Related
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
andrewluecke said:
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
Click to expand...
Click to collapse
First off: Who's to say the original developer can't put this so-called "dodgy code" in their own apks?
Secondly: The Android marketplace doesn't have any strict rules as to what someone can post, and the code isn't even checked. You have just as high a chance of getting this "dodgy code" from any app you download straight from the market.
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
andrewluecke said:
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
Click to expand...
Click to collapse
Are you familiar with modifying an APK? It is not nearly as easy as you make it seem. If the developer doesn't release the source code, it can't easily be functionally modified minus a few graphics and the like. Not to mention, this is how the iPhone jailbreak system works in regards to getting content. And has been going on with PC for years.
I really do not think it's something we have to worry about. Just install an anti-virus on your phone if you're worried.
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Good thing to raise awareness among users, but alas - most of them don't even bother to read the permissions requested by apps downloaded from the market.
There are actually quite few people that have an idea of what could happen if they had a rouge app on their phones. I recently tried to give a similar general warning in another forum that people should take care when flashing "beta" firmwares downloaded from some hosting site and not from the developer... You think most of them cared? Sadly they didn't...
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
andrewluecke said:
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Click to expand...
Click to collapse
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
APK's are not open source and cannot be decompiled and edited. The only way for what you are suggesting can happen, to happen, is if the APK in question had its sources released so someone else could release an edited version of the program, made from scratch, in java.
"can probably" is not very sure. The chances of someone posting a completely separate app with the name of a well known app is much more likely than someone editing an existing app (assuming the sources were available).
If you have no clue about android apk development why even bother arguing?
opensourcefan said:
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
Click to expand...
Click to collapse
Agree 100%. Much better said! You don't know who's releasing what, so watch what you're installing and just make sure it looks like the program you were looking for in the first place..
Electroz said:
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
Click to expand...
Click to collapse
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
2 options to make sure ur safe :
1. Dont install root applications (they require 0 upfront standard android api permissions hence u won't know what its doing behind the scenes)
2. Install apps by transferring them to ur phone and using the package manager, that way you can see standard permissions (if any) and judge accordingly.
You know what would be cool, if superuser could log the "su" commands a root requiring app executes
Daneshm90 said:
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
Click to expand...
Click to collapse
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
If its a non-root requiring app then yes, it must disclose its permissions prior to installing it through package manager not if u use adb to install.
You just have to judge, if a wifi toggle app is asking for email/sms permissions, you might want to be careful
As for root-requiring apps, theres not much you can do other than read reviews for that app or decompile and try to understand what its doing behind the scenes.
Electroz said:
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
Click to expand...
Click to collapse
It's quite easy to modify disassembled app code as well - trust me ;-) Also I think we will have possibility to decompile to Java code in the future.
Just don't think of your phone as a smaller PC (especially Windows), because this isn't true. There will never be antiviruses for Android and your only protection are permissions. Anyone could create market account and upload malicious app.
About game companies: they usually write in native code and it's really hard to decompile (or maybe even impossible for now). Besides... did you heard about gameloft's recent games? They're really awesome. Note that first 3d-gaming capable Android phones were released just ~10 months ago, so it's still quite early.
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
It should, however, what if it is an alternate launcher, in which case, you'd expect it to be able to send SMS's and make phone calls. That's all fine, until you realise the copy of launcherPro you downloaded using a multi-upload in XDA is having phone sex with a russian operator costing you hundreds of dollars.
It's actually good Brut spoke here. Brut[Maps] is relevant, because it introduces new features which distinguishes it from Google's version. However, can we trust Brut as much as we can trust Google? He seems trustworthy yes, but as trustworthy as Google? Questionable. (Btw Brut, good work on your mod). Of course, his mod does have considerable benefits showing he is interested in helping the community and he hasn't caused any problems thus far. That only means his official multi-upload posts are safe though, if I repost them elsewhere, you shouldn't trust my copies.
It's common sense that programs should pass by as few hands as possible to remain secure. We need to build awareness about security practices (particularly for business users who may compromise their companies security or information). I'm not saying all rom's are safe.. Think about it though, if an APK is already readily accessible, why would someone go through the effort of re-uploading it?
Furthermore, we should encourage people using their phone's for important purposes to use the official Kies releases, not random firmware's available from Samfirmware's (which may not even be final versions).
Remember, trojans are common in the warez world, and it's better to change the attitude of the community before they become a problem here too (otherwise, people will be stuck in a poor mindset that compromises herd immunity). XDA is a website targeted at the technical crowd, and we should set a good example.
@Electroz. Haven't disassembled them myself, but checked a tutorial. But someone has responded already anyway.. Just because I don't have experience doing it myself anyway, doesn't mean it isn't widely known to be possible.
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
i think we are pretty safe with those
however... it's suck if they run in the background all the time eating the juice+cpu power away
Anti-virus only helps for known trojans anyway, and since so few people have it installed, it doesn't help much. When Android has it built in though, it may be more useful.
Anti-virus should be considered a last line of defense anyway. And either way, I'm not concerned, because I try to minimise the risks of my own sgs. However, it's a concern that people here don't believe such a risk exists, and are actually encouraging a global attitude which might make the Android population ripe for social engineering attacks in the future.
@andrewluecke
I understand you, I don't say there is no problem with security. I say it doesn't matter you will get malicious software from mirror or Market itself. We could assume apps downloaded from WWW are more dangerous, but this problem is general one: people should be cautious whenever they install something with critical permissions. If they won't they will have problems anyway - it's just a matter of time.
I agree with you: it's important to aware people of that problem. This is actually only one thing we can do: be aware and cautious.
Ahh and in many situations it's possible to protect yourself against problem with redistribution. First, you could check md5 - many developers give it to people, I do. Second: signatures. Each app is signed by its author, so you could check its authenticity. You could check signatures of downloaded apk using public key uploaded by dev to his WWW or using "safe" apk you downloaded earlier. Unfortunately there are no tools to do that easily :-/ Also Android does this check automatically when you install new software. So if you have installed e.g. GM modded by me, then you have downloaded new version from some mirror and succeed at installing it, you can be sure it was also from me and nobody modified it.
AllGamer said:
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
Click to expand...
Click to collapse
Hmm? I think it's impossible, cause apps can't get to data and resources of others apps. And creating an app for root users only wouldn't have much sense.
I have found Norton Smartphone Security for Android and it's anti-theft protection, not anti-virus.
I'm not a coder and came from IT field so I have lots of general questions about apk security and found this thread...great discussion. TY
Just a general question about apk security...how easy is it to alter apk for malicious intent? And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone? ...just kinda scary to imagine
the news about android virus gets me nervous about installing any apk released from any individual
http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/
kobesabi said:
how easy is it to alter apk for malicious intent?
Click to expand...
Click to collapse
Quite easy for a good developer.
kobesabi said:
And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone?
Click to expand...
Click to collapse
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Brut.all said:
Quite easy for a good developer.
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Click to expand...
Click to collapse
Wow, scary. Unless there is something else, that they can't get away, I don't think banning would deter much, they just laugh at the weak security as a fun challenge. If they already got tons of ip under their control...banning by account, ip, or email will not help much...they can always get new ones.
Is there a way user can authenticate/verify apk signing from authentic author/writer? Many just post apk but did not post md5 or sha sum so how can a user find out if it is original or not?
Anyway to test these apk without loading up to real phone?
So, guys..
I was going through some blogs, which stated that there are so many malicious apps in android market. Recently, Avast, which has launched an app in market, reported to google about some malicious apps.
Here is the article:-
https://blog.avast.com/2011/12/13/android-malware-in-the-open-marketplace/
So, what i was thinking is that do we really need an Antivirus app, to protect our android phone??
Using an antivirus app will mean that, it will consume RAM continuously, and so will consume battery too.
I am starting this thread, so that we can discuss, here ,if we really need it.
So, share your views, experiences with any malicious app in the market place, and also suggestions about which antivirus app should we use, if this kind of thing exists in android.
Of course you do, i use Lookout Mobile Security and it has caught a few trojans which were potenially harmful to my phone, not too many but it did quarantine a few since ive had it.
Basically anyone who doesn't have any type of protection on their dog and bone is taking a big chance.
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
ithehappy said:
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
Click to expand...
Click to collapse
Did u read the link i posted?
It really shows the possibility of some malicious apps, co-existing in Android Market. Don't we need to be protected?
ithehappy said:
The answer is NO.
I've posted an article from tech2.com in Indian thread where someone from Google said it while talking about Trozan AV apps.
Click to expand...
Click to collapse
Well if you ever get a trojan on your SGSII don't come crying on here, ever heard of better be safe than sorry!!
jonny68 said:
Well if you ever get a trojan on your SGSII don't come crying on here, ever heard of better be safe than sorry!!
Click to expand...
Click to collapse
Thats what i am trying here "Better be safe than sorry"
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Chris DiBona, Google's open-source programs manager stated in a blog post, “No major cell phone has a 'virus' problem in the traditional sense that Windows and some Mac machines have seen. Virus companies are playing on your fears to try to sell you bulls***protection software for Android.”
Click to expand...
Click to collapse
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
You forgot the rest of this story:
"Honestly, anti-virus software are not needed on mobiles, just as long as you don’t download random apps you should be just fine" ...
Most people in here download and install tons of apps, modifications and tweeaks on rooted phones ... LOL
Why not just instal a free one?
Better safe than sorry...
Send from my GT-I(OVER-9000) using XDA App.
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
M sorry, if it hurted u.
Everyone has absolute right to express their views.Be it wrong or right.
Sent from my GT-I9100 using XDA App
Well Google are hardly gonna freely admit the fact that there are some rogue apps in the Android Market which contain trojans as this will put off many people (not just talking anti-virus here), the simple facts are despite the nonsense by Chris DeBona or whoever is the fact that you are taking a calculated rick by not having some type of protection on your phone, this is even more so if you do happen to download apps from other sources but even in the Android Market you can never be totally sure, Lookout Mobile Security is totally and utterly 100% legit and used by many thousands of people and business' alike,clearly there are some rogue apps masquerading as anti-virus apps but also others too.
Smartphones are like pc's now. What you can do with your computer your smartphone does it for you on the go. You have so many apps you browse over the net even if you are using the wireless one from home say for example anything can come through..Say if you are downloading a rom or a leak you never know what might be in them...As the OP and Jonny said above.."always be safe than sorry" that is how i see things
http://androidship.com/2011/05/29/the-android-anti-virus-epidemic/
Read that.
If you plan on downloading apps without looking at who makes them or looking at any reviews, then yes, there's a chance you can get an app that causes issues.
And that applies for ALL os's. How many apple laptop/desktop users run an antivirus? Android is built on the same type of platform, unix.
That doesn't mean an 'antivirus' app will do anything special. It uninstalls apps the same way you do under manage applications.
Sent from my páhhōniē
I all true sense you need to have read the permission that the applications needs when you install a app. If your are lazy enough to not do that have application like LBE security installed to monitor what each applications is up to ... i believe rather then a antivirus a good app fire wall is needed.
You probably don't need one, just as any power Windows user doesn't. That said you'd be crazy to not have one in Windows. Difference being a desktop has a tremendous amount of resources and allocating some to an antivirus program is no big deal. Not so on a phone. Plus there's the consideration of battery impact.
In a nutshell I'd say you'd be just fine without one.
I feel much the same way about antiviruses on Android as I do about hand-holding paid antivirus programs on Windows. If you know what you're doing, you don't need them at all. On the other hand, if you're going to download hundreds of dodgy applications at random and pay no attention to reviews/permissions/odd behaviour, then more fool you, get an antivirus app.
LBE privacy guard is a different story, since it performs a rather different function, and allows you to enjoy apps like Facebook without giving them access to the likes of text messages and phone ID.
You guys know Samsung have their own lightweight security suite in Samsung apps, yeah?
Sent from my GT-I9100 using xda premium
ithehappy said:
Well you should've created this thread without the 'Do' and '?'. Everyone is entitled to his/her own opinion. You didn't like my post IGNORE it, don't quote me and advice me what I need to do. A '?' thread should only be created where everyone can share his/her opinion and then it's up to the Thread starter what he/she will take from all the answers.
Anyway, keep using what you are using.
@jonny68- Have you seen such a thread like that in this 8 + months?
This is what Chris Dibona, Google's Open Source Program Manager said,
Source:
http://tech2.in.com/news/android/go...-antivirus-apps-in-android-marketplace/260952
Sorry I had to BOLD the line for you guys, it's a shame to modify some other comments.
Another thing, if someone even said that Antiviruses are needed for Android I would never use it.
The story is exactly the opposite when I use my Desktop PC fyi.
Regards.
Click to expand...
Click to collapse
I totally agree, like task killers and power managers, useless...
I hate the kind of pseudo-logic that is thrown around in these discussions, which paraphrase to look something like this...
LogicLord221 said:
<insert random bull**** about why their point is valid> there's a million million trojans out there and platform x is so insecure, I read this and this which says we're all in danger!
Click to expand...
Click to collapse
Basically, the point people are trying to make is that danger lurks everywhere, and you need to protect yourself, or you'll be sorry later. Scare tactics at best.
While I am an advocate for protection by prevention, that doesn't automatically lead to the conclusion that you need antivirus software for your device! It's that kind of bull**** logic that annoys the **** out of me. To quote the Oxford English Dictionary:
"Prevention"
Pronunciation: /prɪˈvɛnʃn/
noun
[mass noun]
The action of stopping something from happening or arising.
Phrases:
Prevention is better than cure.
Click to expand...
Click to collapse
Do you see the problem here? It doesn't say "The action of installing an antivirus", it says to stop something from happening. There are many ways to go about preventing infection of your device:
1) Check what you're downloading comes from either a) a reputable source, b) is backed by a reputable source, or c) is backed by numerous (>50-100) positive comments, reviews, etc. This means, don't download that app that has a bunch of one-star reviews, and has people screaming "TROJAN!" in the comments field.
2) Stick to the Market. While it's true that a lot of the infected content will indeed come from the Market itself, Google do a good job of removing offending apps, so compared to other sources of content (e.g. just downloading the APK from a server), it's a lot safer.
3) Don't pirate ****. This is probably the number-one source of malware on Android. Don't be a cheap dumbass.
4) Stay away from 'questionable' material. This includes, but isn't limited to:
- porn
- pirated content
- file sharing sites
5) Have some common sense! I can't stress this one enough, you can have the most advanced piece of software in the world, but if you're acting like a reckless child, you don't deserve to use the device, and you're bound to find yourself neck-deep in malware. Apart from the above, take some active steps to secure yourself. Change your browser settings to run Flash content on-demand instead of automatically, (if possible) set it to have you manually accept cookies, etc. Perhaps the best use of common sense would be in checking the permissions you allow an app access to when it's installed. Look, if an app that is designed to parse a line of text is requesting full internet access, access to SMS capabilities, etc., it'd be best to leave it alone, don't you think? Moreover, if something's requesting superuser permissions, it'd better have a damn good reason why. Read the permissions, and understand what you're allowing.
...because in the end, that's the hard truth -you're the one allowing access.
If you follow these simple steps, you'll protect yourself from 99% of malware. If you're worried about that 1%, don't be. Android malware hasn't progressed to the point where it's a major threat yet, so even if something does get through, it'll more than likely be nothing too major, and you'll figure out something's up pretty quick anyway. This may not be the case in say 12 months, but for now, it's fine.
If you're really paranoid, keep an app on standby, and run a scan every week or two, but disable any background process it has, it's more of a waste of time anyway. On a final note, keep in mind that it's been shown multiple times that Android antivirus software is, to be blunt, rubbish at detecting even the most common pieces of malware.
Remember, prevention is better than a cure
Im using kasperky mobile security cause i got a 1 year licence from a magazine.. But i never got an alarm until now (1,5 months), so i think atm its not necessary to use it .. Perhaps in some months when there are more viruses out in the web^^
Sent from my GT-I9100 using Tapatalk
screamworks said:
3) Don't pirate ****. This is probably the number-one source of malware on Android. Don't be a cheap dumbass.
Click to expand...
Click to collapse
Most Android apps are of such low quality they don't deserve to be purchased.
Sent from my SGH-I897
With even a modest set of modifications, the monthly OTA update is incredibly annoying. Especially for people who actually have important things they need to do rather than manually apply updates to their phone.
And we all know that the monthly ota updates are just a show being put on to address complaints that have no bearing in reality. Specifically, all those nasty security holes that really don't lead to anything besides mild annoyance, IF somebody bothered to try to exploit them. Like for example the most [in]famous bug in StageFright that could allow a hacker to... do absolutely nothing of consequence (since it is protected by user access rights -- the "media" user, and also selinux which would nail it quite quickly. There is also the bug that could break out of the lockscreen if somebody bothered to punch in an absurdly long random password.... but only affects people who actually use a password lock (as opposed to pin, pattern, face, or none).
So here is a very easy little program that stops the SystemUpdateService from doing its thing;
http://github.com/lbdroid/StopOTA
You will have to compile it yourself.
Don't share binaries, I don't like that. If you can't figure out how to compile, you are unworthy, if I catch you, I will stop giving things away for free.
If you want to learn how to compile simple Android applications, feel free to ask! I'd be happy to help.
If you would like to contribute, submit a pull request!
Don't forget to read the project README file, it explains about it properly.
This should work with any device that uses gms SystemUpdateService for its OTAs. I've personally tested on Nexus 5, 6, and 9.
doitright said:
With even a modest set of modifications, the monthly OTA update is incredibly annoying. Especially for people who actually have important things they need to do rather than manually apply updates to their phone.
And we all know that the monthly ota updates are just a show being put on to address complaints that have no bearing in reality. Specifically, all those nasty security holes that really don't lead to anything besides mild annoyance, IF somebody bothered to try to exploit them. Like for example the most [in]famous bug in StageFright that could allow a hacker to... do absolutely nothing of consequence (since it is protected by user access rights -- the "media" user, and also selinux which would nail it quite quickly. There is also the bug that could break out of the lockscreen if somebody bothered to punch in an absurdly long random password.... but only affects people who actually use a password lock (as opposed to pin, pattern, face, or none).
So here is a very easy little program that stops the SystemUpdateService from doing its thing;
http://github.com/lbdroid/StopOTA
You will have to compile it yourself.
Don't share binaries, I don't like that. If you can't figure out how to compile, you are unworthy, if I catch you, I will stop giving things away for free.
If you want to learn how to compile simple Android applications, feel free to ask! I'd be happy to help.
If you would like to contribute, submit a pull request!
Don't forget to read the project README file, it explains about it properly.
This should work with any device that uses gms SystemUpdateService for its OTAs. I've personally tested on Nexus 5, 6, and 9.
Click to expand...
Click to collapse
or.. you can long press on the ota notification, then press do notnotify , without needing the knowledge to compile anything. and yes, anyone can do itit, for free, and without the knowledge to compile anything. and, i will keep helping users out. btw, who the heck publishes something on xda, then says they wont publish anything else if they dont compile it themselves? thats a first time ive ever seen anyone post such a ludicrous statement. im sorry, but you are the one thats unworthy. i mean all respect to you, i appreciate whatever help you give here on xda, but that statement does nothing for you.
just lol!!
i mean, really, the reasons to buy a nexus device are short and simple,
1. frequent updates to keep you protected and running smooth
2. development and modding
thanks for providing the community with this tool, but seriously, provide them with a working tool or dont post it.
why limit its use to the vast minority of those who can build it, then threaten us with no more of your work if anyone shares it? not cool
so why not post it built for those who might actually use it?
imo, if updates bother you because there too frequent, you should buy pretty much any non nexus device, and be at the mercy of your carrier for updates.
i can build this, and pretty much anything else i want on my phone, but i would never use it. i guess thats my point here....
doitright said:
With even a modest set of modifications, the monthly OTA update is incredibly annoying. Especially for people who actually have important things they need to do rather than manually apply updates to their phone.
And we all know that the monthly ota updates are just a show being put on to address complaints that have no bearing in reality. Specifically, all those nasty security holes that really don't lead to anything besides mild annoyance, IF somebody bothered to try to exploit them. Like for example the most [in]famous bug in StageFright that could allow a hacker to... do absolutely nothing of consequence (since it is protected by user access rights -- the "media" user, and also selinux which would nail it quite quickly. There is also the bug that could break out of the lockscreen if somebody bothered to punch in an absurdly long random password.... but only affects people who actually use a password lock (as opposed to pin, pattern, face, or none).
So here is a very easy little program that stops the SystemUpdateService from doing its thing;
http://github.com/lbdroid/StopOTA
You will have to compile it yourself.
Don't share binaries, I don't like that. If you can't figure out how to compile, you are unworthy, if I catch you, I will stop giving things away for free.
If you want to learn how to compile simple Android applications, feel free to ask! I'd be happy to help.
If you would like to contribute, submit a pull request!
Don't forget to read the project README file, it explains about it properly.
This should work with any device that uses gms SystemUpdateService for its OTAs. I've personally tested on Nexus 5, 6, and 9.
Click to expand...
Click to collapse
What an asinine statement. Why make something that you don't want shared? Not everyone knows how to, or wants to install and waste all that HDD space with the adk for just one program. If you don't want it shared, don't publish it.
Sent from my Nexus 6 using XDA Free mobile app
on top of that, i do not own a computer nor laptop, as i know many other people dont. not like i want to build it, but just saying..
Anyone with a Nexus can stop OTA notifications in about 5 minutes by flashing the update with fastboot.
Not for nothing... This post was unnecessary.
Sent from my Nexus 6
simms22 said:
or.. you can long press on the ota notification, then press do notnotify , without needing the knowledge to compile anything. and yes, anyone can do itit, for free, and without the knowledge to compile anything. and, i will keep helping users out. btw, who the heck publishes something on xda, then says they wont publish anything else if they dont compile it themselves? thats a first time ive ever seen anyone post such a ludicrous statement. im sorry, but you are the one thats unworthy. i mean all respect to you, i appreciate whatever help you give here on xda, but that statement does nothing for you.
Click to expand...
Click to collapse
Hate to break it to you, but killing the notification doesn't kill the process that causes it. It also kills several other notifications that aren't related to the update.
Borderpatrol1987 said:
What an asinine statement. Why make something that you don't want shared? Not everyone knows how to, or wants to install and waste all that HDD space with the adk for just one program. If you don't want it shared, don't publish it.
Click to expand...
Click to collapse
I didn't say don't share. I said don't share COMPILED.
Those are my terms, not up for argument or negotiation. If you don't like it, you can go away.
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
reserved
reserved
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Coraz said:
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Click to expand...
Click to collapse
Thank you for your reply.
Actually, as I have pointed out in the thread, this project implements only the scanner part, it doesn't act for the developers. Developers have to decide what they want to do with the detected piracy. Its really nice to be able to run 2 versions of the same app on 1 device, I believe ChelpuS should make another app with this feature, or without other features in Lucky Patcher.
I'm sorry, but if an app tells me to uninstall something - I'm uninstalling that app first
DANIEL TAN said:
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
Click to expand...
Click to collapse
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
PoseidonKing said:
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
Click to expand...
Click to collapse
You are misinformed. We allow threads such as these because they are educational and are about preventative purposes against those applications. I would suggest you actually read what the purpose of this thread is about before telling other users about what the XDA rules say, which incidentally is not your 'job' to do.
Hello everyone. I've been always very keen into adding content guard to my rom. Recently I found out that there was 38% of pirated apps on an android system. I have to admit that I don't own any app which gets me premium apps right now, but I like the flexibility to explore if an app is good or not before buying. At the same time it becomes a flaw because android does not provide any sort of protection.
So the debate starts here, should this be included on the rom? Yes or no, but more importantly why?
Remember that when you install an app which was not bought, you are taking from a dev his "food supply".
Thank you,
Jorge
I liked the idea when its first implemented by Dave in Exodus, safeguard developer interest and protect user from any infected app
Hi AFAIK there are some options to return bought app in a play store within some limitted time. Also there are a lot of free test versions of apps.. just saying because i was always on side of freedom of choice.. And finally if it really give us more protection it is necessary thing but i am aware if some xposed or root apps can be blocked ... its a really hard decission Jorge lets wait for others opinions...
Yep removing thieves is always the best option! Do it I'd say --- and be prepared for idiots hatin' lol
Transmitted via BACON
gerciolisz said:
Hi AFAIK there are some options to return bought app in a play store within some limitted time. Also there are a lot of free test versions of apps.. just saying because i was always on side of freedom of choice.. And finally if it really give us more protection it is necessary thing but i am aware if some xposed or root apps can be blocked ... its a really hard decission Jorge lets wait for others opinions...
Click to expand...
Click to collapse
Hello. Basically what this does is protects the developer interests by not permitting apps which give the ability to have access to premium apps for free. The list is :
https://github.com/ContentGuard/Ant...roid-6.0.1/src/utils/AntiPiracyConstants.java
Only apps which MAIN purpose is pirating, are blocked.
So most likely you won't be affected
If you have any other questions, I'll try to answer these the best way possible
Alex
I would say that it is a good idea, but the number of people that don't like the idea would lead to a negative effect on the ROM and its users just like it happened to Exodus when it first got implemented.
Therefore I would be against the idea of implementing ContentGuard into the ROM.
Sent from my OnePlus One using XDA Labs
BTW i think if they dont want content guard they can just compile ROM wothout it.. simple solution
Just stepping in here as a moderator on XDA. Our point of view is: We do support apps like this. XDA has a rule against discussing or requesting warez. If we find any posts that are asking for help, or asking for links to download warez apps, EG an app that is on playstore but needs to be bought, or an app that has in app purchases, if a user is trying to bypass these, we remove it. So from an XDA standpoint developers are free to add ContentGuard into their rom. We have no issues with that at all.
Well I don't know what is possible with these blocked apps, i.e. if they can be used for legit things or if they are used solely for pirating other apps ecc.
If the sole purpose of those apps, is stealing, I would include this into the ROM. And If people would complain I would just tell them that stealing is not a supported feature on this ROM.
I mean, you can't go around stealing in RL, there are alarms, walls, tresors ecc. this is just an anti-theft-system for digital goods.
Stone_88 said:
Well I don't know what is possible with these blocked apps, i.e. if they can be used for legit things or if they are used solely for pirating other apps ecc.
If the sole purpose of those apps, is stealing, I would include this into the ROM. And If people would complain I would just tell them that stealing is not a supported feature on this ROM.
I mean, you can't go around stealing in RL, there are alarms, walls, tresors ecc. this is just an anti-theft-system for digital goods.
Click to expand...
Click to collapse
The criteria for adding an app is whether the main purpose of the app is piracy
Alex
I'm happy either way, I don't use pirated apps and love my devs, so if it helps them add it.. If people want to use these apps then they aren't supporting their devs anyways so freeloaders and theives can get lost..
jgcaap said:
Hello everyone. I've been always very keen into adding content guard to my rom. Recently I found out that there was 38% of pirated apps on an android system. I have to admit that I don't own any app which gets me premium apps right now, but I like the flexibility to explore if an app is good or not before buying. At the same time it becomes a flaw because android does not provide any sort of protection.
So the debate starts here, should this be included on the rom? Yes or no, but more importantly why?
Remember that when you install an app which was not bought, you are taking from a dev his "food supply".
Thank you,
Jorge
Click to expand...
Click to collapse
This is completely useless because there exists a xposed module which easily disables the content guard again. Have fun blocking xposed
hellcat50 said:
This is completely useless because there exists a xposed module which easily disables the content guard again. Have fun blocking xposed
Click to expand...
Click to collapse
Well related to that, contenguard has also a solution where xposed module doesn't work.
Would like to know your opinion. Do you favor piracy? Why do you think is useless to fight for a more honest enviroment? Thanks
hellcat50 said:
This is completely useless because there exists a xposed module which easily disables the content guard again. Have fun blocking xposed
Click to expand...
Click to collapse
The module doesn't work
TheCrazyLex said:
The module doesn't work
Click to expand...
Click to collapse
It's working for sure...
I think it's quite stupid to implement anything, which has no effect. If you want pirated apps there are ways also with this module.
Sent from my A0001 using XDA-Developers mobile app
lampshade90 said:
It's working for sure...
I think it's quite stupid to implement anything, which has no effect. If you want pirated apps there are ways also with this module.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
The real question i would like to see your opinion, would be this.
Google haven't done much to protect developers work.
As you know many developers donate their time for free to develop apps. And consider some apps should be used for a small fee.
Same as you going to a store and having the option to steal or to buy a book.
Sometimes we think " ah those companies are gigantic" , but they also pay to alot of people to work. Shouldn't that matter ?
As a human beeing, i've donated to xda, donated blood to hospital, donated my free time to help poor people in Portugal, donated my time to help timor (around 1996-7 when i was a kid). But when i'm providing a service, where the deal is i'll do this and in exchange i'll receive something. Don't you believe it is fair?
The big problem with the anti piracy measures, which in my opinion should be implemented by google , do not work effectivly for users. In exchange many of us get used to that reality. Right? But should we? Or should we try do something?
I came up with this thread because, I've thought about Content Guard as a measure which is not efficient to change and become a safe working enviroment for people which dedicate their lives to android. But I think we can see this as a simbol of wanting things to change from some people which are frustrated for not beeing sucessfull in their work.
So I ask you, as all users here. We live and fight our lifes to be happy. Should we embrace and try better solutions to find a balance where more people becomes happy (developers), and in exchange they'll be putting more time, doing a harder work to deliver a better app.
What do you think?
As you know i'm Democratic, and I love to discuss ideas. So please, feel free to share yours. I'll be happy to understand your perpective as it is important to find a common ground together.
Thanks
jgcaap said:
Well related to that, contenguard has also a solution where xposed module doesn't work.
Would like to know your opinion. Do you favor piracy? Why do you think is useless to fight for a more honest enviroment? Thanks
Click to expand...
Click to collapse
Although I do not pirate apps, I would rather not have contentguard. Google could've easily have anti piracy measures on stock roms considering that a high percentage of apps are pirated, but they didn't, because it compromises the openness of android (I know there are a lot of additional factors to this as well.) Developers of roms shouldn't have to take it upon themselves to force users to not install certain applications because even if contentguard is present, people who pirate can easily switch over to other roms, which means that contentguard only hurts the privacy people who actually pay for apps.
I understand what the rom developers are trying to do with contentguard, but it is not effective on a large enough scale to be a viable stop to piracy, unless it is implemented google themselves (a couple thousand of people running a custom rom which happen to have contentguard vs about a billion android devices).
TLDR: No
jgcaap said:
The real question i would like to see your opinion, would be this.
Google haven't done much to protect developers work.
As you know many developers donate their time for free to develop apps. And consider some apps should be used for a small fee.
Same as you going to a store and having the option to steal or to buy a book.
Sometimes we think " ah those companies are gigantic" , but they also pay to alot of people to work. Shouldn't that matter ?
As a human beeing, i've donated to xda, donated blood to hospital, donated my free time to help poor people in Portugal, donated my time to help timor (around 1996-7 when i was a kid). But when i'm providing a service, where the deal is i'll do this and in exchange i'll receive something. Don't you believe it is fair?
The big problem with the anti piracy measures, which in my opinion should be implemented by google , do not work effectivly for users. In exchange many of us get used to that reality. Right? But should we? Or should we try do something?
I came up with this thread because, I've thought about Content Guard as a measure which is not efficient to change and become a safe working enviroment for people which dedicate their lives to android. But I think we can see this as a simbol of wanting things to change from some people which are frustrated for not beeing sucessfull in their work.
So I ask you, as all users here. We live and fight our lifes to be happy. Should we embrace and try better solutions to find a balance where more people becomes happy (developers), and in exchange they'll be putting more time, doing a harder work to deliver a better app.
What do you think?
As you know i'm Democratic, and I love to discuss ideas. So please, feel free to share yours. I'll be happy to understand your perpective as it is important to find a common ground together.
Thanks
Click to expand...
Click to collapse
For me it seems, that you haven't understand the meaning of capitalism.
Some people will live some people will die. Some people will be rich, some poor, same for companies.
That's the world.
I think it's up to the developer. There are ways to make piracy harder. The harder you will make it, the more people will buy it. If you're not capable of programming an app, which is hard to Crack you should definitely change your job to something you're good at.
Your social engagement might be good for you, for me it would wasting my small amount of time. From your text you could get an intention that it's god given what you will make out of your life. It's definitely not.
I don't care if you implement this. You will make it harder to use pirated apps but it's still possible and it's work for you. So I have no opinion to this topic I just wanted state out, that it will be work for you, less people will use your rom and if you want pirated apps it's still possible.
But honestly noone will buy an app due to your implementation. Maybe it will gain you experience but nothing more....
Sent from my A0001 using XDA-Developers mobile app
lampshade90 said:
For me it seems, that you haven't understand the meaning of capitalism.
Some people will live some people will die. Some people will be rich, some poor, same for companies.
That's the world.
I think it's up to the developer. There are ways to make piracy harder. The harder you will make it, the more people will buy it. If you're not capable of programming an app, which is hard to Crack you should definitely change your job to something you're good at.
Your social engagement might be good for you, for me it would wasting my small amount of time. From your text you could get an intention that it's god given what you will make out of your life. It's definitely not.
I don't care if you implement this. You will make it harder to use pirated apps but it's still possible and it's work for you. So I have no opinion to this topic I just wanted state out, that it will be work for you, less people will use your rom and if you want pirated apps it's still possible.
But honestly noone will buy an app due to your implementation. Maybe it will gain you experience but nothing more....
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Well is also true we live capitalism. But the way you express it is like it doesn't have flaws. Do you really believe that?
I haven't decided on adding yet. I like to listen to people, to speak and discuss. For you might be a loss of your time... But for me is information gathered among different people which I believe it is important, or I would be rather selfish on doing things without asking questions. No ? =p
Hehe.
Thank you for your honest answer.
f41lbl0g said:
Although I do not pirate apps, I would rather not have contentguard. Google could've easily have anti piracy measures on stock roms considering that a high percentage of apps are pirated, but they didn't, because it compromises the openness of android (I know there are a lot of additional factors to this as well.) Developers of roms shouldn't have to take it upon themselves to force users to not install certain applications because even if contentguard is present, people who pirate can easily switch over to other roms, which means that contentguard only hurts the privacy people who actually pay for apps.
I understand what the rom developers are trying to do with contentguard, but it is not effective on a large enough scale to be a viable stop to piracy, unless it is implemented google themselves (a couple thousand of people running a custom rom which happen to have contentguard vs about a billion android devices).
TLDR: No
Click to expand...
Click to collapse
Thanks