I did copy this from the Epic 4G forums...EVERYONE SHOULD READ!!! And DEVS maybe implement the fix in future ROMS. NOTHING IS ATTACHED TO THIS POST!! SEE OP FOR ALL INFO!! ---->http://forum.xda-developers.com/showthread.php?t=977154
Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
How do I fix? Flash attached .zip at the bottom of this post or use one of the alternate methods down there
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)
Why should I care? read below...
http://www.androidpolice.com/2011/03...open-backdoor/
Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.
Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the "rageagainstthecage" root exploit – binary contains string "CVE-2010-EASY Android local root exploit (C) 2010 by 743C". Don’t know what the apps actually do, but can’t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes to http://184.105.245.17:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device via rageagainstthecage or exploid. But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.
The offending apps from publisher Myournet:
* Falling Down
* Super Guitar Solo
* Super History Eraser
* Photo Editor
* Super Ringtone Maker
* Super Sex Positions
* Hot Sexy Videos
* Chess
* 下坠滚球_Falldown
* Hilton Sex Sound
* Screaming Sexy Japanese Girls
* Falling Ball Dodge
* Scientific Calculator
* Dice Roller
* 躲避弹球
* Advanced Currency Converter
* App Uninstaller
* 几何战机_PewPew
* Funny Paint
* Spider Man
* 蜘蛛侠
http://www.androidpolice.com/2011/03...-more-details/
Now, on to some more details of the virus. We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine. In other words, if you’re looking to play the blame game (which I’m not, but having read all the comments on the original post, many people are), then there’s plenty to go around. The hole was fixed by Google, but it’s relatively useless since many phones aren’t yet running a version of Android that is protected. It’s noteworthy that some manufacturers released updates that patched the exploit for devices without updating to Gingerbread; unfortunately, it appears that minority is quite a small one.
Perhaps most important is the question of what infected users can do about their situation; unfortunately, the answer is not much of anything. Because the virus opens up a backdoor and can bring in new code at any time, the only way to really rid an infected device of any damage is to completely wipe the device – not exactly the optimal solution, but it looks like the only one available, at least for now.
Finally, Justin notes that ROM developers working with pre-Gingerbread versions of Android can prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile.
As you can see androidpolice.com reports on this backdoor and roots and steals personal information. The apps are removed from the market but that doesn't mean they got them all. Attached is a flashable fix as suggested by androidpolice.com
So users can flash this .zip or simply create a blank file called profile and place it in /system/bin/ (developers are encouraged to include this file in future releases. A blank file is not going to affect performance at all)
Alternate methods:
Using 'adb shell' or terminal emulator (should work on any phone) as suggest by xaueious here
Code:
$ su
su
# remount rw
Remounting /system (/dev/stl9) in read/write mode
# touch /system/bin/profile
# chmod 644 /system/bin/profile
#
Alternate 2:
Download blank profile file from here (or create one and name it profile)
Use a program like Root Explorer to copy it to /system/bin/
Then longpress on it and check the permissions should be read/write for user, read for group, and read for others.
Alternate 3:
cyansmoker has put together an apk for the patch here https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
Thanks for pointing this out photoframd and androidpolice.com for investigating and reporting!
UPDATE: I renamed the .zip file and reuploaded it (350 hits wow). Also in the edify scripted version I added 644 permissions to the file (but if you already flashed it then it should have defaulted to that). I also added a pre-edify version of the patch thanks to xaueious for people using a recovery that does not yet understand edify.
Jeeze 200+ views and no thanks?
I don't think people know what to say. Thanks
[Q] What is edify?
http://forum.xda-developers.com/showthread.php?t=977886
This topic (malware patch) should be sticky... (Or at the least a link to the original thread)
Thanks for the info. Although the Screaming Sexy Japanese Girls app did look intriguing I stayed away from it. LOL. But, for real, I did use the link to inform a few people (like my wife) because there are a few apps that look like they could have looked more legitimate.
is this a must even if you know the apps that are infected?
Sent from my SGH-T959 using XDA App
...prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile
How would that do anything? If it wasn't there before the virus...how...does that tell the virus to stop?
....Could that be the key to unlock the virus itself?
So pretty much I stay away from dl'ing japanese smut apps and I should be okay, lol. Honestly if you're that much of a perv where you need porn on your phone, you deserve to be attacked with something. Maybe those people should consider getting a girlfriend and/or therapy cause they just contracted app HIV!
Good info to know nonetheless though...
Sent from my Vibrant w/ Bionix V 1.3.1, Overstock, and Launcher Pro Plus
Thanks for posting this!!!
One question- is it correct to assume that the presence of /system/bin/profile is an indicator that the device is already infected? Or is that simply a block to prevent the exploit from working in the future?
[email protected] * Super sex positions.
anyways thanks for the heads up lightning
daenigma said:
[Q] What is edify?
http://forum.xda-developers.com/showthread.php?t=977886
This topic (malware patch) should be sticky... (Or at the least a link to the original thread)
Click to expand...
Click to collapse
Edify means to make aware of or to enlighten one of new information or meaning.
To the OP Thanks.........
lightninbug said:
...which seems to be located in Fremont, CA.
Click to expand...
Click to collapse
Really? That's next door to me. I wonder which business...
OH NO, I think I may have downloaded the photo editor app, im not sure though, but when I opened the app it never loaded. I really hope this wasnt the app that im talking about.
Sent from my SGH-T959V using XDA App
You have got to be kidding me.... a week or two ago I reported that developer to Google numerous times for publishing stolen apps (e.g. pew pew) and inappropriate content. And now look, it turns out they were trojans. Google has to do something about these ****ers spamming the market with pirated and otherwise useless/distasteful/malicious content. I'm getting so sick of seeing the "latest apps" category littered by scum. It's unfair to legitimate indie developers who need all they exposure they can get.
Sent from my SGH-T959 using XDA App
It is just as easy to not install untrusted apps. People who just download random apps and install them deserve this. Perhaps this little incident will be a wake up call to everyone to make sure they only install trusted software. I say this security flaw is a feature for weeding out the idiots.
http://m.ft.com/cms/s/2/bf3d6002-452e-11e0-80e7-00144feab49a.html
Sent from my SGH-T959 using XDA App
only app I would have downloaded from that list is "chess" and I didn't. looks like I'm CLEAR. WHOOPDEEDOO for being careful about what to install.
Thanks for the info!
Broken hearts and broken noses since 1973!
jnutz said:
It is just as easy to not install untrusted apps. People who just download random apps and install them deserve this. Perhaps this little incident will be a wake up call to everyone to make sure they only install trusted software. I say this security flaw is a feature for weeding out the idiots.
Click to expand...
Click to collapse
How would an average user know whether these apps are "trusted" (your terminology) if they were on the market? By being on the market, there is an implicit understanding that they are "trusted". Maybe you are the idiot? Do you not understand the issue here?
Sent from my SGH-T959 using XDA App
Related
Here is a link to handango site, they have some stuff available for g1. Remember you have to allow access to download these to your g1. To allow go to menu/settings/applications and check box to allow apps not in the market to be downloaded.
http://www.handango.com/SoftwareCat...73&siteId=1&choice=SaveInCookies&N=4294901656
Try these
http://slideme.org/mobile_apps_latest
http://www.mobihand.com/platformMain.asp?platform=13
I Posted mobihand.com on androidcommunity.com but i just found this slideme.org one. on mobihand.com you have to pay for some but theres free ones too like NetScramble v1.2. I'll put that in attachments
i had to put it in zip cuz they don't allow .apk files to be uploaded
you can also take a look of Android Freeware
Great link, baksanir! Thanks!
Again, beware of sites that:
* contain software older than 23 October
Software not updated for Android 1.0 could harm your phone
* do not say who submitted the software or link back to them
I'd want software submitted by the developer, with a link to check version information.
* do not test the software they peddle, especially if money is involved
If a site can't guarantee that software will run on my phone and not harm it, I don't want it.
No 3rd party site has a kill switch
Like people have been saying since before this platform was released, with the open nature of the development structure, the door is wide open. Make sure you're standing in it with a gun.
Just re-injecting some caveat-emptor common sense.
Check and bookmark the FIRST directory of Android Freeware!
beartard, what a nice bunch of tips! Here are my comments:
beartard said:
Again, beware of sites that:
* contain software older than 23 October
Software not updated for Android 1.0 could harm your phone
Click to expand...
Click to collapse
Right! Those, which were compiled with old SDKs are not compatible in most of the cases with the one and only device We are going to recompile where possible our whole collection and believe me it's a pain in the butt
beartard said:
* do not say who submitted the software or link back to them
I'd want software submitted by the developer, with a link to check version information.
Click to expand...
Click to collapse
Not entirely agree with that. Developers are mega lazy to submit their software other than their homepages. I would recommend to check the Privacy Policy and Terms of Service at first. A reputable site should always have it.
beartard said:
* do not test the software they peddle, especially if money is involved
If a site can't guarantee that software will run on my phone and not harm it, I don't want it.
No 3rd party site has a kill switch
Click to expand...
Click to collapse
Normally you pay money if the app saves you much more money by making you much more productive. To be honest, as for now there are not much apps of that kind for Android. So better tryout some free stuff.
beartard said:
Like people have been saying since before this platform was released, with the open nature of the development structure, the door is wide open. Make sure you're standing in it with a gun.
Just re-injecting some caveat-emptor common sense.
Click to expand...
Click to collapse
Yeah, take better a bazooka All curious users will need to try and fail before they find their "golden set of apps" and then stick to them. It's nice to have forums like that where they can exchange experiences and recommend stuff to each other.
sfdteam said:
Check and bookmark the FIRST directory of Android Freeware!
Click to expand...
Click to collapse
Be careful with this site, it contains some older apps. One of them messed up my phone and I had to do a factory reset. Every time I was at the home screen one of the Android processes kept crashing. Pretty easy to fix but reinstalling all of my apps was a bit of a pain.
nick_karstedt said:
Be careful with this site, it contains some older apps. One of them messed up my phone and I had to do a factory reset. Every time I was at the home screen one of the Android processes kept crashing. Pretty easy to fix but reinstalling all of my apps was a bit of a pain.
Click to expand...
Click to collapse
Hey Nick, what was this application exactly, which crashed so badly your phone?
sfdteam said:
beartard, what a nice bunch of tips! Here are my comments:
Click to expand...
Click to collapse
Thanks for the comments. Please don't think I was trashing your site (or any other one in particular). I'm just a "consumer advocate" when it comes to things like this.
I think it was one of the file managers, but I'm not sure. I installed quite a few apps and it started acting up a bit later.
nick_karstedt said:
I think it was one of the file managers, but I'm not sure. I installed quite a few apps and it started acting up a bit later.
Click to expand...
Click to collapse
Nick, are you sure about that? There are 4 file managers on the site:
Manage 1.2
Android File Browser 2.0
Android File Browser 1.0.0
File System Explorer
None of them should you be able to install on your G1, because:
All four apps were compiled with old compilers, contained in old SDK releases of Android OS. Old .apk packages are mostly not compatible with T-Mobile G1's Dalvik, which uses new APIs supplies with the latest SDK version 1.0.
All four apps were NOT DIGITALLY SIGNED. G1's security policy doesn't permit unsigned apps to be installed on the device.
So your accusations that apps from our site screwed your phone look very suspicious to me. Especially that in the same thread you hail the link of Mr. Veselin Nedev (aka Veselin Nedeff, baksanir), whose site blatantly copy-pastes content from our site and hotlinks to our .APK files. So, whether you go from their site or ours you come to the same files, which are served by our server. How it can be then that only apps from our site damage your phone?
Anyway, I'll double check those 4 apps to find the true.
Update: after our notification baksanir removed the hotlinks to our site and changed descriptions of the apps.
Reminds me of something... But I cant put my finger on it
Mod Edit: Links removed - http://forum.xda-developers.com/showpost.php?p=4745624&postcount=8
Its skinned to remove all logos, The only thing I could not remove was the text. I made it for myself, keep that in mind. I am just sharing.
*edit* if the original does not work, I doubt this one will but use the same install information 555-555-5555 and you must have the widget on your home screen. Launch it from the widget preferably.
is there anything different about these apks? Are they wifi compatible?
I tried wifi compatibility and it is still in the works but as of now this is only for looks but I am working on wifi as I post this.
555-555-5555?? call that number while the widget is up?
On some of the sprint apps it makes you comfirm that you are a sprint customer, so instead of sending sprint our real phone numbers (caller id=your name) we send them fake ones, like 555-555-5555
this seems like not a smart thing for you to do.
DemoShadow said:
Reminds me of something... But I cant put my finger on it
Mod Edit: Links removed - http://forum.xda-developers.com/show...24&postcount=8
Its skinned to remove all logos, The only thing I could not remove was the text. I made it for myself, keep that in mind. I am just sharing.
*edit* if the original does not work, I doubt this one will but use the same install information 555-555-5555 and you must have the widget on your home screen. Launch it from the widget preferably.
Click to expand...
Click to collapse
so basically you just violated alot of copyright laws....
Unfortunately, some may think, we cannot allow links to modded paying software. The software in question is provided under licence to Sprint users only. Now, we try not to sensor knowledge here, so we not going to delete all references to the fact that this software can be ported to non Sprint devices and used free of charge in breach of terms and conditions, BUT we cannot permit links to the software that would actively encourage members to break the law.
Mike
Links will be removed
It's not the fact that it is Sprint software ported over to the G1. It is the fact that he removed all of Sprint's branding. That's like taking the the Google Maps app (or any Google app) and removing Google's name from it. It's simply just a breach of copyright.
tekkitan said:
It's not the fact that it is Sprint software ported over to the G1. It is the fact that he removed all of Sprint's branding. That's like taking the the Google Maps app (or any Google app) and removing Google's name from it. It's simply just a breach of copyright.
Click to expand...
Click to collapse
Well, that too but the whole subject of the Sprint / Telnav software has been raised and discussed with Mods and Admin so there are issues regarding the use of such software on non Sprint phones.
Mike
Wow. Mike you have got to be one of the fairest, most logical forum mods I have ever had the pleasure to read. I am very impressed with the way in which this was handled.
mike i thought your site got closed because u had all the htc breakdown videos and what of that? but i do understand the point so i say lets make a new site that will let you post or upload. that way we can get the goods and xda dont get the blame if i remeber november 27 windows came down on xda for the same ish so please pleas dont let it happen to android just look for a new method for the shares. but i do like the work and want the app i was to late late for the link !!!!! Thanx mike !!!!!
*edit*( november 2007 )
llxll0m3g4llxll said:
mike i thought your site got closed because u had all the htc breakdown videos and what of that? but i do understand the point so i say lets make a new site that will let you post or upload. that way we can get the goods and xda dont get the blame if i remeber november 27 windows came down on xda for the same ish so please pleas dont let it happen to android just look for a new method for the shares. but i do like the work and want the app i was to late late for the link !!!!! Thanx mike !!!!!
Click to expand...
Click to collapse
I was shut down for a while and had to remove some things, but in the end reached a sort of unofficial compromise on intellectual property rights.
This is a delicate issue, in my case I don't offer folks something they would normally have to pay for through their network or otherwise. (I offer stuff they should not have, even if they have money to pay for it!!).
I guess our bottom line is that knowledge should be freely available, but handing folk the tools, to install stuff that is very close to being Warez, is off-limits. (Robbing banks with an uzi can be profitable = knowledge, but handing out uzis and suggesting you rob a bank, crosses the line)
.... and yes we know cooking ROMs and such is also a grey area, but even there we say that ROMs should not be cooked that include for free any software for which the user would normally have to pay.
If someone set up a site with Sprint software on it - that's entirely up to them. We would probably even accept a link to it if the poster said "hey here's a breakdown of a Sprint ROM" In fact that would probably be OK to post here - at least until someone asked for a "take-down"
The problem only comes when someone says you can load this stuff on non-Sprint phones and get stuff for free and just to help you do that here are the links. In other words that ceases to be a theoretical point of information and becomes an encouragement to do something naughty. If folks want t be naughty then they have to do so, by reading the knowledge and then looking for the tools from whatever source, here or elsewhere without our help.
These kinds of things have been debated many times here at XDA - there are no absolute rights and wrongs, only things we think are more or less safe for us to do - just like life generally I guess
Mike
mikechannon said:
These kinds of things have been debated many times here at XDA - there are no absolute rights and wrongs, only things we think are more or less safe for us to do - just like life generally I guess
Click to expand...
Click to collapse
Well said Mike. When I read it, I had a /foreheadslap moment thinking, "well duh, this should be pretty obvious," but im constantly reminded that there are users on here who simply feel they have a right or deserve to have any given piece of software if it is leaked online.
The bottom line is, do not post software that has not been explicity licensed as open source unless you have obtained permission to redistribute. As a general rule of thumb, if the software cannot be legally obtained unless you pay someone (e.g. it comes preloaded on a phone) or can be obtained free but only if you agree to a license agreement (downloading certain software update packages) then you should not redistribute it on xda or elsewhere.
I am able to install it but when I try to open it, it force closes every time within about 1 second of opening. I believe it occurred around the time I started using a 2.1 ROM. I've tried using fix_permissions but it doesn't help. I'm running SuperBadCM5 v1.6 on a mytouch.
are you restoring a backup, or downloading from the market?
s15274n said:
are you restoring a backup, or downloading from the market?
Click to expand...
Click to collapse
I've done both I believe.
It amazes me that people are so careless about their security that they would use programs like "root explorer". This is a HUGE security vulnerability. YOU DON'T KNOW THE DEVELOPER OR THE CODE, so how do you know that (a) the developer is good, (b) there isn't some nasty bug in there that will give china root access to your phone?
ROOT should be used SPARINGLY, and MANUALLY, i.e. from the TERMINAL ONLY.
lbcoder said:
It amazes me that people are so careless about their security that they would use programs like "root explorer". This is a HUGE security vulnerability. YOU DON'T KNOW THE DEVELOPER OR THE CODE, so how do you know that (a) the developer is good, (b) there isn't some nasty bug in there that will give china root access to your phone?
ROOT should be used SPARINGLY, and MANUALLY, i.e. from the TERMINAL ONLY.
Click to expand...
Click to collapse
I could care less about security. It's a phone. I don't store secret information there. If someone creates a program that steals the phone numbers of my contacts, I don't give a ****. If it breaks my phone, I don't give a ****. What do you possess on your phone that is SO confidential?
staunty said:
I could care less about security. It's a phone. I don't store secret information there. If someone creates a program that steals the phone numbers of my contacts, I don't give a ****. If it breaks my phone, I don't give a ****. What do you possess on your phone that is SO confidential?
Click to expand...
Click to collapse
The ability to CHARGE MONEY to my cell phone account is one.
Trade secrets.
The security of your CONTACTS should be TOP PRIORITY -- not for YOUR sake, but for THEIRS. It is a question of RESPECT.
The ability to trust that your phone's communications are private and confidential. You really want north korea listening in on all your phone conversations? If they get root access to your phone, they CAN.
You ever give a credit card number out over the phone? Or type one into a website?
How about simply RELIABILITY?
Or do you not mind when your phone gets slow, crashes, or seemingly reboots at random?
staunty said:
I could care less about security. It's a phone. I don't store secret information there. If someone creates a program that steals the phone numbers of my contacts, I don't give a ****. If it breaks my phone, I don't give a ****. What do you possess on your phone that is SO confidential?
Click to expand...
Click to collapse
Well, for one, the ability to bill your phone without authorization? Your phone could be compromised, forcing it to dial 1-900 numbers that charge by the second. Don't forget spoofing your number as an auto-dialer forwarding system.
That's the number one no-no.
Any time I need to do anything like that I just adb it. If not, I've set up numerous commands in scripts on sdcard that does most common commands for quick going with the terminal.
But if you must have one, e-mail the developer and ASK him if it supports Android 2.1.
You guys are seriously WAY too paranoid. North Korea can listen to my calls all they want. I. Don't. Care. However, your conspiracy theories didn't answer my question. Thanks for throwing in your 2 cents though. Keep those tin foil hats close.
Jesus, the application does not even ask for permissions. I love not having to use terminal or adb for stuff. How about trying to help the guy and get off your soap box.
Sent from my HTC Dream using XDA App
staunty said:
You guys are seriously WAY too paranoid. North Korea can listen to my calls all they want. I. Don't. Care. However, your conspiracy theories didn't answer my question. Thanks for throwing in your 2 cents though. Keep those tin foil hats close.
Click to expand...
Click to collapse
People offer you genuine advice and you get angry? Damn, bro, need a therapist? And stay away from churches... Anyways, here's an idea.... go find another file manager! O.O If you ran fix_permissions & reinstalled and it still force closes, what the hell do you want us to do? You want me to drive to your house and see if I can recode it to work for you? Since I'm already out, do you want McDonalds or Burger King when I'm on my way?
Edit: Have you even bothered to e-mail the developer asking if it supports 2.1 or if he's built it to work with custom ROMs?
s15274n said:
Jesus, the application does not even ask for permissions. I love not having to use terminal or adb for stuff. How about trying to help the guy and get off your soap box.
Sent from my HTC Dream using XDA App
Click to expand...
Click to collapse
And I love ANYTHING that will mess with ANY file other than the sdcard WILL ASK FOR PERMISSION. Do you even know what root means? You're not injecting your phone with tree veins, you know that right?
r3s-rt said:
People offer you genuine advice and you get angry? Damn, bro, need a therapist? And stay away from churches... Anyways, here's an idea.... go find another file manager! O.O If you ran fix_permissions & reinstalled and it still force closes, what the hell do you want us to do? You want me to drive to your house and see if I can recode it to work for you? Since I'm already out, do you want McDonalds or Burger King when I'm on my way?
Edit: Have you even bothered to e-mail the developer asking if it supports 2.1 or if he's built it to work with custom ROMs?
And I love ANYTHING that will mess with ANY file other than the sdcard WILL ASK FOR PERMISSION. Do you even know what root means? You're not injecting your phone with tree veins, you know that right?
Click to expand...
Click to collapse
I wasn't given genuine advice. I was given paranoid, conspiratorial thoughts on the app in question. Don't bother injecting your two cents if it doesn't answer someones question. Being that root explorer is a widely used program, and I hadn't seen anyone post about it not working, I figured it was an issue on my end.
You are not alone. Root Explorer stopped working for me too. I had 1.2 from my old android and just reinstalled the APK but it crashes on my Vibrant since 2.1 and now 2.2. If I find a fix i will let you know.
I was trying to use version 2.13.1 from my other android but
I resinstalled an older apk version 2.08 and it works just fine now hope this helps.
What happened to the honeybunches thread? What was the reason it was deleted??
OP requested that his thread be deleted.
Huh okay, thanks.
Was a reason given? Is he working on a newer version? I donated money and although I understand that a donation is giving someone money without precondition, an explanation would be the polite thing to do.
66cat389 said:
Was a reason given? Is he working on a newer version? I donated money and although I understand that a donation is giving someone money without precondition, an explanation would be the polite thing to do.
Click to expand...
Click to collapse
You donated money to someone for a small tweak on the Honeycomb SDK port that deeper-blue had created... Your loss.
Not really, I appreciated his work. And since I cannot contribute to the community with expertise, I choose to do so with money since I am generally a fan of the work put out by others on this board. Trust me, if blue had a donate link I would be one of the first to kick in some cash. But he hasn't and despite being a "minor tweak" the build was still quite good.
I DENIED ALL DONATIONS... NO MONEY WAS TAKEN. I didnt want any legal issues with google. I saw in deepers q&a about the market.
Sent from my SPH-D700 using XDA App
66cat389 said:
Not really, I appreciated his work. And since I cannot contribute to the community with expertise, I choose to do so with money since I am generally a fan of the work put out by others on this board. Trust me, if blue had a donate link I would be one of the first to kick in some cash. But he hasn't and despite being a "minor tweak" Mr. ____ build was still quite good.
Click to expand...
Click to collapse
Just a personal thing... Can you please remove my name from your post? Thanks.
Sent from my SPH-D700 using XDA App
sorry guys
All is good Marcusant! Your work was/is very much appreciated and I look forward to seeing what you do with this in the future. Maybe an EMMC build in coordination with DB? hehe
marcusant said:
Just a personal thing... Can you please remove my name from your post? Thanks.
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Not a problem, I apologize if I stepped on your privacy.
He deleted his post because it was becoming quite apparent that he was blatantly copying someone else's work. Taking a "picture" (diskimage) of a working version of someone else's work with a couple of apks added to it does not make it "your custom rom". He had no business giving advice on technicalities of Honeycomb that he had no understanding of, and it's no wonder that Blue wouldn't give this kid the time of day and "work together" on future builds...I'm really surprised no one called him on it earlier than now...
I do believe the reason for the OP deleting was merely the fact that you aren't meant to include GApps (Market, Gmail, Maps etc..) inside ROMS or devices that aren't licensed by Google. That's why you don't see cheap Android tablets with the Android Market on - Google hasn't licensed them too. Same applies to ROMS.
Actually Marcusant wasn't just adding "a few apks." He tweaked DB's release to make an image that would fit a 2gb card for those that didn't have access to bigger cards.
Yep--makes it even shadier-- Here is his math, in base form:
(Deep Blue's build) + (Google's Gapps) + (LauncherPro) = ("MY CUSTOM ROM" WOOT?)
It was wrong on every level.
Zeroing out space and using a partition tool still leaves you with someone elses exact work underneath. Not an excuse. Fine (IMO) to post as a image of DB's build, but NOT as 'my custom rom'. Anyone else agree?
TyRonathon said:
I do believe the reason for the OP deleting was merely the fact that you aren't meant to include GApps (Market, Gmail, Maps etc..) inside ROMS or devices that aren't licensed by Google. That's why you don't see cheap Android tablets with the Android Market on - Google hasn't licensed them too. Same applies to ROMS.
Click to expand...
Click to collapse
Do you think that Google would sue the guy over a rom on his nook color he was using for personal use? I don't. I could see it if he was selling the rom or selling nooks he rooted and put the market on. If Google were going to sue it probably would have started a long time ago with all of the devices that have been rooted and the market was put on. Or it would have started when the nc was first rooted and the market was put on it.
Why would they sue? As long as people are using it like they should then google is just MAKING MORE MONEY by us having the market on another device to buy apps with.
Marcusant did google ask you to take your thread down?
Just to clarify, deeper-blue was fine with my work...
Sent from my SPH-D700 using XDA App
mazook98 said:
Yep--makes it even shadier-- Here is his math, in base form:
(Deep Blue's build) + (Google's Gapps) + (LauncherPro) = ("MY CUSTOM ROM" WOOT?)
It was wrong on every level.
Click to expand...
Click to collapse
By your assessment, Deep Blue is just copying someone else's work too (i.e. Google). I thought the point of this forum is for people to find ways of making our devices work better, or making it easier to make our devices work better?
The only real issue, that I can see here, is that he included the Market. He also made several tweaks (tweaks Deep Blue did not make), including raising the DPI and making it fit on a 2GB card.
This is not supposed to be a site about egos or who's copying who. He gave credit to Deep Blue and this is all that is necessary. He never claimed to have created the whole thing himself.
marcusant said:
Just to clarify, deeper-blue was fine with my work...
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Really???? Maybe you should rethink that statement. There is no record whatsoever of deeperblue ever responding to one of your posts, or questions needing help from him on Xda. Having to communicate with someone that is 'fine with your work' by posting "DEEPER BLUE PLEEEASE READ" messages in their thread should be all the evidence you need. You might want to actually talk to him before making these claims.
Sent from my PC36100
Looks like kinguser and supersu are going head to head.
http://forum.xda-developers.com/showpost.php?p=61899071&postcount=1277
I sort of agree with kingteam on this, without their hard work there would be no root for a lot of people.
On the other hand they shouldn't force a third party app on to someone's device, but maybe offer it as part of the root process.
Still supersu doesn't block users from changing to another super user app, so they shouldn't neither.
So now we know why Chainfire won't support kinguser in flashfire.
hopefully Kingteam changes their policy about removing their propriety apps. Super-sume wouldn't have been made if it were for Kingteam's policies.
The question is why anyone who offers a rooting method wishes to force the use of their software.
louiscar said:
The question is why anyone who offers a rooting method wishes to force the use of their software.
Click to expand...
Click to collapse
Well i think thats obvious. If youve ever spent time and effort developing something you'd understand, its not nice that a developer puts all the effort in and then the glory is taken by another. Its obvious Kingteam put a lot of effort into their root methods and creating the root management for it to just be immediately removed without even trying it. Its actually quite good, i used it for months on my htc m8 to no ill effect.
Itd be a shame if they decided to throw in the towel and discontinue any more development because of it.
ashyx said:
Well i think thats obvious. If youve ever spent time and effort developing something you'd understand, its not nice that a developer puts all the effort in and then the glory is taken by another....
Click to expand...
Click to collapse
I don't think this is about glory. I understand your point but ... the whole idea of rooting is to gain control of your device, so prohibiting you from being able to choose what you have running on your device is defeating that purpose and fundamental principle.
Although I'm prepared to accept that their reasons for doing this may not be malicious it does little to encourage trust when they appear this desperate to stop you removing their software especially since it has root access. AFAIK this isn't open source and perhaps a lot of other stuff isn't but we have a basis of trust in most of those cases.
IMHO their strategy should be as any other dev who has gained a reputation, through the right channels (such as Chainfire). It takes time but their efforts and results would speak for itself and they could allay any fears by showing their code is safe. IF they really want people to TRY their software then the route to this is not to create fear and doubt about the integrity of their software but to do the exact opposite and allow people to have peace of mind whilst they give it a bash.
They claim that their reaction to Chainfire et al not responding to their communication has resulted in the denial to the user of the rights to choose what software runs on their devices. This reaction to me is rather childish and does little to persuade the likes of Chainfire or Supersume devs to change their minds.
They (Chainfire / Supersume) may or may not be actively trying to throw this software out or 'bad mouthing it as such', I don't know I've not heard their story but it could just be they are simply maintaining the ethics of user choice in offering to remove something that Kingroot team have deliberately made difficult to do.
On the other hand if they are telling people that Kinguser 'causes conflicts' they should back that up openly and offer the choice to remove purify or not - it is a request I note Kingxteam make and would be valid IMO unless there are good reasons why not. Good reasons would be closed source or why the code may conflict, if no one can verify the software is doing only what it is supposed to (now and in the future) it's a good reason not to have it in your device.
Call me sceptical but what is really in it for them? They aren't gaining any money by you running their software, but they sure act like there is something to gain. They spent a lot of time and effort in finding root solutions but they don't appear to be like other devs who do it for the challenge, or for themselves with a mind to share and who by the way don't try to 'sell' or 'force' their methods on us - you take it or leave it, and we do with thanks and donate or buy their pro versions to show appreciation.
Kingroot (Kingteam) on the other hand appear more like a company to me but who knows. That's the whole point, we don't seem to know a whole lot about their motives and that perhaps creates doubt whether rational or not.
And I agree providing there's nothing nasty in there it would be a shame if they threw in the towel but they are going the wrong way about it to gain people's trust - I'm sure many people would love to try their software and apps provided they don't have any nagging doubts.
You misunderstand what I'm saying. I don't condone the way they are going about things, but I do agree with their reasons. Its wrong that everyone is automatically removing kingroot/kinguser without even trying it.
Like I say I used it for a while and I actually preferred it to supersu, but now that devs like chainfire have prevented the use of kingsu with flashfire and only allows the use of his own or cwm there's no choice but to use supersu.
Now why has chainfire done that? He has basically forced people to use his own app. That's just as bad as what kingteam have done.
Don't get me wrong Chainfire is a stellar dev, but I dont understand that and that's how a lot of this has come about. Many have been converting to supersu to use flashfire. I bet there are loads that would have stuck with kinguser just for simplicity's sake if flashfire worked with it.
They don't prevent the removal of purify, I don't even think it gets installed as a system app, so its no big deal to remove. They shouldn't force install it though, that should be offered as a choice after successful root.
Neither do they prevent removal of kingroot and kinguser, it can all be cleanly removed from within kinguser.
As for being closed source that's no different to chainfires apps. His root solution is closed source and so is flashfire.
Kingteam have been around now for a while and have gained notoriety lately because their root solutions have worked for many. If they had any dishonorable intentions I'm sure it would have come out in the wash by now, but asfaik nothing untoward has happened to anyone.
I'm not protecting them in anyway just understanding their point of view, put it this way how many how have used their root exploit then clicked the link to their XDA thread and thanked them?
Probably not many, credit were credit's due I say.
Hard work deserves some recognition. Maybe I should add the link in my root thread.
Sad that this situation has occurred. I am very appreciative of Kingroot providing a method to root my Tab S without tripping KNOX. Without it I would not have rooted until my warrenty had come close to expiring. Unfortunitely I would have removed Kingroot apps for SuperSU for a few reasons
1) I already paid for SuperSU Pro and use it on my other devices
2) Flashfire providers most of my custom recovery needs which Kingroot does not. There is an argument for Flashfire being decoupled from SuperSU but not the development overhead when you flash an updated firmware ( e.g. B0E2 to B0E3). Flashing an upgrade requires the preservation of the root manager. I want OS updates that automatically preserve root so need Flashfire. Of course I've not mentioned other Flashfire features but I'm trying to stay relevant to the topic.
3) SuperSU's policies have provided methods to work around Samsung's bootloader SELinux enforcement. Without it I would not be able to use Viper4Android and an Ext4 formatted OTG microSD card.
I would have been happy to donate money to Kingroot for their rooting service but to the best of my knowledge they do not have a donate option. I would have only done so through PayPal or the Playstore. That brings me to my hesitation to using rooting methods from sources I do not know. I can say I was hesitant to use Kingroot at all and let others be the guinea pigs. Call me paranoid but I've seen first hand and read everyday the malicious nature of the net. At least Chainfire is a known developer on the Playstore.
In the end what maybe more of a question is the lack of rights that customers who purchased, not rented, their devices have. Why are unlocked bootloaders not a right with root management built in? Where do the manufacturers get off restricting me from doing what the heck I want with my devices? Sure limit my warrenty in some way (e.g. Overclocking burnout) but if hardware becomes faulty independent of rooting why should they be off the hook?
I hope some balance/compromise can be met between these important contributors.
Sent from my SM-T800 using XDA Premium HD app
ashyx said:
Its wrong that everyone is automatically removing kingroot/kinguser without even trying it.
Click to expand...
Click to collapse
Can you say that? The main reason people do it is because of the doubt and uncertainty of something new. Getting root is one thing and people are grateful for that but running something they are not familiar let alone trust is another.
And of course as for me too this is one of my reasons:
3DSammy said:
1) I already paid for SuperSU Pro and use it on my other devices
Click to expand...
Click to collapse
.. and I'm used to using it. I should have that choice surely? And his other reasons are good and valid too.
ashyx said:
... devs like chainfire have prevented the use of kingsu with flashfire and only allows the use of his own or cwm there's no choice but to use supersu.
Now why has chainfire done that? He has basically forced people to use his own app. That's just as bad as what kingteam have done.
Click to expand...
Click to collapse
I agree and I wish they'd discuss it more. I would like to know what is really going on with all this.
ashyx said:
I bet there are loads that would have stuck with kinguser just for simplicity's sake if flashfire worked with it.
Click to expand...
Click to collapse
I'm sure but it's difficult to know how many more would. Some people just want root to get some degree of control. Not all are flashaholics. Doubt and uncertainty are more prevalent here because of the immediate perceived need to remove it as soon as possible.
ashyx said:
Neither do they prevent removal of kingroot and kinguser, it can all be cleanly removed from within kinguser.
Click to expand...
Click to collapse
If you don't mind losing root. So it's a pointless exercise and it's a kind of blackmail.
ashyx said:
As for being closed source that's no different to chainfires apps. His root solution is closed source and so is flashfire.
Click to expand...
Click to collapse
But as I say there is a basis for trust that doesn't exist with Kingroot ... yet anyway.
ashyx said:
Kingteam have been around now for a while and have gained notoriety lately because their root solutions have worked for many. If they had any dishonorable intentions I'm sure it would have come out in the wash by now, but asfaik nothing untoward has happened to anyone.
Click to expand...
Click to collapse
Let's just turn on [paranoia mode] for a moment. They aren't doing anything now perhaps they just want to get as many devices running it then on a future update ..... [/paranoia mode off]
3DSammy said:
I would have been happy to donate money to Kingroot for their rooting service but to the best of my knowledge they do not have a donate option. I would have only done so through PayPal or the Playstore. That brings me to my hesitation to using rooting methods from sources I do not know. I can say I was hesitant to use Kingroot at all and let others be the guinea pigs. Call me paranoid but I've seen first hand and read everyday the malicious nature of the net. At least Chainfire is a known developer on the Playstore.
Click to expand...
Click to collapse
Exactly the point. Again what is their motivation? What are they getting out of all this furious hard work on multiple devices? I looked at the purify thread - it's a fully responsive engagement of support which is not unlike a company that has a paid product out there and keen to support it for more sales.
Cloud servers, a large (don't know) team of people? Often devs like Chainfire have little time to engage on this level, they are too busy on the product AND with their own lives / jobs. This is not their full time job in most cases.
This psychology isn't unusual. If someone came to you and offered you a free lunch you are going to be suspicious right? The first thing you are going to think of is 'what's in it for them'. Right or wrong this is how we work.
3DSammy said:
I'm not protecting them in anyway just understanding their point of view, put it this way how many how have used their root exploit then clicked the link to their XDA thread and thanked them?
Probably not many, credit were credit's due I say.
Hard work deserves some recognition. Maybe I should add the link in my root thread.
Click to expand...
Click to collapse
You are right - their threads do have a lot of thanks but perhaps not nearly as many as have used their solution - perhaps because of threads like yours where you provide a solution for a particular device so we don't automatically go to the Kingroot thread and leave our thanks. But bear in mind that the appearance of threads like yours in the first place were to tell people how to get rid of Kinguser after rooting.
Yes put a link and prompt to give thanks to them it's right.
For my part I would like to see some pressure or prompting for both parties to get something sorted out. Kingxteam to stop throwing toys out of the pram and writing restrictive code into their apps and Chainfire et al to come out and discuss their own restrictive policies and explain their concerns.
Welcome to a free world.
Kingroot are free to make their software anyway they want.
Chainfire is free to make his software any way he wants.
You (the user) is free to use one or the other or neither if you want.
If you dislike how kinguser is handeling this situation, but you still want a way to root without tripping knox then, you are free to design and write that code yourself.
Also as for what is in it for the kingxteam remember google, facebook, and quite a few others made products with not very solid monetarization ideas and now they are worth quite a bit. Much of the internet age has been make a product many ppl use and figure out a way to turn a profit afterwords.
Agreed, user choice at the end of the day, we get this same attitude in the HTC forum regarding sunshine s-off.
If you don't like it don't use it or remove it, they don't stop you doing that.
As for the fear factor of using an unknown app, isn't that what millions of people do everyday when installing apps on their device?
The average user never pays any mind to the permissions some of those apps use.
If it works they use it, simple as.
If your happy to let an exploit hack your device and gain high level privileges to it you can't be that concerned with Security otherwise you wouldn't root in the first place.
Too much paranoia going on here me thinks.
Personally I don't give a fig about kingteam planting a time bomb on my device, what's the worst that can happen? Once I get root I can weed out any naughty stuff.
Today's devices are becoming very secure for the average user, but the tinkerers don't like that, so what do the majority do? Root, flash custom kernels, Roms and recoveries and override all that security that's been implemented.
And were worried about a couple of little apps? Come on.
acdbrn2000 said:
Welcome to a free world.
Click to expand...
Click to collapse
There's always someone who'll come up with the age old saying of 'well if you don't like it don't use it.'
Frankly there's not a lot left to say to such posts and that is probably a good point to leave it.
Well it's quite interesting to read this over a year later and seeing how Kingroot has an app in the play store but I have looked everywhere and it's installed as a system app on my phone, I was actually researching FlashFire hoping to be able to get an OTA update and now I am looking to uninstall KingRoot 5.0.0 to go back to an older version of KingRoot. I would like to be able to switch out KingSU for supersu. But each belongs to each developer.