Any thoughts?
Go to www.google.com
Type: can google remotely disable a device?
Read.
Done.
Short answer: no
Long answer: no
Thoughts: if you're worry about that, use this as your daily drive. It is tamper-proof.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I was told by a play store support person that in the event of a stolen device (stolen from shipping/receiving people), they will remotely wipe the device.
So from that I gathered that they can.
Yes they can remotely wipe a device, there is a permission for it and a Nexus S with leaked ICS had it done IIRC.
Yeah. Google, the carriers, and governments have certain remote access / wipe abilities. Some of these are consensual, like in the case of a stolen device. Others, not so much.
Not trying to sound all tin foil hat up in here.
ml2514 said:
Any thoughts?
Click to expand...
Click to collapse
I was wondering the exact same thing....
Sent from my Nexus 4 using xda app-developers app
Anyone have anymore thoughts on this question???
It's been answered, what more do your want?
It's not just this device though, look up the brick permission.
I believe they can wipe and brick it..
Even if they couldn't, they can block the device from accessing Googles servers which would render it almost useless for anything other then a media player
Sent from my Nexus 7 using Tapatalk HD
About a year ago Google removed some apps from the playstore that contained malware they also removed those apps from peoples phones at the same time. If you search for it there is a forum on here somewhere discussing it, I looked it up about a month ago when someone else posted the same question. Here's a link to a short artcile about killswitch from endgadget.
http://www.engadget.com/2008/10/16/google-implemented-an-android-kill-switch-those-rascals/
Rusty! said:
It's been answered, what more do your want?
It's not just this device though, look up the brick permission.
Click to expand...
Click to collapse
I was wondering something more along the lines of HOW they are able to do this, which hasnt been answered.
Well google has better things to do than disabling your device !
Okay no offense a geek might end up here and write a long essay on how nothing is impossible and how google could inject malicious scripts or already has hidden piece of encrypted coding that could pose a danger - but trust new seriously all that is possible as of now if remote wipe on case of stolen the device btw if a few web blogs including a few threads in here(some of which provides digestible evidences) are to be believed then google can surely wipe remotely !
yes google can disable and remotely wipe your device
http://androidandme.com/2011/09/new...faces-online-developers-confirm-authenticity/
For wiping you phone, you can use something like Lookout. It allow you to wipe, track your phone much like findmyiphone from Apple. If only works if whoever got your phone keep it on or haven't wiped it himself.
Earlier this year, the major cellphone companies in the US have agreed on a deal with the US government to build a stolen cellphone database. Eventually, any cell phone company in the US will check against this database prior to provisioning a cellphone in their network. The centralized database is targeted sometime near the middle of 2013. That works in the US but that still not preventing stolen cellphones to be used outside the US.
I believe the google motto goes as "do no evil". Whatever else will be present in their policy. Theoritcally you need not be google to wipe a device. A person with the right knowledge could certainly use an exploit particularly via social engineering, the most common exploit of all. Personally I have monitored my traffic many many bytes. I don't see anything that would leave me to believe this. If there was and could be proved than that would be one hell of a court case. Google would be badly damaged from such a thing and is it worth all those dollars to be lost?
Sent from my SCH-I535 using xda app-developers app
Yes they can.
Yes they did.
Yes they will again.
No you wouldn't know how they do it because the relevant software is non-free spyware, therefore you can't know what it does behind your back at all.
And don't try to tell me that android is free and open software. It isn't.
Sry sounds like they did it on a development phone. Not a consumer model. The idea of big brother google wiping my phone for talking spat against their roman empire seems far fetched. Anyhow can be done by anyone. There is a huge market for exploits.
Sent from my SCH-I535 using xda app-developers app
http://support.google.com/a/bin/answer.py?hl=en&answer=173390
They can do anything
Sent from my GT-I9300 using Tapatalk 2
---------- Post added at 10:12 PM ---------- Previous post was at 10:09 PM ----------
http://www.ubergizmo.com/2012/09/an...e-vulnerability-google-knew-three-months-ago/
Sent from my GT-I9300 using Tapatalk 2
Its great but google cannot do whatever they want. If they were caught wiping a personal device. It would make national headlines. People would trust them less. They would be no better than the worlds richest malware. Ya also get the same level of wipe from an app like cerberus. Defining the lines is tough. I am getting at the fact if there is an open port on your device. Proper knowledge could be used to wipe the system without the aid of google or an app. If it is possible. It can be done.
Sent from my SCH-I535 using xda app-developers app
Related
Evo ex DEV “TrevE” Hit With Cease & Desist new update CIQ has thrown in the flag
For a refresher, back in October a user over at the XDA forums came across a major security flaw on HTC devices which allowed for the tracking and recording of every use of your phone through certain app permissions. Since then, HTC released pressers that acknowledged the issue and that they would have fixes. Better yet, they said that no data had been stolen by any users and that HTC’s people were on the case to fix the problem. Unfortunately, nothing ever seems to end on a good note.
After his initial findings, research then led Trevor Eckhart to CarrierIQ. That company, has now issued a cease and desist to the Mr. Eckhart for the research he published on their software. CarrierIQ claims that “TrevE” reproduced copyrighted Training Material and made “false allegations” about their software’s purposes. And this is not just a slight slap on the wrist. CarrierIQ wants Mr. Eckhart to issue a formal announcement that shows that what CarrierIQ is doing is completely normal, and is in no way a vulnerability to users.
It’s almost scary to read these C&D letters as if you are the person it is addressed to. Of course, if Mr. Eckhart does not stop his research and retract all previous posts and articles showing CarrierIQ’s software at work, then there will be legal ramifications. Luckily, there is a good shot at the good guys coming out on top. Echkhart reached out to the EFF (Electronic Frontier Foundation) for legal counsel and they feel that CarrierIQ’s claims are pretty much bologna.
We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment.
I have felt that Eckhart’s research was for the greater good of the consumer and was most definitely just a,”Hey, watch out for this type of thing,” then an actual attack on CarrierIQ. I could be wrong, but I feel that the research done was in good heart. What do you all think? Will the first amendment save this guy from an ugly court hearing?
Source:http://www.droid-life.com/2011/11/2...esist-for-researching-security-vulnerability/
*UPDATE* there is a online petition please if u support reve go sign it
http://www.change.org/petitions/your-phone-is-collecting-data-about-you
*update* Carrier IQ withdraws 'misguided' cease-and-desist letter, apologizes to security advocate TrevE by Phil Nicki
Source: http://www.androidcentral.com/carri...ogizes-security-advocate-treve?style_mobile=0
So he finds a big security flaw that exposes every HTC phone and they wanted him not to say anything bull**** HTC
Reminds me of Sony BMG and their distribution of XCP and MediaMax rootkits they distributed on millions CDs in 2005 and wanted everything hush..hush..made excuses and so on.
Just part of the reason they paid a heavy price recently.
I back trev 1000%. These big companies thought they could be dirty and get away with it. I believe they knew what they were doing and did it on purpose thinking that the normal dumb user would never find out about it. So when someone brighter than them figures it out and releases it for the masses to read and see for themselves they get all worried and try to use scare tactics to cover up their illegal activity. If you ask me i believe trev should go to court and expose them for the crooks they r.
We may have to start taking up a legal fee fund for Trevor. Go Trev go!
Sent from my PC36100 using Tapatalk
I have felt that Eckhart’s research was for the greater good of the consumer and was most definitely just a,”Hey, watch out for this type of thing,” then an actual attack on CarrierIQ. I could be wrong, but I feel that the research done was in good heart. What do you all think? Will the first amendment save this guy from an ugly court hearing?
Click to expand...
Click to collapse
I agree, I feel his research has been for the greater good and education of
the end users of these products, and not just the HTC users. I assume that
this kind of software is on every smartphone, regardless of manufacturer or
operating system.
I don't even directly blame CarrierIQ for their spyware. I blame the carriers
themselves. They're just providing a service that the carriers all want, and
the carriers are basically bullying the manufacturers into installing this crap
into the devices. I don't think any of the manufacturers would willingly spend
their time and resources to install, configure, test, and debug these types of
applications and services if the carriers didn't 'require' it in the first place.
Not saying that any of the above are really innocent, but, blame should start
at the source. CarrierIQ's business model and product would definitely be
different if the carriers didn't create the demand in the first place.
I'll support TrevE any way I can.
The first amendment is quite limited by other laws that cover it. Imagine a mess of papers on a desk, the desk is the first amendment, which is obvious to anyone that is in the room, but each paper obscures the desk more and more, making it harder to clarify what the desk really looks like.... Sure there is the desk, black and white, but this "desk" is on the WORLD WIDE WEB, which, consequentially can make this a very, very controversial case.. As for CarrierIQ.... that was also found on my old Samsung Epic 4G and there have been roms that disable it since early this year out for it... There was even a huge post explaining what CarrierIQ is... so when I saw it here on the EVO 4G forums, I wasn't surprised. However, this lawsuit does surprise a lot... The "Ex DEV" as you say could come up on top... if he has enough funding, because he is RIGHT to do what he did... but whether its legal or not... thats another question. Just because something is legal, doesn't mean it's right.
looks like CIQ is trying to say there not any harm to our phones bull**** http://www.youtube.com/watch?v=ofHr8Lv5cNk&feature=youtube_gdata_player
auau465121 said:
looks like CIQ is trying to say there not any harm to our phones bull**** http://www.youtube.com/watch?v=ofHr8Lv5cNk&feature=youtube_gdata_player
Click to expand...
Click to collapse
Lmfao comments r disabled for the video. Go figure they don't want to be called out even more
Papa Smurf151 said:
Lmfao comments r disabled for the video. Go figure they don't want to be called out even more
Click to expand...
Click to collapse
Yeah they were smart about that cause I was definitely going to let them have it
Sent from my PC36100 using Tapatalk
auau465121 said:
Yeah they were smart about that cause I was definitely going to let them have it
Sent from my PC36100 using Tapatalk
Click to expand...
Click to collapse
Yeah me too. Little ****s
The **** there doing to him is making them seem even more shady. They want him to stop because he prob hasn't even scratched the surface. I hope he uncovers the real story behind their bull****. I'm sending them a nice message rite now.
Watched the video and eye movement alone told me alot
Article on what it alledgedly does and collection process
devnulldroid said:
Watched the video and eye movement alone told me alot
Article on what it alledgedly does and collection process
Click to expand...
Click to collapse
I watched the video and I agree with you, the eye contact made it seem like they're full of it!
They should of hired Tom Hanks or something, maybe I would of believed them..haha
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm all for that, wondering the same thing myself.
BuddaBelly said:
We may have to start taking up a legal fee fund for Trevor. Go Trev go!
Sent from my PC36100 using Tapatalk
Click to expand...
Click to collapse
Sent from my PC36100 using XDA App
online petition please go sign and support treve
Signed away. Ive talked to Trev a couple of times. Sux what is going on!!! Wish I was lawyer and help him and give full support.
OTA IP and other info is 204.235.122.129 along with More info
Null
auau465121 said:
online petition please go sign and support treve
Click to expand...
Click to collapse
Sent from my PC36100 using XDA App
Joshmccullough said:
URL?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
It's in the first post labeled update
Sent from my PC36100 using XDA App
So as many of you guys know if you don't live under a rock, Today HTC has a special offer going on for free 100gb of Google Drive storage if you sign in from a selected HTC phones..
So me being all that I am, I thought of something very quick.
Unethical or whatever you may call it, I went and made a visit to my nearest Tmobile store and I approached the closest HTC M8.
I promptly went into settings and did a factory reset and then proceeded to logging into my Google account. Right after that all you
have to do is open the Google drive app (it should already be pre-installed for you so no need to go download it) once you are there
you will be prompted a screen that shows the actual offer. Like I said it depends on which phone you are on and how much free storage you will
be given. Use the chart below to see what you will get.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Tap Redeem and that's it. You may have to close out of Google drive again and reopen it for it to show up but it works perfectly. Best part is that it is free 100GB if you sign in from an HTC M8 for 2 years!
Also you can as very well use it on your other devices like me on my oneplus one Good luck to you guys and enjoy :good:
Important FAQ's for Offer
Which HTC Android devices are eligible for additional storage on Google Drive?
New HTC One (M8) (+100GB for two years)
HTC Desire 816, HTC Desire 610 (+100GB for two years)
HTC One max (+100GB for two years)
When upgrade to HTC Sense 5+ and Sense 6 becomes available on certain 2013 HTC models,
including HTC One, HTC Butterfly S, HTC One Mini and HTC Desire 601. (+25GB for two years)
How long is this Drive storage offer valid?
The offer must be redeemed before January 1, 2016. For most devices, you'll have your storage for 2 years, starting on the date you redeem the offer.
Can I apply the storage to another Google Account?
No. The free storage is not transferable and will only apply to the Google account you are using when you redeem the offer.
if I purchased a used/refurbished HTC device or unlocked the bootloader on my device, can I redeem the offer?
No. The offer is only available to original buyer of a device over its lifetime. Users who unlock the bootloader on their device are not eligible to receive this offer. so YOU MUST HAVE A LOCKED BOOTLOADER!!
Read more about the FAQ here: https://support.google.com/drive/answer/3333549?p=drive_offers_htc&rd=1
Official HTC Offer page: http://www.htc.com/us/support/htc-one-m8/howto/465031.html
Haha nice trick
lopman said:
Haha nice trick
Click to expand...
Click to collapse
Thanks man, Gotta enjoy free things when life throws them at you. :highfive:
SystemErrorOne said:
So me being all that I am, I thought of something very quick.
Unethical or whatever you may call it...
Click to expand...
Click to collapse
You have a conscience and choose to ignore it. That's nothing to be proud of.
SystemErrorOne said:
Thanks man, Gotta enjoy free things when life throws them at you. :highfive:
Click to expand...
Click to collapse
Is that a quote from the looters at Ferguson last month? I'm sure you wouldn't be giving yourself high fives if you were on HTC or Google's end of the deal.
CafeKampuchia said:
You have a conscience and choose to ignore it. That's nothing to be proud of.
Is that a quote from the looters at Ferguson last month? I'm sure you wouldn't be giving yourself high fives if you were on HTC or Google's end of the deal.
Click to expand...
Click to collapse
There's nothing wrong with what I did. Others could say the same about users continously finding exploits to root and void warranties but you don't see anyone *****ing about that. I did this because it's simple and its not as if I stole any physical money, hardware, ect
Its your choice how you look at it.
SystemErrorOne said:
its not as if I stole any physical money, hardware, ect
Its your choice how you look at it.
Click to expand...
Click to collapse
Wrong. You took something with a fixed monetary value without paying. The fact that it's non-physical is a non-argument.
While it is clever, I agree with CafeKampuchia, and it also probably violates these forum rules:
6. Do not post warez.
If a piece of software requires you to pay to use it, then pay for it. We do not accept warez and nor do we permit any member to request, promote or describe ways in which warez, cracks, serial codes or other means of avoiding payment, can be obtained. This is a site of developers, i.e. the sort of people who create such software. When you cheat a software developer, you cheat us as a community.
Click to expand...
Click to collapse
9. Don't get us into trouble.
Don't post copyrighted materials or do other things which will obviously lead to legal trouble. If you wouldn't do it on your own homepage, you probably shouldn't do it here either. This does not mean that we agree with everything that the software piracy lobby try to impose on us. It simply means that you cannot break any laws here, since we'll end up dealing with the legal hassle caused by you. Please use common sense: respect the forum, its users and those that write great code.
Click to expand...
Click to collapse
so after 2 years, does the account become deactivated or do you loose all the data thats on Google Drive?
Hi Am Paul, an indie android developer in Uganda,
Last month I received an email from a one, Adrian Williams, VP of publishing with Ogury Ltd. (ogury.co)
It's not your conventional Ad network, it shows an impression called a "recommendation". These are interstitials that are shown at the start of the app life cycle.
Since their implementation wasn't going to interfere with my already existing monetization schemes such as admob, i took the plunge. This was mid August, most of my traffic is from the US, India, Korea, Indonesia, combined EU in that order. I average 20,000 impressions on Admob daily. And have 40,000 people currently with one of my apps on their devices.
Their dashboard isn't the best and takes time to update itself.
So far they don't have a section where you can feed in your payment details. However within the first week of the next month, you're sent an email with a verified amount and you're asked to send them am invoice asking for the money and include your payment details.
And today (19th Sept) I received the August Earnings.
They have a minimum payment threshold of $50 and can pay via PayPal as well as bank transfer.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I frankly didnt believe it all and didnt want to share anything here until i had actually received the Money.
So if you want to add a monetization avenue that wont affect your existing banners and interstitials, I believe this is worth a plunge.
Goodluck bros (and sisters, all 3 of you)
compatible with google policy ???
Hi Paul,
My big concern is that .. is ogury compatible with new google policies .
Sorry, I made an error, ads aren't shown outside the app itself.
They are shown at the start.
paulasiimwe said:
Sorry, I made an error, ads aren't shown outside the app itself.
They are shown at the start.
Click to expand...
Click to collapse
How nice that you created an account just to praise them.
Does anyone has reliable infos ?
I Know it looks bad but im a legit developer with apps on play store,
email me or go on hangouts for more info : [email protected]
Search for an app on Google Play called Image Converter made by dev called "Paul Asiimwe", check the info and you'll see that same email.
You can ask me all you want there.
After plenty of time, I can settle with my final opinion about Ogury, based on my personal experience.
Pros:
High CPM.
Easy to implement.
Nice staff.
Clean dashboard.
Low payment threshold.
Ads can be disabled by the user. A pro for user compliance (although the button to do so is quite hidden).
Cons:
Usually low fill rate, although there has been a short period with 100% fill rate.
Poor SDK. There's no pre-load. It may be updated in future though, I guess.
Requires heavy authorizations. Personally, about 20-25% of my users never accepted those new permissions and never updated.
Requires a background service. I wasn't running any service before and received some complaints by users who noticed the change.
Ads can be disabled by the user. Also a con, because fill rate is 0% now. Luckily, they can't do it easily - LoL.
Intricate procedure to ask for a payment (it's not automatic).
Hefty fee (14€ for me) on the bank transfer (you probably want to be paid via Paypal).
No one told me about the above mentioned things related to payments.
Payment was late and was received after a solicitation.
Based on this, if you chose Ogury I suggest to implement it before the launch, because doing it on the way may upset the user base.
After all, the revenue was very good and it's worth as long as you can find a way to keep users happy.
Hi Paul,
My concern is do they have fast supporting? And what about the time for approval?
Thanks alot!
TramPham said:
Hi Paul,
My concern is do they have fast supporting? And what about the time for approval?
Thanks alot!
Click to expand...
Click to collapse
I can tell that support is super rapid and there's no time of approval. I needed 1 minute to register, and 15 minutes to implement the code. Ads are instanlty live.
My concern is, what about the privacy policy we provide with our app ?
I think it had to be wrote somewhere that the ad network is collecting user datas.
What about other networks that specialize in the African continent like AdVine, Mobiclicks Direct, TwinPine, or Thumbtribe?
This is a scam. They are not giving any $1 Honor 5x. I already had my address in my profile and the item in my cart. I clicked on "proceed to checkout", after less than 1 second that the button appeared, yet it got stuck on order summary, how could they have clicked the shipping option, payment method, click the "I have read the term and conditions" and then click the pay button, be redirected to 3rd party website and have paid for item, in less than second of what it took me to access the payment website where it hung? It happened 2 times already.
Even if you already have item In your cart and shipping address stored in your profile, you still have to go through this process. You cannot automate these steps, they have to be done manually.
- click on proceed to checkout
- click on shipping option
- click the dot on "payment method"
- select the square on the right that says "I accept the terms and conditions"
- click the "pay" button
- be redirected to their party website
- enter your payment information and pay
I had the $1 item already in my cart. I have been refreshing like crazy. I clicked on "proceed to checkout", my timing my flawless and as soon as I got to the checkout page, it was gone, out of stock in less than second. It is IMPOSSIBLE, let me repeat, impossible, that they could have gone through those 7 steps in less time than what it took me to simply click on "proceed to checkout". This is a scam to bring huge traffic to their site, where they will make more revenue from visits, and also people will buy their legit deals, 30% off and the bundle. Also, how convenient that the winner happens to be a guy who constantly posts pictures of different phones, wallpapers, selling, comparing and reviewing phones, and he is part of the google+ honor usa community.
//plus.google.com/+GaryBell/posts/3bYAFd9NCQR
How convenient that right after I say on the honor blog that there is no proof that anyone could have won, and this could be a scam, suddenly that link/winner pops up.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sour grapes much?
Sent from my SGP621 using XDA-Developers mobile app
A scam? Really??
So because you didn't magically win, when going up against who knows how many other people, the offer must be a scam? One would have to have an understanding of how the hosted services on the internet works to be able to ascertain whether or not this is a "Scam" or not. And I can assure you that the results you encountered were the same as many others. Ever been through a Woot-Off when a BoC get's posted? Same idea....
CMed67 said:
So because you didn't magically win, when going up against who knows how many other people, the offer must be a scam? One would have to have an understanding of how the hosted services on the internet works to be able to ascertain whether or not this is a "Scam" or not. And I can assure you that the results you encountered were the same as many others. Ever been through a Woot-Off when a BoC get's posted? Same idea....
Click to expand...
Click to collapse
How would you know is not just a plot to get more traffic to their store?
This is a big business we are talking about, do you think they give a crap about you? All they care about is money. Do you really think they are gonna give away free phones? lmao How convenient that after I ask on the honor blog that there is no way for us to know if is legit or not, and that they could easily create fake profiles/buy reviewers, suddenly, right after a guy pops up on the honor google plus page claiming to have won the phone lol
Whatever, i already have the phone, but i feel bad for those people who cannot afford one, had their hopes up, wasted their whole day on this, only for some other guy who obviously is well off and changes phones every month, supposedly won another new phone
Fowleri said:
How would you know is not just a plot to get more traffic to their store?
This is a big business we are talking about, do you think they give a crap about you? All they care about is money. Do you really think they are gonna give away free phones? lmao How convenient that after I ask on the honor blog that there is no way for us to know if is legit or not, and that they could easily create fake profiles/buy reviewers, suddenly, right after a guy pops up on the honor google plus page claiming to have won the phone lol
Whatever, i already have the phone, but i feel bad for those people who cannot afford one, had their hopes up, wasted their whole day on this, only for some other guy who obviously is well off and changes phones every month, supposedly won another new phone
Click to expand...
Click to collapse
And the butthurt continues.
Sent from my SGP621 using XDA-Developers mobile app
Some people's children...
Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.
The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...
Details here: Pastebin Link
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:
- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels
Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
Uh oh the hysteria! A tech company may be collecting information???? Never heard of that happening before...
Wasn't this already debunked over on Reddit?
this is very alarming.
http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/
Please read and inform yourself before spreading false information.
And god what is it with the massive font and broken OP ?
i did some digging. paradoxx is right. but what about this app ?
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson . Check his twitter bio - https://twitter.com/fs0c131y
Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
Paradoxxx said:
Please read and inform yourself before spreading false information.
And god what is it with the massive font and broken OP ?
Click to expand...
Click to collapse
https://www.gsmarena.com/oneplus_re...ther_clipboard_data_accusation-news-29344.php
arka.b said:
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson . Check his twitter bio - https://twitter.com/fs0c131y
Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
Click to expand...
Click to collapse
https://www.reddit.com/r/android/comments/7t6joy
https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
I am eager too. but did someone including mods looked at thw screenshot i sent, is it a safe apk to have in the phone ?
---------- Post added at 02:17 PM ---------- Previous post was at 02:16 PM ----------
it seeks like the clipboard app was controversial. it has been removed in beta 3.
arka.b said:
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson . Check his twitter bio - https://twitter.com/fs0c131y
Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
Click to expand...
Click to collapse
I know who he is, I have seen this couple of days before you even posted here, and unlike you, I actually done some research on other website to find more info regarding this.
Please read AndroidPolice's article on this.
Hmm interesting
Sent from my ONEPLUS A5010 using Tapatalk
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.
It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.
Excerpts from the aforementioned AndroidPolice article:
- but the company says
-the company is wasting no time issuing a clear explanation of the situation
-According to OnePlus,
-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS
Hardly a hard hitting piece that rises to the bar of journalistic integrity.
Clipboard code removed from Oneplus 5T Open Beta 3
And may be because of this controversy, Oneplus removed the clipboard from Open Beta 3.
http://www.firstpost.com/tech/news-...lity-and-adds-cpu-security-patch-4327815.html
https://www.gsmarena.com/oxygenos_o...ols_removes_clipboard_function-news-29392.php
Lossyx said:
https://www.reddit.com/r/android/comments/7t6joy
https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
Click to expand...
Click to collapse
yeah, right. Appreciate your concern!
Paradoxxx said:
I know who he is, I have seen this couple of days before you even posted here, and unlike you, I actually done some research on other website to find more info regarding this.
Please read AndroidPolice's article on this.
Click to expand...
Click to collapse
arka.b said:
And may be because of this controversy, Oneplus removed the clipboard from Open Beta 3.
http://www.firstpost.com/tech/news-...lity-and-adds-cpu-security-patch-4327815.html
https://www.gsmarena.com/oxygenos_o...ols_removes_clipboard_function-news-29392.php
Click to expand...
Click to collapse
Damage has already been done because of circle jerks...
chas123 said:
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.
It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.
Excerpts from the aforementioned AndroidPolice article:
- but the company says
-the company is wasting no time issuing a clear explanation of the situation
-According to OnePlus,
-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS
Hardly a hard hitting piece that rises to the bar of journalistic integrity.
Click to expand...
Click to collapse
arka.b said:
yeah, right. Appreciate your concern!
Click to expand...
Click to collapse
To add on top of that, some people actually tried to trigger the application activities, and no contact to any server could be made.