NSA Releases "Security Enhanced Android" - Atrix 4G General

Now this I want to try!
http://www.xda-developers.com/android/security-enhanced-android-released-by-nsa/
Android may be secure enough for the average consumer, but it is hardly air tight. The National Security Agency (NSA) released the first version of their custom build of Google’s popular OS, called Security Enhanced Android. The system is designed to minimize the impact of security holes on Android. The SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps.
Specifically, Android SE aims to offer:
Per-file security labeling support for yaffs2,
Filesystem images (yaffs2 and ext4) labeled at build time,
Kernel permission checks controlling Binder IPC,
Labeling of service sockets and socket files created by init,
Labeling of device nodes created by ueventd,
Flexible, configurable labeling of apps and app data directories,
Userspace permission checks controlling use of the Zygote socket commands,
Minimal port of SELinux userspace,
SELinux support for the Android toolbox,
Small TE policy written from scratch for Android,
Confined domains for system services and apps,
Use of MLS categories to isolate apps.

Will take rims place in the army maybe.
Sent from my MB525 using xda premium

iammodo said:
Will take rims place in the army maybe.
Sent from my MB525 using xda premium
Click to expand...
Click to collapse
Maybe this will also push companies like the one I work for to allow us to access Exchange on our Android phones.

how would someone go about implmenting this into a rom? i havent got a clue on how to do anything of that stuff.

Has anyone tried to build this for the Atrix? If so, how did it work?

ecko19 said:
Has anyone tried to build this for the Atrix? If so, how did it work?
Click to expand...
Click to collapse
This is much more than a custom rom (which is a very incorrectly used term itself) build. It is the base operating system. If you just build this and put it on your phone, it will probably run, but it will not have any drivers for the Motorola ATRIX hardware. It's like if you just downloaded pure android gingerbread source from google and tried to build it and install to your phone.
Sent from my MB860 using XDA

Well I meant build it but overlay some of the Atrix specific libraries and such.

If it ever does go main stream Companies like RIM would need to go above and beyond to compete, becuase right now that cant compete with anything as far as productivity that android can or does already. I had a Black berry bold for work and i could not manage anything but my email really. were as on my atrix I full RDP and all kinds of server management not to mention the other boat loads of features.

US military is already rolling out Android phones for testing in the field and starting to replace BB phones with them.

Would xda community really want to get phones with this? Other than the challenge of it, I'd imagine it'd be a very tough one to root... let alone unlock a bootloader

I heard my old flight has replaced their blackberry's with another device already
#Magecca SGH-I717

Whenever I hear SELinux my sphincter involuntarily tightens... That thing is a royal pita.
I worked a job where we had to do it support for a bunch of Fedora iMacs; whenever something went wrong that wasn't user error, it was almost always SELinux policy getting screwed for some reason.
Also, would your really want your OS from NSA? Comes with convenient backdoor precompiled™

Related

SE Android - ROM for Thunderbolt

So it seems the NSA has released their source code for SE Android (previously they built SELinux as well). This is a more sandboxed and secured version of Android based on the work they did in Linux.
This is the basis for Government grade secure Android devices that they are intending to deploy.
The build instructions list using AOSP as the basis and building from there, as it's primarily kernel compiling. That being the case you could (theoretically) kang almost any rom by recompiling and repackaging. I have not released any rom's or anything like that, so this (for now) would be nothing more than a packaged release of vanilla AOSP + SE Android kernel. As I get my feet under me I might tinker with some customizing, but wanted to see if there was an interest, otherwise I will just knock it out for me and skip updating.
i'm interested to see what you can come up with. Develop is slow here so anything is greatly appreciated. I came from the hd2 and development there is still awesome.
Interested. Have any links for code information as to what they did to implement security?
Sent from my ADR6400L using Tapatalk
Sure thing:
Turd Furguson said:
Interested. Have any links for code information as to what they did to implement security?
Sent from my ADR6400L using Tapatalk
Click to expand...
Click to collapse
http://selinuxproject.org/page/SEAndroid
Looks like mostly they ported the SE linux stuff over.
I'm also interested in this, I'm planning on releasing a build of this spliced with CM7 on Rootzwiki, since nobody else had started it yet.
They've mostly only made the major pieces of SELinux working with the Android kernel, and have a few userspace modifications on top of that. It'd be alot more C/C++ work than Java I'm afraid if specific tweaks need to be built.
I'm planning on beginning work when I get back to the U in a few days. Will you have a repo we can pull from for building? I have distributed compiling capabilities and we're on a shared 300meg link, I can build/upload if you'd like from your base?
At a workshop I attended to present a research paper of my own back in October there was discussions of building hypervisors into Android to separate out normal app space & business(secure) app space such that even if you had an evesdropping bit of malware it couldn't listen in on the business phone app as it was separated from the normal app space where the malware would live. But tie that into a SELinux style android kernel would likely make it significantly more beneficial.
I wonder how hard it would be to put the two together? Or if SEAndroid would defend against such threats on its own w/ out needing to build in hypervisor level security as well? Guess it might be worth investigating but definitely interesting and excited to look at further. Thanks for posting!!
I'm interested!
I wonder if the CM team would consider merging this into their builds, that would put it in a league of its own...a powerful ROM with many enhancements and exceedingly secure...just awesome.
I'd be interested in this. I just stumbled upon the whole SEAndroid thing while looking for ways to secure Android from some (seemingly?) legitimate apps that nevertheless ask for massive permissions (i.e., Juicedefender). It's just extremely difficult these days to tell, as often these sensitive permissions may actually be needed by the app to conduct its business.
I've actually been waiting on taking the plunge to root my phone (yes, overcaution, I know)...a strong, secure ROM based on SEAndroid would make me do it!
I would be interested in this also.
any development for the tbolt here is welcome. id be interested to see how this plays out. thanks for the hard work im sure your putting into it

Sideloading Apps on WP8

Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
This is still all brand new, so I imagine later that someone will be provided with a prototype of some sort and may be able to answer those questions? I think we should start a donation for the pioneers of homebrew on WP so we can get something good done =)
Sent from my SGH-i917 using XDA Windows Phone 7 App
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
StevieBallz said:
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
Click to expand...
Click to collapse
Agreed. It will be difficult to break and it may take some time, but good thing we have some awesome people that are devoted to making it happen
hack is possible
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Shaggykjb said:
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Click to expand...
Click to collapse
I wouldn't say a boot hack could be seen anytime soon due to bitlocker and secure boot.
Have you seen any exploits on the current Windows 8 through HTML5? Since Microsoft's implementations of ANYTHING are always different (Even when they say it is compliant), I would imagine that the HTML5 on W8 won't have the same exploits. I'm thinking it will be quite difficult, but I wouldn't say impossible. That's why I think we need the current WP7 hackers or even the Android hackers in on this... The ones that know and understand the low-level aspects of x86 and ARM to be able to know what is going on behind the scenes and try to get around it. Given that a good bit of the second gen windows phones still aren't able to be interop-unlocked and sideloaded, I am sure Microsoft has patched the ways those backdoors in w8 and wp8.
As so much Malware was installed through IE previously Microsoft did a great deal of work to harden it against Exploits. But furthermore it would only be the first step to find a vulnerability in the browser or an HTML5-App.
IE itself is run in it's own OS compartment which runs below regular user rights. So if code gets run in the Browser context it effectively can't do very much. This is one of the reasons why desktop exploits started to rely more heavily on Flash and Adobe Reader Bugs (those plugins ran on user privileges).
The HTML5-Apps are most likely to execute in the least priviledged chamber separated from each other very much alike to the way WP7s Silverlight Apps are isolated from each other.
Given that I guess it will need people who understand the system architecture pretty well to crack it open. The easiest vector for getting Homebrew Apps on most likely is the LOB (Line of Business)-App support.
Even if you were to find an exploit, it's highly doubtful that it will give you anything. WP8 is with UEFI Secure Boot something entirely new in that aspect, in that it's likely to see a full bottom-up chain of trust. You'd likely need to break UEFI itself to get any binaries persistently with elevated privileges. If the UEFI firmware is not upgradable on the device (for instanced burned on the chip) the protection is unlike for current phones theoretically perfect.
Of course, it remains to be seen in what extend WP8 will validate signatures, but if say any elevated code needs signing, then a permanent full/root unlock is very unlikely to achieve.
Hard SPL unlocks as they're seen with the Titan and Radar will also be a matter of the past with WP8.
TitusO said:
Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
Click to expand...
Click to collapse
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
vickylance said:
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
Click to expand...
Click to collapse
You have removable SD card support and can install applications to it. However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee. Meaning, it's highly likely that the phone will check signatures on all applications, including those on the SD card and you won't be able to run them otherwise. (actually WP7 does this already - if your devel unlock expires and the phone relocks, all unsigned apps will not run anymore)
ZetaZynK said:
However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee.
Click to expand...
Click to collapse
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
According to CNet Asia a Microsoft Employee during Technet told them that SD-Card installation meant installation from SD-Card instead of App-Installation to the SD-Card (see here: http://asia.cnet.com/apps-cannot-be-installed-to-microsd-cards-on-wp8-62217133.htm)
The latest rumor is that WP8 will include TPM chips on all handsets. Thus will drive added hardware security to the firmware. I am feeling very skeptical that WP8 will be rootable as a result. I have a TPM system in my Win 8 laptop and it is damned secure.
Sent from my Kindle Fire running ICS
StevieBallz said:
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
Click to expand...
Click to collapse
Hm, I believed I had read this, but seems you're correct. Not sure where I believed to have done so right now.
kenikh said:
The latest rumor is that WP8 will include TPM chips on all handsets.
Click to expand...
Click to collapse
TPM is not the problem here - secure boot is. Considering Microsoft announced secure boot as part of the WP8 announcement, it's kind of likely that all devices will ship it.
Secure boot and a TPM both can deliver a trusted boot path, but with significant differences in the execution. With a TPM you store a key and Platform Context Registers (PCRs) on the module - if the PCRs mismatch then some part of the configuration was altered which is likely indicating a breach of trust in the boot path. With Secure Boot, one or more vendor generated keys (and not a self-generated one, like on a TPM)are stored in the system's firmware. If the boot loader is not signed by one of those keys, the device refuses to boot. This means that you can't replace the boot loader with custom code (as you do with for instance a HSPL). In a TPM-based scenario, the user can re-assign TPM ownership, Secure Boot has no such concept.
Note: x86 PCs will come with Secure Boot too, soon. However, MSFT requires ARM devices to have these keys assigned by the OEM and requires the manufacturer to allow changing the keys or disabling Secure Boot - for x86, they require the opposite, a PC without an option to add your own keys or to disable secure boot would fail the Windows 8 hardware certification.
If you come across the information again please let us know. There seems to be some confusion on the SD card topic (WinSuperSite reported differently).
As for secure boot and the TPM: if Microsoft decides to make CustomROMs hard the best course of action seems to emulate the "Enterprise Marketplace" given the assumption that those won't user Microsoft certificates but instead company certificates (which could be installed by the user similarily to the Exchange server certificates today). But we'll have to wait and see how that gets implemented in the end.
PS: Just found the following on Microsofts Windows Phone Developer Blog
LOB app deployment – Many enterprises understandably want to keep their line-of-business (LOB) apps in-house, controlling how they get published and deployed. In Windows Phone 8, we support several new channels for deploying LOB apps to enterprise devices, including installing from a website, SharePoint, or email.
Click to expand...
Click to collapse
Sounds pretty much like sideloading might be a lot easier then we think it is.
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently. Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
lseidman said:
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently.
Click to expand...
Click to collapse
Microsoft ruins the experience for WP7s even more imho. There's really a lot of essential stuff that unlocked WP7s can do, but that stock WP7 is unable to do.
lseidman said:
Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
Click to expand...
Click to collapse
This can be easily worked around: If they just made developer unlocks free (keeping the same deployment system as is), that would make it near to impossible for malware to spread.
lseidman said:
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
Click to expand...
Click to collapse
...and this is why I believe WP8 will have security measures against abuse of that private app deployment feature. Also, XAPs are not even badly protected right now.
Just for fun!
http://www.youtube.com/watch?v=cSnkWzZ7ZAA
He uses WP7 on 1:50
THE most informative thread on the WP8 section hands down....all u guys...BIG thanx for all the info...
Sent from my DROID RaZr.
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
devize said:
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
Click to expand...
Click to collapse
Stick with Android. Windows phone will not be developer friendly. This is my biggest problem with windows phone. The whole works out of the box experience really doesn't work when the software is young and lacking basic functionality . There is barely anything you can do with wp7 right now and winp8 is supposed to be even more locked down
Sent from my T8788 using XDA Windows Phone 7 App

Vulnerability Allows Attackers to Modify Android Apps Without Breaking Their Signatur

Vulnerability Allows Attackers to Modify Android Apps Without Breaking Their Signatures
This might be the reason why the new MF2 and ME6 are not downgradable and why the 4.2.2 update was delayed.
Source->http://www.cio.com/article/735878/V...ndroid_Apps_Without_Breaking_Their_Signatures
IDG News Service — A vulnerability that has existed in Android for the past four years can allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS.
Researchers from San Francisco mobile security startup firm Bluebox Security found the flaw and plan to present it in greater detail at the Black Hat USA security conference in Las Vegas later this month.
The vulnerability stems from discrepancies in how Android apps are cryptographically verified, allowing an attacker to modify application packages (APKs) without breaking their cryptographic signatures.
When an application is installed and a sandbox is created for it, Android records the application's digital signature, said Bluebox Chief Technology Officer Jeff Forristal. All subsequent updates for that application need to match its signature in order to verify that they came from the same author, he said.
This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key.
The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures.
The vulnerability has existed since at least Android 1.6, code named Donut, which means that it potentially affects any Android device released during the last four years, the Bluebox researchers said Wednesday in a blog post.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," they said.
The vulnerability can also be exploited to gain full system access if the attacker modifies and distributes an app originally developed by the device manufacturer that's signed with the platform key -- the key that manufacturers use to sign the device firmware.
"You can update system components if the update has the same signature as the platform," Forristal said. The malicious code would then gain access to everything -- all applications, data, accounts, passwords and networks. It would basically control the whole device, he said.
Attackers can use a variety of methods to distribute such Trojan apps, including sending them via email, uploading them to a third-party app store, hosting them on any website, copying them to the targeted devices via USB and more.
Some of these methods, especially the one involving third-party app stores, are already being used to distribute Android malware.
Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app store's application entry process in order to block apps that contain this problem, Forristal said. The information received by Bluebox from Google also suggests that no existing apps from the app store have this problem, he said.
However, if an attacker tricks a user to manually install a malicious update for an app originally installed through Google Play, the app will be replaced and the new version will no longer interact with the app store. That's the case for all applications or new versions of applications, malicious or non-malicious, that are not installed through Google Play, Forristal said.
Google was notified of the vulnerability in February and the company shared the information with their partners, including the members of the Open Handset Alliance, at the beginning of March, Forristal said. It is now up to those partners to decide what their update release plans will be, he said.
Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on them, he said.
Google declined to comment on the matter and the Open Handset Alliance did not respond to a request for comment.
The availability of firmware updates for this issue will differ across device models, manufacturers and mobile carriers.
Whether a combination of device manufacturers and carriers, which play an important role in the distribution of updates, coincide to believe that there is justification for a firmware update is extremely variable and depends on their business needs, Forristal said. "Ideally it would be great if everyone, everywhere, would release an update for a security problem, but the practical reality is that it doesn't quite work that way, he said."
The slow distribution of patches in the Android ecosystem has long been criticized by both security researchers and Android users. Mobile security firm Duo Security estimated last September, based on statistics gathered through its X-Ray Android vulnerability assessment app, that more than half of Android devices are vulnerable to at least one of the known Android security flaws.
Judging by Android's patch distribution history so far, the vulnerability found by the Bluebox researchers will probably linger on many devices for a long time, especially since it likely affects a lot of models that have reached end-of-life and are no longer supported.
Click to expand...
Click to collapse
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Key phrase here is "for apps not installed through the google store". Hence not an issue for a large fraction of users. Total case of FUD. Someone must be wanting to sell some av software.
Sent from my GT-N7100 using Tapatalk 4 Beta
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
Well, X-Ray scanner either does not detect this latest security flaw or N7100 (as of DM6) is allready patched.
Kremata said:
I really thought more people would be interested in knowing this. I would really like to know what you guys think about this.
Click to expand...
Click to collapse
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literally hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
djmcnz said:
This is the first link I found for XDA on this.
I think it's not that interesting because it's old, old news and exactly why it's being touted as a "new" discovery is beyond me, it's far from new.
We here at XDA have been using this method for years to modify stock Android and OEM system apps with great success. Here's an example by me from 2011: http://forum.xda-developers.com/showthread.php?t=994544 there's a literry hundreds of examples all over XDA.
The real question here is how Bluebox security got everybody to act as a PR machine for them. If they turn up at Black Hat with this "amazing discovery" they're going to get laughed off the stage.
Click to expand...
Click to collapse
Ahh! Thats the answer I was waiting for (and from a Recognized Developer). I knew XDA Devs were using this method. My new question is.. If they fix it will it be harder to create Mods? Will it slow down development?
Shouldn't this be posted in the generals forum?
Kremata said:
If they fix it will it be harder to create Mods? Will it slow down development?
Click to expand...
Click to collapse
I suspect so. If they fix it properly it would become impossible to change any aspect of the app without signing it again. If you wanted to maintain compatibility with the original then you'd need the developer's keys.
At the moment really only the manifest and some metadata within the apk is signed, if they extended that to the entire contents of the apk many mods (think themes for stock Google apps etc) are screwed unless users are happy to relinquish Play Store links and updates (i.e. backward compatibility).
Google may not go this far and may only choose to authenticate the code (smali) rather than all of the apk contents (graphics, strings etc), this approach would leave room for some mods to survive. Remains to be seen.

DISCUSSION [hybridROM_MOTOfied] MoTo-nomous v0.1.0 preALPHA, stabile as RC!)

Mods: please, this is a temporary post pending moderator elevated privelege to start forking my build via proper Android Development Section, everything I post is valid and true. No mock ups. Please, do not delete this thread. It is purely education and informational pre-release details to explain down to details most but not all details, as a developer i dont just release security structure or anything deemed sensitive.
A PROJECT UNIQUE AND NEVER BEFORE UNIFIED OR ATTEMPTED SUCCESSFULY. De-Androidinzation and bulding, slipstream and super-enhancing, raising Linux core from the dead to Linux-based and minimally VM until the day comes where I can project it out to substitute it with a replacement, only as good or better performance but not cross-coding as mobility has been so confined to since the start.
Introduction: to a very genetic-autonomous and not even a contender of its class to match it
Hello Fellow co-developers. I am anything but new around here, and I've grown frustrated and impatient trying to revive my XDA credentials I've had auto saved for years and yeasrs. Please, if you find interest in what you see following A PROJECT UNIQUE AND NEVER BEFORE UNIFIED OR ATTEMPTED SUCCESSFULY. this notification, message moderators or seek to at very least a head-start as I cannot even start a thread in the appA PROJECT UNIQUE AND NEVER BEFORE UNIFIED OR ATTEMPTED SUCCESSFULY. ropriate section, due to having to create an account. I've come to a sheer intolerable irritating boredom with Android, and the fact that well, Google and relative developers, and/or mainline toolchain dev's are well, diddling and we see an entire circus from Donut to Lollipop, then when they rollover on 6, and only then...and with nothing that is cheap to meet the proper standard for the hardware it takes to not back-grade your hardware and Android base version 1.6 (DOH'NUT). Yes, such non-sense as SDcard support when the damn things are ready to evolve into the next format. Don't get me, wrong, I'm glad it made the changelog, but still a mock-up and in a developers eyes so much more could have or should be incremented to a more attainable adjustment and even features. But, this post is not about Google, Android, and a lousy slipstreamed Apps2SD knockoff repurposed as adoped storage. I've always tested roms, tweaked, modified and until I found performance, stability, and can go 2 weeks without losing 40 hours of dedication getting it where she needs to be, I started porting per-say, drawing back the resource-loving java base they use in every phone regardless the base, or OS....but I have yet to see anyone shoot for the Linux-Cabal. A tip-the-scale fork of Android where rolling release and as come the updates increment, so shall the independance of too in the Android cocktail for my liking.
Let's just put it out there, I've been stabilizing and unifying a custom build (at this point for Moto ARM), and yes I know waht I am saying but to title it a ROM A PROJECT UNIQUE AND NEVER BEFORE UNIFIED OR ATTEMPTED SUCCESSFULY. would be mislabelling and a blow to what I think the OS deserves. More Linux backbone, compiled and debugged to hell and back step by step. I don't have any plan...YET to play god and cut out any serious concept such as framework, VM, but I have a goal, and a very vast plan drafted for the next quarter. I know any Linux Penguin-Dorks, and developers who know their cards and where I'd bet my bytes in any arena vs most other Os's.
History and Pre-requisuite (in order to enter and initialize a new fork officially, and establish a support system consisting of credible, daily-active and feedback producing beta-testers as well as the system and policies they will adhere to throughout initial first phase. This is not another AOSP or clone of source and hidden bugs you have to come to discover the hard way. I am offering only until another phase anyway, to primarily and MotoG3 ONLY, device dependent. push, shove and patch my tamper-resistant modules will enforce any interopibility. Remeber these are encrypted with MULTI-LAYER mutli-bit and a subset of different combination encryption algorithms and not APK, were weaning that dependence slowly but eventually here. Modules, system core hard up and real time individiual file encryption layering system. Safe from FBI and NSA and Israeli counter-parts. Included but not enforced are optional ability of IPC (Tor-lke) supreme sms, voice chat, and push to talk functionality, and among per file on top entre data drive encrypto....comms will be dual-end encrypted, obviously all of which can be enabled/disabled, configured and tweaked to ones preference.
Until I have proper authority and have enough resonsibility good-boy credits, there will be nothing. And I mean no beta program, no releases, no source code except I will move along to the next accepting Android community, which is my last thought and not at all in my interests. I am a developer 16 years, on a broad number of languages, on many arch's, from pascal, html, basic to visual basic, c, c++ C#, java, to ASM (yes Im old school, an I only dispense above and beyond what I would set as a mile stone.). All my projects in the past, creating the very first OpenGL wrapper, and utilizing a direct-injection loader that was always available in HL.exe. Primarily for Counter-Strike, as Valve global banned any cdkeys and steam accounts associated with at first any Alias nearing the format of my preferred handle. As they rolled out VAC for the first time, I watched every (neraly) system hook based all in one hacks go down as KIA-dead soldiers, while my opengl-wrapper emulated the driver, allowing my to get raw data to maipulate, block, pass-trough to the real-deal OGL.dll. My OpenGL in suspended development and without requirement to play tag with steam and losing 100 purchases of Counter-strike making a VAC-undetected, play for a day or 2 then POOF. Another good key gone up on Joolz, like his sorely lost system hook as it was spitting calls to the Windows API, the HL api, and just many easily noticed flags that his only circumventing was heading on VAC module manipulation, playing with memory in process, unloading and this damn module was live, as in every server change a slipstreamed update could be pushed and suddenly the VAC process, and all the memory offsets surgically and delicately rendered harmless. Too much working hard than the efficient smart ways I came up on. Why try and reinvent the wheel when you know the wheel is superior to date. Kid wasted his entire adolescents, and his family savings trying to serve up something that guarenteed, yes you will be the best hacker online, yes you will be detected by the end of the weekend, and the advantages well, there were none except a trial what hacking a system hook was like. As for my opengl, well at first for Valve, they did their thing wiping out the hundreds of hacks but only 1 or 2 who had stood any sort of equality to the efficacy, stability, virtual impossibilty to detect as I took a native function very seldom known and not documented, and even those who did, none had the brains to probe and go from a function with no instruction or info to the process and how to invoke and follow it through. I didn't reinvent the wheLet's just put it out there, el, but I gave it redbull-wings, titanium belts, nitrogen, and embedded withtin the system from which VAC also called home and well, all its code and dependent libraries, modules and api calls gatehered and had conferences and played golf. VAC could not for years, learn how to attack itself, and this was a fluke at first. Next I started to get out the matches, fire playin time....and i love to push buttons see where or how far i can get.
LONG story short, my very first C++ project, very atypically, was a win32 video card gfx driver, and wrapper and then put Joolz down deep, I was able to hybridize a opengl driver to bear code of no relation at all, not even close whatsoever, and without trying to break and enter a bank and crack a safe while risking setting off an alarm just to steal a 20$ bill. Get what I mean, this was at the age 0f 13. Lost my E-DEV virginity and any dev working in a windows environent, on win 98 knows that for a first project, you don't just self-teach yourself to code then start squatting and pushing out dynamic link libraries like they are ever coded to spec in MS eyes, and its just not a novice coder challenge. The following project, most of your in FTA satellite likely have heard of the latest of a technology innovated on my part and consult with few others on my FTAbins team. Also the author of the handbook aka the bible to the absolute and very well drafted, and at its time prior to increases vastly in bandwidth, it was predecessor and stepping stone for entry to IPTV. Yes Nagra2 was never cracked, it was actually a breach of trade secrets and confidential patented technology on the behalf of a disgruntled and underpaid dev who was a team lead on the the maiden of its release. For the unaware. Nagra2 is the security protecol and encryption system designed to scramble satellite television signals, as far as from my involvement only Dish Network as far as satellite, but also used and more so in europe, australia, uk and asia, on cable boxes (digital) usually those whom took input to your subscription via smart card.
But they double-time develloped and debted themselves over a exploited draft (N2) that really didnt secure a damn thing, only was a deterrant but always 24 hours behind every key roll. NKS is the patented tech, as nagra3 was exponetially much more secure and utilized 5 times the bit depth for each key, and rolled on predefined and update at randomly subscriber only pushed updates. Virtually impossible to crack, but with the aid of more advanced on completely different architechture and embedded firmware nontheless, i wasn't that intelligent i suddenly could learn 5 more instruction sets from x86. But with very little effort, and suceeding with no difficult to overcome blowbacks. Developing not an exploit, but a shadow, if you cant beat em. Join em. and that we did, nothing troubled DN ecm dev's more than trying to circumvent a system that utilized subscriber keys, and encrypted, offshored and live-streamed direct in millseconds behind a authentic event trigger, key roll or key changes and ecm's. ecm's become counter-effective when those you target are identical to your nonIKS subscribers
Thats just some history shared on 2, early on, but also serous and major accomplishments to certify and add credibility to what I claim to do and if doing this at 13 and 15 respectively, both drawing hundreds of thouseands to hundreds of millions from each of 2 entirely different classification corporations. But a thorn in both eyes while dancing circles around them, not even hitting puberty are 2 that only opened channels to knowledge, and expanding my IQ in area's and subjects I would never have thought prior,
I am not ready and urgently tryinHistory and Pre-requisuite g to put something out not prepared to dump unassessed to public, but in context I only initially had prospects of private membership availability and even that I have not authorized either. I am running an XT1540, but kicked alot of Moto framework, slipstreamed Sony framework minus the headache inducing svox, and bits and pieces of certain framework manipulation, but only in areas of absolute necessity.
Minus the not-well supported termux app and api, my build is just as extensive, with a integrated system bin directory containing apt, dpkg, a indirect but priveleged api bridge to all things android and its framework. Wifi-N enabled, 2.4ghz and 5ghz on one that only natively ever offered 2.4 G. Also, some off the books properties, I've been able to extend and further dominate the radio and modem accessibility, more specifically on UMTS/AWS bandf here in Canada on WIND. Now alot is new but I've yet to encounter very many warnings let alone any real conflicts or stability or performance setbacks. CPU is unlocked, can be volted and clocked as well as GPU, and although schedulers are there, much needs my expertise and some fine tuning before I'd even open my mind to considering it in control of fatality-potential software on another persons device.
Now, with apt and a 3 more repos than termux can match. Many would give their left nut just to have even 1/4 of the full capability (and i mean capability of all thats fully stable and operational to perfection as of right now). I had to nearly wrestle my device from a buddy of mines hands, and very promptly vacate his residence as he was dying to just get a particular build of metasploit not freely available to public, and on that part metasploit is integrated discreetly but as building block and one of many that basis the security infrastructure I am still actively forking. Stringray-safe, no prying eyes or cloning cell towers to snoop through anything private.
Currently my personal attention has me fired up towards recompiling Pale Moon custom build, and likely a entirely new browser with FF initial base but this fork of Palemoon is gecko oriented and Android API elevated privelege, it has features that even addons of chrome have yet to scratch. Capable out of the box as a IPC/Tor private browser or entire device firewalled, Tor/IPC and crypto down to the teeth. I have my own fork of recent builds of Adobe flash module, and stagefright is a secured as well. All exploitable lose ends are presently beyond par, as Android hasnt even come to that extent yet.
Anyways, I wrote this just thinking of some of my favourite features. I'll tally a list and re-post this alll in a better edited and spell-checked draft. Yes, i will post screenshots, but ONLY on request. If i have to screenshot otherwise we would all be loading alot of png files needlessly.
Xposed & MOD EDIT: warez reference removed & 3C Pro potential unified hybrid of sorts in consideration too. Pending confirmation. Also, I've been fortunate to be in possession of a Perfect-ADB i nicknamed it as it is a custom build with everything it should have plus some, and finally for right now....TWRP just makes me angry how we have 2 dozen random versions available but each has its own catch, the newer the worse it is it seems. this is unacceptable. too many builds, too many cooks in the kitchen, and off the primary source obviously. like a cocktail of suicide soda. just add 10 flavours, flash it, if it boots slap latest and DISTRIBUTE! unacceptable, this is a development resource credible well established website and name, sigh, but one thing at a time.
i will be remaining on my lonesome adding, pulling and testing my flavours and shiny sparkles with neon colors until the day i can start my devdb. and the day i do that i will immediately open up to members. with consideration of development and vetted testers prior to extensive durability and relibility testing..
Til then, mkocmut1986 @ gmail.com should you require contact.
or PM me. I got my hands full, and im but one dev as you can tell and constantly 100 new innovations to add.
Can you tell this story in short in noob language Not everyone is a developer here.
Sorry @mkocmut That was so long I skipped it... How about a tl;dr version?
@mkocmut: Well I read all the parts, all the history but one question: what was the purpose of writing all this?? BTW, great writing, enjoyed it. And yeah, I would appreciate a few screenshots if you can bother uploading some png files here, thanks.[emoji1] .
Broadcasted from Zeta Reticuli
Says: "LONG story short..."
Goes on to write 11 more paragraphs...
You're a passionate fella, I'll give you that much. Heheh, strangely enough, your post kinda made my day. (-:
A wouldn't mind u posting a link to ur beta port??
mkocmut said:
Introduction: to a very genetic-autonomous and not even a contender of its class to match it
Hello Fellow co-developers. I am anything but new around here, and I've grown frustrated and impatient trying to revive my XDA credentials I've had auto saved for years and yeasrs.
Click to expand...
Click to collapse
Would be interesting if you at least tell us what's your old username.
mkocmut said:
Modules, system core hard up and real time individiual file encryption layering system. Safe from FBI and NSA and Israeli counter-parts.
Click to expand...
Click to collapse
You totally forgot about the KGB...
THREAD CLEANED - Please don't post references to warez/software that violates XDA Rules
Wow! The room is spinning after reading all of that! It's left me with a feeling of huh? But either way I am almost certain that you are very passionate in all the above and I'm cool with that. So preach on brotha!
Good luck man. @mods : if someone quotes the whole OP, burn him!
sounds cool to unlock the cpu + gpu hope all your plans will be made possible
HelpMeruth said:
sounds cool to unlock the cpu + gpu hope all your plans will be made possible
Click to expand...
Click to collapse
How u getting on dev?
Any updates?
Sent from my SM-G900V using XDA Labs
Newyork! said:
Would be interesting if you at least tell us what's your old username.
You totally forgot about the KGB...
Click to expand...
Click to collapse
Late reply, but the KGB has been gone since the last millennium
---------- Post added at 01:02 PM ---------- Previous post was at 12:57 PM ----------
mkocmut said:
Modules, system core hard up and real time individiual file encryption layering system. Safe from FBI and NSA and Israeli counter-parts.
Click to expand...
Click to collapse
Worried about Israeli intelligence? If you're not involved in terrorism, you'll be fine, and if you are, then I'd want the Mossad to have your info.
Sounds more like drunken late night ramble than anything else. Especially since there hasn't been a peep out of him since.
Sent from my MotoG3 using Tapatalk
riggerman0421 said:
Sounds more like drunken late night ramble than anything else. Especially since there hasn't been a peep out of him since.
Sent from my MotoG3 using Tapatalk
Click to expand...
Click to collapse
We can still hope that this will ever be released right?
Sure, why not? Keep the dream alive.
Sent from my MotoG3 using Tapatalk
Hey, Whats up? :laugh:

[Guide (Making One)] Please help do a thorough guide to optimising an Android.

Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).

Categories

Resources