Related
(Note posting in this topic as to dev category for obvious reasons)
This whole incident has taken me by surprise with the actions of Google against Cyanogen. Now the actions from my understanding so far are likely the result of the early release of the Market app with his new Donut based releases. There is a valid argument for Google in which it is their own proprietary code in which they want to release on their terms I would assume, however I prefer to take the side of the community. The community around XDA has supported and nurtured the development of the Android OS and the devices based upon it, with the developers pushing the limits on what they can do and implementing smarter and better solutions. We the community in a sense become beta testers for the latest and greatest Android has to offer, how many applications do you think have already added support for 1.6 due to Cyanogen's mods and our feedback?
In summary, I believe while Google does have a valid argument against, but it would better serve them to not continue with this course of action. I invite you all to write and use all social networks available to you to spread the world, submit to every news site, raise awareness of the problem. Don't waste your time with petitions, just spread the word, go viral with it.
Digg search for cyanogen:
http://digg.com/search?s=cyanogen
Original article:
http://androidandme.com/2009/09/hacks/cyanogenmod-in-trouble/
Facebook group:
http://www.facebook.com/group.php?gid=144634407186&ref=nf
Send tweets to @google also, flood the information stream.
Email the people at Engadget, Slashdot, Gizmodo, all the major blogs just to keep focus upon it.
Someone should put it up on reddit too, get some visibility on wired.com!
Listen, this situation is really cut and dry. Cyanogen had NO LICENSE to distribute the CLOSED SOURCE APPS. The rest of it is perfectly fine.
The solution:
Develop the roms, DELETE the closed source apps, sign, publish. When someone installs the roms, let them install the closed source apps themselves -- i.e., *somebody* (who won't be linked back to cyanogen) will likely post a simple "closed-source-google-apps-for-cyanogenmod-4.xx.xx.xx.zip" which can be installed from recovery mode.
Problem solved.
wont that person then be "under-fire"?
gospeed.racer said:
wont that person then be "under-fire"?
Click to expand...
Click to collapse
Only if the person gets caught.
tool to extract non free files and create a update image
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
lbcoder said:
Listen, this situation is really cut and dry. Cyanogen had NO LICENSE to distribute the CLOSED SOURCE APPS. The rest of it is perfectly fine.
The solution:
Develop the roms, DELETE the closed source apps, sign, publish. When someone installs the roms, let them install the closed source apps themselves -- i.e., *somebody* (who won't be linked back to cyanogen) will likely post a simple "closed-source-google-apps-for-cyanogenmod-4.xx.xx.xx.zip" which can be installed from recovery mode.
Problem solved.
Click to expand...
Click to collapse
Are you a lawyer? no. So don't give your interpretation of what Cyanogen's license was and wasn't. You already started a thread about it and you're spamming the hell out of another. Don't mess with legal guesses, it's a bad bad idea. As I am someone who is studying law (and also a programmer/generally tech-smart), I am doing and suggesting to stay the hell away from that part when possible. Law -> politics -> flamewars -> ad hominem/bad posts. This is not tvtropes.
Meanwhile, can you even get past the start/initialization page without having the closed source apps, as they are market/gmail? This question is to actual modders.
Google has made a mess of thus, if they stop him from distributing with the apps it's only going to get *waaaay* messier.
You, are an IDIOT.
What happens when you *assume*? I'm sure that if you are, in fact, a law student (as you imply yourself to be, though you really only call yourself a "student" of the law, which could mean that you simply watch CNN from time to time), that this would have been answered on the first day of your first class.
Cyanogen's license *IS EXACTLY* the same as the license granted to *ALL OTHER USERS*. You want to read it? Its in your phone under About Phone --> Legal Information --> Google legal. Until you have read and understand *it all*, you should immediately cease offering your suggestions.
Edit: I just noticed your post count... 3.
Amazing, the audacity of some people. Whenever things start to get beyond the understanding of the average, all the chicken-littles come out from the woodwork and start crying about how evil the big company is. It is a direct function of a lack of understanding of the issues.
My advise: FORGET ABOUT IT. This has nothing to do with you and most likely won't have any (significant) impact on your life. At worst, you will have to add ONE SMALL STEP to the process of flashing the latest modrom.
Let me repeat: THIS IS NOT A BIG DEAL! IT DOESN'T REALLY MATTER! Your phone is NOT about to catch on fire or start spying on you.
Oh, and for you information: regarding how I know what Cyanogen's license was....
1) the fact that it is included with the phone.
2) the fact that he received a c&d order (which they wouldn't send if he was licensed, or if they had, it would be the simplest matter to resolve).
3) the fact that he said so himself.
designerfx said:
Are you a lawyer? no. So don't give your interpretation of what Cyanogen's license was and wasn't. You already started a thread about it and you're spamming the hell out of another. Don't mess with legal guesses, it's a bad bad idea. As I am someone who is studying law (and also a programmer/generally tech-smart), I am doing and suggesting to stay the hell away from that part when possible. Law -> politics -> flamewars -> ad hominem/bad posts. This is not tvtropes.
Meanwhile, can you even get past the start/initialization page without having the closed source apps, as they are market/gmail? This question is to actual modders.
Google has made a mess of thus, if they stop him from distributing with the apps it's only going to get *waaaay* messier.
Click to expand...
Click to collapse
gospeed.racer said:
wont that person then be "under-fire"?
Click to expand...
Click to collapse
At this point we're talking warez, and though I won't advocate warez, when was the last time you saw Ahmed Ahmed Ahmed from Iran get persecuted for distributing warez?
Remember that the US government can't even find Bin Laden....
Or the apps can be pulled by the users from *legitimate* images, like ADP1. This, at least, is legal for owners of ADP1's for use on ADP1's.
Frankly, adding a step to complicate the process would probably go at least a little way in getting the super-noobs out of the game. They get *really* annoying.
Oh FYI: I got that board you sent me more-or-less cleaned up now, going to start mapping it out soon.
setupr said:
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
Click to expand...
Click to collapse
Exactly. It is incredibly simple.
unzip (official-update.zip) /path/to/file1toextract /path/to/file2toextract ... /path/to/filentoextract
zip -g (mod-rom-update.zip) /path/to/file1extract /path/to/file2extract ... /path/to/filenextract
java -jar testsign.jar (mod-rom-update.zip)
Then just copy file to /sdcard/, recovery, flash, done.
Yeah, I know that us modders will continue to be doing the same thing and continue on, I know they aren't going after the entire community. It was for distributing the new Market app before its release as I understand currently. Hell, all I would do I an adb pull from a rom and push it into a new release. Just like I will be doing with the Market app if he can't put it in another release haha.
However the point of this thread was not to see if Google had the right to do that, they did. It is that simple. It is their proprietary code that was released early, by cyanogen, but I think it is unnecessary. The point of it was to support cyanogen for more ideological reasons, this community pushes the development at a rapid pace. My Dream would have been a nightmare without the likes of JF, haykuro, cyanogen, Dude, etc. With cyanogen releasing Donut in his builds, our community has been pushing developers to up their support to it and fix bugs relating to 1.6 before it is pushed as an update. The same thing with the Market app applies, how many of those apps have screenshots already? Why alienate the true heart of the device, we are basically beta testers for those of us running experimental roms. I understand the Google position, I just wish they would see that no harm, no foul.
And don't equate the amount someone posts to the boards to their understanding of a situation. There are quite a few people that just get the ROMs, run them and can use a search button if they have problems.
holy cow batman, flame much? Some people lurk for a long time before registering such as I.
I agree it's a small issue, and cyanogen is probably already working on it at least based off of his twitter. However, it doesn't matter what you or I feels about the licensing, nor even what the courts would interpret were it to get to that point.
It however, is very inappropriate to be ad hominem and/or bar threatening to people over this issue, basically getting worked up yourself. Honestly, playing seniority and insulting my schooling? I was not trying to be threatning to you, simply pointing out that you are not a spokesperson for interpreting a software license. Really, it's like you went into an emotional rage the minute cyanogen got the C&D.
Cyanogen in trouble
I can't believe Google is pulling this crap. I can only hope that Google is smart enough to work something out with Cyanogen so he may continue to share his awesome developments. I would expect some restrictions, but they need to work with him and let him do his thing. Otherwise, where's the incentive for anyone else following in his footsteps to make programs better for Google?
setupr said:
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
Click to expand...
Click to collapse
Maybe this is the answer?
cyanogen : And regarding the keep-proprietary-apps-on-device-for-custom-rom install, with all the odexing and resource id mismatches... Ugh.​http://twitter.com/cyanogen/status/4384352484
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
andrewluecke said:
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
Click to expand...
Click to collapse
First off: Who's to say the original developer can't put this so-called "dodgy code" in their own apks?
Secondly: The Android marketplace doesn't have any strict rules as to what someone can post, and the code isn't even checked. You have just as high a chance of getting this "dodgy code" from any app you download straight from the market.
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
andrewluecke said:
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
Click to expand...
Click to collapse
Are you familiar with modifying an APK? It is not nearly as easy as you make it seem. If the developer doesn't release the source code, it can't easily be functionally modified minus a few graphics and the like. Not to mention, this is how the iPhone jailbreak system works in regards to getting content. And has been going on with PC for years.
I really do not think it's something we have to worry about. Just install an anti-virus on your phone if you're worried.
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Good thing to raise awareness among users, but alas - most of them don't even bother to read the permissions requested by apps downloaded from the market.
There are actually quite few people that have an idea of what could happen if they had a rouge app on their phones. I recently tried to give a similar general warning in another forum that people should take care when flashing "beta" firmwares downloaded from some hosting site and not from the developer... You think most of them cared? Sadly they didn't...
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
andrewluecke said:
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Click to expand...
Click to collapse
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
APK's are not open source and cannot be decompiled and edited. The only way for what you are suggesting can happen, to happen, is if the APK in question had its sources released so someone else could release an edited version of the program, made from scratch, in java.
"can probably" is not very sure. The chances of someone posting a completely separate app with the name of a well known app is much more likely than someone editing an existing app (assuming the sources were available).
If you have no clue about android apk development why even bother arguing?
opensourcefan said:
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
Click to expand...
Click to collapse
Agree 100%. Much better said! You don't know who's releasing what, so watch what you're installing and just make sure it looks like the program you were looking for in the first place..
Electroz said:
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
Click to expand...
Click to collapse
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
2 options to make sure ur safe :
1. Dont install root applications (they require 0 upfront standard android api permissions hence u won't know what its doing behind the scenes)
2. Install apps by transferring them to ur phone and using the package manager, that way you can see standard permissions (if any) and judge accordingly.
You know what would be cool, if superuser could log the "su" commands a root requiring app executes
Daneshm90 said:
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
Click to expand...
Click to collapse
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
If its a non-root requiring app then yes, it must disclose its permissions prior to installing it through package manager not if u use adb to install.
You just have to judge, if a wifi toggle app is asking for email/sms permissions, you might want to be careful
As for root-requiring apps, theres not much you can do other than read reviews for that app or decompile and try to understand what its doing behind the scenes.
Electroz said:
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
Click to expand...
Click to collapse
It's quite easy to modify disassembled app code as well - trust me ;-) Also I think we will have possibility to decompile to Java code in the future.
Just don't think of your phone as a smaller PC (especially Windows), because this isn't true. There will never be antiviruses for Android and your only protection are permissions. Anyone could create market account and upload malicious app.
About game companies: they usually write in native code and it's really hard to decompile (or maybe even impossible for now). Besides... did you heard about gameloft's recent games? They're really awesome. Note that first 3d-gaming capable Android phones were released just ~10 months ago, so it's still quite early.
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
It should, however, what if it is an alternate launcher, in which case, you'd expect it to be able to send SMS's and make phone calls. That's all fine, until you realise the copy of launcherPro you downloaded using a multi-upload in XDA is having phone sex with a russian operator costing you hundreds of dollars.
It's actually good Brut spoke here. Brut[Maps] is relevant, because it introduces new features which distinguishes it from Google's version. However, can we trust Brut as much as we can trust Google? He seems trustworthy yes, but as trustworthy as Google? Questionable. (Btw Brut, good work on your mod). Of course, his mod does have considerable benefits showing he is interested in helping the community and he hasn't caused any problems thus far. That only means his official multi-upload posts are safe though, if I repost them elsewhere, you shouldn't trust my copies.
It's common sense that programs should pass by as few hands as possible to remain secure. We need to build awareness about security practices (particularly for business users who may compromise their companies security or information). I'm not saying all rom's are safe.. Think about it though, if an APK is already readily accessible, why would someone go through the effort of re-uploading it?
Furthermore, we should encourage people using their phone's for important purposes to use the official Kies releases, not random firmware's available from Samfirmware's (which may not even be final versions).
Remember, trojans are common in the warez world, and it's better to change the attitude of the community before they become a problem here too (otherwise, people will be stuck in a poor mindset that compromises herd immunity). XDA is a website targeted at the technical crowd, and we should set a good example.
@Electroz. Haven't disassembled them myself, but checked a tutorial. But someone has responded already anyway.. Just because I don't have experience doing it myself anyway, doesn't mean it isn't widely known to be possible.
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
i think we are pretty safe with those
however... it's suck if they run in the background all the time eating the juice+cpu power away
Anti-virus only helps for known trojans anyway, and since so few people have it installed, it doesn't help much. When Android has it built in though, it may be more useful.
Anti-virus should be considered a last line of defense anyway. And either way, I'm not concerned, because I try to minimise the risks of my own sgs. However, it's a concern that people here don't believe such a risk exists, and are actually encouraging a global attitude which might make the Android population ripe for social engineering attacks in the future.
@andrewluecke
I understand you, I don't say there is no problem with security. I say it doesn't matter you will get malicious software from mirror or Market itself. We could assume apps downloaded from WWW are more dangerous, but this problem is general one: people should be cautious whenever they install something with critical permissions. If they won't they will have problems anyway - it's just a matter of time.
I agree with you: it's important to aware people of that problem. This is actually only one thing we can do: be aware and cautious.
Ahh and in many situations it's possible to protect yourself against problem with redistribution. First, you could check md5 - many developers give it to people, I do. Second: signatures. Each app is signed by its author, so you could check its authenticity. You could check signatures of downloaded apk using public key uploaded by dev to his WWW or using "safe" apk you downloaded earlier. Unfortunately there are no tools to do that easily :-/ Also Android does this check automatically when you install new software. So if you have installed e.g. GM modded by me, then you have downloaded new version from some mirror and succeed at installing it, you can be sure it was also from me and nobody modified it.
AllGamer said:
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
Click to expand...
Click to collapse
Hmm? I think it's impossible, cause apps can't get to data and resources of others apps. And creating an app for root users only wouldn't have much sense.
I have found Norton Smartphone Security for Android and it's anti-theft protection, not anti-virus.
I'm not a coder and came from IT field so I have lots of general questions about apk security and found this thread...great discussion. TY
Just a general question about apk security...how easy is it to alter apk for malicious intent? And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone? ...just kinda scary to imagine
the news about android virus gets me nervous about installing any apk released from any individual
http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/
kobesabi said:
how easy is it to alter apk for malicious intent?
Click to expand...
Click to collapse
Quite easy for a good developer.
kobesabi said:
And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone?
Click to expand...
Click to collapse
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Brut.all said:
Quite easy for a good developer.
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Click to expand...
Click to collapse
Wow, scary. Unless there is something else, that they can't get away, I don't think banning would deter much, they just laugh at the weak security as a fun challenge. If they already got tons of ip under their control...banning by account, ip, or email will not help much...they can always get new ones.
Is there a way user can authenticate/verify apk signing from authentic author/writer? Many just post apk but did not post md5 or sha sum so how can a user find out if it is original or not?
Anyway to test these apk without loading up to real phone?
Update:
PDroid privacy protection is now available for both CM7.2 and CM9 via BotBrew (no source or patching, just an install).
Still no sign of CM permission management in CM9.
See this thread for more info:
http://forum.xda-developers.com/showthread.php?t=1589259
End update
I tried CM9 alpha build 17. Still no sign of permissions management, so I flashed back to CM7.2.
Is anyone else waiting for permissions management to get merged before switching? Here is a poll, and also a place to discuss facts, rumors and idle gossip about permissions management.
I guess there's no reason we can't discuss the design of PM also, not that the CM devs will necessarily notice.
I would be interested in any ideas regarding how to take control of our phones and ensure they aren't selling us out byte by byte to the highest bidder.
https://play.google.com/store/apps/details?id=com.stericson.permissions&hl=en
bearsfan85 said:
https://play.google.com/store/apps/details?id=com.stericson.permissions&hl=en
Click to expand...
Click to collapse
"Permissions Denied" is a great app, but superseded by CM PM when available. It does have a feature I'd like to see in PM: the ability to control a given permission globally instead of just app by app. It would be good to be able to set for example "read phone state and identity" to be globally denied by default, and enable it as desired.
i was providing you an alternative i never said that its better or worse, thanks again for proving that people on XDA are ungrateful
bearsfan85 said:
i was providing you an alternative i never said that its better or worse, thanks again for proving that people on XDA are ungrateful
Click to expand...
Click to collapse
I should thank you for providing an unexplained link to an app I had used maybe a year ago? I should try hassling everyone I've given advice to to see if I can whine my way to a higher thanks count.
Or just ignore you instead.
cashmundy said:
I should thank you for providing an unexplained link to an app I had used maybe a year ago? I should try hassling everyone I've given advice to to see if I can whine my way to a higher thanks count.
Or just ignore you instead.
Click to expand...
Click to collapse
Next time I'll put the whole google play store description in a screen shot and attach it to the post, makes more sense? All the information you need is on the link. And you think I care about my thanks count? what do I have like 20 and I've been a member over a year, if I wanted to up my thanks count I'd go to the "bricked phone" threads and walk people through fixing their phones every 3 hrs.
its also cute that you made a thread about a CM specific feature in a Vibrant section (though you did notice that the devs probably wont see it). You should post it on the cm website, oh and heres the kicker, maybe instead of complaining about it not being in there why dont you look at the source for it and port it to ICS, or do you not have the knowledge to do so?
Finally the last sentence in the OP, "I would be interested in any ideas regarding how to take control of our phones and ensure they aren't selling us out byte by byte to the highest bidder." apparently you arent due to the snarky comment you left.
What "Permissions Management" is
So far three people have clicked on "what is PM?".
Permissions Management (not sure if that is the official name) is a CyanogenMod feature that allows you to disable permissions on an app-by-app basis. You first have to enable Settings.CyanogenMod Settings.Application.permission management.
Then, when you go to Manage Applications, pick an app and scroll down to the permissions, if you touch a given permission, it will change from normal type to strike-thru, showing that the permission is disabled.
The Whisper Systems approach looks even better. If Twitter ever frees the code, maybe it will get merged into some ICS variant.
See http://www.whispersys.com/permissions.html for info about that.
You can use PDroid on CM9 although you need to compile CM9 from source.
This thread has more info: http://forum.xda-developers.com/showthread.php?t=1554960
I have it running on i9100 (sgs2).
wkwkwk said:
You can use PDroid on CM9 although you need to compile CM9 from source.
This thread has more info: http://forum.xda-developers.com/showthread.php?t=1554960
I have it running on i9100 (sgs2).
Click to expand...
Click to collapse
Very very interesting. Thanks for posting this. Hopefully some of the ICS variants will integrate this into their roms.
BTW, thanks, ferhanmm.
There's another external app, LBE Privacy Guard, which can block access to various elements of the Java Android API. This one does need nothing but root.
https://play.google.com/store/apps/details?id=com.lbe.security.lite
I used it a few times while on Gingerbread CM7 because it delivers fake data to the blocked apps. Unlike CM7's permission control feature which often makes apps crash (except in case of the network permission).
Not sure if LBE works as well on ICS/CM9.
But... nevertheless, I, too, hope the CM7 permission feature comes back. It was just too convenient being integrated into the OS app management without a need for an external app.
Psyraven said:
There's another external app, LBE Privacy Guard, which can block access to various elements of the Java Android API. This one does need nothing but root.
https://play.google.com/store/apps/details?id=com.lbe.security.lite
I used it a few times while on Gingerbread CM7 because it delivers fake data to the blocked apps. Unlike CM7's permission control feature which often makes apps crash (except in case of the network permission).
Not sure if LBE works as well on ICS/CM9.
But... nevertheless, I, too, hope the CM7 permission feature comes back. It was just too convenient being integrated into the OS app management without a need for an external app.
Click to expand...
Click to collapse
Good note, thanks.
I tried LBE. It seemed to do less than Permission Denied, but actually work. PD was too buggy to be useful for me.
Neither are open-source, and both need root, so you do have to totally trust the authors.
Hopefully we will soon have an ICS with some sort of PM built in.
PDroid
I've decided PDroid is the way to go, much better than CM PM,
which for political reasons will never have real teeth. I found an interesting CM forum thread where this explained :
http://forum.cyanogenmod.com/topic/44589-combining-cyanogen-with-pdroid/
I think I'll start another poll, this time about PDroid, to maybe encourage rom developers to add it.
cashmundy said:
I've decided PDroid is the way to go, much better than CM PM,
which for political reasons will never have real teeth. I found an interesting CM forum thread where this explained :
http://forum.cyanogenmod.com/topic/44589-combining-cyanogen-with-pdroid/
I think I'll start another poll, this time about PDroid, to maybe encourage rom developers to add it.
Click to expand...
Click to collapse
I would love to use only PDroid and thus be free to choose other ROMs but PDroid doesn't support all possible permissions, especially the internet access thus CM's PM is still essential.
Furthermore even though I prioritize PDroid first, using CM PM for the same permission has its advantages for debugging.
Hopefully the other permissions can be added to PDroid, or perhaps they require hacks in the kernel or VM.
PDroid for CM7.2 and CM9
PDroid privacy protection is now available for both CM7.2 and CM9 via BotBrew (no source or patching, just an install).
See this thread for more info:
http://forum.xda-developers.com/showthread.php?t=1589259
I'm looking to develop an app, and would like some information on how copyright works in this industry. From my research so far, there is not an existing app with all the features that I intend to apply, though there are apps with some of the features. How do I know when I'm breaching copyright, and what would prevent a future developer from creating an app very similar to mine?
MrPlaydo said:
I'm looking to develop an app, and would like some information on how copyright works in this industry. From my research so far, there is not an existing app with all the features that I intend to apply, though there are apps with some of the features. How do I know when I'm breaching copyright, and what would prevent a future developer from creating an app very similar to mine?
Click to expand...
Click to collapse
This is a very complex matter. Copyrights and patents are different from country to country and to know if you are breaching any, you need to do a research on each of them. Furthermore, as far as I know, this is an expensive thing to have done by a company specialised in copyrights, unless you wonna do it yourself (but if you get to know how to do it, maybe you'd better change job and do it, instead of programming).
If the topic is really important to you, better ask a lawyer.
I would suggest not making an app which is not better enough on something than existing apps, as it will probably not take off anyway. Of course the same is valid for the apps that might want to copy you in the future. But, if they'll do it better, well... let me says let them do!
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
reserved
reserved
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Coraz said:
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Click to expand...
Click to collapse
Thank you for your reply.
Actually, as I have pointed out in the thread, this project implements only the scanner part, it doesn't act for the developers. Developers have to decide what they want to do with the detected piracy. Its really nice to be able to run 2 versions of the same app on 1 device, I believe ChelpuS should make another app with this feature, or without other features in Lucky Patcher.
I'm sorry, but if an app tells me to uninstall something - I'm uninstalling that app first
DANIEL TAN said:
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
Click to expand...
Click to collapse
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
PoseidonKing said:
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
Click to expand...
Click to collapse
You are misinformed. We allow threads such as these because they are educational and are about preventative purposes against those applications. I would suggest you actually read what the purpose of this thread is about before telling other users about what the XDA rules say, which incidentally is not your 'job' to do.