... If I buy product A, then I should be able to do what ever I want to product A how ever I want, in regards to electronics. I bought the device, and no judge is going to tell me I can not unlock/root/etc it.
Just ignore...how many movies/apps have you pirated...?
Most Android OEMs LET us root. No judge can change that, nor the open-source nature of Android as an operating system.
(Most) GNU/Linux distributions do allow us to login as the root user. Rooting an Android device is the same concept as logging on as root on GNU/Linux. It's there, you're welcome to use it, but don't blame us if something goes wrong.
---------- Post added at 07:49 PM ---------- Previous post was at 07:39 PM ----------
CrazyPeter said:
The common belief that jailbreaking is legal is wrong. US Digital Millennium Copyright Act was challenged, and it was accepted that it's legal to "jailbreak" a device for the purpose of carrier unlock, but not for other purpose.
As most tablets don't have 3G and thus no carrier......
Click to expand...
Click to collapse
How many people that jailbroke their iOS devices have not installed pirated apps? Does anyone _actually_ care about the DMCA?
In other words, you can't stop a hacker.
gnustomp said:
Just ignore...how many movies/apps have you pirated...?
Most Android OEMs LET us root. No judge can change that, nor the open-source nature of Android as an operating system.
(Most) GNU/Linux distributions do allow us to login as the root user. Rooting an Android device is the same concept as logging on as root on GNU/Linux. It's there, you're welcome to use it, but don't blame us if something goes wrong.
---------- Post added at 07:49 PM ---------- Previous post was at 07:39 PM ----------
How many people that jailbroke their iOS devices have not installed pirated apps? Does anyone _actually_ care about the DMCA?
In other words, you can't stop a hacker.
Click to expand...
Click to collapse
You know what, comments like you piss me off. I have downloaded my fair share of music, but when it comes to apps I will not pirate them. These developers work their asses off to make a decent app and then put a .99 price tag on them, and you claim that that is too damn expecive? You aren't a hacker, your just a jerk. I have bought over 150 apps on the play store, and I will continue to support the developers that work oh so hard for so little.
Good day sir.
AFAinHD said:
You know what, comments like you piss me off. I have downloaded my fair share of music, but when it comes to apps I will not pirate them. These developers work their asses off to make a decent app and then put a .99 price tag on them, and you claim that that is too damn expecive? You aren't a hacker, your just a jerk. I have bought over 150 apps on the play store, and I will continue to support the developers that work oh so hard for so little.
Good day sir.
Click to expand...
Click to collapse
No offense, but the overly white knight attitude is just as bad as the pirate attitude.
when google comes after me for supporting their os with a law suit for changing my devices gui via root would be the end of days. So, yeah won't happen. sony and microsoft just ban people and their mac ip on their console i'd assume if they ever did do anything, they could ban you from market?
I Am Marino said:
No offense, but the overly white knight attitude is just as bad as the pirate attitude.
Click to expand...
Click to collapse
Im not trying to be a white knight, I don't care about pirating music and movies, because they are overpriced as hell, but app developers work very hard for something that they put a .99 cent price tag on. There is no reason why you should not support them.
AFAinHD said:
There is no reason why you should not support them.
Click to expand...
Click to collapse
Well I see at least one reason, (which of course is valid only to some apps, not all of them), and that is usualy true to big games only:
- how long have you today to request reffunds for apps you do not like / want / can not use? 15 minutes? or is it even shorter time now? (I do not know how it is now, sorry, I only use free/ad-supported apps now)
- how long does it takes for you to download 2GB of app data? For me it is definitly a LOT longer time that 15 minutes...
- which one of these (above mentioned) apps offer some kind of trial or limited demo or something? How can you try such apps to find out whether you like it or not ?
Can you see the reason for why not to support such apps? Or at least in the first place? Of coure that it is better (for many reasons) to buy the app in the end if you like it. But you can not tell that if you can not evaluate it.
And you are wrong that these apps cost lest than $1 and thus are cheap (or at least I understand that this was something you were triing to say), most of such apps cost $5-$15, and that can be realy a lot of money if you are not from US, just because you earn $15 per hour does not mean everyone does, there are countries where people works whole day or even week for $15.
Oh, and just to be clear: I do not thing that pirating software is good thing, but sometimes it is the only way how to evaluate something. And you should be allowed do do that, right? Or would you buy a car without (at least) triing to sit in it?
All right, all right, we can just preted that the apps (or game or music or anything) which looks like we want (or need) it does not exists, but to be honest: Can you realy do that? Especially when there is no similar replacement? Or would you just happily pay any price the DEV asks, hoping that it will be usefull to you?
And one more thing:
Lot of people here is stating that court or local law or anyone forbids/encourages something - well this kind of information is totally useless if you forget to tell us in which country/region is that true.
And just to prove my point: there is a country that legaly allows downloading of audio files. Also there is a coutry that allows legaly to use pirated Operating system (namely that was true for Windows XP, not sure if they extended that somehow). Is that information usefull to you? I do not think so, unless you live there and in that case, you should already now...
..
I don't mean to derail the thread but since it's been brought up I wanted to address this quickly.
AFAinHD said:
Im not trying to be a white knight, I don't care about pirating music and movies, because they are overpriced as hell, but app developers work very hard for something that they put a .99 cent price tag on. There is no reason why you should not support them.
Click to expand...
Click to collapse
I'm going to try to do this without any self promotion.
It's funny that you say that. As a musician and songwriter who sells tracks at $.99 a piece (and have spent more money on recording equipment and music distribution to never break even), I beg to differ, and I don't have a band helping me out. I put out my albums for the cost of total tracks or maybe a dollar less for that "added value" feeling. Or I let people pay whatever they want thanks to my official online store giving me the ability to set that.
I'm not trying to start an argument or fight, but I just want to enlighten you on this point. Whether it's music or app development, creativity and hard thinking and writing\coding is involved. In both processes there is a lot of trial and error, time and money spent. The pricing of an app or a music track seems to be dependent on the value to the people as seen by the authors. Music seems more standardized whereas different apps will have different prices depending on what they do. But that does not mean there was any less effort or creativity put into music or films than an app. To offset the pirating a lot of musicians at least ask to recommend to friends in hopes that someone buys our tracks to help offset the cost of what we had to pay to put the music out there in the first place.
In the days of filesharing about 8 or so years ago I had downloaded some music. Those programs got old and died, and since then I have only bought CDs or used legal streaming services, typically from those artists I used to download music from. Now that my music is for sale in places I understand the arguments both in favor of free sharing and against it. There's a solution to both.
In either case, in the end we all just want to make even a little money for our creations. I don't think it's logical to suggest that music is overpriced because doesn't take as much effort as app development.
Back to your regularly scheduled programming....
This i totally agree with .This can stand for anything rather its music apps or even a drawing of a home done in Cad or even a book.. Think if you spend 2 years writing a Book. Then two days after its released you see it on a pirated site when its being retailed for 13.00 .While you have 2 years worth of bills piled up unpaid.Hoping the book sales. App developers often go thru this same thing. I like most everyone else did download some music in the past.NO longer would I do so . Never software and never reading material. Now if its not legal its not coming in our home or on my devices..If its to expensive the author or developer did not want to sell it.
Bottom line is support the people who Create the things that make your life enjoyable and easier to live. They wanna make ends meet to.. But its not really about the money its about what is right and wrong..
sgtpepper64 said:
I don't mean to derail the thread but since it's been brought up I wanted to address this quickly.
I'm going to try to do this without any self promotion.
It's funny that you say that, as a musician and songwriter who sells tracks at $.99 a piece (and have spent more money on recording equipment and music distribution to never break even), I beg to differ, and I don't have a band helping me out. I put out my albums for the cost of total tracks or maybe a dollar less for that "added value" feeling. Or I let people pay whatever they want thanks to my official online store giving me the ability to set that.
I'm not trying to start an argument or fight, but I just want to enlighten you on this point. Whether it's music or app development, creativity and hard thinking and writing\coding is involved. In both processes there is a lot of trial and error, time and money spent. The pricing of an app or a music track seems to be dependent on the value to the people as seen by the authors. Music seems more standardized whereas different apps will have different prices depending on what they do. But that does not mean there was any less effort or creativity put into music or films than an app. To offset the pirating a lot of musicians at least ask to recommend to friends in hopes that someone buys our tracks to help offset the cost of what we had to pay to put the music out there in the first place.
In the days of filesharing about 8 or so years ago I had downloaded some music. Those programs got old and died, and since then I have only bought CDs or used legal streaming services, typically from those artists I used to download music from. Now that my music is for sale in places I understand the arguments both in favor of free sharing and against it. There's a solution to both.
In either case, in the end we all just want to make even a little money for our creations. I don't think it's logical to suggest that music is overpriced because doesn't take as much effort as app development.
Back to your regularly scheduled programming....
Click to expand...
Click to collapse
"We've been listening closely to you, and many have expressed both interest and concern around the possibilities of facial recognition in Glass. As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place. With that in mind, we won’t be approving any facial recognition Glassware at this time."
-- from ProjectGlass on Google+
I'm not sure that I see people being able to identify you as rising to the level of privacy-invasion.
I think that facial recognition would be very useful for people with face-blindness, as well as people (like me) who are always forgetting the names of those they meet casually.
That said, I can't think of a compelling use-case for allowing people to identify anyone and everyone. I would support limiting facial recognition to:
(A) those one has met and added personally,
(B) social network "friends", and
(C) public figures.
For (C), it would be easy for Google to provide optional downloads of facial-metrics; one for politicians, one for celebs, etc. For (B), there could be an app that scans the profile pics of your "friends" on Google+, FB, what have you. And for (A), I foresee a Glassware app that allows you to record an image and short audio clip whenever someone introduces himself/herself so that you can (1) have it replayed whenever you see that person again and/or (2) go back after the fact and tag that person with their name -- starting with the app's best text-to-speech guess/transcription -- and generate a facial-metric from the image so that the name will pop up as text whenever you see that person again.
(Going further, I can foresee people generating their own facial-metrics with attached metadata like a .vcard, and exchanging them via QR code on their business cards.)
I wonder if this limitation would assuage Google's privacy concerns?
Hello,
the suggestions you made are highly interesting! Imagining I am to wear a Glass within the next few years, an app which does exactly what you described would be a great addition to the features of G.G.
If this project meets success, it would change drastically the idea of the private zone of the people. When a person goes outside, it's normal to think that he's not "online" and that his personal information is protected by the fact, that he cannot be recognised on the street by people, who don't know him. This is about to change, because all of the options, which would be provided by the glass:
"The experience of being a citizen, in public, is about to change" /Mark Hurst/
I totally agree with this statement, because the glass contains a processor, which means it's a computer as well, and we all know about the possibilities of the computers. When a lot of our information is on the internet, it's possible, that this information could be used outside the net, which is related mostly to the face recognition features. Altough the privacy policy wants from the users to be correct using the glasses and not harm the others privacy rights, the google glass, as I said, is a computer so if a face is recognised, the owner could do with this information whatever he likes. This includes searching for information on the net and even changing it.
The other big problem is the feature for taking photos. Altough there would be a protection and a sign, that the glasses are recording video/ taking a picture, that could be easily hidden/hacked, as I said this is a computer. A owner of the glasses would have the possibility not only to get information on the internet for people, but to record and share a new one, which attack the people's privacy rights.
And to show the possible outlook of the society, I will post another quote:
"Our society will be surveillant society; it's up to us to make that a virtue, and not just another fear" /Devin Coldewey/
The problem, which I did not mention, was the problem, that google and respectively another companies would have the possibility to get additional information about us, to track our location, record our conversations etc.
So we should defenately think about the possible privacy problems, which google glass could cause!
#gsi
wear a mask on street then.
You don't have the right to privacy when you go out in the public.
Honestly google glass is about as stupid an idea as it gets...there gimicky..clumsy...rude...stupid looking....the list just goes on..and anyone who wears these will be made fun of for talking to themselves. ...that being said im sure ill pony for a pair and secretly hate myself.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
This is just the testbed for putting the same sort of tech in contact lenses.
Unhived__Mind said:
Honestly google glass is about as stupid an idea as it gets...there gimicky..clumsy...rude...stupid looking....the list just goes on..and anyone who wears these will be made fun of for talking to themselves. ...that being said im sure ill pony for a pair and secretly hate myself.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
hey look, another neo-Luddite who's going to fail in life.
Unhived__Mind said:
Honestly google glass is about as stupid an idea as it gets...there gimicky..clumsy...rude...stupid looking....the list just goes on..and anyone who wears these will be made fun of for talking to themselves. ...that being said im sure ill pony for a pair and secretly hate myself.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
Same was said when the cellphone was created.
We'll talk again in 5 years
You know this only means that the law enforcement agencies and feds are going to be outfitted with this thing first with unofficial cracked facial recognition software thus resulting in more tyrannical living conditions. Just recently Texas Instruments developed a chip that operates in the terahert frequency range that supposedly will give people the ability to see through walls.
To reiterate, I support the idea of banning a Glass app capable of identifying anyone and everyone on the street via facial recognition. That is, I think, an invasion of privacy. (Though I understand the counter-argument that there is no expectation of privacy while in public, and I think that a case can be made, but I think that it's sensible of Google to ban such things for now until people are more used to it.)
I see no reason why Google should ban all facial recognition, though. I should be able to take a facial recognition snapshot (henceforth "FRS") of my friends and tag them with their names and other metadata. I should be able to consent to giving my FRS to business associates, whether by orally agreeing and then standing still while their Glass scans my face or by providing a URL via QR or bluetooth that enables their Glass to download my FRS.
Going forward, I would like to have my FRS attached to my social networking account and be able to control who can see it. Maybe I want just one circle to have access. Maybe I want all of my circles to have access. Or maybe I want all of my circles plus one or more degree of separation. (Personally, I think that it would be useful to go out one degree of separation, so that friends of friends could "recognize" me in public.) Those who felt they had nothing to fear could crank it all the way up to 6 degrees of separation, effectively making them recognizable by the world at large.
It could be the enabler of Cory Doctrow's whuffie-based economy.
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL
mikeprius said:
http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL
Click to expand...
Click to collapse
its happening all over the country.. New York state announced the same 2 weeks ago, if it'll actually happen is anyone's guess. but also it doesnt matter, as google is only selling nexii via their site now.
simms22 said:
its happening all over the country.. New York state announced the same 2 weeks ago, if it'll actually happen is anyone's guess. but also it doesnt matter, as google is only selling nexii via their site now.
Click to expand...
Click to collapse
Regardless of *how* they are selling it, the problem is that they wouldn't be allowed to sell it in those states where it is banned, which means that they won't be able to SHIP it there, or possibly if there is just a billing address in one of those states.
Nice thing about Nexus, though, is that they can make it trivial to add back the encryption. Just make a system property that switches crypto on. echo "ro.crypto 1" >> /data/local.prop
---------- Post added at 09:25 PM ---------- Previous post was at 09:24 PM ----------
mikeprius said:
http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL
Click to expand...
Click to collapse
That was only necessary on Nexus 6 due to lack of CPU support for crypto functions. It only has the proprietary qcom parts available.
Lmao. Not like they have anything more important to deal with. Pretty sure this is wishful thinking
Sent from my Nexus 6 using XDA Premium HD app
rpolito73 said:
Lmao. Not like they have anything more important to deal with. Pretty sure this is wishful thinking
Click to expand...
Click to collapse
When this whole new "don't encrypt" thing started last year, I was under the impression that it was brought up just to make a point about why it is a bad idea, so that it could be put to rest.
But unfortunately, some idiots ran with it, and now its out of control.
If I have to, I will roll my own crypto, and I will do it just because I can.
However, encrypted computer... Just fine. I.E. SSH into your home PC and run your criminal enterprise from it.
Always afraid of people regulating things they don't understand.
Anyways, this wouldn't do away with encryption, or really prohibit any sales. Google would have enough heads up... They would simply be forced to add a "back door" to encryption so that the government could un-encrypt your device with a court order...
I get the spirit of this.... But really, like with so much else, private sector can usually out perform the government and any back door they add will likely be open to being exploited by the smart bad guys too. Data the government can't decrypted has existed for a LONG TIME.... but now that apple makes the news IT MUST BE STOPPED
scryan said:
However, encrypted computer... Just fine. I.E. SSH into your home PC and run your criminal enterprise from it.
Always afraid of people regulating things they don't understand.
Anyways, this wouldn't do away with encryption, or really prohibit any sales. Google would have enough heads up... They would simply be forced to add a "back door" to encryption so that the government could un-encrypt your device with a court order...
I get the spirit of this.... But really, like with so much else, private sector can usually out perform the government and any back door they add will likely be open to being exploited by the smart bad guys too. Data the government can't decrypted has existed for a LONG TIME.... but now that apple makes the news IT MUST BE STOPPED
Click to expand...
Click to collapse
just seems crazy that they were just making such a big deal about the ability to have it encrypted, and now they want to ban it. I understand why they would want that, but you would think the NSA or some other entity would pretty much be able to do whatever they needed to get in.
This would be difficult to regulate. There are certain states that have gun magazine bullet limits in certain states but it seems like a trivial issue and would be hard to enforce
mikeprius said:
This would be difficult to regulate. There are certain states that have gun magazine bullet limits in certain states but it seems like a trivial issue and would be hard to enforce
Click to expand...
Click to collapse
If it passes, they will simply have to add a backdoor or some universal key into the encryption used. They likely wont make versions for each state, so I would guess that if this passes, android and IOs would simply feature some built in mechanism to allow un-encryption by google/apple... will likely end up being in all versions of android.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Then someone will hack into that backdoor... and we will see wide spread panic over the fact that we are unsafe! (meanwhile career criminals will adapt and use off device storage with encryption that isn't vulnerable)
scryan said:
If it passes, they will simply have to add a backdoor or some universal key into the encryption used. They likely wont make versions for each state, so I would guess that if this passes, android and IOs would simply feature some built in mechanism to allow un-encryption by google/apple... will likely end up being in all versions of android.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Then someone will hack into that backdoor... and we will see wide spread panic over the fact that we are unsafe! (meanwhile career criminals will adapt and use off device storage with encryption that isn't vulnerable)
Click to expand...
Click to collapse
According to the DOJ encryption causes children to die LOL
http://gizmodo.com/the-doj-ups-the-ante-says-iphone-encryption-will-kill-1660827774
" (4) "Sold in California," or any variation thereof, means that the
smartphone is sold at retail from a location within the state, or
the smartphone is sold and shipped to an end-use consumer at an
address within the state. "Sold in California" does not include a
smartphone that is resold in the state on the secondhand market or
that is consigned and held as collateral on a loan."
I think the operative phrase "sold and shipped to an end user in California" would simply be interpreted as retailer needing an out of state dispatch center, so all the big guys are safe. Actually I think everyone is basically safe except your local Verizon store....
" (d) (1) The sale or lease of a smartphone manufactured on or after
January 1, 2017, that is not capable of being decrypted and unlocked
by its manufacturer or its operating system provider shall not
result in liability to the seller or lessor if the inability of the
manufacturer and operating system provider to decrypt and unlock the
smartphone is the result of actions taken by a person or entity other
than the manufacturer, the operating system provider, the seller, or
the lessor and those actions were unauthorized by the manufacturer,
the operating system provider, the seller, or the lessor."
So you can sell one of these phones if it's a refurb that broke the warranty, or if everyone is ok with it?
" (2) Paragraph (1) does not apply if at the time of sale or lease,
the seller or lessor had been notified that the manufacturer and
operating system provider were unable to decrypt and unlock the
smartphone due to those unauthorized actions."
So don't sell a phone that you can't unlock.... but only if there's actual notice from both the manufacturer and (not or) the OS provider.
Bull****, toothless (civil penalty, no private right of action), poorly and vaguely written and places potential legal obligations that are not enforceable since the manufacturer and OS maker might not be domiciled in CA... or even the US. Hell, it even specifically states that you can just sell a second hand one and a second hand device has not been defined as "used"
I quote Section 22761 to the Business and Profession Code because this is supposed to be an amendment of it.
Corporate security demands encryption and me I personally like my privacy.
Given a choice to be able to use my device for work encrypted or go with encryption disabled and use it as a personal device only.
I go with encryption.
California has a long history of disregarding the First and Second amendments... why not trample on the fourth while they are at it.
jimtje said:
" (4) "Sold in California," or any variation thereof, means that the
smartphone is sold at retail from a location within the state, or
the smartphone is sold and shipped to an end-use consumer at an
address within the state. "Sold in California" does not include a
smartphone that is resold in the state on the secondhand market or
that is consigned and held as collateral on a loan."
I think the operative phrase "sold and shipped to an end user in California" would simply be interpreted as retailer needing an out of state dispatch center, so all the big guys are safe. Actually I think everyone is basically safe except your local Verizon store....
Click to expand...
Click to collapse
The part I made bold contradicts your interpretation. Basically says that a new smartphone will not be able to be shipped to an end user in the state *at all*.
Now there is an obvious loophole in this, which is to distribute via a reseller, who opens the box, sets up a new randomly generated gmail address, and installs a few programs. Now deemed "resale" and "secondhand", it is legal to send it in.
" (d) (1) The sale or lease of a smartphone manufactured on or after
January 1, 2017, that is not capable of being decrypted and unlocked
by its manufacturer or its operating system provider shall not
result in liability to the seller or lessor if the inability of the
manufacturer and operating system provider to decrypt and unlock the
smartphone is the result of actions taken by a person or entity other
than the manufacturer, the operating system provider, the seller, or
the lessor and those actions were unauthorized by the manufacturer,
the operating system provider, the seller, or the lessor."
So you can sell one of these phones if it's a refurb that broke the warranty, or if everyone is ok with it?
Click to expand...
Click to collapse
This sounds like a roundabout way of saying that the manufacturer must actively "not authorize" any alteration that would result in unbreakable encryption. Note: NOT that they must actively work to BLOCK the modification, just that they must state something to the effect of "Alphabet Inc., does not authorize any modification that will circumvent california law blah blah blah." -- see, there is a big difference between "unauthorized" and "forbidden". There is also a difference between legally and technically. Also, there is absolutely nothing in there about the warranty, therefore no part of the "modification" necessarily voids the warranty.
At least that would give them a strong position when up against the "unauthorized" clause. Though technically, it may be adequate to just say nothing at all. I.e., for someone to "be authorized", takes an intentional act of providing authorization. Such would be the case if, for example, they were to provide *instructions* on what the end user could do to disable the crypto's back door.
However, another interpretation could be that Nexus devices, by definition, authorize the user to "do what they want" with it, including disabling the backdoor.
" (2) Paragraph (1) does not apply if at the time of sale or lease,
the seller or lessor had been notified that the manufacturer and
operating system provider were unable to decrypt and unlock the
smartphone due to those unauthorized actions."
So don't sell a phone that you can't unlock.... but only if there's actual notice from both the manufacturer and (not or) the OS provider.
Click to expand...
Click to collapse
Hmmm... that is very weirdly worded.
On the surface, it appears to be meaningless in the face of the (4) section, since there wouldn't BE such unauthorized modifications made to a device if it is new (hence qualifying for the resale/used exemption of (4)), but what it does suggest, is possibly somehow related to the notion of sending them out to be modified.
Bull****, toothless (civil penalty, no private right of action), poorly and vaguely written and places potential legal obligations that are not enforceable since the manufacturer and OS maker might not be domiciled in CA... or even the US. Hell, it even specifically states that you can just sell a second hand one and a second hand device has not been defined as "used"
I quote Section 22761 to the Business and Profession Code because this is supposed to be an amendment of it.
Click to expand...
Click to collapse
This kind of horrible nonsense is starting to make the Nexus 6's software crypto more and more appealing. With hardware crypto, the problem is that technically, the closed source radio could obtain access to the encrypted data directly. In other words, there could be an over-the-air backdoor that doesn't even interact with Android, and actually, there could be one there *right now*. At least with software crypto, the kernel is in charge. That leaves the backdoor restricted to what is accessible under Linux by the radio blobs, and the good news is that we can firewall those blobs right up the wahzoo as needed.
---------- Post added at 07:58 PM ---------- Previous post was at 07:58 PM ----------
mikeprius said:
According to the DOJ encryption causes children to die LOL
http://gizmodo.com/the-doj-ups-the-ante-says-iphone-encryption-will-kill-1660827774
Click to expand...
Click to collapse
And according to me, the DOJ causes children to die.
doitright said:
The part I made bold contradicts your interpretation. Basically says that a new smartphone will not be able to be shipped to an end user in the state *at all*.
Click to expand...
Click to collapse
Ah, question of statutory interpretation, a sure sign of a poorly written amendment, the fact that we see it differently shows that this legislation is already on the rocks.
Now there is an obvious loophole in this, which is to distribute via a reseller, who opens the box, sets up a new randomly generated gmail address, and installs a few programs. Now deemed "resale" and "secondhand", it is legal to send it in.
This sounds like a roundabout way of saying that the manufacturer must actively "not authorize" any alteration that would result in unbreakable encryption. Note: NOT that they must actively work to BLOCK the modification, just that they must state something to the effect of "Alphabet Inc., does not authorize any modification that will circumvent california law blah blah blah." -- see, there is a big difference between "unauthorized" and "forbidden". There is also a difference between legally and technically. Also, there is absolutely nothing in there about the warranty, therefore no part of the "modification" necessarily voids the warranty.
Click to expand...
Click to collapse
Hence, without teeth. There's no outright ban of encryption, only sale of unauthorized first-hand retail models of phones featuring encryption, so it's either supposed to be construed very narrowly or just turned out that way.
At least that would give them a strong position when up against the "unauthorized" clause. Though technically, it may be adequate to just say nothing at all. I.e., for someone to "be authorized", takes an intentional act of providing authorization. Such would be the case if, for example, they were to provide *instructions* on what the end user could do to disable the crypto's back door.
However, another interpretation could be that Nexus devices, by definition, authorize the user to "do what they want" with it, including disabling the backdoor.
Hmmm... that is very weirdly worded.
On the surface, it appears to be meaningless in the face of the (4) section, since there wouldn't BE such unauthorized modifications made to a device if it is new (hence qualifying for the resale/used exemption of (4)), but what it does suggest, is possibly somehow related to the notion of sending them out to be modified.
Click to expand...
Click to collapse
I think the limitation on what the state's power to regulate interstate commerce made that necessary but it effectively defeats itself. Clearly the law would have little effect and easily circumvented via the exceptions that are specifically given. With no private course of action individuals don't even have standing to bring a claim on their on regarding the viiolation anyway so it really is just words that have very little effect if actually enacted.
This kind of horrible nonsense is starting to make the Nexus 6's software crypto more and more appealing. With hardware crypto, the problem is that technically, the closed source radio could obtain access to the encrypted data directly. In other words, there could be an over-the-air backdoor that doesn't even interact with Android, and actually, there could be one there *right now*. At least with software crypto, the kernel is in charge. That leaves the backdoor restricted to what is accessible under Linux by the radio blobs, and the good news is that we can firewall those blobs right up the wahzoo as needed.
I think the fact that there's so much uncertainty in the plain text of the proposed amendment show that it' a defective work. They obviously don't even
---------- Post added at 07:58 PM ---------- Previous post was at 07:58 PM ----------
And according to me, the DOJ causes children to die.[/QUOTE]
Well, at least in a court of law an expert needs to establish foundation before testifying. You don't need to demonstrate any knowledge to write an amendment like this.
Oh and the big federal agencies all have blood on their hands anyway. DOJ loses prioners. DHS deports American citizens. FDA can find drugs and then send it right onto you. Ain't nothing new, but does make administrative law fun and sad if you practice it.
scryan said:
If it passes, they will simply have to add a backdoor or some universal key into the encryption used.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Click to expand...
Click to collapse
They won't do it. Both Apple and Google have stated that their encryption can't be designed with a "back door" in place, and if they DO build a back door, they'll be forced to accept other countries' requests for the keys, not just US state/federal requests. The burden this would put on Apple/Google, and the fact that it makes the encryption almost pointless, would mean they'll never do it.
Also, when the FBI did a review of device encryption, the three possible methods that they came up with were all too costly and illogical that they ended up saying that there just isn't a viable encryption solution that the government can get behind.
---------- Post added at 07:57 AM ---------- Previous post was at 07:53 AM ----------
Everyone's seriously overthinking this...
If Cali/NY pass a regulation like this, all Google or Apple will do is revert back to Kit Kat-style encryption. With KK, it was still FDE, but it was off by default, so that users had the *option* under security to enable full device encryption.
This way, devices sold to consumers would be un-encrypted at the point of sale and the end-user would be the one actually enabling/using encryption. The question would be whether the user is violating any state regs by enabling encryption, but it sounds like that's not what the states are trying to confront.
Does this ban mean that new Nexus devices will have the ability to be non-encrypted w/o root? The only thing I don't like about encryption is the decrease of performance.
mkygod said:
Does this ban mean that new Nexus devices will have the ability to be non-encrypted w/o root? The only thing I don't like about encryption is the decrease of performance.
Click to expand...
Click to collapse
The performance hit is a lot lower (practically non-existent) on CPUs that support it properly.
So Apple issued an open letter regarding the San Bernardino case regarding the FBI's request:
https://www.apple.com/customer-letter/
mikeprius said:
So Apple issued an open letter regarding the San Bernardino case regarding the FBI's request:
Click to expand...
Click to collapse
That FBI vs. the Fruit company battle is hilarious. Both sides are such complete morons that they are just going to bang at the courts until everybody pays a whole lot more money and ends up getting nowhere.
The first thing to be aware of, is that the phone in question has a SDMFLBCB2 or similar Sandisk eMMC chip.
The thing won't self-destruct unless you actually run the self-destruct code, so pull the chip (bake in oven at 450 F for 20 minutes, then grab chip with tweezers and pull), and install chip in reader.
READ THE BLOODY CHIP, then either (a) run crypto code in emulator and try to brute force password as desired, or (b) write it to millions of replacement chips and reinstall in phone to try passcodes until you run out of guesses.
Note that FBI just wants to be able to try passwords without the phone self-destructing. They aren't actually asking for a backdoor, just to disable the self-destruct routine.
Now next step is to bring it to the APPLE side of stupid. Apple is acting as if they would be CAPABLE of creating an actual backdoor into an already-existing phone, with nothing but a software change. Not just disabling the self-destruct routines, but actually breaking through the supposed "encryption". Is it possible that they aren't *actually* encrypted at all? Or are we talking about something insane, like the crypto key is stored somewhere on the device in PLAIN? While Android has this capability (of using a default crypto-pass in order to obtain the key needed to decrypt and mount /data automatically on boot), it also has the ability to stop mid-boot to demand the passcode when it needs to mount /data. I wonder just how secure that apple crypto really is....
In any case, assuming that they are being truthful about the inability to assist the FBI without compromising *everything*, it tells me that data on an apple device is NOT secure.
The FBI is acting like end-users, when they should be dealing with computer engineers, who can trace the software execution on the device and reverse-engineer the destructo-routines in order to patch their way around them. They should *NOT* be needing or asking for apple's help with this.