http://www.artfulbits.com/Android/antipiracy.aspx
If your a Dev please support them, if you need assistance msg me i can send u code that will allow your app to automatically send a message to this company with a users information that has stolen your app or tried to steal it.
pentace said:
http://www.artfulbits.com/Android/antipiracy.aspx
If your a Dev please support them, if you need assistance msg me i can send u code that will allow your app to automatically send a message to this company with a users information that has stolen your app or tried to steal it.
Click to expand...
Click to collapse
I'm all for cracking down hard on piracy, but there are three big flaws with this solution:
1) How would Artfulbits verify that an app reporting a device is a "dark" device is making that report in good faith? If a bunch of pirates wanted to render this service pointless, they could just create apps that flood the service with false positives.
2) It is possible (although difficult) to link IMEI to a user/owner. This makes a publicly accessible database of "dark" IMEIs somewhat shady in terms of being a breach of privacy.
3) Finally, if this service is to be useful, apps have to have some way of acting on the information in the database. That is just going to lead to folks "cracking" apks to remove the IMEI-checking routines, or simply using leakproof firewalls to prevent the app from accessin the IMEI database.
Thoughts?
There is not going to be a way to completely stop piracy. Google just needs to step up the way the market works to prevent some of the piracy.
I understand devs deserve money for their hard work (and the log of my google checkout shows I support them) but I personally dont want any app reporting any information about myself or my phone. If there is a list of which apps do I will find an alternative for better or worse and not use the app. Not to knock on those who support this method, I just personally dont like it.
rondey- said:
There is not going to be a way to completely stop piracy. Google just needs to step up the way the market works to prevent some of the piracy.
I understand devs deserve money for their hard work (and the log of my google checkout shows I support them) but I personally dont want any app reporting any information about myself or my phone. If there is a list of which apps do I will find an alternative for better or worse and not use the app. Not to knock on those who support this method, I just personally dont like it.
Click to expand...
Click to collapse
Well considering my app has been pirated 3x as much as it has been downloaded legally i would be willing to let go of the few that are not comfortable with their imei being registered on a website which only happens if u are stealing an app, most apps out there gather more information from you than that without you even knowing.
I don't get why people would install this program. If it detects pirated software on your phone then who the hell are you letting you use your phone? Lets say you know you have pirated software well then of course you wont install this program. If you know your running a clean rom and have no reason to suspect pirated software your giving up a lot of information for a false sense of security. So unless this is forcibly installed on everyone's phone I don't see what's the point.
psychoace said:
I don't get why people would install this program. If it detects pirated software on your phone then who the hell are you letting you use your phone? Lets say you know you have pirated software well then of course you wont install this program. If you know your running a clean rom and have no reason to suspect pirated software your giving up a lot of information for a false sense of security. So unless this is forcibly installed on everyone's phone I don't see what's the point.
Click to expand...
Click to collapse
It's not a program you install. It is a database. App developers write routines into their programs which access the database. If an application suspects that it was illegally pirated, then it will send the user's IMEI to the database.
This is stupid idea. Go to the source of piracy if you want to fight it.
Give people access to paid apps on market and they won't download illegal copies form rapidshare...
su27 said:
Give people access to paid apps on market and they won't download illegal copies form rapidshare...
Click to expand...
Click to collapse
Riiiight... because if you give pirates the option to pay they'll definitely all pay right?
This database thing bothers me.
Not because I might be stealing programs..
but because I might find one and not know its "dark"
Suddenly I'm on some blacklist because I thought an app was cool?
I just did a search on one of the torrent sites, and found a file to DL.
It has 231 apk files and 2 .bak files. (I'm assuming the bak files are for a cracked version of the paid apk) but many of these files are a)old versions or b) free already.
Normally I would say SCORE! I don't have to DL to the g1, then back up, uninstall, transfer to the pc, and store.
Last time I tried a file like that, more than half were for cupcake, and would not work on my donut. Recycle bin.
With this Database I would get tagged as a cheater the first time I tried to install any of those files that were marked. But I have no idea they are "dark" before hand.
While I thank the Dev's for the work they do.
{Seriously, Thank you Developers!}
I'm a student, and I'm poor, which means I'm cheap.
I have several free apks stored away. Hell, I still used youtube downloader 1.2...until it quit working last week. Why, because I don't want to spend money just to have a cool phone.
If you really want to make it hard on the thieves... someone make a program that cripples another program, until the user requests the full version. Then it reads the Imei number from the phone and sends an upgrade request to a server. The server requests payment. Server verifies payment. The server issues a hashed password based on the Imei, which is then sent back to the phone as a password. Customer never sees the password.
This is what Doc to go appears to do. I could be wrong.
Now make it so that program can be imbedded in any other program.
Now thieves need a whole crap load of hacking to find enough hashed passwords to find the hash.
If the hash is added to at random intervals, or a different hash is used based on the Imei number, they might never find the hash.
Besides that, how the heck does a program know if it has been stolen?
How can it tell between a stolen program and a wiped phone that is getting reinstalled with backed up apk's?
jashsu said:
I'm all for cracking down hard on piracy, but there are three big flaws with this solution:
1) How would Artfulbits verify that an app reporting a device is a "dark" device is making that report in good faith? If a bunch of pirates wanted to render this service pointless, they could just create apps that flood the service with false positives.
Click to expand...
Click to collapse
Exists several strategies, for example the most popular is "honey pot" strategy. When vendor especially making leak of software or prepare specially application to track piracy.
jashsu said:
2) It is possible (although difficult) to link IMEI to a user/owner. This makes a publicly accessible database of "dark" IMEIs somewhat shady in terms of being a breach of privacy.
Click to expand...
Click to collapse
For example in our country sufficient IMEI of the phone to find it owner and it location, of course if you have police under your shelders. That is why I am thinking that IMEI is a good identifier.
jashsu said:
3) Finally, if this service is to be useful, apps have to have some way of acting on the information in the database. That is just going to lead to folks "cracking" apks to remove the IMEI-checking routines, or simply using leakproof firewalls to prevent the app from accessin the IMEI database.
Thoughts?
Click to expand...
Click to collapse
Solution is not perfect, but can be easily enhanced. HTTPS protocol with certificate checks will make firewalls and redirections useless.
What functionality exactly you have in mind?
[email protected] said:
While I thank the Dev's for the work they do.
{Seriously, Thank you Developers!}
I'm a student, and I'm poor, which means I'm cheap.
I have several free apks stored away. Hell, I still used youtube downloader 1.2...until it quit working last week. Why, because I don't want to spend money just to have a cool phone.
Click to expand...
Click to collapse
Leave according to your money. what can I say... spend less, work more.
[email protected] said:
Besides that, how the heck does a program know if it has been stolen?
How can it tell between a stolen program and a wiped phone that is getting reinstalled with backed up apk's?
Click to expand...
Click to collapse
Several simple steps:
- install software only from well known web sites, Android Market, Handagoo, SlideMe, etc.
- try to use trials and if it does not exists but you want to try, contact with developers. In most cases developer will provide you version for testing.
- if your phone is placed into black list, then you can contact "blacklist" vendor for explanation and fixing.
jashsu said:
Riiiight... because if you give pirates the option to pay they'll definitely all pay right?
Click to expand...
Click to collapse
You see - that's your problem - you want to fight the enemy instead of prevent war.
In my country there are many people who would pay for android programs because they are quite cheap. But we have no access to paid market. That is why we download apps illegaly.
Now, what do you think will faster stop us from stealing apps:
A. Calling us pirates and thieves
B. Giving us access to paid apps
su27 said:
Now, what do you think will faster stop us from stealing apps:
A. Calling us pirates and thieves
B. Giving us access to paid apps
Click to expand...
Click to collapse
You are making the incredibly flawed assumption that piracy only happens because people have no access to the paid market. Are some people put in this situation? Yes, probably. But the majority of pirates likely DO have access to the paid market and simply don't want to pay.
I am a bit confused, what does this ban people from? The market in it's entirety?
If that is the case, I would think you'd see an outburst of pirating once people couldn't access the market anymore. And that would also prevent people who may not feel like dishing out $100 for a navigation solution from purchasing numerous $1-10 programs that they would actually use on a daily basis. I think this methodology is flawed.
Piracy will never be completely stopped. However, making it harder for people to pirate your software is the best prevention. Instead of saying "Oh, you might have installed a pirated copy of XXX on your device, so now you can't purchase any more programs legitimately, so keep on stealing!". Due diligence falls on the hands of the software creators. If piracy is something you want to prevent (or at least inhibit) for your software, create an IMEI checking device key required to be granted after receipt (and clearance) of payment. Similar to CoPilot, granted it still gets cracked - it is much harder and much less widespread, and a simple update renders it useless to those who used the cracked version (check all over these forums for people complaining about it).
Also, implement trials that don't require the user to pay for them, giving them only 24 hours to try something out before they decide they need their money back. Even Microsoft lets users go 30 days without activation (last I checked) to try out Windows. They do not (to the best of my knowledge) make great attempts to prevent their software from being copied, but instead make it harder on those who do pirate it. Blocking system updates (of course everything has a workaround or crack, but making it harder on someone is oftentimes a great deterrent), preventing new feature installation, etc.
I am not condoning piracy, nor am I condemning software publishers. Just trying to make a point, which is this:
If you take someone who has stolen a program (for whatever reason/justification they may think of) and punish them by revoking their access to purchase said program (or any other program), you have thus reinforced their reason/justification to not purchase any programs.
Now, i may be wrong here, but looking at their source code to integrate into applications, there seem to be 2 things: 1) the device has to have a data connection, otherwise the code doesnt know whether the device is blacklisted or not, at which point it defaults to assuming it isnt, which overall is a good thing for users who have paid but for whatever reason dont have network at that time, however it is easy enough to stop an application from accessing the network, or even a specific site (ie the site for your imei number on their page).
secondly, is this meant to run on the first run of an app, or every run? if it is every run then i can see people getting annoyed by the unnecessary data usage, whereas if it is only on the first run then someone still has access to all their pirated apps from before they were on the database.
please note the only coding i have done is some fairly simple C, so i could be wrong, but anyone can check this if they want: http://www.artfulbits.com/Articles/Samples/Piracy/Integration.aspx
I think that by now most people know that I don't honeycoat things, so I'll just say it... this idea is RETARDED.
1) The application needs to use the API to get the IMEI. If you start using the IMEI to blacklist phones, a minor modification to the API causes the application to always read a string of 0's. Defeated.
2) The application needs PERMISSION to read the IMEI (android.permission.READ_PHONE_STATE). If you start requiring programs to have this permission, people will simply DENY it this permission (yes, it IS possible to block a permission)... this is ESPECIALLY the case when the application has *no good reason* to read the phone state.
3) As has been mentioned before in this thread, HOW DO YOU KNOW that an application you are downloading is pirated? Many applications are FREE to download, and virtually NONE of the pirated apps are labeled as "THIS IS PIRATED".
4) Connection to the internet can be EASILY blocked. Lots of ways... firewall, hosts, permissions, etc. Again, defeated.
Oh, and to those saying crap like access to paid market won't stop piracy, NOBODY SAID IT WOULD!!! It *WILL* reduce it though, since there ARE people out there who WOULD buy apps *IF THEY COULD*.
daveid said:
I am a bit confused, what does this ban people from? The market in it's entirety?
Click to expand...
Click to collapse
Read the description again more carefully. This does not impact a user's ability to access the Market, as it is not a Google product. In case your comprehension is lacking, i'll explain it very simply:
1. A developer decides to use the Artfulbits Anti Piracy Database (shortened AAPD) with its app.
2. A user downloads this AAPD-enabled app from the market.
3. When said app is run, it sends the IMEI of the device to the Artfulbits server. The server returns a color code corresponding to the number of times that IMEI has been reported by other AAPD-enabled apps for piracy. The app can then do whatever it wants with that information. This can be anything from deleting itself to crippling its own functionality.
4. App can also detect if has been pirated (by checking to see if the app has an entry in the user's personal Market account or some other method). If the app detects it is pirated, it will send a report to AAPD.
Another point Artfulbits failed to consider is that not all Android devices will have IMEIs to report.
Is piracy really that much of a problem? I mean most apps cost <3€ and I don't think I am the only one who values his time higher than saving 3€. I rather pay once and get updates via Market than check warez-sites for updates, and I think that most think that way?
There are just two apps that I ever considered to pirate. One was a dictionary for 20$ but I ended up buying it. The other is CoPilot which I would never buy since I don't own a car, but since it is not cracked anyway, I was not forced to really think about it.
I don't see anything good coming from that database. I.e. if my phone would be entered by mistake, you can imagine what problems that would cause for devs whose apps I bought, which I assume would suddenly stop working then.
You really need to think about whether the negative side-effects of such measures like this database are worth the (presumably very small) benefit.
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
EDIT: All of the recent Nokia phones I've had has a setting to not allow a different sim to be used
fldude99 said:
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
Click to expand...
Click to collapse
Very interesting. I too would like to know the answer. This is one of the many reasons why I NEVER use:
A) Mobile Banking
B) Purchases of any kind that includes Plastic
C) Setup any accounts that wire account info
Call me paranoid, but hey, it will save you a ton of headache on that unfortunate "if" day. Please keep us posted.
So does anybody have an answer...or at least some kind of marketplace app that is used for security?
So is nobody interested in security? Or is there just no simple solution..one thing that I miss on my Nokia N97 is the remote lock..send a text of a secret word, and poof the device is locked...done
I think people are interested to some degree but no widely known easy method. And just an fyi, rooting your phone and gaining superuser privileges - as many of us have done - creates a big security hole for trogin malware attack, so if you have rooted your phone take care and know what your installing and try to pay attention to anything using super user privileges.
I am aware that Android being Linux based doesn't suffer from all the malware of other devices but with so much personal information being kept in our smart devices it is only a matter of time before less than savory individuals attempt ways to separate us from ourselves so..
I am interested in your experiences with FREE antivirus products. Personal opinions.. ones you have tried.. how secure you think they are. I am only interested in the anti-virus portion of these apps. Not really interested in the backup portions. Perhaps if they offer free secure remote data wipe that would be of interest in the future.
I currently use Lookout Mobile Security but not totally secure with it due to such a limited amount of threats. It is why I am asking for personal opinions and personal preferences so more of us can make better choices to protect our favorite toy.
Of interest would be NetQin due to their experience and experience with other phones.. mostly Symbian.
AVG's version due to their experiences with anti-virus but I have heard of issues where their desktop version failed to identify virus or malware.
And also BluePoint Antivirus and their entry into protecting Android OS. BluePoint seems to be a solid antivirus provider but the reviews for the android device have been less than favorable.
There is also Dr.Web and MyMobile Protection of which I have no clue
Antivirus Free by creative apps appears to have built and designed by an individual an not a company so I am not sure of the trustworthiness of this app although alot have downloaded it.
I would expect them all to scan as apps are downloaded and installed. Most seem to be cloud based scanners.
Your opinion is appreciated..
Thanks
Amazing - 254 views
254 views and no opinions or preferences.. surely someone is using antivirus software on their gtablets?
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
wasserkapf said:
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
Click to expand...
Click to collapse
One of the things I like most about it the android platform is the permissions it presents when installing apps. There has been malware reported that exploits sms sending your bill threw the roof and lining the pockets of some foreign company. There is also reports of a Trojan that is designed for Android. It collects personal info on the phone and sends to remote servers. I completely understand that the threat is very limited but with the opportunity to collect personal data I believe it is only a matter of time before the threats increase. I am only trying to stay ahead of the curve. While most threats at the moment require a user to allow they will get more sophisticated with time. Thanks for your reply!
i second your worry but i think mainly we must watch on apps. maybe a sandboxing app would be nice?
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Thanks for the input.. what I was curious about.. which ones are actually looking for malware and which ones are just scanning permissions. Off to search for droidwall.. thanks!
lordgodgeneral said:
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Click to expand...
Click to collapse
Unable to use Droidwall with TnT ver4.2 due to an error I receive "can't initialize iptables table 'filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
This error message unfortunately means that your kernel does not support iptables/netfilter, so DroidWall will not work.
There is nothing I can do on DroidWall to make it work, and the only possible solution is to flash a customized ROM with netfilter support."
Kind of a disappointment - was looking forward to it
1.9 Are there things I can’t do on the Services? You must not use the Services to harm others or the Services. For example, you must not:
•Use unauthorized software or hardware to access the Services or modify an Authorized Device in any unauthorized way (e.g., through unauthorized repairs, unauthorized upgrades, or unauthorized downloads). You agree that we have the right to send data, applications or other content to any software or hardware that you are using to access the Services for the purpose of detecting an unauthorized modification and/or disabling the modified device; or
•Attempt to disassemble, decompile, create derivative works of, reverse engineer, modify, further sublicense, distribute, or use for other purposes the Services, any game, application, or other content available or accessible through the Services, or any hardware associated with the Services or with an Authorized Device. If you do, we may cancel your account and your ability to access the Services, and pursue other legal remedies. We may take any legal action we deem appropriate against users who violate our systems or network security, this Agreement or any additional terms incorporated or referenced in it. Such users may also incur criminal or civil liability.
Click to expand...
Click to collapse
Source : Xbox Live Terms of Usage
I'm getting a popup that I should accept the new end users agreement when trying to install a new app or check my Xbox Achievements, I have however a few questions about this paragraph above (I have honestly never seen this before) :
- Is it safe to accept if I have interop-unlocked my Samsung Ativ S, installed the BootStrapper.xap and EnableAllSideLoading.xap, WP8Tools and WP Tweaks from -W_O_L_F- and GoodDayToDie and jessenic.
- I'd used proxies provided by reker and others on XDA-Developers to access some manufacturing exclusive apps (like Nokia apps)
- Should I be worried if I accept that they can block and/or delete my Xbox account, I have saved a fair amount of temporally free store apps and I don't want to lose them.
If so, should I be better off to switch back to Android because they "allow" (turning a blind eye to) rooting your phone or tablet?
Please help me guys, I'm starting to freak out (I haven't accepted the new version of the EULA yet).
Terms like that have traditionally been part of the XBL EULA, but in the past they've always related to cheating or piracy on the console itself. People certainly have gotten their accounts banned for that, which is part of why I have nothing to do with such things. As for whether it's "safe" to accept... eh. If they want to, they can easily argue that you broke the EULA (and forfeited your account) when you interop-unlocked your phone, but they haven't - so far as I know - ever tried to attack individuals or their devices. I'm pretty sure they wouldn't do anything so foolish, either. Both Google and Apple have disabled peoples' accounts in the past for EULA/TOS violations - Apple for iOS hacks, Google for incredibly stupid <REDACTED> like breaking the Real Name Policy on G+ - and so for that matter has Microsoft, for something almost as idiotic (if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that). Every single one I've heard of resulted in a flood of bad PR, and not in the "all PR is good PR" sort of way... more like calls for lawsuits, and accusing anybody who uses that platform of being an idiot.
If there's one thing Microsoft cannot afford to do with regard to Windows Phone right now, it's give people another reason *not* to buy it. We are probably safe.
Yes, but WP8 is gaining popularity so maybe they won't do it now but in the future they probably will. Was this clause also present at the time of the interop-unlocking of WP7? If so, you are probably right. But as a precaution is it possible to lock out Microsoft from checking if modifications are made to the system (like you did with the relock solution redirect the data to a different proxy)?
GoodDayToDie said:
if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that
Click to expand...
Click to collapse
Are you sure of that? It means they watch the photos we take? I don't think so... maybe they used it as an image hosting and shared the link everywhere in the internet...
It's supposedly automated scanning that recognizes anything that looks like it needs to be flagged for human review...
http://wmpoweruser.com/microsoft-monitoring-censoring-skydrive-uploads/
http://wmpoweruser.com/watch-what-you-store-on-skydriveyou-may-lose-your-microsoft-life/
http://www.neowin.net/news/microsofts-ban-of-nudity-on-skydrive-questioned
etc...
Hi,
after much fruitless time wasted pouring over the various methods on this forum only to find out that most of it relies on old, out of date exploits which are no longer valid, I finally gave up and tried Kingroot on my 7" Kindle Fire HD , running 7.5.1 firmware.
It worked very well. Initial attempt did not establish root but rerunning from the KingRoot menu succeeded. Cool.
However, I have no idea who I have let into my device, what they did and what level of control they still have.
The KingRoot web site is very coy about who they are and what they do. This is not really the way I want to go. It's only trash device for me which I'm messing with to find my way around. But my ultimate aim is regain control of my hardware not to forfeit control.
Does anyone know more about who this outfit is and how this all works?
Thanks.
whois:
Registrant Name:Shi Ji Kun Peng
Registrant Organization: Dalian Shiji Kunpeng Technology Compay Limited
Well I guess that is why they are rather coy about who they are, if they put it on the front page no one would download their trojan/spybot software. No uninstall option and if I remove the apk, it breaks su command !
Is my kindle now part of a chinese net bot ?!
The counter argument is that as guys on XDA are open and explain the exploits they also get known to the h/w manufacturers who slam the door closed in a future update and all the hard work is lost . Witness the tons of threads here which are now pretty irrelevant and waste everyone's time.
I have found that I can root using KR, use that state to install something Bin4ary's su build and then factory reset to remove the app.
Doing a factory reset clears the KingRoot application but leaves their su which is a link to ku.sud. So presumably if they install some kind of trojan that does not get removed either.
It does reboot with /system mounted ro, whereas with KR installed it seemed to be mounted rw, which is a pretty crazy state to have a device in.
Found this which seems to be KR's own PR. No mention of security or even a promise that they are not doing anything underhand. Lot's of "questions people ask" , except the ones about turning my device into part of a chinese netbot.
https://meribilli.com/
That silence is about a clear a statement as your are likely to get, I suppose.