How to block updates via Router - Fire General

Access your router’s parental control settings and block the following four domains:
REQUIRED: amzdigital-a.akamaihd.net
REQUIRED: amzdigitaldownloads.edgesuite.net
OPTIONAL: softwareupdates.amazon.com
OPTIONAL: updates.amazon.com
The first two domains listed are the most important ones to block and the only ones required. These are the
domains where the update file is downloaded from. With only these domains blocked, your Fire TV will be able to determine that an update is available, but will not be able to download the update. The third and fourth domains are used by the Fire TV to determine if an update is available.
Every router’s parental control settings are different, so I can’t guide you on specifically how to block domains using your router. If you’re unsure how to do it, check your router’s manual or search the internet for instructions for your specific router model.
To test if your router can block HTTPS requests, set it up to block the above domains and then try downloading this file.
https://amzdigital-a.akamaihd.net/obfuscated-otav3-8/15a759f96bc19f1b349797e698b39919/update-kindle-bueller-51.5.3.7_user_537174420.bin
If the download fails, then your router can block HTTPS requests.

this is great till you connection to a different network...
Sent from my XT1254 using XDA Labs

sd_shadow said:
this is great till you connection to a different network...
Click to expand...
Click to collapse
Or Amazons changes the distribution servers which has happened before. Oh, they don't announce in advance either.

sd_shadow said:
this is great till you connection to a different network...
Click to expand...
Click to collapse
Why/when would you do that?
Davey126 said:
Or Amazons changes the distribution servers which has happened before. Oh, they don't announce in advance either.
Click to expand...
Click to collapse
How many times does that happen?
---------- Post added at 02:55 PM ---------- Previous post was at 02:50 PM ----------
There is a much easier way. Courtesy of a member over at DSL Reports DocDrew;
Once you enable "Local DNS" under the DNSmasq config section, the router will issue end devices a DNS server of 192.168.100.1 (you may have to restart the device for it to pull the new IPs). Then the router will forward the DNS queries from end devices to any server you specify in Static DNS entries in the router like the OpenDNS IPs you entered. DNSmasq will also perform any commands you happen to enter in the "Additional DNSmasq options" box.
If you enter following into the "Additional DNSmasq options" box, those addresses should be redirected to 127.0.0.1:
address=/amzdigital-a.akamaihd.net/127.0.0.1
address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
address=/softwareupdates.amazon.com/127.0.0.1
address=/updates.amazon.com/127.0.0.1
This is all predicated on the end devices using the DNS IPs you issue them and aren't using something internal. This will block the lookup of the proper IPs so it works with all protocols, HTTP, HTTPS, FTP, etc.
Click to expand...
Click to collapse
This DOES work!

casey-jones said:
Why/when would you do that?
Click to expand...
Click to collapse
Right you never go anywhere.
How many times does that happen?
Click to expand...
Click to collapse
It's happened a few times, no known pattern.
---------- Post added at 02:55 PM ---------- Previous post was at 02:50 PM ----------
There is a much easier way. Courtesy of a member over at DSL Reports DocDrew;
This DOES work!
Click to expand...
Click to collapse
till it doesn't.
Sent from my sailfish using XDA Labs

casey-jones said:
Why/when would you do that?
Click to expand...
Click to collapse
Ha! I have seen similar arguments in the past...usually followed in a few months by a whiny post bemoaning an unwanted OTA update that either bricked the device, jumped to an unrootable build or otherwise screwed the pooch. Reason: 1) Amazon added/balanced/changed distribution servers; 2) device inadvertently connected to an unprotected network; or 3) cheap consumer grade router didn't do what it was suppose to. If you want to go the URL/IP block route at least use a software firewall (must be VPN based) so the condom is always on if your Fire buddy gets friendly with a different network. Better yet, restrict network access to the components responsible for processing OTA updates. Blocking DeviceSoftwareOTA.apk is usually sufficient although Amazon may eventually get wise to the approach. That said, renaming or blocking access to this pup has worked for many XDA members over the past 4 years on multiple generations of Fire gizmos.
As always the best protection is a layered approach. Do both and sleep easy at night.
No disrespect to DocDrew over at DSL Reports; dude has 10K+ posts since 2009. That's a lot! Just not sure blocking Amazon OTA updates is an area of expertise.

sd_shadow said:
Right you never go anywhere..
Click to expand...
Click to collapse
I don't, not everyone does. Bad assumption!
Besides when /if I did, I surely wouldn't take that along with me.
---------- Post added at 08:56 AM ---------- Previous post was at 08:49 AM ----------
Davey126 said:
2) device inadvertently connected to an unprotected network; or 3) cheap consumer grade router didn't do what it was suppose to.
Click to expand...
Click to collapse
If this is hardwired to my Network, how can it connect to a "unprotected Network"? If you are talking about Wireless, I don't do wireless, especially for something as this.
As to a "cheap consumer grade" Router, unless it's a commercial, rack mount model, what isn't "consumer grade"??
I just posted that for two reasons;
1. That older methods, I couldn't get them to work and/or it was too complicated,
2. It worked and it was easy to do.
I understand your arguments, but if the process, number of steps and complexity is too great, that isn't the solution either. Not everyone is a IT expert.
Adding to the problem is the enormous number of unnecessary abbreviations, many of which are not even documented (in the same document) to what they stand for forcing additional wasted time searching for the meaning..

casey-jones said:
I understand your arguments, but if the process, number of steps and complexity is too great, that isn't the solution either. Not everyone is a IT expert.
Adding to the problem is the enormous number of unnecessary abbreviations, many of which are not even documented (in the same document) to what they stand for forcing additional wasted time searching for the meaning..
Click to expand...
Click to collapse
Sure - you're comfortable mucking with the DNSmasq section of your router using a template loaded "unnecessary abbreviations" vs installing an app, checking a box and walking away. That's fine; I get it.

Ok, thrill me, one 'one' application are you talking about that only requires checking a single box stops updates?????

casey-jones said:
Ok, thrill me, one 'one' application are you talking about that only requires checking a single box stops updates?????
Click to expand...
Click to collapse
I use the pro version of AdGuard which is marketed as an ad blocker but serves as a general purpose VPN based software firewall. Blocking OTA updates involves unticking the box that permits network access to DeviceSoftwareOTA.apk. There are other android VPNs that are similarly easy to configure.
Keep in mind the standard disclaimer for any OTA blocking technique (yours, mine, anyones) short of full network isolation: the targeted apps, IPs, services, URLs, etc can change at anytime rendering the blocks useless. On-device blocks have typically been more effective but individual situations vary. Layered protection offers extra assurance.
Good luck with whatever approach you opt to take.

Davey126 said:
I use the pro version of AdGuard which is marketed as an ad blocker but serves as a general purpose VPN based software firewall. Blocking OTA updates involves unticking the box that permits network access to DeviceSoftwareOTA.apk. There are other android VPNs that are similarly easy to configure.
Keep in mind the standard disclaimer for any OTA blocking technique (yours, mine, anyones) short of full network isolation: the targeted apps, IPs, services, URLs, etc can change at anytime rendering the blocks useless. On-device blocks have typically been more effective but individual situations vary. Layered protection offers extra assurance.
Good luck with whatever approach you opt to take.
Click to expand...
Click to collapse
Does blocking ota updates work at this point? I recently got a fire stick and it would not let me proceed at all without running there long series of updates.

danknasty said:
Does blocking ota updates work at this point? I recently got a fire stick and it would not let me proceed at all without running there long series of updates.
Click to expand...
Click to collapse
Same disclaimers as noted in the post you quoted. Also contingent on the version of FireOS on the target device which in turn dictates what tools/techniques are applicable. Blocking updates at the router level works provided you have the right IPs/URLs which are constantly shifting.

Davey126 said:
Same disclaimers as noted in the post you quoted. Also contingent on the version of FireOS on the target device which in turn dictates what tools/techniques are applicable. Blocking updates at the router level works provided you have the right IPs/URLs which are constantly shifting.
Click to expand...
Click to collapse
I'm familiar with blocking at the router level and have been doing so successfully for years which is why I brought up this question as it is a nuance of the fire stick I just received. Is it possible amazon will not let you register a new device until updates are allowed? This may only effect newly released fire sticks (maybe a revision) as I tried repeatedly going out and back in and it would not let me proceed without unblocking the servers. I understand that once you have an older device that has already been registered and the updates are blocked they will likely stay blocked (at least for now) but I am referring to a brand new device.

danknasty said:
I'm familiar with blocking at the router level and have been doing so successfully for years which is why I brought up this question as it is a nuance of the fire stick I just received. Is it possible amazon will not let you register a new device until updates are allowed? This may only effect newly released fire sticks (maybe a revision) as I tried repeatedly going out and back in and it would not let me proceed without unblocking the servers. I understand that once you have an older device that has already been registered and the updates are blocked they will likely stay blocked (at least for now) but I am referring to a brand new device.
Click to expand...
Click to collapse
Possibly; haven't heard of that here (yet) but most Fire tablet users aren't attempt to block OTA updates prior to initializing the device. Probably best to ask in the FTVS threads (here).

Davey126 said:
Possibly; haven't heard of that here (yet) but most Fire tablet users aren't attempt to block OTA updates prior to initializing the device. Probably best to ask in the FTVS threads (here).
Click to expand...
Click to collapse
Yea i'll check it out over there figured this may be something effecting all amazon devices accross the board.

Related

T-Mobile and Tethering

TMoNews is reporting that they've received word that T-Mo will stop allowing tethering of devices. It hasn't been officially announced, but they received an anonymous tip today about it.
Do any of the U.S. carrier allow it?
How will they know if we're tethering? Correct me if I'm wrong, but I don't see this impacting any of us who are rooted.
If it hasn't been officially announced, and just from a so called "anonymous" source, I wouldnt worry about it.
phatmanxxl said:
If it hasn't been officially announced, and just from a so called "anonymous" source, I wouldnt worry about it.
Click to expand...
Click to collapse
Yeah, hopefully it's just a rumor. Who knows?
We'll find out soon enough I guess.
uansari1 said:
How will they know if we're tethering? Correct me if I'm wrong, but I don't see this impacting any of us who are rooted.
Click to expand...
Click to collapse
Not really sure if this applies or not, but ...
http://blogs.zdnet.com/projectfailures/?p=1078
uansari1 said:
How will they know if we're tethering? Correct me if I'm wrong, but I don't see this impacting any of us who are rooted.
Click to expand...
Click to collapse
Deep packet inspection can see the user agent in http headers. That's the quickest and most direct tipoff. Performing UA spoofing should be enough to bypass.
blueheeler said:
Not really sure if this applies or not, but ...
Click to expand...
Click to collapse
It does not apply at all, because apps allowing tethering over 2G/3G were removed from the Market a while ago. The "killswitch" cannot remove applications not installed by the Android Market (e.g. preloaded in a "ROM" or installed from sdcard, etc).
jashsu said:
Deep packet inspection can see the user agent in http headers. That's the quickest and most direct tipoff. Performing UA spoofing should be enough to bypass.
Click to expand...
Click to collapse
You know the kind of resources they would have to apply to checking each user running an android device to see if they're tethering? There have been hundreds of thousands of android devices sold on TMO alone, and even if 25% of those are rooted, thats a hell of a lot of people to monitor 24/7.
kusotare said:
You know the kind of resources they would have to apply to checking each user running an android device to see if they're tethering? There have been hundreds of thousands of android devices sold on TMO alone, and even if 25% of those are rooted, thats a hell of a lot of people to monitor 24/7.
Click to expand...
Click to collapse
I doubt they care if a subscriber using 100MB/month (or even 1GB/month) is tethering. But for those consistently reaching the 10GB cap and then going over on EDGE... It's more likely they'll flag that account for packet inspection. All this is just speculation of course.
That said, the dedicated hardware to perform packet inspection exists and doing it for just the traffic generated by mobile devices is trivial. It's often referred to as "traffic shaping" hardware.
BTW root is not strictly required for tethering. PdaNET can perform tethering in userspace.
jashsu said:
Deep packet inspection can see the user agent in http headers. That's the quickest and most direct tipoff. Performing UA spoofing should be enough to bypass.
It does not apply at all, because apps allowing tethering over 2G/3G were removed from the Market a while ago. The "killswitch" cannot remove applications not installed by the Android Market (e.g. preloaded in a "ROM" or installed from sdcard, etc).
Click to expand...
Click to collapse
User agent means nothing and can't be used as a tipoff. Anybody can run a browser on their phone that has a custom user agent -- and this is actually quite LIKELY for a couple of reasons; 1) there are already several browsers with different user agents, 2) in order to access the "normal" pages, sometimes it is necessary to set a user agent like regular firefox, 3) some websites are intentionally hostile to non-MS browsers and filter browsers by user agent (even if other browsers will work perfectly/better).
Also, due to the nature of the device, other kinds of deep packet inspection can NOT be used to distinguish the network traffic as being due to tethering. Really, this is a regular (albeit very small) computer that can run all kinds of neat stuff.
lbcoder said:
User agent means nothing and can't be used as a tipoff. Anybody can run a browser on their phone that has a custom user agent -- and this is actually quite LIKELY for a couple of reasons; 1) there are already several browsers with different user agents, 2) in order to access the "normal" pages, sometimes it is necessary to set a user agent like regular firefox, 3) some websites are intentionally hostile to non-MS browsers and filter browsers by user agent (even if other browsers will work perfectly/better).
Also, due to the nature of the device, other kinds of deep packet inspection can NOT be used to distinguish the network traffic as being due to tethering. Really, this is a regular (albeit very small) computer that can run all kinds of neat stuff.
Click to expand...
Click to collapse
All very good points by lbcoder and Jashu
I agree here. And we need to understand that everything is cost vs. return driven.
Will the costs to implement any particular detection/prevention system go beyond the returns gained (actual or projected)?
What does TMO see as the impact of tether users? That's the real question. I can see that they want to eliminate the gross offenders that are trying to use tether as their primary internet connection rather than those of us using it for convenience.
Jashu has a good point, 1GB users will not likely see any action by TMO. I feel less than top 5 percent users or so will probably be looked at. To look at a larger population would be to costly. So, think about it if you fit in the top 3%, you might be a target for action.
lbcoder said:
Also, due to the nature of the device, other kinds of deep packet inspection can NOT be used to distinguish the network traffic as being due to tethering. Really, this is a regular (albeit very small) computer that can run all kinds of neat stuff.
Click to expand...
Click to collapse
I imagine they could guess with confidence I was tethering if they saw multiple gigs of access to hulu.com or 20 simultaneous connections to Giganews NNTPS.
But you're right on the part where smartphones basically are small computers. The whole notion of "tethering" will become more and more irrelevant as heavy bandwidth consuming activities are more and more natively done on the phone. To continue to offer tethering-specific plans seems like nothing more than a money grab at this point. The logical and honest way to penalize heavy network users is to either institute hard caps or bill in tiers. Carriers are just reluctant to do so because "unlimited" carries greater psychological emphasis.

How To Prevent Kindle Fire 6.2.1 Update

Posted this on Gizmodo last night - not sure if people would still find it useful.
http://gizmodo.com/5870339/how-to-keep-your-kindle-fire-rooted-and-update+free
Bascially: just install DroidWall and whitelist the applications you want to give access to. Even though I would rather do this for now, TWRP + 6.2.1 w/built in su does seem tempting though.
this has already been posted to the XDA forums....
http://forum.xda-developers.com/showpost.php?p=20599145&postcount=13
krelvinaz said:
this has already been posted to the XDA forums....
http://forum.xda-developers.com/showpost.php?p=20599145&postcount=13
Click to expand...
Click to collapse
I was the first one to post about it.
http://forum.xda-developers.com/showpost.php?p=20569169&postcount=221
My post count was too small to create a standalone post or insert URLs.
And actually, zirooo just copied and pasted my Gizmodo article, although he did include a helpful image.
You would have to block all amazon services including video, store, etc.
It might be easier to turn off the wifi.
LukeQr said:
You would have to block all amazon services including video, store, etc.
It might be easier to turn off the wifi.
Click to expand...
Click to collapse
Actually, you can selectively choose Video and Appstore. Enabling those did not cause the update to download.
The only way to know for sure would be to use the device for a couple days as many suggested blocks didn't show them selves to be ineffectual until a number of days went by.
Well here is why I think this one works for real:
Before installing DroidWall, the instant my Kindle would connect to Wi-fi, my bandwidth would spike to 600kbps (as per my Tomato router). There were no other applications that would be running, so I attributed that to the update. After installing DroidWall, the massive spike ceased.

[Guide] A little guide to security & privacy on Android - Update 01.08.15

A little intro:​I spent a lot of time with malware on windows and which apps/settings can actually protect you. By working with malware you also get a lot of background info on how people / companies / governments can steal your privacy from you and how to protect yourself against it. When I decided to care about all that, I noticed that a lot of "security forum experts for PCs" have no clue about Android and its risks although probably the same if not more data is stored on our phones than on our PCs. So I decided to do some background research, worked with Android malware and played around with the different ways and options that can protect your security & privacy.
When I am looking for a security setup then I want one that is reliable & easy-to-work-with but also lightweight on the system. I don't want my security setup to cripple down my system.
I have done similar guides for Windows and as I haven't seen anything likewise for Android I thought I would give it a go.
What can you do to protect your security & privacy:​Security - Firewall: To block incoming / outcoming traffic per app or per IP/DNS/Port. Can drain the battery and be a pain to configure on Android.
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Security - SuperSU: To actively manage which apps will get "unlimited" root access.
Security - Password manager: Use a password manager for all your passwords. Built in password managers (e.g. browser, ftp, mail ,etc) aren't really a save solution (even with the so called "master password"). Apps like KeePass offer a lot more than just having all your passwords stored safely. It lets me open apps + automatic login with just 2 clicks (e.g. FTP, SSH, Mail, Browser,...). It let's me create unique password so that I won't be using the same password on all websites. And there is still a lot more.
Security & Privacy - DNS: Change the DNS-Server you use to something like NortonDNS which will protect you from malware/phishing sites as well as semi-bypass the tracking of browsing behavior by your phone/internet provider. The DNS provider/resolver that you use (usually your phone/internet provider) will transform the domain you want to access into the IP adress of the desired server (the one which hosts the website you want to visit). This means that what ever domain you are going to browse will be transmitted to your DNS provider... so choose one carefully ! Also the better the connection to your DNS provider is (and the better the providers connection to the world-wide-web is) the faster your domain requests will be processed.
Security & Privacy - VPN: An easy way for attackers in your network (especially open & free wifi's) to steal data from you are MITM (Man In The Middle) attacks. They can modify SSL certificates which means even using HTTPS might not always be safe or simply read your network activity (such as logins which includes accounts + password). By using a VPN all the traffic that leaves your device will be encrypted and routed directly to a safe receiver which means no one can interrupt your traffic and sniffs (read) it.
Security & Privacy - SSH-Tunnel: Using an SSH-Tunnel has pretty much the same effect as using a VPN but the difference is you have to configure each app that you want to use the SSH-Tunnel. I prefer this method on Windows as I can encrypt only the traffic of my browser/mail/communicator while playing games or other apps will use the non-encrypted (and often faster) internet connection. Sadly there is no app on Android that in my opinion works flawlessly as SSH-Tunnel client.
Security & Privacy - Adblockers: We all know adblockers. They block ads and trackers to protect your privacy and some of them (e.g. mdl-malwaredomainlist) also protect you from malware & phishing websites.
Privacy - App Ops: App Ops or similar apps let you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
Privacy - Android 5.x disable allowed certificates: Every website and every (good) app will have a certificate that Android and also AV's check online to see if the website/app is trustworthy. Out-of-the-box Android allows many questionable certificates from governments and companies that might sell their certificates to websites/app that are not so trustworthy. Since Android 5.x you can remove/add certificates to disallow governments or companies that sell their certificates to questionable websites/apps.
Privacy - Encrypt your phone: By encrypting your phone you ensure that no one who finds your phone will be easily able to read anything saved on your phone. Not even by entering the recovery mode. It may slow down the performance a bit and increase battery drain slightly, but for me (Nexus 6) I had no troubles so far.
You can make that list longer by using only secure apps for communication (e.g. encrypted chats with Telegram or using Firefox and add-ons such as HTTPS-Everywhere) but I think that is more advanced and takes away the freedom and choice of readers/users. So I will stop here as I think I have covered the basics and most important things.
Which setup should you choose?​Well first of all I recommend using only apps/services of companies that you can trust. E.g. companies that exist for a long time but haven’t done any questionable actions in the past. I have been a long-time-user of Comodo but looking at what Comodo has allowed itself in the past made me choose something different. On Android a good example are sms/call blockers. There are many options to choose from for example one is produced by a company named "NQ Security". Now do your google work and you will find some details that either makes you think of this company as trustworthy or not. Or maybe there are other companies with the same product which you would rather trust?
One thing to notice is that in the end your setup should cover most if not all aspects that I have mentioned above. Now you can either choose to use many different products (e.g. if they are free) or use on paid solution that covers everything at once. In any case, don't forget about stuff that might get installed but be useless to you. E.g. at some point I found my setup to have 3 different call blockers and 4 different sms blocker installed.
I have made a list of a few picks that I would recommend:
Must-Have​SuperSU / Rooted device (Click for Google play): 99% of all apps & configurations listed here will need your device to be rooted. Also SuperSU gives you a good overview about which apps have root access and is a good tool to configure those apps.
Override DNS (Click for Google play): It automatically changes the used DNS Server for 2G/3G/4G/WIFI to whatever you want (e.g. NortonDNS which has malware & phishing protection but also is one of the fastest DNS providers available world wide). Currently it is the only app that works with Android 5.x.
AdAway (Click for download link): Lets you block ads, tracking, malware and phishing sites. I recommend the standard sources + www.malwaredomainlist.com/hostslist/hosts.txt
App Ops (Click for Google play): App Ops lets you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
KeePass2Android online/offline (Click for Google play): KeePass2Android comes as two different apps that you can choose from in the GooglePlayStore. One supports online syncing via various services so that you can sync your password database on all your devices (Android, Windows, OSX, Linux, iOS,... ). The other option is called "KeePass2Android offline" which completely removes all features that would require an internet connection. The App doesn't even have permissions for internet connections ! If you don't know KeePass, it is one of the oldest password managers around. It is opensource, has a lot of plugins and the leightweight but feature rich app supports nearly every device & operating system. On Android you can even log into websites from the browser via KeePass2Android by clicking -> Share -> KeePass2Android -> Log into your database -> it will automatically get the right login data for the website you are currently browsing and pastes it into the login fields. My personal setup: KeePass2Android offline with another syncing/backup app that will sync my passwords via my own server. On my laptop I use KeePass with a plugin which replaces my browsers built-in password manager with KeePass.
GSP - Good Security Practice (Recommendations)​Disable untrusted certificates (Android 5.x) (Mozilla Firefox list of allowed certificates): Use a source you trust and check what certificates they usually allow in their software (e.g. Mozilla Firefox). Then check that with what is enabled in your Android's security settings and disable whatever Android has enabled but e.g. Mozilla Firefox doesn't.
A very recommended app is "Trust Manager (Click for Google play)" by Bluebox. It lists all certificates on the phone and sorts them by categories which makes it easy to disable all untrusted certificates within two clicks.
Encrypt your phone: Enable encryption of your Android device.
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
VPN if you use public WIFI: I also recommend the use of a VPN from a trustworthy VPN provider. They don't cost too much and improve your security & privacy on public wifi a lot. Avast offers a great VPN service. Actually their app makes their services superior to me comlared to other VPN providers and apps. You might want to try the Avast VPN 14-day-trial.
Firefox (HTTPS-Everywhere + Adblock Edge) > Chrome: Firefox seems to be the winner in terms of privacy and security. But on my system Chrome is a lot faster than Firefox.
TextSecure > Telegram > WhatsApp > Facebook: Telegram was my favorite choice until @muppetmania and @bmstrong informed me about flaws and trust issues with Telegram. Instead it is highly recommended to use TextSecure. It is available on iOS and Android. Feature wise it might not be as good as Telegram (e.g. missing desktop client for windows/osx/linux) but I believe that this is a fair trade for privacy.
The bottom line​
I tried to give a little overview of what kind of protection is available and what it does. I also added my choice of tools which will provide you with protection. It is up to you to decide whether it is useful in your case (based on your phone-behavior) and if you are willing to pay money for it or rather use free services. I will gladly help you with any questions or configuration/setup related things. Please let me know if you have any suggestion or corrections so that I can improve this thread !
Useful resources / links​
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
https://youtu.be/seNHe5oMquw
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/
https://securityinabox.org/en
http://www.infoworld.com/article/29...managers-for-pcs-macs-and-mobile-devices.html
https://www.reddit.com/r/trackers/comments/30xtk9/trackers_security_and_you/
AV tests & comparisons:
http://www.av-test.org/en/antivirus/mobile-devices/
http://www.av-comparatives.org/mobile-security/
Thanks to:
Yuki2718 @wilderssecurity.com for teaching me a few things
@bmstrong for useful links and suggestions
@muppetmania for pointing out flaws and trust issues with Telegram !
Changelog:
01.08.2015 - Removed Telegram and replaced it with TextSecure
28.06.2015 - Updated useful resources & links
08.06.2015 - Updated useful resources & links
06.06.15 - Added "Trust Manager" by Bluebox to quickly and easily disable a punch of root certificates. Also added Avast VPN app
22.05.15 - Added a good link/explenation on non-trustworthy certificates that are installed on mobile devices out of the box ( https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/ )
18.04.15 - Added ressources for AV tests and comparisons
07.04.15 - Added more useful resources & links
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
10.03.15 - Added useful resources & links
06.03.15 - Added "password managers" and "KeePass2Android online/offline" as recommended password manager
01.03.15 - Added a more detailed description of DNS and why you should care about it
28.01.15 - Fixed typos and grammar
zakazak said:
Changelog:
28.01.15 - Fixed typos and grammar
Click to expand...
Click to collapse
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
bmstrong said:
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
Click to expand...
Click to collapse
Thanks, I might add those later but I wanted to keep this guide as "easy" as possible so that every "normal" android user could increase his security and privacy with simple tools in a short time. E.g. yubikey is awesome and a very interesting topic but not very handy for the average guy?
01.03.15 - Added a more detailed description of DNS and why you should care about it.
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Good suggestion, I have a few more and will add both (your link) and my stuff to the thread
KeePass2Android offline + KeePass on desktop + syncing via own server = win !
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Aaaaand it's done ! Added password managers to the OP.
zakazak said:
Aaaaand it's done ! Added password managers to the OP.
Click to expand...
Click to collapse
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
bmstrong said:
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
Click to expand...
Click to collapse
bmstrong said:
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
Click to expand...
Click to collapse
Thanks ! I added all the links to the OP and mentioned you for giving such great feedback and suggestions
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
bmstrong said:
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
Click to expand...
Click to collapse
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
zakazak said:
10.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
Click to expand...
Click to collapse
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
bmstrong said:
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
Click to expand...
Click to collapse
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Utini said:
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Click to expand...
Click to collapse
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Cyclu said:
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Click to expand...
Click to collapse
You are right, XPrivacy seems to be a really nice tool but I haven't been able to try it myself (as it is not compatible with Android 5.x) which is the reason why I haven't added it to the list yet
I might give it a try on my Nexus 4 with Android KitKat !
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
bmstrong said:
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
Click to expand...
Click to collapse
Once again thanks for your input. I added them to the OP but I am still really busy with my job/reallife. I hope I can improve the OP soon.
Question about choices
Utini said:
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
Click to expand...
Click to collapse
Hi, I've been juggling this question for a few days now and I'm hoping you will have an answer to assist me. First, I have read your post and this is absolutely what I have been looking for for the past few weeks. Thanks has been given and I hope you keep this up. Second, I read the wildersecurity link but still do not have an answer to this question.
Why choose ESET Premium over BitDefender. Can you tell me what one offers that the other doesn't? I've been leaning to BitDefender only because I have and use an Android Wear device. Again, thank you for any assistance or time.

VPN and AFWall+

I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
No one?
Beefheart said:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
Click to expand...
Click to collapse
i have the exact same setup on all my devices, including shield tv, although ive only had to allow the openvpn app, wifi/data/vpn access for things to work, ive never had to allow androids vpn ........is their a specific reason you grant android vpn access?does it not work otherwise?
I use the other openvpn app, by the way
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Beefheart said:
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Click to expand...
Click to collapse
I just checked for you, and yes, its there, mind you, im using zulu's full rom, not sure about stock rom but as with all my devices, i havent needed to allow this for vpn to work.
Unless theres a specific reason to do so, try without on your current devices, i suspect, vpn networking may only apply if you use androids inbuilt vpn found in settings
Edit
By the way, i dont know how far you wanna take it, but afwall has tasker plugin support, which i use to apply an afwall profile, i named "secure", that denies everything when screen turns off......aswell as other things in the same vain
Edit
I do it a little differently then what youre link suggests, i only allow the bare minimum of apps, those that i actually need internet for.......if an app has internet capability, but i have no need for that side of it, its denied, i dont whitelist ALL apps for vpn as your link suggests
I also suspect that guide was written for privateinternets method of using vpn on android, so maybe vpn networking applies if using private internet, but as for my openvpn app, its not needed.......neither is "GPS"
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Beefheart said:
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Click to expand...
Click to collapse
Yep, ive said it before and ill say it again, the shields an impressive piece of kit for sure
Xprivacy.........snap
We seem to have a very similar setup........believe me, if you wanna take it further at some point in the future.......tasker.........although, fair warning, theres a learning curve
Just some of the more basic things i automate with tasker with plugins like afwalls
When screen goes off, tasker......
Turns off wifi/3g
Turns of bluetooth
Afwall secure profile
Greenify all preselected apps
turn off "unknown sources" for extra measure, as tasker turns this off after it detects an apk install anyway
Turn of "debugging", incase i turn it on one day out of need and forget to turn off
Media volume set to 4 edit:this ones a bit out of place
Aplly afwall profiles depending on what app you happen to be using
Many possibilities with tasker, VERY usefull for many things
Non security related....kinda......... could potentially be used for such if modified
I have a small bluetooth media remote which has the numbers 1 to ten, with tasker and xposed additions module, i fooled around with it, pressing 1 connects the shields bluetooth to the bedroom speakers, long pressing 1 connects to the living room speakers..........i can imagine my self doing some neat stuff with these combination of apps and future accesories
Also, i use it to turn the shields light led to dim to let me now at a glance if the shields on or asleep, without having to change the channel
food for thought for those with similar setups
Edit
By the way, you mention dns leak, i assume you used a test site to check for the leak, any chance of a link? Incase its something very new
This ones the one i use,
https://ipleak.net/
Detects webrtc leaks on the specific browser you happen to be using at the time
Edit
For those interested
More on webrtc here
https://www.privateinternetaccess.c...ome-and-mozilla-firefox-while-using-private-i
If you use firefox or chrome, you can disable manually following this guide
https://www.purevpn.com/blog/disable-webrtc-in-chrome-and-firefox-to-protect-anonymity/
I think there are addons aswell
Edit
"and not as restricted as I was lead to believe"
Yep, i had the same thoughts, just my own assumption really, that android tv was completely different, internally, to "standard" android , pleasantly surprised, no incompatibilities so far............................good to know that stock is like that too :good:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Beefheart said:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Click to expand...
Click to collapse
Im not sure i understand fully, afwall is not enabled? Or, afwall IS enabled, but your prefered profile is not "applied"?
On full android at least, afwall is enabled upon reboot i havent had any issues in that regard, (saw your other post) i dont need init.d script (usefull to have though, if/when possible)
Have you tried reverting all afwalls settings to default, to rule out that likely suspect
Another likely suspect, xprivacy, but that depends if you restrict everything like i do, including system apps , if so, have you checked xprivacies usage data for afwall and global apps?
Another suspect, could be stock firmware, but i have my doubts about that one
Assuming im understanding the issue correctly
Edit
I dont have "fix startup data leak" checked(as we dont have init.d), nor ipv6 support checked as your link described

Fire TV software update 5.2.1.0 is now rolling out!

Amazon has released yesterday a New software update 5.2.1.0, for all the FireTV units:
http://www.aftvnews.com/fire-tv-software-update-5-2-1-0-is-now-rolling-out/
Some FireTV users, are already complaining that some APPs like "HBO GO/HBO NOW" (if you have Kodi/SPMC installed), "Mouse-Toggle 1.04", "Wukong Remote 1.9.0EN" and "Firestopper" now do not work at all...
Fo Realz, has mentioned on www.aftvnews.com, that after the update he can’t use "HBO NOW", unless he uninstall Kodi... Because he always get the following message:
“For security reasons the following apps must be uninstalled to use this app: Kodi”
Luckily, KODI and SPMC are still working flawlessly!!
Others users, have noticed that it looks like Amazon has changed the FireOS Font, that now it looks a bit like “Trebuchet”... And that the Remote-Control, the Wifi-Direct version, got a new update too…
It is not known yet whether this 5.2.1.0 update is Rootable or not!
Someone who has received this 5.2.1.0 update, has noticed something new or any improvements?
I just got the update yesterday as well. Netflix doesn't load properly anymore, gets stuck at 99%. Amazon videos don't play they load the video and I just see like a screenshot of the video and it doesn't play. I've lost all audio. Tried resetting, clearing cache, data, reinstalling Netflix etc.
ulises.rodriguez said:
Amazon has released yesterday a New software update 5.2.1.0, for all the FireTV units:
http://www.aftvnews.com/fire-tv-software-update-5-2-1-0-is-now-rolling-out/
Some FireTV users, are already complaining that some APPs like "HBO GO/HBO NOW" (if you have Kodi/SPMC installed), "Mouse-Toggle 1.04", "Wukong Remote 1.9.0EN" and "Firestopper" now do not work at all...
Fo Realz, has mentioned on www.aftvnews.com, that after the update he can’t use "HBO NOW", unless he uninstall Kodi... Because he always get the following message:
“For security reasons the following apps must be uninstalled to use this app: Kodi”
Luckily, KODI and SPMC are still working flawlessly!!
Others users, have noticed that it looks like Amazon has changed the FireOS Font, that now it looks a bit like “Trebuchet”... And that the Remote-Control, the Wifi-Direct version, got a new update too…
It is not known yet whether this 5.2.1.0 update is Rootable or not!
Someone who has received this 5.2.1.0 update, has noticed something new or any improvements?
Click to expand...
Click to collapse
Did you get a chance to grab the URL for this? I can start tearing apart the update to see what changed.
I'm very sceptical about the comment on my site claiming that HBO Now won't work with Kodi installed. I have not received the update myself yet, but a reader I trust has received the 5.2.1.0 update on his Fire TV 1 and says he can launch HBO Now with Kodi installed and with Kodi running in the background. He does not have an HBO Now subscription, so it's possible the message only appears when you try to play content, but he said he does not receive a message when launching the app and going to the login screen.
Wukong Mouse mode is dead on Firestick after latest OS update
Xfinity TV does not allow clicking after the update. Mouse mode is DOA. Maybe something to do with the prompt that comes up stating . "You don't have a controller" when you bring up the TVGo app. BTW I have not 'rooted' my FireStick.
Surprised you took it seriously in the first place. Obvious troll is obvious.
There's also a comment that ADBFire doesn't work. Not believing that either.
AFTVnews.com said:
I'm very sceptical about the comment on my site claiming that HBO Now won't work with Kodi installed. I have not received the update myself yet, but a reader I trust has received the 5.2.1.0 update on his Fire TV 1 and says he can launch HBO Now with Kodi installed and with Kodi running in the background. He does not have an HBO Now subscription, so it's possible the message only appears when you try to play content, but he said he does not receive a message when launching the app and going to the login screen.
Click to expand...
Click to collapse
Claude Koch said:
Surprised you took it seriously in the first place. Obvious troll is obvious.
There's also a comment that ADBFire doesn't work. Not believing that either.
Click to expand...
Click to collapse
Well you never know. When the first couple comments started rolling in that 5.0.5.1 was removing FireStarter, my initial reaction was to assume it was a troll. I'm not going to go posting about something based on a comment or two, but I've learned my lesson to not dismiss anything entirely.
I'm curious... In theory, if I were to repack/recompile the Kodi APK into a different name and then installed on my Fire TV, would I survive an Amazon Kodi block if it were to happen? Is it really that simple to avoid a software block?
AFTVnews.com said:
Well you never know. When the first couple comments started rolling in that 5.0.5.1 was removing FireStarter, my initial reaction was to assume it was a troll. I'm not going to go posting about something based on a comment or two, but I've learned my lesson to not dismiss anything entirely.
Click to expand...
Click to collapse
Elias, I understand your point of view and that is precipitated taken as certain some news only based on one or two comments... But, there are many users complaining about Adb-Fire problems (that not allows applications sideloading anymore) and also problems with the Mouse-Toggle1.04 and Wukong-Remote1.9.0EN APPs, that Amazon might have changed something in this new 5.2.1.0 update.
Maybe as you already said in aftvnews.com, the issues trying to run HBO-GO or HBO-Now, with Kodi installed or running, could be "a troll comment meant to stir up concern with a false statement", however I am very worried because I'm starting to see more complaints about Netflix and Amazon Video, that are not working well after installing this update:
1 - When I watch a movie with Netflix, it don't load completely and gets stuck on 99%.
With Amazon-Videos, movie loads, but the video does not play, and does not have audio"
2 - "I am having amazon issues, and Netflix Issues stuck 99% and no audio"
3 - “Netflix doesn’t load properly anymore, gets stuck at 99%.
Amazon videos don’t play they load the video and I just see like a screenshot of the video and it doesn’t play.
I’ve lost all audio”
Since I still have not received this new 5.2.1.0 update, I would appreciate if you could contact some users who have received it, to ask if they have experienced these strange behaviors with Netflix/Amazon-Videos, and to also confirm issues with adbfire and the sideload of apps.
Thank you Elias, for your Excellent comments, your Great AFTVnews site and always help with all our requests!!
ulises.rodriguez said:
... But, there are many users complaining about Adb-Fire problems
Click to expand...
Click to collapse
adbFire worked for me on 5.2.1.0
trek70000 said:
I'm curious... In theory, if I were to repack/recompile the Kodi APK into a different name and then installed on my Fire TV, would I survive an Amazon Kodi block if it were to happen? Is it really that simple to avoid a software block?
Click to expand...
Click to collapse
Yes, currently Amazon is only blacklisting apps by package name. FireStarter and FiredTV are the only two apps on the list as of the 5.0.5.1 updated. I haven't received the 5.2.1.0 update yet, so I don't know if the list has changed, but several people have said Kodi installs/runs fine on 5.2.1.0
---------- Post added at 11:13 AM ---------- Previous post was at 11:09 AM ----------
ulises.rodriguez said:
Elias, I understand your point of view and that is precipitated taken as certain some news only based on one or two comments... But, there are many users complaining about Adb-Fire problems (that not allows applications sideloading anymore) and also problems with the Mouse-Toggle1.04 and Wukong-Remote1.9.0EN APPs, that Amazon might have changed something in this new 5.2.1.0 update.
Maybe as you already said in aftvnews.com, the issues trying to run HBO-GO or HBO-Now, with Kodi installed or running, could be "a troll comment meant to stir up concern with a false statement", however I am very worried because I'm starting to see more complaints about Netflix and Amazon Video, that are not working well after installing this update:
1 - When I watch a movie with Netflix, it don't load completely and gets stuck on 99%.
With Amazon-Videos, movie loads, but the video does not play, and does not have audio"
2 - "I am having amazon issues, and Netflix Issues stuck 99% and no audio"
3 - “Netflix doesn’t load properly anymore, gets stuck at 99%.
Amazon videos don’t play they load the video and I just see like a screenshot of the video and it doesn’t play.
I’ve lost all audio”
Since I still have not received this new 5.2.1.0 update, I would appreciate if you could contact some users who have received it, to ask if they have experienced these strange behaviors with Netflix/Amazon-Videos, and to also confirm issues with adbfire and the sideload of apps.
Thank you Elias, for your Excellent comments, your Great AFTVnews site and always help with all our requests!!
Click to expand...
Click to collapse
It's very tedious and slow to check/verify update changes by contacting people who have already received the update. I just keep a list of all the issues I've heard about and check them myself once I receive the update. I'd rather be a few days late with postings than be inaccurate because information is being relayed to me.
AFTVnews.com said:
Yes, currently Amazon is only blacklisting apps by package name. FireStarter and FiredTV are the only two apps on the list as of the 5.0.5.1 updated. I haven't received the 5.2.1.0 update yet, so I don't know if the list has changed, but several people have said Kodi installs/runs fine on 5.2.1.0
---------- Post added at 11:13 AM ---------- Previous post was at 11:09 AM ----------
It's very tedious and slow to check/verify update changes by contacting people who have already received the update. I just keep a list of all the issues I've heard about and check them myself once I receive the update. I'd rather be a few days late with postings than be inaccurate because information is being relayed to me.
Click to expand...
Click to collapse
I totally agree, it is very tedious and time consuming too, trying to contact users who already have received this 5.2.1.0.update.
I meant to get in contact with only known and trusted users, that have received the new update, as you already did with the user who confirmed that he had not received any safety message launching HBO-NOW, with Kodi installed or running.
However, maybe you're right, it is better to keep a list of all problems reported and once you receive the update, check to see if they are true or not...
I really hope that in a couple of days after receiving this update, you will have the time to write a full review in AFTVnews.com, about the negative things and also the new features of this 5.2.1.0 update.
Deleted post
I'm from Germany and I received the 5.2.1.0 update on my Fire TV Generation 1. After this Update the aftvnews.com Update blocking methode 2 isn't working anymore. No Feedback from adb when I send the command. My 2nd device, a Fire Stick hasn't got the update to 5.2.1.0, and there the blocking Methode works I think, because adb shows a Feedback after sending the command.
Gesendet von meinem E6653 mit Tapatalk
harlekinade said:
@aftvnews: Just as a small critique (well - thats how it started out, anyways... ) - when people looked at you in the past to provide context, this is what they got as first responses in return.
Click to expand...
Click to collapse
First off, thank you for posting this long and detailed criticism. Feedback, even negative feedback, is always welcome. I'll respond inline.
- When Firestarter first stopped working - it was pronounced by you "probably just an incompatibility issue".
Click to expand...
Click to collapse
I did not say "probably." I said "one theory is." There's a distinct difference. At that point nobody knew why FireStarter wasn't working yet. I hadn't even received the software update yet (which I pointed out), but thought people would like to know sooner rather than later that the update was causing some unknown issue with FireStarter. I'd love to have weeks with an update to fully dissect it before posting anything about it, but by then it would be too late for many people to avoid the update if they suddenly want to.
- When Amazon started blacklisting apps and banning Firestarter you first repeated the same notion, then celebrated Amazon for providing "their own launcher" and therefore "making it easier for most people". And only afterwarts wrote about the issues it created, also for the company itself (reputation damage).
Click to expand...
Click to collapse
The first thing I wrote about the 5.0.5.1 update was that sideloaded apps were added to the home screen and there was a quicker way to get to apps. That's what Amazon told us about the update so that's what I reported. Nobody had any idea apps were blacklisted at that point. I didn't first write about app banning and "then celebrate Amazon" like you say.
- When people asked you why to root Fire TVs, you "couldnt tell them, because everyone is different" - nfts support (circumventing the 4GB filesize limit), running a smb server, using VPN services (currently also possible without - but generally speaking), blocking software updates, using open APIs or a web interface to control the device -- are all usecases I'd argue most people should know about that are possible by now - even though Amazon put in extra effort to specifically take them out of base Android one by one. So by glancing over those - you actually follow Amazons product politics once more -
Click to expand...
Click to collapse
I assume you're referring to when people ask about why they should root in the Q&A portion of my podcast. That question comes up nearly every week and if I listed all the reasons why someone would root in every episode it would not be interesting to the listeners. Heck, if I listed and talked about just the things you mention above, which is still just a small portion of the reasons to root, it would take up the entire time I allocate to Q&A. If you want to compile a full list of all the reasons to root and keep it up to date with links to guides, I'd love to point people to it every single time this question comes up. But nobody, including myself, has created such a list because it would be very time consuming to create and maintain.
- to put it out in the open, I have a problem with you having become the gatekeeper of most information in the Fire TV ecosystem.
Is saw german mainstream technology outlets copying your first statements on issues verbetum - even if they turned out to be beside the point (as in the blacklist issue case)
Click to expand...
Click to collapse
Other websites not covering the Fire TV more or not doing their own research is out of my control.
and I ultimately hold you personally responsible for Amazon being able to --
Put blacklist routines into Android, uninstalling apps from their users devices - which they dont like because of anti competitive reasons - and allowing them to spin this feat to be just something thats "easier for the user".
Click to expand...
Click to collapse
Holding me personally responsible for that is just plain stupid.
You maybe single handedly prevented the "Amazon uninstalls its users Apps" headline and made it a "Great new feature" story.
Click to expand...
Click to collapse
You over estimate how much influence I have over other tech blogs. Every time Amazon does something negative to Fire TV owners, I contact numerous tech blogs to let them know. They simply don't care. It's not newsworthy to them. The issue isn't that the headlines were "Great new feature," it's that there were no headlines at all outside of my site.
I also hold you responsible for maintaining an atmosphere where every slight new feature, change, or tidbit Amazon "creates" gets received with unfiltered optimism first ("cheerleading"). Even down to overly detailed changelog analyses that are made to be seen as newsworthy - just because they are something new to report on. Something of general interest to your audience.
Click to expand...
Click to collapse
I'm sorry everything I write about isn't newsworthy to you. I write about what I find interesting. It's not that I think everything Amazon does is worth cheering about, it's that I don't write about things I don't think are interesting. It might be a shock to you, but a headline like "Amazon did a thing that you shouldn't care about" is not at the top of my list of articles to write.
When you made them care more about ES File explorer (by pronouncing it "the easiest way") than if adb (which was first limited, then got puposely rewritten (?)) actually remains usable for things not predetermined by Amazon - you did this entire community a disservice.
Click to expand...
Click to collapse
I didn't "make" anyone do anything. My sideloading guide lists 7 methods. The ES File Explorer method is by the the preferred method by most for obvious reasons. The fact is ADB is confusing to many people. A GUI, even if limited, is usually preferred by most. Hence the popularity of utilities like adbFire before ES File Explorer was even an option.
When you let tutorials regularly get pushed off of the front page of your blog by 12 times the "Amazon echo appreciation messages" - something important changed - combining the "how to tinker with the device" angle with the actual product messaging of the manufacturer - created a hybrid that I'd argue actually resembles a frankensteins monster that produced more harm than good.
Click to expand...
Click to collapse
If you're saying I deliberately push guides off the front page, that's just stupid. I cannot control when something newsworthy happens. If something happens that results in a bunch of posts right after I release a guide, that's out of my control. I'm not going to hold back news just because I wrote a guide.
You managed to commercialize most aspects of device hacking, for - and mostly in the name of the company that produced the device - while Amazon itself promoted a purely anti right to modifications message at the same time. You tried to moderate this conflict - and somehow it never quite worked.
Click to expand...
Click to collapse
If I didn't make money from the website through ads, it wouldn't exist. Not in the same capacity at least. The same way XDA wouldn't exists if it didn't have ads to make money off of device hacking. If you have an issue with me turning my hobby of tinkering into a means to support my family, then so be it.
When Amazon put the blacklist into the Fire TV firmwares - you werent the person that first discovered the database entries - they were reported (In here or on your comments section) and you picked it up - but now you are promoting yourself to be the person we should look at for a confirmation if Amazon has added new entries to their blacklist, or if they didn't.
Click to expand...
Click to collapse
I never took credit for discovering the blacklist. I said "XDA forum member jkchr1s has discovered that FireStarter is being explicitly disabled by name" in my post and linked to his XDA post. jkchr1s and I were going back and forth via XDA private messages trying to locate the, at the time, theoretical blacklist. He explicitly asked me to not credit him with certain things, so I left some things vague.
I am not "promoting" myself to be "the person we should look at" for anything. It's simply a fact that I'm in a position to be the first one to know if the blacklist has been updated, since I know where to look and I have several Fire TVs and Fire TV Sticks dedicated for the sole purpose of capturing the update package to pass along to rbox.
Something about all of this just feels wrong. You were more a Steward of public opinion towards your cause (a world where a advertising message can stand eye to eye to a "how to intall Kodi" tutorial - ) and at least created an information silo - that kept out certain aspects of what is possible, or what happened in the past, and overemphasized others (I see ES File Explorer use as a real problem to people learning better ways of interacting with their devices, f.e.) at least I don't agree with.
Click to expand...
Click to collapse
I agree that learning ADB is far superior to any GUI like ES File Explorer. The only guides where ES File Explorer comes up is when I write "no pc needed" guides for rooting and sideloading, since those two topics are the most popular types of guides. But for every "no pc needed" guide I have ever written, there was always first an equivalent guide posted that did everything with just ADB.
Now that the hype is mostly over, Firestarter is no more and we are gossiping whos next on Amazons in Android blacklist - where do we actually stand considering discoverability of methods or tutorials, do we understand the actions Amazon has taken, do we promote best practices - and do you - for example know - why not letting Amazon blacklist Kodi is actually important?
Click to expand...
Click to collapse
Despite what you think, I don't control the future of FireStarter, the actions Amazon has or will take, or where the Fire TV community stands.
You take both sides on this issue as well - why? And when you, a few months from know - write your article about how it was actually necessary and beneficial to the average user - will you still be part of this community? Or do you just want to feature its work? And tell your readers to mostly use Alexa ("the service economy"), just because it is there by default.
Hey - and buy an "order from Amazon" WiFi button for 20USD while you are at it, because maybe one day you will be able to launch an App on the Fire TV with it. Great pitch.
Click to expand...
Click to collapse
I don't "take both sides on an issue", but I do try to explain both sides of an issue. When Amazon does something the community thinks is negative, I don't blindly defend their actions. I do give my opinion on why I think they chose to do what they did, regardless of whether I agree or disagree with it. There is a distinct difference.
I've hid my reply to the comments that were deleted to help clean up this thread.
@harlekinade
So your old account was banned? And you decided to come right back in here with your obvious rants now directed at the main person who keeps this community going? Good job dude.
Biggest question (for us "pros") is actually: Is root (and downgrade) still possible on the fire tv 4ks that ship with that firmware?!
harlekinade said:
I'm glad to see that the posting got some kind of of recognition, I'll take some time reading through the responses and give another rebuttal in the following days.
Click to expand...
Click to collapse
If you do reply, I encourage you to do it in a new thread and link to the posts in this thread as reference because discussions of your opinion of me and my site do not belong in a thread about a Fire TV software update. This is potentially an important thread (depending on what is discovered in the update), so it should not be cluttered with off-topic conversations. I absolutely will no longer reply to you in this thread regarding myself or my website.
zroice said:
Biggest question (for us "pros") is actually: Is root (and downgrade) still possible on the fire tv 4ks that ship with that firmware?!
Click to expand...
Click to collapse
I don't know if anyone whos gotten it yet has confirmed if the preloader hack is still active.
harlekinade said:
@aftvnews:
.
Click to expand...
Click to collapse
Dude, quit it. No one's reading your responses, you're acting like a sorry little git. If the mods bothered to read these, expect your second ban real soon. Quit starting fights and leave everyone alone.

Categories

Resources