Related
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Hoodahottie said:
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Click to expand...
Click to collapse
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
This is a timely question with a very reassuring response. There is F-Droid instead of PlayStore (but it tends to be a few months behind) and OsmAnd instead of Maps (which is better in some ways). I would like to see more in this direction too.
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Unfortunately, this is the biggest problem that the security industry (ie. people like me) face, in trying to explain the issues here.
Here's a small example, to show you the problems, not specifically with the NSA, but with anything "cloud". Let's imagine a malicious attacker is going after you...
Let's look at your gmail account. It's likely that you signed up for it with your old Hotmail account (the previously most common type of email service). Most people did. It's also likely that you protect your Gmail account fairly well, but have likely not changed your Hotmail password in a while. That's likely the best way in for an attacker.
Now, before you say "OK, but what's the risk", let's take a look at what information is accessible to someone getting into your Google account.
Firstly, they know the details of all your android devices (IMEI etc) - they know what tablets you have, what phones you have, and their serial numbers and identifiers. They can also carry out a remote wipe on any of your devices via Mobile Device Manager. Let's come back to this later though
From Google Mail, they have a fair idea of what you're up to, based on your communications to other people. They can access your location history, and data-mine that, to figure out where you are. They can also look at your communications with other people via Hangouts and G+, and attempt to work out where you are (or simply use the GPS location). They can access the location sharing features of google's services, and see where you and your family are. They can see you're not at home (getting your address from an email), and go to your house, aware your kids are home alone, and rob the place, abducting them.
When you return home, you meet a scene of devastation. You take out your phone and call the cops. You call 911/999/112/whatever, but the call was intercepted and passed to the attackers, via software that was installed onto your phone remotely (via the play store's remote push system).
At this point, the attacker takes your phone, and puts you in the back of the van. He uses Google Device Manager, and removes the lockscreen password from your phone (via the forgot lockscreen code feature). This also resets your device encryption password to a known one. At this point, all the devices are turned off, and their SIMs removed, and you are driven to a remote location.
The attackers then call your partner (having got their number from your Google contacts), and demand $1 million, while telling your partner that you know they are currently in <name of place from their google shared location feature>. The same remote access toolkit is installed onto their phone (given they had used your email as a recovery email for their Google account), and this permits monitoring of their phone to check if they call 911 etc.
OK, that all sounds far-fetched, but that is all entirely possible. The sheer amount of data being held about you, by google and other cloud providers, is insane. I didn't even go into the possibility of financial theft here. Cellphones are a very important thing to people, and they often take them for granted. Would you consider that when you called 911 in a moment of need, that someone had remote-installed a piece of malicious software, which exploits an android security hole, to replace the dialer app, and route the call to a rogue attacker, pretending to be the emergency services?
The amount of control that "other people" have over a phone running "Google Apps" is immense. Don't just think about the "NSA" aspects of this - consider how devastating it would be if someone had access to your Google account. And now remember that anyone on the technical team of Google could (in theory) issue an access token to your account to a well-paying attacker...
Oh, and one of the best ways an attacker can get into your Google account is simply to steal a phone or tablet, and extract the Google authentication token. Sure, they might not be able to change your password, but they are now "into" the chain, and will be able to start the attack.
If this don't bother you, I don't know what will...
scanno said:
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
Click to expand...
Click to collapse
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
I
pulser_g2 said:
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
Click to expand...
Click to collapse
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
scanno said:
I
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
Click to expand...
Click to collapse
I've found a nice notepad app, but none yet that use OwnCloud sync.
I was thinking about looking into https://github.com/spacecowboy/NotePad and trying to get it working with the API. It would be fairly easy to remove the "closed" bits like Dropbox sync etc, and use the OwnCloud backend. It would also be nice to add proper encryption of notes later on.
Anyone else interested? (I hate android app coding, I can't even get the dependencies to resolve for it to build... Thus contributing to my dislike for ANYTHING java based)
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
I'm thrilled to hear this! Do other omnirom devs share your opinion?
I know it's early, but does the omnirom team have specific security/privacy ideas they want to implement?
In the long run, I don't see the Android ecosystem remaining in one piece. It's going to fragment. Amazon has already done it. Samsung may make this move. And people who want privacy and secure communications need a rom (and perhaps it's own app ecosystem) to which they can turn.
Please think about changing your why omnirom page. Right now, its pitch is very weak. Add a section about privacy and security and people will flock to this rom.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I'm absolutely shocked every time I hear people say this. So many people just dismiss the NSA spying because they're not terrorists. They don't have the imagination it takes to understand that today's citizen is tomorrow's terrorist. Every country that spied on it's citizens has oppressed them.
I'm not a spy or terrorist, but I don't want my every thought and action logged away to be used against me later.
boernie said:
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I can't post links, but if you want your own secure cloud, look at the Freedombox project. It's Debian based and it has some radical ideas. Eben Moglen and Bdale garbee have worked on it since 2010. Eben Moglen's talk about countries spying on citizens came long before the NSA story came to light.
The website is kind of dead, but in August Bdale gave a talk where he said Freedombox 1.0 should come before 2014. It's on youtube.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
Click to expand...
Click to collapse
There is a pretty simple solution to this!
Don't behave like expected.
Sent from my Find 5 using Tapatalk
Hoodahottie said:
Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
We techsavvy people want more
Click to expand...
Click to collapse
With all due respect to the OP, the above is the major problem. While many of us are "tech savvy" to one degree or another, I think we forget how to read sometimes.
When you're given that stack of papers to sign for your mortgage, car loan, credit card or bank account, how many blindly sign where we are told to be the agent of that company? Do you read what you are signing? If you answer yes, why is setting up your phone any different? We are told that such and such information is going to be collected when we sign up for our Google accounts. We are told that additional information is going to be collected when we set up our phone. Every time we start up GPS services, we are told Google is going to use this data they collect.
This causes me to wonder why it takes people by surprise when they learn that Google isn't a computer hardware and software company, but a marketing company. And even more wonder happens when they mention it's without their knowledge. Reading terms of service is important. They spell out exactly what they are going to do and give you the option not to participate. When I worked for IBM in the 80's, I had to sign away any rights to technology I developed while working there (with the exception of anything I started before employment and listed on their agreement). If I didn't want to do that I was my choice to not work there. The same thing happened with Tricord, Wang, Computer Associates, MAI, Excactium, Pivotal, etc
The other response about the NSA is troubling as well. We elect our representatives in this country every two four or six years. How many of those people that you voted into office voted yes to the Patriot Act? You want some scary reading, research the rights we gave up allowing that to happen.
We are innocent until proven guilty. The NSA "spying" doesn't just ensnare terrorist, but easily the whole population of the USA. Their model of two, three and more levels of contact captures everyone. The real question isn't I'm not a terrorist so why does it matter, it is I'm not a terrorist so why are you doing it?
We setup up these phones with the knowledge we would be tracked. We walk down the street and see security cameras watching. Then we complain about it? We allowed it to happen to have a whiz bang new phone or to feel safer.
" Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin
I work in retail. Every year I hear people complain that we set Christmas stuff too early. Those same people are buying their lights, cards and trees in the same visit. If they didn't buy early, we wouldn't set early. If we truly cared about not being used as marketing data, we wouldn't be using these phones. We wouldn't use Google.com to search. We wouldn't re-elect many of those in office at the local state and federal levels.
Sorry for the rant, I'll step of the soapbox and allow this discussion to get back on track.
Sent from my Nexus 4 using Tapatalk
With no disrespect, I wonder if people who ask me to take full responsibility understand life and power.
I understand that I have to take some responsibility for signing on for services and programs, but I blame the government and corporations more because they are many times richer and more powerful than me.
And they take advantage of that.
How many Terms of service agreements have I had to sign to use internet services? If I really read all of their ToS, I wouldn't have time for anything else. I'll bet that the ceos of these companies haven't read the ToS of their own products. They don't have to because they have the money to hire 50 of the best lawyers and ask them to craft a bullet-proof ToS.
They probably spent tens of thousands of dollars on the ToS. And I stand against all of that money and power, with limited time and resources and no law degree. Am I the one to be blamed? They know I'm tired from work, that I don't have a legal background and my attention span is limited and I need this product, and there is no other choice unless I'm willing to suffer a lot.
Often these multinational corporations control the whole market and I don't really have any choice. Look at the phone OS market now. I can choose between Android, iOS or Windows Phone. My choices are an open source OS built to facilitate spying, an overpriced, closed source, simplistic OS built by a company that co-operates with the NSA or a closed source, proprietary phone from an industry giant accused of anti-competitive behaviour and also collaborating with the NSA.
There's no real choice. Not just in the phone industry, but in most places in life. Powerful people don't become powerful by giving everyone else choices and freedom. They take freedom away. You ask me to take responsibility as if I had another, better choice. Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices. It's always been that way, and why I blame the government, corporations and powerful people more than myself.
To really win, I'd have to devote my life to fighting all these powerful forces and even if I win, I'll have to spend the rest of my life defending against other crooks who'd try to do the same thing. I wouldn't have any time left for a life.
"You ask me to take responsibility as if I had another, better choice."
Who else is responsible for your actions?
"Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices."
Yes, these companies are in business to make money. That is no different than you having a job to make money.
But do not tell me you or Bill or Steve or Larry do not have à choice. Ever heard of CP/M? An Altair? AltaVista? If you haven't, here is some history.
CP/M was a dominant operating system before DOS. Bill Gates made a choice to create Altair Basic for the Altair microcomputer being sold mail-order. That was the start of Micro-Soft (now Microsoft). He made another choice to create MS-DOS to compete against CP/M for the IBM PC and clones. He made another choice to start work on Windows to compete against Apple's graphical interfaces and IBM's TopView.
Before Steve Jobs made the choice to sell Woz's garage built microcomputer (later named the Apple) there was the Altair mentioned above. They made a choice to build an alternative.
Larry Page and Sergey Brin made the choice to start Google, thinking they could do search better than AltaVista, Yahoo, Excite, HotBot, MetaCrawler, etc.
Powerful people become powerful many times by giving others alternatives. The above mentioned powerful people are examples.
We can make the choice to use prepaid basic phones and not worry about anyone watching us because you don't use personal information to activate.
"To really win, I'd have to devote my life to fighting all these powerful forces"
You should. Doing so makes you powerful. Recently two women changed how one of the world's largest food brands makes their products. One of them eventually dropped out of the spot light and it became the crusade of ONE woman. Kraft Foods is changing how they make some of their Mac and Cheese products due to the efforts of one individual. No more Yellow #5 in their Mac and Cheese products specifically marketed at children. That was a choice she made. A fight that became part of her life.
We all have choices. We are all responsible for our own actions. We can't blame government as a whole because they are largely elected by us. We work to make money to live the life we choose. Corporations (started by individuals) do the same thing.
Sorry again for diverting off topic, but I have a difficult time with responsibility shifting to account for mistakes. We all make them (this reply is probably one of mine). A wise person once said, the man who makes no mistake, usually doesn't make anything worthwhile.
This particular set of threads, all the Omni threads, are what make communities like this work. We can voice opinions, state facts, help with commands to build a repository, compile a kernel, even agree to disagree.
This is how XDA started, while maybe some sections have stayed from the roots, Omni has brought it back full circle.
Sent from my Nexus 4 using Tapatalk
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
You may want to skim through this: http://online.wsj.com/news/articles/SB10001424052748704471504574438900830760842
Some laws (in many? all? countries) are so loosely worded that you're probably breaking some of them right now. Now remember that the government/google/facebook/whoever is watching everything you do. If you ever become "a problem" you're not going to be too difficult to "deal with". Just a potential look at one of the many problems with complete surveillance.
You guys talk about this as if Google, Facebook and all these companies willingly gave up this information.
But the reality is this: the government (NSA) asks for the data. If the companies deny them this, the NSA then goes to obtain a generalized warrant from the FISA courts, secret courts with a 99.7% warrant approval rate, and then obtain the data regardless of what these companies want.
And for those of you who STILL think it's the companies, read this: http://www.washingtonpost.com/world...1d661e-4166-11e3-8b74-d89d714ca4dd_story.html
---------- Post added at 10:38 AM ---------- Previous post was at 10:31 AM ----------
And yes, these companies DO own your data. As soon as you click "I accept these terms" on the registration page, they are now the owners of everything that goes through their online services.
But, here's the catch. Companies are individuals too, as established in Citizens United v. FCC, and are protected under the same rights as any other individual. And it logically follows that because of this, it is a breach on each company's 4th amendment rights for the NSA to obtain generalized warrants, that list NO goal for the investigation, and use these in order to force each company to fork over account details among other things.
frustration pure
one of the most common arguments of those who don't care or don't want to face the
risks of others knowing anything or almost everything of us is:
i have nothing to hide so what !
now to make a point i would like to come up with a very simple and for many
perhaps a bit strange example but i think most will understand what i mean.
ALBEIT I'M ALLOWED TO MAKE LOVE TO MY WIFE AND IT'S TOTALLY LEGAL
AND RIGHT, I DO NOT WANT ANYONE TO LISTEN OR WATCH :laugh:
UNDERSTOOD ?
regards
+1
I've been lurking and decided to give my opinion. First though, let me give a little background. Two years ago I bought my first Nexus and I rooted it right away. I left the bootloader unlocked, the CWM recovery installed, and USB debugging left on. Any app that could log me in automatically I allowed...Ebay, Amazon, Gmail, etc. I thought I was doing a good job protecting my privacy by using a strong password lock and installing Lookout.
I had no idea how easy it was to gain access to all of my data. My ignorance would not have protected me. Now to today. I have a rooted phone, but the bootloader is locked with the stock recovery installed. I will install a custom rom when a good one is available, but the stock recovery will be re-flashed and the bootloader locked when I'm done. I still use Lookout. I'm using LastPass to manage unique strong passwords now...no more saving passwords. I'm waiting for ADB Toggle to be fixed for Kitkat and USB Debugging will be turned off when my phone plugs into a computer. I am constantly looking for ways to protect my data.
To have total convenience, you must give up privacy and security. To have total privacy and security, you must give up convenience. I know that google has access to EVERYTHING I do with my phone and am not happy about it. I try to be informed and balance convenience, privacy, and security.
:good: I second the suggestion that OmniROM should attempt to become the ROM for people who want to protect their privacy and security. :good: There is a lot that can be done at the operating system level that cannot be performed by individual apps. Sure, I love all the features that custom ROMs offer and look forward to see what can be done, but privacy and security are #1 for me.
If you agree, then +1 this post.
i guess this is a general subject, but fits in this forum because we're (nexus users) probably more affected than the rest of the android world. In short, i'm not liking Google's thirst for collecting info in order to sell us ads, tailor and filter information that gets to us, or even sell our info to other companies (android police had an article a while back about a company who was doing this). But let's go back in time a bit first...
My first android device was back in 2010, and i've been through a few htc and samsung devices, galaxy nexus, nexus 4 and of course nexus 5. Now, whoever had a galaxy nexus might remember how android was back then, ICS just came out, it was the first version that could actually compete with it's rival OS's, and the official builds on the galaxy nexus were very close to AOSP.
On the nexus 4 we started to see some changes, Chrome replaced AOSP's browser (Browser) even though it was still not ready for that role yet and despite it coming a long way to where it is now, IMO it's still not as good as the stock browser was. Google Play Music also replaced Music as the default music player and so on..
On the nexus 5 Hangouts replaced stock Messaging (in my opinion it also is not ready for that role yet) and last but not least we're witnessing how G+'s Photos is going to replace Gallery (which is simple and fast, works great, and has a mighty lil photo editor).
Let's add to that Photosphere, a feature exclusive to nexus devices, and the Google Experience launcher (exclusive to nexus 5). So we've reached quite a big divergence from AOSP.
Another thing is how Google is forcing it's social network, either through binding playstore/youtube comments with it, photos, G+ sign in, Game hub (Play Games) etc.. Basically, you have to have G+ to be able to do simple stuff.
Also, we all know that one of the reasons they killed microSD support was to get people to use their cloud services, Keep, Drive, GMusic, G+ autobackup photos...
Other than forcing it's services, Google likes to tailor things for us. A simple example is the Youtube app, it's default opening screen is "What to watch" instead of subscriptions.
Also, Google Now is a cool concept, and it can be very helpful, but it kind of adopts the concept of offering you the info (it thinks) you need, according to certain algorithms. And that's the way Google's search engine has been functioning for years. And it's not only a Google thing, everybody does it, facebook, yahoo etc..
If you've read this far, and this subject interests you, watch this TED talk http://www.youtube.com/watch?v=B8ofWFx525s
I've been thinking about this subject for a while, and honestly, i have mixed thoughts about it. I use Google's services and i actually like Google as a company -despite the lil rant above- but i try my best to control what info i share with them, and i'm definitely not liking the route Google is taking with android, causing fragmentation even between nexus devices, closing down a lot of open source services and forcing it's own, and tailoring stuff for me. I don't need someone to think or make decisions on behalf of me, i want to be able to decide what i want to see/read/know about/use. I also want android to stay as open sourced and available to everyone as it can be.
So what's your take on this subject? do you have any concerns about your privacy and the info you share with Google's servers? and how about the android -or should i say Google- experience on the N5 compared to AOSP or past experiences you had with previous nexus devices, do you see any difference?
Google uses your data to build out great services. They also get a lot of money for advertising, and that's just the way it is. Do you think they should give Maps and Gmail away for free to people without getting something in return? Everyone who buys a Nexus device or uses Google's services understands this. You said in your post that Google forces their services on us, but you aren't being forced to use a Nexus device, or use Maps and Gmail. You made that decision yourself, so I don't understand why you're complaining.
Oh no, Google can't do nothing bad. It's Apple's fault.
Sent from my Nexus 5 using Tapatalk
I don't really understand what you are getting at. If you don't like all of the Google services then why not install cyanogen mod? The sole purpose of a business is to make money for it shareholders and Google is a business. They provide amazing apps and services for "free". I put free in quotes because you are indirectly paying for it. No one is forcing you to use Google phones or Google services.
Edit* okay I do understand what you are getting at but I don't feel that Google is hiding it from its users. It's no secret that Google sells ads. That is their business. They can become a more successful business if they gather more information about its users. I am aware of what Google does when I use its services and I accept it because I use the services they provide and don't have to pull out my credit card.
It's not that hard to understand; why are we all flaming this dude? He was just asking for everyone's opinions.
I agree with you 100%. Especially as I initially made the switch from CM9 to CM10, I was really wary about Google Now. It seemed like it was collecting waaaayyyyy too much info. The G+ integration in Google Play and Youtube also ticked me off.
However, the more I think about it, Google is still being sensible. Google Now can't be compared to Siri because Siri can't do crap; Siri just takes what you say and searches it up. Google Now can be turned off, and if you don't want it always tracking your location, just turn off location and it'll turn off all the location-based cards.
I'm also intrigued (not concerned) by Google's recent actions, especially with the acquisition of Moto, the release of Moto X and Moto G, and the introduction of so many GPe devices. Perhaps Google feels threatened by Samsung and feels the need to tighten its grip? The Nexus/GPe community used to be solely dominated by Samsung, but now it's seen entrances by HTC, LG, Asus and Sony. It seems to me that everything Google has done in the past few months has been forced by Scamsung and Crapple, and that we shouldn't really feel concerned in any way...yet.
The whole world runs on information and EVERYONE is trying to collect as much as possible. You might as well let it benefit you. Imagine if you had to pay for an email client, gps, countless news subscriptions, data hosting, and on top of that, had to pay for every new software version as it was made available. Even paid services are focused primarily on learning as much about you as possible. At least they are trying to learn what interests you to offer you something you might actually want!
I for one am very sad to see Google's Android deviate so far from pure Android. I am not a fan of the Google Experience launcher and I miss the beautifully simple AOSP experience. Even when I do run stock android, I fill it up with Google services. I think the point here is that you should choose what you want... ESPECIALLY with a Nexus device. The Nexus has become too commercial with the N5.
Sent from my Nexus 5 using xda app-developers app
I dont want anyone selling my data. I do appreciate that I use many Google services for free so I'm happy for their bots to analyse my data to sell tailored advertising to support these services.
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
rootSU said:
I dont want anyone selling my data. I do appreciate that I use many Google services for free so I'm happy for their bots to analyse my data to sell tailored advertising to support these services.
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
Click to expand...
Click to collapse
Long as i dont get junk in my email or mailing address, besides what do you got to hide huh? unless you're al qaeda right? or some terrorist..
Google doesn't sell your info to other people, and nor does it "read" your inbox or someone is "reading" it, it looks for certain keywords then deliver ads based on that... test it your self on your phone email your self with any subject and just make a random sentence containing the word viagra, you will now receive ads that have to do with "Male enhancement pills".. google does this to provide cheap devices such as the chromecast and nexus line they want you to buy it in return for your interests then deliver ads based on that then google gets paid by the advertiser or the marketing campain, so lets just call this instead of google stalking you or like mining your information like gold think of it as google trying to see what you're interested into and deliver that to you!
oh also inb4 someone says punctuation is your friend
I've always been very bugged about this that's why I try to download privacy apps to control what permissions they are asking for
Sent from my Nexus 5 using Tapatalk
Google is just a modern day netzero (from back in the days). The sooner you realize that, the better you'll be able to set your expectations.
That being said everything you find worrisome, you can substitute with a different service. It's not being forced to you.
The reality is, you made a calculation that the benefits outweighs the costs. You just may not be conscious of it.
Lastly, the nexus line is pure Google, it's not pure asop. It's Google flavored android, just as htc one is htc flavored android.
Sent from my Nexus 5 using Tapatalk
---------- Post added at 12:08 AM ---------- Previous post was at 12:04 AM ----------
nohcho said:
Oh no, Google can't do nothing bad. It's Apple's fault.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Stawman
Sent from my Nexus 5 using Tapatalk
markdapimp said:
Long as i dont get junk in my email or mailing address, besides what do you got to hide huh? unless you're al qaeda right? or some terrorist..
Google doesn't sell your info to other people, and nor does it "read" your inbox or someone is "reading" it, it looks for certain keywords then deliver ads based on that...
Click to expand...
Click to collapse
This is exactly my point. You seem to be arguing my point back to me, which makes no sense. Perhaps you misread my post
Nothing online belongs to you.. there are many ways to stay frosty on android.
Sent from my AOSP on HammerHead using Tapatalk
i guess some people didn't get my point, maybe since English is not my native language.
Anyways, as i mentioned in my previous post i do use Google services, and i'm grateful that most of them are free. But it's getting harder and harder to control your privacy. Look at the new location concept in kitkat, you can't switch location OFF completely from the power widget, you have to take additional steps and go into settings. Furthermore, on previous versions, you could use GPS, let's say for sport tracking apps, but deny location from all Google apps. Now you can't do it anymore, even if you use "device only" Google's apps (and facebook and others) are able to ask for your location.
Same goes to the Photos app, if you log in your G+ account, and choose photos from the slide menu, you'll see all your photos, even if they are still only on your device (autobackup OFF), something like the GMusic concept with on-device/cloud music. Honestly, i don't want my photos on G+, and i have a feeling i'll be forced soon to upload them whether i like it or not, just like the location thing.
Also i want to be able to choose what G services i want to use. AOSP still gives that freedom, but no one can deny that Google progressively is stopping to develop AOSP apps, and it's forcing it's own. I think some around here take stuff that Cyanogenmod or the Paranoid team (and others) do for granted. I think people should be thankful for things like 8Sms , Focal and so on, and recognize the effort put in them, and help (test/report bugs) and donate to those devs to encourage them to polish these apps and make them even better. Honestly, i think we were lucky to get to choose what sms client we want as default, if it was up to Google, we wouldn't have that option available.
And lastly, look at what happened to App Ops, it would've been a nice tool to give back control to the end users, but it was killed in the last update with a statement that it was never meant to go public. If they are afraid some people will misuse it and break app-functionality (then whine about it) , well they could've put it in Developer Options right beside ART and the rest of the stuff that can potentially break things on your device.
So as a conclusion, i do like and use Google services, but i also don't want to be forced to share my private data, i just want to be able to do it in the range that i'm comfortable with, and putting everything on Google's servers does not make me feel comfortable :good:
You're never forced to share your data... You don't even have to use your real name on an account!
Sheesh.
Sent from my Nexus 5 using Tapatalk
Cirkustanz said:
You're never forced to share your data... You don't even have to use your real name on an account!
Sheesh.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That's cool, can I use your name when buying my next phone.... how about my Google store/wallet account, oh yeah and PayPal
makes you wonder why so many laws in the past prohibited such practises... they must of been real stooooopid!! haha
also if it was a bad thing lots of literature would have been written about it, warning us
meangreenie said:
That's cool, can I use your name when buying my next phone.... how about my Google store/wallet account, oh yeah and PayPal
makes you wonder why so many laws in the past prohibited such practises... they must of been real stooooopid!! haha
also if it was a bad thing lots of literature would have been written about it, warning us
Click to expand...
Click to collapse
Don't be silly.
You can pay cash for an Android phone. You can even pay cash for a Nexus 5.
You have the option of paying for mobile purchases with your carrier account, and have you never heard of a pre-paid visa card? There are all kinds of ways to get one without providing any personally identifiable information of any kind. The point of google store purchases being an invasion of your personal information is also entirely moot as you can very easily use an Android phone without making a single purchase on the play store.
You don't even have to use wallet, in fact most Android users CANNOT even use wallet to its fullest since they don't have NFC in their phones.
For real now, if you think your personal data is so valuable and sacred, have fun not having a checking account, loan, a real job, or a real place to live.
You don't even have to have google services running on your phone. This is XDA...install a custom rom and just don't load gapps. Or be even more lazy about it and just disable those apps in settings and they don't run.
That's me being silly. See how that works?
Here's my theory on the issue...
The way I see it is that a person has three choices:
1. Go completely off-the-grid, paying (limited) bills in cash, never engaging with the internet, and forgoing many modern technological conveniences.
2. Allow some personal information here and there, trying to maintain control by engaging with services that can be discontinued when they "cross the line".
3. Allowing access to all personal information online, engaging with anything and everything.
The third is simply not an option for me. I have no desire to have for-profit corporations spamming me with offers for crap I don't want and selling my private, personally identifiable information to anyone and everyone.
The first is really not an option, either. I don't want to be completely cut off from friends or have contacting them be excessively difficult. It is convenient to pay my rent, utilities, and other bills online. Frankly, I'm not good enough with any type of work that allows one to go off the grid to make a living.
So, that leaves me with the second option. I monitor changes to privacy and terms of service policies for the services that I use. I try to limit the services that I use. Obviously, I have a bank account and that comes with the need to provide some information to the bank, but also the ability to monitor my money and immediately flag appropriate people if anything suspicious happens. I have a Google account and a Nexus 5, ergo I use Google's services. And here's what's important to me: I can delete my Google account any time I want. With something like Facebook, it was a lot more difficult to do that once I became uncomfortable with my of the changes Facebook was making. Also, with Google, I can opt-out of many of the services that make me uncomfortable, such as targeted advertising or using my +1's as endorsements. If that ever goes away, I will absolutely reconsider my position. I maintain multiple Google accounts, actually, as a means of limiting who can see what information about me. I have a personal account, which has the most information about me and which is as locked down vis-a-vis Google as I can make it, but which allows my friends and family the best means of interacting with me. I have a professional account, which has only information relevant to my work. I have an "partial-incognito" account, which does not have explicitly identifiable information about me. I have a few completely incognito accounts, which I only ever access through very restricted circumstances, like a proxy server, and have absolutely no information that could be tied back to me. Frankly, that's about the best I can do.
I have chosen to make a tradeoff, information for convenience. The line where I am willing / unwilling to make that tradeoff is a massive grey area and I constantly reevaluate it. Sure, it's annoying to have to stay on top of it, but it's a fact of modern life. As long as Google gives me the option to delete my account whenever I want, I give them the benefit of the doubt and continue providing (limited) information about myself in exchange for some extremely useful services (unfortunately, this isn't the same deal I can make with the NSA).
Lokitez said:
Here's my theory on the issue...
The way I see it is that a person has three choices:
1. Go completely off-the-grid, paying (limited) bills in cash, never engaging with the internet, and forgoing many modern technological conveniences.
2. Allow some personal information here and there, trying to maintain control by engaging with services that can be discontinued when they "cross the line".
3. Allowing access to all personal information online, engaging with anything and everything.
The third is simply not an option for me. I have no desire to have for-profit corporations spamming me with offers for crap I don't want and selling my private, personally identifiable information to anyone and everyone.
The first is really not an option, either. I don't want to be completely cut off from friends or have contacting them be excessively difficult. It is convenient to pay my rent, utilities, and other bills online. Frankly, I'm not good enough with any type of work that allows one to go off the grid to make a living.
So, that leaves me with the second option. I monitor changes to privacy and terms of service policies for the services that I use. I try to limit the services that I use. Obviously, I have a bank account and that comes with the need to provide some information to the bank, but also the ability to monitor my money and immediately flag appropriate people if anything suspicious happens. I have a Google account and a Nexus 5, ergo I use Google's services. And here's what's important to me: I can delete my Google account any time I want. With something like Facebook, it was a lot more difficult to do that once I became uncomfortable with my of the changes Facebook was making. Also, with Google, I can opt-out of many of the services that make me uncomfortable, such as targeted advertising or using my +1's as endorsements. If that ever goes away, I will absolutely reconsider my position. I maintain multiple Google accounts, actually, as a means of limiting who can see what information about me. I have a personal account, which has the most information about me and which is as locked down vis-a-vis Google as I can make it, but which allows my friends and family the best means of interacting with me. I have a professional account, which has only information relevant to my work. I have an "partial-incognito" account, which does not have explicitly identifiable information about me. I have a few completely incognito accounts, which I only ever access through very restricted circumstances, like a proxy server, and have absolutely no information that could be tied back to me. Frankly, that's about the best I can do.
I have chosen to make a tradeoff, information for convenience. The line where I am willing / unwilling to make that tradeoff is a massive grey area and I constantly reevaluate it. Sure, it's annoying to have to stay on top of it, but it's a fact of modern life. As long as Google gives me the option to delete my account whenever I want, I give them the benefit of the doubt and continue providing (limited) information about myself in exchange for some extremely useful services (unfortunately, this isn't the same deal I can make with the NSA).
Click to expand...
Click to collapse
That's the type of answer i was looking for, thank you for this :good:
i can recognize myself in most of the things you wrote, basically that's how i feel about it too. i hope we won't get to the part where we'll have to "reconsider our position", but all the closing down and limitations are an indication that we're heading that way (i hope i'm wrong).
I started this thread to hear what others think about this subject, and to see if maybe i'm being excessively paranoid
Cirkustanz said:
Don't be silly.
You can pay cash for an Android phone. You can even pay cash for a Nexus 5.
You have the option of paying for mobile purchases with your carrier account, and have you never heard of a pre-paid visa card? There are all kinds of ways to get one without providing any personally identifiable information of any kind. The point of google store purchases being an invasion of your personal information is also entirely moot as you can very easily use an Android phone without making a single purchase on the play store.
You don't even have to use wallet, in fact most Android users CANNOT even use wallet to its fullest since they don't have NFC in their phones.
For real now, if you think your personal data is so valuable and sacred, have fun not having a checking account, loan, a real job, or a real place to live.
You don't even have to have google services running on your phone. This is XDA...install a custom rom and just don't load gapps. Or be even more lazy about it and just disable those apps in settings and they don't run.
That's me being silly. See how that works?
Click to expand...
Click to collapse
well none of that was my point, but don't worry about it. your willing to give my and my children's freedom away.. no argument will ever be good enough for you to stop you doing that.
Personally i don't care what Google knows about me (i'm not that interesting and i got nothing to hide - heck let the NSA spy on me too. don't care). I love their services and don't see anything wrong with them using my info to make $$. They are providing me with a service that makes my life a lot easier/better. I also really like the consolidation of Google aps and services and the synergy it creates. Google may force you to use one service to access part of another, but they do not force you to use anything you choose not to. If you don't like G+ integration, don't use Google's suite. I'm not trying to flame the OP, but i just don't get the point of this post. If you don't like something the best way is the speak with your wallet. If enough people do that maybe Google will pay attention.
---------- Post added at 12:58 PM ---------- Previous post was at 12:49 PM ----------
rayiskon said:
That's the type of answer i was looking for, thank you for this :good:
i can recognize myself in most of the things you wrote, basically that's how i feel about it too. i hope we won't get to the part where we'll have to "reconsider our position", but all the closing down and limitations are an indication that we're heading that way (i hope i'm wrong).
I started this thread to hear what others think about this subject, and to see if maybe i'm being excessively paranoid
Click to expand...
Click to collapse
this is why you started the thread? to hear opinions that validate your own? i thought it was to spark discussion?
can anyone pointe to the thread to root a nexus 6 with marshmallow on it please? i search but i see a lot of old, conflicting and outdated reports
I just want solid instructions that somebody here already used
cpugeeker said:
can anyone pointe to the thread to root a nexus 6 with marshmallow on it please? i search but i see a lot of old, conflicting and outdated reports
I just want solid instructions that somebody here already used
Click to expand...
Click to collapse
Here are the steps I used:
- flash/upgrade to Marshmallow
- flash modified boot.img
- flash/boot TWRP and sideload latest v2.50+
No. Not that unless you want unknown evil invading your phone and stealing your private information.
Use this instead;
http://forum.xda-developers.com/nexus-6/general/root-t3231211
doitright said:
No. Not that unless you want unknown evil invading your phone and stealing your private information.
Use this instead;
http://forum.xda-developers.com/nexus-6/general/root-t3231211
Click to expand...
Click to collapse
WOW what happen with them? I found some readings but now all. What exactly went down? Any good reads on this?
doitright said:
No. Not that unless you want unknown evil invading your phone and stealing your private information.
Use this instead;
http://forum.xda-developers.com/nexus-6/general/root-t3231211
Click to expand...
Click to collapse
lol. I appreciate your work on providing other root access methods, but you really shouldnt go around claiming made up info as fact and trying to spread fear everywhere you can. You have no proof whatsoever of the things you claim.
EniGmA1987 said:
lol. I appreciate your work on providing other root access methods, but you really shouldnt go around claiming made up info as fact and trying to spread fear everywhere you can. You have no proof whatsoever of the things you claim.
Click to expand...
Click to collapse
You obviously don't know the first thing about security, or the gravity of offering root control to an unknown entity.
To make it simple, unless you can *prove* that something is safe, the only rational assumption is that it isn't.
In other words, it is not my place to prove them unsafe. It is your responsibility to prove that they are safe, and frankly, that is an impossible task.
Feel free to use whatever you like. But don't go recommending to somebody that they take dangerous risks that are unnecessary.
---------- Post added at 01:33 AM ---------- Previous post was at 01:27 AM ----------
cpugeeker said:
WOW what happen with them? I found some readings but now all. What exactly went down? Any good reads on this?
Click to expand...
Click to collapse
It was almost acceptable when it was maintained by a single individual, but at some point fairly recently, the code was transferred/sold to an outfit that has been buying up all the root control software that can be found on play store.
Although the original author continues to make the software available under his pseudonym, there is no indication of the contract in place between him and the software's new owners, and no indication of their motives.
That makes the situation incredible frightening and dangerous.
doitright said:
You obviously don't know the first thing about security, or the gravity of offering root control to an unknown entity.
To make it simple, unless you can *prove* that something is safe, the only rational assumption is that it isn't.
In other words, it is not my place to prove them unsafe. It is your responsibility to prove that they are safe, and frankly, that is an impossible task.
Feel free to use whatever you like. But don't go recommending to somebody that they take dangerous risks that are unnecessary.
Click to expand...
Click to collapse
So something that has always been a bit closed, yet still trusted and used, gets transfered to a newly made company started through XDA leaders and still maintained currently by Chainfire for a while, and suddenly this means secret organizations with corrupt ties have suddenly taken control of the Android root world?
EniGmA1987 said:
So something that has always been a bit closed, yet still trusted and used, gets transfered to a newly made company started through XDA leaders and still maintained currently by Chainfire for a while, and suddenly this means secret organizations with corrupt ties have suddenly taken control of the Android root world?
Click to expand...
Click to collapse
It doesn't guarantee that it's bad. But for it to not be controlled by the creator (a first ballot Hall of Famer in this community) and ownership switched to an unproven entity, it turns it from solid and secure to who knows what. The new owners could be just as good. But we should skeptically wait and see
EniGmA1987 said:
So something that has always been a bit closed, yet still trusted and used, gets transfered to a newly made company started through XDA leaders and still maintained currently by Chainfire for a while, and suddenly this means secret organizations with corrupt ties have suddenly taken control of the Android root world?
Click to expand...
Click to collapse
It is not really a newly made company and no where are the XDA leaders involved.
Now make no mistake. Chains SU will be around for a very long time. Will there be other options? Sure, there are many already. If not as mainstream. Apps like this will come and go. It is the nature of the beast.
Now before people start bashing others they better have something to prove it. Other wise they have nothing to say worth listening to.
zelendel said:
It is not really a newly made company and no where are the XDA leaders involved.
Click to expand...
Click to collapse
Could you provide some info on the company to the people here then? Because business filings say that you are wrong on that. The filings for the company were done on August 11th of this year and they rent a virtual office space at the Trump Building on Wall Street. Chainfire himself also said that the XDA leadership was involved in getting his project moved over to this company. Now maybe he wasnt supposed to let that slip, IDK, but he did say it.
EniGmA1987 said:
Could you provide some info on the company to the people here then? Because business filings say that you are wrong on that.
Click to expand...
Click to collapse
Just look deeper and you will see. Just because they have a different name, or make an off shoot doesnt really make them a different company. If you read you will see that they already have their fingers into a few SU apps already. Dont you think that is odd for a new company?
XDA admins only made introductions. I personally dont really care. Nor should anyone really. If you are using SU then you know the risks you run and how to spot them.
zelendel said:
Just look deeper and you will see. Just because they have a different name, or make an off shoot doesnt really make them a different company. If you read you will see that they already have their fingers into a few SU apps already. Dont you think that is odd for a new company?
Click to expand...
Click to collapse
What would be incredibly useful and go a long way in putting people's minds at ease, would be a realistic explanation of the MOTIVATIONS of this company, WHICH IS NEW, regardless of your perception of it being a simple name change, for acquiring and controlling ALL of the different mechanisms for controlling root on Android.
Frankly, I can imagine only a few motivations, none of which ANYONE should be ok with;
1) Charging for it,
2) Forcing ads that the user cannot control,
3) Backdoor/botnet/etc.
You need to remember that while their software will prompt you when some OTHER software tries to access root, it has the ability to hide its own use of root, as well as to wipe evidence from the logs.
Root access should ONLY EVER be open source.
doitright said:
What would be incredibly useful and go a long way in putting people's minds at ease, would be a realistic explanation of the MOTIVATIONS of this company, WHICH IS NEW, regardless of your perception of it being a simple name change, for acquiring and controlling ALL of the different mechanisms for controlling root on Android.
Frankly, I can imagine only a few motivations, none of which ANYONE should be ok with;
1) Charging for it,
2) Forcing ads that the user cannot control,
3) Backdoor/botnet/etc.
You need to remember that while their software will prompt you when some OTHER software tries to access root, it has the ability to hide its own use of root, as well as to wipe evidence from the logs.
Root access should ONLY EVER be open source.
Click to expand...
Click to collapse
The open source was done once. It didnt last very long and due to the nature of SU will never stay open source and mainstream at the same time. If someone wants to charge for the SU app then ok let them. Heck most already paid for the SU pro anyway. No point in going on a witch hunt before there is something to hunt. All we can do is sit back and wait. If chain trusts them then I am willing to give them a chance. Root itself is a security risk and anyone that does root should know just what they are doing. If not then they get whats coming to them.
This is not this companies first root app. As stated they own/profit from just about all the root apps that are around.
zelendel said:
The open source was done once. It didnt last very long and due to the nature of SU will never stay open source and mainstream at the same time.
Click to expand...
Click to collapse
I have no idea how to respond to that besides saying to you that this statement is *ABSURD*.
The open source root was the *FIRST* root, and has persisted. In fact, the root that *I* am working on, is the extension of that very same *ORIGINAL* root done by Koush. It has remained *the* primary mechanism for controlling root access from 2009 to present, except for a brief loss of maintenance during the reign of Android 5.x.
Further, the nature of root REQUIRES it to be open source.
And will be THE ONLY mainstream method of providing root access control for anyone who has ANY consideration for security.
If someone wants to charge for the SU app then ok let them. Heck most already paid for the SU pro anyway.
Click to expand...
Click to collapse
Only because they are being denied simple and mandatory features. This isn't a voluntary charge, this is coercion and even RANSOM.
No point in going on a witch hunt before there is something to hunt.
Click to expand...
Click to collapse
But there IS a witch to hunt: SECURITY. Or lack thereof.
All we can do is sit back and wait. If chain trusts them then I am willing to give them a chance.
Click to expand...
Click to collapse
You are a fool. Not only did the author of that binary root NEVER actually do anything to EARN your trust, the fact that you put your trust into a business arrangement that doesn't even involve you is tremendously scary... for you.
Root itself is a security risk and anyone that does root should know just what they are doing. If not then they get whats coming to them.
Click to expand...
Click to collapse
No. This is entirely invalid. Root is not a security risk when done correctly, in open source, and treated with *respect*.
Binary root control *IS* a security risk, and unfortunately you are wrong again on this, since knowing what you are doing DOES NOT protect you from it. There is NOTHING you can do to protect yourself from binary software that you VOLUNTARILY put into a sensitive position of high trust.
This is not this companies first root app. As stated they own/profit from just about all the root apps that are around.
Click to expand...
Click to collapse
That is a TERRIFYING prospect for reasons I've already discussed.
doitright said:
I have no idea how to respond to that besides saying to you that this statement is *ABSURD*.
The open source root was the *FIRST* root, and has persisted. In fact, the root that *I* am working on, is the extension of that very same *ORIGINAL* root done by Koush. It has remained *the* primary mechanism for controlling root access from 2009 to present, except for a brief loss of maintenance during the reign of Android 5.x.
Further, the nature of root REQUIRES it to be open source.
And will be THE ONLY mainstream method of providing root access control for anyone who has ANY consideration for security.
Only because they are being denied simple and mandatory features. This isn't a voluntary charge, this is coercion and even RANSOM.
But there IS a witch to hunt: SECURITY. Or lack thereof.
You are a fool. Not only did the author of that binary root NEVER actually do anything to EARN your trust, the fact that you put your trust into a business arrangement that doesn't even involve you is tremendously scary... for you.
No. This is entirely invalid. Root is not a security risk when done correctly, in open source, and treated with *respect*.
Binary root control *IS* a security risk, and unfortunately you are wrong again on this, since knowing what you are doing DOES NOT protect you from it. There is NOTHING you can do to protect yourself from binary software that you VOLUNTARILY put into a sensitive position of high trust.
That is a TERRIFYING prospect for reasons I've already discussed.
Click to expand...
Click to collapse
He has done alot to earn my trust. You would know that had to been around as long as I have been.
I am fully aware of the first root. And the reasons behind him stopping its development. The only ones that I am aware of that was even using it was CM and they are almost as much of a joke as MIUI.
I am fully aware of what you are working on and to be honest not something I or many others would use would even use as you are unknown and to be honest not really trusted. Maybe after you have been around a while more people will put faith in you and your projects. Not to mention your attitude is enough to make many not bother with it.
Root is a security risk. Just as any real developer. Even Google is making things like root harder to obtain because they see the risk. But to be honest as I have already said "Mobile security is and illusion" If I was truly worried about security I would not unlock my bootloader or bother with rooting.
Now we can argue this back and forth and never get anywhere. So We can end this here.
doitright said:
You obviously don't know the first thing about security, or the gravity of offering root control to an unknown entity.
To make it simple, unless you can *prove* that something is safe, the only rational assumption is that it isn't.
In other words, it is not my place to prove them unsafe. It is your responsibility to prove that they are safe, and frankly, that is an impossible task.
Feel free to use whatever you like. But don't go recommending to somebody that they take dangerous risks that are unnecessary.
---------- Post added at 01:33 AM ---------- Previous post was at 01:27 AM ----------
It was almost acceptable when it was maintained by a single individual, but at some point fairly recently, the code was transferred/sold to an outfit that has been buying up all the root control software that can be found on play store.
Although the original author continues to make the software available under his pseudonym, there is no indication of the contract in place between him and the software's new owners, and no indication of their motives.
That makes the situation incredible frightening and dangerous.
Click to expand...
Click to collapse
This is almost the most amazing post on xda. :good:
Could you kindly prove that the Google Factory Image is safe? Otherwise I would advise you destroy your handset immediately as its probably not safe.
zelendel said:
He has done alot to earn my trust. You would know that had to been around as long as I have been.
Click to expand...
Click to collapse
I've been around longer than you. Try again.
I am fully aware of the first root. And the reasons behind him stopping its development. The only ones that I am aware of that was even using it was CM and they are almost as much of a joke as MIUI.
Click to expand...
Click to collapse
I won't argue with CM being a joke, but MOST people used Koush's superuser up until they were stopped by selinux.
I am fully aware of what you are working on and to be honest not something I or many others would use would even use as you are unknown and to be honest not really trusted. Maybe after you have been around a while more people will put faith in you and your projects. Not to mention your attitude is enough to make many not bother with it.
Click to expand...
Click to collapse
Speak for yourself, but don't you DARE to speak for others.
As far as the trustworthiness of my work goes... go ahead and AUDIT IT. The code speaks for itself.
Root is a security risk. Just as any real developer.
Click to expand...
Click to collapse
I ask myself. Answer is that you have no idea what you are talking about.
Even Google is making things like root harder to obtain because they see the risk. But to be honest as I have already said "Mobile security is and illusion" If I was truly worried about security I would not unlock my bootloader or bother with rooting.
Click to expand...
Click to collapse
Google is correctly worried about the dangers of binary root. As YOU should also be.
Now we can argue this back and forth and never get anywhere. So We can end this here.
Click to expand...
Click to collapse
Only because you have degenerated into personal attacks rather than rational argument.
---------- Post added at 06:07 PM ---------- Previous post was at 06:05 PM ----------
Amos91 said:
This is almost the most amazing post on xda. :good:
Could you kindly prove that the Google Factory Image is safe? Otherwise I would advise you destroy your handset immediately as its probably not safe.
Click to expand...
Click to collapse
I can't prove that google factory image is safe. I can make a strong argument to suggest that it most likely is, and I can prove that AOSP is safe.
FYI: I use a Nexus, so I'm not limited to factory images, as implied by your last sentence.
Well, I'm no techie, I'm just an end-user of other people's talented work, but I'm with doitright on this one. I have trusted Chainfire for years - I have a number of his apps on my device, all of them paid for even though most work perfectly as free apps, simply because I do trust his work. Even if it's closed source black box stuff, he has always appeared to be a straight-up guy.
Still, once the black box passes into company ownership, at that point my trust ends. Companies are not charities hoping for donations. They want some return on whatever investment they've put into taking over SuperSU. Bottom line, I don't trust companies - and yes, that does include Google or Alphabet or whatever piece owns Android these days. I live with the knowledge that I am the product - my choice.
It's also my choice to opt for an open-source solution over a black box one. If doitright's superuser can be audited by people who know what they're looking at (I don't) then that'll do it for me.
And as an afterthought, yes, doitright is a spiky character. So is Torvalds. So what? As long as he comes up with the goods I have no problem with it. He comes across as passionate, doesn't suffer fools gladly (and that is just a saying, I'm not referring to any posters), and since I'm pretty much the same, if a bit more politic in the way I write, I can't criticise that...
doitright said:
Feel free to use whatever you like. But don't go recommending to somebody that they take dangerous risks that are unnecessary
Click to expand...
Click to collapse
Risk = Chance * Effect.
doitright said:
I've been around longer than you. Try again.
I won't argue with CM being a joke, but MOST people used Koush's superuser up until they were stopped by selinux.
Speak for yourself, but don't you DARE to speak for others.
As far as the trustworthiness of my work goes... go ahead and AUDIT IT. The code speaks for itself.
I ask myself. Answer is that you have no idea what you are talking about.
Google is correctly worried about the dangers of binary root. As YOU should also be.
Only because you have degenerated into personal attacks rather than rational argument.
---------- Post added at 06:07 PM ---------- Previous post was at 06:05 PM ----------
I can't prove that google factory image is safe. I can make a strong argument to suggest that it most likely is, and I can prove that AOSP is safe.
FYI: I use a Nexus, so I'm not limited to factory images, as implied by your last sentence.
Click to expand...
Click to collapse
I only speak for the developers I have talked to about using your root set up instead of chains. Got the same answer from all of them.
As for being around longer then me in the modding area. I would put a bet on that. I have been modding phones before a smart phone was even a thought.
You were the first to throw insults. As seems to be your way. Anyone that doesn't agree with you is called a fool or other wise.
Nope you are right. I have no idea what I'm talking about. Now excuse me I have some bugs to fix thanks to Google messing things up.
I have Oneplus 3T Oxygen OS 4.1.6
My friend told me yesterday that android can be easily hacked, But i dont believe him
I have encryped my device+lockscreen pin+fingureprint+No malwares+ security pin for recovery and os startup too
Usb debugging is disabled, as well as oem unlocking disabled too, My question is if someone steals my device will he be able to get my data?, Will he able to change IMEI?, Without changing any hardware
My friend is betting on that android can be hacked even if i its secured. Is there any chances that it can be hacked????
Does this friend even have any specific technical knowledge of smartphones, Android, etc.; or just repeating rumors and hearsay?
Speaking not as a security expert, but just as a longtime Android user: Hacking like you said (unmodified phone, stealing it and trying to access your personal data) is pretty much nonsense. In strict technical terms, any device can be hacked eventually. But it would be difficult to do so, given the phone is encrypted. And by the time they did that, most folks would have been savvy enough to cancel their credit cards, change their important passwords, etc.
You can also remote wipe the phone, although it needs to be powered on, and connected to the Internet to do so. And smart thieves will have shut off the phone and/or turned on airplane mode.
Predominating philosophy would be that criminals are going for the lowest hanging fruit. It's far more likely the thief will just wipe the phone, and try to sell it. On the data theft side, there are easier methods to steal personal info than trying to hack an encrypted phone.
https://xkcd.com/538/
Didgeridoohan said:
https://xkcd.com/538/
Click to expand...
Click to collapse
Yeah, pretty much!
redpoint73 said:
Does this friend even have any specific technical knowledge of smartphones, Android, etc.; or just repeating rumors and hearsay?
Speaking not as a security expert, but just as a longtime Android user: Hacking like you said (unmodified phone, stealing it and trying to access your personal data) is pretty much nonsense. In strict technical terms, any device can be hacked eventually. But it would be difficult to do so, given the phone is encrypted. And by the time they did that, most folks would have been savvy enough to cancel their credit cards, change their important passwords, etc.
You can also remote wipe the phone, although it needs to be powered on, and connected to the Internet to do so. And smart thieves will have shut off the phone and/or turned on airplane mode.
Predominating philosophy would be that criminals are going for the lowest hanging fruit. It's far more likely the thief will just wipe the phone, and try to sell it. On the data theft side, there are easier methods to steal personal info than trying to hack an encrypted phone.
Click to expand...
Click to collapse
I understand what you said, There was a debate between me and my friend which is better ios or android, He told me even with extreme security on android i can be easily hacked without even any harware change? This thing is annoying me, How could someone get access is I have encrypted+security pin+Recovery Pin. Is it still possible to get into device?
Your friend sounds like a crazy apple fanboy (no offense). I personally wouldn't even bother to engage in that argument, it's pointless. Don't worry, your device is perfectly safe.
Ritss778 said:
There was a debate between me and my friend which is better ios or android
Click to expand...
Click to collapse
I suspected as much. I don't think your friend has any clue about Android or smartphone security.
Ritss778 said:
He told me even with extreme security on android i can be easily hacked without even any harware change? This thing is annoying me, How could someone get access is I have encrypted+security pin+Recovery Pin. Is it still possible to get into device?
Click to expand...
Click to collapse
Your friend is just plain wrong if he is saying your phone can be "easily" hacked just because it's Android. This just sounds to me like an ill-informed Apple fanboy, who wrongly thinks a device is "inferior" just because it's not Apple; without actually knowing any technical details or information.
These smartphones all do the same things, fundamentally. iOS is not significantly any more or less secure than Android. Just look at the massive iCloud hack where hundreds of celebrity photos were stolen. And your friend want to say his phone is "more secure" just because Apple?
Malware is probably the biggest security threat for Android (more so than iOS). But as long as you only install only reputable apps, and halfway careful when allowing app permissions, you should be safe. And it doesn't sound like malware is what your friend is talking about, but rather physical theft and subsequent hacking.
In theory, hacking any device is "possible" (given enough time and effort) but that doesn't mean its probable. Nothing about Android makes it "easy" to hack outright. It would probably take a hacker days, weeks, if ever, to break the encryption. And it would require a technological wizard. It's not even worth the effort, for relatively little payoff (at most, gaining your access to your bank account?). Someone with that much skill is going after bigger fish, like the kind of security breaches that compromise thousands of credit card numbers.
In reality, criminals will go for lowest hanging fruit. Folks with phones that are not encrypted or secured. Or some phishing scheme or social engineering to obtain a password or other personal info. Why spend hundreds of hours trying to hack a single phone's encryption, when you can trick someone into giving you their credit card number in a few minutes?
In any case, iPhones are the most stolen phone, last I heard. Therefore, your friend is at more risk of just having his phone stolen, in the first place.
---------- Post added at 11:56 AM ---------- Previous post was at 11:53 AM ----------
-Ric- said:
Your friend sounds like a crazy apple fanboy (no offense). I personally wouldn't even bother to engage in that argument, it's pointless. Don't worry, your device is perfectly safe.
Click to expand...
Click to collapse
Pretty much the point I was trying to make, but without all my rambling! :laugh:
Ritss778 said:
I understand what you said, There was a debate between me and my friend which is better ios or android, He told me even with extreme security on android i can be easily hacked without even any harware change? This thing is annoying me, How could someone get access is I have encrypted+security pin+Recovery Pin. Is it still possible to get into device?
Click to expand...
Click to collapse
Think from a different prospective...
If your phone is stolen doesn't matter iOS or driod or xyz. There are ways to get access to data.
If you are using it then security and safety depends on one thing. Your brain.
In terms of data, most data we have resides in cloud including photos, facebook, whatsapp, we chat etc etc. It's all in cloud owned by someone to advertise on us.
So, you probably have heard that Huawei is banned from Android or something along those lines. What does this mean for our device, you ask? We might actually be the ones who are less affected by all this, since we are "only" losing future updates (security patches might be affected). The p30 line is in this situation too, but all future devices are really screwed, since Huawei lost access to the Google Play Store and other aspects of collaboration between Google and OEMs. Going forward Huawei can only use the AOSP code, and nothing more (AOSP is really barebones compared to what OEMs get).
I started this thread as a hub of discussion and opinions on this event, so feel free to share your opinions, questions or concerns below.
Edit, direct quote from Reuters:
"Huawei will only be able to use the public version of Android and will not be able to get access to proprietary apps and services from Google," the source said.
Mod edit - Keep political discussion away from XDA. Thank you
To start, I'm worried that support for our phones is over. Unless they restart the bootloader unlocking code program, we are **** out of luck when it comes to manual updating, since Funky Huawei does not have codes either.
Lol maybe this will kick start them to unlock their bootloaders and provide full source code and drivers so it will work with any custom rom and open Gapps.
Unlikely but imagine how fun that would be :=
mikey_sk said:
Lol maybe this will kick start them to unlock their bootloaders and provide full source code and drivers so it will work with any custom rom and open Gapps.
Unlikely but imagine how fun that would be :=
Click to expand...
Click to collapse
I envision about 4 scenarios, for meh to throw the phone in the garbage. Scenario one is no more updates, bootloader unlocks. Two is no updates nor bootloader unlocks. 3 is a rework of emui. 4. Is revoking Google play certification, plus the new emui doesn't have any app compatibility
Fernix_ said:
I envision about 4 scenarios, for meh to throw the phone in the garbage. Scenario one is no more updates, bootloader unlocks. Two is no updates nor bootloader unlocks. 3 is a rework of emui. 4. Is revoking Google play certification, plus the new emui doesn't have any app compatibility
Click to expand...
Click to collapse
Also drivers and kernel sources would be an absolute godsend, although we have openkirin
**** trumpet..lol. so we are left with only 2 choices? Samsung and Apple.. I can imagine trumpet will be eyeing next on other Chinese manufacturers too.
Fernix_ said:
So, you probably have heard that Huawei is banned from Android or something along those lines. What does this mean for our device, you ask? We might actually be the ones who are less affected by all this, since we are "only" losing future updates (security patches might be affected). The p30 line is in this situation too, but all future devices are really screwed, since Huawei lost access to the Google Play Store and other aspects of collaboration between Google and OEMs. Going forward Huawei can only use the AOSP code, and nothing more (AOSP is really barebones compared to what OEMs get).
I started this thread as a hub of discussion and opinions on this event, so feel free to share your opinions, questions or concerns below.
Click to expand...
Click to collapse
source plz
---------- Post added at 11:30 PM ---------- Previous post was at 11:29 PM ----------
demon2112 said:
source plz
Click to expand...
Click to collapse
anddd yeahhh aosp plzz haha
demon2112 said:
source plz
---------- Post added at 11:30 PM ---------- Previous post was at 11:29 PM ----------
anddd yeahhh aosp plzz haha
Click to expand...
Click to collapse
Tweakers.net ?
demon2112 said:
source plz
---------- Post added at 11:30 PM ---------- Previous post was at 11:29 PM ----------
anddd yeahhh aosp plzz haha
Click to expand...
Click to collapse
Added a quote from Reuters (https://mobile.reuters.com/article/amp/idUSKCN1SP0NB?__twitter_impression=true)
demon2112 said:
source plz
---------- Post added at 11:30 PM ---------- Previous post was at 11:29 PM ----------
anddd yeahhh aosp plzz haha
Click to expand...
Click to collapse
What it means by AOSP is that Huawei only has access to that code. It does not mean that we will be getting stock android at all (plus AOSP is really really barebones)
Alternative path that Huawei may choose - https://www.theverge.com/2019/3/14/18265646/huawei-operating-systems-android-windows-ban
We will end up with non-android basically
I'm more curious about the china retaliation on this....
regarding our current phone, I think huawei will re-open bootloader unlock program to ignite the development.
Gee, when I mentioned that this was a worry a few months ago, I was lambasted and called a 'Trump supporter' (???!??!?!).
Who will fire the first missile?
demon2112 said:
source plz
---------- Post added at 11:30 PM ---------- Previous post was at 11:29 PM ----------
anddd yeahhh aosp plzz haha
Click to expand...
Click to collapse
https://www.androidauthority.com/huawei-loses-access-to-google-android-987873/amp/
Sooooo would something like this be enough to get out of a contract ?
Surely ...
Loss of access to Google services and security updates will only apply to future devices. Current devices will be supported so we do not have expensive bricks.
https://www.techradar.com/uk/news/h...google-pulls-access-to-core-apps-and-services
I know Huawei play fast and loose with security processes but this is the battlefront of the US-China trade war. Huawei is one of the largest global players and I'm sure there will be a compromise once grown ups are in charge again at the White House!
catshanghai said:
Loss of access to Google services and security updates will only apply to future devices. Current devices will be supported so we do not have expensive bricks.
https://www.techradar.com/uk/news/h...google-pulls-access-to-core-apps-and-services
I know Huawei play fast and loose with security processes but this is the battlefront of the US-China trade war. Huawei is one of the largest global players and I'm sure there will be a compromise once grown ups are in charge again at the White House!
Click to expand...
Click to collapse
Well, I won't be considering Huawei anymore though. I inherited my Huawei Mate 10 from my kid, and it's a good phone. Being unrooted, I use it for apps with payments.
Time to prepare to change it one of these days, waiting for Xiaomi's Poco f2 to supplement my f1. Still Chinese but I think they are in a different world from Huawei where Huawei is more than just phones or consumer products, definitely can raise concerns about a country's security.
Google can also be used by the USA to spy on other countries too lol. Anyway, China was first, they banned Google stuff, Facebook, Whatsapp, etc.
F*ck the US and Google. The US government thought it necessary to go to this extreme because Huawei is affiliated with the Chinese government. A bit rich when Google has been ordered to do this by the US government. How the irony is lost on them.
Now I will make sure to just buy Huawei phones in the future. I'd actually prefer if my phone was rid of Google. They've stolen enough of everyone's data illegally.
Well, I am not supprised, and made a big mistake buying a huawei mate 20 pro device. As soon Huawei keep doing things, what market leaders decide.... First complaining, now revocating everything, next step will be forcing / and destroy the remaining reputation. This is clear world decline that China is roadbreaker in innovation. Huawei also not helping in this. Smart phones are quiet small deal to Huawei , but they are loading in the 5G bacbone network devices, I think a lot of company under a pressure to cancel the contract with them. We know maybe there is no true in the whole story or a very little. I understand that business what Huawei doing is a western-like business model, similar what apple do in USA... But they are in China, USA still has really powerful hands to manipulate the market, so if Huawei not proving that they can be trusted, with opensource softwares , fully documented opensource hardwares/softwares, then it is a bad time for them. Rebranding and custom roms was "just for yourself" now it will be must to deploy some other firmware on your phone...
I completely lost with huawei reaction like a 2 year old kid, getting complaining then got angry and refuse negotiation, if they happen, I assume goverments will force to remove all huawei contract, if the pressure is enough high, maybe there will be some investment as well to/from nokia siemens , ericson or other big network device manufacture. Huawei wanted to build a Western like brand in China, that is a total failure. They don't need that anyway, just create the hardware sell it and do not care about software apart from the operations system drivers.
Why a logo on the phone not enough? Why they are not stepping forward last year to being more transpanent to the western world... Showing to the west, that China is overcoming create dislike in big western companies, and every exposed weak spots will be attacket. Huawei could have changed/improve the partnership, with going to negotiation providing better communication, open source apps, blueprints , whatever they want from them. But the reaction, they enclosed theirself in their castle preparing for the siege. BAD STRATEGY.
Yes not fair, if another company doing the same way like apple do, it is not threated as risk, as "west it the best" but the general trust problem with Chinese goverment and the type of the goverment can not expect the same conditions as a trusted western company... So they go into negotiation or will drastically reduce the prices and replicate apps in their store, that will not work at all....