Related
Google has been known for a long time to perpetually store all searches by IP, with the ability to assemble a shockingly complete picture of people by what they search on. Recently the Google CEO regurgitated the view that, "If you're not doing something wrong, you have nothing to worry about." (look it up)
Well I like Android and the development excitement, as I've used Debian exclusively for 12 years. But I am gravely concerned about privacy issues were I to buy an Android. I've hardly even used Google as a search engine. (Clusty)
Has any research been done on this? Does no one else share this concern?
You can disable this function of your Google Account. After logging in click the 'Dashboard' link that says 'View Data Stored With This Account'. Scroll to the bottom of the page where it says 'Web History' and you can disable/clear it for your account.
If using Google as your search engine makes you nervous then this should really put a bee in your bonnet:
Google and the NSA: Necessary Allies http://www.pcworld.com/businesscenter/article/188558/google_and_the_nsa_necessary_allies.html
Of course it's for 'OUR' protection.
Building on what mr_skot said... Google's CEO also made it clear that user information is only linked to you for a few months, then it is scrubbed and is made anonymous for more time. I can't remember if he said it was something like 18 months or a few years. Either way, they're serious about maintaining privacy, and you can bet that after the Chinese attack a couple weeks ago, they'll be beefing up security and changing their protocols.
If you want to remain completely anonymous, I suggest not using google, or google talk, or syncing your phone etc.
basically, you give a huge chunk of personal information by using google's services...
THAT was one of my hesitations of switching from winmo to android, but I got over it.
Real tin-foil hat wearer's don't use cell phones! For communication, they hand deliver letters, at secret drop off points.
What exactly are you guys doing to be so hesitant about Google? The personal information on your phone is so dire that you don't want them to view it? What will they do with this information unless you are doing something illegal? Other than that, I highly doubt they are just going to 'target' you purposely - the only way I could see you being so in danger is that they get hacked, and people go through their servers or whatever.
But what are the chances, that you and the millions of other people out there are going to be in danger? Maybe because I don't use my phone for.. bad purposes per-say, or search anything bad, I have no worry. I'm curious as to why people fear Google, though, maybe I'm being to open minded.
The point is in being comfortable with a stranger being able to know a lot of information about you ay the stroke of a key.
I would worry more about T-Mobile than Google, since they are the ones that monitor U for the Gov.
mrbkkt1 said:
The point is in being comfortable with a stranger being able to know a lot of information about you ay the stroke of a key.
Click to expand...
Click to collapse
Yes but the thing is, who cares about you specifically. What person in the GOOG HQ do you believe actually 'thinks' about you enough to want to be able to access any information about yourself. No one wants your info, so no one will try to find you - your information - or where you live.
I guess it is disturbing to people that they CAN do that, but T-Mobile can too, AT&T can too, and of course any other carrier has the same information that Google has, although Google could be more precise, or they could be more evil. What are you afraid of Google having? Your contact numbers? Your SMS? Your.. emails? Out of all those, I honestly don't care if they have it. Google isn't the only company with your location, so it isn't something I want to list.
There is probably something I'm not understanding here, though, and someone can probably easily explain how I am completely wrong about everything.. but this is my perspective. I believe if they don't care about you, then they wont dig into your life.
It's an invasion of privacy--though of course, your government invades your privacy all the time and has access to plenty of down-and-deep information about you. It's understandable some people would be anxious about it, whether or not they've done wrong. Mind you, this isn't exclusive to Google or anything. Microsoft collects information about you when possible. I don't doubt Apple et al does too.
I'm a bit leery about it myself; you sacrifice privacy for convenience and ease of use (google services/apps are great and easy to use, synchronization with your Android phone is excellent, etc), then you find yourself giving up more and more information. It's not the most comfortable state.
Eclair~ said:
What exactly are you guys doing to be so hesitant about Google? The personal information on your phone is so dire that you don't want them to view it? What will they do with this information unless you are doing something illegal? Other than that, I highly doubt they are just going to 'target' you purposely - the only way I could see you being so in danger is that they get hacked, and people go through their servers or whatever.
But what are the chances, that you and the millions of other people out there are going to be in danger? Maybe because I don't use my phone for.. bad purposes per-say, or search anything bad, I have no worry. I'm curious as to why people fear Google, though, maybe I'm being to open minded.
Click to expand...
Click to collapse
Congratulations, you win the Daily Mail award.
If you feel that only people who are doing something wrong need to worry then you can't really be against CCTV cameras on every corner. How about tagging all your shopping so your waste can be tracked or chipping everyone so they can be tracked at any time, in real time. I mean, if you're not doing anything wrong why would you worry
There *are* things that aren't illegal that you might not want any Tom, **** or Harry knowing. I can tell you now that any Google employee with access to that data is worth $$$ to a private detective - but then all Google employees are angels and never break the law and don't have gambling debts or money problems.
While the corporation (google) might not be particularly interested in the individual, the corporation is made up of individuals who may not have the same values as good honest folk. That's something you can't guard against.
Never ever use the argument that if you're not doing anything wrong then you have nothing to fear. 'Wrong' is a value judgment, subject to change at any time. 'Illegal' varies from place to place, country to country.
SC
ScaredyCat said:
Never ever use the argument that if you're not doing anything wrong then you have nothing to fear. 'Wrong' is a value judgment, subject to change at any time. 'Illegal' varies from place to place, country to country.
Click to expand...
Click to collapse
Exactly. And this was exactly the assertion that Google's CEO made this December. I repeat a famous old wisdom: 'Those who would trade freedom for security, deserve neither.'
To those naive ones who can't understand the privacy ramifications, suffice it to say that my business is none of their business. You can not understand how a fascist regime operates, or know what it was like behind the Iron Curtain. I was in intel, and do not like the unConstitutional changes to the law that were made in the past 9 years, and so I want to protect myself. You can open your life like a book as you like... eh, maybe it'll be OK. Or maybe your divorcing wife or someone suing you will find things you didn't want.
I am just trying to find out what kind of hooks Android may have that may cause it to store information unjustifiably and/or send it back to the Mother Ship. Of primary concern is the OS, and secondary is Google apps. I am assuming that the nav app is a no-go.
Before anyone lazily asserts that my OS or browser is more vulnerable, I've run Debian exclusively for 12 years, secured using the NSA procedure. I have used Google for search only a few times since it started, owing to their atrocious data retention policies (I use Clusty.com), and do not have a Google account. I don't trust assurances that data is scrubbed because they make much of their money from the information.
I do use T-Mobile, as they are one of only two companies that refused to cooperate with Bush's unConstitutional warrantless wiretapping. (Qworst was the other one) Oh, you think warrantless wiretapping is legal? Then why last year did Congress pass a law specifically exempting Big Telecom from Constitutional challenges? (which BTW, Obama voted for; that was it for me with him)
Has any research been done on the security of Android? I couldn't find any. (I am aware of the HTC leak, which was squashed by Cyanogen)
No one else has thought about this?
Oddly enough, using custom ROMs makes me somewhat less concerned about privacy. Being able to pick and choose components of the software does help.
Afraid I got nothing else to add, though. Ultimately, you can either put on your tinfoil hat and cut yourself off from all online contact (because someone, somewhere, is always collecting information) or resign yourself to it.
And you seriously believe Google are the ONLY ones doing this? at least we know about it.
How do companies get their 'market research'?....
I believe we have nothing to worry about, but in this day and age, to expect to be completely anonymous and 'off the grid' is about as plausible as Apple employees using Android devices in the office...
I wrote a long post then decided to delete it cause Im not going to change anyones minds on a message board anyways. So Ill simply say, no, I dont worry about it.
Amdathlonuk said:
And you seriously believe Google are the ONLY ones doing this? at least we know about it.
How do companies get their 'market research'?....
I believe we have nothing to worry about, but in this day and age, to expect to be completely anonymous and 'off the grid' is about as plausible as Apple employees using Android devices in the office...
Click to expand...
Click to collapse
So... your solution is to give up and resign yourself to allowing a Police State. No thanks, I don't agree.
ThatSearchEngineThatEveryoneUses is a gigantic corporation which will vacuum up every search you do and correlate them to assemble a frighteningly accurate picture of who you are. Nah, fsck that. I'll stick with Clusty and off-OS's like Debian.
Resign and argue with me all you want.
My thoughts...
1. Seperate your data. Its why I refuse to useGoogle Chrome. I already have enough info on Google without them knowing every single purchase , website visit , and log in info for everywhere I go.
It may be futile but its at least an effort.
2. No company tosses information. I dont care how many times I press clear or delete on Google settings. My personalized info is sitting on a server somewhere and will be until that info becomes worthless.
3. I have zero desire to contribute to skynet =-).
Im fully convinced data supported profiling will be in the hands of some ridiculously powerful AIs and Im not in the mood to have a bunch of robots know what Im going to do before I do it.
Lastly I really do think its absolutely sad how easily people forego there privacy like it shoudl be of no concern.
Your GSM operator can track and record all your calls, and can be subpoenaed for your general location at any time. Would you trust them more than Google?
xManMythLegend said:
My thoughts...
1. Seperate your data. Its why I refuse to useGoogle Chrome. I already have enough info on Google without them knowing every single purchase , website visit , and log in info for everywhere I go.
It may be futile but its at least an effort.
Click to expand...
Click to collapse
Except Google Chrome does not collect enough information to discern such a thing, and your ISP can find out all that (and more, as long as it's not SSL-encrypted) anyway.
Everyone put on your tin foil hats!
Has any research been done on the security of Android? I couldn't find any.
Click to expand...
Click to collapse
Yeah, it's all, you know, here: http://android.git.kernel.org/ . Dig the source and see if Android's sending any rouge information to anyone.
Quantumstate said:
So... your solution is to give up and resign yourself to allowing a Police State. No thanks, I don't agree.
ThatSearchEngineThatEveryoneUses is a gigantic corporation which will vacuum up every search you do and correlate them to assemble a frighteningly accurate picture of who you are. Nah, fsck that. I'll stick with Clusty and off-OS's like Debian. Resign and argue all you want.
Click to expand...
Click to collapse
And it's not already?
What about CCTV? all the online purchases you make?
Credit card details?
Mortgage?
Electoral Roll?
National Insurance details...
Christ, they already know more about us than you can think.
Do a search for your name on the internet, I even found a site listing my marriage to my ex-wife, the children we had and when/where they were born......
I won't KNOWINGLY contribute to them collecting my data, but I'm not going to get paranoid about it either.
First of all: I'm an OSS advocate and love the idea of open source. Don't forget that while reading this.
Some 2 month ago, I got myself a Galaxy S. It's not exactly cheap, but on the other side, it's really good hardware. This thread is not about Samsung or the Galaxy S. It's about the missing parts of android security.
We all know it from our home computers: Software sometimes has bugs. Some just annoy us, others are potentially dangerous for our beloved data. Our data sometimes gets stolen or deleted due to viruses. Viruses enter our machines by exploiting bugs that allow for code execution or priviledge escalation. To stay patched, we regularly execute our "apt-get update;apt-get dist-upgrade" or use windows update. We do this to close security holes on our systems.
In the PC world, the software and OS manufacturers release security bulletins to inform users of potentially dangerous issues. They say how to work around them or provide a patch.
How do we stay informed about issues and keep our Android devices updated?
Here's what Google says:
We will publicly announce security bugs when the fixes are available via postings to the android-security-announce group on Google Groups.
Click to expand...
Click to collapse
Source: http://developer.android.com/guide/appendix/faq/security.html#informed
OK, that particular group is empty (except for a welcome post). Maybe there are no bugs in Android. Go check yourself and google a bit - they do exist.
"So why doesn't Google tell us?", you ask. I don't know. What I know is that the various components of Android (WebKit, kernel, ...) do have bugs. There's nothing wrong with that BTW, software is made by people - and people make mistakes and write buggy code all the time. Just read the changelogs or release notes.
"Wait", I head you say, "there are no changelogs or release notes for Android releases".
Oh - so let's sum up what we need to stay informed about security issues, bugs and workarounds:
* Security bulletins and
* Patches or Workaround information
What of these do we have? Right, nada, zilch, rien.
I'll leave it up to you to decide if that's good common practise.
"But why is this important anyway", you ask.
Well, remember my example above. You visit a website and suddenly find all your stored passwords floating around on the internet. Don't tell me that's not possible, there was a WebKit bug in 2.2 that did just that. Another scenario would be a drive-by download that breaks out of the sandbox and makes expensive phone calls. Or orders subscriptions for monthly new ringtones, raising your bill by orders of magnitute. Or shares your music on illegal download portals (shh, don't tell the RIAA that this is remotely possible).
The bug is probably fixed in 2.2.1 - but without changelogs we can't be sure.
But that's not all - there's a second problem. Not only are we unaware of security issues, we also don't have automated update mechanisms.
We only receive updates when our phone's manufacturers release new firmware. Sadly, not all manufacturers support their phones in the long run.
In the PC world, most Distros have a central package management - that Google forgot to implement in Android. Agreed, some phones can receive OTA updates, but that depends on the carrier. And because of the differences in Android versions it's not possible to have a central patch management either. So we do not know if our Android devices might have security issues. We also have no easy way to patch them.
Perhaps you knew this before, then I apologize for taking your time.
What do YOU - the computer literate and security aware XDA users - think about this? Do you think that's a problem? Or would you rather say that these are minor problems?
Very intresting, thanks! The update problem should be fixed with the next release, no more custom UIs and mods from phone manufacturers,at least google said that
Sent from my Nexus One using XDA App
Excellent post and quite agree with you. The other significant problem looming is the granularity (or rather, lack thereof) in app permissions which can cause problems you describe without bugs and exploits. I install an app that does something interesting with contacts and also has internet access to display ads. How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
I love Android but it's an accident waiting to happen unless the kind of changes you advocate are implemented and granularity of permissions significantly increased. I don't like much about Apple but their walled garden app store is something they did get right although IMHO, they also abuse that power to stifle competition. Bring out the feds!
simonta said:
The other significant problem looming is the granularity (or rather, lack thereof) in app permissions [...]
How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
Click to expand...
Click to collapse
I agree, although I'm not sure that less experienced users might have difficulties with such options.
simonta said:
I love Android but it's an accident waiting to happen
Click to expand...
Click to collapse
Sad but true. I'm just curious what Google will do when the first problems arise and the first users will have groundshaking bills.
If that happens to just a few users, it'll get a kind media coverage Google surely won't like.
I've seen quite a few android exploits posted on bugtraq over the years. It's a high-volume email list, but with some filtering of stuff you don't care about, it becomes manageable. It's been around forever and is a good resource if you want the latest security news on just about anything computer related.
http://www.securityfocus.com/archive/1/description
People are bashing a lot about the Android security model but the truth is you can never have 100% protection with ANY solution.
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Speaking again of Android. I think the permission model is not bad. I mean, no other OS got such detailed description about what an app can do or not. But unfortunately it can only filter out very conspicuous apps, i.e. a Reversi game asking for your location and internet access. But then you never know... if the app is using ads it requires location and internet access, right? so what can you do?
RAMMANN said:
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Click to expand...
Click to collapse
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Of course you can't get 100% security and I don't think that's what we're saying, but there is a lot you can do.
Take for example internet access which is the biggest worry I have. The only reason most apps request internet access is to support ads. I now have a choice to make, don't use the app or trust it. That simple, no other choice.
If I installed an app that serves ads but did not have internet access, then the only way that app can get information off my phone is to use exploits and I'm a lot more comfortable knowing that some miscreant needs to understand that than the current situation where some script kiddy can hoover up my contacts.
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
I absolutely agree with you on Apple, one of the main reasons that I chose a Desire instead of an iPhone, but the Android approach is too far the other way IMHO.
Just my tuppence, in a hopeless cause of imagining someone at Google paying attention and thinking you know what, it is an accident waiting to happen.
marty1976 said:
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Click to expand...
Click to collapse
Well, so why did a tethering app once make it into the appstore?
Also I think there are many possibilities for an app to behave normal, and just start some bad activity after some time. Wait a couple months until the app is spread around and then bang. Or remotely launch some action initiated through push notifications etc.
If there is interest, then there is always a way....
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
I agree that a seperate permission for ads would be a good thing.
But there are still many apps which need your location, contacts, internet access.... all the social media things nowadays. And this is where the whole thing will be going to so I think in the future it will be even harder to differenciate.
Getting back on topic: I just read that Windows 7 Phone will get updates and patches like desktop windows. That means patchday once a month plus when urgency is high...
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
But, how do you distinguish them? Today, (as a developer) I can use any ad-provider I want. In order to distinguish ads from general internet access, the OS would need one of:
A Google-defined ad interface, which stifles "creativity" in ad design. Developers would simply ignore it and do what they do now as soon as their preferred ad-provider didn't want to support the "official" ad system or provided some improvement by doing so.
An OS update to support every new ad-provider (yuck^2).
Every ad-provider would have to go through a Google whitelist that was looked up on the fly (increased traffic, and all ads are now "visible" to Google whether Google is involved in the transaction or not). This would also make ad-blocking apps harder to implement since Google's whitelisting API might not behave if the whitelist was unavailable. On the upside, it would make ad-blocking in custom ROMs be trivial.
Even if Google did one of these things, it still wouldn't provide any real increase in privacy or security. The "ad service" would still need to deliver a payload from the app to the service (in order to select ads) and another from the service to the app (the ad content). Such a mechanism could be trivially exploited to do anything that simple HTTP access could provide.
http://code.google.com/p/android/issues/list
issues submitted are reviewed by google employed techs... they tell you if you messed up and caused the issue or if the issue will be fixed in a future release or whatever info they find.
probably not the best way to handle it but its better then nothing.
twztdwyz said:
http://code.google.com/p/android/issues/list
Click to expand...
Click to collapse
Knew that bug tracker, but the free tagging aka labels isn't the best idea IMHO.
You can't search for a specific release, for example...
twztdwyz said:
probably not the best way to handle it but its better then nothing.
Click to expand...
Click to collapse
Ack, but I think Google can do _much_ better...
Two more things to have in mind:
1. I doubt that many Android users bother much about what permissions they give to an app.
2. Using Google to sync your contacts and calendar (and who knows what else), is a bad, bad idea.
http://forum.xda-developers.com/showthread.php?t=1453695
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Rayman96 said:
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Click to expand...
Click to collapse
sorry if i did hurt you. well i was a beta tester for the app. it did performed well for me, besides comodo is a reputed company after all and they are standing for free softwares.
I posted the links cause it contains all the details of the software, details about the company etc, i thought its better than i explain those details.
about double posting, the one i posted is in the general section is for all to see. The second is for my fellow lgp500 users, where i really belogs. i hope i am clear enough. no harm ment
Best free antivirus is your brain - never install app without good amount of comments about app.
AdvDretch said:
Best free antivirus is your brain - never install app without good amount of comments about app.
Click to expand...
Click to collapse
Who in this world has time to read all that? Have you ever tried to read Google’s conditions and policies while creating a Google account? Certainly the answer would be ‘NO’. Do you know that Google had 60 different policies that helped them to collect data from your personal Gmail and other Google apps? Now do you know that they had merged all these in to one policy?
Google will know more about you than your wife does. Everything across your screens will be integrated and tracked. Google noted that it collects information you provide, data from your usage, device information and location. Unique applications are also noted. Sure you can use Google’s dashboard and ad manager to cut things out, but this policy feels Big Brother-ish. Google is watching you as long as you are logged in. It’s also unclear whether this privacy policy move will be considered bundling in some way by regulators. This unified experience hook appears to be at least partially aimed at juicing Google+. Google responded with clarification: Google noted that it already has all that data, but it’s now integrating that information across products. It’s a change in how Google will use the data not what it collects. In other words, Google already knows more about you than your wife.( not my comment go read this.... http://m.zdnet.com/blog/btl/googles-new-privacy-policy-the-good-bad-scary/67893)
Now my question is whether Google is good or bad? Do you need Droidwall to defend your privacy? Or do you still believe in your Brain(better do not believe in brain but use it to think rationally)?
Conclusion: we need a new definition to “virus”...My contribution is Anything that steals your private data is a virus.( no flames needed, no harm meant...just my thought about the relevancy of protective apps like Droidwall, comodo, avg, etc. ...etc)
,do we realy need anti virus?,
algie17 said:
,do we realy need anti virus?,
Click to expand...
Click to collapse
You dont need one
Sent from my LG-P500 using XDA Premium App
josinpoul's mean run anti virus before creating Google account
And if too don't have anti virus then don't use Google. Josin your explanation is wrong. Brain and antivirus both useful.
No need for 2 topics about one thing but thanks for sharing!!!
http://ca.reuters.com/article/technologyNews/idCATRE81N1T120120224
By Jim Finkle
BOSTON (Reuters) - Cybersecurity experts have uncovered a flaw in a component of the operating system of Google Inc's widely used Android smartphone that they say hackers can exploit to gain control of the devices.
Researchers at startup cybersecurity firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user's phone carrier. The message urges the recipient to click on a link, which if done infects the device.
At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike's claim.
Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents.
He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
"With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices," said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike. Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple's App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple's iPhone by sending malicious code embedded in text messages that was invisible to the phone's user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1.
Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google.
CrowdStrike's method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system's Web browser.
Webkit is also incorporated into other software programs, including Google's Chrome browser and the Apple iOS operating system for the iPhone and iPad.
CrowdStrike said it had not attempted to create software to attack iOS devices or the Chrome browser.
Ok, now a group of hackers control 500000000 devices... an antivirus will slow the phone down more than a hacker trying to run a phone from another continent over your 2G network... just think about it... how can your screen be monitored over 3G in real-time? It can't be done on my 5Mbps PC...
And if you turn data off, then 1GB of data will be sent to google when you turn it on??? Think logic...(where the f**k do you store that??? I think the effect will be noticed right away, and the attacker has no time to take control, unless you are stupid enough to see a 1GB file and not suspect anything...) PCs have real-time protection, but that is because there are terrible threats out there, and they are optimized, they don't slow down... on your phone, you will regret having a phone for 2 years running like **** and then dropping in water, while you could have best performance in those 2 years...
We are not windows, but we are android, and it is the most unsafe mobile OS, if you want a safe one, get from apple... just 2x price at ½ quality...
Sent from my LG-P500
well i use avast antivirus
but not for scanning viruses
but rather for anti-theft feature and firewall(blocking apps)
and isnt android a java based OS ??
im sure there are not many virus's
that can cause heavy damage
Hello guys,
are you one of the android developers pissed off by piracy?
I have about 4000 active illegal users (70%), but my app is without any security checks.
Have you found a solution? I gave up on google security checks, it was too easy to hack. There is something more secure?
I've done a lot of research, but I am searching also for some real experience by xda users.
Thank you!
Well, if you chose to implement in-app purchasing, then I suppose that might solve your problem.
taomorpheus said:
Hello guys,
are you one of the android developers pissed off by piracy?
I have about 4000 active illegal users (70%), but my app is without any security checks.
Have you found a solution? I gave up on google security checks, it was too easy to hack. There is something more secure?
I've done a lot of research, but I am searching also for some real experience by xda users.
Thank you!
Click to expand...
Click to collapse
If you have your own server you could crosscheck the user's google account with your purchase list.
Do it hidden, in multiple places and act delayed if you find out about a pirated version, then it's really hard to crack.
If you talk about your facebook app you could be kinda bad mannered and post that they are using an illegal app on their wall
Of course you'd have to be absolutely sure then
octobclrnts said:
Well, if you chose to implement in-app purchasing, then I suppose that might solve your problem.
Click to expand...
Click to collapse
I can't because a lot of people have already purchased the app in the classic way!
superkoal said:
If you have your own server you could crosscheck the user's google account with your purchase list.
Do it hidden, in multiple places and act delayed if you find out about a pirated version, then it's really hard to crack.
If you talk about your facebook app you could be kinda bad mannered and post that they are using an illegal app on their wall
Of course you'd have to be absolutely sure then
Click to expand...
Click to collapse
Actually this is a really cool idea, can I access to my google account using google api?
superkoal said:
If you have your own server you could crosscheck the user's google account with your purchase list.
Do it hidden, in multiple places and act delayed if you find out about a pirated version, then it's really hard to crack.
If you talk about your facebook app you could be kinda bad mannered and post that they are using an illegal app on their wall
Of course you'd have to be absolutely sure then
Click to expand...
Click to collapse
I like this.
taomorpheus said:
Actually this is a really cool idea, can I access to my google account using google api?
Click to expand...
Click to collapse
Have a look at this:
http://stackoverflow.com/questions/2245545/accessing-google-account-id-username-via-android
superkoal said:
Have a look at this:
http://stackoverflow.com/questions/2245545/accessing-google-account-id-username-via-android
Click to expand...
Click to collapse
My Kaspersky Anti-Virus programm says that it is a fishing site.
However, it is STACKOVERFLOW!!!
nikwen said:
My Kaspersky Anti-Virus programm says that it is a fishing site.
However, it is STACKOVERFLOW!!!
Click to expand...
Click to collapse
Kaspersky :silly:
taomorpheus said:
I can't because a lot of people have already purchased the app in the classic way!
Click to expand...
Click to collapse
Sent
In my opinion, create some sort of pop up that says "Attention pirated user, I'm glad you love my app as much as I loved making it, but I need to make money off of it. Please officially purchase this app "
Then have an In app purchase option in the pop up. This would make me want to purchase the app if I pirated it. I don't really believe that fighting piracy with DRM does anything but cause harm. You should just try and make the pirated users feel bad and encourage them to buy the app.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
v3nturetheworld said:
Sent
In my opinion, create some sort of pop up that says "Attention pirated user, I'm glad you love my app as much as I loved making it, but I need to make money off of it. Please officially purchase this app "
Then have an In app purchase option in the pop up. This would make me want to purchase the app if I pirated it. I don't really believe that fighting piracy with DRM does anything but cause harm. You should just try and make the pirated users feel bad and encourage them to buy the app.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Ahah yeah that's a good solution!
I've noticed that most of the pirated users come from Burma, where google play doesn't work. So I think that I will leave the app in this way and create another pro version for the nations that have google play issues!
But... how about implementing a solution like ROM Manager does? I mean, with a separate app and a pirate popup as suggested above? I'm clueless on what technology use to create a licensing APK, but it would be easier even for those people that haven't got Play Store, maybe
Tiwiz
I guess the main app checks if the Lisence app is installed and if installed it checks the key from a database of the license app and checks for the validity of Lisence on the cloud
Sent from my GT-S5302 using Tapatalk 2
Hit Thanx Button if i helped you!
taomorpheus said:
Have you found a solution? I gave up on google security checks, it was too easy to hack. There is something more secure?
Click to expand...
Click to collapse
Piracy is a "fact of life" for software. And most anti-piracy measures tend to hurt legitimate paid customers (and the dev) more than the pirates.
If you have a good, useful app, those guys in China can hack almost anything. (No offense to China; no Play there, lower income and an anti-IP culture.)
There are a FEW successful devs who have gone to extra-ordinary lengths at the JNI level. I tested, but never turned any JNI anti-hacking code on, because with thousands of paid users on many weird phones and ROMs, I felt it would break for enough people to not be worth it.
If you have an app that needs a server connection, or data updates, and you have some kind of independent registration system, you have a chance too. But that can be a lot of work.
I'd rather spend my time making my app better and supporting customers. My app price is higher than many would like (but I have virtually no paid competition). And because my app is support intensive, I've taken the view that I'm selling support and convenient updates, not an app, so much.
I mostly verify people are customers before supporting them, do as good a job as I can, get good reviews, and people see there is value there for their money. And yes, I get tons of support requests from pirates. Some of them I've converted to customers.
And... regular updates to an app provides value. If pirates want the latest, they keep having to go look for it. (Or do I recall some pirate update service ?) Updates via Play are easy and that ease has value.
All the above said, I do get angry from time to time, mostly at people stealing my time IE support. And the idea of finding a highly effective anti-piracy measure is fascinating.
But almost none of us is without some sin in our life regarding music, movies or software downloading... So I think it's good to consider the pirates' perspectives. Effective antipiracy definitely drastically reduces the user base and the Internet knowledge base and familiarity, and its' questionable as to how much revenue might increase, if at all.
IE, piracy can be seen as free advertising, and an opportunity to show some pirates there are valid reasons why going legitimate might benefit them, or even reduce their guilt level. I've had a few people buy my app and apologize...
mikereidis said:
Piracy is a "fact of life" for software. And most anti-piracy measures tend to hurt legitimate paid customers (and the dev) more than the pirates.
If you have a good, useful app, those guys in China can hack almost anything. (No offense to China; no Play there, lower income and an anti-IP culture.)
There are a FEW successful devs who have gone to extra-ordinary lengths at the JNI level. I tested, but never turned any JNI anti-hacking code on, because with thousands of paid users on many weird phones and ROMs, I felt it would break for enough people to not be worth it.
If you have an app that needs a server connection, or data updates, and you have some kind of independent registration system, you have a chance too. But that can be a lot of work.
I'd rather spend my time making my app better and supporting customers. My app price is higher than many would like (but I have virtually no paid competition). And because my app is support intensive, I've taken the view that I'm selling support and convenient updates, not an app, so much.
I mostly verify people are customers before supporting them, do as good a job as I can, get good reviews, and people see there is value there for their money. And yes, I get tons of support requests from pirates. Some of them I've converted to customers.
And... regular updates to an app provides value. If pirates want the latest, they keep having to go look for it. (Or do I recall some pirate update service ?) Updates via Play are easy and that ease has value.
All the above said, I do get angry from time to time, mostly at people stealing my time IE support. And the idea of finding a highly effective anti-piracy measure is fascinating.
But almost none of us is without some sin in our life regarding music, movies or software downloading... So I think it's good to consider the pirates' perspectives. Effective antipiracy definitely drastically reduces the user base and the Internet knowledge base and familiarity, and its' questionable as to how much revenue might increase, if at all.
IE, piracy can be seen as free advertising, and an opportunity to show some pirates there are valid reasons why going legitimate might benefit them, or even reduce their guilt level. I've had a few people buy my app and apologize...
Click to expand...
Click to collapse
Well, this is my philosophy. I usually reply to all emails, build the app around the feedback from the community and try to fix all the issues. This permits to create a loyal group of users, and it's the reason why apps like Facebook Home are hated so much: they talk about building apps around people, but for them people is the product, so it's a fail from the beginning
After some considerations I have abandoned the idea to build an antipiracy system, the reason is in part related to your thoughts but also because the 60-70% of pirated versions come from nations like Burma, indonesia, etc etc. So I don't feel that someone is stealing, google play can't provide a service, so people react. The good thing is that despite the lack of a service, they try to use my apps, so that's good, right?
So, at the conclusion, the best antipiracy system is to not use an antipiracy system. Clearly it will be hard to be supported only by paying customers, but the majority accepts some ads if the product is good ( the important thing is to not include spammy and intrusive services, one banner or a full screen on time a day is sufficient).
Thank you for this reply, it's really important to know that there are good developers around! :highfive:
Have you tried google licensing?
taomorpheus said:
Hello guys,
are you one of the android developers pissed off by piracy?
I have about 4000 active illegal users (70%), but my app is without any security checks.
Have you found a solution? I gave up on google security checks, it was too easy to hack. There is something more secure?
I've done a lot of research, but I am searching also for some real experience by xda users.
Thank you!
Click to expand...
Click to collapse
Hi,
I am new to android development but I've read about google licensing services which checks for user account whether the app is actually purchased from that particular account associated with the user. If authentication fails then user gets a blocking dialog to either exit the app or purchase it from play store.
dbroid said:
Hi,
I am new to android development but I've read about google licensing services which checks for user account whether the app is actually purchased from that particular account associated with the user. If authentication fails then user gets a blocking dialog to either exit the app or purchase it from play store.
Click to expand...
Click to collapse
Cracker can easily remove IF and your won't ask to buy it.
There should be VMProtect or Themida like tool for android
GR0S said:
Cracker can easily remove IF and your won't ask to buy it.
There should be VMProtect or Themida like tool for android
Click to expand...
Click to collapse
It was hacked not long after its launch.
http://www.androidpolice.com/2010/0...on-easily-circumvented-will-not-stop-pirates/
taomorpheus said:
After some considerations I have abandoned the idea to build an antipiracy system, the reason is in part related to your thoughts but also because the 60-70% of pirated versions come from nations like Burma, indonesia, etc etc. So I don't feel that someone is stealing, google play can't provide a service, so people react. The good thing is that despite the lack of a service, they try to use my apps, so that's good, right?
Click to expand...
Click to collapse
Yes. Most pirates can't afford the app or wouldn't buy it anyway. I also think that many pirates and those who felt "forced" to buy a protected app are bad customers. They will spread their bad feelings about the app and the "greedy dev".
And many have a sense of entitlement, so they make demands, expect lots of support, complain and write bad reviews. They project their own faults on others, and always assume others are trying to rip THEM off. Some have told me they were "testing" my app, because they were worried about getting ripped off if it didn't work (despite my free version and anytime cancel policy).
Better not to have such customers. These are the same people who think they are more important than everybody else and cheat in traffic and lineups etc.
taomorpheus said:
So, at the conclusion, the best antipiracy system is to not use an antipiracy system. Clearly it will be hard to be supported only by paying customers, but the majority accepts some ads if the product is good ( the important thing is to not include spammy and intrusive services, one banner or a full screen on time a day is sufficient).
Thank you for this reply, it's really important to know that there are good developers around! :highfive:
Click to expand...
Click to collapse
For most of us small devs, yes. Things may be different for certain apps, such as those that need a backend server, and for multi-person companies.
You can also promote that your app is "DRM free". That's definitely a plus, especially to custom ROM users who may avoid using Google Play.
I tried ads for a few months in 2011. The "CPM" rates started good, but quickly dropped to almost nothing. I think it's very hard to make money from ads, unless your app has a million users, and they are more "average" people who might click on the ads, accidentally or not.
I think it's usually better to raise app price as high as you can. I experimented a lot for many months between $1 and $10, usually keeping price constant for at least 2-3 weeks. I, and some others, have found that total income remains somewhat constant no matter what the price, LOL.
Now I've left price at the high end, so I can provide the best support possible, by limiting sales quantity. Some people think we should "make it up in volume", but that's a self-serving wish of the person who wants it cheaper. High volume might be viable if you provide zero technical support though.
What I'd say in terms of pirate stuff is to not try too hard on the software level (though I might write a guide on a few useful methods and pieces of code to prevent the usual circumvention methods) but on the upload level. When you release a new version, wait a couple of days and then search for a pirate version of your app. If you find one, report it, they're usually down in about 5 minutes. The more often you do this, the more likely people are to search, find all the links are "dead" and then just think "stuff it, I'll just buy it". However, this will only work on people who can buy it and are using pirate versions because they wish to, not because they have to
Quinny899 said:
What I'd say in terms of pirate stuff is to not try too hard on the software level (though I might write a guide on a few useful methods and pieces of code to prevent the usual circumvention methods) but on the upload level. When you release a new version, wait a couple of days and then search for a pirate version of your app. If you find one, report it, they're usually down in about 5 minutes. The more often you do this, the more likely people are to search, find all the links are "dead" and then just think "stuff it, I'll just buy it". However, this will only work on people who can buy it and are using pirate versions because they wish to, not because they have to
Click to expand...
Click to collapse
Because they'd PREFER not to spend money, if possible. In most areas of life, that's what most of us do.
Last I looked, this was the best Android cracking site: http://androidcracking.blogspot.ca/ . I read everything there twice before I started experimenting with protection code. If nothing else, it gives a glimpse of how hard it is to protect a popular app well.
I sent DMCA takedown requests to a few sites some time ago, but it's an endless task, and IMO not worth it, unless your app is VERY niche/has relatively few users. I've been "honored" to have my app included in several Torrents full of Android apps. Some of those Torrents are updated regularly.
I will still notify XDA admins if there's a link or offending ROM on XDA. XDA mods take it seriously.
Some companies will put out their own "pirate" fake or crippled versions of movies, and app devs could do the same. Perhaps have endless popups offering to buy the app legitimately. I personally wouldn't bother (at this time) but it could work. I agree that making piracy a hassle may improve sales a bit.
LOL, I just re-looked and see 3 on isohunt that are my app alone, but they are older. If I have time for "fun" later this year I should (1) start my own torrents, (2) collect IP addresses, and... I dunno; don't seriously want to be a copyright troll; rather design & develop.
Hi I know this sounds out there, but late last year it was discovered that some Chinese smartphones are spying on users. The only other reason is with my phone I noticed (could be a GPS issue) that my pictures with GeoLocation were showing as being in China, except using gps apps such as Google Maps showed the correct location. I'm not sure how this would occur. Has anyone experienced this same thing?
http://www.theepochtimes.com/n3/174...lled-on-lenovo-huawei-and-xiaomi-smartphones/
Yea it happens, but it doesnt matter too much. Im pretty sure the app is called Teleyphone. Its a call monitor app that runs in the background and records calls. People really worry too much about the whole spying thing and security risks. There was an article i read in recent memory about some journalist gone crazy and he wrote an article titled something like, All phones arent secure, only buy Google, samsung and apple phones. Its really not a big deal. What do you really call your friends about even if they were spying on you? Im pretty sure if u ask ur friend to eat at red robin the chinese wont meet you there.
davoidd said:
Hi I know this sounds out there, but late last year it was discovered that some Chinese smartphones are spying on users. The only other reason is with my phone I noticed (could be a GPS issue) that my pictures with GeoLocation were showing as being in China, except using gps apps such as Google Maps showed the correct location. I'm not sure how this would occur. Has anyone experienced this same thing?
Click to expand...
Click to collapse
the problem that the article is pointing out is because those phone aren't officialy available outside of china (Xiaomi ie) and the resellers often installed adaware and malwares before shipping the phones to the customers, if you imported the phone it's better to flash the phone so you're 100% sure that it's ok
That's a pretty layman's article.... Different roms are flashed for different distributions of the same phone. Not to mention you could quite easily unlock the bootloader and flash a custom rom that doesn't have whatever spyware people think is on the phone.
Also if this was the case, every single person on here would pretty much be using a custom rom...