The X10 has an issue with the Bootloader being protected by Marlin DRM.
There is no obvious reason and no clear benefit to end users or the general public. Most likely a precautionary measure to ensure SE applications work as intended and to assist with purchases of games, music, updates to Android firmware (often mistakenly called ROM's) and features Sony Ericsson have not explained in any level of detail or even stated that it exists as part of their obligations and your rights to know as the consumer.
According to the W3C.
What are some potential invasions of privacy?
1. User authentication - current PKI protocols limit the degree of anonymity -- we need to know who are you so we can sue you if you infringe
2. Usage tracking for fraud prevention
OK. Now you have just purchased a Sony Ericsson Android phone and all your social network contacts from any social media site can be merged with your phone book, backed up into Google's Gmail and shared beyond any one or all of these service's. The man controlling 'everything' that happens on your device is SE.
The phone at core capability is able to run Ubuntu / Debian Linux, Windows, iPhone and emulate everything you might wish to or choose to. Thanks to this 'feature' in the form of the Marlin DRM and Seacert broadband bootstrap implementation being present on these phones... it isn't going to happen.
With the Xperia models, the entire operating system is virtualized on boot and impossible to modify the behavior of the boot loader, due to a very high grade encryption system, provided by Inter Trust.
Unlike HTC, Motorolla, Samsung (who own a stake in the Marlin DRM but choose not to use it for snooping or destroying the main purpose of Android phones) for that matter most other Android phone manufacturers, allow the boot loader to be modified without too much effort and load a custom bootloader for multiple firmwares.
e.g; Gingerbread 2.3.2 is the default o/s shipped with Sony Ericsson apps, you want to keep this but also load Honeycomb, or Gingerbread 2.3.3, a modified vanilla o/s without things like timescape and unnecessary apps that do nothing for saving battery life.. it's your phone and you should be able to have this choice, in fact the reason Android is open source, is stop one company from forming any kind of monopoly.
So what should DRM so for us?
Are there general requirements from the concept of free flow of information?
* avoid unnecessary use restrictions, respect fair use
* universal service --- equal and fair access right
* support variety of licensing options
* make it easy for users to act lawfully
* seamless operation, interoperability of DRMS
* Support Information Search(engines)
* make licensing easy to reduce transaction costs
* secure operating environment: integrity and availability of content
* avoid bottlenecks and monopolies when standardizing (production and distribution)
Conclusion:
* copyright laws give free hand to those who develop DRMS
* Only few compulsory requirements from Law, but Guidelines can be derived from Law
* when hesitating, think in terms of free flow of information
Now back on over in Android world at Google HQ...
On 24 September 2009, Google issued a cease and desist letter to the modder Cyanogen, citing issues with the re-distribution of Google's closed-source applications within custom firmware.
Even though most of Android OS is open source, phones come packaged with closed-source Google applications for functionality such as the application store and GPS navigation.
Google asserted these applications can only be provided through approved distribution channels by licensed distributors. Cyanogen complied with Google's wishes and is continuing to distribute this mod without the proprietary software.
He has provided a method to back up licensed Google applications during the mod's install process and restore them when it is complete.
The exact same principle can be done with SE closed source apps and SE do provide the source code for their firmwares as part of the open source license. Anyone withing to check this out can simply head over to http://developer.sonyericsson.com/wportal/devworld/technology/android/ and start developing straight away. The source code, test keys and everything you need is either there or linked from there back to the places you need to be.
Semcboot security algorithms are not required and serve no benefit. The day that SE stop's supporting updates for this device, the same as they did with the Xperia X10 at 2.1 Eclair, your phone will be useless and stuck with older versions of Android.
If this is acceptable and your not bother by having no bootloader mod's, a hack to be able to change firmware that may someday soon be blocked and privacy issues built in as a matter of due course that you were not even correctly informed of, except for via a specialist forum (your looking at it), then good luck with your Arc, Neo or Play.. and I suspect that there is the real rationale here - Play.
Marlin DRM exists in the PlayStation 3 for the market and guide as it does in the PSP and also will in the Xperia Play. SE became rather unhappy when the master cryptographic key to the PS3 was discovered and distributed on mass over the internet (I have a t-shirt with the codes printed...) as it bypassed their protection ad allowed among other things, pirated games to play and unauthorized content to loaded, custom operating systems etc..
Sony Ericsson watched carefully at HTC and thought about how best to implement all of their technology in an extremely secure manor and this is the result. It may actually benefit end users, so far Sony have yet to state their side of the story and will be looking forward to seeing posts on anything relevant in this thread, for anyone interested in the subject and for anyone thinking of buying an Arc.
Wish I had of known this information before I purchased my x10 but is it such a perfect world?
Isn't the X10 hackable?
This forum here has tons of custom roms for the X10
http://forum.xda-developers.com/forumdisplay.php?f=617
Sorry for the stupid question. I'm new to SE and considering an Xperia arc.
yoyohere2 said:
Isn't the X10 hackable?
This forum here has tons of custom roms for the X10
http://forum.xda-developers.com/forumdisplay.php?f=617
Sorry for the stupid question. I'm new to SE and considering an Xperia arc.
Click to expand...
Click to collapse
No it is not. We cannot get a newer Linux kernel with new feature hooks that support functions like tether and hotspot and speed or security improvements. All the roms just overlay newer Android on top of the older kernel.
Other phones have been fully hacked and can get a newer kernel to support the newer Android without any mismatched functions. The devs here have to work hard retrofitting Android.
Sent from my X10a using XDA App
well the X2 wasnt hacked yet
This thread shows how to root a X10.
http://forum.xda-developers.com/showthread.php?t=711907
So the xperia arc and xperia x10 can be rooted?
Geohot recently announced that he bought a Xperia x10 and will be first in cue for the Xperia play. Keeping his success in mind I've got a good feeling about it.
http://www.youtube.com/watch?v=dXxw71oxjxs
Related
Hello,
Im currently writing an academic paper on android and openness in my master's programme. If all goes well, it will be submitted for a conference soon.
I'm looking for your opinions on having an android device open for operating system level modifications or not. As you may know, some phones have a signed bootloader such as the Motorola Milestone, t-mobile g2 (who made the phone reinstall stock OS when breached), and probably many others. Google however, make their devices open, even though they are sold as consumer devices. Many others do not bother to install circumvention mechanics.
Obviously, the people here will be biased towards allowing modification to the OS, therefore, i would like to get a discussion going, to discern what problems and possibilities you see in the long run for hardware manufacturers.
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
I would really appericiate your opinions and discussion!
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
As a beginner app developer, this has yet to bother me. I do enjoy being able to add apps that add functionality to my phone but I haven't bothered to get down into the "root" area. So no I do not check nor does it impact my decision...I own a Samsung fascinate by the way
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
My opinion on measures to prevent changes is all about PR and performance. If enough people hacked a phone and the hack caused the phone to work below is ability then the only news report you will see is the phone sucks.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
This is also a give and take if question 2 is not of a concern to them, then its def a gain for the company and to all of the developers out there that do search for the best phone and nick pick around until they find it.
Are there enough of those kind of people out there to affect a companies buttom line. Maybe not yet but in another couple of years who knows.
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
It hasnt yet been a deciding factor on which device to get, primarily because sooner or later they all get cracked open.
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
One reason could be that the carriers demand it as a way to keep any revenue that they get from the preinstalled bloatware.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
The percentage of people that actually tinker in this area is very slim, so the manufacturers most likely don't see that as a big market opportunity.
Don't have any answers, but would like to read your paper when done...sounds interesting and a Masters Thesis is always fun to read! LOL
It's not a thesis, just a short article. I might make a survey for it but I need to ask the right questions.
Not all devices get fully customized, root is common, but in my phone for example it is not possible to load a custom kernel, as the bootloader checks for signed code (Motorola's secret key). There's been a massive uproar from the owners of the Milestone, as people didn't expect to be hustled like that when getting an android phone. The main problem is of course, that Motorola takes a long time to release updates. Even as of today, Froyo has still not been released for my phone by Motorola.
While I am not sure about it, I suspect Sony Ericsson X10i owners are in the same boat, and they will get a really rotten deal, seeing as 2.1 has been officially declared the last version the device will recieve. Yet, an enthusiast could release a perfectly fine version of 2.3 if the phone accepted custom firmware and he had access to drivers etc.
So basically, you buy a piece of hardware that is very capable, but The Company decides for you which software you could run.
Imagine if you bought a Windows Vista PC right before Windows 7 was released, and the only way you could get Windows 7 on it was if that particular PC manufacturer released an official update containing all it's bloatware and applications you don't want. Since the update needs to go through all kinds of verifications and approvals, it might be delayed for a half a year, or maybe 9 months, after the new OS release. Why do we accept this on our phones and tablets?
Hi,
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
For me personally, yes, most definately. I like to be able to get in and play, see how things work, change stuff. And i think custom ROMs IMO are a big drawcard of Android.
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
To try and ensure the device works as they want it to. Minimise support costs etc.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
Definately. Encourages improvement of existing features, and development of new stuff beyond the manufacturers initial product scope, which can be integrated in future products.
Android OS its self is an example of this - the developer community is writing apps, logging bugs, and contributing code to the benefit of future releases of Android, which in turn benefits device manufacturers.
- jc
my two cents
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your decision?
>> Personally, I feel like the ability to modify my phone at the core level is something I as a power user can use to tailor my phone's experience in the way I need to make it the most efficient device it can be. This is especially necessary as my phone is my primary connectivity device (I really only use my laptop for things the phone just really isn't capable of handling yet, such as video conversion)
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
I think this is less the decision of the manufacturers and more of the carriers themselves. This really is because each device has to be tailored to be sold to the average user, rather than power users (read: 85-90% of people who will read this reply) and as a result is designed with an experience in mind. To the suits, anyone who take a phone that is supposed to have a specific experience in mind, and changes that, it becomes a different phone, and anyone who looks at that phone will see that. This means, TMo/HTC can't sell a G2, because everything that my office mates will see when they look at my phone is my android customizations, not a G2. my office mate, who is shopping for a phone, can get an android phone anywhere... but they can only get a /G2/ from TMo/HTC. Similarly, if I like my G2 experience, when i get a new phone, i will be more inclined to continue enjoying that experience with a G3, rather than buying any on sale android phone and making it just like my last one. Hence the need to have a G2 experience on every G2 phone. Just my 2 cents. I am not a businessman, lawyer, or doctor.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
Yes, but nowhere near as much as they can get by keeping their cards close to their hand. see my answer to number 2.
Well looking at the SE blog in the coments about the gingerbread update someone post this link for a global petition to SE about their actual strategy on the market
i´ve allready sing what do you think of this are you agree or not? http://www.petitiononline.com/se2011/petition.html
umm...what?
The future is smartphone, and I will argue that the X10, arc, Vivaz, all SE smartphones, DO have the Sony Ericsson touch. You can see it from the style, the looks, everything.
I don't see the point of this.
Apparently the petitioner does not know anything about how much it costs to actually produce those "simple phone" interfaces. If you look at the later phones with that generic OS, they are powered by better processors, but the speed of those are only on par with the older phones. The reason is behind the poor OS structure to begin with. The foundation was not solid enough to be built upon, hence, the little improvements from model to model. SE did try to fix the foundation. W395's software was written by a total new team from ground up. If you have played with it, the speed is much faster than any other similar OS devices from SE. However, the timeline from that point on was touched upon Android, and people were looking for phones with the ability to expand its capabilities(such as applications and such). To revamp the whole OS, or to adopt a new OS and just spend on development, the answer should now be clear. Plus, SE has been doing a heck lot to simplify users who are not customed to smartphones, which is why Yendo and such have similar UI's so users can easily switch or move up models without having to relearn everything. Software and applications also came out where users have everything they need. IMO, that petition will land no where but in the scrapyard. It's understandable, but on the development front, it is no where to become a new reality.
sosad dat it only includes 2011 lineup
http://developer.sonyericsson.com/wp/2011/11/17/camera-libraries-available-for-sony-ericsson-phones/
Camera libraries available for Sony Ericsson phones
As promised when we announced our support of independent developers, we have now made the camera library binaries for a number of Sony Ericsson phones available under a special end user license agreement (EULA). You can use these camera libraries to handle the camera hardware in our 2011 Xperia™ phones except Xperia™ PLAY, which has a different camera module.
Download and find out more after the jump.
As we stated a while back, we recognise custom ROMs as an important part of the Android™ ecosystem. When we decided to support the FreeXperia group working on the custom ROMs for Sony Ericsson phones, we quickly found out they had problems with our cameras. This is because the camera technology used by Sony Ericsson is a very advanced – we actually consider it to be the best in the market. However it is a closed implementation, so we can’t share the source code for it.
However, after some discussions with the FreeXperia team, we agreed to allow the FreeXperia team to use our libraries (which can be seen as drivers) for the cameras. But these libraries could not be used as they were, since they had dependencies to other modules in the phone that could not be included in the custom ROM project. To solve this, we rebuilt the libraries and provided them with a special EULA.
These newly rebuilt camera libraries are now modified with less dependencies to other libraries. We have recompiled the libraries without code changes but with different build flags. You can use these camera libraries under a special EULA-license. There are several important conditions you need to comply with, for example:
The Software can be copied and distributed under the condition that the original copyright notice and disclaimer of warranty will stay intact and the Licensee will not charge money or fees for the Software, whether as a stand-alone product, or as part of a compilation or anthology.
Several more conditions apply – please read the full EULA and make sure you are complying before using the camera libraries in any software. Download the camera libraries and find the full EULA text in the zip. Here you can also find a short instruction on how to start using these libraries. For more information on how use libraries like these, please see the FreeXperia project related thread on the XDA forum. We don’t have any possibilities in providing further support on this.
At last but not least, we want to say thanks to all of you in the community supporting this work, we really appreciate it. Even though we might not be able to support every single request we get, we are doing our best to support the community going forward.
Karl-Johan Dahlström
Head of Developer Relations
Sony Ericsson
More information
Download the camera libraries for the 2011 Xperia phones.
Find out how Sony Ericsson is supporting independent developers.
Learn how to build a Linux kernel.
Visit our unlock boot loader web service.
sounds good. anyone who understand this may improve the photo quality.
i can't wait to
anakinlam95 said:
sosad dat it only includes 2011 lineup
http://developer.sonyericsson.com/wp/2011/11/17/camera-libraries-available-for-sony-ericsson-phones/
Camera libraries available for Sony Ericsson phones
As promised when we announced our support of independent developers, we have now made the camera library binaries for a number of Sony Ericsson phones available under a special end user license agreement (EULA). You can use these camera libraries to handle the camera hardware in our 2011 Xperia™ phones except Xperia™ PLAY, which has a different camera module.
Download and find out more after the jump.
As we stated a while back, we recognise custom ROMs as an important part of the Android™ ecosystem. When we decided to support the FreeXperia group working on the custom ROMs for Sony Ericsson phones, we quickly found out they had problems with our cameras. This is because the camera technology used by Sony Ericsson is a very advanced – we actually consider it to be the best in the market. However it is a closed implementation, so we can’t share the source code for it.
However, after some discussions with the FreeXperia team, we agreed to allow the FreeXperia team to use our libraries (which can be seen as drivers) for the cameras. But these libraries could not be used as they were, since they had dependencies to other modules in the phone that could not be included in the custom ROM project. To solve this, we rebuilt the libraries and provided them with a special EULA.
These newly rebuilt camera libraries are now modified with less dependencies to other libraries. We have recompiled the libraries without code changes but with different build flags. You can use these camera libraries under a special EULA-license. There are several important conditions you need to comply with, for example:
The Software can be copied and distributed under the condition that the original copyright notice and disclaimer of warranty will stay intact and the Licensee will not charge money or fees for the Software, whether as a stand-alone product, or as part of a compilation or anthology.
Several more conditions apply – please read the full EULA and make sure you are complying before using the camera libraries in any software. Download the camera libraries and find the full EULA text in the zip. Here you can also find a short instruction on how to start using these libraries. For more information on how use libraries like these, please see the FreeXperia project related thread on the XDA forum. We don’t have any possibilities in providing further support on this.
At last but not least, we want to say thanks to all of you in the community supporting this work, we really appreciate it. Even though we might not be able to support every single request we get, we are doing our best to support the community going forward.
Karl-Johan Dahlström
Head of Developer Relations
Sony Ericsson
More information
Download the camera libraries for the 2011 Xperia phones.
Find out how Sony Ericsson is supporting independent developers.
Learn how to build a Linux kernel.
Visit our unlock boot loader web service.
Click to expand...
Click to collapse
2011 line of [email protected]#$% [email protected]#%$ phones...
MASSIVE FACE PALM.
What i find so funny.. is how the x10 gets nothing.
They must have buried the source code disks for the x10 in the SUN.
Because it's nearly impossible to find anything on any 2010 device.
x10 wont go anywhere....even x10 as old phone also they not share the drivers libraries. thats mean our development for x10 wont go so far. They just gave another reason why we should not buy x10 at these days and why we should start looking for new phone.
Problem....
Hi all..i copied the 3 files for my arc and into the correct folder as instructed..
then i rebooted..
now the phone is on 'sony ericsson' screen..reboot n rebooted..
erm..
anyway to remove the 3 files again?
hinata76 said:
Hi all..i copied the 3 files for my arc and into the correct folder as instructed..
then i rebooted..
now the phone is on 'sony ericsson' screen..reboot n rebooted..
erm..
anyway to remove the 3 files again?
Click to expand...
Click to collapse
Are you trying to use arc camera lib files on x10? Only way to repair is recovery restore if it is working or flashtool a ftf rom or seus...
Sent from my X10i using xda premium
hinata76 said:
Hi all..i copied the 3 files for my arc and into the correct folder as instructed..
then i rebooted..
now the phone is on 'sony ericsson' screen..reboot n rebooted..
erm..
anyway to remove the 3 files again?
Click to expand...
Click to collapse
If u copied the files given by SE in ur arc so u are doing it wrong
that files are for development purposes
Repair ur phone using pc companion
The Gingerbread Man said:
Are you trying to use arc camera lib files on x10? Only way to repair is recovery restore if it is working or flashtool a ftf rom or seus...
Sent from my X10i using xda premium
Click to expand...
Click to collapse
no im using on arc..then the whole phone just died..
just reflashed now okay!
almost got my fingers burnt..lol.
Don't know if anyone or the devs notice this:
Dec 8, 2011
Sony Ericsson Xperia™ X10 add-on for the Android SDK
The Sony Ericsson Xperia™ X10 add-on for the Android SDK includes the complete Android system with additions customizing it for the X10 : Sony Ericsson splash screen; X10 colour backgrounds; A "skin" of the X10 which is a simple graphic of the front of the phone; A hardware.ini file to set the operating parameters for screen, camera, audio and so on. Link:http://developer.sonyericsson.com/wportal/devworld/downloads/download/dw-102216-xperia-x10sdkadd-onr1?cc=gb&lc=en
Can this help with the camera development?
Can anyone make normal flash for x10?
Sent from my xperia "z10i"
Vulnerability Allows Attackers to Modify Android Apps Without Breaking Their Signatures
This might be the reason why the new MF2 and ME6 are not downgradable and why the 4.2.2 update was delayed.
Source->http://www.cio.com/article/735878/V...ndroid_Apps_Without_Breaking_Their_Signatures
IDG News Service — A vulnerability that has existed in Android for the past four years can allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS.
Researchers from San Francisco mobile security startup firm Bluebox Security found the flaw and plan to present it in greater detail at the Black Hat USA security conference in Las Vegas later this month.
The vulnerability stems from discrepancies in how Android apps are cryptographically verified, allowing an attacker to modify application packages (APKs) without breaking their cryptographic signatures.
When an application is installed and a sandbox is created for it, Android records the application's digital signature, said Bluebox Chief Technology Officer Jeff Forristal. All subsequent updates for that application need to match its signature in order to verify that they came from the same author, he said.
This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key.
The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures.
The vulnerability has existed since at least Android 1.6, code named Donut, which means that it potentially affects any Android device released during the last four years, the Bluebox researchers said Wednesday in a blog post.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," they said.
The vulnerability can also be exploited to gain full system access if the attacker modifies and distributes an app originally developed by the device manufacturer that's signed with the platform key -- the key that manufacturers use to sign the device firmware.
"You can update system components if the update has the same signature as the platform," Forristal said. The malicious code would then gain access to everything -- all applications, data, accounts, passwords and networks. It would basically control the whole device, he said.
Attackers can use a variety of methods to distribute such Trojan apps, including sending them via email, uploading them to a third-party app store, hosting them on any website, copying them to the targeted devices via USB and more.
Some of these methods, especially the one involving third-party app stores, are already being used to distribute Android malware.
Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app store's application entry process in order to block apps that contain this problem, Forristal said. The information received by Bluebox from Google also suggests that no existing apps from the app store have this problem, he said.
However, if an attacker tricks a user to manually install a malicious update for an app originally installed through Google Play, the app will be replaced and the new version will no longer interact with the app store. That's the case for all applications or new versions of applications, malicious or non-malicious, that are not installed through Google Play, Forristal said.
Google was notified of the vulnerability in February and the company shared the information with their partners, including the members of the Open Handset Alliance, at the beginning of March, Forristal said. It is now up to those partners to decide what their update release plans will be, he said.
Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on them, he said.
Google declined to comment on the matter and the Open Handset Alliance did not respond to a request for comment.
The availability of firmware updates for this issue will differ across device models, manufacturers and mobile carriers.
Whether a combination of device manufacturers and carriers, which play an important role in the distribution of updates, coincide to believe that there is justification for a firmware update is extremely variable and depends on their business needs, Forristal said. "Ideally it would be great if everyone, everywhere, would release an update for a security problem, but the practical reality is that it doesn't quite work that way, he said."
The slow distribution of patches in the Android ecosystem has long been criticized by both security researchers and Android users. Mobile security firm Duo Security estimated last September, based on statistics gathered through its X-Ray Android vulnerability assessment app, that more than half of Android devices are vulnerable to at least one of the known Android security flaws.
Judging by Android's patch distribution history so far, the vulnerability found by the Bluebox researchers will probably linger on many devices for a long time, especially since it likely affects a lot of models that have reached end-of-life and are no longer supported.
Click to expand...
Click to collapse
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Key phrase here is "for apps not installed through the google store". Hence not an issue for a large fraction of users. Total case of FUD. Someone must be wanting to sell some av software.
Sent from my GT-N7100 using Tapatalk 4 Beta
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
Well, X-Ray scanner either does not detect this latest security flaw or N7100 (as of DM6) is allready patched.
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literally hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
djmcnz said:
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literry hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
Click to expand...
Click to collapse
Ahh! Thats the answer I was waiting for (and from a Recognized Developer). I knew XDA Devs were using this method. My new question is.. If they fix it will it be harder to create Mods? Will it slow down development?
Shouldn't this be posted in the generals forum?
Kremata said:
If they fix it will it be harder to create Mods? Will it slow down development?
Click to expand...
Click to collapse
I suspect so. If they fix it properly it would become impossible to change any aspect of the app without signing it again. If you wanted to maintain compatibility with the original then you'd need the developer's keys.
At the moment really only the manifest and some metadata within the apk is signed, if they extended that to the entire contents of the apk many mods (think themes for stock Google apps etc) are screwed unless users are happy to relinquish Play Store links and updates (i.e. backward compatibility).
Google may not go this far and may only choose to authenticate the code (smali) rather than all of the apk contents (graphics, strings etc), this approach would leave room for some mods to survive. Remains to be seen.
I have the 2012 Note 10.1 for personal use and have come to the unfortunate resolution that Android just isn't going to cut it from a business perspective. I am not putting the full blame on either the manufacturers or Android itself but without timely updates to a specific platform, I can not justify the use of these in a production environment. There is no way company can justify replacing their hardware yearly, or regularly, in order to get the latest features and security fixes that are provided in updates. Ignoring the additional features for the time being, from a security stand point there has to be a way to patch the devices in a timely manner. The additional features being provided drives the developers to migrate to the newer operating systems and leaving the old systems behind. A lot of times this creates a huge disadvantage in the fact you can run a particular application on one Android device but is unsupported on another.
Now to be fair. I am focusing on Android in this post but have tested Microsoft and iPad devices as well. All have certain advantages and disadvantages but the clear loser so far has been Android. If Android is going to survive in the business world, the manufacturers are going to have to step up and maintain their products actively for at least the full two years of their life expectancy.Android itself will have to hold the manufacturers accountable for keeping their devices maintained. From a personal use perspective, I think it is a great platform and love my Note 10.1. Would I like to see it get updated, I would love to see 4.4.2 on the device to allow me to run application I need that are no longer compatible with 4.1.2. However, I require vulnerability patches in a timely manner and that just isn't happening.
My last job had hired a full time developer to build a custom ROM and patch or update when needed for all the tablets being used on the floor. This approach worked for them because there was only one model in use across all departments.
You should blame Samsung for the late major update for GT-N80XX.
Android actively pushing regular update (minor & major).
Actually Samsung also pushing regular update, but it's only 1 major update (ICS to JB) & some minor/security updates.
If a business used the nexus tablets, they wouldn't have this problem.
theatomizer90 said:
If a business used the nexus tablets, they wouldn't have this problem.
Click to expand...
Click to collapse
Not necessarily true. Most current android version is 4.4.4 while my N7 LTE still sits at 4.4.3 with no update even spoken of. So if a business has data enabled tablets, they're still behind current version.
What OP posted doesn't really apply to large businesses. Between KNOX and other third party equivalents sensitive data is sandboxed and doesn't rely on the core B2C version of the OS to protect it. As much as Google may see Android's potential in the business environment no one I know in IT at a bunch of Fortune 1K companies is looking at mobile OS's (either Android or iOS) to replace desktop/laptops as "standard" issue. Tablet and smartphone apps have niche opportunities (commercial pilot manuals and logs, flight attendant passenger service tools, gate agent/hotel staff roaming terminals, sales people inventory access, remote staff automated forms, etc.) but migrating the entire enterprise to mobile architecture just doesn't make sense. So Android can't lose anything it never had and, outside Google's wishes, isn't seriously considered for. The lack of Chromebook adoption by the enterprise demonstrates their disinterest.
BarryH_GEG said:
What OP posted doesn't really apply to large businesses. Between KNOX and other third party equivalents sensitive data is sandboxed and doesn't rely on the core B2C version of the OS to protect it. As much as Google may see Android's potential in the business environment no one I know in IT at a bunch of Fortune 1K companies is looking at mobile OS's (either Android or iOS) to replace desktop/laptops as "standard" issue. Tablet and smartphone apps have niche opportunities (commercial pilot manuals and logs, flight attendant passenger service tools, gate agent/hotel staff roaming terminals, sales people inventory access, remote staff automated forms, etc.) but migrating the entire enterprise to mobile architecture just doesn't make sense. So Android can't lose anything it never had and, outside Google's wishes, isn't seriously considered for. The lack of Chromebook adoption by the enterprise demonstrates their disinterest.
Click to expand...
Click to collapse
Not sure if I totally agree with the application only being a niche market. I work for a call center and find that the tablets are becoming an indispensable tool. We have people walking the floor with these devices and using them to keep track of various statistics as well as using them to report potential issues. The ability to pull up data about current client information to respond in an almost instant manner has shaped things drastically. Having a sandbox is really great for protecting certain information, such as email, etc.. but can not protect the device data in flux, such as web browser content. If the system is compromised and access to the file system is obtained then all the data previously obtained becomes available to the attacker. Some measure can be made such as requiring Citrix as your primary form of connectivity but you are only pushing the security back to another device. The focus of this article was to point out the shortcomings of the this tablet as it pertains to the lack of updates.
Don't get me wrong, I truly love Android and will continue to use it as a personal device. However, there is no way I can risk releasing these devices into a production environment without the proper support. And yes, I blame the manufacturer for release and forget, and I blame Android for not enforcing the manufactures to keep these update. It is crucial to both parties to work together and produce something that is not just desirable but maintained for a reasonable amount of time. If Android could come up with a way to provide updates to devices directly and bypass the manufacturer they would have an unbeatable platform.
Zeab said:
Not sure if I totally agree with the application only being a niche market. I work for a call center and find that the tablets are becoming an indispensable tool. We have people walking the floor with these devices and using them to keep track of various statistics as well as using them to report potential issues. The ability to pull up data about current client information to respond in an almost instant manner has shaped things drastically. Having a sandbox is really great for protecting certain information, such as email, etc.. but can not protect the device data in flux, such as web browser content. If the system is compromised and access to the file system is obtained then all the data previously obtained becomes available to the attacker. Some measure can be made such as requiring Citrix as your primary form of connectivity but you are only pushing the security back to another device. The focus of this article was to point out the shortcomings of the this tablet as it pertains to the lack of updates.
Don't get me wrong, I truly love Android and will continue to use it as a personal device. However, there is no way I can risk releasing these devices into a production environment without the proper support. And yes, I blame the manufacturer for release and forget, and I blame Android for not enforcing the manufactures to keep these update. It is crucial to both parties to work together and produce something that is not just desirable but maintained for a reasonable amount of time. If Android could come up with a way to provide updates to devices directly and bypass the manufacturer they would have an unbeatable platform.
Click to expand...
Click to collapse
Anytime a serious security breach that can be used from without to effect changes on a device have come to light I have seen updates come out on all my tablets and phones, which is blessedly rare. Android does not operate in the way you are thinking. There is no need to constantly shove out security updates like windows. The system is pretty well secure unless you unsecure it yourself, new versions of the OS usually just add functions, however there is a current (when is there not?) RUMOR of a adobe bug on all versions of android lower than 4.0. Personally I still prefere windows for business simply because of ease of function and with baytrail cpu's and even more promising hardware coming this year I find no reason not to use windows for hard business needs if your business can benefit from tablet use. There are a plethora of cheap windows tablets coming and the current hp omni 10 is powerful enough to suit any light tablet buisness needs for just 299.00 if your business needs more power pay the premium for a surface pro with a full on i3,5,7 cpu fully capable of doing the work of a high end laptop. All that said, I feel Android is if anything more secure than a windows machine. Nothing comes in unless you invite it. Updates not needed until such time as Android can add base functionality in the realm of windows 7, and it is close imho.
Check the trends
Have to agree with Zeab. The university I work for is now supporting apple mobile devices but not android. And despite my having pressured for some support, what support is was for android devices is disappearing. Why ?
Android from one device to the next is different enough to make support difficult if not impossible. Providing advice on connections to secure servers and use of common software falls foul of the same issue.
Android device manufacturers have attempted to sequester their market by creating difference, but all they'll achieve is failure. Add to that the early obsolescence they have engineered and android is dying, even as its market share grows!
We now as a family have windows, apple and android devices. If I include TVs and media devices the list lengthens. The only option that provides continuity of operating system and software, and longer term support with updates is Apple. Given the way Microsoft has gone off the rails with windows 8.1 (I really do believe that OSs should make my computing experience easier, not harder), I think we will be going Apple in the future.