I just read this article.
Security Advisory: A.I.Type Keyboard Sends All Your Keystrokes To Their Servers In Plain-Text - Sometimes You Can't Trust The Cloud
Posted by Artem Russakovskii in Applications, News
One of the features that really differentiates Android from other mobile operating systems is the ability to install a custom keyboard that works for you. I constantly keep jumping between a variety of keyboards as new updates come out (right now I've settled on SwiftKey due to its unparalleled prediction technology), but when some of our readers pointed out A.I.type Keyboard's "psychic" word completion, I had to check it out.
However, what I found in A.I. Keyboard's Market description prevented me from even installing it - all smart predictions happen in the cloud, which means everything you type (or almost everything) gets sent over the data connection to their servers. You can turn it off - sure, but then you lose "psychic" abilities, which seems to be this keyboard's main selling point. I'm not even kidding about the "psychic" part - here's an excerpt from their Market page:
"Psychic word completions and predictions are generated by A.I.type’s servers on the Cloud. When the device is offline or Internet connection is too slow, or if you disabled Cloud-based prediction, word suggestions will be generated by the device only.
Privacy notice: while installing A.I.type Keyboard, you will receive a warning message about collecting sensitive data. This is the standard general-purpose Android message issued for any downloaded keyboard and it does not pertain to A.I.type. Our keyboard DOES NOT COLLECT YOUR SENSITIVE DATA."
Do I want a random company to know what I'm typing into every single text field (outside of possibly password fields)? Pardon my language, but hell no.
Oh, and about that last privacy part... A.I. Keyboard probably doesn't collect your sensitive data, but what it does do is send all those prediction queries over to the cloud in plain-text, unencrypted, for everyone on your local Wi-Fi network or anywhere in the request's path to see. Like so:
GET /beta081/cell/predict?i=T4420&l=Th&t= HTTP/1.1
Host: 72.26.211.90
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 21 Oct 2011 16:39:43 GMT
Connection: close
1d
Th;;the;they;this;there;that;
0GET /beta081/cell/predict?i=T4420&l=This+ke&t= HTTP/1.1
Host: 72.26.211.90
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 21 Oct 2011 16:39:47 GMT
Connection: close
24
ke;;knowledge;keeps;key;killer;kept;
0
Here, check it out for yourself: http://72.26.211.90/beta081/cell/predict?i=T4420&l=Android+Pol (you should see http:// and "Pol;;police;political;policy;politics;poolplay;" as the result).
Needless to say, the app went to the trash right after our tests were over.
When I brought up my initial privacy concerns to A.I.type's CEO Eitan Fitusi before even digging into this, he had the following to say (all spelling left as is, text in italics added by me):
"Hi Arten (that's not my name)
We here those concerning before and understand them, that why we work hard on our new local data model, that already available in the current version, We are going to release very soon a new version, that will have a setting for shutting down cloud support prediction, although the prediction quality is effected, it is still great, and as close as possible to the full scale prediction, what mostly damaged from lack of cloud is names, locations or other vocabulary that is domain specific.
This new version also including a new superior learning model that learn the user, and enhanced the predictioncorrectioncompletion quality based on the user writing style, names and unique words that's the users use, user model will be stored locally and won't sent data to the cloud at all.
Having say that, I know that it's not much, but I can assure you that we are very concern about are user privacy and very strict regarding their data.
Also if you look at it the other way, you can wright an email with whatever keyboard you like then send it via Gmail that officially state that its learn YOUR data (or WhatsApp, Viper, Skype…. They all have access to your data)
Any way as I say before next version will give the user the option to use only local services, and keep is data local only."
Let this serve as a wake-up call to both users placing trust in the cloud and developers who don't utilize even the most basic security and privacy standards (hey, https would have been nice).
Remember, all cloud services are not created equal. I hope for their sake that A.I.type fixes this blatant disregard for privacy in the near future, and as for the rest of you - you've been warned.
Click to expand...
Click to collapse
Source
I just read this article.
Security Advisory: A.I.Type Keyboard Sends All Your Keystrokes To Their Servers In Plain-Text - Sometimes You Can't Trust The Cloud
Posted by Artem Russakovskii in Applications, News
One of the features that really differentiates Android from other mobile operating systems is the ability to install a custom keyboard that works for you. I constantly keep jumping between a variety of keyboards as new updates come out (right now I've settled on SwiftKey due to its unparalleled prediction technology), but when some of our readers pointed out A.I.type Keyboard's "psychic" word completion, I had to check it out.
However, what I found in A.I. Keyboard's Market description prevented me from even installing it - all smart predictions happen in the cloud, which means everything you type (or almost everything) gets sent over the data connection to their servers. You can turn it off - sure, but then you lose "psychic" abilities, which seems to be this keyboard's main selling point. I'm not even kidding about the "psychic" part - here's an excerpt from their Market page:
"Psychic word completions and predictions are generated by A.I.type’s servers on the Cloud. When the device is offline or Internet connection is too slow, or if you disabled Cloud-based prediction, word suggestions will be generated by the device only.
Privacy notice: while installing A.I.type Keyboard, you will receive a warning message about collecting sensitive data. This is the standard general-purpose Android message issued for any downloaded keyboard and it does not pertain to A.I.type. Our keyboard DOES NOT COLLECT YOUR SENSITIVE DATA."
Do I want a random company to know what I'm typing into every single text field (outside of possibly password fields)? Pardon my language, but hell no.
Oh, and about that last privacy part... A.I. Keyboard probably doesn't collect your sensitive data, but what it does do is send all those prediction queries over to the cloud in plain-text, unencrypted, for everyone on your local Wi-Fi network or anywhere in the request's path to see. Like so:
GET /beta081/cell/predict?i=T4420&l=Th&t= HTTP/1.1
Host: 72.26.211.90
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 21 Oct 2011 16:39:43 GMT
Connection: close
1d
Th;;the;they;this;there;that;
0GET /beta081/cell/predict?i=T4420&l=This+ke&t= HTTP/1.1
Host: 72.26.211.90
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 21 Oct 2011 16:39:47 GMT
Connection: close
24
ke;;knowledge;keeps;key;killer;kept;
0
Here, check it out for yourself: http://72.26.211.90/beta081/cell/predict?i=T4420&l=Android+Pol (you should see http:// and "Pol;;police;political;policy;politics;poolplay;" as the result).
Needless to say, the app went to the trash right after our tests were over.
When I brought up my initial privacy concerns to A.I.type's CEO Eitan Fitusi before even digging into this, he had the following to say (all spelling left as is, text in italics added by me):
"Hi Arten (that's not my name)
We here those concerning before and understand them, that why we work hard on our new local data model, that already available in the current version, We are going to release very soon a new version, that will have a setting for shutting down cloud support prediction, although the prediction quality is effected, it is still great, and as close as possible to the full scale prediction, what mostly damaged from lack of cloud is names, locations or other vocabulary that is domain specific.
This new version also including a new superior learning model that learn the user, and enhanced the predictioncorrectioncompletion quality based on the user writing style, names and unique words that's the users use, user model will be stored locally and won't sent data to the cloud at all.
Having say that, I know that it's not much, but I can assure you that we are very concern about are user privacy and very strict regarding their data.
Also if you look at it the other way, you can wright an email with whatever keyboard you like then send it via Gmail that officially state that its learn YOUR data (or WhatsApp, Viper, Skype…. They all have access to your data)
Any way as I say before next version will give the user the option to use only local services, and keep is data local only."
Let this serve as a wake-up call to both users placing trust in the cloud and developers who don't utilize even the most basic security and privacy standards (hey, https would have been nice).
Remember, all cloud services are not created equal. I hope for their sake that A.I.type fixes this blatant disregard for privacy in the near future, and as for the rest of you - you've been warned.
Click to expand...
Click to collapse
Source
Click to expand...
Click to collapse
What!!! I use ai type keyboard for everything, and I think this post is maybe correct cause when typing ai type shows a small refreshing symbol above where you type at right, maybe that means it's taking info from its servers. Ill switch to some other keyboard or maybe switch predictions off.
This post here is typed through ai type keyboard.
Edit: just checked, their is option to switch cloud based prediction off and it still works good.
Cloud based predictions are just more perfect.
hit thankxx if i helped. sent from my mind through telepathy (ya its possible)!
That's a little naughty, and the grammar and spelling leave a lot to be desired.
guys, fyi even the standard android keyboard has the ability to capture and record everything you type.
wmanyati said:
guys, fyi even the standard android keyboard has the ability to capture and record everything you type.
Click to expand...
Click to collapse
Yes, but they don't send everything you type unencrypted over your wifi network and then over the internet where anyone can sniff it out. I can't imagine how careless and sloppy those developers are.
I only use Swype, I never really felt comfortable installing other 3Rd parry keyboards from unknown companies because of this. I don't believe Swype does this, because for one it works fine offline, and I don't think major manufacturers like Samsung,HTC, motorola etc. would bundle it if there was such a big security hole.
PhoenixFx said:
Yes, but they don't send everything you type unencrypted over your wifi network and then over the internet where anyone can sniff it out. I can't imagine how careless and sloppy those developers are.
I only use Swype, I never really felt comfortable installing other 3Rd parry keyboards from unknown companies because of this. I don't believe Swype does this, because for one it works fine offline, and I don't think major manufacturers like Samsung,HTC, motorola etc. would bundle it if there was such a big security hole.
Click to expand...
Click to collapse
True, whilst data is sent unencrypted one thing we need to understand fully is that android devices are inherently insecure. Encryption, is just the tip of the security iceberg.
For a start, typically on android you sync your contacts, messages, apps to google. Google knows where you are ALL the time regardless of whether you turn location on or off. google can remote-wipe your device, ask the guy who got a Nexus S with ICS
There are a number of apps we install/uninstall on a regular basis that have more permissions than they require and there are probably a lot that get taken off before they become public domain. I totally get that sending stuff plain text is BS. The points I'm trying to get across are
1) The Android platform is inherently insecure
2) Just because something is encrypted won't make it more secure. There are various points for security to fail for example the the thumbs behind the message is a point of failure as is what happens within the cloud.
Also bear in mind that from the guys providing the service encryption could be a pain as it would slow down their service which would impact the end user.
its an interesting one.....
hey guys am noob at here.. i just wanted to ask if am not using prediction is my privacy secured ?
Salim.Keady said:
hey guys am noob at here.. i just wanted to ask if am not using prediction is my privacy secured ?
Click to expand...
Click to collapse
Secured? Nope, its not just the keyboard, the moment you use a smartphone, you have lost your "privacy" and have been "tagged" enjoy reading [INFO][Who is Spying & Monitoring you] Google removes privacy feature from Android .
Check this out! Links to useful Guides and " Banned " Documentaries
undisclosed permissions
NEWB HERE
I learned they keep most of the worst permissions undisclosed by the app store with the code: android required "false"
I have tried to edit the android manifest but could not repackage.
If there are any developers who can take a stab at modifying this app and removing all the bad permissions, C2D stuff, and the XML strings and then post it on XDA, that would be so nice because this is an otherwise great app.
---------- Post added at 05:13 PM ---------- Previous post was at 05:06 PM ----------
[/COLOR]
bhu1 said:
what!!! I use ai type keyboard for everything, and i think this post is maybe correct cause when typing ai type shows a small refreshing symbol above where you type at right, maybe that means it's taking info from its servers. Ill switch to some other keyboard or maybe switch predictions off.
This post here is typed through ai type keyboard.
Edit: Just checked, their is option to switch cloud based prediction off and it still works good.
Cloud based predictions are just more perfect.
Hit thankxx if i helped. Sent from my mind through telepathy (ya its possible)!
Click to expand...
Click to collapse
just crack this app open and see for yourself. They are spying on you and saving your data to a cloud!!!!
this is an old thread but I also have some weird experiences with this app. It was my favourite key. app for a few years but I don't use it anymore. One day I wanted to write a comment on some forum, but when I started typing, suddenly everything I was typing on my phone during last few days appeared in the comment section.
Related
Since we have all been having fun watching the stock market recently, I decided to write a quote/chart app, using the style of that fruity excuse for a phone as a springboard. So I present for your enjoyment an app called "Ticker Tape".
Notes:
Requires .Net CF 3.5
See the 2nd post for revision history and features.
Please read the FAQ and the planned Future Features - your question or suggestion may already be there.
See this post for a version translated into Russian. Resource files will be supported soon for translation into whatever languages you want.
As always, your thoughts and bug reports are appreciated!
UPDATED Nov 24, 2008 to version 0.5.1 (see next post for revisions)
To Avoid Losing Your Custom Lists:
The install might overwrite your data file. If you want to keep your existing lists, make a copy of TickerTape.dat before installing, and copy it back after installing.
Many thanks to those who have donated to this project!
:: dlugo, Tazkika, pwhooftman, mhoesch, 69alfa, romant,
:: fryman, ld-runner, zcai2672, rspman, vadim_bogaiskov
:: Sperbs, arcsvibe, klassej
Your continued support might inspire me to actually finish it.
.
Features
Create and edit ticker lists
Download quotes and charts for the symbols on your lists
Show charts for period ranging from 1 day to 5 years
Show charts in line, bar, or candlestick format
Show chart fullscreen
Completely touch-friendly
Scroll through lists and tickers using touch screen buttons, gestures, or D-pad
Set the download (refresh) rate from 5 seconds to 30 minutes, or Never
Settings for download behavior, and chart caching
Integration with AppToDate for automatic updates
Note: "Compare To" will be expanded later so you can get charts comparing any tickers.
FAQ
Can you add the ^XYZ index and the XYZ stock to TickerTape?
NO. The data is downloaded from Yahoo, because it is the only free service I know of. If Yahoo doesn't have it, then I'm sorry, but there's nothing I can do about it for this app.
The data is not scraped off a web page, so sites that display the data you want (even Yahoo's own real-time quote pages) are not useful to Ticker Tape.
Yahoo (and therefore Ticker Tape) has information for a lot of the world markets, but there are some markets it does not provide. Again, I'm sorry, but that's just how it is.
How do I get quotes for Company X?
Find the ticker symbol here, and add it to Ticker Tape.
I added a ticker, but there's no data. Why?
You probably need an exhange extension at the end of the ticker. Find the correct ticker symbol here.
Where can I get a list of indices?
Here for US indices, or here for major world indices.
Where can I get a list of currency exchange symbols?
Here
How do I get the price of Gold, Crude, Lean Hogs, and other commodities futures?
Use the symbols found here
What stock exchanges are available in Ticker Tape?
A list of them is here.
How long are the quotes delayed?
This depends on the exchange. The delays are listed here. Most indices are real-time.
How much data is downloaded?
Quotes: ~80 bytes per ticker (~480 bytes for a full list)
Charts: ~2.5KB each
Can Ticker Tape do [insert feature here]?
Yes, of course it can. The next version will do your laundry too.
I installed it on my non-VGA device, and it looks funny.
Ticker Tape was initially designed for VGA. This *is*, after all, a forum for Diamonds. The latest version has been tweaked to support QVGA, but there might be some areas that still need work. It does not and will not have support for square-screen devices.
Future Features
Custom symbols for "Compare To" charts
Implement settings for download rate in off-market hours
Search feature to find ticker symbols
Adjust times based on regional settings
D-pad navigation in menu and other places.
Ability to rearrange/insert lists and tickers
Advanced ticker properties, such as notes, held positions, and alarms
Ability run in a TF3D tab - THIS DOES NOT SEEM TO BE POSSIBLE AT THIS POINT - See this post
More adjustments for non-VGA resolutions
Import/export lists
Revision History
Version 0.5.1 - Nov 24 2008 (minor update)
Added swipe (gesture) to switch between lists.
Added Exit button to menu.
Changed application icon.
Tweaked menu item borders to look better.
Rearranged menu a little to accomodate more items now and in the future.
Version 0.5 - Nov 9 2008
Optimized menu for speed.
Implemented settings for download behavior and chart caching.
Replaced price change calculations with downloaded values.
Tap chart to show fullscreen.
Some tweaks for various resolutions.
Version 0.4 - Nov 4 2008
Fixed the keyboard issue.
Fixed a problem where ticker data was not displayed when the previous closing price was not available.
Fixed the percent change calculation.
Added support for 3 decimal places.
Enabled comparison charts (limited ... this will be explanded later).
Other minor UI tweaks
Version 0.3 - Nov 2 2008
Enabled use of D-pad for naviagation on main screen
Fixed numeric displays for various regional settings
Added integration with AppToDate
Fixed issue with (some?) tickers that are reported in non-US currencies
(NOTE: the above fix should take care of all the crashes reported so far, as they were all related to the issue of either non-US currency, or symbols that weren't found)
Changed application icon (happy now th1nm1nt? )
Other minor UI tweaks
Version 0.2.1 - Oct 31 2008
Enabled everything except "Compare To" and "Settings"
Bug fix when adding symbols that don't exist
Version 0.1 - Oct 31 2008
Initial "concept" release
keep working... I have faith
GeckoDev, I'm still waiting for a decent stock app and this looks very promising. I'll be an avid supporter if you keep developing.
My only suggestion, and you've probably already thought of this, would be to include enough options in settings for what happens over the data connection based on the usage of the app.
For example: have checkboxes/choices in settings for options like such as:
-Continue streaming in realtime when program is minimized
-Prompt user that data is still streaming when program is minimized or unfocused after: (then add choices for 30 sec, 1 min, 2 min, 3 min, etc)
-Do not download any data when program is minimized
-Only update manually
-Update every: (choices of times)
You get the idea, something like that. The point being that those of us that don't have unlimited data connections, warnings and settings should be there to prevent accidental overages of data usage. A streaming stock app would be a very easy app to end up forgetting is on and using data and causing overages, whereas at least with a broswer, you're most likely eventually just going to end up parked on one page with no further data being streamed, if you accidentally leave the browser open.
It seems great, I willing to wait for this.
very nice, looks good as a start
will be following this thread
exactly what I was looking for.
Thanks
stpete111 said:
-Continue streaming in realtime when program is minimized
-Prompt user that data is still streaming when program is minimized or unfocused after: (then add choices for 30 sec, 1 min, 2 min, 3 min, etc)
-Do not download any data when program is minimized
-Only update manually
-Update every: (choices of times)
Click to expand...
Click to collapse
I like those options. I had planned on the last two already, but the first few for what to do when minimized are great ideas.
And here I thought I was taking a day off ...
I have been searching for a suitable charting program for over three years. I have tried them all and consider all of them unsuitable. I have had to make my own local HTML files with links to www.stockcharts.com/avantgo mobile charts to deal with the shortcoming.
This Apple-like program would be awesome. If you put this on Handango, I would buy it.
Recommendation: as a first attempt, you could do a lot worse than the Apple interface, so I say stick with it for the first version.
Are you using Yahoo! data for this? I prefer Bloomberg, but Yahoo is OK.
nosro said:
Are you using Yahoo! data for this? I prefer Bloomberg, but Yahoo is OK.
Click to expand...
Click to collapse
Yes, Yahoo is the only free feed I know of. The Bloomberg feed costs several thousand in subscription fees. Some apps out there screen-scrape to get their data, but I think that approach is prone to error, so I'm just getting the raw data, which is why it downloads so few bytes.
The problem with the Yahoo feed is the delay, even though I'm telling it to send me real-time quotes. It appears to ignore that part (except for indexes). Does anyone know of a free feed that provides real-time data?
Yes, this is fantastic. I think MSNBC has a feed, but not sure of how interactive it is (think I read that somewhere from a developer). Very pleased with the appearance, and look forward to customizing to my portfolio.
FYI...I selected "This is amazing" in your poll, and not the second one. I felt it unfair to send you half of my gains since you're not willing to take half my losses (down 56% in the last 45 days...UGH).
Your application looks fine
Great job. It's a pre-pre-pre version and needs a lot of development but it looks fine ;-)
looks great! will love it!
Very cool app, would love to see this go further
GeckoDev said:
Yes, Yahoo is the only free feed I know of. The Bloomberg feed costs several thousand in subscription fees. Some apps out there screen-scrape to get their data, but I think that approach is prone to error, so I'm just getting the raw data, which is why it downloads so few bytes.
The problem with the Yahoo feed is the delay, even though I'm telling it to send me real-time quotes. It appears to ignore that part (except for indexes). Does anyone know of a free feed that provides real-time data?
Click to expand...
Click to collapse
I don't know of any that are free unfortunately. All the services want "power-trader" subscription fees to be able to get true realtime. If anyone finds a true free realtime feed, let us know!
In the meantime, a delay is fine with me since I won't be making spot trading decisions based on what my phone is telling me at any given second.
I have just updated the cab to version 0.2 -- you can now edit the quote lists and set the download rate!
Check the first post...
this is so great, thank you so much for your work, i have been waiting for something like this for a long time. and it's so easy on the eyes.
very nice apps, need to add some error handling in case of wrong symbol, the app just crush.
thanks,
argov said:
very nice apps, need to add some error handling in case of wrong symbol, the app just crush.
Click to expand...
Click to collapse
Oops! It's fixed now.
This program is amazing. I like it very much.
Just some ideas for further development.
1. Please add an "exit" command. I don't know how to exit this program.
2. For the updates, please add a timer on it since market time is only from 9 to 4pm.
3. can you make it response to direction keys?
Thanks.
Speech to text is an awesome gadget for SMS and emails but it's really annoying that it needs internet connection making things even slower than typing. Is there a way to bypass internet requirement? I mean like a language pack that we can add in the SD card
vegetaleb said:
Speech to text is an awesome gadget for SMS and emails but it's really annoying that it needs internet connection making things even slower than typing. Is there a way to bypass internet requirement? I mean like a language pack that we can add in the SD card
Click to expand...
Click to collapse
nothing i have seen, and i have looked because i have also run into this restriction as well. but i am 1+ for this also because it'd be nice. plus i think sometimes it depends on your connection for the quality of voice transmitted.
when i am running HSDPA usually 90% of the transmissions are accurate, vs EDGE only about 70% of the voice transmissions are accurate. It's still a high rate but, back to the subject, I would also like to see this
I don’t think you will get this from Google and you won’t get the currently integrated speech recognition to work without a net connection. Their whole idea for speech recognition (and translation) is a “cloud” model with lots of computers across the world doing the leg work and basically brute forcing an answer. They are quite proud of it as it builds on their index technology which they have used from day one.
I read a news article on it however I am now unable to find it, sorry.
If your looking for local translation you are into third party stuff. I don’t know of any personally.
Open to correction if anyone knows better?
I though it's like predictive text, a sort of words database on the google server that they update every week, and so could be packed up as language pack.
Perhaps they could give us the freedom of building our own words database, it could take us time but would help alot, I remember the voice calling function that SE had in very old models...
I though it's like predictive text, a sort of words database on the google server that they update every week, and so could be packed up as language pack.
Perhaps they could give us the freedom of building our own words database, it could take us time but would help alot, I remember the voice calling function that SE had in very old models...
Click to expand...
Click to collapse
plus i want to be able to say curse words. i dislike the fact that theyre blocked
For a hearing impaired person like myself, a speech to "text without network" has become a real search. I have been trying to find out how large a system one would need to install the kind of programs like iMac Dictate, or naturally Speaking 11 on a device like an iPad or equivalent device.
At home, I have a CapTel800i, which displays text for speech, but needs to be connected to the Internet and phone line. I need something to carry around with me to be able to communicate away from networks, WiFi, etc.
It should be possible to have a dedicated device with Dictate installed to do the conversion locally!?!?
zachthemaster said:
plus i want to be able to say curse words. i dislike the fact that theyre blocked
Click to expand...
Click to collapse
So disable the block then..?
zachthemaster said:
plus i want to be able to say curse words. i dislike the fact that theyre blocked
Click to expand...
Click to collapse
As the other guy said, just turn off the bad words filter.
We really need to rally and get Google to fix some major issues with the Android OS. If Android is going to be truly universal and be able to compete, and beat Apple, it needs to at least be able to do what it can do. Please read: http://claar.org/blog/?p=180 and call, email, post, blog, whatever you can to get Googles attention on these issues.
And thank you for your support.
P.S. Pass this url on to every android user you can.
http://claar.org/blog/?p=180
Sent from my ADR6300, not my wife's iPad...
You have a legitimate argument but those items you listed are never performed by me. =[ Sorry. Everything I need done, works. =]
[ Sent from an LG Optimus V ]
Android still has a way to go before being all things to all people. It has the potential though so i'm sure we'll see improvements in the areas where it's currently weak.
Nice write up though. I hope these issues are resolved for you soon.
Write your congressman. Attend your local PTA meeting.
Don't gey me wrong, I love my Android phone, just saying that Google is missing the boat on the Enterprise side of things. Used to have an iPod touch that worked flawlessly on our corporate intranet, can't say the same for my dinc. As the workforce continues to become more mobile, they'll be carrying iPads instead of Xooms or Galaxy tabs.
Sent from my ADR6300, not my wife's iPad.
are there really people who use android's and ipad's/iphone's for work???
o-o?
id rater use a PC or laptop. but yha.
think all the company's want to be cool?
i cant go suport this.because my android does what it needs to do.
remember. smartphones and tablets aren't pc's,so they shouldn't do the work of a pc.
ghost010 said:
are there really people who use android's and ipad's/iphone's for work???
o-o?
id rater use a PC or laptop. but yha.
think all the company's want to be cool?
i cant go suport this.because my android does what it needs to do.
remember. smartphones and tablets aren't pc's,so they shouldn't do the work of a pc.
Click to expand...
Click to collapse
Why shouldnt they? Why should they have limitations. I say the more capabilities the better!
Universally, I don't understand Googles LACK of contact and attention to it's customers. Like most people are aware that e-mailing google is a complete WASTE OF TIME. I'd love to meet someone who has yet to actually get a meaningful response from google. I understand that they are a HUGE company and can easily get overwhelmed by emails, but the complete lack of response in general is UNACCEPTABLE. Why do they act this way, ESPECIALLY to their customers? Eitherway, they should respond in some way to all emails, understandable for free products, but for PAYING customers like us Android users, should get a response.
Google is worse than Sprint when it comes to response. I don't get it or understand.
I'm an IT Director for a medium sized medical manufacturing company and I've been testing ipads as a laptop alternative for our salesforce, and I have to say, I would be absolutely pissed if I had to use an ipad(or any tablet for that matter) for work.
Don't get me wrong. They work. But do you want to do all your work on them? HELL NO.
I have a remote desktop app on my mytouch 4g and I use it every now and then when I need to fix something or get onto the server for any reason. That doesn't mean I'm going to ditch my computer because my phone is capable of doing something my laptop does. Tablets, smartphones, mobile devices in general...they should be used to supplement computers, not replace them.
And as far as google 'not listening to their customers', you obviously haven't been on any sort of development team before. Especially not one that had any sort of fast progress. I don't know if you've noticed, but chip manufacturers have released dual core mobile cpu's. So google can either work on your vpn problem and appease a small number of enterprise users(people who will actually use a vpn on their phones), or they can concentrate on optimizing their code so it will work well with the next generation of hardware. They're obviously going to concentrate their manpower(or womanpower) on development for next-gen hardware. If the support ticket exists, they'll work on it. But there are thousands of them, and people need to realize that just because it's important to you specifically, doesn't mean it's an important problem. VPN access doesn't effect the overall functionality of the os during normal use, so it's going be put on the back burner, that doesn't mean it won't be fixed.
And whoever said go to pta meetings, PTA = parent teachers association. Good luck getting heard there.
While on the subject of fixes, I'm more concerned about linked market data and being able to transfer purchases to different accounts. I.E. switching from a google apps account to a gmail account. Also, the 'master account' crap. There should be a way to change which login you use to connect to gtalk and the market without having to reset your device to factory. That just sucks.
LOL, I used to get those "wake-up" calls from the 3rd shift platform operators. I got my butt out of bed, got on my PC and fixed the problem or marked it "next day" and fixed it when I got to work.
I can't see using a phone's screen size to debug a couple hundred lines of JCL or batch COBOL program Not to mention, I was usually talking to the operator at the same time I needed to see something on the PC; very hard to do with a phone.
Can it connect to Microsoft's pptp? Yes - http://www.techrepublic.com/blog/smartphones/connect-to-a-pptp-vpn-from-your-android-phone/2145
problem 1. You can connect to a proxy (unless i'm not understanding your complaint) There's Proxy options under the settings menu.
Problem 2. I've noticed this but apparently some 3rd party browsers can do it.
Problem 3. Not sure about this one, but i connect to many different networks (public, domestic and at uni) and have never had a problem like this.
What you're saying is that you have various problems that the vast majority of people will never experience and you are wondering why Google aren't dropping everything to fix it immediately? These problems (to me at least) seem incredibly minor.
kccasey said:
Universally, I don't understand Googles LACK of contact and attention to it's customers. Like most people are aware that e-mailing google is a complete WASTE OF TIME. I'd love to meet someone who has yet to actually get a meaningful response from google. I understand that they are a HUGE company and can easily get overwhelmed by emails, but the complete lack of response in general is UNACCEPTABLE. Why do they act this way, ESPECIALLY to their customers? Eitherway, they should respond in some way to all emails, understandable for free products, but for PAYING customers like us Android users, should get a response.
Google is worse than Sprint when it comes to response. I don't get it or understand.
Click to expand...
Click to collapse
Because they already have your money, therefor they could care less. And they will continue to get your money, his money, her money etc because they make a product and provide a service that we all have come to rely on. They've got the hook set, you can't break free and they can let us dangle as long as they want.
But maybe the combination of google, samsung, and verizon has destroyed my outlook.
Samsung Fascinate
Frankenclean 2.8
EB16-ish Voodoo Kernel
Mob87's Honeycomb theme
Sent from XDA Premium App
I think many of these issues will take a long long time to see resolved.
You need to consider what motivates google RE Android. Hint: It is not paying customers.
Thing is, normal market forces are not at work in the Android space. This is
my BIGGEST issue with Android.
@andmiller
You don't think your needs are most important ones, do you? There are many, many things to do, not only these mentioned by you.
For me your "This is Important" bugs are minor. Actually I didn't know about them to this time. I care much more about NDK APIs, performance and UI improvements and this is exactly what Google does.
Also there is one good reason to focus on new APIs, standard libraries, developer tools, etc.: Google is only one who can improve them and sooner is better. They could fix bugs at any time, they could also port them to older versions of OS. But if they add new API, it will take some time for developers to use it, because new API won't be supported by most of devices. So it's much better to work on a new features first and fix minor bugs later.
BobPaul said:
I think many of these issues will take a long long time to see resolved.
You need to consider what motivates google RE Android. Hint: It is not paying customers.
Thing is, normal market forces are not at work in the Android space. This is
my BIGGEST issue with Android.
Click to expand...
Click to collapse
You have got that completely backwards. Iphone is not normal market space. Each manufacturer running android os have to set themselves apart from each other, hence skinning the os. If customers demand, need it, it will get fixed or innovated.
Apple controls all, What they say goes. Example: no flash, theming....
Amazon drops their android app store on tues. Why, market forces.
Sent from my SGH-T959 using Tapatalk
hey dude most of those issuses were fix sort of well i wouldnt say fix because google came out with a whole new O.S. most of ur issuses hav been resolved in the honeycomb os and greater but u dont need a fix u need a app that can handle what u need
> Can it connect to Microsoft's pptp? Yes - http://www.techrepublic.com/blog/sma...oid-phone/2145
No, or at least, not for several hundred people at least, some who have even provided logs of both sides of the conversation. Some bug comments are from companies, representing complaints from their customer base, so it is probably more. I could write an article that shows how to do it, too, but that doesn't mean that I've tested all combinations. If the author's VPN was not encrypted, he wouldn't have seen the problem, and--since his connection worked, and there's that encryption checkbox--he might have just assumed it worked. He might have even tried it: You can connect with encryption, you just can't stay connected for any length of time.
> problem 1. You can connect to a proxy (unless i'm not understanding your complaint) There's Proxy options under the settings menu.
I can manually set a proxy, although there are reports that this is not a standard part of android, but a value-add by the phone mfr. A third-party program could perhaps recognize which WAP I connect to and set values accordingly, but only if I want everything to go through the proxy, and not just some things. That would have worked at HP, but my ulterior motive is to proxy a specific blocked port so that I can pop my email to my wifi tab. OK, I'll admit, my actual reason isn't a compelling case for Google! ;-)
> Problem 2. I've noticed this but apparently some 3rd party browsers can do it.
I'm not surprised that some clever programmer patched around the breakage, but it needs to be solved generally. Really, this and VPN are the most important issues for me.
> Problem 3. Not sure about this one, but i connect to many different networks (public, domestic and at uni) and have never had a problem like this.
You have never had a problem like this that you know of! Most folks have been bitten by this when the run into a place with short leases, and only find out--if they do--by accident, since most places don't check for violators.
Other comments
For the person who asserted that these are fixed in the latest release, that doesn't appear to be the case, according to the bug reports.
Are there really people who use their portable device for work? Not if it is android-based! (I know, cheap shot, but--for many of us--a true statement).
I have a galaxy tab. With working VPN and ssh, I could login and do a simple database change "echo blah blah blah|mysql", restart a job, whatever. I'm not going to write a couple of thousand lines of code, but I might look at a couple of thousand lines of a log file! Instead, I have to fire up the PC, which means I have to be around the PC, and I'd rather have the freedom of mobility.
A little intro:I spent a lot of time with malware on windows and which apps/settings can actually protect you. By working with malware you also get a lot of background info on how people / companies / governments can steal your privacy from you and how to protect yourself against it. When I decided to care about all that, I noticed that a lot of "security forum experts for PCs" have no clue about Android and its risks although probably the same if not more data is stored on our phones than on our PCs. So I decided to do some background research, worked with Android malware and played around with the different ways and options that can protect your security & privacy.
When I am looking for a security setup then I want one that is reliable & easy-to-work-with but also lightweight on the system. I don't want my security setup to cripple down my system.
I have done similar guides for Windows and as I haven't seen anything likewise for Android I thought I would give it a go.
What can you do to protect your security & privacy:Security - Firewall: To block incoming / outcoming traffic per app or per IP/DNS/Port. Can drain the battery and be a pain to configure on Android.
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Security - SuperSU: To actively manage which apps will get "unlimited" root access.
Security - Password manager: Use a password manager for all your passwords. Built in password managers (e.g. browser, ftp, mail ,etc) aren't really a save solution (even with the so called "master password"). Apps like KeePass offer a lot more than just having all your passwords stored safely. It lets me open apps + automatic login with just 2 clicks (e.g. FTP, SSH, Mail, Browser,...). It let's me create unique password so that I won't be using the same password on all websites. And there is still a lot more.
Security & Privacy - DNS: Change the DNS-Server you use to something like NortonDNS which will protect you from malware/phishing sites as well as semi-bypass the tracking of browsing behavior by your phone/internet provider. The DNS provider/resolver that you use (usually your phone/internet provider) will transform the domain you want to access into the IP adress of the desired server (the one which hosts the website you want to visit). This means that what ever domain you are going to browse will be transmitted to your DNS provider... so choose one carefully ! Also the better the connection to your DNS provider is (and the better the providers connection to the world-wide-web is) the faster your domain requests will be processed.
Security & Privacy - VPN: An easy way for attackers in your network (especially open & free wifi's) to steal data from you are MITM (Man In The Middle) attacks. They can modify SSL certificates which means even using HTTPS might not always be safe or simply read your network activity (such as logins which includes accounts + password). By using a VPN all the traffic that leaves your device will be encrypted and routed directly to a safe receiver which means no one can interrupt your traffic and sniffs (read) it.
Security & Privacy - SSH-Tunnel: Using an SSH-Tunnel has pretty much the same effect as using a VPN but the difference is you have to configure each app that you want to use the SSH-Tunnel. I prefer this method on Windows as I can encrypt only the traffic of my browser/mail/communicator while playing games or other apps will use the non-encrypted (and often faster) internet connection. Sadly there is no app on Android that in my opinion works flawlessly as SSH-Tunnel client.
Security & Privacy - Adblockers: We all know adblockers. They block ads and trackers to protect your privacy and some of them (e.g. mdl-malwaredomainlist) also protect you from malware & phishing websites.
Privacy - App Ops: App Ops or similar apps let you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
Privacy - Android 5.x disable allowed certificates: Every website and every (good) app will have a certificate that Android and also AV's check online to see if the website/app is trustworthy. Out-of-the-box Android allows many questionable certificates from governments and companies that might sell their certificates to websites/app that are not so trustworthy. Since Android 5.x you can remove/add certificates to disallow governments or companies that sell their certificates to questionable websites/apps.
Privacy - Encrypt your phone: By encrypting your phone you ensure that no one who finds your phone will be easily able to read anything saved on your phone. Not even by entering the recovery mode. It may slow down the performance a bit and increase battery drain slightly, but for me (Nexus 6) I had no troubles so far.
You can make that list longer by using only secure apps for communication (e.g. encrypted chats with Telegram or using Firefox and add-ons such as HTTPS-Everywhere) but I think that is more advanced and takes away the freedom and choice of readers/users. So I will stop here as I think I have covered the basics and most important things.
Which setup should you choose?Well first of all I recommend using only apps/services of companies that you can trust. E.g. companies that exist for a long time but haven’t done any questionable actions in the past. I have been a long-time-user of Comodo but looking at what Comodo has allowed itself in the past made me choose something different. On Android a good example are sms/call blockers. There are many options to choose from for example one is produced by a company named "NQ Security". Now do your google work and you will find some details that either makes you think of this company as trustworthy or not. Or maybe there are other companies with the same product which you would rather trust?
One thing to notice is that in the end your setup should cover most if not all aspects that I have mentioned above. Now you can either choose to use many different products (e.g. if they are free) or use on paid solution that covers everything at once. In any case, don't forget about stuff that might get installed but be useless to you. E.g. at some point I found my setup to have 3 different call blockers and 4 different sms blocker installed.
I have made a list of a few picks that I would recommend:
Must-HaveSuperSU / Rooted device (Click for Google play): 99% of all apps & configurations listed here will need your device to be rooted. Also SuperSU gives you a good overview about which apps have root access and is a good tool to configure those apps.
Override DNS (Click for Google play): It automatically changes the used DNS Server for 2G/3G/4G/WIFI to whatever you want (e.g. NortonDNS which has malware & phishing protection but also is one of the fastest DNS providers available world wide). Currently it is the only app that works with Android 5.x.
AdAway (Click for download link): Lets you block ads, tracking, malware and phishing sites. I recommend the standard sources + www.malwaredomainlist.com/hostslist/hosts.txt
App Ops (Click for Google play): App Ops lets you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
KeePass2Android online/offline (Click for Google play): KeePass2Android comes as two different apps that you can choose from in the GooglePlayStore. One supports online syncing via various services so that you can sync your password database on all your devices (Android, Windows, OSX, Linux, iOS,... ). The other option is called "KeePass2Android offline" which completely removes all features that would require an internet connection. The App doesn't even have permissions for internet connections ! If you don't know KeePass, it is one of the oldest password managers around. It is opensource, has a lot of plugins and the leightweight but feature rich app supports nearly every device & operating system. On Android you can even log into websites from the browser via KeePass2Android by clicking -> Share -> KeePass2Android -> Log into your database -> it will automatically get the right login data for the website you are currently browsing and pastes it into the login fields. My personal setup: KeePass2Android offline with another syncing/backup app that will sync my passwords via my own server. On my laptop I use KeePass with a plugin which replaces my browsers built-in password manager with KeePass.
GSP - Good Security Practice (Recommendations)Disable untrusted certificates (Android 5.x) (Mozilla Firefox list of allowed certificates): Use a source you trust and check what certificates they usually allow in their software (e.g. Mozilla Firefox). Then check that with what is enabled in your Android's security settings and disable whatever Android has enabled but e.g. Mozilla Firefox doesn't.
A very recommended app is "Trust Manager (Click for Google play)" by Bluebox. It lists all certificates on the phone and sorts them by categories which makes it easy to disable all untrusted certificates within two clicks.
Encrypt your phone: Enable encryption of your Android device.
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
VPN if you use public WIFI: I also recommend the use of a VPN from a trustworthy VPN provider. They don't cost too much and improve your security & privacy on public wifi a lot. Avast offers a great VPN service. Actually their app makes their services superior to me comlared to other VPN providers and apps. You might want to try the Avast VPN 14-day-trial.
Firefox (HTTPS-Everywhere + Adblock Edge) > Chrome: Firefox seems to be the winner in terms of privacy and security. But on my system Chrome is a lot faster than Firefox.
TextSecure > Telegram > WhatsApp > Facebook: Telegram was my favorite choice until @muppetmania and @bmstrong informed me about flaws and trust issues with Telegram. Instead it is highly recommended to use TextSecure. It is available on iOS and Android. Feature wise it might not be as good as Telegram (e.g. missing desktop client for windows/osx/linux) but I believe that this is a fair trade for privacy.
The bottom line
I tried to give a little overview of what kind of protection is available and what it does. I also added my choice of tools which will provide you with protection. It is up to you to decide whether it is useful in your case (based on your phone-behavior) and if you are willing to pay money for it or rather use free services. I will gladly help you with any questions or configuration/setup related things. Please let me know if you have any suggestion or corrections so that I can improve this thread !
Useful resources / links
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
https://youtu.be/seNHe5oMquw
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/
https://securityinabox.org/en
http://www.infoworld.com/article/29...managers-for-pcs-macs-and-mobile-devices.html
https://www.reddit.com/r/trackers/comments/30xtk9/trackers_security_and_you/
AV tests & comparisons:
http://www.av-test.org/en/antivirus/mobile-devices/
http://www.av-comparatives.org/mobile-security/
Thanks to:
Yuki2718 @wilderssecurity.com for teaching me a few things
@bmstrong for useful links and suggestions
@muppetmania for pointing out flaws and trust issues with Telegram !
Changelog:
01.08.2015 - Removed Telegram and replaced it with TextSecure
28.06.2015 - Updated useful resources & links
08.06.2015 - Updated useful resources & links
06.06.15 - Added "Trust Manager" by Bluebox to quickly and easily disable a punch of root certificates. Also added Avast VPN app
22.05.15 - Added a good link/explenation on non-trustworthy certificates that are installed on mobile devices out of the box ( https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/ )
18.04.15 - Added ressources for AV tests and comparisons
07.04.15 - Added more useful resources & links
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
10.03.15 - Added useful resources & links
06.03.15 - Added "password managers" and "KeePass2Android online/offline" as recommended password manager
01.03.15 - Added a more detailed description of DNS and why you should care about it
28.01.15 - Fixed typos and grammar
zakazak said:
Changelog:
28.01.15 - Fixed typos and grammar
Click to expand...
Click to collapse
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
bmstrong said:
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
Click to expand...
Click to collapse
Thanks, I might add those later but I wanted to keep this guide as "easy" as possible so that every "normal" android user could increase his security and privacy with simple tools in a short time. E.g. yubikey is awesome and a very interesting topic but not very handy for the average guy?
01.03.15 - Added a more detailed description of DNS and why you should care about it.
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Good suggestion, I have a few more and will add both (your link) and my stuff to the thread
KeePass2Android offline + KeePass on desktop + syncing via own server = win !
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Aaaaand it's done ! Added password managers to the OP.
zakazak said:
Aaaaand it's done ! Added password managers to the OP.
Click to expand...
Click to collapse
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
bmstrong said:
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
Click to expand...
Click to collapse
bmstrong said:
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
Click to expand...
Click to collapse
Thanks ! I added all the links to the OP and mentioned you for giving such great feedback and suggestions
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
bmstrong said:
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
Click to expand...
Click to collapse
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
zakazak said:
10.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
Click to expand...
Click to collapse
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
bmstrong said:
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
Click to expand...
Click to collapse
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Utini said:
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Click to expand...
Click to collapse
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Cyclu said:
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Click to expand...
Click to collapse
You are right, XPrivacy seems to be a really nice tool but I haven't been able to try it myself (as it is not compatible with Android 5.x) which is the reason why I haven't added it to the list yet
I might give it a try on my Nexus 4 with Android KitKat !
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
bmstrong said:
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
Click to expand...
Click to collapse
Once again thanks for your input. I added them to the OP but I am still really busy with my job/reallife. I hope I can improve the OP soon.
Question about choices
Utini said:
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
Click to expand...
Click to collapse
Hi, I've been juggling this question for a few days now and I'm hoping you will have an answer to assist me. First, I have read your post and this is absolutely what I have been looking for for the past few weeks. Thanks has been given and I hope you keep this up. Second, I read the wildersecurity link but still do not have an answer to this question.
Why choose ESET Premium over BitDefender. Can you tell me what one offers that the other doesn't? I've been leaning to BitDefender only because I have and use an Android Wear device. Again, thank you for any assistance or time.
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
peachpuff said:
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
Click to expand...
Click to collapse
Well, blame them both. Samsung is knowingly 'accepting' the Google 'flaw' on it's phone. So Samsung is also culpable.
Talk about an Over the Top Melodramatic 1st post!
Stay off the internet - Get rid of your Smart TV - Live in a box... SMH
Sent from my SM-G955W ??
Niccolò Paganini said:
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Click to expand...
Click to collapse
I wouldn't worry about it the NSA and Google already know everything about you.
without permissions 99% of your apps won't work. want to stop tracking ?dig deep into your account, real real deep to cut off a lot of privacy issues
then when you have time, google your name
pltctytc said:
....then when you have time, google your name
Click to expand...
Click to collapse
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Gregzi said:
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Click to expand...
Click to collapse
Agreeing to ANY extent with the OP's RIDICULOUS and ABSURD post & a Thread Title that is Entirely Misleading and Uninformed!
While everyone is entitled to their opinion - This Thread & Particularly it's Title are perilously close to warrant being Reported to the Mods!
It's a simple process to Disable Background Data for each and every Application that you decide to disable in Settings - Apps - Permissions - Data - Background /Toggle Off.
I made reference to Smart TV's as they are constantly "listening" in order to provide functionality - Then there's Laptop cameras which could be equally used to "spy" on their users... Are we to disable the functionality offered by Ok Google - Which is also "listening" to provide the functionality that we have come to expect from our technology?
Two Tin Cans and String are the bastion of the Paranoid & Conspiracy Theorists.
Sent from my SM-G955W ??
**** this I'm going back to a Palm Pixi so the NSA can't spy on me!
What if.....
The NSA IS Google?!
Seriously? You're downloading things from F-Droid and Yalp and you're concerned with what data individual apps are sending? If you don't trust an app to have an internet connection, why on earth are you using it? If you don't trust the company behind an app to use your data appropriately, whey are you using that app? Do you shut off all data so your internet/mobile provider can't sniff out what you're doing? Tin foil is relatively cheap.
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Surely this is "the only reason", surely. I'll assume you have thought through the entire process of creating a mobile phone operating system as complex as Android, and also every detail involved in creating an application ecosystem that scales to millions of user created applications access by billions of people that worldwide probably generates over a trillion dollars in overall economic revenue (including employment by business built around it, advertising money spent, etc). Surely you saw a foolproof way too easily do all of this AND follow seemingly arbitrary privacy rules? You MUST have also COMPLETELY ruled out every other innocent explanation using this model, including showing conclusively that it wouldn't cause ANRs, app crashes, or anything else. Right?
You also have data showing more than just you would revoke this permission right?
Right?
Mr. Orange 645 said:
What if.....
The NSA IS Google?!
Click to expand...
Click to collapse
You mean you only just realised this NOW???!
I have to say, I'm always amazed how little people care about the spying that's being done through their phones. Saying "live in a box" or "just don't use the app" is a stupid response. You can still want to be part of society (which nowadays REQUIRES using whatsapp/facebook/google) EVEN THOUGH you're uncomfortable with the privacy implications. Someone acknowledging and being aware of this, and trying to improve upon it (or even simpler, just demanding improvements by the companies you pay a thousand dollar for a new phone) is often ridiculed as if it wouldn't matter, or people accept it as an something that is required for the systems we use. Social networks could work totally fine without being centralized, google maps doesn't actually need to send your location to google to function, and no app that i know of needs to send your usage of the phone to their company to do whatever it promises to do. Yet many apps do. It's not so much about that it is possible, the problem is that it is allowed. It shouldn't be allowed, much of the data collection should simply be outlawed. But, since hardly anyone seems to care, I don't see that coming anytime soon. I've tried to find people interested in this, but not even on reddit /r/privacy/ this seems to be a major concern.
@the_toast
There's a difference between being responsible for the amount of privacy you have and the amount of personal information that has already been made available... long before people were even aware of the amount of personal information that was already gleaned from the Products and Services that you have been using for years. To some extent trying to reign in your personal information is like closing the barn door after the horse is long gone.
The guy who originally posted this Thread is focusing his "panic" on one device and THAT is naive and Grossly Misleading!
Whether it's FB (which I don't use) or signing up for a Loyalty card - Your personal information is everywhere! Using common sense going forward is the only rational approach, but standing on an imaginary mountain top and shouting to the world that one device is "spyware" is ridiculous and deserves to be called out ?
Sent from my SM-G955W ??
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
MiMtnBiker said:
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
Click to expand...
Click to collapse
And if you Travel into the USA... Did you know THIS?
https://www.google.ca/amp/www.cbc.ca/amp/1.4494371#ampshare=http://www.cbc.ca/1.4494371
Sent from my SM-G955W ??
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
@the_toast
Many of the answers - including "live in a box" - "stay off the internet" were in direct response to the careless & irresponsible comments by the OP - like = like?
Not only your phone has the potential to gain access to your personal information - But your Laptop camera - Your Smart TV (that is "listening") But this technology is something that most people appreciate and expect their tech to provide them with the functionality that they want - Being aware of the capabilities of your Tech is prudent - being paranoid & frightened by it is just sad.
The issues of Privacy are extensive and if someone decides to pull on that thread - it's going to be never ending.
Common sense & being informed is the most appropriate way to go ??
Sent from my SM-G955W ??
the_toast said:
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
Click to expand...
Click to collapse
I'm afraid the only way you are going to change it is to completely get off the grid. Many people are oblivious to the fact that they are willingly giving up their personal information when they have their noses buried in their smartphones pert near all day. What's worse is that the politicians only seem to cater to the wealthy, and since they are salivating at the idea of getting their grubby hands on your info, this will continue. Unless there is a huge uprising and people assemble in protest of this, it will not stop. Heck, I don't even think it will stop, then. Nope, money is the reason as to why this won't change and, unfortunately, you have no say in the matter. Unless, that is, you do get completely off the grid.