Related
Hey,
As most of you know, I am the sole owner of touch innovation. I have done alot to this website (and I still have more to come). THe problem is, over the next half year I have alot of work ahead of me, that affects my future. But I don't particulary want to go into it.
I want someone that can look after and keep the site going for up to 6 months. I know you're thinking "What's the point in this, what do I get out of it?". Well, you get experience.
You'll get a weekly number of emails, submissions etc from people that use the website, you can monitor these, and help out there questions.
You can add programs from here etc.
Why Am I asking this?
I have spent months and months of coding this website (considering the website is only 4 months old, it's a lot of work). And I've hit a niche in the market, people want a website like this, and I am supplying them with one, but I need it to be updated while I am gone. Maybe some marketing (aka advertising) as well, so everything is running peak, and more users are coming.
This is a non-profit organisation, I make no money out of it.
I will pay the guy at the end (maybe), dependant on how much they have done to the website. And I want them to take it upon them self to make any adjustments. The site will potentially be yours for the half year (I will be checking up on it, and If there are some changes that are iffy, I will contact you about it).
It's good experience, and maybe helping me + the community out for a while.
Thanks guys,
-------------------
Okay, another idea, A team of people can request to be part of the team, and keep the site running well and keep it updated for the time I'm gone
Touch Innovation team (to-be's):
nir36
jackkkkk
Kenshino
jdiperla
AkshayGenius
Hannigan174
churka
Thanks for anyone who helps in advance, I will be up for giving a little price tag at the end, dependant on whether they've applied effort to maintain the site
No one?
I think it would be awesome to have this opportunity but I have no experience in html coding. Just the basics.
I thought I had replied to this :/
Erm, you dont need any html coding skills. You just need to know how to keep a website updated (using xda, and others) using my simple but easy and clever admin panel. Also advertise to keep hits up etc.
Napbree, I would gladly take this website, but i'm MEGAbusy with studies and work.
I suggest that instead of granting this website to another "sole" person, you create users in your admin panel and grant them to a few people who will keep it updated. I build websites and I can tell you that there's no way i'd be able to handle even one of those i've built, myself.
If a group of people are willing to help, I will be one of them.
I'll also try creating commercial opportunities for the website - profitwise.
I'd usually say "This is not the place to post these kind of posts.. use the Q&A section".. which comes naturally nowadays..
but considering the importance of this... I think we need this thread bumped up until you manage to get what you wish for.
Yes, that would be great. You've given me an awesome idea. A team of people that can mointor and keep the site up and running well, and content updated etc.
I'll start making a list of people who want to become part of the team
And if you could get a commercial opportunity, that would be amazing. I'd be up for selling it as well (maybe). It's just I want to keep the site of my hands for a while. Because my dad died only a week ago, and i'm entering a state of depression, and I need to get out into the world and keep myself busy.
Thanks
Someone?
I really like this site, and would like to see it continue.
Nathan has done such great job on developing this site, it would be shame, to see it gone waste!
So anyone who has motivation and some time to take this site under ownership, please contact nathan!
Ps. I'm one of admins of this site, and can tell you that it's really easy to update site, because of the nathan's clever admin panel. I would do it myself if i had the time, but my studies and and other projects takes too much time.
All friends of this site, let's get this thread bumped until we get some help for nathan
Firstly.. i'm sorry. Be well.
Secondly, I have some connections.. I can't promise anything but i might be able to get some advertisments going.. we'll see how it goes.
Also, if manage to get some time off .. sometime.. I'll create flash banners and put them up.
COUNT ME IN.
Thank you allevant
And nir36 thanks again, that would be mucho appreciated! very generous
I'm willing to help...
But I'm not sure if I got any use thou as I got no tech experiences or running a website.
My best experience is being a gaming forum moderator and basic computer/pda knowledge.
But, if you think I'm a good canadiate please let me know as I would like to help in anyways.
You don't really need experience in running a site. As long as you can spend some time on the admin panel to add content, it's all good.
I've added you to the to-be team , hope you don't mind.
Thanks! future for the site is looking brighter this is just a bump post
I'll bump your bump
Dear Napbree,
I am an Application Consultant and actually my job consists of making corporate websites for government entities.
Websites I've done include (not exhaustive list)
http://www.infocommsingapore.sg/industry/
and
http://www.infocommsingapore.sg/games
Same domain but totally different things.
So do count me in if you need help running the website.
I am certified in JAVA (Have Sun Certified Java Programmer and Developer certs) and am proficient in both JSP and Applications.
Currently I am writing CMS based websites using PHP, CSS, HTML and Javascript.
I can definitely write some code to add more cool functionality to your website
I'll bumb your bumbing my bumb
Hi Kenshino,
Application consultant heh, nice!
At the moment, I will be able to code up new sections for the site, for example, the new update that will come sooner or later (when I have time to finish it), has live submission, which means users can instantly add applications, as long as it applies with a few of my automated checks.
But if you have any ideas, and you want to code them up, you can definately! But I wouldn't be able to give source code, but you can code it seperately and then I can incoroporate it nicely
Thank you lots for your interest
Nathan
Hey, I volunteer too. I am a PC administrator and had had success in hosting my own sites in the past as well as prior administration duties to games like http://www.swcombine.com
Sounds great
Added you to the list, I will contact you all in the future, once I have a nice big list of contributors
Thanks
let's keep this on top.
(Note posting in this topic as to dev category for obvious reasons)
This whole incident has taken me by surprise with the actions of Google against Cyanogen. Now the actions from my understanding so far are likely the result of the early release of the Market app with his new Donut based releases. There is a valid argument for Google in which it is their own proprietary code in which they want to release on their terms I would assume, however I prefer to take the side of the community. The community around XDA has supported and nurtured the development of the Android OS and the devices based upon it, with the developers pushing the limits on what they can do and implementing smarter and better solutions. We the community in a sense become beta testers for the latest and greatest Android has to offer, how many applications do you think have already added support for 1.6 due to Cyanogen's mods and our feedback?
In summary, I believe while Google does have a valid argument against, but it would better serve them to not continue with this course of action. I invite you all to write and use all social networks available to you to spread the world, submit to every news site, raise awareness of the problem. Don't waste your time with petitions, just spread the word, go viral with it.
Digg search for cyanogen:
http://digg.com/search?s=cyanogen
Original article:
http://androidandme.com/2009/09/hacks/cyanogenmod-in-trouble/
Facebook group:
http://www.facebook.com/group.php?gid=144634407186&ref=nf
Send tweets to @google also, flood the information stream.
Email the people at Engadget, Slashdot, Gizmodo, all the major blogs just to keep focus upon it.
Someone should put it up on reddit too, get some visibility on wired.com!
Listen, this situation is really cut and dry. Cyanogen had NO LICENSE to distribute the CLOSED SOURCE APPS. The rest of it is perfectly fine.
The solution:
Develop the roms, DELETE the closed source apps, sign, publish. When someone installs the roms, let them install the closed source apps themselves -- i.e., *somebody* (who won't be linked back to cyanogen) will likely post a simple "closed-source-google-apps-for-cyanogenmod-4.xx.xx.xx.zip" which can be installed from recovery mode.
Problem solved.
wont that person then be "under-fire"?
gospeed.racer said:
wont that person then be "under-fire"?
Click to expand...
Click to collapse
Only if the person gets caught.
tool to extract non free files and create a update image
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
lbcoder said:
Listen, this situation is really cut and dry. Cyanogen had NO LICENSE to distribute the CLOSED SOURCE APPS. The rest of it is perfectly fine.
The solution:
Develop the roms, DELETE the closed source apps, sign, publish. When someone installs the roms, let them install the closed source apps themselves -- i.e., *somebody* (who won't be linked back to cyanogen) will likely post a simple "closed-source-google-apps-for-cyanogenmod-4.xx.xx.xx.zip" which can be installed from recovery mode.
Problem solved.
Click to expand...
Click to collapse
Are you a lawyer? no. So don't give your interpretation of what Cyanogen's license was and wasn't. You already started a thread about it and you're spamming the hell out of another. Don't mess with legal guesses, it's a bad bad idea. As I am someone who is studying law (and also a programmer/generally tech-smart), I am doing and suggesting to stay the hell away from that part when possible. Law -> politics -> flamewars -> ad hominem/bad posts. This is not tvtropes.
Meanwhile, can you even get past the start/initialization page without having the closed source apps, as they are market/gmail? This question is to actual modders.
Google has made a mess of thus, if they stop him from distributing with the apps it's only going to get *waaaay* messier.
You, are an IDIOT.
What happens when you *assume*? I'm sure that if you are, in fact, a law student (as you imply yourself to be, though you really only call yourself a "student" of the law, which could mean that you simply watch CNN from time to time), that this would have been answered on the first day of your first class.
Cyanogen's license *IS EXACTLY* the same as the license granted to *ALL OTHER USERS*. You want to read it? Its in your phone under About Phone --> Legal Information --> Google legal. Until you have read and understand *it all*, you should immediately cease offering your suggestions.
Edit: I just noticed your post count... 3.
Amazing, the audacity of some people. Whenever things start to get beyond the understanding of the average, all the chicken-littles come out from the woodwork and start crying about how evil the big company is. It is a direct function of a lack of understanding of the issues.
My advise: FORGET ABOUT IT. This has nothing to do with you and most likely won't have any (significant) impact on your life. At worst, you will have to add ONE SMALL STEP to the process of flashing the latest modrom.
Let me repeat: THIS IS NOT A BIG DEAL! IT DOESN'T REALLY MATTER! Your phone is NOT about to catch on fire or start spying on you.
Oh, and for you information: regarding how I know what Cyanogen's license was....
1) the fact that it is included with the phone.
2) the fact that he received a c&d order (which they wouldn't send if he was licensed, or if they had, it would be the simplest matter to resolve).
3) the fact that he said so himself.
designerfx said:
Are you a lawyer? no. So don't give your interpretation of what Cyanogen's license was and wasn't. You already started a thread about it and you're spamming the hell out of another. Don't mess with legal guesses, it's a bad bad idea. As I am someone who is studying law (and also a programmer/generally tech-smart), I am doing and suggesting to stay the hell away from that part when possible. Law -> politics -> flamewars -> ad hominem/bad posts. This is not tvtropes.
Meanwhile, can you even get past the start/initialization page without having the closed source apps, as they are market/gmail? This question is to actual modders.
Google has made a mess of thus, if they stop him from distributing with the apps it's only going to get *waaaay* messier.
Click to expand...
Click to collapse
gospeed.racer said:
wont that person then be "under-fire"?
Click to expand...
Click to collapse
At this point we're talking warez, and though I won't advocate warez, when was the last time you saw Ahmed Ahmed Ahmed from Iran get persecuted for distributing warez?
Remember that the US government can't even find Bin Laden....
Or the apps can be pulled by the users from *legitimate* images, like ADP1. This, at least, is legal for owners of ADP1's for use on ADP1's.
Frankly, adding a step to complicate the process would probably go at least a little way in getting the super-noobs out of the game. They get *really* annoying.
Oh FYI: I got that board you sent me more-or-less cleaned up now, going to start mapping it out soon.
setupr said:
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
Click to expand...
Click to collapse
Exactly. It is incredibly simple.
unzip (official-update.zip) /path/to/file1toextract /path/to/file2toextract ... /path/to/filentoextract
zip -g (mod-rom-update.zip) /path/to/file1extract /path/to/file2extract ... /path/to/filenextract
java -jar testsign.jar (mod-rom-update.zip)
Then just copy file to /sdcard/, recovery, flash, done.
Yeah, I know that us modders will continue to be doing the same thing and continue on, I know they aren't going after the entire community. It was for distributing the new Market app before its release as I understand currently. Hell, all I would do I an adb pull from a rom and push it into a new release. Just like I will be doing with the Market app if he can't put it in another release haha.
However the point of this thread was not to see if Google had the right to do that, they did. It is that simple. It is their proprietary code that was released early, by cyanogen, but I think it is unnecessary. The point of it was to support cyanogen for more ideological reasons, this community pushes the development at a rapid pace. My Dream would have been a nightmare without the likes of JF, haykuro, cyanogen, Dude, etc. With cyanogen releasing Donut in his builds, our community has been pushing developers to up their support to it and fix bugs relating to 1.6 before it is pushed as an update. The same thing with the Market app applies, how many of those apps have screenshots already? Why alienate the true heart of the device, we are basically beta testers for those of us running experimental roms. I understand the Google position, I just wish they would see that no harm, no foul.
And don't equate the amount someone posts to the boards to their understanding of a situation. There are quite a few people that just get the ROMs, run them and can use a search button if they have problems.
holy cow batman, flame much? Some people lurk for a long time before registering such as I.
I agree it's a small issue, and cyanogen is probably already working on it at least based off of his twitter. However, it doesn't matter what you or I feels about the licensing, nor even what the courts would interpret were it to get to that point.
It however, is very inappropriate to be ad hominem and/or bar threatening to people over this issue, basically getting worked up yourself. Honestly, playing seniority and insulting my schooling? I was not trying to be threatning to you, simply pointing out that you are not a spokesperson for interpreting a software license. Really, it's like you went into an emotional rage the minute cyanogen got the C&D.
Cyanogen in trouble
I can't believe Google is pulling this crap. I can only hope that Google is smart enough to work something out with Cyanogen so he may continue to share his awesome developments. I would expect some restrictions, but they need to work with him and let him do his thing. Otherwise, where's the incentive for anyone else following in his footsteps to make programs better for Google?
setupr said:
If the binary files in a existing ROM can be used by cyanogenMod, what we need is a tool to reuse them in cyanogenMod. Am I wrong?
Or is it rebuild from source code ?
Click to expand...
Click to collapse
Maybe this is the answer?
cyanogen : And regarding the keep-proprietary-apps-on-device-for-custom-rom install, with all the odexing and resource id mismatches... Ugh.http://twitter.com/cyanogen/status/4384352484
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
andrewluecke said:
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
Click to expand...
Click to collapse
First off: Who's to say the original developer can't put this so-called "dodgy code" in their own apks?
Secondly: The Android marketplace doesn't have any strict rules as to what someone can post, and the code isn't even checked. You have just as high a chance of getting this "dodgy code" from any app you download straight from the market.
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
andrewluecke said:
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
Click to expand...
Click to collapse
Are you familiar with modifying an APK? It is not nearly as easy as you make it seem. If the developer doesn't release the source code, it can't easily be functionally modified minus a few graphics and the like. Not to mention, this is how the iPhone jailbreak system works in regards to getting content. And has been going on with PC for years.
I really do not think it's something we have to worry about. Just install an anti-virus on your phone if you're worried.
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Good thing to raise awareness among users, but alas - most of them don't even bother to read the permissions requested by apps downloaded from the market.
There are actually quite few people that have an idea of what could happen if they had a rouge app on their phones. I recently tried to give a similar general warning in another forum that people should take care when flashing "beta" firmwares downloaded from some hosting site and not from the developer... You think most of them cared? Sadly they didn't...
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
andrewluecke said:
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Click to expand...
Click to collapse
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
APK's are not open source and cannot be decompiled and edited. The only way for what you are suggesting can happen, to happen, is if the APK in question had its sources released so someone else could release an edited version of the program, made from scratch, in java.
"can probably" is not very sure. The chances of someone posting a completely separate app with the name of a well known app is much more likely than someone editing an existing app (assuming the sources were available).
If you have no clue about android apk development why even bother arguing?
opensourcefan said:
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
Click to expand...
Click to collapse
Agree 100%. Much better said! You don't know who's releasing what, so watch what you're installing and just make sure it looks like the program you were looking for in the first place..
Electroz said:
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
Click to expand...
Click to collapse
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
2 options to make sure ur safe :
1. Dont install root applications (they require 0 upfront standard android api permissions hence u won't know what its doing behind the scenes)
2. Install apps by transferring them to ur phone and using the package manager, that way you can see standard permissions (if any) and judge accordingly.
You know what would be cool, if superuser could log the "su" commands a root requiring app executes
Daneshm90 said:
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
Click to expand...
Click to collapse
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
If its a non-root requiring app then yes, it must disclose its permissions prior to installing it through package manager not if u use adb to install.
You just have to judge, if a wifi toggle app is asking for email/sms permissions, you might want to be careful
As for root-requiring apps, theres not much you can do other than read reviews for that app or decompile and try to understand what its doing behind the scenes.
Electroz said:
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
Click to expand...
Click to collapse
It's quite easy to modify disassembled app code as well - trust me ;-) Also I think we will have possibility to decompile to Java code in the future.
Just don't think of your phone as a smaller PC (especially Windows), because this isn't true. There will never be antiviruses for Android and your only protection are permissions. Anyone could create market account and upload malicious app.
About game companies: they usually write in native code and it's really hard to decompile (or maybe even impossible for now). Besides... did you heard about gameloft's recent games? They're really awesome. Note that first 3d-gaming capable Android phones were released just ~10 months ago, so it's still quite early.
leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
It should, however, what if it is an alternate launcher, in which case, you'd expect it to be able to send SMS's and make phone calls. That's all fine, until you realise the copy of launcherPro you downloaded using a multi-upload in XDA is having phone sex with a russian operator costing you hundreds of dollars.
It's actually good Brut spoke here. Brut[Maps] is relevant, because it introduces new features which distinguishes it from Google's version. However, can we trust Brut as much as we can trust Google? He seems trustworthy yes, but as trustworthy as Google? Questionable. (Btw Brut, good work on your mod). Of course, his mod does have considerable benefits showing he is interested in helping the community and he hasn't caused any problems thus far. That only means his official multi-upload posts are safe though, if I repost them elsewhere, you shouldn't trust my copies.
It's common sense that programs should pass by as few hands as possible to remain secure. We need to build awareness about security practices (particularly for business users who may compromise their companies security or information). I'm not saying all rom's are safe.. Think about it though, if an APK is already readily accessible, why would someone go through the effort of re-uploading it?
Furthermore, we should encourage people using their phone's for important purposes to use the official Kies releases, not random firmware's available from Samfirmware's (which may not even be final versions).
Remember, trojans are common in the warez world, and it's better to change the attitude of the community before they become a problem here too (otherwise, people will be stuck in a poor mindset that compromises herd immunity). XDA is a website targeted at the technical crowd, and we should set a good example.
@Electroz. Haven't disassembled them myself, but checked a tutorial. But someone has responded already anyway.. Just because I don't have experience doing it myself anyway, doesn't mean it isn't widely known to be possible.
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
i think we are pretty safe with those
however... it's suck if they run in the background all the time eating the juice+cpu power away
Anti-virus only helps for known trojans anyway, and since so few people have it installed, it doesn't help much. When Android has it built in though, it may be more useful.
Anti-virus should be considered a last line of defense anyway. And either way, I'm not concerned, because I try to minimise the risks of my own sgs. However, it's a concern that people here don't believe such a risk exists, and are actually encouraging a global attitude which might make the Android population ripe for social engineering attacks in the future.
@andrewluecke
I understand you, I don't say there is no problem with security. I say it doesn't matter you will get malicious software from mirror or Market itself. We could assume apps downloaded from WWW are more dangerous, but this problem is general one: people should be cautious whenever they install something with critical permissions. If they won't they will have problems anyway - it's just a matter of time.
I agree with you: it's important to aware people of that problem. This is actually only one thing we can do: be aware and cautious.
Ahh and in many situations it's possible to protect yourself against problem with redistribution. First, you could check md5 - many developers give it to people, I do. Second: signatures. Each app is signed by its author, so you could check its authenticity. You could check signatures of downloaded apk using public key uploaded by dev to his WWW or using "safe" apk you downloaded earlier. Unfortunately there are no tools to do that easily :-/ Also Android does this check automatically when you install new software. So if you have installed e.g. GM modded by me, then you have downloaded new version from some mirror and succeed at installing it, you can be sure it was also from me and nobody modified it.
AllGamer said:
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
Click to expand...
Click to collapse
Hmm? I think it's impossible, cause apps can't get to data and resources of others apps. And creating an app for root users only wouldn't have much sense.
I have found Norton Smartphone Security for Android and it's anti-theft protection, not anti-virus.
I'm not a coder and came from IT field so I have lots of general questions about apk security and found this thread...great discussion. TY
Just a general question about apk security...how easy is it to alter apk for malicious intent? And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone? ...just kinda scary to imagine
the news about android virus gets me nervous about installing any apk released from any individual
http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/
kobesabi said:
how easy is it to alter apk for malicious intent?
Click to expand...
Click to collapse
Quite easy for a good developer.
kobesabi said:
And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone?
Click to expand...
Click to collapse
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Brut.all said:
Quite easy for a good developer.
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Click to expand...
Click to collapse
Wow, scary. Unless there is something else, that they can't get away, I don't think banning would deter much, they just laugh at the weak security as a fun challenge. If they already got tons of ip under their control...banning by account, ip, or email will not help much...they can always get new ones.
Is there a way user can authenticate/verify apk signing from authentic author/writer? Many just post apk but did not post md5 or sha sum so how can a user find out if it is original or not?
Anyway to test these apk without loading up to real phone?
So when the kernel is released what will that mean for us. What kind of things can we look forward to?
Is pending some license/certification completion issues.
Thats what my email from elocity said in my latest response from them. Hoping it's sooner than later. Even explained in the email why getting the kernel released would be good for thier business. They need to deliver something whether it be the A10, the kernel or upgrade options. Wonder how possible that would be. Send your A7 in to get the multitouch screen put in. Anyways when I hear anything I will post more.
With kernel source every developer could:
- make a full ROM (kernel + any version of Android from released sources)
- improve stability and performance
- fix issues before official techsupport
- add new features
That's so important!
If we would get kernel source in summer - that might be too late. Many eLocity owners might change their devices to new Xooms, Flyers, Asus eeePads, Samsung 8.9s and etc...
That is basically how I worded it in my email, pointing out that everyday more people are selling thier a7's and getting a different device. And that if they released the kernel it would practically eliminate that. Also that thier company needs to release something soon, yet to see any branded accessories a10 is delayed and our a7 we want the kernel. give us something before you lose your future market.
I think they have to much on there hands with a10, maybe after they will release something for the a7, keep your fingers crossed
smallba said:
I think they have to much on there hands with a10, maybe after they will release something for the a7, keep your fingers crossed
Click to expand...
Click to collapse
Zipping files and emailing them takes about 2 minutes ... doing so will relief them from working more on the A7 has the community will be able to developpe stuff for the A7, otherwise the A7 will just die there.
I suggest we all email [email protected] and ask for those files to be released ASAP.
I would even say that someone just write an email template to copy and paste that email
If they care about having a future market the sooner they release the kernel the better.
masterfred said:
I would even say that someone just write an email template to copy and paste that email
Click to expand...
Click to collapse
Here.
Code:
Code:
<a href="mailto:[email protected]?subject=Petition for release of A7-040 kernel&[email protected]&body=This message is a petition to release the A7 kernel for independent development.%0A%0AThis will show good faith to your existing customers, and keep them around for the release of your future products.%0A%0AIf there is a issue with a petition being carried out this way please let us know on the A7 section of the XDA forums.">
Result yielded:
To: [email protected]
BCC: [email protected]
Subject: Petition for release of A7-040 kernel
Body:
This message is a petition to release the A7 kernel for independent development.
This will show good faith to your existing customers, and keep them around for the release of your future products.
If there is a issue with a petition being carried out this way please let us know on the A7 section of the XDA forums.
----------------------------------------------------------------
I am not going to make this live, I don't know what kind of legalities would be involved if eLoicty found a flood of e-mails harassing.
You might want to add that XDA and Dexter are even in big reseller's review (Aka Tiger Direct) ... wich is mainly why people would buy an A7 has of today ...
masterfred said:
You might want to add that XDA and Dexter are even in big reseller's review (Aka Tiger Direct) ... wich is mainly why people would buy an A7 has of today ...
Click to expand...
Click to collapse
I am not publishing it anywhere, I just made the template and created a Gmail account to track how many people use it, if any.
Like I said in the post, I don't know what kind of legalities would come into play should eLocity deem it harassing. With the whole thing being able to be composed and sent in 2 clicks I can see it being easily abused. I don't plan on being the fall guy should it result in thousands of messages.
Not to sound like an idiot but how do I post this.
rombold said:
Not to sound like an idiot but how do I post this.
Click to expand...
Click to collapse
1.Copy contents of code window.
2. Paste into HTML document.
3. Remember that you are the one responsible when eLocity gets angry.
Dexter what are your thoughts on this?
Here is an encouragement from eLocity Team :
Regarding the kernel information, I have been working to get our overseas team to release it so developers can really take the A7 to new heights. I am hoping to be able to share the kernel info soon and will certainly reach out to Dexter, the XDA community and others so they'll have a new tool to make exploring and developing easier.
Click to expand...
Click to collapse
Don't abuse those emails, but for sure, we're making a difference, if it's done properly, I can't imagine a company being mad for receiving interest in their products ...
Sorry, I didnt see this thread when I posted the other new thread...but there is some slightly newer info there.
Kernel
If they release the code does that have any impact on anny new releases of the OS for the A7? Are we assuming the eLocity is done? Is there any chance for a major upgrade before they are done?
@masterfred: your quote from them confirms all my suspicions.
"Over seas development team" my ass. eLocity is just a reseller, at most installing a different launcher and fielding (not to the best of their ability btw) the tech calls. Compal has been the ones pulling the strings the whole time.
So where does it go from here? I have very little faith that Compal will be on any rush to help the development community. They even backed out of marketing this tab under their own branding. I don't trust companies that operate from.the shadows like that.
elocity a7 source code
If you google the whats above you will find many places that reps stated elocity plans to release the source/kernel so keep smiling and be patient.
rombold said:
elocity a7 source code
If you google the whats above you will find many places that reps stated elocity plans to release the source/kernel so keep smiling and be patient.
Click to expand...
Click to collapse
Yeah, they are probably waiting for Compal to release it to them.
Finow has seen fit to use the work of face creators without permission, credit, or compensation. Finow has even gone so far as to remove copyright notices, as well as logos and other identifying marks on some faces. Use of such faces helps sales and results in profiting from copyrighted works they do not have rights too. Even under a lose interpretation of copyright law, this is well outside of fair use and copyright. This is not the first time Finow has done this.
As recently as July 6th 2016 Finow was asking for permission to use faces even though they had already put the faces on their server again.
So to outline our experience with Finow;
Refuses to fix critical issues
EOLs devices they are still selling
Steals copyrighted works to promote their device
Removes copyright works after confronted
Asks to use copyrighted works while putting the works back on their server.
What we the got in return were empty promises of fixes and device support, and a couple of firmware zips.
So the question is, considering Finow's actions do we end our partnership with Finow and do what we have been doing since the beginning. That being trying to fix issues ourselves
Video of faces Finow has arbitrarily put on their server more than once
Iam surprised you didn't get a sore finger scrolling through all them lokifish marz ,but yes not good at all, last they could do is follow through with there promise of fixes.
Sent from my JAZZ using Tapatalk
Don't think I'd stay friends with them in r/l....
Just a quick word about sending your clockskins out in collections or zip files.
There are some people around collecting the skins for vendors to use on their watches and make profit from these faces without a thought for the work that has gone into making them.
The bottom line is - if you don't care that a huge manufacturer is making money from your work without any recognition to you for your effort - then go ahead and hand them out.
Other wise leave them as single attachments to your posts and be wary of anyone with one or two posts who asks for a "collection of watch face files".
My advice - as we have just had hundreds STOLEN for corporate use - keep as single attachment and even digitally sign the work.
Personal use is one thing but corporate theft is very nasty indeed.
You have to wonder why someone with forum stats like these below would be asking for a dump of files:
Total Posts: 1
Posts Per Day: 0.24
Number of Thanks: 0
Find all posts by ******
Find all threads started by ********
Find all thanked posts by *********
General Information
Last Activity: 3rd July 2016 04:24 AM
Last Login: 1st January 1970 09:00 AM
Join Date: 3rd July 2016
Referrals: 0
Pablo11 makes a good point, but still this is a situation where you are "damned if you do and damned if you don't" even if you post the skins one at a time they could download them and use them anyway. The only possible solution is to digitally sign the watchfaces. The most remarkable thing i have noticed about finow is that they just "dont give a f**k" about the people who are buying their product. It doesn't seem like a serious company at all. So im guessing that most of us that bought the finow watches are pretty much up ****s creek without a paddle hahaha
Buuuuuuuuuttt for some happier news if you guys that are making the watches want to digitally sign the files that make up the watchfaces in my experience as a software developer we could do it in a couple of ways the easiest is probably signing them with simple self signed X.509 Certificates using OpenSSL. For the image files hiding the signature using steganography and in the xml file it would be added as a xml tag at the bottom. Its not a perfect solution but it should work for now
If there is some interest in an application that could do this i think i could probably put together a simple signing app in a mater of 1-3 days for you guys. The only reason i'm offering is since i don't want you guys to stop making the watchfaces, since i'm not that particularly artistically inclined.
Anyway as i said if u want it i can make it pretty fast and an app that stamps all the files with a digital signature is better than nothing right?
I posted info on the G+ community dealing with using steganography and embedding data in the meta when creating the face. There is legal recourse in the situation as well. Under China law, images are copyrighted upon creation without the need for formal registration and fair use doesn't exist there.
Update: i'll start working on an digital signature app for this as i talked about in the Previous post and put it up in a new thread once ive made a functioning alpha so you guys can start using it.
ado_dado said:
Update: i'll start working on an digital signature app for this as i talked about in the Previous post and put it up in a new thread once ive made a functioning alpha so you guys can start using it.
Click to expand...
Click to collapse
Much appreciated. Thanks for your effort :good:
Hi again guys, as you probably already figured out the app for digitaly signing the watchfaces has stuc a litle bit. The issue is with the alpha channels (transparency) in the png files for the steganography part. The alpha channels get a bit messed up sometimes. But i have hopes that it shall be overcome i have been discussing the problem with a coleege and he gave me a couple of ideas that im gonna try out when i get home today so if they work then it can be uploaded here for you guys to try it out in a mater of a day or two. I appologize for saying it would be done in a couple of days i didnt account for unforseen problems as the alpha channels problem in my initial time estimat.
ado_dado said:
Hi again guys, as you probably already figured out the app for digitaly signing the watchfaces has stuc a litle bit. The issue is with the alpha channels (transparency) in the png files for the steganography part. The alpha channels get a bit messed up sometimes. But i have hopes that it shall be overcome i have been discussing the problem with a coleege and he gave me a couple of ideas that im gonna try out when i get home today so if they work then it can be uploaded here for you guys to try it out in a mater of a day or two. I appologize for saying it would be done in a couple of days i didnt account for unforseen problems as the alpha channels problem in my initial time estimat.
Click to expand...
Click to collapse
All good - very happy that you are doing this :good::good:
[Tool][Windows] WDS
Hi guys, ive finally made an alpha of the signing application. It signs both xml and png files, the signature is based on an self signing certificate that is saved on the hdd as a file ".pfx" i choose this approach because then you can keep both the app and the certificate on an usb as backup. This is a link to the thread i started for the application here on xda forum. Im not sure i posted it in the right forum category but if i did not and an admin moves it then you can search for "[Tool][Windows] WDS".
http://forum.xda-developers.com/sma...tches/tool-watchface-digital-signing-t3421872
Try it out and let me know in the thread of any improvement suggestions or bugs you guys find.