LineageOS - Better than stock Android/iOS, or worse? - LineageOS News & Discussion

I posted this on a thread and then realised it probably belongs here instead, didnt realise there was a whole board for lineage.....
Hi all. I am just learning about LineageOS. I mainly want it for my kids, as I want NO google spyware/behaviour tracking in their life, no Youtube etc either. A friend advised me to try LineageOS, calling it a 'privacy based OS'. I then bought a used MotoG with LIneage on, a Google Asus tablet with Lineage on, and finally a Google Nexus again with LineageOS on. I was over the moon, picking up all three from a car boot sale dirt cheap, in mint condition too! BUT.... Another friend of mine, a software engineer and privacy 'expert' as far as I am concerned anyway - he said that LineageOS is not safe to use as rooting is dangerous and exposes the devices to a plethora of attacks and vulnerabilities. I just wondered what the opinions on here were about that?
I discussed it and said 'I just want privacy thats all', and he basically said "You cant have privacy without FIRST having security". Agree/Disagree? I am all ears! (this is all new to me, never flashed anything but my back side!)

Anyone?

dannythechamp said:
Anyone?
Click to expand...
Click to collapse
I guess all your questions are answered all over in XDA. Such as knowledge about root, privacy etc.
If you don't understand what rooting your device means or does, stay away from it.
If you do understand after digging into it, you will have almost endless tools to run your phone like it should run, and not like the pre-installed ROM you get it from the manufactory...

Thats a curious response. My question is about whether people agree or disagree with this point. The lack of responses (and yours) suggest people just dont want to discuss it. Thats curious in itself and now makes me think the point is valid.
I understand a bit about rooting, I Just have not done it with my own hands. The main point I understand about it is the fact that it gives the user of the phone (or anyone emulating that via attack/theft) superuser/admin level access. Great, for removing built in spyware from Google (which is my main motivation here), but as was suggested to me, not so great if it makes the device inherently insecure. I was hoping for some discussion on this topic, clearly nobody wants to discuss it. Maybe that's an answer in itself.

complex jobs

ha, I refer to my last!

Danny, pre installed Android is more secure, if you don't know exactly what you are doing with your os. Lineage os, or simply a rooted phone, puts you in control of everything, included your privacy, but you have to know what you are doing. I agree with your friend.
Inviato dal mio SM-A405FN utilizzando Tapatalk

Thanks for chipping in Alessia. Yes, I certainly don't enough to claim "i know what I am doing"! My friend does though, and even he says with all the expertise in the world, you can't close the loophole that is "Rooting". Yes he could certainly mitigate much of the risks, but not all, and he still believes with all the mitigation in the world, a rooted phone (especially one running Lineage) is still less secure than a stock android with secure hardware such as (ironically) Google's Pixel. That's what he says anyway. I am not tech enough to believe him out of knowledge, but I certainly do trust him to tell me the truth, which these days certainly counts for something!
He summed up his advice with something like this.....
'If you can afford a Pixel running Graphene (IF the OS keeps being worked on, which is in doubt at the mo), then that's the most secure AND privacy-respecting option. If you can't, next stop stock iOS, next stock Android, Lineage way down the list, Lineage on an old MotoG or any old (cheap ) unsupported device which gets no hardware/firmware updates/patches, that's just security and privacy suicide!'
That's about the best round up I can give for his comments. So it's stock iOS or Android for me. Now to decide which! I already have an iPhone. Was looking forward to dumping it, and I certainly do prefer Android, but he says stock iOS is slightly more secure than stock Android.
The biggest pain in the ar5e for me is the fact that, in order to avoid security risks, you have to give yourself to Apple and/or Google. That's a depressing state of affairs indeed. I will just have to do everything I can to prevent as much spying as possible, turn off siri type stuff, location services, etc etc

dannythechamp said:
Thanks for chipping in Alessia. Yes, I certainly don't enough to claim "i know what I am doing"! My friend does though, and even he says with all the expertise in the world, you can't close the loophole that is "Rooting". Yes he could certainly mitigate much of the risks, but not all, and he still believes with all the mitigation in the world, a rooted phone (especially one running Lineage) is still less secure than a stock android with secure hardware such as (ironically) Google's Pixel. That's what he says anyway. I am not tech enough to believe him out of knowledge, but I certainly do trust him to tell me the truth, which these days certainly counts for something!
He summed up his advice with something like this.....
'If you can afford a Pixel running Graphene (IF the OS keeps being worked on, which is in doubt at the mo), then that's the most secure AND privacy-respecting option. If you can't, next stop stock iOS, next stock Android, Lineage way down the list, Lineage on an old MotoG or any old (cheap ) unsupported device which gets no hardware/firmware updates/patches, that's just security and privacy suicide!'
That's about the best round up I can give for his comments. So it's stock iOS or Android for me. Now to decide which! I already have an iPhone. Was looking forward to dumping it, and I certainly do prefer Android, but he says stock iOS is slightly more secure than stock Android.
The biggest pain in the ar5e for me is the fact that, in order to avoid security risks, you have to give yourself to Apple and/or Google. That's a depressing state of affairs indeed. I will just have to do everything I can to prevent as much spying as possible, turn off siri type stuff, location services, etc etc
Click to expand...
Click to collapse
Let's start by asking the question, are stock cell phones secure? The answer is very simple, NO! The list of entities watching you is nearly endless, starting with your provider, then the manufacturer ... None of them have your interests at heart. For most the objective is to separate you from your money. For others the objective is to collect information that can be used to manipulate you socially or politically.
So is third party software safer. Depending if it is open source or not. Closed source, probably not.Open source software is generally considered safer, for the simple reason that it is more difficult include malware in it. There is a caveat, the size of the development/user community matters - in general the larger the better - the more eyeballs on the developers the better.
Is "rooting" a good idea, for most users the answer is NO. It increases the security exposure which is not a good idea.

Dear Danny, if you want to avoid security risks, just do it. You are not compelled to do or buy anything.
Use your brain, your knowledge, root your phone and take full control on your device. That's enough.
But, if you want Google or Apple to avoid security risks for you, the price is your privacy (and a new phone every 2 years, to receive security patches).
For me, it is a simple as this.
The choice is up to you.
And, again, I agree with your friend.
Inviato dal mio SM-A405FN utilizzando Tapatalk

zzz2002 said:
Let's start by asking the question, are stock cell phones secure? The answer is very simple, NO! The list of entities watching you is nearly endless, starting with your provider, then the manufacturer ... None of them have your interests at heart. For most the objective is to separate you from your money. For others the objective is to collect information that can be used to manipulate you socially or politically.
So is third party software safer. Depending if it is open source or not. Closed source, probably not.Open source software is generally considered safer, for the simple reason that it is more difficult include malware in it. There is a caveat, the size of the development/user community matters - in general the larger the better - the more eyeballs on the developers the better.
Is "rooting" a good idea, for most users the answer is NO. It increases the security exposure which is not a good idea.
Click to expand...
Click to collapse
very well put and for the most part, I completely agree. However, I perhaps should have said, but when I say "secure", I am basically talking about unauthorised/malicious access. I believe that just about everything Google/FB and friends do IS malicious! However, we give them access (we are the self-basting turkeys) by buying an Android device and using Gmail, Google, Youtube or whatever else. Same goes for Apple users who use Siri and location services. The point being.... if Google tracks me on my Android device, I wouldn't call that "insecure", just anti-privacy and horrible in many others, but not a security hole for the context of this conversation. However, in order to remove Google and mainstream spyware/dragnet surveillance from my life, it's not as simple as just replacing the stock Android with a custom rom (and rooting), as that's like closing the front curtains but removing the back wall of my house!
I am coming to the conclusion that I have to choose between two evils, one is official spyware run by the likes of Google, and in doing so I protect myself from most hackers and exploits (As Google needs to keep its users safe from that to stay in business) - OR - I tell Google where to stick it's big fat nose, install a custom rom and root my device to gain the control needed to make that happen, but meanwhile expose myself to smaller and perhaps more overtly malicious attackers.
I wish there was a solution, and I wish there was even a happy medium. But when I want ultra security AND privacy (the latter being dependent on the former really), I think the only answer I can find so far, is to have no phone at all. Or perhaps an old pre internet phone for calls and texts, and a laptop for all data stuff, which can be secured/privacified to a much greater degree than a smart device can.

dannythechamp said:
very well put and for the most part, I completely agree. However, I perhaps should have said, but when I say "secure", I am basically talking about unauthorised/malicious access. I believe that just about everything Google/FB and friends do IS malicious! However, we give them access (we are the self-basting turkeys) by buying an Android device and using Gmail, Google, Youtube or whatever else. Same goes for Apple users who use Siri and location services. The point being.... if Google tracks me on my Android device, I wouldn't call that "insecure", just anti-privacy and horrible in many others, but not a security hole for the context of this conversation. However, in order to remove Google and mainstream spyware/dragnet surveillance from my life, it's not as simple as just replacing the stock Android with a custom rom (and rooting), as that's like closing the front curtains but removing the back wall of my house!
I am coming to the conclusion that I have to choose between two evils, one is official spyware run by the likes of Google, and in doing so I protect myself from most hackers and exploits (As Google needs to keep its users safe from that to stay in business) - OR - I tell Google where to stick it's big fat nose, install a custom rom and root my device to gain the control needed to make that happen, but meanwhile expose myself to smaller and perhaps more overtly malicious attackers.
I wish there was a solution, and I wish there was even a happy medium. But when I want ultra security AND privacy (the latter being dependent on the former really), I think the only answer I can find so far, is to have no phone at all. Or perhaps an old pre internet phone for calls and texts, and a laptop for all data stuff, which can be secured/privacified to a much greater degree than a smart device can.
Click to expand...
Click to collapse
Talking about a happy medium: I tried to setup a stock android nokia1 without Google. First of all: you don't need a Google account. Install f-droid. You can disable most Google apps. Sadly i need a stock phone app to receive calls and Google play services to get system updates. Disable all permissions of Google play services.
Good luck.

dannythechamp said:
he said that LineageOS is not safe to use as rooting is dangerous and exposes the devices to a plethora of attacks and vulnerabilities.
Click to expand...
Click to collapse
Ummm, that statement seems to imply that if you're running LineageOS then your device must also be rooted, which in my limited experience is incorrect. I flashed my several year old Huawei phone with LineageOS only about a week ago and that was my first experience with flashing a custom ROM so take anything I say with that in mind. My phone was not then and still isn't rooted, haven't decided on that yet and for now I see no need, for me personally anyway... one step at a time.
Do I feel that the security of my phone is now less secure with lineageOS? Well in the time I've owned the phone it hasn't seen any official system updates and the Android Security Patch level was from 2016, with LOS 14.1 the Android security patch level is November 2018, not the absolute latest but far better than before on the stock Huawei ROM... there are probably other things too but that's one thing that springs to mind, your experience may differ.
Like I said I'm not very experienced with all this and I may have misunderstood something in your friends reasoning, but if his concern is about rooting devices, it's perhaps a separate issue altogether. Anyway just my 2 cents worth...

As others have said, LineageOS is likely as secure as stock Android, probably even moreso. It often icludes more recent security patches, and it's open source. If I were you I would definitely go for the LOS.
But rooting can be a bit problematic. To be perfectly clear, rooting almost certainly does NOT create any additional security holes on it's own. If you root your phone without using shady Chinese software you are good.
However the rooting becomes a problem when you don't know what you're doing. If you accidentally allow root access to a malicious app you are 100% screwed. That's why people say rooting is dangerous. It's only dangerous if you misuse it. But the great thing is that you can just unroot your phone and you will be good to go.

I am late to this party, but I will comment anyway because computer security is a big part of what I do for a living, and android security is important to me because I am a rather militant privacy advocate and I use an android phone.
So.
If you want to fully secure the android system, and guarantee your privacy, you have to root the phone. Period. Full stop. There are many apps out there that require root to run that will greatly enhance your privacy and security. Afwall and Greenify are two that immediately come to mind.
That said, if you root your phone and you don't know what you are doing, you can indeed leave your phone in a very vulnerable state, without knowing it.
The basic issue is that, when you root, you gain complete and total access to the device. You can add or change or delete literally anything on the phone. This enables you to screw it up in a big way, and this also makes it easy for certain malware to take complete control of the device.
Now, there is malware out there which will silently root your phone for you, then take control, and you actually can block this malware by rooting it yourself and installing a root manager. But most malware does not do that and by rooting your phone then exposing it to that malware, you give the malware a level of access it would never have if the phone was not rooted.
For safety, unless you are technically sophisticated, you should not root. This limits YOUR access to your device, and keeps you from hosing it, and also limits what most malware can do. But it also prevents you from removing some built-in software that you don't want or that is spying on you, and it limits your ability to restrict the activity of some software that you want to have running, but you don't want to have able to do certain things.
In many ways the android phone is not built to serve YOUR interests; it is built to serve Google's interests, and the interests of those third parties who have paid money to have their apps placed on it by default. The facebook app immediately springs to mind; no one should have that malicious POS on their device because it sells you out completely. Unless you root, you cannot make the phone solely serve your interests.
LineageOS gives you the capability to turn root on, then turn it back off. Thus, using LOS, you can enable root, remove those noxious apps, and turn root off again. This, to my mind, is a decent compromise. Nonetheless, root is present on the phone and if you leave it on you can both (a) lock that phone down tight and make it fully secure, and (b) hose it completely if you make a mistake, and (c) leave it more vulnerable than stock if you don't know what you are doing.
So those who tell you that rooting is a bad idea...are more or less right. For most people, they are right. If you want a fully secure android, then you have to both root AND thoroughly educate yourself, which takes a lot of effort.
So, you decide.

Any word on LineageOS 17 for the Nexus 6?
Verstuurd vanaf mijn Nexus 6 met Tapatalk

dannythechamp said:
I posted this on a thread and then realised it probably belongs here instead, didnt realise there was a whole board for lineage.....
Hi all. I am just learning about LineageOS. I mainly want it for my kids, as I want NO google spyware/behaviour tracking in their life, no Youtube etc either. A friend advised me to try LineageOS, calling it a 'privacy based OS'. I then bought a used MotoG with LIneage on, a Google Asus tablet with Lineage on, and finally a Google Nexus again with LineageOS on. I was over the moon, picking up all three from a car boot sale dirt cheap, in mint condition too! BUT.... Another friend of mine, a software engineer and privacy 'expert' as far as I am concerned anyway - he said that LineageOS is not safe to use as rooting is dangerous and exposes the devices to a plethora of attacks and vulnerabilities. I just wondered what the opinions on here were about that?
I discussed it and said 'I just want privacy thats all', and he basically said "You cant have privacy without FIRST having security". Agree/Disagree? I am all ears! (this is all new to me, never flashed anything but my back side!)
Click to expand...
Click to collapse
Security does not equal privacy. Stock ROM is for those who are willing to sacrifice privacy for security and functionality.
Graphene and Lineage are for these people
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Related

open source Ha

why are they blocking **** on the G1 if its supposed to be opensource
and in opensource anything goes
and i heard they wont let you put skins on the market
oh well i still love my G1 hopefully they dont **** **** up
btw we should start a petition against rc30 because its negating the open source part of the phoen
http://source.android.com/download
and in opensource anything goes
Click to expand...
Click to collapse
Yup. That includes taking the source code and building a closed or partially closed product.
roguestatuskat said:
why are they blocking **** on the G1 if its supposed to be opensource
and in opensource anything goes
and i heard they wont let you put skins on the market
oh well i still love my G1 hopefully they dont **** **** up
btw we should start a petition against rc30 because its negating the open source part of the phoen
Click to expand...
Click to collapse
I don't think you quite understand the concept of open source. Open source doesn't mean "anything goes." Open source means you get access to the source code. Depending on the license, you can take the source code and make a closed source program (BSD, for example), or it must stay open source (GPL). That is it.
RC30 had nothing to do with negating the open source concept. RC30 was in response to a bug in the project that allowed whatever you typed on the keyboard to be echoed to a console.
If you want a rooted, unlocked phone, get an Android Dev Phone 1.
A truly wide open, mass marketed cell phone in this package would be a BAD thing for us. It needs to still have standards to insure the "typical" user can easily use the device and not have to worry about ****ing it up.
Get a Dev phone if you want to modify it.
vr24 said:
A truly wide open, mass marketed cell phone in this package would be a BAD thing for us. It needs to still have standards to insure the "typical" user can easily use the device and not have to worry about ****ing it up.
Click to expand...
Click to collapse
I really don't see what is wrong with selling a software unlocked device through T-Mobile. The default ROM that comes loaded does not have root enabled... you actually have to go through the SPL to flash a new image which has ro.secure disabled. Its not like someone can just accidentally go into SPL mode and brick their phone, they actually have to press a key sequence to access it.
Also, look at just about every other device on these forums. They run WINDOWS, the most closed source platform out there and even on those phones we can flash images via SPL. Why not on a phone running linux?
Datruesurfer said:
Also, look at just about every other device on these forums. They run WINDOWS, the most closed source platform out there and even on those phones we can flash images via SPL. Why not on a phone running linux?
Click to expand...
Click to collapse
It is really quite a lot easier to seriously damage a Linux system in the command line than it is with Windows. With root access, Linux assumes you know exactly what you are doing. Root also bypasses quite a lot of Linux's security mechanisms. This behavior is not appropriate or ideal for a consumer-oriented device. The G1 is not marketed toward software developers and experienced Linux hackers. If such a device is required, the Dev Phone 1 is the appropriate option.
Also, if WinMo were ever to want to make serious attempts at breaking into the consumer smartphone space (where iPhone and Symbian live), I imagine it too would become seriously locked down.
jashsu said:
It is really quite a lot easier to seriously damage a Linux system in the command line than it is with Windows.With root access, Linux assumes you know exactly what you are doing. Root also bypasses quite a lot of Linux's security mechanisms. This behavior is not appropriate or ideal for a consumer-oriented device. The G1 is not marketed toward software developers and experienced Linux hackers. If such a device is required, the Dev Phone 1 is the appropriate option.
Click to expand...
Click to collapse
You know what has the same power that root has to brick your phone? the bootloader. Say you try to flash to the latest ROM and it fails half way through... Your phone is basically bricked. Regardless, HTC still has this enabled on all of their Windows Mobile devices. Not exactly consumer oriented functionality, but it is there so people who know what they are doing have the power to do what they want.
I really think everyone needs to calm down here. We aren't sure what is in store for the future. Maybe we should withhold complaints and other comments until after Google has finished their first release.
But feel free to complain about how t-mobile doesn't tell you about the beta-ness of the device.
neoobs said:
I really think everyone needs to calm down here. We aren't sure what is in store for the future. Maybe we should withhold complaints and other comments until after Google has finished their first release.
But feel free to complain about how t-mobile doesn't tell you about the beta-ness of the device.
Click to expand...
Click to collapse
Google already made their stance very clear. Buy a Dev Phone for $399 + $25 market subscription fee + shipping or you can't have root. I'm sure its going to be the same for every other android device coming out.
Datruesurfer said:
Google already made their stance very clear. Buy a Dev Phone for $399 + $25 market subscription fee + shipping or you can't have root.
Click to expand...
Click to collapse
It's not Google's decision to make:
Brian Swetland @ G1-Hackers mailing listhttp://www.telesphoreo.org/pipermail/g1-hackers/2008-December/000188.html
The t-mobile g1 devices are "working as intended" as of RC30. It is
possible that other OEMs or carriers may choose to ship their devices with
the platform in a less (or, hey, even more) locked down configuration, but
that is the choice of the OEMs and carriers.
I'm sure its going to be the same for every other android device coming out.
Click to expand...
Click to collapse
Which OEM or carrier do you work for/speak for?
This "its working as intended" is technically true but it means the HYPE behind the phone was and is a load of crap.
If T-Mobile wants to become Verizon, so be it. They're entitled. Customers are entitled to tell them to pound sand and stick it where the sun does not shine.
What's unreasonable (and indeed outrageous) is to sell a beta device to the public without making VERY CLEAR what you are doing. OTA "push" updates are even worse as they can (and in this case DID) REMOVE functionality that used to be there.
As for building "totally secure" environments, heh, have at it. But doing so destroys the attraction of "open source" and then you're on the hook to deliver the full experience that the user expects, because he or she can't get it from anyone but you.
Just so long as everyone involved understands that this is the tradeoff and is ok with it (that is, the customer is INFORMED before they hand over their money AND the company understands that they will get the criticism that will come when the experience doesn't meet expectations!) that's fine.
Would I buy a WinMo unit that I could NOT hack on and load my own firmware? Today, hell no, because what's delivered "stock" does not meet my expectations for user experience.
Neither does the G1, and the reason I'm not sitting here with one is because T-Mobile has made an executive decision to lock those devices down to the point that I can't do for myself what they either refuse to do (or are incapable of doing) for me, nor can I find other people who can and do those things and load THEIR stuff on the platform.
If I wanted a Samsung "prepack" phone I'd have bought one. Oh wait - I can even reflash and feature-edit those, along with Motorolas!
Datruesurfer said:
Google already made their stance very clear. Buy a Dev Phone for $399 + $25 market subscription fee + shipping or you can't have root. I'm sure its going to be the same for every other android device coming out.
Click to expand...
Click to collapse
I would like to know where you got your information about Google's stance. So far all they have said is that the device is still partly closed source till the get things the way they want it. This would also imply that later down the line they may give the option to open root again.
Genesis3 said:
This "its working as intended" is technically true but it means the HYPE behind the phone was and is a load of crap.
If T-Mobile wants to become Verizon, so be it. They're entitled. Customers are entitled to tell them to pound sand and stick it where the sun does not shine.
What's unreasonable (and indeed outrageous) is to sell a beta device to the public without making VERY CLEAR what you are doing. OTA "push" updates are even worse as they can (and in this case DID) REMOVE functionality that used to be there.
As for building "totally secure" environments, heh, have at it. But doing so destroys the attraction of "open source" and then you're on the hook to deliver the full experience that the user expects, because he or she can't get it from anyone but you.
Just so long as everyone involved understands that this is the tradeoff and is ok with it (that is, the customer is INFORMED before they hand over their money AND the company understands that they will get the criticism that will come when the experience doesn't meet expectations!) that's fine.
Would I buy a WinMo unit that I could NOT hack on and load my own firmware? Today, hell no, because what's delivered "stock" does not meet my expectations for user experience.
Neither does the G1, and the reason I'm not sitting here with one is because T-Mobile has made an executive decision to lock those devices down to the point that I can't do for myself what they either refuse to do (or are incapable of doing) for me, nor can I find other people who can and do those things and load THEIR stuff on the platform.
If I wanted a Samsung "prepack" phone I'd have bought one. Oh wait - I can even reflash and feature-edit those, along with Motorolas!
Click to expand...
Click to collapse
Then don't buy a consumer oriented device like the G1 - don't like how it operates, there are thousands of apps to add new functionality. Want root? Too bad, it's not designed or released for that reason, or, gasp, buy a DEV PHONE.
You think T-Mobile is even remotely taking into considering the .00001% of the user base that is like you? Who wants to buy a phone to HACK it!? Be serious here. What features are you really missing out here? Can't teather the phone (which t-mobile doesn't want you doing anyways) - and can't set auto-rotate?
Yes, caching to the SD card is something that needs fixing, but hardly a major "I need root" problem at this point, the phone is practically still BETA, and again, BUY A DEV PHONE.
Genesis3 said:
OTA "push" updates are even worse as they can (and in this case DID) REMOVE functionality that used to be there.
Click to expand...
Click to collapse
The update was to fix a gaping security hole not to remove functionality. The fact was that before it was fixed all it would have taken would be for a site contain certain malicious code and then a person would have root access to your phone and all your personal information with it. Just think of how far someone who had your google credentials could go.
RC29 was a test of the OTA system. If it hadn't been for the security hole RC30 probably would not have happened. If it wasn't fixed it would have opened Google & T-Mobile to a massive amount of liability.
As for building "totally secure" environments, heh, have at it. But doing so destroys the attraction of "open source" and then you're on the hook to deliver the full experience that the user expects, because he or she can't get it from anyone but you.
Click to expand...
Click to collapse
This is another misunderstanding of what open source really is. It means that the source code is open to be viewed and/or modified. It does not mean that the hardware needs to be (think of Tivo).
Aside from that one of the new "cupcake release" that is currently being worked on includes support third party updates of system applications. This ability alone means a lot.
the reason I'm not sitting here with one is because T-Mobile has made an executive decision to lock those devices down to the point that I can't do for myself what they either refuse to do (or are incapable of doing) for me, nor can I find other people who can and do those things and load THEIR stuff on the platform.
Click to expand...
Click to collapse
Please do some research before you try to say what T-mobile's intent is. If they're not going to move to block tethering, which would impact them via the bandwidth, then why would they move to otherwise lock the phone from modification in ways that wouldn't?
The G1 is not missing any features advertised before launch. The fact that you want more from it and the fact that people are working towards making that a reality kind of shows the power of open source. I don't think that WM had this level of development and as much progress a month an a half after launch.
Genesis3 said:
But doing so destroys the attraction of "open source"
Click to expand...
Click to collapse
Open source and Linux have different benefits to different groups of people with sometimes divergent agendas. These groups could include oems/manufaturers, carriers, power users, casual users. What is an "attraction" to you may be unimportant or a liability to someone else.
Just so long as everyone involved understands that this is the tradeoff and is ok with it (that is, the customer is INFORMED before they hand over their money AND the company understands that they will get the criticism that will come when the experience doesn't meet expectations!) that's fine.
Click to expand...
Click to collapse
Seems to me that at the core of a lot of dissatisfied G1 users is either: 1) their own expectation that the G1 would have X and Y features that were never advertised to be supported "out-of-the-box" or 2) their dissatisfaction at not having root access (which was never advertised). Some folks new to the world of open source seem to think that any product built on os components must be by nature completely open access. This is a completely flawed assumption. I see no need for T-Mo or Google to apologize for a potential G1 owner's own assumptions going into the purchase.
Would I buy a WinMo unit that I could NOT hack on and load my own firmware? Today, hell no, because what's delivered "stock" does not meet my expectations for user experience.
Click to expand...
Click to collapse
Another solution would simply be not to voluntarily buy any WinMo products at all. Tech is still a business, and the best way to get businesses to act is to put your money where your mouth is.
@vr24 & benmyers: Agreed completely.
There are a whole host of things that the G1 does not do by intent.
Tethering is just one of them.
I actually use my phone to do work on, and the functionality that would have been LOST going from either a Wizard or a Kaiser to the G1 was insane.
I toyed with one for a half-hour or so in the store and said "thanks, but no thanks" when a half-dozen things I attempted - simple stuff that WM6 (and even WM5!) support native like, oh, connecting to my ORB server at my house and watching CNBC on the phone - failed.
Tethering has been possible on virtually every phone that can run data T-Mobile has produced and can talk to a PC since the Nokia 6610 (a phone I still happen to have, having purchased it FROM T-Mobile in something like 2001!); removing that functionality is absolutely asinine given that it was intentionally removed - Linux by its nature knows how to do both NAT and DHCP, the two essential elements required.
Yes, I'm aware they've removed it from a couple of other recent models' firmware (Samsungs in particular) as well. You want to cite some speech by a T-Mobile executive that PREDATES the firmware changes they made intentionally to the Samsung models? Guess what - executives lie all the time. Wake up and smell the coffee, or have it poured down your back.
Like I said, if they intend to become Verizon they're entitled, and customers are entitled to leave - and will.
"Dream"? Ha.
T-Mobile is IMHO making a critical error given that the "bling crowd" doesn't need a $100/month cellphone bill and into the maw of the worst economic conditions since the 1930s do you think people will cut luxuries like data on their cell phones or their car payment first?
You fanboys are welcome to your "Dream"-cum-nightmare; as for the suggestion that I shouldn't buy a WinMo device because "its not all there as intended" I buy with the full knowledge and intent that I can unlock and flash it, intending to do so at the point of purchase. That's part of the bargain and why I purchased it - if that wasn't possible I'd probably be on a Symbian device instead.
As for "doing research" the fact of the matter is that without system-level access nobody's going to be building a native tethering application. Modifying routing tables (including setting up NAT) requires system privilege; 20+ years experience writing Unix device drivers here kids.
Have a good evening.
Genesis3 said:
Linux by its nature knows how to do both NAT and DHCP, the two essential elements required.
Click to expand...
Click to collapse
Android ≠ Linux
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Genesis3 said:
removing that functionality is absolutely asinine given that it was intentionally removed - Linux by its nature knows how to do both NAT and DHCP, the two essential elements required.
Click to expand...
Click to collapse
This comment is so flawed I don't even know where to begin. I'm assuming you mean dhcpd. In any case, the average user only cares whether tethering is possible or not and yes it is very possible. I'm beta testing June Fabric's PdaNET for Android.
T-Mobile is IMHO making a critical error given that the "bling crowd" doesn't need a $100/month cellphone bill and into the maw of the worst economic conditions since the 1930s do you think people will cut luxuries like data on their cell phones or their car payment first?
Click to expand...
Click to collapse
Last I checked, htc's numbers for G1s shipped thru end of Q4 2008 is 1 million units. Considering that T-Mo is Dream's only carrier and all Dreams are sold with a dataplan, I think they're doing alright. Certainly feel free to correct me if you have more accurate numbers.
benmyers2941 said:
Android ≠ Linux
Click to expand...
Click to collapse
The drivers are in the kernel. Have you looked?
I have.
Click to expand...
Click to collapse
Beggars eh?
Hmmm... me thinks you got that backwards.
Genesis3 said:
The drivers are in the kernel. Have you looked?
I have.
Click to expand...
Click to collapse
Yup...sure have... and as jashsu pointed out
tethering is possible or not and yes it is very possible.
Click to expand...
Click to collapse
Beggars eh?
Hmmm... me thinks you got that backwards.
Click to expand...
Click to collapse
How so? I'm not the one asking for stuff and then choosing not to believe what I'm told.

A Discussion with Google??

I want to start this discussion because I haven't seen it anywhere and I read several Android forums. I love the platform and it's "openess" but it seems that requirements from Google fall just short of making this the best platform ever for handsets.
We are all screaming at Motorola about the signed bl but we aren't focusing enough on the greater issue. The Android license from Google seems to allow this or maybe it is less specific to Google than to some other entity but I don't speak lawyerese so i'm not sure. Anyway, here is what I keep reading from Motorola...
"The use of open source software, such as the Linux kernel or the Android platform, in a consumer device does not require the handset running such software to be open for re-flashing. We comply with the licenses, including GPLv2, for each of the open source packages in our handsets"
My point of discussion is this, why aren't we asking Google what they can do? Why can't Google simply state that "we will not allow our software to be damaged in this way"? Why do they allow Verizon, at&t, Motorola, HTC or anyone else manipulate their software in a way that brings so much resentment? Is it not in Google's best interest to force this platform to remain open? I realize this is a double edged sword because open means people can do what they want, which holds true for companies also but I think that everyone realizes that Google's intent was that this would benefit everyone, not just the companies.
Also, everyone seems to forget that HTC is messing around with trying to lock down the NAND. Just because geniuses get past the protection doesn't mean that HTC isn't trying. If the Droid X is a huge success, even with this restriction in place, then what makes any of you think that the rest will not follow suit?
Because open means that you can do whatever you want with it. There is nothing stopping anyone from using it, modifying it for their own uses, and putting it in any device that would support it. That's why a company can strip down all of Google stuff from it and put Bing if they want to, and Google wouldn't be able to complain. The whole point of open and free software is that you compete by actually being the best at something. You keep Google stuff in Android because well, they work best.
Now, when you put Android in a device you manufacture, you do have the rights to do whatever you want with the device. This seems to be a hardware protection on top of the software ones. You know how DRM'd mp3 stop working? well, it's not much different, except that now there is physical damage.
True, these measures defeat the whole purpose of being open, but what the heck. Being truly open means making a great product, and then not complaining when someone grabs it and beats you with it. You have are always competing to deliver the best product, and that's why open is awesome.
Who was it that said: "I can't agree with what you are saying, but I will defend to the death your right to say it"?
Open goes both ways. The company (Motorola) has every right to lock down the bootloader and prevent others from flashing.
You guys are looking at it as if Motorola did this to prevent people from flashing custom roms. The real reason they did it was to prevent others from stealing their rom and porting it to another phone. If you like the "ninjablur" UI, you need to buy the DroidX.
Ryan Frawley said:
Open goes both ways. The company (Motorola) has every right to lock down the bootloader and prevent others from flashing.
You guys are looking at it as if Motorola did this to prevent people from flashing custom roms. The real reason they did it was to prevent others from stealing their rom and porting it to another phone. If you like the "ninjablur" UI, you need to buy the DroidX.
Click to expand...
Click to collapse
Actually, I don't agree. I'm pretty sure one could extract those widgets if you really wanted to. (They "Ain't all that" if you ask me. - And yes, I did buy an X yesterday and love it. Just ain't crazy about those widgets).
I think the real reason this is locked down is to prevent custom ROM/Root access to enable tethering. There are other issues I'm sure, but at the top of the list is to protect that revenue Big Red is trying to generate.
As to Google 'Stopping' the carriers from locking this down, please understand that if the carriers can't protect their revenue streams, they simply won't allow the phones on their network, and that would hinder the growth of the OS in general.
Don't take any of my words as endorsement of VZW/Moto actions. I'll be first in line to flash/root my phone when/if its ever possible. I'm just a realist. VZW wants $20/month for WiFi Tether. They are going to do as much as reasonably possible to keep you from doing that for free.
In a related note, 2.2 Froyo does tethering natively. I expect this to be crippled/disabled when we get our update in a couple of months.
I don't agree with the idea that companies would stop supporting the platform. The Droid has been a cash cow for verizon and it is an open book. Google could easily ask that their platform remain open for all to enjoy.
Beyond that, if Google allows them to gimp their OS then Google has created something entirely for the benefit of companies and not at all for the general population. I don't believe this is true. I think that the changes will start with Android v3.0. Google will start getting more pissy about custom crap especially if it makes their product seem worse and increase the chance that Android will be looked upon negatively.
Despiadado1 said:
I don't agree with the idea that companies would stop supporting the platform. The Droid has been a cash cow for verizon and it is an open book. Google could easily ask that their platform remain open for all to enjoy.
Beyond that, if Google allows them to gimp their OS then Google has created something entirely for the benefit of companies and not at all for the general population. I don't believe this is true. I think that the changes will start with Android v3.0. Google will start getting more pissy about custom crap especially if it makes their product seem worse and increase the chance that Android will be looked upon negatively.
Click to expand...
Click to collapse
Its the same problem with windows, the OS gets blamed for what hardware vendors do to it... we see this $400 computers getting compared to Apples $1500+ computers and thats some how proof windows sucks, I never had problems with Vista being slow, but people and there $400 computer did.
The problem with Android, specifically the scrolling smoothness, is the vendors custom Android OS setups...
FtL1776 said:
Its the same problem with windows, the OS gets blamed for what hardware vendors do to it... we see this $400 computers getting compared to Apples $1500+ computers and thats some how proof windows sucks, I never had problems with Vista being slow, but people and there $400 computer did.
The problem with Android, specifically the scrolling smoothness, is the vendors custom Android OS setups...
Click to expand...
Click to collapse
To be fair, I think the scrolling smoothness is half crappy hardware and half Android's lack of hardware acceleration.
Mikerrrrrrrr said:
To be fair, I think the scrolling smoothness is half crappy hardware and half Android's lack of hardware acceleration.
Click to expand...
Click to collapse
No some custom roms fix those issues because they enable the hardware acceleration, which again shows that Google really should crack down on some of these custom versions of Android on phones.
Zaphod-Beeblebrox said:
Actually, I don't agree. I'm pretty sure one could extract those widgets if you really wanted to. (They "Ain't all that" if you ask me. - And yes, I did buy an X yesterday and love it. Just ain't crazy about those widgets).
I think the real reason this is locked down is to prevent custom ROM/Root access to enable tethering. There are other issues I'm sure, but at the top of the list is to protect that revenue Big Red is trying to generate.
As to Google 'Stopping' the carriers from locking this down, please understand that if the carriers can't protect their revenue streams, they simply won't allow the phones on their network, and that would hinder the growth of the OS in general.
Don't take any of my words as endorsement of VZW/Moto actions. I'll be first in line to flash/root my phone when/if its ever possible. I'm just a realist. VZW wants $20/month for WiFi Tether. They are going to do as much as reasonably possible to keep you from doing that for free.
In a related note, 2.2 Froyo does tethering natively. I expect this to be crippled/disabled when we get our update in a couple of months.
Click to expand...
Click to collapse
Motorola has said so itself. The reason Droid X is locked down is because they don't want people stealing their custom UI. Widgets are only part of this UI. The inability to flash custom roms is merely a consequence of protecting their UI.
FtL1776 said:
No some custom roms fix those issues because they enable the hardware acceleration, which again shows that Google really should crack down on some of these custom versions of Android on phones.
Click to expand...
Click to collapse
Ah. Didn't know that.

[Security] Should I be concerned about this vulnerability in CM?

So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.

[Q] Do you lose anything by rooting?

I'm about to root my Nexus 10. Will I lose anything? Such as some Google Apps refusing to work like paid for movies or books or anything if it detects it's running on a rooted device?
Or do all Google and other apps still work fine?
Anything to watch out for? I'm considering Cyanogen, and will root with Mskip's tool.
http://forum.xda-developers.com/showthread.php?t=2001868
Everything will work fine. All that I have ever found not working is my employer's software developed only for the employees. No mass produced app will give you any trouble.
Enjoy CM10!
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
DroidBois said:
I'm about to root my Nexus 10. Will I lose anything? Such as some Google Apps refusing to work like paid for movies or books or anything if it detects it's running on a rooted device?
Or do all Google and other apps still work fine?
Anything to watch out for? I'm considering Cyanogen, and will root with Mskip's tool.
http://forum.xda-developers.com/showthread.php?t=2001868
Click to expand...
Click to collapse
You lose everything, including your home and first-born child.
In all seriousness, just about everything will work fine if you only root. Some custom ROMs do introduce incompatibility problems, but it's usually on a pretty small scale (an app here or there might not work if your ROM/kernel choice tweaks how the device handles graphics, for example). By and large, you should be fine, but be careful of certain content apps that will refuse to play on rooted devices.
SacGuru said:
Everything will work fine. All that I have ever found not working is my employer's software developed only for the employees. No mass produced app will give you any trouble.
Enjoy CM10!
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
Click to expand...
Click to collapse
Come now, you know that's not entirely true. Many stuck-up content providers won't support rooted devices, and you'll also get the standard "unsupported device" claim if you're rooted or have an unlocked bootloader from apps like Google Wallet. By and large though, OP, you should be fine.
Rirere said:
You lose everything, including your home and first-born child.
In all seriousness, just about everything will work fine if you only root. Some custom ROMs do introduce incompatibility problems, but it's usually on a pretty small scale (an app here or there might not work if your ROM/kernel choice tweaks how the device handles graphics, for example). By and large, you should be fine, but be careful of certain content apps that will refuse to play on rooted devices.
Come now, you know that's not entirely true. Many stuck-up content providers won't support rooted devices, and you'll also get the standard "unsupported device" claim if you're rooted or have an unlocked bootloader from apps like Google Wallet. By and large though, OP, you should be fine.
Click to expand...
Click to collapse
You are right, but I was responding to what the OP had asked. Movies from play will work just fine afaik. And yes, there would be some app developers who won't support modified devices (I've heard of some trouble with the Sky tv app), but then again on some devices there are ways to temporarily unroot to allow such apps to run.
Again, how the device handles graphics can be modified as well. I had trouble with the Naked Browser before I modified the dpi using an xposed framework module.
In simple terms, so as to not confuse things, I would say that the huge majority of apps would give him no problems, and he would be missing out a lot if he refuses to root his device in the fear of one or two apps not working.
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
SacGuru said:
You are right, but I was responding to what the OP had asked. Movies from play will work just fine afaik. And yes, there would be some app developers who won't support modified devices (I've heard of some trouble with the Sky tv app), but then again on some devices there are ways to temporarily unroot to allow such apps to run.
Again, how the device handles graphics can be modified as well. I had trouble with the Naked Browser before I modified the dpi using an xposed framework module.
In simple terms, so as to not confuse things, I would say that the huge majority of apps would give him no problems, and he would be missing out a lot if he refuses to root his device in the fear of one or two apps not working.
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
Click to expand...
Click to collapse
There's a fine line between "not confus[ing] things" though and glossing over very real issues. It's significantly better for a new user to go into rooting aware of potential problems than rush in and get screwed on something because they expected rooting to be a land of sunshine, rainbows, and daisies, and found it was actually one that also had blood and tears.
That's especially true when you start getting into things like XPosed modules, which, while simple are much more than a new user should really have to contend with. Full stock+rooted is probably the safest introduction because it's so comparatively trivial to revert if you blow yourself up.
Rirere said:
There's a fine line between "not confus[ing] things" though and glossing over very real issues. It's significantly better for a new user to go into rooting aware of potential problems than rush in and get screwed on something because they expected rooting to be a land of sunshine, rainbows, and daisies, and found it was actually one that also had blood and tears.
That's especially true when you start getting into things like XPosed modules, which, while simple are much more than a new user should really have to contend with. Full stock+rooted is probably the safest introduction because it's so comparatively trivial to revert if you blow yourself up.
Click to expand...
Click to collapse
I know people who went on to custom roms the day they rooted their phones. I myself used one within a fortnight of using my first android device. Rooting isn't exactly rocket science.
I would really like to know what percentage of apps you believe do not work on custom roms/rooted phones out of all apps in the world. Impossible though it might be to have an exact number, I have a slight suspicion you have a larger-than-what-could-be-true figure in your head. While at it, do mention some of the blood and tears you have had while using your device.
In all the time I have been using android devices, I have only once encountered an app which I couldn't run on my device, and I believe that was purely due to lack of effort on my part.
Again, many people turn on to modifying their devices only because they want to use a custom rom, as the OP already wants to. I have never seen a comment by an user who regrets rooting his device as an app isn't working. I have seen numerous from users who are disappointed with the capabilities of their unrooted devices.
Had you understood my second comment, you would have realized that not only had I agreed with what you had said, I had also, unlike you, actually mentioned a couple of apps which might have problems on a rooted device. Glossing over issues might be wrong, but complicating simple questions is worse, in my opinion.
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
SacGuru said:
I know people who went on to custom roms the day they rooted their phones. I myself used one within a fortnight of using my first android device. Rooting isn't exactly rocket science.
I would really like to know what percentage of apps you believe do not work on custom roms/rooted phones out of all apps in the world. Impossible though it might be to have an exact number, I have a slight suspicion you have a larger-than-what-could-be-true figure in your head. While at it, do mention some of the blood and tears you have had while using your device.
In all the time I have been using android devices, I have only once encountered an app which I couldn't run on my device, and I believe that was purely due to lack of effort on my part.
Again, many people turn on to modifying their devices only because they want to use a custom rom, as the OP already wants to. I have never seen a comment by an user who regrets rooting his device as an app isn't working. I have seen numerous from users who are disappointed with the capabilities of their unrooted devices.
Had you understood my second comment, you would have realized that not only had I agreed with what you had said, I had also, unlike you, actually mentioned a couple of apps which might have problems on a rooted device. Glossing over issues might be wrong, but complicating simple questions is worse, in my opinion.
Click to expand...
Click to collapse
You're starting to get a little touchy there.
I've been rooted and flashing ROMs for several years now, so I'm hardly new to the field. Nor do I think that there's even a large portion of apps out there that have trouble on rooted devices-- because that is not the point. From an end-user perspective, it only takes the loss of one app or a misbehaving one to ruin the experience. A great day-to-day example is Foldersync-- while the app "runs" correctly, if it detects you have root privileges it will spam superuser requests to perform a better sync. If you deny the request, your sync may fail, and if you accept it, the app potentially causes a wakelock. Random behavior can be just as bad as an outright crash.
OP's interest with ROMs is also a point of greater concern than just root. You really don't have to look too far to see people having problems, especially if you every venture outside of Nexus-land. The last hulabaloo I saw over this was back in the HTC One forums because a popular AOSP ROM had a misconfigured graphics driver that caused a few games to fall over and die.
As far as blood, sweat, and tears, try a bootlooping Galaxy Player 4.0 with a wiped /efs that was essentially softbricked for about two months before I had a free six or seven hours to manually dd everything back into place. I've also had my share of bootloops on Nexus devices while experimenting, although with a little fastboot or adb knowledge it's not hard to get out of them.
I have seen plenty of people regret their root or flash. I don't think you quite remember how bad the first bootloop or problem can be if you have never messed with this stuff before. Fastboot and adb are pretty easy to learn to use, but when you're first starting and every black screen seems like the death knell, it's a different matter altogether. Yes, I saw your post, and I understood, but it's a lot better to play it safe, especially at first, then charge ahead unaware of the consequences. Don't tell me you haven't seen people whining in countless ROM threads because they've done something stupid, usually because they didn't know not to.
Bottom line: better to play it safe and know than not. The only point I made up top was that you have to be 100% aware that you're playing with fire before you get burned. That doesn't mean fire isn't useful or that it's scary, but it does mean you have to be careful.
Edit
SacGuru said:
The whole point of my second post was that there are alternatives - to roms, to mods, to apps, to hardware limitations. The availability of these alternatives is amongst the prime reasons we love android, you and I.
The Op is not asking us about Softbricks/bootlooping devices, or black screens. He is asking only about apps. As I said before, I haven't yet seen a comment from someone who wants to unroot his device just because a particular app does not work. It might be possible that with your experience you might have seen one or two, but as you mention yourselves, people sometimes tend to be stupid.
It's unfortunate that I sounded touchy to you. My only answer to the Op still remains that it would be highly unlikely for him to have trouble with apps, even though there could be apps which do not work on modded phones (as I did mention in my very first comment).
Click to expand...
Click to collapse
I think we're reading the comment a little differently. This is why I brought up what I did.
I'm about to root my Nexus 10. Will I lose anything? Such as some Google Apps refusing to work like paid for movies or books or anything if it detects it's running on a rooted device?
Or do all Google and other apps still work fine?
Anything to watch out for? I'm considering Cyanogen, and will root with Mskip's tool.
Click to expand...
Click to collapse
Based on the questions being asked, I think it's reasonable to assume OP doesn't know anything about rooting or ROMs, so I'm being a little more liberal in looking at this comment than I would be otherwise. As such, I'd rather err on giving them information a little outside the original scope than too little.
Rirere said:
You're starting to get a little touchy there.
I've been rooted and flashing ROMs for several years now, so I'm hardly new to the field. Nor do I think that there's even a large portion of apps out there that have trouble on rooted devices-- because that is not the point. From an end-user perspective, it only takes the loss of one app or a misbehaving one to ruin the experience. A great day-to-day example is Foldersync-- while the app "runs" correctly, if it detects you have root privileges it will spam superuser requests to perform a better sync. If you deny the request, your sync may fail, and if you accept it, the app potentially causes a wakelock. Random behavior can be just as bad as an outright crash.
OP's interest with ROMs is also a point of greater concern than just root. You really don't have to look too far to see people having problems, especially if you every venture outside of Nexus-land. The last hulabaloo I saw over this was back in the HTC One forums because a popular AOSP ROM had a misconfigured graphics driver that caused a few games to fall over and die.
As far as blood, sweat, and tears, try a bootlooping Galaxy Player 4.0 with a wiped /efs that was essentially softbricked for about two months before I had a free six or seven hours to manually dd everything back into place. I've also had my share of bootloops on Nexus devices while experimenting, although with a little fastboot or adb knowledge it's not hard to get out of them.
I have seen plenty of people regret their root or flash. I don't think you quite remember how bad the first bootloop or problem can be if you have never messed with this stuff before. Fastboot and adb are pretty easy to learn to use, but when you're first starting and every black screen seems like the death knell, it's a different matter altogether. Yes, I saw your post, and I understood, but it's a lot better to play it safe, especially at first, then charge ahead unaware of the consequences. Don't tell me you haven't seen people whining in countless ROM threads because they've done something stupid, usually because they didn't know not to.
Bottom line: better to play it safe and know than not. The only point I made up top was that you have to be 100% aware that you're playing with fire before you get burned. That doesn't mean fire isn't useful or that it's scary, but it does mean you have to be careful.
Click to expand...
Click to collapse
The whole point of my second post was that there are alternatives - to roms, to mods, to apps, to hardware limitations. The availability of these alternatives is amongst the prime reasons we love android, you and I.
The Op is not asking us about Softbricks/bootlooping devices, or black screens. He is asking only about apps. As I said before, I haven't yet seen a comment from someone who wants to unroot his device just because a particular app does not work. It might be possible that with your experience you might have seen one or two, but as you mention yourselves, people sometimes tend to be stupid.
It's unfortunate that I sounded touchy to you. My only answer to the Op still remains that it would be highly unlikely for him to have trouble with apps, even though there could be apps which do not work on modded phones (as I did mention in my very first comment). Somehow your answer seemed pretty similar to mine ('just about everything would be fine'), so I just wondered why you had to mention to me problems with apps like the google wallet which are easily fixed.
By now, I am sure both of us understand what the other is talking about. Also, the op has enough info to take a decision on his own. My only qualm is that the inclusion of some seemingly complex terminology might turn him off rooting his device
Sent from my GT-N7100 or the Nexus 10, heaven knows.
Those who help noobs go to heaven. True story.
Wow... I just love you guys so much... So much detailed analysis here..
I've rooted all my devices in the past and generally not had any issues if I use a mature solid tool and ROM, I've only had issues with more 'pioneering' ROM's and tools, but for good reason. So I try to stick to the stable well tested mature varieties like Cyanogen and well supported tools, generally where the developer gets some payment (as reward encourages good development).
I'm more concerned with anything like content apps so Google Books / Magazines / Movies / Zinio etc or any other apps that may kick a stink about running on a rooted device?
Spotify seems fine on a rooted device so far though (Nexus 4).
It may not be an issue for some, but I am one of the (possibly rare?) people who PAY for content - specifically reading material. And I have an extensive library so I don't want to lose that.
I'm not so concerned on the technical front as the Nexus should be fairly well community supported and understood mainstream devices and likely to have stable development and mature community support.
I have the mskip tool ready to go so I'm fine with that.
It's not a debate about rooting vs not. I always root because simple things like having a quick tile for WLAN AP can make a HUGE difference through the day as opposed to this retarded idea that people ENJOY diving deep through menu layers for simple on / off functions - it drives me completely and utterly insane over the course of a day. So I like to set up and streamline my device how I need it, and even have accurate time with root tools like ClockSync, or better security support to lock out spyware crap like FaceSpy and so on (if root helps) and also, being able to properly back up my phone.
Or employer mandated junk like Afaria that some companies mandate for BYOD-to-work devices, not that I have any idea what it's for as opposed to a trusted workable solution like Google Apps (I guess everyone has to make their own thing to put their own buggy bloated stamp on everything). Will that mandated junk still work?
The biggest problem I have still is this MTP *CRAP* which which I believe you can't work around? That's another story and Google should be shot for this.
But root vs not has little to do with that. I guess we're stuck with this MTP crap no matter what we do (thanks Google, you tools).
Thanks for the advice here though.
DroidBois said:
Wow... I just love you guys so much... So much detailed analysis here..
I've rooted all my devices in the past and generally not had any issues if I use a mature solid tool and ROM, I've only had issues with more 'pioneering' ROM's and tools, but for good reason. So I try to stick to the stable well tested mature varieties like Cyanogen and well supported tools, generally where the developer gets some payment (as reward encourages good development).
I'm more concerned with anything like content apps so Google Books / Magazines / Movies / Zinio etc or any other apps that may kick a stink about running on a rooted device?
Spotify seems fine on a rooted device so far though (Nexus 4).
It may not be an issue for some, but I am one of the (possibly rare?) people who PAY for content - specifically reading material. And I have an extensive library so I don't want to lose that.
I'm not so concerned on the technical front as the Nexus should be fairly well community supported and understood mainstream devices and likely to have stable development and mature community support.
I have the mskip tool ready to go so I'm fine with that.
It's not a debate about rooting vs not. I always root because simple things like having a quick tile for WLAN AP can make a HUGE difference through the day as opposed to this retarded idea that people ENJOY diving deep through menu layers for simple on / off functions - it drives me completely and utterly insane over the course of a day. So I like to set up and streamline my device how I need it, and even have accurate time with root tools like ClockSync, or better security support to lock out spyware crap like FaceSpy and so on (if root helps) and also, being able to properly back up my phone.
Or employer mandated junk like Afaria that some companies mandate for BYOD-to-work devices, not that I have any idea what it's for as opposed to a trusted workable solution like Google Apps (I guess everyone has to make their own thing to put their own buggy bloated stamp on everything). Will that mandated junk still work?
The biggest problem I have still is this MTP *CRAP* which which I believe you can't work around? That's another story and Google should be shot for this.
But root vs not has little to do with that. I guess we're stuck with this MTP crap no matter what we do (thanks Google, you tools).
Thanks for the advice here though.
Click to expand...
Click to collapse
I've not had any problems with Google Play services and root, although most of my books are sideloaded after ripping DRM off of Amazon purchases (I don't really believe in the idea of a "perpetual lease"). As someone who has spent time working on that "employer junk" for corporate use, it may annoy the living **** out of you as a rooted user, but from a corporate standpoint it's actually pretty damn important.
Now, as far as MTP goes, don't quote me on this, but I remember seeing a setting in DriveDroid a while back (it's an app that lets you mount an ISO on your computer by connecting your device) that would let you change your USB connection mode to something other than MTP/PTP. I dont' remember the acronym, unfortunately, but it was a lot more in line with the way a "standard" USB device would connect (with the attendant issues of not using FUSE).

[Guide (Making One)] Please help do a thorough guide to optimising an Android.

Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).

Categories

Resources