I don't care about Carrier IQ or who did remove it, Carrier IQ is suppose to help sprint and sprint already has a network to track people and they own the network, they can look at your browsing history and text messages.
Hell they might keep log on calls but they might have limited access to your phone to check on the signal strengths and CIQ is suppose to help sprint get better coverage.
So please stop giving people false hope
Hmmmmmmmmmmmm interesting very interesting
Sent from my SPH-D700 using XDA Premium App
.... Did you guys see who was first ?
Removing it makes the device run faster with no ill side effects, so I'm in.
bigray327 said:
Removing it makes the device run faster with no ill side effects, so I'm in.
Click to expand...
Click to collapse
That because of the Ext4, tweaks and Overclocking
bigray327 said:
Removing it makes the device run faster with no ill side effects, so I'm in.
Click to expand...
Click to collapse
Is there a comparison somewhere, or are we just assuming?
Serious question, not being sarcastic.
Sent from my SPH-D700 using XDA App
BWFBezerk said:
Is there a comparison somewhere, or are we just assuming?
Serious question, not being sarcastic.
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Systems and Frameworks with no CIQ scored higher in benchmarks back when we first started removing it, but it's been so long that I can't remember by how much.
Do we even know who is responsible maybe it was samsung and they do not have access to all that data like sprint does other than by using a program like CIQ. Not sure if its in other samsung phones but maybe sprint is the only one that let them include it?
Before people start jumping on the "Keep it" or "Remove it" bandwagons, they should probably educate themselves on the product. People can simply go to their website and inform themselves before making said decision (the company is pretty open about what their products do). I personally don't care if it is there or not. I don't believe Sprint is even taking advantage of the full capability of Carrier IQ ( Some of the logging and such is off by default).
On another note, Carrier IQ has the potential to collect metrics about much more the signal strength; this isn't the only purpose of the software. And depending on what it collects, how it collects, and how often, it can certainly lead to performance and battery degradation.
Finally, I think it would be smarter if Sprint was upfront about the benefits of such metric collecting software on their devices, AND gave the customer the ability to opt in or out. I actually opted into something similar back in my Windows Mobile days (albeit the company payed me each month for opting in. It was a few bucks each month, and basically covered the cost of my data plan). Software like this CAN BE BENEFICIAL!! My 2 cents...
Ryan
Benchmarks only help show improvements in tweaks imo. Real world my phone feels the same whether im hittin 2000 or 2500 on quadrant. Not to mention I saw 2600+ well before ciq removal goin back to one of the leaked froyo builds.
Sent from my SPH-D700 using XDA Premium App
Ciq was not being used at all really.. but the service was running. Killing extra running services that are useless is always a good thing an noone can really argue that. The paranoia behind CIQ was propaganda for the most part. It has/had potential to be infringing, but sprint doesn't need it to track us or infringe on our privacy. I am certain that battery life, smoothness, and stability have all increased since removal. It's my opinion, and that's all that matters... my latest rom is by far the smoothest and most stable I've ever used. Is it noCIQ? Not entirely, but I will continue to remove it because I feel like its part of the equation.
So yea bull**** sorta, but it makes people feel good and it makes my phone feel good..
I'm with the noobnl about this CIQ paranoia. If you have an android phone, Google and Sprint already have your entire contact list, emails, all your locations, your list of apps, visited web sites, etc, WITHOUT using any spyware. As I understand it CIQ gives them lots of data about network parameters that help Sprint tune their network. I'm all for that.
I haven't seen a direct performance and battery life comparison between an identical rom with and without CIQ. I also don't care about benchmarks, I just want a phone that doesn't lag and has a battery that lasts all day.
Seems to me that if you are concerned about CIQ spying on you, you probably shouldn't use a smartphone in the first place.....maybe you shouldn't even carry a cell phone.
CIQ = Unproven threat
Built-in FM Radio = Vapor
Built-in TV-OUT = Vapor
EXT4 OFF over EXT4 ON/RFS = sacrifice stability for e-peen scores (lack of best practices mentality).
It probably does collect information that could benefit us, sprint, service, support, products ect. BUT, since it's off by default, it's not doing much, so its better in my opinion to have it removed.
Sent from my SPH-D700
As long as I've had ****ty 3g speeds and having to resend text multiple times because they failed to go through 2 or 3 times before I'm pretty convinced Sprint don't give 2 ****s about how good my service is. I'll go without CIQ anyday.
noobnl said:
I don't care about Carrier IQ or who did remove it, Carrier IQ is suppose to help sprint and sprint already has a network to track people and they own the network, they can look at your browsing history and text messages.
Hell they might keep log on calls but they might have limited access to your phone to check on the signal strengths and CIQ is suppose to help sprint get better coverage.
So please stop giving people false hope
Click to expand...
Click to collapse
Lol thanks noobni I like your style just read the request bout you helping with cm7 an the discussion about ciq then I saw this thread had too laugh.
I honestly don't think it's as malicious as the ACS team put it, but it does slow things down (even if by a little). And the less services running in the background for myself, the better.
I'm not sure where I stand I see no performance improvement with no ciq. How ever sprint hasn't stolen my identity either so mabye its not such a big deal
Just thought I would throw in my 2cents on this topic.
Facts we publicly know:
CarrierIQ has access to every aspect of interaction between the device and the user.
CarrierIQ has the ability to log all data it has access to.
CarrierIQ has the ability to transmit all data it has access to.
Removal of CarrierIQ, as stated by both Sprint & Samsung, will void your warranty.
What Software packages of this type are capable of:
Logging and transmission of data may be enabled without notification of the user at any time via alpha-numeric string sent via SMS or MMS, via the CDMA Network, WiFi or Bluetooth.
The ability to disable geo-tagging in the latest FROYO release. Now CarrierIQ has the ability to know where you take your pictures. It may even have the ability to transmit said pictures along with its embedded GPS information.
It has the ability to monitor call information, tower location, signal strength, did the call drop, etc., to improve the Sprint network. But CarrierIQ is so invasive that it has the ability to also know, what number you were talking to, what name if any it is associated with in your contacts, how often and how long you talk to that number, are they also your friend on social networking sites if you sync with those sites. Why does Sprint need this level of "metrics"?
Does it know whats on your calendar? How many alarms you set and what for? Why does Sprint need to know this?
Every application you use, the type, how often and for how long. Why?
Every key stroke via hardware or software based keyboards. Every every text message you send or receive, every user name, every password can now be logged.
The possibilities are almost endless.
As we all know, Sprint is not the most "secure" wireless carrier. Sprint's past is riddled with employee's "stealing" customer information and fraud. Can you actually tell me with a straight face that you trust them with this type of invasive capability? Or look at it another way, can you trust the source code, the or those who hack for malicious purposes? Think identity theft, think personal and family safety.
I'm not worried about Sprint gathering info. Anyone with a smart/cell phone, internet, cable tv, or walks outside is already having their activities monitored. But I put custom ROMs on my phones because I want a streamlined experience that I like. Take out what I don't need and give me only what I want. If CIQ were that beneficial to Sprint, they would tell us why we should keep it in our ROMs. They know it's been taken out in a lot of ROMs, they're not blind. As far as I can see it is one less running service and that means better performance and battery. I consider it bloatware. If you're gonna argue that CIQ removal is unnecessary, then so are the Sprint apps noone uses..
Also, the EVO has CIQ, so it's not just a Samsung thing. And the noCIQ ROM I have on my wife's EVO runs smooth as butter and has excellent battery life. Of course it's more than just the noCIQ, but every little bit helps.
Seems to me the only people that would argue against CIQ removal are Sprint advocates and those jealous they didn't figure out how to do it.
So hypothetically is there any way to enable only the basic 'metrics' collecting as it pertains only to signal strength, etc, and remove the more specific data mining? My disgust with all surveillance aside, I think this is an issue because this is created by a third party, therefore I am guessing they have access to anything it could access, even if they dont use it already, who are THEY selling this to? I really dont think this has a lot to do with sprint and homeland insecurity breaking your door down for whatever it is you do, but more for the typical corporate data mining for marketing, and other BS... kind of like how FB's ads are predictive based on your friends, likes, etc. This is what I would like to lose. I also really doubt they cannot collect this information using servers on their side, instead of making our phones do all the work (if they were polled), we all know all carriers, isp's , etc can track and record pretty much everything we do, google does it, but thats part of the reason for having an android. As far as law enforcement goes, they can already get anything that would be relevant in a real court on their side, now analyzing your personality and behavior and schedule is the crap that 'law enforcement' has taken too far... think 1984.
Anyways, so I guess it boils down to this, is there a way to keep only the signal strength features, IF they cause us little to nothing as far as battery or performance? I dont mind that stuff, but the more invasive aspects, I dont like making it any easier for a pig or marketing douche to figure out how to better sell to me until they decide to lock me up I have seen CIQ removed in parts (Chris41g?), but it would be nice to have a breakdown of what is kept and what is removed (Chris if you already have, sorry haven't looked at your thread lateley, but might today ).
oh, and final bit, the reason I am so skeptical about the third party aspect is that that enables corporations, and the government, to point the finger at someone else, and in Govts case, access info they would need a warrant for otherwise (even if they only had to get it after the fact)... this is how FBI and CIA share information, the 'patriot' acts and the others that went with it pretty much set this up, we dont really have privicy anymore, unless you wanna join Ice-T and the lo-Teks.
Related
It seems the G1 absolutely requires the owner to have a Gmail account; when you turn on the device, the initial setup wizard asks your details, and offers to create a new account if you don't have one. Also, it seems that it only supports one Google account at a time; if you want to change the signed-on account, you need to soft-reset the device.
If you add that Gmail has all your emails, tracks your browsing, recognizes people's faces in your pictures and asks you to name them... how comfortable are you knowing that your Google account is now linked to your mobile phone ?
metempsihoza said:
It seems the G1 absolutely requires the owner to have a Gmail account; when you turn on the device, the initial setup wizard asks your details, and offers to create a new account if you don't have one. Also, it seems that it only supports one Google account at a time; if you want to change the signed-on account, you need to soft-reset the device.
If you add that Gmail has all your emails, tracks your browsing, recognizes people's faces in your pictures and asks you to name them... how comfortable are you knowing that your Google account is now linked to your mobile phone ?
Click to expand...
Click to collapse
Very, if I wasn't comfortable with sharing my information with Google I never would've signed up for my first Gmail account. As for pointing out people in pictures, facebook-esque? I'm pretty sure that will be optional, so you shouldn't have to worry about that if you don't want to. I don't see the big deal, unless they use the information (and for what?).
As for browser tracking, there's already the "Iron" variant of Chrome which strips out all of the user tracking. The same will undoubtedly be done for Android, if it's not explicitly available already.
Do you ever worry about your ISP? They log every user every day in everythings they do. I guess not, same for tracing cookies, for example, just because we have to deal everyday with them... because that's how internet works. So, Google is just another provider that offers great and useful services, for free.
stocaprimo said:
Do you ever worry about your ISP? They log every user every day in everythings they do. I guess not, same for tracing cookies, for example, just because we have to deal everyday with them... because that's how internet works. So, Google is just another provider that offers great and useful services, for free.
Click to expand...
Click to collapse
I don't trust my isp, and I really don't trust google because of their privacy policies (do you use google maps on your mobile? have you actually read their terms of service? why do they want with recording my voice chat?. not because google offer things free doesn't mean its good when it comes to privacy.
lennie said:
I don't trust my isp, and I really don't trust google because of their privacy policies (do you use google maps on your mobile? have you actually read their terms of service? why do they want with recording my voice chat?. not because google offer things free doesn't mean its good when it comes to privacy.
Click to expand...
Click to collapse
Haha if you don't trust your ISP then get off the internet, they know absolutely everything you do, and if they wanted to use any of it against you they could.
lennie said:
I don't trust my isp, and I really don't trust google because of their privacy policies (do you use google maps on your mobile? have you actually read their terms of service? why do they want with recording my voice chat?. not because google offer things free doesn't mean its good when it comes to privacy.
Click to expand...
Click to collapse
Not sure where you saw a clause about voice chat. Perhaps if you provided a reference it would help.
It's true that just because something is free doesn't mean it's good. But that doesn't mean it's necessarily bad, either, or that things that cost money are always good. The real question is whether or not there is any malicious intent, and again there's nothing that says anything free is automatically malicious.
Part of the reason why Google's products are so popular is because Google has the ability to mine copious amounts of userdata in order to create powerful and useful services. It turns out that with most of these products, you reach a threshold where there's so much userdata that your own specific data becomes statistically insignificant -- security through obscurity.
Sure there are people to whom that "excuse" is not good enough, and there are ways to opt out of submitting userdata. But at least Google provides (some amount of) transparency to their terms, which is more than can be said about many other companies that are more callous about abusing your privacy for monetary gain. If you're that concerned about privacy, then you should give up Google products, online search/directory services, online shops like Amazon and B&N, the vast majority of user-generated content sites, messaging services like AIM and MSN, ... Pretty much everything short of disconnecting your ISP. Same with wireless carriers and how they track your calls, voicemail, messaging, possibly even location. Hell, you might as well just stop doing anything, because even in real life, everything you do and everything you buy says something about you.
Of course there's something to be said that the G1 ships with only Google apps installed. But that's missing the bigger picture, that the open platform (the core Android stack, which needs absolutely no userdata for functionality) essentially allows you to trim the baggage wherever you see fit. Certainly not right away, and the G1 will be the learning curve, but ultimately the whole platform will have a level of transparency that no other mobile OS (WinMo, iPhone, Symbian, BlackBerry, etc) currently has.
People said the same thing about library cards 20 years ago. Anyone who thinks any organization, let alone the government, respects your privacy is living in a fantasy world.
Google has fought the government in the US over privacy issues (the US government wants Google to hand over all sorts of user information) and Google has won several cases. I think the e-mails I got with links to the numa-numa dance or mortgages or viagra or my nigerian cousin with money to send me are fairly safe for now.
I'm not worried.
1) I'm not typing in my birthdate, SS#, and mailing address left and right. All the other information is pretty much useless for anything significant.
2) Identity theft is the easiest crime to prosecute. Most of the criminals are stupid and have the merchandise, credit cards, or other stuff sent to their own address, leading the Cops/FBI straight to their door.
3) If I were truly worried, I'd have my credit reports frozen. It's not that expensive, and it stops ID theft, even when the thief has all your info.
beartard said:
Google has fought the government in the US over privacy issues (the US government wants Google to hand over all sorts of user information) and Google has won several cases.
Click to expand...
Click to collapse
This a perfect example why I'd rather trust Google with personal info than many other entities. The Governmnet was trying to do something illegal, Google resisted and won.
The reason that Google all the data gathering is for en masse analysis. Wired had an interesting article about it recently (link). This gigantic mass of data is how they were able to create the Chrome browser so quickly and have it work. The information they have allowed them to simulate years of beta testing in a few days. They don't really care it YOU use a particular website or type of phone, they care that 213568 people use a particular website or type of phone.
It really annoys me that people get on Google's case for this type of thing. They could easily have been more underhanded and you'd never know and they'd really never have to tell you because of legal loopholes.
They're being upfront that that's a good thing.
oh wow... I just watched a talk at Hope from a PI about this... so... all you information is publicly available already. With any single piece of information about you someone can get you DOB, SSN, jobs and pay, friends, sexual orientation, your picture, religion, political views,....... and on and on and on. Google already has one of the largest databases of information about you. You know what really surprised me? The company with the largest consumer database in the USA? Domino's... the FBI buys information about you from a pizza place. Myspace, linkdin, monster, transunion, facebook,.... they are all keeping information on you... it's a scary world out there... if you have an SSN you information is publicly available. If you have used the internet then even more about you is public knowledge. Here is the best part... because google, facebook, monster..... are all private companies they don't have to delete you information EVER... and its not all bad... if the government had been looking at the information on the 9/11 hijackers we probably could have stopped 9/11 based on the information about the terrorists that is publicly available.
BTW google is now offering a service for doctors to store your medical information online
sorry for rambling... I am getting a G1 and I have trusted google for years... if you are wanted don't get online, make a phone call, drive your car, or even walk outside in some cities but otherwise you shouldn't have anything to fear.
dagentooboy said:
...you know what really surprised me? The company with the largest consumer database in the USA? Domino's... the FBI buys information about you from a pizza place...
Click to expand...
Click to collapse
And your source for this rather unbelieveable claim is...?
sorry... here is the session that I watched...
http://video.google.com/googleplayer.swf?docid=3079242748023143842&hl=en&fs=true
and part 2
http://video.google.com/googleplayer.swf?docid=2219573359400519690&hl=en&fs=true
I was just trying to make a point about how little privacy we really have these days... watch it for your self if you want to devote the 3 hrs to it (Very interesting)
dagentooboy said:
and its not all bad... if the government had been looking at the information on the 9/11 hijackers we probably could have stopped 9/11 based on the information about the terrorists that is publicly available.
Click to expand...
Click to collapse
Using the same information, you can see that five of the 17-18 hijackers on 9/11 are running Dominos pizza places in Riyadh at this very moment.
Android EULA Questions
If someone can send me a copy of the EULA for the G1, both Android and TMo's I would really appreciate it. I want one, but I have nagging privacy concerns that T-Mobile is unable/unwilling to answer.
Android is in a position to collect serious amounts of data on individuals, and the combination of Google's desktop information combined with the information from the handset has really scary Orwellian possibilities. With Android Google has the ability to collect very detailed location information. There has been no mention in the media over the rights to the data that could be collected by Google. Does the EULA give Google the rights to use and sell the data collected from Android, and specify what data it collects, and give you an opt-out?
I know it's really kind of conspiracy theory, and sounds out in left field, but I don't put anything past corporations trying to make money. Imagine if you went in to buy a car, and the dealer buys your Google data? They know know what cars you have looked at online, what dealers you have visited, how long you were there, and whether or not you have explored other financing options than the dealers. Same with buying a house... The selling agent could buy your Google data, and know what other houses you have looked at, and what price range you are looking in. Possibly serious advantages in negotiating.
Imagine the value of the information your bank would have if they bought your location data, and overlayed it with your banking records. they then could sell a very detailed consumer profile of where you shopped, where you bought, and other spending/location/web history data.
The bar code application has lousy implications also. It gives the vendor of the app a really good idea of what you are shopping for, and the locations you do your shopping.
Another thing that's kind of unnerving is the association of your location with your google calendar.
It's bad enough with all the data Google gets from my email, calendar, and web history do I really want them to have EVERYTHING?
Are you that paranoid?
As if your information isn't out there for anyone to get now.
Your phone is as safe as it's gonna be as the amount of info you keep on your desktop gmail.
whether is on a desktop gmail account or a phones.
Guess what? same thing.
Unless I'm really missing something. lol
Your ISP doesnt really protect you much. Gmail has won court orders from the government revealing info from accounts.
Toss a coin.
you have a point. but to be honest everything is gearing to that. from easy pass to credit/debit cards to just logging into you isp and geetting ads to meet single in your hoe town. i realized this as i just movend and was getting adds for where i lived.
if someone wanted to find u they just need ur cell phone. unless u have a analog phone u are being tracked (or can be tracked) whether u want to be or not.
or u can get the phone set up and email with gmail then do not use it. use the pop email feature until a full exchange solution come out. the use yahoo or altav or anything else for searching. u might have some temp success at eluding the glasses of google.
if i had the info u were really looking for i would be glad to share. if i dont miss or havent missed ups. today might be the day
I know everything on my PC's well monitored by everyone from the ISP to every friggin advertising cookie that gets dropped on me. Private email's on my own server, not GMail. I just think location data's a little much, and people need to be cognizant of what we are giving away for shiny new toys and features. And Google's little gaff with the Chrome EULA (We want the rights to everything you do with this..I Know it was an "error") removed a lot of the don't be evil luster.
And just because I'm paranoid doesn't mean they're not watching....
My point was...you have a sim card type cell. Thats all they need to track you.
You can delete every program on the phone. Guess what, you can be tracked, by the sim card inserted and your phone just being on.
As for info do what was mentioned in the previous thread.
Miss read and deleted a statement!
I know, I can be tracked tower to tower, and approximated (I used to work in a 911 dispatch center and had to deal with a ton of cell 911 calls). But, there is some expectation of privacy from a telco, and oversight from the FCC is a possibility (I know, great job they've done so far with carriers). But, like I said, I was curious, and none of the blogging coverage has said anything yet, s I figured I might try to stir up some stuff.
Apple recently proposed an emergency mode for the iPhone that basically shuts down anything non-essential and preserves battery life, also supposedly soaking as much juice as they can from the battery if necessary. For some reason, they have it focused on pre-configured emergency numbers, but I see little reason for that limit, any call to anybody could possibly be an emergency.
Sources:
Appleās iPhone Emergency-Mode Processor & Features Patent
Apple Patent Could Ease 911 Cellphone Calls
Apple Patent To Safeguard 911 Cellphone Calls
First, I admit that I'm suggesting this to stick it to Apple just as much as I honestly think it's a good idea.
While Apple has not stated any specific intention, they aren't known for their altruistic nature in the matters of Intellectual Property. It's highly likely they will demand a high licensing fee from manufacturers for the rights to use this idea on their handsets. In my opinion, this is one of the few lines a company should not cross. I even doubt the legitimacy given that their patent is for the idea, not the design or technology.
This is a brilliant way to validate the hacking we do on our phones, and it gives us the added benefit of further encouraging Apple to offer the license free of charge to any company interested in doing the same. After all, the last thing a company wants to do is get into a very public battle with hackers who are trying to improve the safety and security of people because that company only wanted to take advantage for market position.
This is obviously not a general app since the hardware variables are pretty heavy, but some groundwork could get this a long way and then allow customization for each handset there-after.
Any ideas, suggestions, or possibly anybody with the knowledge on how to accomplish some of the various things necessary for this to work? This is really the sort of feature every single person on here should want to have on their phone.
what A_C Should make its a "slide to turn off "
bump....
Please tell me this just got buried when I posted it and there's some people who take this seriously. I'd hate to think this isn't a pretty good idea for some people.
Correct me if I'm wrong, but the "emergency mode" doesn't require a sim card. I think it's required on all phones used in the US, and is used for certain emergency numbers.
I could be wrong, though.
ininfinitum said:
Correct me if I'm wrong, but the "emergency mode" doesn't require a sim card. I think it's required on all phones used in the US, and is used for certain emergency numbers.
I could be wrong, though.
Click to expand...
Click to collapse
That's correct....but has nothing to do with the subject I wrote about.
What I'm posting about is the function of turning off ALL non-essential phone features to conserve power and be able to drain every last bit of power from a critically low battery, something our phones won't allow. I was also hoping to lean into the idea (if it's possible) of pushing a little extra power into boosting reception when on the very edge of service.
The real point being that emergencies can happen when the phone's battery is borderline dead. Apple wants to be the only one able to claim they can call even then. I think everybody should be able to do it. Forgive me if the original post was unclear.
Draining the batter completely dead isnt good for the battery at all, hence why most phones force the phone the shut down before this. It isnt a great idea and even if you were to completely drain the battery from critically low, you wouldnt get very much talk time and shutting down everything non essential would get you extra seconds at best when the battery is critically depleted. An app like this would be a lot of work for something that isnt of great use to many and seems like going a bit far just to spite apple.
Just my opinion
ASK768 said:
Draining the batter completely dead isnt good for the battery at all
Click to expand...
Click to collapse
Do you think somebody in an emergency cares? I'll trade 'not good for battery' to get the extra 2-3 minutes it might keep me on the line with 911, especially if they are tracking the signal.
Google has been known for a long time to perpetually store all searches by IP, with the ability to assemble a shockingly complete picture of people by what they search on. Recently the Google CEO regurgitated the view that, "If you're not doing something wrong, you have nothing to worry about." (look it up)
Well I like Android and the development excitement, as I've used Debian exclusively for 12 years. But I am gravely concerned about privacy issues were I to buy an Android. I've hardly even used Google as a search engine. (Clusty)
Has any research been done on this? Does no one else share this concern?
You can disable this function of your Google Account. After logging in click the 'Dashboard' link that says 'View Data Stored With This Account'. Scroll to the bottom of the page where it says 'Web History' and you can disable/clear it for your account.
If using Google as your search engine makes you nervous then this should really put a bee in your bonnet:
Google and the NSA: Necessary Allies http://www.pcworld.com/businesscenter/article/188558/google_and_the_nsa_necessary_allies.html
Of course it's for 'OUR' protection.
Building on what mr_skot said... Google's CEO also made it clear that user information is only linked to you for a few months, then it is scrubbed and is made anonymous for more time. I can't remember if he said it was something like 18 months or a few years. Either way, they're serious about maintaining privacy, and you can bet that after the Chinese attack a couple weeks ago, they'll be beefing up security and changing their protocols.
If you want to remain completely anonymous, I suggest not using google, or google talk, or syncing your phone etc.
basically, you give a huge chunk of personal information by using google's services...
THAT was one of my hesitations of switching from winmo to android, but I got over it.
Real tin-foil hat wearer's don't use cell phones! For communication, they hand deliver letters, at secret drop off points.
What exactly are you guys doing to be so hesitant about Google? The personal information on your phone is so dire that you don't want them to view it? What will they do with this information unless you are doing something illegal? Other than that, I highly doubt they are just going to 'target' you purposely - the only way I could see you being so in danger is that they get hacked, and people go through their servers or whatever.
But what are the chances, that you and the millions of other people out there are going to be in danger? Maybe because I don't use my phone for.. bad purposes per-say, or search anything bad, I have no worry. I'm curious as to why people fear Google, though, maybe I'm being to open minded.
The point is in being comfortable with a stranger being able to know a lot of information about you ay the stroke of a key.
I would worry more about T-Mobile than Google, since they are the ones that monitor U for the Gov.
mrbkkt1 said:
The point is in being comfortable with a stranger being able to know a lot of information about you ay the stroke of a key.
Click to expand...
Click to collapse
Yes but the thing is, who cares about you specifically. What person in the GOOG HQ do you believe actually 'thinks' about you enough to want to be able to access any information about yourself. No one wants your info, so no one will try to find you - your information - or where you live.
I guess it is disturbing to people that they CAN do that, but T-Mobile can too, AT&T can too, and of course any other carrier has the same information that Google has, although Google could be more precise, or they could be more evil. What are you afraid of Google having? Your contact numbers? Your SMS? Your.. emails? Out of all those, I honestly don't care if they have it. Google isn't the only company with your location, so it isn't something I want to list.
There is probably something I'm not understanding here, though, and someone can probably easily explain how I am completely wrong about everything.. but this is my perspective. I believe if they don't care about you, then they wont dig into your life.
It's an invasion of privacy--though of course, your government invades your privacy all the time and has access to plenty of down-and-deep information about you. It's understandable some people would be anxious about it, whether or not they've done wrong. Mind you, this isn't exclusive to Google or anything. Microsoft collects information about you when possible. I don't doubt Apple et al does too.
I'm a bit leery about it myself; you sacrifice privacy for convenience and ease of use (google services/apps are great and easy to use, synchronization with your Android phone is excellent, etc), then you find yourself giving up more and more information. It's not the most comfortable state.
Eclair~ said:
What exactly are you guys doing to be so hesitant about Google? The personal information on your phone is so dire that you don't want them to view it? What will they do with this information unless you are doing something illegal? Other than that, I highly doubt they are just going to 'target' you purposely - the only way I could see you being so in danger is that they get hacked, and people go through their servers or whatever.
But what are the chances, that you and the millions of other people out there are going to be in danger? Maybe because I don't use my phone for.. bad purposes per-say, or search anything bad, I have no worry. I'm curious as to why people fear Google, though, maybe I'm being to open minded.
Click to expand...
Click to collapse
Congratulations, you win the Daily Mail award.
If you feel that only people who are doing something wrong need to worry then you can't really be against CCTV cameras on every corner. How about tagging all your shopping so your waste can be tracked or chipping everyone so they can be tracked at any time, in real time. I mean, if you're not doing anything wrong why would you worry
There *are* things that aren't illegal that you might not want any Tom, **** or Harry knowing. I can tell you now that any Google employee with access to that data is worth $$$ to a private detective - but then all Google employees are angels and never break the law and don't have gambling debts or money problems.
While the corporation (google) might not be particularly interested in the individual, the corporation is made up of individuals who may not have the same values as good honest folk. That's something you can't guard against.
Never ever use the argument that if you're not doing anything wrong then you have nothing to fear. 'Wrong' is a value judgment, subject to change at any time. 'Illegal' varies from place to place, country to country.
SC
ScaredyCat said:
Never ever use the argument that if you're not doing anything wrong then you have nothing to fear. 'Wrong' is a value judgment, subject to change at any time. 'Illegal' varies from place to place, country to country.
Click to expand...
Click to collapse
Exactly. And this was exactly the assertion that Google's CEO made this December. I repeat a famous old wisdom: 'Those who would trade freedom for security, deserve neither.'
To those naive ones who can't understand the privacy ramifications, suffice it to say that my business is none of their business. You can not understand how a fascist regime operates, or know what it was like behind the Iron Curtain. I was in intel, and do not like the unConstitutional changes to the law that were made in the past 9 years, and so I want to protect myself. You can open your life like a book as you like... eh, maybe it'll be OK. Or maybe your divorcing wife or someone suing you will find things you didn't want.
I am just trying to find out what kind of hooks Android may have that may cause it to store information unjustifiably and/or send it back to the Mother Ship. Of primary concern is the OS, and secondary is Google apps. I am assuming that the nav app is a no-go.
Before anyone lazily asserts that my OS or browser is more vulnerable, I've run Debian exclusively for 12 years, secured using the NSA procedure. I have used Google for search only a few times since it started, owing to their atrocious data retention policies (I use Clusty.com), and do not have a Google account. I don't trust assurances that data is scrubbed because they make much of their money from the information.
I do use T-Mobile, as they are one of only two companies that refused to cooperate with Bush's unConstitutional warrantless wiretapping. (Qworst was the other one) Oh, you think warrantless wiretapping is legal? Then why last year did Congress pass a law specifically exempting Big Telecom from Constitutional challenges? (which BTW, Obama voted for; that was it for me with him)
Has any research been done on the security of Android? I couldn't find any. (I am aware of the HTC leak, which was squashed by Cyanogen)
No one else has thought about this?
Oddly enough, using custom ROMs makes me somewhat less concerned about privacy. Being able to pick and choose components of the software does help.
Afraid I got nothing else to add, though. Ultimately, you can either put on your tinfoil hat and cut yourself off from all online contact (because someone, somewhere, is always collecting information) or resign yourself to it.
And you seriously believe Google are the ONLY ones doing this? at least we know about it.
How do companies get their 'market research'?....
I believe we have nothing to worry about, but in this day and age, to expect to be completely anonymous and 'off the grid' is about as plausible as Apple employees using Android devices in the office...
I wrote a long post then decided to delete it cause Im not going to change anyones minds on a message board anyways. So Ill simply say, no, I dont worry about it.
Amdathlonuk said:
And you seriously believe Google are the ONLY ones doing this? at least we know about it.
How do companies get their 'market research'?....
I believe we have nothing to worry about, but in this day and age, to expect to be completely anonymous and 'off the grid' is about as plausible as Apple employees using Android devices in the office...
Click to expand...
Click to collapse
So... your solution is to give up and resign yourself to allowing a Police State. No thanks, I don't agree.
ThatSearchEngineThatEveryoneUses is a gigantic corporation which will vacuum up every search you do and correlate them to assemble a frighteningly accurate picture of who you are. Nah, fsck that. I'll stick with Clusty and off-OS's like Debian.
Resign and argue with me all you want.
My thoughts...
1. Seperate your data. Its why I refuse to useGoogle Chrome. I already have enough info on Google without them knowing every single purchase , website visit , and log in info for everywhere I go.
It may be futile but its at least an effort.
2. No company tosses information. I dont care how many times I press clear or delete on Google settings. My personalized info is sitting on a server somewhere and will be until that info becomes worthless.
3. I have zero desire to contribute to skynet =-).
Im fully convinced data supported profiling will be in the hands of some ridiculously powerful AIs and Im not in the mood to have a bunch of robots know what Im going to do before I do it.
Lastly I really do think its absolutely sad how easily people forego there privacy like it shoudl be of no concern.
Your GSM operator can track and record all your calls, and can be subpoenaed for your general location at any time. Would you trust them more than Google?
xManMythLegend said:
My thoughts...
1. Seperate your data. Its why I refuse to useGoogle Chrome. I already have enough info on Google without them knowing every single purchase , website visit , and log in info for everywhere I go.
It may be futile but its at least an effort.
Click to expand...
Click to collapse
Except Google Chrome does not collect enough information to discern such a thing, and your ISP can find out all that (and more, as long as it's not SSL-encrypted) anyway.
Everyone put on your tin foil hats!
Has any research been done on the security of Android? I couldn't find any.
Click to expand...
Click to collapse
Yeah, it's all, you know, here: http://android.git.kernel.org/ . Dig the source and see if Android's sending any rouge information to anyone.
Quantumstate said:
So... your solution is to give up and resign yourself to allowing a Police State. No thanks, I don't agree.
ThatSearchEngineThatEveryoneUses is a gigantic corporation which will vacuum up every search you do and correlate them to assemble a frighteningly accurate picture of who you are. Nah, fsck that. I'll stick with Clusty and off-OS's like Debian. Resign and argue all you want.
Click to expand...
Click to collapse
And it's not already?
What about CCTV? all the online purchases you make?
Credit card details?
Mortgage?
Electoral Roll?
National Insurance details...
Christ, they already know more about us than you can think.
Do a search for your name on the internet, I even found a site listing my marriage to my ex-wife, the children we had and when/where they were born......
I won't KNOWINGLY contribute to them collecting my data, but I'm not going to get paranoid about it either.
First of all: I'm an OSS advocate and love the idea of open source. Don't forget that while reading this.
Some 2 month ago, I got myself a Galaxy S. It's not exactly cheap, but on the other side, it's really good hardware. This thread is not about Samsung or the Galaxy S. It's about the missing parts of android security.
We all know it from our home computers: Software sometimes has bugs. Some just annoy us, others are potentially dangerous for our beloved data. Our data sometimes gets stolen or deleted due to viruses. Viruses enter our machines by exploiting bugs that allow for code execution or priviledge escalation. To stay patched, we regularly execute our "apt-get update;apt-get dist-upgrade" or use windows update. We do this to close security holes on our systems.
In the PC world, the software and OS manufacturers release security bulletins to inform users of potentially dangerous issues. They say how to work around them or provide a patch.
How do we stay informed about issues and keep our Android devices updated?
Here's what Google says:
We will publicly announce security bugs when the fixes are available via postings to the android-security-announce group on Google Groups.
Click to expand...
Click to collapse
Source: http://developer.android.com/guide/appendix/faq/security.html#informed
OK, that particular group is empty (except for a welcome post). Maybe there are no bugs in Android. Go check yourself and google a bit - they do exist.
"So why doesn't Google tell us?", you ask. I don't know. What I know is that the various components of Android (WebKit, kernel, ...) do have bugs. There's nothing wrong with that BTW, software is made by people - and people make mistakes and write buggy code all the time. Just read the changelogs or release notes.
"Wait", I head you say, "there are no changelogs or release notes for Android releases".
Oh - so let's sum up what we need to stay informed about security issues, bugs and workarounds:
* Security bulletins and
* Patches or Workaround information
What of these do we have? Right, nada, zilch, rien.
I'll leave it up to you to decide if that's good common practise.
"But why is this important anyway", you ask.
Well, remember my example above. You visit a website and suddenly find all your stored passwords floating around on the internet. Don't tell me that's not possible, there was a WebKit bug in 2.2 that did just that. Another scenario would be a drive-by download that breaks out of the sandbox and makes expensive phone calls. Or orders subscriptions for monthly new ringtones, raising your bill by orders of magnitute. Or shares your music on illegal download portals (shh, don't tell the RIAA that this is remotely possible).
The bug is probably fixed in 2.2.1 - but without changelogs we can't be sure.
But that's not all - there's a second problem. Not only are we unaware of security issues, we also don't have automated update mechanisms.
We only receive updates when our phone's manufacturers release new firmware. Sadly, not all manufacturers support their phones in the long run.
In the PC world, most Distros have a central package management - that Google forgot to implement in Android. Agreed, some phones can receive OTA updates, but that depends on the carrier. And because of the differences in Android versions it's not possible to have a central patch management either. So we do not know if our Android devices might have security issues. We also have no easy way to patch them.
Perhaps you knew this before, then I apologize for taking your time.
What do YOU - the computer literate and security aware XDA users - think about this? Do you think that's a problem? Or would you rather say that these are minor problems?
Very intresting, thanks! The update problem should be fixed with the next release, no more custom UIs and mods from phone manufacturers,at least google said that
Sent from my Nexus One using XDA App
Excellent post and quite agree with you. The other significant problem looming is the granularity (or rather, lack thereof) in app permissions which can cause problems you describe without bugs and exploits. I install an app that does something interesting with contacts and also has internet access to display ads. How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
I love Android but it's an accident waiting to happen unless the kind of changes you advocate are implemented and granularity of permissions significantly increased. I don't like much about Apple but their walled garden app store is something they did get right although IMHO, they also abuse that power to stifle competition. Bring out the feds!
simonta said:
The other significant problem looming is the granularity (or rather, lack thereof) in app permissions [...]
How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
Click to expand...
Click to collapse
I agree, although I'm not sure that less experienced users might have difficulties with such options.
simonta said:
I love Android but it's an accident waiting to happen
Click to expand...
Click to collapse
Sad but true. I'm just curious what Google will do when the first problems arise and the first users will have groundshaking bills.
If that happens to just a few users, it'll get a kind media coverage Google surely won't like.
I've seen quite a few android exploits posted on bugtraq over the years. It's a high-volume email list, but with some filtering of stuff you don't care about, it becomes manageable. It's been around forever and is a good resource if you want the latest security news on just about anything computer related.
http://www.securityfocus.com/archive/1/description
People are bashing a lot about the Android security model but the truth is you can never have 100% protection with ANY solution.
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Speaking again of Android. I think the permission model is not bad. I mean, no other OS got such detailed description about what an app can do or not. But unfortunately it can only filter out very conspicuous apps, i.e. a Reversi game asking for your location and internet access. But then you never know... if the app is using ads it requires location and internet access, right? so what can you do?
RAMMANN said:
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Click to expand...
Click to collapse
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Of course you can't get 100% security and I don't think that's what we're saying, but there is a lot you can do.
Take for example internet access which is the biggest worry I have. The only reason most apps request internet access is to support ads. I now have a choice to make, don't use the app or trust it. That simple, no other choice.
If I installed an app that serves ads but did not have internet access, then the only way that app can get information off my phone is to use exploits and I'm a lot more comfortable knowing that some miscreant needs to understand that than the current situation where some script kiddy can hoover up my contacts.
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
I absolutely agree with you on Apple, one of the main reasons that I chose a Desire instead of an iPhone, but the Android approach is too far the other way IMHO.
Just my tuppence, in a hopeless cause of imagining someone at Google paying attention and thinking you know what, it is an accident waiting to happen.
marty1976 said:
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Click to expand...
Click to collapse
Well, so why did a tethering app once make it into the appstore?
Also I think there are many possibilities for an app to behave normal, and just start some bad activity after some time. Wait a couple months until the app is spread around and then bang. Or remotely launch some action initiated through push notifications etc.
If there is interest, then there is always a way....
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
I agree that a seperate permission for ads would be a good thing.
But there are still many apps which need your location, contacts, internet access.... all the social media things nowadays. And this is where the whole thing will be going to so I think in the future it will be even harder to differenciate.
Getting back on topic: I just read that Windows 7 Phone will get updates and patches like desktop windows. That means patchday once a month plus when urgency is high...
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
But, how do you distinguish them? Today, (as a developer) I can use any ad-provider I want. In order to distinguish ads from general internet access, the OS would need one of:
A Google-defined ad interface, which stifles "creativity" in ad design. Developers would simply ignore it and do what they do now as soon as their preferred ad-provider didn't want to support the "official" ad system or provided some improvement by doing so.
An OS update to support every new ad-provider (yuck^2).
Every ad-provider would have to go through a Google whitelist that was looked up on the fly (increased traffic, and all ads are now "visible" to Google whether Google is involved in the transaction or not). This would also make ad-blocking apps harder to implement since Google's whitelisting API might not behave if the whitelist was unavailable. On the upside, it would make ad-blocking in custom ROMs be trivial.
Even if Google did one of these things, it still wouldn't provide any real increase in privacy or security. The "ad service" would still need to deliver a payload from the app to the service (in order to select ads) and another from the service to the app (the ad content). Such a mechanism could be trivially exploited to do anything that simple HTTP access could provide.
http://code.google.com/p/android/issues/list
issues submitted are reviewed by google employed techs... they tell you if you messed up and caused the issue or if the issue will be fixed in a future release or whatever info they find.
probably not the best way to handle it but its better then nothing.
twztdwyz said:
http://code.google.com/p/android/issues/list
Click to expand...
Click to collapse
Knew that bug tracker, but the free tagging aka labels isn't the best idea IMHO.
You can't search for a specific release, for example...
twztdwyz said:
probably not the best way to handle it but its better then nothing.
Click to expand...
Click to collapse
Ack, but I think Google can do _much_ better...
Two more things to have in mind:
1. I doubt that many Android users bother much about what permissions they give to an app.
2. Using Google to sync your contacts and calendar (and who knows what else), is a bad, bad idea.
It seems to me that the KINm phones (or atleast the TWOm) are the only product in a specific niche of the cell phone / smartphone market, namely they offer WiFi browsing w/o an expensive data plan.
I would suspect that there is a pretty big group of users who would want exactly that. But, they probably don't know the option exists, especially if Verizon doesn't really advertise this phone. (They don't even have it in Verizon stores that I have been to, only online, listed under feature phones). Of course, it's not really in Verizon's best interest to promote this, considering they _want_ you to pay for a data plan.
So, this leaves me feeling very uncertain whether this "relaunch" of the KIN phones will ever catch on?
Also, is anyone else on the board interested in this phone still? I thought Kin threads were fairly active, but maybe it's just me?
Jon
jon2012 said:
It seems to me that the KINm phones (or atleast the TWOm) are the only product in a specific niche of the cell phone / smartphone market, namely they offer WiFi browsing w/o an expensive data plan.
I would suspect that there is a pretty big group of users who would want exactly that. But, they probably don't know the option exists, especially if Verizon doesn't really advertise this phone. (They don't even have it in Verizon stores that I have been to, only online, listed under feature phones). Of course, it's not really in Verizon's best interest to promote this, considering they _want_ you to pay for a data plan.
So, this leaves me feeling very uncertain whether this "relaunch" of the KIN phones will ever catch on?
Also, is anyone else on the board interested in this phone still? I thought Kin threads were fairly active, but maybe it's just me?
Jon
Click to expand...
Click to collapse
I agree that if Verizon would advertise this phone it would possibly catch on. As for the Kin in Verizon stores, that's actually where I got mine and I've seen Verizon's reps trying to persuade people into getting the phone.
The phone seems to be getting pretty good reviews and response from buyers, but like you said Verizon is doing a poor job of promoting it.
And there are a handful of us both here and on Microsoft's forum site that have been trying many different approaches, but unforturnately none of us are experts in routing phones. A few us have bricked phones now, and we still haven't made to much progress, but still hoping someone can make progress.
This link rates the twom as the best messaging phone.
Kin TwoM= Win!
I am switching to the kin twom from a HTC Thunderbolt. I have a xoom as well, so I really don't need to keep paying for data on my handset. I have had several android phones, and for that matter several winmo phones in the past. I am excited about this because this really is a great phone for a "feature phone". No data, but having wifi is really sweet. I want to hack it and port android to it, which may not be possible, but either way, I think this really is a win, especially if you have a tablet.
Spectredroid said:
I am excited about this because this really is a great phone for a "feature phone". No data, but having wifi is really sweet. I want to hack it and port android to it, which may not be possible, but either way, I think this really is a win, especially if you have a tablet.
Click to expand...
Click to collapse
that depends on the point of view. For me, even if i'm pretty naughty with it, it isn't a great phone, caused in most part by the software..
- Software lags a lot (should not for the "few" resources that we use).
More if you take in account that we are using a tegra device with a 0'6Ghz CPU. My crappy PDA with 203mhz can play Age of empires mobile without lagging, and this phone can't just run the menu smoothly (sometimes). I smell bad optimization...
- The browser support for rtsp is kinda lame (no flash support and just redirection to mobile sites to a streaming protocol). Browser in general is pure **add your favourite badword here**.
- The wifi detection is barely ok, but several times it can't find the ESSID even if it's near it (@ my home wifi router) and you have to turn on, turn off the wifi till it awakes.
- Suffers from random reboots (if some software freezes). Happens to me sometimes, even with the phone playing the "i'm like a brick" game alone over my desk.
- It's battery is fastly drained by the OS, cause you cant close apps, and they are surely running in the background, like other windows ce OS's. If you open your browser after rebooting, it's there forever. If i could add only 1 app to a kin in the wooorld, i would add a battery/app ultraconfigurator to reduce so.
- Sometimes it can't even load some apps and shows a "loading..." window till it's... well loaded.
.....
On the other hand, the screen is pretty well done, imo. It detected my touchs almost perfect, whenever i tried.
At least, they solved the old bug that the original kin two had, where you set a wifi and can't reenter wifi settings cause the os hanged doing so (one or several reboots needed).
It would be so cool if it was sold unlocked & without contract for 100$. Then use dataplan with the company you want, and with installable apps.