Is it safe to install an banking app like ING Internet banking on a custom ROM?
Oh my god. Just delete your post.
Sent from my GT-I9505 using XDA Free mobile app
troullis2004 said:
Oh my god. Just delete your post.
Sent from my GT-I9505 using XDA Free mobile app
Click to expand...
Click to collapse
His question is less dumb then it looks. It's not that hard to build an keylogger or something into a custom rom. Most people here will install just about anything if it looks shiny.
Not to long ago we had a rooting method that was sending data to a server. People would still use it tough.
Always use your brain when you flash something.
In short: Yes it's safe to flash a custom rom.
Lennyz1988 said:
His question is less dumb then it looks. It's not that hard to build an keylogger or something into a custom rom. Most people here will install just about anything if it looks shiny.
Not to long ago we had a rooting method that was sending data to a server. People would still use it tough.
Always use your brain when you flash something.
In short: Yes it's safe to flash a custom rom.
Click to expand...
Click to collapse
I agree. This isn't a dumb question at all.
And here at XDA we don't jump on new members who ask questions. It's rude and makes this site an unwelcoming place. That's not what XDA wants to portray to new members.
This is a sensible question from a user who is properly investigating his risk for identity theft. That's a good question, not a bad one.
As for the answer, well like anything it all depends.
99% of all developers are good people doing good honest work. (And its' probably even higher than that) But there's always that one jerk who tries to take advantage of good trusting people. So you do have to watch out for that.
The main ROMs that are popular and have a long history are completely safe. Cyanogen, Carbon, etc etc etc. These are developed by teams of people who work together and are screened by the ROM dev team before they are allowed to become official maintainers of a ROM. Those are all almost completely safe.
The only place I'd be concerned is when you have a one off developer building his own ROM from source who's working alone. That's where the risk is. And again, 99.99% of those developers are honest. The risk is very minimal. But it exists.
But bigger than that risk is your keyboard. Are you running a third party keyboard? Developed god knows where by god knows who? Just something you downloaded off Google Play? That's probably a bigger risk. I'd never use a 3rd party keyboard to enter banking information. It's WAY too easy to build a keylogging system into a keyboard. That's where the keyboard selector switch comes in handy. You can switch to a stock keyboard quickly to enter banking info then go back to the one you like.
Again, the risk of a Keyboard downloaded from Google Play being a keylogger is low. Very low. But it could happen. And even though it's a minimal risk, it's a risk you should be aware of.
The biggest risk to running a banking app on your phone is losing the phone itself. If you lose it and someone gets past your lock screen (not the most difficult thing in the world) they have access to your banking app. So NEVER save passwords on your banking app. Enter it each time.
troullis2004 said:
Oh my god. Just delete your post.
Sent from my GT-I9505 using XDA Free mobile app
Click to expand...
Click to collapse
Oh my god, if youre a rich twat that doesnt mean people dont care about their hard earned money. Money is just not swag my friend.
His concern is genuine and please be nice to people out here. You dont own opinions and thoughts that people have. Everybody is as free here as you are. So kindly let people clear their doubts.
swa100 said:
Is it safe to install an banking app like ING Internet banking on a custom ROM?
Click to expand...
Click to collapse
●Well devs are pretty nice here thus only download firmwares from their threads and no other site. The links mirrored by them or in their official threads are to be used and thus they also mention that do not create any other mirror link. Never doubt a developer here. People here are a family.
●Never root (as it was widely publicised here) via kingo and vroot or root genius, they take anonymous data and idk what all they do. They were banned by xda too. Vroot is still banned.
●Plus keyboards are only to be downloaded via playstore as google has a software called bouncer which regularly checks for malicious content and coding in apps. Though bouncer has been fooled, but google devs and execs are cool too
Plus a swiftkey team or the go team wont want a bad reputation. Because so many people trust them.
The only way to inject a keylogger in your phone is via other sources apps. Any app can have it. IMHO it is always better to pay for the apps than downloading the cracked versions from shady websites.
●Always have way of cleaning your phone online or oia sms or anything. Google administrator (app) provides such service and so does samsung.
Thus if it gets lost or something, you can always wipe it or lock it online or just by sending a sms.
The only way to keep you safe
Sent from my Ozcan GT-i9500 using XDA mobile app
Hey all, thanks for your reactions. I'm using the custom ROM from broodplank, a xda-recognized dev and I'm using SwiftKey.
I asked this question because I was indeed not sure if I should be afraid for keyloggers and stuff like that.
So, in conclusion, I should not be afraid and I could safely use Internet banking on this ROM, with this keyboard?
swa100 said:
Hey all, thanks for your reactions. I'm using the custom ROM from broodplank, a xda-recognized dev and I'm using SwiftKey.
I asked this question because I was indeed not sure if I should be afraid for keyloggers and stuff like that.
So, in conclusion, I should not be afraid and I could safely use Internet banking on this ROM, with this keyboard?
Click to expand...
Click to collapse
Yes you can. Without a doubt.
But keyboard only from playstore. And rom only from XDA threads.
Sent from my Ozcan GT-i9500 using XDA mobile app
Thing is
Coming onto a developers forum and asking if we include keyloggers in our work is kind of offensive or if its safe to use our work with banking apps (which gives the impression he thinks people like myself are trying to steal his info)
The fact that a user thinks we would do that in an open source environment means the op has not bothered to educate themselves before doing anything
I don't think you should see it like that. By flashing custom ROMs I think I show my trust in devs. I just have no clue how vulnerable these ROMs actually are.
After all, it's the safety of all my money I'm talking about.
DSA said:
Thing is
Coming onto a developers forum and asking if we include keyloggers in our work is kind of offensive or if its safe to use our work with banking apps (which gives the impression he thinks people like myself are trying to steal his info)
The fact that a user thinks we would do that in an open source environment means the op has not bothered to educate themselves before doing anything
Click to expand...
Click to collapse
He wasn't in a development thread. He properly posted in the correct general forum.
He didn't accuse anyone of anything, especially not you specifically.
He very well may not even know what a keylogger is and is just being reasonably precautionary to learn what the risks are before proceeding. And he may not believe that a rom developer would include malicious code but perhaps just wondered if a custom rooted rom was more vulnerable to attack by a third party after install than a stock closed source rom. (A legitimate concern because a rooted phone IS more vulnerable to attack if the user just grants superuser permissions to any and all apps that ask for it)
No specific accusations were made or devious behavior insinuated. So don't take his legitimate question so personally.
If it bothers you so much that anyone would worry about their bank account in a time when accounts get hacked regularly....try explaining why its not a major concern to install a custom rom.
Give a developer's viewpoint on what the risks could be and how you mitigate those risks by specifically not including malicious code. That would go along way to help nervous rookie modders feel comfortable about using work found on XDA. And it would go alot further than "my rom is safe because I said so".
Err..I never said anything about posting in a development thread...no idea where the first part of your post is in response to
I never stated he accused me of anything either
In your eagerness to correct me (and failing) you have gotten ahead of yourself
Its not down to me to give any viewpoints or any info about malicious code. This is a developers forum. Its down to the user to educate themselves
(A legitimate concern because a rooted phone IS more vulnerable to attack if the user just grants superuser permissions to any and all apps that ask for it)
Click to expand...
Click to collapse
you dont see the problem with that sentence?
DSA said:
Thing is
Coming onto a developers forum and asking if we include keyloggers in our work is kind of offensive or if its safe to use our work with banking apps (which gives the impression he thinks people like myself are trying to steal his info)
The fact that a user thinks we would do that in an open source environment means the op has not bothered to educate themselves before doing anything
Click to expand...
Click to collapse
Well there have been incidents when things like data leak have happened in XDA. Not because of you, the awesome developers, but because of the rooting methods and other methods and apps that were shared.
Keylogging is pretty easy, well atleast not that a task.
Thus talking about keylogging and other vilnerabilities is banned here too.
Plus when youre rooted, the vulnerability increases a bit.
That is why developers, mods and admins repeatedly explain and tell why warez and other sources apps should not be shared here. First, because you dont know what has been shared, with what coding and another point of condemning warez here is that you cannot just share someones hardwork for free here.
Example : KingoRoot, Vroot that were popular on XDA were banned by XDA Devs because of data leak that were reported and discovered by them. Mods and Admins are pretty cool you see.
If the OP wants to get educated and feel safe for a future relationship with XDA, I fail to understand why can't we just take this as a normal question and be done with clearing his doubts.
Everybody has doubts and they ought to be cleared.
Plus this is XDA, there are n number of sites replicating our devs work and you dont know what is coming for you next.
Thus, we were educating the OP how custom roms made uploaded on XDA are 100% safe and not how custom roms are safe. You as a developer are not being framed here.
Sent from my Ozcan GT-i9500 using XDA mobile app
Related
hello, i've made an Automated Atrix ThatRom Installer.
This script will help noobs to do everything without any troubles.
The file is a rar archive with all firmware files + installer.
here is a link http://www.mobile-inform.com/content/view/1148/1/
this is early alpha. you take all responsibility on yourself. I do not recommend you to use this rom, but if you still want to use it - here it is
UPD Updated To ThatRom v2 (AtrICS)
all thanks to the author of ThatRomv2 (AtrICS), i made only the Installer!
With best regards
the_fly
I don't think that it's a good idea to make an automatic installer of something that it's no stable for someone who doesn't even know how to use fastboot nor flash a zip. Maybe when this finally reaches the stable "level", then you should do the Installer.
BravoMotorola said:
Maybe, until you're not annoying, you should stfu. Seriously stop trying to tell people what to do.
Click to expand...
Click to collapse
Wow dude, that was really uncalled for. He is actually right because now the op has put himself in a position to be harassed by anyone who tries this and messes up their phone even though they should and do know the risks. He was just trying to be helpful, he wasn't attacking the op for making it.
I agree making an unstable, untested, developer test build easily available to newbies is a very bad idea. If they can't at the VERY least learn how to use fastboot and adb, they should come nowhere near this ROM. Unless of course you really want to be held responsible for dozens of bricked and/or unusable phones, and be expected to provide extensive support at all times.
if they are noobs - it is their problem. Everything is written befoure me.
Everyone takes responsibility for their actions.
There were several noobs who were crying about ICS even if they do not know what to do. and they are happy now, despite the bugs.
I am not, but i made for those who are. I am not going to tell anyone to install it, i did only help, but i suggest nobody to install it.
It doesn't work and you know it. It's as if there was some paid software that people want, and you made a crack/patch for it, and then you say you don't advise using it. Do you really think people will stay away just because you advised so? No, they won't. In fact in that case your disclaimers make no difference whatsoever, you are equally at fault for making it available as they are for using it. Why do you think all anti-piracy companies always go after crack makers and distributors and not so much after users? I mean many crack makers also advise against using their cracks. But people are stupid and never listen, and in in the eyes of many crack makers are the original offenders.
Or if you want a different analogy - go find a mentally unstable person who can't really think straight (may seem offensive but noobs who want test builds on their phones clearly do not know what they're doing), then place a bottle of some drugs and a fresh needle within easy reach, and then tell them you advise not using it. Observe what happens.
IMO this kind of things are best dealt with preemptively, by not even making the potentially controversial stuff easily available.
you see, i've made first script of unlocking the boot a year ago. a lot of peole thanked me. they were happy - they unlocked once and than used other ways to change the firmware. They were noobs, but happy noobs. 18 000 downloads (i think some of them were same persons, for example me - while i was testing, or when i was unlocking for my friends), but only 4!!! broken phones. 2 of them caused by bad motherboard and 2 of them by ignoring the manual and all the warnings.
This one is more easy one. less questins. less work. just use it.
and if person already have unlocked boot there will be no problem with this FW
and i want to mention it again some users are happy enought with this fw. Some do not have reboots, some have but for them it is ok.
You should tell everyone that this is a very alpha rom. It does run without multiple reboots for most people per the forums. I personally have tried all methods and cannot get it to run.
I appreciate your efforts but this is not something that noobs will get any value from. You should be very clear upfront.
Sent from my MB860 using xda app-developers app
agurzhiy said:
hello, i've made an Automated Atrix ThatRom Installer.
This script will help noobs to do everything without any troubles.
The file is a rar archive with all firmware files + installer.
With best regards
the_fly
Click to expand...
Click to collapse
Thanks agurzhiy!
I am a proud noob who used your unlock script and will use this one.
For all the pros which have a problem with this- you have the same approach as Motorola - "It's complicated you can't understand this". It's my choice what to do with my phone and agurzhiy providing us noobs with a possibility to participate in the effort to make it better.
The bottom line is instead of criticize why don't you spend this time and energy on creating and helping the community. Remember you were ones noobs too.
Sent from my MB860 using xda app-developers app
e07015 said:
You should tell everyone that this is a very alpha rom. It does run without multiple reboots for most people per the forums. I personally have tried all methods and cannot get it to run.
I appreciate your efforts but this is not something that noobs will get any value from. You should be very clear upfront.
Click to expand...
Click to collapse
i think everyone knows that it is alpha rom. nobody is going to install a script if if nobody knows what's inside. But i will add that it is alpha
ComX said:
For all the pros which have a problem with this- you have the same approach as Motorola - "It's complicated you can't understand this".
Click to expand...
Click to collapse
You're missing my point entirely here. But that's okay. I don't want to argue anymore.
Is this just a fastboot script or an bootloader unlocker and ram fix etc etc
ravilov said:
You're missing my point entirely here. But that's okay. I don't want to argue anymore.
Click to expand...
Click to collapse
I do not think that this is an argument. It is more like sharing different views on a subject.
I know what you mean, you want to prevent (or at least warn) noobs from taking the risk of bricking their phone and you are right 100%. But let me ask you how many of XDA readers are dumb enough to download some thing like this without reading at least a bit about it(*). Give ppl a little credit, most of us will stop on red light although it is possible to continue. Take me for example: I wanted to use nebtop but had a difficulty to understand how to root. Than mramirezusa came out with Automatic bootloader for noobs like me and boom - now I'm using the atrix as a streamer and without this tool I couldn't do this on my own. My point is that having a possibility to do stuff is highly appreciated.
* Ryan Dunn: If You Gonna be Dumb - You Gotta Be Tough.
this is a fastboot script to make it faster and easyer for a noob
UPDATE:
added the 32 bit version for x86 Windows
agurzhiy said:
UPDATE:
added the 32 bit version for x86 Windows
Click to expand...
Click to collapse
Dude, you've only been thanked here 7 times... Stop thinking so highly of yourself.
Unless you are going to stick around the forums helping these guys out when they have issues with your release, because they won't have anywhere else to go, and because other devs are busy with their own stuff, than you should probably refrain from posting anything that makes it easier to flash dangerous software.
Unless you're willing to help "guy xyz" (since quotes seem to be in) on "page 74" when he asks again, "why am i having video issues after flash", because your main post lacks important details and explanation and your web link is not multi-lingual, please refrain from posting content which could be perceived as harmful to use.
Any good software community recommends first releasing to a smaller test group in order to work out major bugs and minimize any potential impact the software may have on the device... And, any good service community would recommend first releasing to a smaller test group in order to create a base to compare full deployment scenarios against... In no cases would they make it easy to install buggy software on devices of users who can not adequately report issues during alpha stages of software.
Why is it so hard to understand how that applies here?
Zeljko1234 said:
IMO, you should stop spending so much time here on the forum arguing with people. Don't get me wrong but your posts are usually quite offensive (example what I saw today). You post almost in every thread, smartassing noobs, playing to be moderator... If you know something, share it, if post or thread is against the rules, report it.
Now you're arguing with guy who made first script of unlocking the bootloader and in the same time insinuate that many of xda members are just dump.
Forum, especially xda, is about sharing knowledge not giving useless advise/comment or to google it.
P.S.
Sorry everyone for off topic.
Click to expand...
Click to collapse
We try not to feed him, Zeljko1234... Just let him be.
Your point is well deserved; but don't feed the trolls.
knigitz said:
Dude, you've only been thanked here 7 times... Stop thinking so highly of yourself.
Unless you are going to stick around the forums helping these guys out when they have issues with your release, because they won't have anywhere else to go, and because other devs are busy with their own stuff, than you should probably refrain from posting anything that makes it easier to flash dangerous software.
Unless you're willing to help "guy xyz" (since quotes seem to be in) on "page 74" when he asks again, "why am i having video issues after flash", because your main post lacks important details and explanation and your web link is not multi-lingual, please refrain from posting content which could be perceived as harmful to use.
Any good software community recommends first releasing to a smaller test group in order to work out major bugs and minimize any potential impact the software may have on the device... And, any good service community would recommend first releasing to a smaller test group in order to create a base to compare full deployment scenarios against... In no cases would they make it easy to install buggy software on devices of users who can not adequately report issues during alpha stages of software.
Why is it so hard to understand how that applies here?
Click to expand...
Click to collapse
Why don't you argue with epinter or any other person who put ThatRom?
Why are you arguing with me?
i made the thing easier, but i am not responsible for the uncomplete software. some people are lazy to use fastboot, but they know how to use it (i have flashed my phone 3 times while testing some of options to find out how it works)
other do not have enough knowledge to flash, but it's thair dream to have it, they are ready for the bugs and they alwas can ask me to help them to flash any other FW. And if they have unlocked boot - they can use CWM.
And the last group - the people who are just afraid to install after a lot of information about locking bootloaders. In russian community forums i've read 10 such questions from people who i know, from people who know how to use fastboot.
And if person do not want to install it - he may not install it!
I'm thankful to everyone who share knowledge. Even if I don't use everything, I usually download or read just to learn how. Without such guys, Internet itself will be mostly useless.
Do not blame anyone (especially epinter) for your mistake. He and many others guys spend a lot of their private time to figure how to do something, developing, supporting... and then sahre for free! As I can see, very rare they get donation. Almost never for the most loudest complainers which just wait that someone else will do something for them.
As I explained, as long as you are willing to stick around and help people with issues they encounter after flashing this, and provide more detailed instructions that people can read in your first post, it's not an issue.
Low thank count makes the more seasoned members cringe, as people release stuff that brick phones then disappear (it happens), leaving the community in a state of unrest trying to figure out the full impact of an unmaintained release, how many users were affected by the release, and a common way to fix the issues, and it leaves it up to other developers to explain to every xyz person to read this thread, read that thread, or flash this to fix.
Sent from my MB860 using Tapatalk 2
I'm keeping a track of how many requests we get relating custom firmware, and from what I'm seeing the user base is not as interested in custom firmware as you might think, which is echoed by this thread (we've shipped 60,000+ units, and less than 10 people have commented in the last month in this thread about getting access to recovery mode).
That doesn't mean that we're shooting the idea down, you need to keep in mind that in terms of priorities this is way down the list as you'd expect from any feature where it's being requested by less than one tenth of one percent of the user-base.
I'm sure @Wajeemba is familiar with CM requests that a very small minority of the user-base are very passionate about, so hopefully you can understand why we're not rushing to work on this.
Click to expand...
Click to collapse
Go to this thread and let them know we want support:
http://forums.ouya.tv/discussion/1380/recovery-mode
Done! The mobile site won't connect to the create account page for me, so I logged in with Google. Didn't want to do that, but I wanted to be sure I made the request. I hope it's cool with you that I copied this post to another forum.
Sent from my SCH-I535 using Tapatalk 2
TadeoNYC said:
Done! The mobile site won't connect to the create account page for me, so I logged in with Google. Didn't want to do that, but I wanted to be sure I made the request. I hope it's cool with you that I copied this post to another forum.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
Thanks, the more the better!
I posted as well... I hope the admin/mod replies to my post though
Sent from my Nexus 10 using Tapatalk HD
Vinny75 said:
Thanks, the more the better!
Click to expand...
Click to collapse
I figured as much. Could this be moved to the general section? If there is a big groundswell of support it should make a better impact than posts trickling in over a few days.
Sent from my SCH-I535 using Tapatalk 2
Update: this what OUYA thinks of its customer's requests...
Posted by alsutton on http://ouyaforum.com/showthread.php?3193-Let-OUYA-know-we-NEED-to-be-able-to-boot-to-recovery
and a I monitor this forum as well, so thanks for the heads up you're trying to artificially raise the numbers beyond the level of people who'd normally ask for it.
My *personal* view (that's mine, not OUYAs) is that you don't NEED to be able to boot to recovery, you LIKE access to it. The system works fine without being able to boot to recovery, many people use it without even knowing what recovery is, so it's not needed to use your OUYA. A number of people have managed to make their device unbootable with just root access by experimenting with things like compiling new kernels, then expect OUYA to fix them. Personally I think this is a bit unreasonable (if you started changing parts of the engine in a car and it broke down would you go back to the dealership?), and I'm sure most of the user-base would like support focusing on things other than user created problems (yes, shipping, we know).
So just a "lets all post bomb -->this<-- thread" isn't going to get it raised up the priority list. All I have to do now is factor in the number of "me too posts" from people who may not actually know what they're asking for.
Click to expand...
Click to collapse
This is ridiculous and insulting.
Copied from Ouya's Google+ page.......
OUYA
Shared publicly *-* Jul 23, 2012
*
Hey +OUYA* devs! Don't worry about rooting your device (or purchasing the pre-rooted device). We will provide builds and instructions that can be used to restore the device to 'unrooted' factory state!
Official response to my support ticket:
The OUYA is based on Android which makes it far more open than other consoles, and an OUYA gives your root access which gives you access to far more access than most Android devices. We currently do not provide instructions on how to access recovery mode, and I can not comment on whether or not that may change in the future.
OUYA
Click to expand...
Click to collapse
Post-Bombing isn't helping anyone.
If someone's really interested in that matter, he'll find answers for his questions in this forum!
4rz0 said:
Post-Bombing isn't helping anyone.
If someone's really interested in that matter, he'll find answers for his questions in this forum!
Click to expand...
Click to collapse
These posts are not located in this forum and are relevant to the topic. thanks, though.
Post bombing either forum isn't helpful...
Sent from my SAMSUNG-SGH-I317 using xda premium
Voice your opinions here. I think it more clearly explains the situation we are working with.
s/with/against
http://www.reddit.com/r/ouya/comments/1gk0km/ouya_advertised_as_a_hackers_welcome_device_quite/
I was all set to buy an Ouya, but after reading this forum I'm not so sure. Ouya doesn't sound like a company I want to support. What do you guys think about the Mad Catz console coming out. I want Ouya's hardware not their restrictions. It seems like it will be more open. And to the guys at Ouya, don't hinder the peeps at xda, they are the ones that are going to make you successful.
I posted, thank you for the link. Was wondering where I should voice my concerns.
I posted[/URL as well. I based it mainly as a fail safe for things just happen. The other comments, were more based on others assumptions.
http://www.madcatz.com/m-o-j-o-android-micro-console/
What do you guys think about this. It seems like more what I want. I think if Ouya is going to be restrictive, all dev support should go to a better company. Lets face it, people are looking at the Ouya for what it could be not what it is. It has the hardware to easily replace all the Google Tvs, Apple TVs and Rokus. I actually want it to dual boot into Google TV. Anyway, the Ouya will be releasing soon and there will be many tech articles about it. If we can go onto those articles and leave comment about how the Ouya isn't the good solution we can make a good company popular. I think most people buying the Ouya are just assuming that they will be able to hack it any way they want.
Confused
So do we or dont we have access to a custom recovery? Based on the dev forum I see we have a customer recovery available..what issues are there with it? Also i see WIP for multiple custom roms and even a kernel. I can't imagine one would waste time and making these if there is no viable way to flash them.....
Any information would be much appreciated.
The custom recovery works, many confirmed it on that thread including myself, as for the rest there stillb WIP's
Sent from my Amazon Kindle Fire using xda app-developers app
ej_424 said:
So do we or dont we have access to a custom recovery? Based on the dev forum I see we have a customer recovery available..what issues are there with it? Also i see WIP for multiple custom roms and even a kernel. I can't imagine one would waste time and making these if there is no viable way to flash them.....
Any information would be much appreciated.
Click to expand...
Click to collapse
Ozz465 said:
The custom recovery works, many confirmed it on that thread including myself, as for the rest there stillb WIP's
Click to expand...
Click to collapse
Yes, we can do those things - the heart of the issue is that if any of those things mess up you have the potential to brick your device with no way to recover short of sending it back to OUYA, Inc. Most android device provide a method to enable a usb recovery mode in the event of such a drastic failure, the OUYA console does not. How many people are willing to test/use software that could potentially brick their $100 device that they have been waiting months to get?
ej_424 said:
So do we or dont we have access to a custom recovery? Based on the dev forum I see we have a customer recovery available..what issues are there with it? Also i see WIP for multiple custom roms and even a kernel. I can't imagine one would waste time and making these if there is no viable way to flash them.....
Any information would be much appreciated.
Click to expand...
Click to collapse
The thread title is a bit misleading/confusing, recovery is accessible by rebooting to recovery. The problem is that you there is no way to boot to recovery via hardware except crashing the device during boot up using a keyboard.
They have gone about it all wrong, by allowing users the tools to brick OUYA but not the tools to fix it. Forgive me if I am wrong, but booting in to recovery does not allow us to do anything we can't already do by rebooting in to recovery. I have to wonder if behind closed doors they are moving towards removing root access.
Sent from my SCH-I535 using Tapatalk 2
best 4.4 rom you have used and why
4) No threads or posts asking for the best/most stable ROM/Kernel/Mod/whatever, or created for the purpose of comparing Phones/ROMs/Kernels/Mods/whatever:
These threads/posts will be deleted promptly and without warning. They have a history of causing problems due to trolls, and fanboys, along with various troublemakers, and therefore are no longer allowed. Regardless of that, there is really no way to judge whether or not a particular piece of work is better than another because it's all relative to begin with. If you want to know what piece of work is better for you, install something and try it out for a while. If you don't like it, try something else. Our Developers work hard to provide us their contributions, free of charge. Please show them the respect they deserve by trying something out and giving them your feedback.
Click to expand...
Click to collapse
Yep, illegal. Cuz someone might get offended that their baby doll favorite is not yours also. But techiefanboyPC bull**** aside, how about some opinions so people can learn without having to waste time.
I know learning without wasting time and trying BS only a programmer should know is against the xda techieCode, but hey, some of us just want to use our phone and not recompile the universal android binary code just to customise it a little.
Sent from my Nexus 4 using Tapatalk 2
Thread closed for the stated reasons
In attempt to stop repeated questions and thread clutter in "Let's Talk Root" thread by non-developers (myself included), I've created this thread. A place for newbies and general people to ask questions and share rooting ideas. This will save developers time in the original thread. Most devs already know or have tried what you think might work to gain root.
Please stay on the topic of root, be respectful and helpful, and use the search! (both this site and google)
Current Root Status:No Root
Things to keep in mind...
CF-AUTOROOT: Will not work with retail version of the note 4 (this means you bought it from verizon or another retailer) The CF-Autoroot you may come acrossed is the Developer edition. Unless you bought your phone specifically through samsung, you most likely have retail as Developer edition cannot be obtained through bestbuy, verizon, or any retailer. Also, CF-Autoroot works only with Unlocked bootloader. Verizon, At&T and some other Note 4 variants have Locked bootloaders. Flash CF-Autoroot and you might brick your device. For more information visit Chainfires cf-auto-root site.
TowelRoot Towelroot has been made popular due to it's wide spread ability to root a lot of devices. However, Towelroot doesn't work on the Note 4. Towelroot utilizes the Futex bug found in android. Futex is also known as CVE-2014-3153. This bug is confirmed patched on our device.
One click Root programs: While some programs do contain vulnerabilities present in the Note 4 as of now none of them contain one that allows developers to write to /system partition (which is important). where these vulnerabilities may come in handy is combining one or more to obtain root. Still the vulnerability doesn't exist yet. Before posting one click programs do your homework. Google the CVE it utilizes or ask the developer you found it from. Then google that CVE. Look at the date it was found and compare that date to the date the Note 4 was released. As non-developers, its pretty much safe to say any CVE found before the release of the device has been patched. Programs that were meant to root 4.4.2> X.X.X are also pretty safe to assume to be patched.
Know the difference between carrier unlock and bootloader unlock: While it would be nice, the government wouldn't make all phones unlockable in terms of bootloader. What government is doing is unlocking sims. Meaning they are giving you the ability to take your phone to another carrier if you choose to. Even though you maybe taking your Verizon note 4 to T-mobile (which has an unlocked bootloader note 4) You still have a verizon device. Therefore it still has a locked bootloader.
Things that may help...
A way to unlock the bootloader: Probably the least likely to happen, but would guarantee root. This includes turning a retail version into developer edition. (because developer edition is unlocked )
A CVE (vulnerability) that allows code to be written to system: Most probable way root will be achieved.
An app that has root permissions that can be exploited to run our code to inject root: There may be a way through gear VR as VR has special permissions over usual apps. That being said it's only a potential avenue for developers to look at. As VR is so new not much is really know about it.
Want to follow the progress?: Feel free to follow these post. Please do not comment on them asking questions unless you have absolute knowledge to what is being talked about. Keep those thread clean for developers.
Let's Talk Root
Root Attempt #1
Galaxy Note 4 Root Progress (At&t)
I am no way claiming to be a developer. I do not claim to know everything either. I am happy to clarify and change the O.P. to be more accurate .
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
=======
Example.....VR apps...
Sent from my SM-N910V / VZW Note 4 DE / Factory Bootloader Unlocked / Rooted / Custom Kernel-ed / TWRP 2.8.5.0.trltevzw
manbat said:
=======
Example.....VR apps...
Sent from my SM-N910V / VZW Note 4 DE / Factory Bootloader Unlocked / Rooted / Custom Kernel-ed / TWRP 2.8.5.0.trltevzw
Click to expand...
Click to collapse
Well, I'm no note 4 owner. I don't know if the VR app is just a regular app like any app in the play store or if it's something different. I looked it up in the play store and it wasn't there.
VR = virtual reality. It's a seperate device for VR and it is only for the Galaxy Note 4.
Sent from my SM-N910V using Tapatalk
In before close.
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
eskomo said:
In before close.
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
Click to expand...
Click to collapse
I'm just going out on a limb here. It may get closed, but when the same questions keep being asked and our root thread keeps going off topic it makes it hard for devs to even take it seriously. For the progression of root, those technical threads need to stay clean of side chatter. At least there is a place for people to go to have some of the popular questions answered. As a community we need to help each other and that doesn't happen by telling people to get lost because there technical skill is lower than the rest of the guys participating. I see no reason this thread cant have a chance. While I do believe we dont need anymore root threads, this one will be able to cut down on those post too.
K-alz said:
When you say "an app that has root permissions that can be exploited to run our code to inject root..", do you mean ANY app? Or do you have some specific ones in mind? If it's any app, then man there are a lot of them that actually ask for shell permissions. I usually find that out through the " xprivacy" module that I use to block apps from gaining unnecessary perms on my phone. I have a good list of those ones if that helps. One of them is actually Facebook. lol
Click to expand...
Click to collapse
K-alz said:
Well, I'm no note 4 owner. I don't know if the VR app is just a regular app like any app in the play store or if it's something different. I looked it up in the play store and it wasn't there.
Click to expand...
Click to collapse
eskomo said:
In before close.
Certain apps have permissions that others don't. And some apps could be more vaulnerable dealing with the Gear VR.
Click to expand...
Click to collapse
The way the Gear VR works is the api for that device grants the applications a hardware level access to connect, this means they basically have root access. Now these last I saw of this was a while ago and the vulnerability is pretty well known at this point, so patches are a possibility and it's also possible that it doesn't grant the correct permissions for attaining root, the report was pretty vague in that respect.
Now on to separate matters, do we really need another root discussion thread? I'm going to temporarily allow third one, let's see if it can stand on its own because I like the concept here and the op is pretty well organized. Keep in mind though, most of the chatter will be identical between the two threads, so it may not last.
Good luck guys.
Figured I'd mention this, looks like people in the AT&T side have possibly found an SYSTEM (not bootloader) exploit!
http://forum.xda-developers.com/showpost.php?p=58920677&postcount=1051
Stryke_the_Orc said:
The way the Gear VR works is the api for that device grants the applications a hardware level access to connect, this means they basically have root access. Now these last I saw of this was a while ago and the vulnerability is pretty well known at this point, so patches are a possibility and it's also possible that it doesn't grant the correct permissions for attaining root, the report was pretty vague in that respect.
Now on to separate matters, do we really need another root discussion thread? I'm going to temporarily allow third one, let's see if it can stand on its own because I like the concept here and the op is pretty well organized. Keep in mind though, most of the chatter will be identical between the two threads, so it may not last.
Good luck guys.
Click to expand...
Click to collapse
Thank you so much for the explanation, sir.
BTW, please don't close this thread because it's gonna be a stress relief for us non-devs people to gush our b!tching about root here since we are not willing to clutter those active threads with our useless posts. [emoji16] [emoji23]
Thank you in advance.
veteranmina said:
Figured I'd mention this, looks like people in the AT&T side have possibly found an SYSTEM (not bootloader) exploit!
http://forum.xda-developers.com/showpost.php?p=58920677&postcount=1051
Click to expand...
Click to collapse
They have definitely found something VERY promising. Even jcase chimed in stating that the bootloader isn't actually encrypted which amazing news for us. Vulnerability exists in the note 4 and they're catching it very soon. So exciting.
K-alz said:
Thank you so much for the explanation, sir.
BTW, please don't close this thread because it's gonna be a stress relief for us non-devs people to gush our b!tching about root here since we are not willing to clutter those active threads with our useless posts. [emoji16] [emoji23]
Thank you in advance.
They have definitely found something VERY promising. Even jcase chimed in stating that the bootloader isn't actually encrypted which amazing news for us. Vulnerability exists in the note 4 and they're catching it very soon. So exciting.
Click to expand...
Click to collapse
very promising indeed. In the event we receive root in the coming days, I will rewrite this thread into a noob guide.
Sent from my bandaid smelling s-pen
just a heads up, the att root thread was closed by moderators because the tards over there were much like the tards over here and couldn't keep off topic posts out of the discussion... i. e, how much they love devs, the phone, or hate the phone, or telling others root will come soon and to be patient.
either way, if the same people keep posting bs in our thread, it'll be closed too.
Sent from my Samsung Galaxy Note 4 using Tapatalk.
jayochs said:
just a heads up, the att root thread was closed by moderators because the tards over there were much like the tards over here and couldn't keep off topic posts out of the discussion... i. e, how much they love devs, the phone, or hate the phone, or telling others root will come soon and to be patient.
either way, if the same people keep posting bs in our thread, it'll be closed too.
Sent from my Samsung Galaxy Note 4 using Tapatalk.
Click to expand...
Click to collapse
The good news is that orc said that that thread will open when real progress is made, so if we see that thread reopen, we will know we're in business.
So this post isn't pointless and because this thread is for non-devs, I'll let people know where things were in that thread last.
There are two known CVE's that both the Verizon and AT&T Note 4 are vulnerable to. These CVE's, once exploited, will be a two-pronged attack and will likely achieve root. The developers are now trying to compile an apk that can implement these exploits. The mood from the devs wasn't so much "guessing" or "maybe", it was a mood of confidence. Many of them truly believe these CVE's will lead to root.
Sent from my SAMSUNG-SM-N910A using Tapatalk
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
http://gs5.wonderhowto.com/how-to/i...loader-locked-galaxy-s5-at-t-verizon-0156728/
Never mind sorry folks I just realized that the device had to be rooted in order to use safestrap I'm apologize please carry on..
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
http://gs5.wonderhowto.com/how-to/i...loader-locked-galaxy-s5-at-t-verizon-0156728/
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
It is a good question but however with safestrap you must have root access in order to install it into the system. I used it in the past on my DROID bionic. It hijacks the boot process giving you a form of custom recovery.
Lol I just realized that after I reread what the steps are in order to use it sorry I thought I might have been onto something thanks for the fast response though
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
Lol I just realized that after I reread what the steps are in order to use it sorry I thought I might have been onto something thanks for the fast response though
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
No problem! This is the non dev thread. Shouldn't be any bashing for questions like that.
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Sent from my SM-N910V using XDA Premium HD app
rrjskj said:
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Click to expand...
Click to collapse
Don't take my word for it completely, but if I remember correctly from some thread, the Galaxy Note 4 has a newer Kernel version, therefore would not be subject to the same exploit as the LG G3.
rrjskj said:
I was wondering if we could implement something like safestrap or if anything like it could be used . I was just looking up info as for possible solutions for root and happened to come across this I hope I'm not off topic or derailing the thread if so I apologize in advance
Click to expand...
Click to collapse
From what I understand, you need an unlocked bootloader for that, let alone, root as well. Again, don't take my word completely for it. Achieving root will give apps root access, but it won't allow us to change our bootloader and load custom ROMs....if I'm wrong, please someone correct me on this.
@ the OP...can you use some other color other than bright green? It's a little hard to read, but if I'm the only one, don't just change it for little ole me. Also, if I'm correct regarding (not) being able to install Safestrap and do custom ROMs, can you add that to the OP as well? Just want to help reduce redundancy. Very good thread as well. Thanks!
rrjskj said:
While doing a search to see if there was root for my wife's lg g3 I stumbled across this it says it can root any android device I thought it might be useful so here goes
http://androidxda.com/download-root-genius
Sent from my SM-N910V using XDA Premium HD app
Click to expand...
Click to collapse
So did you try it? I doubt it works
I've never really thought about this as I've been using xda forever, but I'm just kind of curious. We install loads of different Roms/tweaks/kernels on our phones thoughtlessly from people who obviously really know what they're doing. Is it possible for a developer to exploit a member of XDA through the means of malicious coding? I'm sorry, I'm not trying to be offensive, it's just something I legitimately wonder.
I know I don't have to use the stuff, so you can spare me the speal.
Causical said:
I've never really thought about this as I've been using xda forever, but I'm just kind of curious. We install loads of different Roms/tweaks/kernels on our phones thoughtlessly from people who obviously really know what they're doing. Is it possible for a developer to exploit a member of XDA through the means of malicious coding? I'm sorry, I'm not trying to be offensive, it's just something I legitimately wonder.
I know I don't have to use the stuff, so you can spare me the speal.
Click to expand...
Click to collapse
Of course.
How many people are reading the source code? Is there even any source code provided?
Is the rom you are downloading, as a zip file, really build on the source code?
The dev has potentially the full control over your kernel and therefore nearly about everything you do, if he wants.
If you are using any gapps it is the same. ( just look at the permissions of play services)