Report: The New Fire TV OS Will Block Apps Like Kodi (*Update, it was updated and Amazon says they won't be blocking anything. The rumor was never factual.*)
The article mentions, there are reports all 3rd party apps will be blocked. With the main focus on blocking Kodi, in the name of preventing piracy.
Of course if they wanted to just block Kodi, there are ways of doing that, without blocking all 3rd party apps. But given this is Amazon's box, I'm not surprised. In fact, I'm surprised Amazon has allowed side loading of 3rd party apps till now. Since it seems Amazon likes to encourage sales of their stuff.
Update: This may have been a misunderstanding.
Amazon told me the rumors are not true. Here is my response to this article, for those who are interested. http://www.aftvnews.com/a-new-report-claims-fire-tv-update-will-block-all-3rd-party-apps-like-kodi/
Oh I can't wait to lose access to all my other 38 - edit oh, wait 39 apps - that I can't get from Amazons awful appstore, in addition to loosing Firestarter which they banned after stealing its functionality. (Because instead of looking at a launcher, you could be looking at one of their banner ads instead - so of course they had to ban alternative launchers...)
Sounds like so much fun!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My next Android TV box won't be from amazon, thats almost certain. Every step along the way Amazon missed no opportunity to punch their more tech savvy audience straight into their face - over and over, and over again. Why miss an opportunity this time?
harlekinwashere said:
My next Android TV box won't be from amazon, thats almost certain. Every step along the way Amazon missed no opportunity to punch their more tech savvy audience straight into their face - over and over, and over again. Why miss an opportunity this time?
Click to expand...
Click to collapse
To be fair, Amazons android fireOS line is aimed at people that are invested in the Amazon ecco system already, and more so have access to Prime, if You're one of these people they are fantastic products.
abacabie said:
To be fair, Amazons android fireOS line is aimed at people that are invested in the Amazon ecco system already, and more so have access to Prime, if You're one of these people they are fantastic products.
Click to expand...
Click to collapse
It is a great product when you can leverage Prime. And has voice search built in, that can do a lot of the same things as Echo. You can even launch apps by voice.
So you have now only one option... Block OTA so you have the freedom to use your AFTV(Stick) without blacklisting 3rd Party Apps like Kodi. I have 5.2.1.0 with root and xposed and my Sticks works fine without any issue
But i think Amazon will block Prime-User also when they use not the newest OS.. hope they do that not
if they do that, i want buy a another TV-Box/Stick and stick Amazon they product in they A**
Amazon has responded to the initial article and it has been updated. They never planned to block 3rd party apps. The rumor was not factual.
I am sorry to inform you - but even if they JUST have hidden the adb toggle in a hidden "service menu" - the question is why.
Of course product bloggers won't ask it openly, because despite catering to users interest, they have 5 other Alexa *blub , bleep - use voice search - its so eazy* articles to pump out every day.
If you are hiding away the adb toggle it puts up another barrier of entry there - behaviorally, for the normal user. Amazon playing their freaking "take their rights one pinprick at a time" game is just as despicable as it was on day one -
and the only reason they are still doing it, is that everyone lets them get away with it, no questions asked.
(
- Why are you adding a blacklist to an open source operating system you borrowed from the linux community?
- Why are you banning launchers, whose functionality you stole from community developers, add a banner ad to yours, and then roll it out (depreciated, because - the Echo audience, never needs to force close or quickly uninstall their apps, or to sort them, or to hide some apps that arent accessed daily) as the new default?
- Why are you banning Kodi - but allow in Kodi Clones as soon as they have stripped out the python interface that enables streaming webenabled content (Isn't that anti competitive to the highest extent?)
- Why are you modifying adb - so some features like parsing logs become impossible?
- Why are you hiding away the development features behind a hidden key combination, so normal users loose the feature - until they are told how to find it again?
- Why have you bloggers that champion you for your interface decisions and who make podcasts about every new menu you add running this scene - but then don't mention it, if your redesign is basically "stealing all the design lessons you could take away from Kodi (which you just kicked out of distribution" and Microsofts Xbox OS? )
- When they took our launchers - the bloggersphere chanted "finally its become eazier".
- When they kicked Kodi (the "browser" of the set top box age), the bloggersphere filled you with all kinds of BS articles about how great it would be to use one of the mangled forks, that had to vow, never to inclue a scriptable python backend - because using the internet as informed users - is something Amazon gets very uncomfertable with. With them its all simple voice button prompts to get stuck in their echosystem with and waging war against EVERY AND ALL open standards, apis, the OS itself...
- When they started blacklisting apps - the bloggerspehere wrote them the excuses for why its ok, and they'd never cross the red line that is blacklisting Kodi. WHO CARES? Blacklisting launchers was enough to mangle the homebrew ecosystem once and for all -- no developer writes code for your benefit, when its clear as day - that amazon stealing it and banning the initial app not only is commonplace in the Fire TV ecosystem - its cheared on by bloggers.
Take your eazy voice commands - and get straight out of this community. If your intention is to whitewash every move Amazon implements to make "running your own code" on the FireTV "just a little harder", but instead would like to promote Amazons paid services - while they introduce blacklists to Android and hide away the developer bridge behind presumably a remote key combination - you have become complacent.
Amazon has made it very clear - that the only way for you to get access to the android ecosystem openly - is to block their updates - hiding away the adb toggle is just another stabwound.
If you wan't to exchange "Echo" and "i watch show - by saying "houswives" and it plays" for access to an unfiltered internet, different sources that don't have to pay Amazon the required obolus, or apps that are actually usable (Amazon App Store apps are often slow to the point they become unusable, or get pulled shortly after release, because they crash all the time - of course, bloggers don't make that their focus - ) - be my guest --
but don't play the "oh - its nothing" - they do all of this to benefit the user game, like some others in here. I get irritated by that. Immensely.
Also - don't abuse this forum for requests on "Echo" and "I hit button and cloud does the work" stuff - because it is specifically out of our reach. As tinkerers, as hackers, as consumer advocates. If you wan't that stuff - you sign away your rights and pay a subscription fee. With that comes paid support and a cookie cutter community that finds "having bought the right trinket" is all the tribalism they'd ever need.
Don't try to bait people with Echo - in exchange for loosing yet another accessibility feature - because its suddenly hidden.
Don't become the blogger that scrambles on his way to contact the company to give a denial as soon as an issue pops up - turn on your brains instead, and don't just neglect the steps Amazon sets to shut out their audience from the outside world a little more.
Everytime they put up another wall - people scramble to explain it away and offer you a little more "Echo" inside your walled garden.
lol @ wall of crazy
Why?
You can't just highjack an argument with an empty accusation aimed killing off all any discussion about what yet another action from Amazon to move installing 3rd party apps just another step further away - means.
Or you can - because, this is how all discussions are meant to be held in the post facebook age of "counterspeak" is impossible - and the popular (because eazy) argument always is the only one left standing.
---------- Post added at 12:43 PM ---------- Previous post was at 11:54 AM ----------
Maybe I have to explain my position a bit more.
I am an individual who saw the popular product blogger delete his clarifications for posting unfiltered company PR as a first reaction on the most significant issues concerning open access on the Fire TV platform - as soon as he felt the public lense had moved an inch.
Now I find him reaching out to Amazon, on his own, to be the first one to publicise their rebuttle for "why you not seeing the last remaining API into the Fire TV anymore" is something you should not be worried about.
Without any form of source disclosure or journalistic distance. Basically in a "my buddies at Amazon told me "not true"" fashion. As a byline in a thread that talks about the issues of them doing so.
Not only that - but in response other people in here remind me, and rightfully so, that Amazons FireTV is aimed more at individuals that buy into Amazons service future - like Prime and Echo, than for informed users of Android set top boxes, that want to use them for different purposes as well.
And while I agree - the idea, that it is something that "just happened" is preposterous.
They were Android set top boxes at one point. We had people developing custom recoveries for them. Not just for the sake of doing so - but to allow us to do the stuff, beside whats possible out of the box.
You look at when Amazon took away the freedoms of the Android OS and its Linux Kernel, you look at where and when it banned apps (to replace them with their own cut down interpretations (/clones) of them), you look at - when and where they changed stuff in the UI - and you comment on it.
You look at what they did to the ecosystems on the Fire Tablets, the Kindle, and what they tried to create with the Amazon phone.
You talk about it - and not just advice XDA users to use voice assistants within the Amazon Echo ecosystem on their set top boxes more often - because "its almost like on the dedicated Echo devices", and those are the current "craze du jour" to be able to watch your TV shows, or listen to music -- and Amazon wants you to.
Going along with Amazons vision of a more and more closed down ecosystem - where the mere thought of a "general purpose computer" is something only developers working to put apps into Amazons stores, with the knowledge of the "secret remote access code" should be having, while the rest of the world will happily subscribe to fixed content subscription models, because all we care about is eazy voice search - is something I find hard to do.
Instead of selling people on voice commands, maybe spending a bit more time on "what ecosystem they lead into" and how the vision of it changed in the past months, is worth the while.
So - when Amazon decides to hide the adb dev. bridge, we don't just excuse them for it, we acknowledge the fact and talk about it first.
And if the product bloggers tries to keep it from happening (intended or not, but then - not with the necessary journalistic distance and integrity) - I'll do it for him.
I'm not going to dignify those disastrous posts by quoting then. Just jog on man, these people don't want to hear your rants...
harlekinwashere said:
I am sorry to inform you - but even if they JUST have hidden the adb toggle in a hidden "service menu" - the question is why.
Of course product bloggers won't ask it openly, because despite catering to users interest, they have 5 other Alexa *blub , bleep - use voice search - its so eazy* articles to pump out every day.
If you are hiding away the adb toggle it puts up another barrier of entry there - behaviorally, for the normal user. Amazon playing their freaking "take their rights one pinprick at a time" game is just as despicable as it was on day one -
and the only reason they are still doing it, is that everyone lets them get away with it, no questions asked.
(
- Why are you adding a blacklist to an open source operating system you borrowed from the linux community?
- Why are you banning launchers, whose functionality you stole from community developers, add a banner ad to yours, and then roll it out (depreciated, because - the Echo audience, never needs to force close or quickly uninstall their apps, or to sort them, or to hide some apps that arent accessed daily) as the new default?
- Why are you banning Kodi - but allow in Kodi Clones as soon as they have stripped out the python interface that enables streaming webenabled content (Isn't that anti competitive to the highest extent?)
- Why are you modifying adb - so some features like parsing logs become impossible?
- Why are you hiding away the development features behind a hidden key combination, so normal users loose the feature - until they are told how to find it again?
- Why have you bloggers that champion you for your interface decisions and who make podcasts about every new menu you add running this scene - but then don't mention it, if your redesign is basically "stealing all the design lessons you could take away from Kodi (which you just kicked out of distribution" and Microsofts Xbox OS? )
- When they took our launchers - the bloggersphere chanted "finally its become eazier".
- When they kicked Kodi (the "browser" of the set top box age), the bloggersphere filled you with all kinds of BS articles about how great it would be to use one of the mangled forks, that had to vow, never to inclue a scriptable python backend - because using the internet as informed users - is something Amazon gets very uncomfertable with. With them its all simple voice button prompts to get stuck in their echosystem with and waging war against EVERY AND ALL open standards, apis, the OS itself...
- When they started blacklisting apps - the bloggerspehere wrote them the excuses for why its ok, and they'd never cross the red line that is blacklisting Kodi. WHO CARES? Blacklisting launchers was enough to mangle the homebrew ecosystem once and for all -- no developer writes code for your benefit, when its clear as day - that amazon stealing it and banning the initial app not only is commonplace in the Fire TV ecosystem - its cheared on by bloggers.
Take your eazy voice commands - and get straight out of this community. If your intention is to whitewash every move Amazon implements to make "running your own code" on the FireTV "just a little harder", but instead would like to promote Amazons paid services - while they introduce blacklists to Android and hide away the developer bridge behind presumably a remote key combination - you have become complacent.
Amazon has made it very clear - that the only way for you to get access to the android ecosystem openly - is to block their updates - hiding away the adb toggle is just another stabwound.
If you wan't to exchange "Echo" and "i watch show - by saying "houswives" and it plays" for access to an unfiltered internet, different sources that don't have to pay Amazon the required obolus, or apps that are actually usable (Amazon App Store apps are often slow to the point they become unusable, or get pulled shortly after release, because they crash all the time - of course, bloggers don't make that their focus - ) - be my guest --
but don't play the "oh - its nothing" - they do all of this to benefit the user game, like some others in here. I get irritated by that. Immensely.
Also - don't abuse this forum for requests on "Echo" and "I hit button and cloud does the work" stuff - because it is specifically out of our reach. As tinkerers, as hackers, as consumer advocates. If you wan't that stuff - you sign away your rights and pay a subscription fee. With that comes paid support and a cookie cutter community that finds "having bought the right trinket" is all the tribalism they'd ever need.
Don't try to bait people with Echo - in exchange for loosing yet another accessibility feature - because its suddenly hidden.
Don't become the blogger that scrambles on his way to contact the company to give a denial as soon as an issue pops up - turn on your brains instead, and don't just neglect the steps Amazon sets to shut out their audience from the outside world a little more.
Everytime they put up another wall - people scramble to explain it away and offer you a little more "Echo" inside your walled garden.
Click to expand...
Click to collapse
Take a deep breath dude. Lol Bottom line is they CANT block like that. No one could develop for the device if they did. Common sense.
But they can hide it. Make sure people don't stumble upon the sideload apk portion of their boxes. Ever.
Now, this is what they are doing. This is what the product blogger allows them to do without even letting it become a story anymore. He shuts it down for them. Cool. Probably get more exclusive Echo scoops that way...
Also - I've laid this out in my first posting, this is another tldr; version.
I cant stand it, that Amazon is allowed to take away normal user rights a slice at a time, and if you are not letting it fly - you are attacked by superfans, doubling down on personal attacks, because - who needs a rational argument, on the internet. Ever. Isn't that what 9gag taught us?
They can't take it away entirely. Great.. But as always - whats possible doesnt matter. What matters is stuff thats easy enough for actual people to use.
Are you now doing remote control acrobatics, everytime you have to restart the adb service, to even get the menu with the toggle to appear? Remember when people dismissed Amazon only allowing one adb connection into the device wasn't a big deal?
Remember what happened next? We all of a sudden had to support a slew of people that came in with blanket statements that "stuff or tutorials would not work anymore". And what was the result? We had to shrug and explain, that people would have to learn how this works - because we could not get it opened up again to work - always as expected and easy.
We'll decide if it is a big deal, once we know how its implemented, how about that?
But I am certainly not taking their PR departments word for it, and I am sure enough not following the product bloggers line, who couldn't jump fast enough to burry this story because of stuff that sources he wasn't able to disclose or quote, told him.
Because where are we right now?
- Using FIrestarter is not something new users can do
All we have to offer is telling people that they wouldn't need it now, and thats essentially not true.
- Banning apps from being sideloaded - just because the company doesn't like them, or would rather steal its featureset, is the new normal.
As a result there is hardly any original development for this device anymore - that takes place outside the "Amazon app store" ecosystem.
That stuff was all possible without making that stuff impossible. They just made it impossible to scale, or to be easily supported, or to work reliably - and they smashed Firestarter to pieces for essentially daring to be a popular piece of software that was distributed outside their official ecosystem.
With Kodi, they just badmouthed its name and kicked it out of distribution - but same thing.
So if the fist thing that comes to your mind after all of this is "yeah - but Alexa is great - right?" or "yeah - but devs can still test code on the device to later sell it in the Amazon Market" - suggest for a minute, that none of it matters very much, if you come at it from an "educated consumer wants to use a an android box for his on purposes - not the stuff Amazon can come up with - he should use" perspective.
And that I am getting extremely irritated if now it seems, that the product blogger does Amazons PR tasks for them, but people discussing the changes Amazon implements regarding accessing the few remaining APIs on the system - shouldn't be allowed anymore one the basis that "they can't take it away 100%".
Related
Hello XDA
I've written a security guide I have posted to quite a few Android communities/forums. This guide is intended for new users to Android so probably doesn't apply to anyone here. But I do think Android users deserve solid advice from the experts and with all the media scare tactics going around, now more than ever.
However, I was hoping that if some Devs had the time, they could give some of it a quick read. I'm hoping to get a more informed developer opinion on whether I missed anything or am mis-representing something or another. I'd like to make sure that my information is as accurate as possible, and since Android is a community thang, I figure why not ask some other devs if they want to have a look and chime in.
The one topic I havent really yet covered is rooting, so I know at least that much is missing.
Thanks in advance and please feel free to post all feedback -- positive/negative/or your favorite cheesecake recipe.
=================================
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
The reason that this is important to know is that it means Android is very unlikely to ever get a 'virus' in the traditional sense. Part of the reason why is because Linux is a fairly secure operating system that protects various parts of itself from other parts. This is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later. Also due to some bad choices by Google, there are a few exceptions to this rule that we'll talk about in the permissions section.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Types of Dangerous Programs
Probably the biggest/most common threats from applications on Android are:
1) When the developer/app tricks the user into giving the app permissions it does not need to do its job
2) When the app hides malicious code behind legitimate permissions.
3) When the app tricks the user into entering in personal information or sensitive data (such as a credit card number)
There are various ways malicious developers (also knowns as hackers or crackers) accomplish this. We'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams (sometimes).
Spyware
Spyware is used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Often times this includes keystroke loggers to steal passwords or credit card information. Some people include certain types of Advertising tracking in this category (sometimes called Adware, see below). However that's a much larger debate we wont cover here.
Phishing
Phishing and spyware are closely related. They work on a similar principle: tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Contrastly spyware would try to hide itself from being known to the user. One way to think about the difference is that phishing is masquerading while spyware is hiding, but the end goal of stealing your data is the same.
An example of this would be a app or website pretending to be affiliated with your bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does, include any service where someone might want to steal your identity or password.
There have been known successfull phising attacks releated to at least one bank on Android.
Virus
The definition of virus used to be more all-encompassing. These days that term has been replaced by malware. Virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus send emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Trojan Horse
A trojan horse is really just a specific type of virus. It merely refers to the idea that the app pretends to be something useful or helpful or fun for the user while actually causing harm or stealing data. This term is often used to describe spyware and phishing attacks as well.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service to the user of dubious quality. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
Warez
This is a term you'll sometimes hear referring to 'pirated' or unlicensed software. Often times warez forums and websites will offer "free apps" or "apks" (Android Package).
Don't be fooled by these sites, and do NOT download these files and load them to your phone. These files are stolen from the real developers by unscrupulous people who have no regard for the work put into apps by the developers, or the law. Often times they will even try making money off of the advertising on their "warez" forums. They are profiteers that do the entire Android community a great disservice, and hurt the developers. Furthermore this is very often the most popular 'vector' (method) of attack that malware writers use. Some go as far as stealing apps and putting them on the Android Market itself under different names.
If you are a user that cannot access the paid Android Market, there are alternatives these days. The most trustworthy markets (in my opinion) are the following:
- Android (Google) Market
- Amazon Appstore
- SlideMe
- Archos AppsLib
- AndAppStore (possibly)
- AndroidTapp (possibly)
- Verizon's Market (not sure if this is live yet)
- Motorola's Market (not sure if live or where, might be focused on Latin America?)
Other than these markets, I would not advise anyone to download and install an app from anywhere else.
However there are a few exceptions related to open source. These are places that independent developers can upload free and/open source apps. They don't guarantee your safety (nothing does) but they are not warez sites and are much more likely to be safe.
Open source or free apps: (very likely safe, not warez)
- XDA Developers
- Googlecode
- GitHub
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world, but any sane person with a reasonable head on their shoulders knows that a few good habits can keep you safe for a long, long time in whatever you do. Here are a few tips I have learned from many years as a professional software developer and from reading these forums that have many people smarter and more knowledgeable than I about Android
Read the comments in the Market
This should go without saying. Before you download any applications, be sure to read the comments. Don't just read the first three either, click through and see what people are saying. This can also help you understand how well an app work on your particular phone or your particular version of Android. Comments should also be read EVERY time you update an app.
Check the Rating
Any app that fails to maintain abpve 2.5 stars is likely not worth your time. If you are brave enough to be one of the first few to download an app, this does not apply to you. Nevertheless almost all good apps have between 3 and 5 stars. To me, this is just a general rule to help find quality apps.
Check the permissions
There are many things an app can do to, and for, your phone. But anything an app can do is told to you when you download and install it. Before you download and install an app, you will be shown a list of permissions the application is requesting. Read them. Try your best to understand them in terms of what the application is supposed to do for you. For example, if you download a game of checkers, and the Market warns you that it wants to be able to read your contacts, you should think twice and probably not download it. There is no sane reason a game of checkers needs to know your friend's phone numbers.
To see the permissions given to an application after installation, go to the Market, press [menu], then [downloads] or [my apps], then select the app, press [menu] again, then press [security].
Below I have a list of some of the most commonly used permissions. The list has explanations of how important they are, what they do, and what types of apps might legitimately need them. This should help you get a basic understanding of what to allow and when to skip an app. Please feel free to ask about a permission or let me know if I have missed any.
Check the developer's website
Make sure the developer has a website and not just some Wordpress blog. This is often again a good indication of quality as well as safety. If the developer cares about their app they will likely have a relatively nice looking website or, if they are open source, a site on Google Code. Note: sites on Google code are NOT verified or approved by Google. However, open source is usually (but not always) more likely to indicate a safe application.
NOTE: This is not definitive indicator if a developer is good or bad, just one more peice of information you can use. Their are a lot of exceptions to this particular rule, as a lot of Good devs might not have anything more than a Blogger blog, and a lot of bad devs could just point to a nice looking site they have no affiliation with. However, the developer's website can be helpful just as an extra peice of information you can use in making your decision about the developer or app.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use the same diligence as if you were installing it for the first time. Reread the permissions to see that it is only asking for what it needs and no more. Reread the comments to see if anything has changed in the opinions of the users and to see if it still works for your phone. If you see that an application says Update (manual) next to it, that means the developer has CHANGED the permissions they are requesting from the version you have on your phone. This is not necessarily a bad thing -- but it should indicate that you should pay a bit closer attention to the permissions and re-evaluate them as needed.
If you are still unsure, ask around -- the community is your anti-virus
If you see an app you want, but it seems to be asking for more permissions that it should, or it's comments and ratings are mediocre, go ahead and ask about the app in these (and other) forums. You will often find dozens if not more people who know the answers and another whole bunch wishing to know the answers to the same questions you have.
I can't stress this point enough. This is the best part about Android. The community are usually the first to identify any Malware or dangerous programs, and are the best resource for finding quality apps.
Beware the Sockpuppets, Shills, and Spammers
However, like anything, don't believe everything you read. Someone who comes into a forum telling you an app is the "best" may be what's referred to as a sockpuppet or shill. I tend to be wary of people with low post counts, or who have unreasonably high praise for what seems a simple app, or anyone using the word "best" in a forced context.
Now these people are not all bad, some may just be excited, or not speak english as their first language. But it's common for sockpuppets to use the term "best" to try and get better search rankings on Google. Saying things like "Best Android App" "Best GPS." Other tell-tale signs include when they mention software for iPhone or other platforms without actually answering questions. Or just generally seem like their post is out of context or overly general (think about how horoscopes are made for everyone to relate to them). I often get spam on my blog that says things like "best blog post! love your writing style, you put things in perspective for me" which makes no sense when my blog was about my new app.
This is a fine line a very much a grey area though. Sometimes it can be very hard to tell if someone is a spammer. If you see a post or comment in the market you suspect is spam on a forum, report it to the mods, don't reply and start an argument.
Posting your own comments
After you have downloaded an app you can post you own comments. The comment will be visible to all other android users but it will only show your first name. To do this go into the Market and press [menu] > [downloads]. You should see five empty stars at the top which you can tap to rate the app. Once you have rated the app you should see an option to add a comment under the stars.
Being a good user
While this guide is about security, I think it's important to point out how to be a good user too. Android is a community and stems from open source and will only ever be as good as both it's developers and it's users.
So, if an app is crashing on you, try emailing the developer before uninstalling and posting an angry comment. Anything you post in the market will stay even if you have uninstalled the app, and you could do serious harm to a developer's reputation if you post very negative comments.
If you think the developer just made a mistake, or didnt support your phone, work with them. If they are unhelpful, then you can consider giving them a bad rating. This is especially true for free apps in the market. Remember that you, as a user are not "entitled" to perfect free apps. Most developers do not have Google's enginnering and QA team backing them up and even Google makes mistakes.
And while it's frustrating when things don't work, imagine how frustrating it is when you put long hours into something but make a mistake -- and then because of that mistake you can never fix the damage done by a rude commenter.
What does Google do to protect us?
Unfortunately at the moment, not a lot. They do police the market to a small extent and investigate any reports of malware. They several instances of Malware and actually remotely uninstalled the applications from users phones.
However, the Market is not like the Apple App Store or Amazon Appstore, there is no screening of applications before they are posted to the market. There are no draconian procedures or lengthy approval processes that developers have to go through to post applications. All that a developer needs to do is to 'digitally self sign' his or her application before posting it. This helps Google track any developers with ill intent, but it's just a way to manage malware after it is discovered.
What about Wi-Fi?
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website your are trying to connect to. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street.
[guide continues below]
Permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.
NOTE: there are also some backwards compatibility decisions Google has made that will grant apps targeting 1.5 or earlier two permissions you may never see requested. It is my belief this is a security hole, but not a large one. The permissions are Read Phone State and Identity and Write/Delete files from the SD. I will elaborate on those below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Services that cost you money
make phone calls
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However this is not a common to cheat people in today's world. Legitimate applications that use this include: Google voice and Google Maps
Services that cost you money
send SMS or MMS
This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call feature above, it could cost you money. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
Storage
modify/delete SD card contents
This permission is of high importance. This will allow the applications to read, write, and delete anything stored on your phone's SD card. This includes, pictures, videos, mp3s, and even data written to your SD card by other applications. However there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very very commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to): camera applications, video applications, note taking apps, backup applications.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your personal information
read contact data, write contact data
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. The one exception to that rule includes typing or note taking applications and/or quick-dial type applications. Those might require your contact information to help make suggestions to you as you type. Typical application that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Your personal information
read calendar data, write calendar data
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
Phone calls
read phone state and identity
This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it's perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 2 unique numbers that can identify your phone. The numbers are the IMEI, and IMSI. Many software developers legitamately use these numbers as a means of tracking piracy though.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your location
fine (GPS) location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications. This can sometimes be used for location based services and advertising.
Your location
coarse (network-based) location
This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location. This can sometimes be used for location based services and advertising.
Network Communication
create Bluetooth connection
Bluetooth (Wikipedia: Bluetooth - Wikipedia, the free encyclopedia) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: Sharing applications, file transfer apps, apps that connect to headset out wireless speakers.
Network Communication
full internet access
This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone, this is one of the setting it would definitely have to ask for.
However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this.
You will have to be very careful with this setting and use your judgment. It should always pique your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more. This permission can also be used to serve Advertising, and to validate that you app is licensed. (See DRM for more info).
Network communication
view network state, view Wi-Fi state
This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi.
System tools
Prevent phone from sleeping
This is almost always harmless. An application sometimes expects the user to not interact with the phone directly sometimes, and as such would need to keep the phone from going to sleep so that the user can still use the application. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock 'dock' views and many more.
System tools
Modify global system settings
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However there are a lot of these setting that are perfectly reasonable for an application to want to change. Typical applications that would use this include: Volume control widget, notifications, widgets, settings widgets.
System tools
read sync settings
This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
System tools
Write Access Point name settings
I need a bit of clarification on this setting myself. I believe this relates to turning on and off wifi and your 3G data network. (if someone can comment and clarify I would greatly appreciate it and update this guide to reflect). Essentially however I believe this to be similar to the 'modify global settings' permission above.
System tools
automatically start at boot
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in an of itself, it can point to an applications intent.
System tools
restart other applications
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However that application should have the option of immediately restarting itself.
System tools
retrieve running applications
This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in an of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
System tools
set preferred applications
This permission is of moderate impact. It will allow an application to set the default application for any task in Android. For instance clicking on a hyperlink in your email will bring up a browser. However if you have more than one browser on your phone, you may want to have one set as your 'preferred' browser. Typical legitimate applications that require this permission include any applications that replace, compliment, or augment default Android functionality. Examples of this include web browsers, enhanced keyboards, email applications, Facebook applications and many more.
Hardware controls
control vibrator
This permission is of low importance (but could be lots of fun). As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Hardware controls
take pictures
This permission is of low importance. As it states, it lets an app control the camera function on your phone.
Your accounts discover known accounts
This permission is of moderate importance. This allows the application to read what accounts you have and the usernames associated with them. It allows the app to interact with permission related to that account. An example would be an app that was restoring your contact, would discover your google account then sned you to Google's login screen. It doesnt actually get to see your password, but it gets to work with the account.
Development Tools read logs
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensistive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps.
What Does it All Mean? This Sounds so Scary!
It might sound that way but it is not, by any means, scary. The power of the market is actually due to the fact that developers are free to post updates and applications much more quickly and easily. But despite the security risks that this model creates, there is an incredibly powerful deterrent to malware in the community itself. Lots of people on these boards and in the market eagerly try out new apps and report back the safety and quality.
Again, the community is your best anti-virus app.
last updated: March 23, 2011
This guide by Lost Packet Software is licensed under a Creative Commons Attribution-No Derivative Works 3.0 United States License.
Good post.
Yes, well written and informative. As a developer, it's good to get this information into user's hands who may not know how permissions work. And the author makes some good points on how to be safe without massive fear of EVER downloading an app
Thanks to OP for a nice article. Do you mind if I copy it and post it on my website? You can send me a PM. Of course, I will cite you as the original source
Thanks much guys,
@Rootstonian
Yes you can copy it, but copy the one from my site http://alostpacket.com/2010/02/20/how-to-be-safe-find-trusted-apps-avoid-viruses/ as it has a few less typos.
It is licensed under the creative commons license (no derivative works, must attribute to me). This means you are free to copy/republish but you have to copy the whole thing and not change it.
Well written and informative! Thanks.
Ok, thanks. I'll either copy it in its entirety or just use the link you provided if that's ok.
Regardless, you work will be properly cited
Again, well done.
thanks much guys.
Also curious if anyone has found any errors or inaccuracies or misrepresentations etc.
Brilliant post.
Hi all:
I'd like to open this thread to give an idea for those who want to know about Windows Phone 8 and how this OS looks from the other side.
I notice that if some one asked abut Windows Phone 8 mostly members here will mention the Advantages of the OS and will show the light side only !
For me I like to show the other Side of the OS name it as you wish.... disadvantages, restrictions or Windows Phone 8 philosophy.
I hope Microsoft will read what we will write in this thread as we will explain our point of view and our vision about Windows Phone 8.
So they can explain to us if we misunderstand this OS and the way it should work, so we can understand each other to take a better decisions about adopting Windows Phone 8 or leaving it to other OS.
Please notice that I like general idea about this OS and how it is looks, but it is important for me to know in which direction Windows Phone 8 is heading, is it going in my direction and what I think it will be or in the opposite direction .
Note: this thread is about restrictions, Windows Phone 8 defenders can open other thread about Windows Phone 8 advantages, and I will be pleased to mention many of WP8 advantages.
How I feel about Windows Phone 8 in General.
Security & Security again Security I feel like people behind Windows Phone 8 watching their phones screens all the night waiting for some malware or trojan to attack, but in fact all the malware and trojans are busy in other places and no one of it will attack Windows Phone 8, because still they don't even know what is Windows Phone 8 !
They made Windows Phone 8 full of restrictions ..................... and I feel it is just a keypad old Nokia Phone with touch screen and camera.
Microsoft you didn't go so far away from Nokia 3310 , do you remember it ?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
well done after all this years you just added a Lumia + touch screen + a camera.
Microsoft just removed the keypad and snack game (I'm sure guys in Nokia wasn't satisfied abut that but Mr.Stephen Elop was pushing them)
I downloaded one ringtone for my Lumia 920............ I was forced to connect my Lumia 920 to my Laptop to put the MP3 file inside the Lumia 920 ringtone folder so the Lumia 920 can feel what happened to it after this surgery ..........I was forced to do this surgery because Windows Phone 8 doesn't have a file manager, this word file manager in Microsoft is equal to terrorism, security ,,,,,,,,security ................security...........restrictions .....not allowed this is really disappointed.
Dude, if you want anybody either here or at Microsoft to take you seriously, write clearly and cut the hyperbole. All I got out of that was "there's no file manager on the phone, so I had to copy an MP3 to the Ringtones folder manually; Microsoft, why must you restrict me so!?!"
... and I say this as one of the people leading the WP8 hacking effort, most of which is aimed at removing those sorts of restrictions. If I were a Microsoft architect reading that and deciding whether to even bother filing the feedback, I'd probably discard it as "just another incoherent Microsoft-hater who doesn't even have a real problem, just a complaint about the workflow for an infrequent user experience". If that's not the bin you want your words tossed in, you need to sound like somebody to be taken seriously.
Talk about how their mis-steps will hurt their bottom line. Talk about competitive advantages and disadvantages. Talk about company loyalty - not in a "frothing at the mouth" or "bitter and snide comments" manner, but in terms of what gains (or loses) it in large groups - and point out ways that they are can help improve it. Don't tell them what to do - Microsoft has a *terrible* case of Not Invented Here when it comes to outside suggestions - but justify to them what they *should* do, in the same way you would, for example, try to justify to your boss that you deserve a raise, or something like that. If you can convince people there to want to make things better, you've already won; one person on the inside probably has more influence than a thousand voices out here. Be persuasive, not argumentative; diplomatic, not intimidating; charismatic, not petulant; thoughtful, not dogmatic. Being passionate is fine, even great, but you must channel it into mature and meaningful discussion, not outbursts.
Another point: think about the restrictions from their side. They didn't put them there to piss you off. Nobody trying to break into a market intentionally cripples their product to make it *less* popular. They have reasons. Those reasons may not be for your benefit, of course - Microsoft's real customers are OEMs and mobile operators, not users, and sometimes the desires of those customers override the desires of *their* customers, the users. Think about things like test and support costs, the dangers of bad press and reputations for malware and the like, and other problems they may have foreseen. Consider what it might cost them to do what you want, and make your case in terms of it being more valuable for them to do that than just in terms of what you want personally.
And seriously, can the hyperbole. I can't take anybody who claims that a device which didn't even have a decent approximation of a real web browser is basically the same, aside from some hardware features, as a WP8 device. That kind of talk will just get you dismissed out of hand.
Dear GoodDayToDie:
I respect you point of view but I can't go one with Microsoft the easy mom son way ..... some one should rise his hand against them and show a real image about Windows Phone 8.
because of what I said they banned my user name in Wpcentral forum ........... they don't want to see any opinion against them .......they are group of old dictator minds who they don't accept any opinion against them ............the republic of MicrosoftStan .
It is my right..........People who invested their money $$$$ in Windows Phone 7 handsets found their selves abounded without any more development for their Phones............. they make one mistake in believed in Microsoft and trusted this company and Microsoft replied back the way you know for Windows Phone 7 and this is the same reason why developers kept away from Windows Phone in general.
I now have the right to know how this OS will carry on and in which direction it is going.
Let Microsoft clear things out...........................in GDR3 they make a good progress ............... so we want the good work to keep on faster.
here I mentioned one restriction and there is alot more we will come through it.
Microsoft should come closer to people and they should start with removing the banned from my account in Wpcentral for example.
We need assurances from Microsoft that the OS will have most requested options and Windows Phone 8 users will not be abounded soon like Windows Phone 7.
So we want to know if Microsoft is a friend or enemy
one-option said:
Dear GoodDayToDie:
I respect you point of view but I can't go one with Microsoft the easy mom son way ..... some one should rise his hand against them and show a real image about Windows Phone 8.
because of what I said they banned my user name in Wpcentral forum ........... they don't want to see any opinion against them .......they are group of old dictator minds who they don't accept any opinion against them ............the republic of MicrosoftStan .
It is my right..........People who invested their money $$$$ in Windows Phone 7 handsets found their selves abounded without any more development for their Phones............. they make one mistake in believed in Microsoft and trusted this company and Microsoft replied back the way you know for Windows Phone 7 and this is the same reason why developers kept away from Windows Phone in general.
I now have the right to know how this OS will carry on and in which direction it is going.
Let Microsoft clear things out...........................in GDR3 they make a good progress ............... so we want the good work to keep on faster.
here I mentioned one restriction and there is alot more we will come through it.
Microsoft should come closer to people and they should start with removing the banned from my account in Wpcentral for example.
We need assurances from Microsoft that the OS will have most requested options and Windows Phone 8 users will not be abounded soon like Windows Phone 7.
So we want to know if Microsoft is a friend or enemy
Click to expand...
Click to collapse
It is kinda funny how everybody argues with the "omg WP7 abandoned" card, when it isn't entirely true. Wp7 still has 1 full year of support left, and any bugs will be fixed if discovered. Did you know that all Wp7 got 2 updates (after 7.8) which fixed gmail sync?
Plus, you keep saying the WP7 "abandon" is something that only happens with Windows Phone, yet you keep forgetting that most android devices don't get a 18 month support life cycle at all, let alone 18 months renewed with each update (wp8 now has 36 months! of support for each new version iteration). Unless you pay a lot of money on hardware which is really waisted (cough, galaxy phones, cough) or on overpiced phones (cough iphone), you won't get technical support at all in most cases.
I understand you just want to bash on WP because you got banned from WPCentral, but you will be ignored here anyway. Plus, Microsoft employees can't see this forum due to its hacking nature.
mcosmin222 said:
It is kinda funny how everybody argues with the "omg WP7 abandoned" card, when it isn't entirely true. Wp7 still has 1 full year of support left, and any bugs will be fixed if discovered. Did you know that all Wp7 got 2 updates (after 7.8) which fixed gmail sync?
Plus, you keep saying the WP7 "abandon" is something that only happens with Windows Phone, yet you keep forgetting that most android devices don't get a 18 month support life cycle at all, let alone 18 months renewed with each update (wp8 now has 36 months! of support for each new version iteration). Unless you pay a lot of money on hardware which is really waisted (cough, galaxy phones, cough) or on overpiced phones (cough iphone), you won't get technical support at all in most cases.
I understand you just want to bash on WP because you got banned from WPCentral, but you will be ignored here anyway. Plus, Microsoft employees can't see this forum due to its hacking nature.
Click to expand...
Click to collapse
Good for you............ come on keep the good work on keep defending Microsoft
First of all I'm honest with my self as with others ................... if I said something so I mean it.
I want to show any one buying Windows Phone 8 a true image of what he will be facing in that OS...... I don't want people to make my mistake and buy a product don't meet their needs.
How could you even compare Android support with Microsoft ???!!!
for Android there is alot of alternatives available on software side and Android full of options so even if the 18 months of official support ended the users will not be worried that some essentials stuff will not be available in his phone like Windows Phone................. man still we are waiting GDR3 to get Auto rotation off
the Android updates bring additional new stuff compare to the essential basic options Windows Phone 8 updates brings to the OS where older Abounded OS like Symbian long back was having this options.
I DO NOT CARE about Microsoft employees and I'm sure that they are following & reading xda forums , how did I knew that ???
People like you here in the big forums always ready to cover Microsoft back, and If I will be ignored here that will not be because people don't care about what I say no..............but out of Wpcentral forums there is small interest about Windows Phone in general.
and people who want to see the truth of Windows Phone can follow this thread................ back their in Wpcentral they erased every word I wrote about Windows Phone 8 so that show that Microsoft really watching what I write close and they are interest about what I'm saying so wait me in facebook also, the world should know the clear truth about Windows Phone.
I will say no lies about Windows Phone 8, I will just show the truth a real image for Windows Phone 8, I'm writing to those who want to get Windows Phone 8 , and they will decide buying Windows Phone 8 or go with other OS.
Here are some retractions to those who intend to buy a new Windows Phone 8 device.
1- No File Manager in Windows Phone 8
The file manager is an important tool to get control over your device, Well here is the idea
Windows Phone 8 is more like application dependent platform, it is organized in strict way so if you want to watch video you will have to check in (Music + Video section/Hub) where you will find your videos and Music.
Same thing is true for images you have to watch your images in photo section/Hub....for other kind of Documents like word or excel you will have to check in Microsoft Office..... there is no ability to check this files inside the folders from the phone........... in general you can't see the folders unless you connect your phone to a computer......... every thing should be kept in its place images in Photo folder, ringtones should be in ringtone folder and so on.
So If you want to create another folders for special images other than photo folder Windows Phone 8 will not be able to see them !!!!
This is not smart at all
So what about non supported files or files there is no application to open them ?
There is no way to open such files in your phone or view them weather this file was image, video or what ever else.
In general people long time back requested Microsoft for file manager, but Microsoft simply not responding and ignoring that requests.
2- Control ringtone and media volume separately
This is another big problem.......... for example at night if you turned the phone ringer silent and you want to listen to some music you will not be able to do so in Windows Phone 8 smart phone .........cause if you turn phone ringer silent ....every thing will turned silent music , video ....every thing......Good thinking Microsoft.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3- Web Browser: Windows Phone 8 use Internet explorer 10 as default web browser and in general there is very few web browsers available in the market.
back to internet explorer there is only refresh button available in the browser no stop or going forward or back....... it is really bad experience to browse the web with Internet explorer.
More than that try to visit a web site with drop down list and select any thing , you will find the drop down list and you will be able to select what ever you want but that will make no different and the system will not respond to what you have selected...really disappointing .
4- Phone dailer: In general Phone book and Phone dailer one of the things I like about this OS it is really unique but it is missing some features like smart dailing & call duration in call History, long press on a contact name will offer two options delete the item from call history or block that name, no other options to send a message or MMS you have to dig inside to get this options.
5- Install XAP Files without SD Card: In Android for example you can install APK files in any Android phone (you can download any Application from any non google markets and install it offline without the need for internet connection by downloading APK files) but the equivalent of APK file in Windows Phone 8 is XAP file and it can be installed only in a handset with SD card support !!!!
Devices like Nokia Lumia 1020 or 920 is not able to install XAP files where in low end device like Nokia Lumia 520 you can do that !!!!
What a nice thing.
To be continue
The member in Wpcentral forums N_LaRUE writes about Windows Phone 8 and make clear statement about Windows Phone 8........ he really show a clear image about that OS.
********************************************
The phone (Windows Phone 8) was set up for the average consumer, which has been pointed out several times already. Average consumer is -> Music, photos, text, calls, social, email, web, games and apps. Most users will rarely use Office and less would even want a file manager. There's enough studies to back this trend.
Mobile Office is a review/general edit software, not a full-blown suite. It's not meant to replace Office on tablet or PC. The average size of most documents (Word/Excel) are typically well under 1MB.
The large quantity of memory is to compete with other platforms. The average consumer doesn't require large memory. Statistics have shown that most people have few apps and games on their mobile. Most memory is used for photos and music.
Keep in mind, we're talking about where MS has targeted it's product which is 'first world' consumer and this is the general statistics that they have used in thinking about their product. They have also copied some aspects from Apple and their primary concern is security and ecosystem.
The WP platform is not meant to be a replacement for a computer. It was not meant to replace Symbian or Android. In it's current state it is mostly a consumer device with some productive elements. This is the best way to think of WP.
***************************************
a link for the thread
Frankly speaking I misunderstand the Windows Phone 8 OS and according to what N_LaRUE said ....this OS is not what I'm looking for, but I will keep at least one of my two Windows Phone 8 devices with me as a back up phone in case I need it for sometime.
I will not mention any more restrictions, I think that the idea behind the OS Windows Phone 8 is clear .... the OS developed for that propose for specified needs for special kind of customers and I will name them as non advanced customers with minimum needs of control over the device to give a basic and easy experience for smartphone users.
1) File manager: not really needed on the user side, if applications integrate themselves properly.
2) separate volume for notifications/alaram/whatever: god no. Just no. That was soo broken in android. I remember the days when a collage wold snatch my phone and accidentaly press the play button on whatever music widget I had an the loud music would pump in the room. No, just no. I like it the way it is. If i set my volume to 0, it means i want the phone to be quiet!
3) browser? why would you need a different browser if the one present just works? I see you're coming from android, where the system just sucks and needs 3rd party apps to do even the most basic jobs. Sorry, ain't happening on WP.
4) install XAP: nope, no piracy. As i developer, I freeking love it.
Bleh... I'm just going to respond to both of you in one message. It already kind of feels like I'm feeding trolls.
First of all, Microsoft is well aware of this site and at least some of their employees do read it and link to it at work (I work in the Seattle tech industry, so of course I know some Microsofties). It's probably not the best place to try and get a personal response, or even widespread change of opinion, but it's not something that nobody ever visits. Part of the reason XDA has such strong anti-piracy rules is to avoid being flagged as a warez site and blocked.
Second, while some of your points are good, one-option, your writing (except in your last post, thankfully) is so unpleasant to read that I find myself disregarding what you have to say even when I agree with it. Professionalism is not the only key to being taken seriously, but it's an important one. Long chains of periods (full stops) and exclamation marks, inconsistent capitalization and punctuation, difficult-to-follow sentence structure, interjections and tangents (like "Good thinking Microsoft" and "should start with removing the banned from my account in Wpcentral for example"), and so on all make it really hard for anybody (Microsoft employee or XDA member) to take your writing seriously. If you aren't going to write in a way that other people will bother to read, why write at all?
Third, Microsoft doesn't control WPCentral. There are two pretty trivial ways to tell: first, look at the domain registration information (registered through GoDaddy for "Smartphone Experts" of "Axel Ltd. Co" out of Florida); second, read their articles (including the ones they post about interop-unlocks and free dev unlocks and so on) and realize that a lot of that is stuff that MS employees would never spread externally (not that you've shown any sign of understanding how businesspeople think, but trust me, that's not something they would do). Getting all pissy about your banned account there - almost certainly because you were making a general nuisance of yourself, much like you are here, regardless of the validity of your complaints - is completely off-topic for XDA anyhow.
Fourth, if you've concluded that WP8 is not for you, that's fine and dandy. If you love other smartphone OSes so much, why do you have WP devices anyhow? They certainly aren't the cheapest option (although some of them have a great price-to-hardware value). Just have fun with your other devices. The rest of us will have fun with ours.
Fifth, the file management thing is actually a good point. mcosmin222, contrary to what you say, there are serious limitations on how much you can integrate an app with the OS. For example, lets say my music is in Ogg Vorbis format. Re-encoding it would greatly reduce the quality (and Vorbis is a good codec anyhow) but if I just put those Ogg files on my phone via USB in the normal way, I won't be able to open them from an Ogg player app, or manage them (much less play them) through the built-in media software. I can't replace that media software either, which is another kind of restriction but another genuinely problematic one; apps aren't allowed to set themselves as the default handler for anything which the OS has a built-in handler for, and the built-in media app has capabilities no third-party app is allowed to have.
Sixth, the volume control on WP8 is very poorly designed. Leaving aside the fact that even dumbphones have long been perfectly capable of supporting different media and ringtone (and call, which WP8 *does* support, and alarms, which it doesn't really) volume levels, there are other issues like keeping the same value between headphones and "loud"speaker. As for the counterpoint about blaring music when you don't want to, that's a non-issue; nobody is *forcing* you to set the volumes differently, and if you choose to do so, it's presumably because you feel the benefits outweigh the problems. However, that's not really a "restriction". It's a poor design of the OS, but it's not something that you are prevented from doing (in the same sense that producing a usable file manager is prohibited, because of the prohibition on developers adding the required capabilities to their apps). In any case, it's a long-requested and well-known item, and quite popular on the Uservoice site (which already exists as a feedback mechanism to Microsoft).
Seventh, you can actually change what buttons are on the IE app bar in WP8 (it's in settings). You can of course install third-party apps that provide their own UI around a WebView as well, just like on iOS. In fact, this is mostly *not* a restriction problem, and there are several browser apps in the store (adding more isn't hard either). The place where restrictions on the users do become a problem is in *changing* the default browser. Currently, that's not possible without pretty extensive hacks. With that said, though calling the current browser one that "just works" is an ignorant and disingenuous thing to say. It may work for many people, but it certainly doesn't work for all people. For example, the inconvenience of needing to create browser shortcuts for Forward/Back/View Source, the limitation of 6 tabs, the restriction to only "desktop" or "mobile" user-agent string options, the inability to go full-screen, and more... those are all problems with the built-in browser app that a third-party one can fix, to say nothing of the many other problems that one can't (not practically, at least).
Eighth, to send a message to a contact from the dialer interface, it's really easy: tap the contact (name or phone number) to open the contact card, then tap "text" (or whatever you want to do). That's the same number of taps, and without the hold, that it would take to do what you (one-option) are suggesting.
Ninth, you are *both* wrong about XAPs.
mcosmin222, there is absolutely no reason that you shouldn't be able to install Store apps by opening a link to the XAP in the browser or an attached one in an email; it would work the same way as installation from SD card (requires a quic connection to the store in order to get license info). In fact, this *is* how you install "company apps"; the code to handle opening files with .XAP extension is already present. It just (for no discernible reason at all) only works for XAPs with company app signatures. Logically, it *should* process DRMed-and-store-signed apps the same way that installing from SD does, and unsigned apps by offering to install them directly (assuming your phone is developer-unlocked). It just doesn't work that way, for some reason. Note that there is absolutely no increase in piracy through this approach; it is *merely* a way to make legitimately installing apps less inconvenient for the user. That's it.
For one-option, as I've already mentioned, you can open XAPs in the browser or email; they just won't install that way if they are either store apps or development/homebrew apps. To install store apps, use the store on the phone, the store web site on a PC, or a SD card. To install homebrew/development apps, use the Application Deployment tool (xapdeploy.exe) that is part of the (free) WP8 SDK installation with a phone connected via USB. This is a bad user experience, undeniably; to have so many ways to install apps is good, to have them all mutually incompatible with each other is terrible. For example, why not let xapdeploy (or some other USB-based tool) install store-signed apps, anyhow? It would serve *exactly* the same use case as doing it via SD card, but would be more convenient for those people who have the dev tools installed and would be usable by people who don't have microSD slots.
Once again, though, this isn't really a "restriction" thing except for the limits on what sideloaded apps can do, and how many can be sideloaded. It's a poorly-designed user experience which causes frustration, confusion, and misconceptions about the product line, all of which are detrimental to gaining market share and positive marketplace reputation. That's more than bad enough, but don't confuse it with "restrictions". Those exist too, but you missed them entirely.
Hi,
The worst drawback is the calendar, doesn't anyone use it nowday's? As a working tool it's unusable. Thanks to Week View I can use WP 8 but even Week View is limited due to the lack edit function in the program. I know Microsoft "consider" this issue, consider!? Take a look of the calender in WP 6.5 that one had all the functions needed for Daily use.
Second worse is the dialer that doesn't look up phone numbers. Ok I use Another dialer for Calling and the built in when calling missed phone calls. Somehow we are back in the stoneage in some areas.
I choose WP 8 because of the strong Connection with Exchange which the other phone OS lacks.
Still WP 8 it's fast and works well in other areas but as mention earlier in the threads, it's not made as a working tool, it's made as a toy!
Just my 2 cent!
@GoodDayToDie:
I said the file manager is not really needed on the user side. I want the apps to have more powers when handling the user folders however. Trust me, I know the ogg vorbis problem better than anyone on this forum.
Hi.
I have done a small amount of cleaning. OP if you insist on having a thread about why you do not like WP8 (Presonally I have never tried it so I don't care one way or the other), then I expect you to do so in a civilized and respectful manner. This goes for everyone that feels the need to reply to this thread. There is nothing wrong with a discussion about personal preference or likes and dislikes as long as it is done with thoughtful and mature conversation.
Cheers,
-DSB
diestarbucks said:
Hi.
I have done a small amount of cleaning. OP if you insist on having a thread about why you do not like WP8 (Presonally I have never tried it so I don't care one way or the other), then I expect you to do so in a civilized and respectful manner. This goes for everyone that feels the need to reply to this thread. There is nothing wrong with a discussion about personal preference or likes and dislikes as long as it is done with thoughtful and mature conversation.
Cheers,
-DSB
Click to expand...
Click to collapse
The matter is that I opened this thread to collect the WP8 restrictions, in fact it wasn't restrictions but this is the way the system works.
So I pointed out that and I mentioned that I will not talk about any more restrictions in Windows Phone 8 cause it is working that way.
but WP8 people insisted to attack me & I replied back.
I tried to provide clear image and experience about Windows Phone 8, but some people just don't like that.
one-option said:
The matter is that I opened this thread to collect the WP8 restrictions, in fact it wasn't restrictions but this is the way the system works.
So I pointed out that and I mentioned that I will not talk about any more restrictions in Windows Phone 8 cause it is working that way.
but WP8 people insisted to attack me & I replied back.
I tried to provide clear image and experience about Windows Phone 8, but some people just don't like that.
Click to expand...
Click to collapse
If you, or anyone, feels they are being attacked, then the correct course of action is to report the post and let a mod come in and handle it. Replying back is just going to drag on the issue and in most all cases will make things worse.
Light side is often spoken of because the "dark" side is covered just about everywhere. The OS is the dark horse in this race, it has flaws just like the rest ...but there easily found in detail elsewhere.
Sent from my RM-878_nam_usa_100 using Tapatalk
one-option said:
Here are some retractions to those who intend to buy a new Windows Phone 8 device.
1- No File Manager in Windows Phone 8
The file manager is an important tool to get control over your device, Well here is the idea
Windows Phone 8 is more like application dependent platform, it is organized in strict way so if you want to watch video you will have to check in (Music + Video section/Hub) where you will find your videos and Music.
Same thing is true for images you have to watch your images in photo section/Hub....for other kind of Documents like word or excel you will have to check in Microsoft Office..... there is no ability to check this files inside the folders from the phone........... in general you can't see the folders unless you connect your phone to a computer......... every thing should be kept in its place images in Photo folder, ringtones should be in ringtone folder and so on.
So If you want to create another folders for special images other than photo folder Windows Phone 8 will not be able to see them !!!!
This is not smart at all
So what about non supported files or files there is no application to open them ?
There is no way to open such files in your phone or view them weather this file was image, video or what ever else.
In general people long time back requested Microsoft for file manager, but Microsoft simply not responding and ignoring that requests.
2- Control ringtone and media volume separately
This is another big problem.......... for example at night if you turned the phone ringer silent and you want to listen to some music you will not be able to do so in Windows Phone 8 smart phone .........cause if you turn phone ringer silent ....every thing will turned silent music , video ....every thing......Good thinking Microsoft.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3- Web Browser: Windows Phone 8 use Internet explorer 10 as default web browser and in general there is very few web browsers available in the market.
back to internet explorer there is only refresh button available in the browser no stop or going forward or back....... it is really bad experience to browse the web with Internet explorer.
More than that try to visit a web site with drop down list and select any thing , you will find the drop down list and you will be able to select what ever you want but that will make no different and the system will not respond to what you have selected...really disappointing .
4- Phone dailer: In general Phone book and Phone dailer one of the things I like about this OS it is really unique but it is missing some features like smart dailing & call duration in call History, long press on a contact name will offer two options delete the item from call history or block that name, no other options to send a message or MMS you have to dig inside to get this options.
5- Install XAP Files without SD Card: In Android for example you can install APK files in any Android phone (you can download any Application from any non google markets and install it offline without the need for internet connection by downloading APK files) but the equivalent of APK file in Windows Phone 8 is XAP file and it can be installed only in a handset with SD card support !!!!
Devices like Nokia Lumia 1020 or 920 is not able to install XAP files where in low end device like Nokia Lumia 520 you can do that !!!!
What a nice thing.
To be continue
Click to expand...
Click to collapse
Seeing as you complain about the file manager and not being able to install XAPs directly but can do that on Android, why don't you try doing that on iOS? Should be easy right? Microsoft hates you after all. They don't want you to do anything on your Nokia 3310 with a touchscreen and a camera.
1- No File Manager in Windows Phone 8
The file manager is an important tool to get control over your device, Well here is the idea
Windows Phone 8 is more like application dependent platform, it is organized in strict way so if you want to watch video you will have to check in (Music + Video section/Hub) where you will find your videos and Music.
Same thing is true for images you have to watch your images in photo section/Hub....for other kind of Documents like word or excel you will have to check in Microsoft Office..... there is no ability to check this files inside the folders from the phone........... in general you can't see the folders unless you connect your phone to a computer......... every thing should be kept in its place images in Photo folder, ringtones should be in ringtone folder and so on.
So If you want to create another folders for special images other than photo folder Windows Phone 8 will not be able to see them !!!!
This is not smart at all
So what about non supported files or files there is no application to open them ?
There is no way to open such files in your phone or view them weather this file was image, video or what ever else.
In general people long time back requested Microsoft for file manager, but Microsoft simply not responding and ignoring that requests.
2- Control ringtone and media volume separately
This is another big problem.......... for example at night if you turned the phone ringer silent and you want to listen to some music you will not be able to do so in Windows Phone 8 smart phone .........cause if you turn phone ringer silent ....every thing will turned silent music , video ....every thing......Good thinking Microsoft.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!
3- Web Browser: Windows Phone 8 use Internet explorer 10 as default web browser and in general there is very few web browsers available in the market.
back to internet explorer there is only refresh button available in the browser no stop or going forward or back....... it is really bad experience to browse the web with Internet explorer.
More than that try to visit a web site with drop down list and select any thing , you will find the drop down list and you will be able to select what ever you want but that will make no different and the system will not respond to what you have selected...really disappointing .
4- Phone dailer: In general Phone book and Phone dailer one of the things I like about this OS it is really unique but it is missing some features like smart dailing & call duration in call History, long press on a contact name will offer two options delete the item from call history or block that name, no other options to send a message or MMS you have to dig inside to get this options.
5- Install XAP Files without SD Card: In Android for example you can install APK files in any Android phone (you can download any Application from any non google markets and install it offline without the need for internet connection by downloading APK files) but the equivalent of APK file in Windows Phone 8 is XAP file and it can be installed only in a handset with SD card support !!!!
Devices like Nokia Lumia 1020 or 920 is not able to install XAP files where in low end device like Nokia Lumia 520 you can do that !!!!
What a nice thing.
To be continue
Click to expand...
Click to collapse
i totally agree...
iOS have Jailbrake,Android have Root...what have WP ?
To end all discussion about the negative points of Windows Phone 8, I'm going to invalidate the issues some people (including me for some time) were having with the WP8 OS (WARNING SOME CRITICS ARE STILL IN EFFECT IF YOU DON'T HAVE AN INTEROP UNLOCKED ATIV S):
- No decent free YouTube App : Not anymore, the official YouTube app has been revived, download here
- No File Manager : Not anymore (interop unlocked phones only) : download here
- No MKV support : there are apps out there (mostly paid apps like YxPlayer WP8, Moliplayer Pro and Best Player) which do support MKV. You might argue that these apps are not free and so the critic is still in effect, but VLC for WP8 (see Kickstarter : news update 10, all the way down the article) is coming, so no your argument is invalid.
- Manufacturer exclusive apps : one word proxy
- no customization whatsoever 20 tile colors and one lockscreen picture : SamWP8 (interop unlocked phones only) of -W_O_L_F- allows custom tile colors and there are lockscreen apps which allow to display weather information on the lockscreen (free ones like Bing Weather and MoWeather HD (which I can't install in English, keeps on installing in Chinese) and also paid apps like Weather Flow, Amazing Weather HD and WeatherSense. You might argue that you can't have widgets on your lockscreen like in Android : Lockmix, your argument is invalid.
- No Task manager : Close button in multitask menu since GDR3
- No Live Tile clock because of refresh frequency limitations by Microsoft : Sideloading TimeMe works perfectly, updates each minute (store version updates each 40 minutes).
- Windows Phone 8 SDK only for Windows 8 : Not anymore, Tutorial: Install Windows Phone 8 SDK on Windows 7 the Easy Way by compu829
- Lack of official apps, mostly web links (eg YouTube) : Vine has been released, Instagram will probably follow (it's from the same company), Facebook beta is becoming pretty decent, Twitter has an official app, YouTube has been revived (see first point), Foursquare has an official app and there are pretty decent free third party apps out there for apps who don't have an official version yet (like 9gag, instagram and others, most great apps were made by Rudy Huyn)
There are some critics which I admit are bothering even me and I can't invalidate them at the moment, these are :
- Windows Marketplace isn't as great as the other marketplaces (like Apple Store and Google Play), but it's growing (Rome wasn't build in a day, you know ) : many paid apps which should be free because they are too insignificant to ask money for (eg a Wallpaper app) but there are still some great store deals and even paid apps become free for a day (to keep you updated with these deals, install these three apps)
- Update rollout takes too long time to complete in some places, despite the name GDR (General Distribution Release). I still didn't received the GDR2 update here in Belgium/Western Europe (except for Germany and the UK) through the Phone Updates on my Ativ S itself, I had to flash it manually.
- No competition on hardware specs, all is specified by Microsoft. I hope the introduction of quad-core CPU's (like the Snapdragon 800 in the Lumia 1520) will bring change on this aspect.
- Even small adjustments (like turning captive buttons off and changing the phones language and/or region) requires a reboot, where on other OS's they don't.
- Keyboard language suggestions pack downloads itself in the Phone Updates, won't start automatic, requires reboot + requires migration of settings/data (takes about 15 minutes). On other OS's this is a simple download.
- Nokia has too big of a market share to attract other manufacturers, Nokia is also a privileged manufacturer (definitely after the Microsoft-Nokia deal took place) making fair competition almost impossible.
- Windows Phone and Microsoft have a problem recognizing minorities, Spotlight in Flanders (Dutch speaking part of Belgium) is French, how dare they .
aSpirit81 said:
i totally agree...
iOS have Jailbrake,Android have Root...what have WP ?
Click to expand...
Click to collapse
I respect everyone's opinions. I used to be an iphone user from 2g to 4. Went to android, now I have a lumia 1020.
I had jailbrake on my iphones because I wanted my phones to do more useless things. I gained root on my android devices and flashed the heck out of them to make them cleaner and faster( who wants to wait 0.3 of a second more time to open a browser)
Personally I don't miss anything about my previous devices. The only thing missing (in my opinion) is making folders and putting games in one, apps in other e.t.c. and the ability of someone sending me an app via mail or bluetooth, and manually installing it. Either way , I am very happy with my lumia 1020..... camera.
I would like to start a forensics thread.
I am a securiry auditor ( pen tester) and good at reverse engineering.
*****UPDATE******
I have owned the application decomiled the entire thing. I have all the download scripts and the actual apk is it not mktcamera it is
com.example.cameraroot-325a203119a823aad9e160e729650fbb.apk
I have given chainfire the apk it is up to him what he does.
I will send an email to kingo and and see if they want to clean up there ****. if they dont. i will release everything.
If you do not beleave me pm chainfire and ask him yourself.
I can not spend anymore time on this.
Sounds interesting. Kudos to you for attempting something concrete.
If you want to do static analysis of the initial download ("android_root.exe"), see this post. The initial Kingo download is an Inno Setup self extractor that can be unpacked without running it using the InnoUnp extractor utility.
I'll see what I can do to help.
thanks
I am trying to download the latest kingo. There site is very very slow. Looks like it is getting ddos. That is really good. It might give me a change to hit the request with session splitting, so i can get the scripts manually.
I
can someone translate this
Getting closer to having this app owned
I need this translated thanks!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.
subbed for results. Thanks for taking the time to look into this and sharing with us, very intriguing
krazylary said:
I have decided to not release the source code publicly. I will be giving it to the rockstars in the android world so we can have a clean root.
Click to expand...
Click to collapse
Thank you. It would be much preferable to having a static ARM (not PC-based) binary that needs no network access to get it's job done. Open source would be even better - even in the case of a completely static binary with no need for network access, the device owner is still "turning over their device" to that program and trusting that it is not malicious. After all, if it succeeds, it pwns the targeted device.
Although, truth be told, that just makes Sammy's job of closing off the hole that much easier, but that's the nature of the arms race.
Q about your previously posted (and now redacted) summaries - what is typical for false positive detection rates for random executables submitted to those "all in one" virus scanning services? Seems like the candidate malware identified would have shown some evident symptoms (popup ads, site redirection, etc) on folks platforms - unless it just lies dormant for a while or has been subverted itself to serve other needs (bot, etc).
What was the nature of the .xml that was being downloaded - did you have a look?
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Sent from my SM-N900V using xda app-developers app
dead batteries said:
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Click to expand...
Click to collapse
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Opps!
Yes
bftb0 said:
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Click to expand...
Click to collapse
What he said
I would like to add that the coders of kingo have gone above and beyond trying to hide there exploits methods and everything around it. i would do the same if i had a exclusive exploit like this... Exploits cost money if you want to use them. nothing is free nothing. They get something out of it. Or they would not return emails or update the software Would you? It sure as **** is not advertising on there site.
fyi one of the files that is download from kingos servers is called root_kit_base.sbin
Why blur out the program you are using?
personal
here are the programs
colasoft caspa enterprise 7
ida pro 6.5 arm hex rays
wireshark
cascade pilot enterprise
burp suite pro
just like to not have personal info exposed.. habit i guess.
christianpeso said:
Why blur out the program you are using?
Click to expand...
Click to collapse
Thanks for the info guys, that was a well thought out Super long answerand I read it all. ..twice. It doesn't "seem"like I need to worry though. My root with kingo went well, took less than 5 minutes if I remember and my device seems better because of it. Is There anything I should keep an eye out for?
Sent from my SM-N900V using xda app-developers app
I'm confused, did you actually find something malicious or is that where chainfire comes in?
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
bftb0 said:
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
Click to expand...
Click to collapse
Is it possible that information is needed on a per device basis in order to implement the exploit? Thus network connectivity would be essential for a universal rooting tool?
Sent from my SM-N900V using Tapatalk
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
bump
Sent from my SM-N900V using Tapatalk
kenneu said:
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
Click to expand...
Click to collapse
Kinda wondered that myself. Nothing materially changed on the device end of things for the VZW GN3 ... and all of a sudden a bunch of new reports that Kingo no longer works on that (unchanged) device... ?
Could be mere coincidence ... or could be that Kingo didn't want folks looking under the hood... hard to know.
$$$$$$$$$
Actually find a new way wanted your opinion about.
I have my flag app with over 1M install called Signal Boosters (Fred Baker)
I was trying to monetize creating my own offerwall and taking offers from the networks, long story, that didn't really hit the jackpot for me.
I had a huge problem of uninstalls (70%) since the walls didn't really work so I got really interested in the uninstall event and how to capture it.
Over a year I was able to capture the uninstall event using and launch a browser at the moment of uninstallation without leaving any traces or processes running on the devices afterwards (no trojans or anything that gets you banned)
(I saw some very popular and known apps use this implementation to survey the users that uninstalled and that was my inspiration)
I wasn't sure how to use it without pissing off someone and if it's actually allowed so I integrated it in my app and never talked to anyone about it.
A month ago or so I came across a company called APPJOLT doing exactly that.
I registered and entered their dashboard and saw they developed a whole system around this technique with the purpose to offer your users an incentive to come back to your app or cross-promote to other apps.
They have an option for free cross-promotion campaign so it hit me right away I can use their system with a CPI offer I took for my offerwall from one of the networks, so at the moment of uninstall it will show the offer and I will get paid for it.
I couldn't believe it but it worked, I see almost 1K uninstalls a day and generate around 70 conversions which generates $30-50 a day.
Not sure if I hit gold or not, just wanted to ask the members of this forum how can I improve this flow? or am I missing anything?
$$$$$$$$$
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
peachpuff said:
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
Click to expand...
Click to collapse
Well, blame them both. Samsung is knowingly 'accepting' the Google 'flaw' on it's phone. So Samsung is also culpable.
Talk about an Over the Top Melodramatic 1st post!
Stay off the internet - Get rid of your Smart TV - Live in a box... SMH
Sent from my SM-G955W ??
Niccolò Paganini said:
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Click to expand...
Click to collapse
I wouldn't worry about it the NSA and Google already know everything about you.
without permissions 99% of your apps won't work. want to stop tracking ?dig deep into your account, real real deep to cut off a lot of privacy issues
then when you have time, google your name
pltctytc said:
....then when you have time, google your name
Click to expand...
Click to collapse
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Gregzi said:
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Click to expand...
Click to collapse
Agreeing to ANY extent with the OP's RIDICULOUS and ABSURD post & a Thread Title that is Entirely Misleading and Uninformed!
While everyone is entitled to their opinion - This Thread & Particularly it's Title are perilously close to warrant being Reported to the Mods!
It's a simple process to Disable Background Data for each and every Application that you decide to disable in Settings - Apps - Permissions - Data - Background /Toggle Off.
I made reference to Smart TV's as they are constantly "listening" in order to provide functionality - Then there's Laptop cameras which could be equally used to "spy" on their users... Are we to disable the functionality offered by Ok Google - Which is also "listening" to provide the functionality that we have come to expect from our technology?
Two Tin Cans and String are the bastion of the Paranoid & Conspiracy Theorists.
Sent from my SM-G955W ??
**** this I'm going back to a Palm Pixi so the NSA can't spy on me!
What if.....
The NSA IS Google?!
Seriously? You're downloading things from F-Droid and Yalp and you're concerned with what data individual apps are sending? If you don't trust an app to have an internet connection, why on earth are you using it? If you don't trust the company behind an app to use your data appropriately, whey are you using that app? Do you shut off all data so your internet/mobile provider can't sniff out what you're doing? Tin foil is relatively cheap.
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Surely this is "the only reason", surely. I'll assume you have thought through the entire process of creating a mobile phone operating system as complex as Android, and also every detail involved in creating an application ecosystem that scales to millions of user created applications access by billions of people that worldwide probably generates over a trillion dollars in overall economic revenue (including employment by business built around it, advertising money spent, etc). Surely you saw a foolproof way too easily do all of this AND follow seemingly arbitrary privacy rules? You MUST have also COMPLETELY ruled out every other innocent explanation using this model, including showing conclusively that it wouldn't cause ANRs, app crashes, or anything else. Right?
You also have data showing more than just you would revoke this permission right?
Right?
Mr. Orange 645 said:
What if.....
The NSA IS Google?!
Click to expand...
Click to collapse
You mean you only just realised this NOW???!
I have to say, I'm always amazed how little people care about the spying that's being done through their phones. Saying "live in a box" or "just don't use the app" is a stupid response. You can still want to be part of society (which nowadays REQUIRES using whatsapp/facebook/google) EVEN THOUGH you're uncomfortable with the privacy implications. Someone acknowledging and being aware of this, and trying to improve upon it (or even simpler, just demanding improvements by the companies you pay a thousand dollar for a new phone) is often ridiculed as if it wouldn't matter, or people accept it as an something that is required for the systems we use. Social networks could work totally fine without being centralized, google maps doesn't actually need to send your location to google to function, and no app that i know of needs to send your usage of the phone to their company to do whatever it promises to do. Yet many apps do. It's not so much about that it is possible, the problem is that it is allowed. It shouldn't be allowed, much of the data collection should simply be outlawed. But, since hardly anyone seems to care, I don't see that coming anytime soon. I've tried to find people interested in this, but not even on reddit /r/privacy/ this seems to be a major concern.
@the_toast
There's a difference between being responsible for the amount of privacy you have and the amount of personal information that has already been made available... long before people were even aware of the amount of personal information that was already gleaned from the Products and Services that you have been using for years. To some extent trying to reign in your personal information is like closing the barn door after the horse is long gone.
The guy who originally posted this Thread is focusing his "panic" on one device and THAT is naive and Grossly Misleading!
Whether it's FB (which I don't use) or signing up for a Loyalty card - Your personal information is everywhere! Using common sense going forward is the only rational approach, but standing on an imaginary mountain top and shouting to the world that one device is "spyware" is ridiculous and deserves to be called out ?
Sent from my SM-G955W ??
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
MiMtnBiker said:
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
Click to expand...
Click to collapse
And if you Travel into the USA... Did you know THIS?
https://www.google.ca/amp/www.cbc.ca/amp/1.4494371#ampshare=http://www.cbc.ca/1.4494371
Sent from my SM-G955W ??
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
@the_toast
Many of the answers - including "live in a box" - "stay off the internet" were in direct response to the careless & irresponsible comments by the OP - like = like?
Not only your phone has the potential to gain access to your personal information - But your Laptop camera - Your Smart TV (that is "listening") But this technology is something that most people appreciate and expect their tech to provide them with the functionality that they want - Being aware of the capabilities of your Tech is prudent - being paranoid & frightened by it is just sad.
The issues of Privacy are extensive and if someone decides to pull on that thread - it's going to be never ending.
Common sense & being informed is the most appropriate way to go ??
Sent from my SM-G955W ??
the_toast said:
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
Click to expand...
Click to collapse
I'm afraid the only way you are going to change it is to completely get off the grid. Many people are oblivious to the fact that they are willingly giving up their personal information when they have their noses buried in their smartphones pert near all day. What's worse is that the politicians only seem to cater to the wealthy, and since they are salivating at the idea of getting their grubby hands on your info, this will continue. Unless there is a huge uprising and people assemble in protest of this, it will not stop. Heck, I don't even think it will stop, then. Nope, money is the reason as to why this won't change and, unfortunately, you have no say in the matter. Unless, that is, you do get completely off the grid.