Will Google go all Anit-Root on CC like Apple with iOS? - Google Chromecast

What is the likelihood of Google going all "Anti-Root" on the ChromeCast like Apple does with iOS? I mean just about every android device has been and is currently rootable for the most part. I knows rooting can be considered a "security threat if misused and all.
~SG

They fixed the first hole pretty fast, so I guess they will do the same with the 2nd hole.
An open media player can be difficult due to licencing issues...

I agree with the previous post on that Google will try to block Chromecast root. But, anyway, I think it's still an awesome device.

I would imagine companies like Netflix prefer the CC locked.

If you ask me...Google has definitely been diligent at securing the device from being rooted. I mean it's almost a year since the last root window opened up and closed.
They definitely learned a thing or two from Motorola about locking up devices!
They have to at least appear to be doing something about securing the device since support from the various content providers is dependent on that security.
A lesson they learned with the Google TV debacle.
Unlike Google TV without content this CCast dongle is worthless!
So yes they will try and do whatever they can to patch up any root exploit they can.

As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.

bhiga said:
As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.
Click to expand...
Click to collapse
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG

SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
Click to expand...
Click to collapse
A tablet and phone can do other things than simply play media.
Chromecast minus the media leaves screen mirroring - but only for semi-recent and supported devices. That's not a market of millions of units, otherwise the folks selling Miracast devices would be rich and making shinier products.
(Stock) Chromecast has no interface, no way to sideload apps, and requires applications to support it in their code. Take the Chromecast-enabled apps away and you don't have much left, especially up against the Miracast devices.

SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG
Click to expand...
Click to collapse
The chromecast is built for, and solely marketed as a online media streaming stick. Google needs to show content providers that they are passionate about making their device a secure hardware solution for online media, otherwise if new content providers do not develop for the Chromecast, or current ones opt out Google would have lost the sole purpose of their device.
Android itself is generally easy to unlock devices bootloaders, gain root access and install custom roms, it was designed like that. While the chromecast was locked down. Google are taking a completely different approach to the Chromecast, than they did for their nexus line or Stock android in general.

It really comes down to numbers vs risk.
The solution is to use DRM to protect the content. Pretty easy on a Phone/Tab due to it's beefier processor but not so much on a CCast other than using the built in DRM which could be vulnerable if someone with root access messed with it. On a phone you could create your own DRM system inside the app and even run a root check to deny the app from running which many have chosen to do. In essence that is precisely what Netflix does! And it should be noted that Netflix runs differently on CCast than all the other Receiver apps we see.
While they would probably be more comfortable not supporting Android due to it's rootable nature, when 85% of your target audience is running it it's a little difficult to ignore. Not so much the case with CCast at this point. and without their support it never will capture a majority of the audience.
Truth is the major holdup to content support seems to be the duality required to make CCast work. Not only do you have to code a receiver app for the CCast but you have to build the control and Dial functions into the Mobile app as well to send content to it.
Most media companies aren't this savvy to wrap their heads around that which makes CCast support almost an afterthought.
But back to your question...Yes they are plenty concerned with root on phones and tabs but to deny them means cutting off the lionshare of your target audience. Not the case with CCast at this point and since content is all it does they have some leverage to ignore it if they want until they are sure it is piracy proof.

Related

Anyone else looking forward to Turning Chromecast into the new Pi / XBMC stick.

topic.
I, for one, am paying close attention to any functionality like this to surface, then it'll truly meet my needs.
Sent from my Nexus 7 using Tapatalk HD
littleemp said:
topic.
I, for one, am paying close attention to any functionality like this to surface, then it'll truly meet my needs.
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
I would love xbmc on it. i have an old dell as my htpc and my pi as my tv computer. id love it!
I want this too.
Some people say to just get a pi but what they don't understand is with a pi which is 35$ alone you still don't get an SD card, wireless adapter, HDMI cord or even a case. Not to mention iirc Chrome cast is clocked 300Mhz higher than the raspberry with even lower power consumption.
thatbigmoose said:
I want this too.
Some people say to just get a pi but what they don't understand is with a pi which is 35$ alone you still don't get an SD card, wireless adapter, HDMI cord or even a case. Not to mention iirc Chrome cast is clocked 300Mhz higher than the raspberry with even lower power consumption.
Click to expand...
Click to collapse
damn. We need someone on this stat!
Lookin forward to replacing my original xbox with this, for my new xbmc media player...
littleemp said:
topic.
I, for one, am paying close attention to any functionality like this to surface, then it'll truly meet my needs.
Click to expand...
Click to collapse
Same thing here. This is really why I bought one.
Sent from my SPH-L720 using Tapatalk 4
I cant wait for this. As soon as this happens I will buy a chromecast for all the tvs in the house
Sent from my SPH-L900 using Tapatalk 4
Cast Xmbc over Chromecast using Avia Player
Hi,
You can now cast XMBC over Chromecast using Avia Player($2.99 Addon Charge). A video tutorial is up on You Tube.
Using Smartphone - XMBC can be watched over Chromecast through Avia Player which costs $2.99. YouTube Video shows how.
http://youtu.be/vS-7hwYe4nw
Using Computer - XMBC can be watched over Chromecast through Avia Player which costs $2.99. YouTube Video shows how.
http://youtu.be/NCgP0r5Dvp8
Good Luck
It will never be a XBMC stick...
What you might get though is have XBMC stream to it and support other DIAL devices, once the XBMC devs stop being stubborn and listen to what their Users have been asking for.
They seem to think DIAL isn't worth supporting since they already support UPnP.
Asphyx said:
It will never be a XBMC stick...
What you might get though is have XBMC stream to it and support other DIAL devices, once the XBMC devs stop being stubborn and listen to what their Users have been asking for.
They seem to think DIAL isn't worth supporting since they already support UPnP.
Click to expand...
Click to collapse
My Rockchip MK808 stick runs XBMC and Cheapcast..indeed most Android phones you might have lying around collecting dust will do. I don't use it much, but the wife loves her Android games on the big xcreen.
wideasleep1 said:
My Rockchip MK808 stick runs XBMC and Cheapcast..indeed most Android phones you might have lying around collecting dust will do. I don't use it much, but the wife loves her Android games on the big xcreen.
Click to expand...
Click to collapse
Your Rockchip Stick has everything needed to navigate/control it via BT Same with Phones...CCast has none of this.
Whats more is the fact that Source compatibility is going to be a real problem there, You can't store content on the CCast and while reading from a network source is possible that source had better be CCast compatible or it won't play well.
But even if you manage to get past all those hurdles you have one bigger issue to contend with that you can't really solve....
Google will never Whitelist it as it does not conform to their UI Guidelines at all.
I would much rather see XBMC add the ability to send content to DIAL devices because the PC/MAC/LINUX versions of XBMC could easily add Transcoding to their system if they wanted to and remove the source compatibility issue and it would allow two people in the house to watch the same content on different TVs.
Asphyx said:
Your Rockchip Stick has everything needed to navigate/control it via BT Same with Phones...CCast has none of this.
Whats more is the fact that Source compatibility is going to be a real problem there, You can't store content on the CCast and while reading from a network source is possible that source had better be CCast compatible or it won't play well.
But even if you manage to get past all those hurdles you have one bigger issue to contend with that you can't really solve....
Google will never Whitelist it as it does not conform to their UI Guidelines at all.
I would much rather see XBMC add the ability to send content to DIAL devices because the PC/MAC/LINUX versions of XBMC could easily add Transcoding to their system if they wanted to and remove the source compatibility issue and it would allow two people in the house to watch the same content on different TVs.
Click to expand...
Click to collapse
Well that's no surprise really. I'm still somewhat surprised folks want so much from what amounts to a hdmi-alternative wireless dongle. Sure it's handy and works great for the services it currently supports (tab casting aside..simply atrocious for me) and it's dirt cheap to be a no brainer. But to get real server services requires an entirely different approach: a front end/back end and expandable, stable database. CC ain't gonna take us there.
wideasleep1 said:
Well that's no surprise really. I'm still somewhat surprised folks want so much from what amounts to a hdmi-alternative wireless dongle. Sure it's handy and works great for the services it currently supports (tab casting aside..simply atrocious for me) and it's dirt cheap to be a no brainer. But to get real server services requires an entirely different approach: a front end/back end and expandable, stable database. CC ain't gonna take us there.
Click to expand...
Click to collapse
It's the age-old conundrum - specialized device, or general-purpose device?
It's like getting a dishwasher versus a housekeeper.
Dishwasher is predictable and doesn't ask for a raise or days off but it won't wash or fold your clothes.
Housekeeper can wash dishes and wash and fold clothes, but might ask for a raise or days off.
The best solution really depends on the individual situation.
wideasleep1 said:
Well that's no surprise really. I'm still somewhat surprised folks want so much from what amounts to a hdmi-alternative wireless dongle. Sure it's handy and works great for the services it currently supports (tab casting aside..simply atrocious for me) and it's dirt cheap to be a no brainer. But to get real server services requires an entirely different approach: a front end/back end and expandable, stable database. CC ain't gonna take us there.
Click to expand...
Click to collapse
Yeah I guess some folks don't realize the limitations of this device and how in some cases Less is actually more!
The simplicity of how CCast works makes it much more versatile than Miracast or DLNA Dongles,
But something like XBMC or Plex frontends which requires saving files and a Database will never be one of those things it does well.
And that doesn't even address the Navigation issues. The whole point of CCast is to make a device you can display to (Like Miracast) while off loading Power, and Navigation to another device that is much easier to write code for but doesn't require tying up the device to display (Like Miracast) a very targeted solution to a very specific problem.
bhiga said:
It's the age-old conundrum - specialized device, or general-purpose device?
It's like getting a dishwasher versus a housekeeper.
Dishwasher is predictable and doesn't ask for a raise or days off but it won't wash or fold your clothes.
Housekeeper can wash dishes and wash and fold clothes, but might ask for a raise or days off.
The best solution really depends on the individual situation.
Click to expand...
Click to collapse
Just like you can run Plex off a RasPi or NAS but neither is actually a very good option to run a media server from due to the Transcoding power requirements that usually require far more power than a Pi or NAS can give you.
There are two schools of thought here....
One side wants something they can navigate and control their TV with (Lets call them the Navigators). They just want a device that will give them a better interface than their Smart TV has (Roku, GoogleTV, XBMC Etc...) or want something to make a dumb TV smart. CCast doesn't take that approach at all
The other side I'll call the ROUTERS or maybe the Remote Controllers (and I guess I am in this Group) are looking for LESS Navigation and more Mobile Device integration in the same way we have Smart Houses being controlled by our Mobile devices. I don't want to go through navigation of Menus just to see something on a particular display I would prefer to use the same controls for ALL devices and merely rout signals where I want them without having to SET UP the device I wish to display on.
Just like in a Smart House I can set the temp of one room while sitting in another I should be able to display things on a TV in another room from the same screen I am using to control the display in the room I'm in.
Essentially routing Media throughout my house the same way I do to Monitors in my production truck or TV Studio.
Imagine if I had to go to every monitor in my studio, Hit Menu, Select the app before I could get the signal I wanted on the Monitor. That seems to be what the Navigators want.
Me I don't ever want to have to change a thing on the Monitor just rout my signal to it and have it display it.
This is essentially what DIAL and the CCast is all about.
Asphyx said:
Yeah I guess some folks don't realize the limitations of this device and how in some cases Less is actually more!
The simplicity of how CCast works makes it much more versatile than Miracast or DLNA Dongles,
But something like XBMC or Plex frontends which requires saving files and a Database will never be one of those things it does well.
And that doesn't even address the Navigation issues. The whole point of CCast is to make a device you can display to (Like Miracast) while off loading Power, and Navigation to another device that is much easier to write code for but doesn't require tying up the device to display (Like Miracast) a very targeted solution to a very specific problem.
Just like you can run Plex off a RasPi or NAS but neither is actually a very good option to run a media server from due to the Transcoding power requirements that usually require far more power than a Pi or NAS can give you.
There are two schools of thought here....
One side wants something they can navigate and control their TV with (Lets call them the Navigators). They just want a device that will give them a better interface than their Smart TV has (Roku, GoogleTV, XBMC Etc...) or want something to make a dumb TV smart. CCast doesn't take that approach at all
The other side I'll call the ROUTERS or maybe the Remote Controllers (and I guess I am in this Group) are looking for LESS Navigation and more Mobile Device integration in the same way we have Smart Houses being controlled by our Mobile devices. I don't want to go through navigation of Menus just to see something on a particular display I would prefer to use the same controls for ALL devices and merely rout signals where I want them without having to SET UP the device I wish to display on.
Just like in a Smart House I can set the temp of one room while sitting in another I should be able to display things on a TV in another room from the same screen I am using to control the display in the room I'm in.
Essentially routing Media throughout my house the same way I do to Monitors in my production truck or TV Studio.
Imagine if I had to go to every monitor in my studio, Hit Menu, Select the app before I could get the signal I wanted on the Monitor. That seems to be what the Navigators want.
Me I don't ever want to have to change a thing on the Monitor just rout my signal to it and have it display it.
This is essentially what DIAL and the CCast is all about.
Click to expand...
Click to collapse
Yep...I only see the CC as and 'end" device. To introduce feature creep would complicate and obscure its real value. API release and further app development will be all the enhancement it needs. Clear purpose market wise, solid community support=widespread success. Let the specialists do their thing.
Sent from my Nexus 5 using Tapatalk
wideasleep1 said:
Yep...I only see the CC as and 'end" device. To introduce feature creep would complicate and obscure its real value. API release and further app development will be all the enhancement it needs. Clear purpose market wise, solid community support=widespread success. Let the specialists do their thing.
Click to expand...
Click to collapse
Yup!
For my usage, I don't need YAR (Yet Another Remote) - I already have a HTPC, but Chromecast's interface as an extension of apps I already use is much more convenient.
wideasleep1 said:
Yep...I only see the CC as and 'end" device. To introduce feature creep would complicate and obscure its real value. API release and further app development will be all the enhancement it needs. Clear purpose market wise, solid community support=widespread success. Let the specialists do their thing.
Click to expand...
Click to collapse
For years in broadcast we have used a sort of networked transmission called "The Switch" it was little more than a network router that you could send video to any TV network on "The Switch Network".
TVs are in my mind a destination for content and it doesn't really matter what kind of content it is (Music, Web, Video, Pics). CCast can turn a TV into a destination. Until TV Manfs get on board and see this is the best way to send digital signals all over the place (by Pushing instead of Pulling) the CCast will at least get the concept rolling until those Manufacturers catch up. I know for a fact Sony would LOVE to get rid of their Smart Interface department because it generates little to no revenue and is constantly having to keep up and upgrading TVs that were already bought and sold. In time whatever money they made off the TV will be spent supporting it's Smart interface to keep up with User Demand for apps when if they merely supported DIAL they wouldn't need any SMART interface at all!
Thats kind of where I hope CCast (and DIAL standard) is taking us!
bhiga said:
Yup!
For my usage, I don't need YAR (Yet Another Remote) - I already have a HTPC, but Chromecast's interface as an extension of apps I already use is much more convenient.
Click to expand...
Click to collapse
It's funny how the first wireless remotes used light to control but were then abandoned for Radio devices which were then Abandoned for IR (Light again) only to be usurped again by Radio in the form of WiFi! LOL
As they say what goes around comes around! LOL
There isn't a universal remote that can be bought that would be as versatile as my Tablet or Phone is....
Turning my Chromecast into my XBMC machine is literally why I logged into XDA today. GOGOGO!!!!
I can't wait for that. I currently play everything off an HTPC but if I don't ever need to turn it on again, good.
Asphyx said:
It's funny how the first wireless remotes used light to control but were then abandoned for Radio devices which were then Abandoned for IR (Light again) only to be usurped again by Radio in the form of WiFi! LOL
Click to expand...
Click to collapse
Indeed... I actually had a TV that used a sonic remote, I think it might've been Zenith.
When I printed graphics using my dot-matrix* printer, certain graphics would change the channel. It was freaky at first, and pretty funny afterward.
* Kids, look that one up or go to an automotive dealership that still uses carbon-copy forms.
Asphyx said:
There isn't a universal remote that can be bought that would be as versatile as my Tablet or Phone is....
Click to expand...
Click to collapse
:good: Indeed! Harmony is close but not as slick as native control. Hard to get more native than building it into Google Play Services!
bhiga said:
Indeed... I actually had a TV that used a sonic remote, I think it might've been Zenith.
Click to expand...
Click to collapse
LOL Yes It was a Zenith....I remember My Uncle could change the channel by Whistling! Would drive my great Grandmother Nuts!

Google blocks Chromecast apps that let you stream your own videos

Google blocks Chromecast app that let you stream your own videos...
"Google hasn't provided a clear answer on whether Chromecast will eventually let users stream their own local videos and music to the TV screen. But if early updates for the $35 dongle are any indication, the company doesn't want third-party developers trying to deliver that functionality. The most recent Chromecast update has broken support for AllCast, an Android application that previously allowed users to stream their personal media to a TV. AllCast (also known as AirCast thanks to a trademark dispute) could play back files stored in a phone's gallery, Dropbox, or Google Drive. Developer Koushik Dutta accomplished the feat by reverse engineering the Chromecast's code. He'd released several betas of the app, even planning a release on Google Play, before Google's latest software update broke things — "intentionally" in Dutta's opinion."
Read more...
http://www.theverge.com/2013/8/25/4...chromecast-app-that-let-you-stream-own-videos
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Let Google know exactly how you feel about this issue. If you're not happy downgrade and comment on their official Chromecast app.
https://play.google.com/store/apps/details?id=com.google.android.apps.chromecast.app&hl=en
xuser said:
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Click to expand...
Click to collapse
Those apps were never approved and on the app whitelist. ALL apps are blocked by default. Only approved apps will run on the Chromecast. What those apps were doing was reverse engineering the Chromecast and using a hack to get around it. Google fixed that hack.
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Sucks that now only YouTube and Netflix are the only things that'll play. Enjoyed the ability to play local media.
xuser said:
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Click to expand...
Click to collapse
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Very disappointing! I was at a friend's home and he was showing off mirroring his iclone through Apple tv. Was hoping Chromecast would top that.
Sent from my EVO using xda app-developers app
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Hopefully Google is just temp blocking until ready to officially supporti 3rd party apps. If not, back to Roku.
I don't know if anyone else noticed but casting a local video file from a chrome browser tab actually plays smoother now. But aircast provided the easiest way to cast a video file from an Android phone.
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Click to expand...
Click to collapse
I have no interest in buying another Chromecast until this gets sorted out either.
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me
Click to expand...
Click to collapse
Mostly because it was more useful when AllCast and Fling worked. Kind of back in the ballpark with Google TV now in that it doesn't do a lot (for me anyway). Nothing more, nothing less.
Disappointed
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
It may never have been announced to be able to do it, but to most it was obvious that the device was capable of doing it and that with dev support a lot was possible. It is disappointing to see how restrictive Google is being in taking away support for a function that the chromecast can handle. That being said, there will always be a way to accomplish this, it is just a matter of how inconvenient Google is going to make it.
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Hey
Just discovered an app that streams local content to any dnla player - wiTV. It offers mostly russian online contant but.. It also offers streaming local content from all of your devices including apple pc and Android. It creates a dnla local server on mobile devices and you can launch local media playback and scroll through it on the mobile device plays well on my old asus oplay r3 and samsung tv
Have fun and screw u Google! I can't believe i paid $100 to buy junk
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
The SDK isn't final. And in this case the developer hacked around one of the most essential parts (the app whitelist). No offense, but I don't want Netflix, HBO, etc to pull their content off the Chromecast so Google can let hackers design apps to stream content from my phone in a non-standard way that was never intented. How about we all wait until the SDK is final before judging Google. All they did was fix a security hole in the device.
Techno79 said:
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Click to expand...
Click to collapse
I agree.
I purchased the ChromeCast only for the purpose of wireless playing movies from my laptop to my HDTV. I currently use a HDMI cable, but thought wireless would be ideal.
I never use Netflix.
I never use Utube.
I wasted $35 plus shipping, because google refuses to allow me to use the hardware I purchased the way I want to.
It just arrived a few days ago, and I can root it.
But I don't think rooting it will help.
It's just a paperweight now.
Maybe I can return it to Google for a full refund?
ddiehl said:
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Click to expand...
Click to collapse
Yeah, I just love DLNA support on my Roku3.
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
I hope you sent this as feedback, very well put. The corporate device manufacture, including Google has benefited from free private development. A lot of the features that come on devices today started with the devs witch in turn busted sales from their innovation and put android where it is today.
Sent from my EVO using xda app-developers app
I don't under stand what the problem was. I mean, I was just using AllCast to watch videos of my kids on the TV. I'm not willing to spend time to upload videos to YouTube just to do that (nevermind privacy concerns and the fact the world doesn't care about my kid doing backflips off the couch).
I already have an HTPC for media playback, there's only personal content on my phone.
This was probably disabled because it wasn't using the actual SDK and was more of a hack. Was neat while it lasted.

Now what for Chromecast

I am happy with the functionality of the Chromecast. Netflix, Play Music and YouTube function quite well. I liked briefly being able to play local media. But I can't help but wonder what will Google add to it. Roku has so many channels both official and private. Apple TV just added a couple more. Not very many but still many more then Google. Any thoughts on how Chromecast will mature.
Sent from my Xoom using XDA Premium HD app
I think so many people are caught up in the idea of playing their local media, that they had forgot that this device can do so much more!
I am personally working on a couple of preview/proof-of-concept projects, within the guidelines that Google has given us, including having my Chromecast whitelisted. And they still work just fine, aka not blocked.
One is a game (with plans to develop quite a few games).
One is a home automation/security hub integration.
There is a lot of potential for this device. And even with an unfinished SDK, the current API allows for all of this still.
Consider this. The receiver app API is 100% compatible to JavaScript and HTML5. And so much can be developed on these platforms.
The problem I see is, we have SOOOOOO many more "consumers/users" roaming this device then we do developers. And when the proof-of-concept that the CC could playback local media emerged, everyone was FLING'n to that and didn't allow their minds to see outside that box (like the pun there?).
I for one am still extremely excited for this product. As a developer, I see it as a great tool that adds an outlet to my creativity which can be integrated with current relevant apps and web experiences, and future ones.
I truly hope that the rest of the community can see this "light at the end of the tunnel" as well. I'd hate to see the CC get such a bad rep just because an ability that was never promised in the first place, got, for all we know, temporarily disabled.
Unholyfire said:
I think so many people are caught up in the idea of playing their local media, that they had forgot that this device can do so much more!
I am personally working on a couple of preview/proof-of-concept projects, within the guidelines that Google has given us, including having my Chromecast whitelisted. And they still work just fine, aka not blocked.
One is a game (with plans to develop quite a few games).
One is a home automation/security hub integration.
There is a lot of potential for this device. And even with an unfinished SDK, the current API allows for all of this still.
Consider this. The receiver app API is 100% compatible to JavaScript and HTML5. And so much can be developed on these platforms.
The problem I see is, we have SOOOOOO many more "consumers/users" roaming this device then we do developers. And when the proof-of-concept that the CC could playback local media emerged, everyone was FLING'n to that and didn't allow their minds to see outside that box (like the pun there?).
I for one am still extremely excited for this product. As a developer, I see it as a great tool that adds an outlet to my creativity which can be integrated with current relevant apps and web experiences, and future ones.
I truly hope that the rest of the community can see this "light at the end of the tunnel" as well. I'd hate to see the CC get such a bad rep just because an ability that was never promised in the first place, got, for all we know, temporarily disabled.
Click to expand...
Click to collapse
Thank you for this post. We finally get one of the few adult posts around here. I'm very interested in what you have planned so far.
Sent from my Nexus 4 using Tapatalk 4
Unholyfire said:
I think so many people are caught up in the idea of playing their local media, that they had forgot that this device can do so much more!
I am personally working on a couple of preview/proof-of-concept projects, within the guidelines that Google has given us, including having my Chromecast whitelisted. And they still work just fine, aka not blocked.
One is a game (with plans to develop quite a few games).
One is a home automation/security hub integration.
There is a lot of potential for this device. And even with an unfinished SDK, the current API allows for all of this still.
Consider this. The receiver app API is 100% compatible to JavaScript and HTML5. And so much can be developed on these platforms.
The problem I see is, we have SOOOOOO many more "consumers/users" roaming this device then we do developers. And when the proof-of-concept that the CC could playback local media emerged, everyone was FLING'n to that and didn't allow their minds to see outside that box (like the pun there?).
I for one am still extremely excited for this product. As a developer, I see it as a great tool that adds an outlet to my creativity which can be integrated with current relevant apps and web experiences, and future ones.
I truly hope that the rest of the community can see this "light at the end of the tunnel" as well. I'd hate to see the CC get such a bad rep just because an ability that was never promised in the first place, got, for all we know, temporarily disabled.
Click to expand...
Click to collapse
I look forward to the gaming part as from what I understand there is a lag between the input and display on the tv. And for gaming lag is an absolute no-no.
Unholyfire said:
I think so many people are caught up in the idea of playing their local media, that they had forgot that this device can do so much more!
I am personally working on a couple of preview/proof-of-concept projects, within the guidelines that Google has given us, including having my Chromecast whitelisted. And they still work just fine, aka not blocked.
One is a game (with plans to develop quite a few games).
One is a home automation/security hub integration.
There is a lot of potential for this device. And even with an unfinished SDK, the current API allows for all of this still.
Consider this. The receiver app API is 100% compatible to JavaScript and HTML5. And so much can be developed on these platforms.
The problem I see is, we have SOOOOOO many more "consumers/users" roaming this device then we do developers. And when the proof-of-concept that the CC could playback local media emerged, everyone was FLING'n to that and didn't allow their minds to see outside that box (like the pun there?).
I for one am still extremely excited for this product. As a developer, I see it as a great tool that adds an outlet to my creativity which can be integrated with current relevant apps and web experiences, and future ones.
I truly hope that the rest of the community can see this "light at the end of the tunnel" as well. I'd hate to see the CC get such a bad rep just because an ability that was never promised in the first place, got, for all we know, temporarily disabled.
Click to expand...
Click to collapse
The thing with local media streaming is that it should have been included from the start and is one of the most common and basic needs for Android users. We all have these really nice smartphones with incredible cameras and want a very easy way to push pictures or video we have taken to our big screens for reviewing as a group. I have no doubt it will come once the SDK is out of beta and it's really too bad that we all had access to AirCast because it provided a key functionality then Google took it away. Yes, it should never had happened and I understand why they had to block the hack but they also had to realize it was going to upset a lot of people. I just don't get why they didn't provide this functionality from the start, it's just such a natural solution for Android to share pictures on a big screen....
verysmartncool said:
I look forward to the gaming part as from what I understand there is a lag between the input and display on the tv. And for gaming lag is an absolute no-no.
Click to expand...
Click to collapse
Since my proof-of-concept game does not require millisecond latency for control interface from the player to the screen, this is not an issue. Also, the lag that is present appears to be less than a second thus far anyway.
rkirmeier said:
The thing with local media streaming is that it should have been included from the start and is one of the most common and basic needs for Android users. We all have these really nice smartphones with incredible cameras and want a very easy way to push pictures or video we have taken to our big screens for reviewing as a group. I have no doubt it will come once the SDK is out of beta and it's really too bad that we all had access to AirCast because it provided a key functionality then Google took it away. Yes, it should never had happened and I understand why they had to block the hack but they also had to realize it was going to upset a lot of people. I just don't get why they didn't provide this functionality from the start, it's just such a natural solution for Android to share pictures on a big screen....
Click to expand...
Click to collapse
I'm not sure why it should have been included. It was never advertised as having that functionality. The Chromecast website states...
The easiest way to enjoy online video and music on your TV.
Click to expand...
Click to collapse
It will be great once the SDK is officially released and developers can release an app for that... but it was and is sold as a solution for online video.
I am hopeful people can bring a variety of things to the Chromecast. I can stream my local files to the roku quite easily. And actually I have a slimport and a push2tv. So it is easy. I can already use the roku for angry birds. Not sure whether latency is an issue. It is true that Google did not advertise that it could play local files but they are smart enough to know that customers would want to. If they are worried about upsetting the Cable companies, etc. We have plenty of ways to stream content from our Android devices to the television. I. Can play a local file on the computer using a chrome browser. Granted it looks terrible but it works.
Sent from my Nexus 4 using Tapatalk 4

Why google? Why?!?!

So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Sent from my Nexus 5 using Tapatalk
Android might be too open for Google's liking.
Allowing free streaming of audio and video would only cement Apple's good standing with companies more comfortable with controllable DRM.
Also, Android is seen as a highly vulnerable platform.
No one can have two masters.
Google can't make money on advertising alone.
Alas, only time will tell...
Sent from Tapatalk using Xperia Z1 (C6906)
rans0m00 said:
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Click to expand...
Click to collapse
Two of ways to look at it...
Google never intended for root to happen, initial bootloader vulnerability was an engineering version released by accident
Google loves us and released vulnerable bootloader on purpose, but that jeopardized their agreements with Netflix, Hulu, HBO, etc so they had to patch the hole
I think both have something do with it.
Given Hollywood's fear and lack of understanding of technlogy, they probably heard "rooted" and immediately called the lawyers. Doesn't matter that Chromecast doesn't actually download and store the content, so root really doesn't help in terms of "they have a copy that they can decrypt" - it's just fear.
From a business perspective Google's really pushing this mass market. So if that was the reason, the choice became "We lock it down, make the content providers happy and sell millions - or we don't lock it down, lose the content providers, and have a $35 Google TV that can't even access anything more than YouTube" well....
It's one thing to stand your ground and alienate a large group while still having functionality but standing your ground, alienating a large group and ending up with a fairly useless and unmarketable device is a recipe for angry stockholders.
tl;dr - blame the ignorant content industry decision-makers that think all we want to do is pirate stuff.
Well how willing would a company like Netflix be to support a device that once rooted could be used to steal their encryption and Auth methods So you could steal their content?
A rooted CCast could be programmed to off load the players and content it uses locally,
The content creators and providers know this which is why most content related apps are set up to refuse to work in the presence of root on a device.
Google doesn't really care if your device is rooted or not but the people they want to support the CCast care.
Remember the failure of GoogleTV, The TV Networks blacklisted the device because they believed it would be used to pirate their material and wanted to charge you or google to see it!
Unless you went directly to their site where they could count you as a view and make the money from advertising.
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Click to expand...
Click to collapse
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
bhiga said:
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
Click to expand...
Click to collapse
Hopefully so. At this price point for the item if they can get most apps to use it then they will sell tons of them.
rans0m00 said:
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
actually there is nothing about root other than bypassing the whitelist that lets you play more stuff.
To put it another way....
Would rooting your TV make it do something more than it already does? No it wouldn't would it?
It'a nothing more than who has access to control the hardware but the hardware doesn't do any more than it already does and it still won't play an AVI natively without transcoding so your not really gaining capability, Just removing restrictions that are there to keep control of DRM content to keep Content providers and creators happy.
If they let it stay uncontrolled then devices like this would be supported while Content providers stayed away from CCast due to it's uncontrolled environment.
http://www.webpronews.com/ces-2014-netgear-announces-hdmi-dongle-chromecast-competitor-2014-01
And rooting our androids have opened up plenty of possibilities that otherwise wouldn't be available. Like customs roms and kernels. Which then open the door to tons of stuff.... Its been a minute but I think it was custom kernels that allowed us to use exfat instead of fat32? Currently the chromecast rooted only runs a custom whitelist and a handful of other things. Because that is all we have the option with the only custom rom out. If they figure out how to start adding different functions I don't know what would be possible but yes... From rooting this opened the door to all of this being possible.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
A rooted CCast could be programmed to off load the players and content it uses locally
Click to expand...
Click to collapse
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
hp420 said:
Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yes, and then the Hollywood lawyers would try to stop your coffee maker's maker from making coffee makers. Whoa, that's a lot of makers...
hp420 said:
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Asphyx said:
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Click to expand...
Click to collapse
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
The chromecast was never advertised as an open source device.
Maybe it's time people realize that Google isn't synonymous with 'free, good or open source' .
They are a company and they are here to make money.
Honestly, I'm already set with the chromecast.
Netfliz+Hulu + avia + showbox +vget +plex + tab casting = my money's worth
Sent from my HTC One X using Tapatalk 2
I agree with people have said here.... I can see both sides for the argument as being valid.
I prefer full control of my device but I also realize my type is a very small portion of the people needed to make this device appealing enough for developers to write code to
allow ccast to work.
I'm hoping that root is found occasionally to still keep the devs interested but spread out enough to keep people like netflix and hulu Happy.
Sent from my Nexus 5 using Tapatalk
hp420 said:
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
Click to expand...
Click to collapse
So given a choice of having Media available for a Media device or Rooted device that does nothing you want the Rooted paperweight....
Good for you!
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Rans...Don't get me wrong I don't really have a problem with Root but there comes a point where having control over a device thats express purpose is to stream media and send content to a screen makes having content available more important than having control over Root access to a device that won't do what it is intended to do once you get it!
This is not a phone that you can sideload programs to and make it do something it wasn't intended to do.
It is like saying I want complete control over my TV Operating system and don't care if everyone who makes TV content available won't suppot my device making it a nice peice of electronics you can hack but serves no other purpose.
If rooting lost you Netflix, Plex, aVia and all the other content provider support what good would all that root access get you?
Are developers going to start making movies for you to watch as well?
Or are you just getting root to make your TV an Android box when an Android Stick would do the same thing for you?
Right now the only reason to have root is to Run Team Eureka's rom, And it is well worth having for that!
But if Netflix, Hulu and anyone else who has content to use on the device did a Root Check and stopped supporting your rooted device you would have nothing more than a nice Splash screen on your TV...
It's one thing to be a control freak about your devices...
Just remember the folks who make the content you want to see on your devices have the same desire (and RIGHT) to want to control who sees their content and who doesn't!
And you will blame them for not trusting you not yourself on insisting to have root on a device whose sole purpose is to display someone else's content!
We would all love to have root access to everything in life....
And thinking your going to get more just because you have more control is foolish because we have seen Root get you less from those who HAVE the content you really want.
If all this device could display was stuff you owned no one would need it because there are about 100 different devices that can already do it an better!
I actually think with enough dev support people could figure out how to make the chromecast into quite a bit more. I am not familiar with the limitations of the device itself though.
Before coming to Android I had an iPhone and I had my phone jail broke. Certain apps would not work if it was detected to be jail broken. Usually the devs found a work around and still had the content.
I'm still sticking with best case scenario is this turns out to be an apple vs jail break scene. They keep patching it but devs keep working to find holes and increasing the options users have with their device. This might keep the content providers happy since google would be patching the holes when they are presented.
And when it comes down to other devices doing it better.... Yeah there is always a different options... With the current state of things honestly I still prefer the rokus over the chromecast.
Sent from my Nexus 5 using Tapatalk

Possible Root Exploit?

Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
r3pwn said:
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
Click to expand...
Click to collapse
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
bhiga said:
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
Click to expand...
Click to collapse
The whitelist still exists? I had thought they removed that with the SDK.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
The whitelist still exists? I had thought they removed that with the SDK.
Click to expand...
Click to collapse
According to this in the developer's guide you still have to allow your Chromecast to send its serial number, register your app which gives you an API key, and register your device so it can receive the app.
Only "published" apps will be available without registering your device, so still sounds like Google is the gatekeeper to publicly-available apps.
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Click to expand...
Click to collapse
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
bhiga said:
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
Click to expand...
Click to collapse
I don't think I want to spend that much. If I don't find something else by then, I could just go to GameStop in the mall (right across the street from my school) and get a $15 one.
Sent from my Nexus 7 using Tapatalk
Walmart also sells play cards!
Sent from my SPH-L710 using xda app-developers app
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
We need to get Chainfire to do the rooting stuff.
Asphyx said:
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
Click to expand...
Click to collapse
I was actually thinking that to myself. There has to be some sort of thing to root the device other than the 2nd stage bootloader exploit that was patched already.
Sent from my iPod touch using Tapatalk
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
cmstlist said:
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Sent from my iPod touch using Tapatalk
r3pwn said:
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Click to expand...
Click to collapse
Well the exploit I was referring to would not be in an APK at all...
It would be on the App server CCast loads it's player's from.
The APKs that support CCast do not have any access to the filesystem of the CCast but the Player Apps CCast loads are on the device and the exploit would attack a vulnerability of that app to do something on the unit that the player app never considered.
Sort of like the old WMV exploit to launch web pages inside a Video that if existed as a capability in a CCast loaded Player App could launch a browser operation to a page with the Exploit code.
I'm sure Google has thought about all of that in their implementations but perhaps the 3rd Party Developers have not been so diligent about it.
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Asphyx said:
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Click to expand...
Click to collapse
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
bhiga said:
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
Click to expand...
Click to collapse
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
bhiga said:
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
Click to expand...
Click to collapse
Not that I don't disagree, but for the sake of argument, I think that is Google's cop-out. They haven't concerned themselves with this in prior endeavors, although I'm sure the poor showing of GoogleTV had to smart. The truth as I see it: Google wants the data (sigint, if you will) our 'casting' provides, THAT is why it's walled. They may want to couch it with 'quality, content provider compliance,etc.', but only so far as it maintains THEIR sigint. After all, the content providers will always constrain their content as they see fit...it must be on their servers/cdn networks by their own hand. CC is a protocol, and now cannot be enjoyed without their sigint (framework/Play version). Google's modus is provide convenience products for the non-free price of your sigint data, so you can be sold to advertisers.
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
My explanation above offers a possible reason.
edit: apologies to OP for accidentally steering into non-root discussion!
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
Could be a requirement from the providers due to copyright concerns.

Categories

Resources