OEM's Caught Lying About Security Patches - Samsung Galaxy J3 (2017) Guides, News, & Discussio

Great article. Who's the worst? ZTE and TCL of course. The biggest pushers of bloat and tracking malware in the mobile market that there is. The best on the list were Google Samsung,Sony and Wiko. Makes sense that the worst offenders were those with malware trash running on their devices from Chinese app makers. To bad the team that conducted the study gave them an out like mediatek being the problem.
https://www.xda-developers.com/android-oem-lying-security-patches/

Related

Costs involved developing Android App vs iPhone apps

I realise that this is very much a "how-long-is-a-piece-of-string" type question, but I'd really like to get some idea of the costs and time involved in developing an app for the Android market compared to the iPhone.
My understanding is that it doesn't cost developers to submit apps to the Android Marketplace (as opposed to the iPhone Developer’s Program which costs $99 a year). So there's a saving there.
But in terms of development costs, would you suggest that hiring a developer to create an Android app would be cheaper because the market's smaller? Would it make no difference at all? Would it be harder to find a developer to code for Android?
Basically, any thoughts anyone has on this would be really appreciated.
Cheers,
Why don't you try and find out? Ask some (android)developers what app x would cost and ask some (iphone)developers the same
for most applications it should be cheaper to hire an Android programmer because you develop in standard Java and this is the most widely used language in computer science education. Eclipse is also a standard development environment many young programmers are familiar with. Even I was able to code my first Android application in a matter of minutes.
Objective-C on the other side is a nieche language. Of course, every good progammer can learn that language in a couple of hours or at least days but there are definitly more experienced Java programmers out there and they can reuse code (snippets). Java code is so ubiqitous you can find for a lot of problems coded and tested solutions. So two reasons: there are much more Java programmers out there and they can develop faster. Specific Android experience is not needed as long as you don't want to program kernel extensions or things like that.
But I guess the Apple-market is still more profitable because Apple users are trained to spend money. So even as it may cost more to develop it also brings in more revenue. I hope the sheer amount of Android handsets out there will outweigh this advantage soon.
Humm .. i think this is a tricky question.
While it will definitely be cheaper to develop an application for android, the question you might want to ask (depending on what you want to do) is what is the ROI of an Android application versus and IOS application.
And even then, depending on the type of application & the demographic your app will be targeting (not to mention usability, design, general app quality) the response will likely vary quite a bit too.
But globally yeah, it's cheaper and less a hassle to make an android app i'd say. ..then again, i have an allergy to apples, and this is an android forum after all
robert_tlse said:
Humm .. i think this is a tricky question.
While it will definitely be cheaper to develop an application for android, the question you might want to ask (depending on what you want to do) is what is the ROI of an Android application versus and IOS application.
And even then, depending on the type of application & the demographic your app will be targeting (not to mention usability, design, general app quality) the response will likely vary quite a bit too.
But globally yeah, it's cheaper and less a hassle to make an android app i'd say. ..then again, i have an allergy to apples, and this is an android forum after all
Click to expand...
Click to collapse
Hehe, I agree on that Robert.
ten chars!!!
You can also spend many months developing an iPhone app, only to have it rejected by Apple for no good reason. That's quite expensive.
It is, however, unescapable that there are a lot of iOS users who buy a lot of apps from the App Store, so the potential ROI is higher. There's also only a few platforms to develop for (although this is becoming increasingly less the case).
Would like for Android to have more focus though; it's getting there!
(The diminutive term "app" does irk me slightly - Apple have popularised it in relation to phones when they convinced everyone that the iPhone was the first phone to support third-party software. Guess it's stuck now though.)
then why are Android apps more expensive??
Android apps aren't more expensive. They have by far the largest proportion of free apps on any mobile platform and even those that do cost are comparatively cheap.
Android will probably be easier and cheaper to develop for..the only concern people have with Android is fragmentation...aka when developing you gotta decide which versions and up to develop for and choose the appropriate functions for the documentation. Of course in the end all the old devices will upgrade eventually and be compatible anyways..
My hope is though Apple lets 3rd party development tools back in...cause that way you can use Adobe AIR and make an App for both Android and iPhone at the same time....How I wish for cross platform app development...but Apple will fight it till the and cause if they don't they will loose one of their biggest advantages...
In my opinion Android is just now getting to the average joe especially in the United States. Older people are even trying the droid line of devices since there are so many to choose from now on all carriers (vs 1 iphone on AT&T forever just revised of course) So yeah, even people here in hicksville, MO USA are even trying it out go figure. If everyone hasn't heard of HTC or Android, they're definitely being introduced to it now through the Galaxy S series since it's on almost all carriers and has some snazzy media buzz.
With all these new cells and tablets coming out I give it a mere 2-3years and everyone will know our lil green droid dude globally, and use it on multiple devices around the house. Just my theory. I'm sure the Marketplace will grow 10/fold in that time, peace!
I guess there are a few things to keep in mind:
Politics:
1) Apple tries to regulate what is permitted to be installed on their phones. They don't provide any real guidelines, nor do they tell you in advance if your application will be accepted. You'll only discover after submitting your app that it isn't permitted. So they waste your time, and numerous high end projects have developed their application only to discover Apple blocks them because "they are duplicating functionality" *cough competing*. Yes, lots of money has been lost.
2) Apple is Non-Disclosure Agreement overload. Send an email to apple and it always says "this information is confidential". Basically, Apple's agreement is so bad (unless it's changed recently) that they can cancel the account/sue you any time they wish. That increases your risk further.
3) iPhone's can be jail-broken to install 3rd party apps, but many people wont. Even if the Google store wont accept your app, they can manually install it, or you can use another store... Without jailbreaking.
4) Many developers often complain of long delays getting their apps approved, and when removed from the store by Apple, they have to flood Apple with emails for reason's why. On android, you don't even need to use the App store, in fact, Android has the benefit of allowing paid apps to be sold in countries with export restrictions (because they can sell it via other means).
5) Piracy is possibly more rife on Android, however, Google are apparently implementing an API which allows apps to check if they were purchased for that phone, which should strongly reduce piracy once available (because it means that dodgy stores will need to actually crack the programs). Once this is implemented, hopefully it will stop the jackass spammers from selling pirated stuff.
Development Process:
1) iPhones use objective C, Android uses Dalvik. Dalvik is VERY similar to java, one simply needs to learn the differences. Objective C is also quite easy to learn though, but it probably takes more experience to do well (because c++ doesn't have the idea of selectors). If you try creating apps on the iPhones without using objective C originally though, your app might be removed. On android, frankly, Google doesn't give a damn provided, it works.
2) Big win for Android here, the Android SDK works on Linux,Windows AND OSX. It integrates with eclipse which already has a large user-base. Whereas, you need to buy a mac for code for the iPhone, and the SDK is OSX only.
3) That being said, you can make a cross-platform webapp that can be sold for both, but the user needs to be online.
4) Objective C is compiled code, whilst Java is bytecode. Bytecode can run as fast as compiled (with some initial overhead). Native sounds great, but if Apple ever does a processor change for their phones, it might be a world of hurt. If massively-multicore mobile processors are released, Android is probably better suited. That being said, by then, you'll probably need to fix some things in your app anyway because of API changes.
Actual sales:
1) Apparently in the past, you would have sold more in the Apple market. However, in the past, Android mobiles were actually quite rare because Android stunk. Froyo is probably the first Android OS that can compete against iOS effectively because it now supports JIT. There is also a much greater emphasis on Android these days in advertising, and I see more Android advertising than iPhone. Possibly inaccurate predictions suggest they will overtake the iPhone in 2012 too.
2) Sales figures don't represent profit though (so whilst iOS may generate more still, it's less than Apple claims). A google market account costs $25, whereas an Apple iPhone development account costs $99. Furthermore, you need Apple equipment to code for the Apple market (which can be significantly more expensive than PC's), and there is no estimates done to determine profits lost by being rejected from the Apple app store (there have been major projects which cost thousands to develop which have been rejected). So greater overheads on the Apple store, which means for cheap/quick apps, you are probably safer developing for Android (especially if you don't already own a mac).
My opinion:
For me, developing major apps is too high risk for iPhones. Although, if your app is approved, there are potentially bigger payoffs than Android. For small apps which don't have a predictable further, you may earn more on Android because of lower overheads. If you app is rejected for iPhone though for competing, you wasted weeks/months of your life, and need to use a 3rd party store (since only hacked phones can use them though, you dramatically decrease your sales instantly).
Anyway, my thoughts are that by the end of the year, everyone will know what Android is, and you may start to see manufacturers getting together to launch MAJOR campaigns to promote Android, especially since they now all have a common enemy (Apple basically took a cheapshot at other major manufacturers to justify their design flaw). Apple is only a small guy when it comes to manufacturing phones, and so it's as though they threw a few tiny pebbles at a team of football players to show off. Of course, some of those football players have already started retaliating, and it just depends on how annoyed they got.
Personally, I think iPhone would be great if they didn't do the "anti-competitive" thing they always do, but as it stands, I am now doing my Oracle/Sun SCJP, and hope to get into Android coding soon. If Apple starts acting less evil though, I will take another look in their direction, but they are mistreating the users they need the most, the developers. It's a pity, because Apple really has potential.
Source: I haven't sold any apps on either market yet, but I have mostly decided on developing for Android.
Developing new iPhone app looking for developer
I have a cool iPhone app idea it's a very simple game that I could like to create I am looking for a developer in the Los angeles area I am new here so please if your interested or can redirect me to the right person I would appreciate it thank you...email me with any info

Steve Jobs' death clears way for Apple-Android peace talks

Apple is reportedly negotiating with Android manufacturers to license its patent portfolio as it continues to pile up the ammunition such negotiations will need.
The news comes from the Dow Jones news wire, which talked to the omniscient "people familiar with the matter", and discovered that Apple plans to abandon its policy of all-out nuclear war with Android - a conflict led by Apple co-founder Steve Jobs, who was hell bent on annihilating Google's mobile operating system.
Click to expand...
Click to collapse
More to be found here...
http://www.theregister.co.uk/2012/03/07/apple_patents/
It's funny because android will be becoming the most expensive OS despite being the most poorly coded. This opens windows phone tango to release low-end devices while even the low end android devices will have to pay an additional $30ish dollars per handset. That will make the cheaper OEMs who want what they can use for cheap look at windows phone as the only viable option. It's just Microsoft and Apple playing smart against their younger, more naive competitor. Apple would rather see themselves back on top with wp7 following than see google and their... Business practices leading the way.
z33dev33l said:
It's funny because android will be becoming the most expensive OS despite being the most poorly coded. This opens windows phone tango to release low-end devices while even the low end android devices will have to pay an additional $30ish dollars per handset. That will make the cheaper OEMs who want what they can use for cheap look at windows phone as the only viable option. It's just Microsoft and Apple playing smart against their younger, more naive competitor. Apple would rather see themselves back on top with wp7 following than see google and their... Business practices leading the way.
Click to expand...
Click to collapse
Google has been in the software game a LONG time (in terms of software companies that remain relevant). I wouldn't sell them so short. Keep in mind they compete with Zune and iTunes with Google Music, they pwn e-mail with gmail, they own search with Google Search, they're getting up there with Google+ competing with Twitter and Facebook and Android pwns all current mobile operating systems...
...
...and you call them naive? There isn't a software pie on earth Google doesn't have 2 fingers in and they've been in competition with pretty much every software company you can name in one way or another. You have to believe they'll come out of this either just as screwed as apple or just as good as apple.
I personally see this as a good thing. This will lead to more innovation both by Google and their partners as well as for Apple. All in all, this is a good thing for the mobile marketplace and will further innovation rather than the usual "bashing over the head with a club" that we've seen as of late.
This will benefit Android a lot since this means (hopefully) that we won't be seeing the likes of the lawsuits we've seen in the past that resulted in Android phones being pulled off shelves due to some lawsuit.
This is good for both sides since they either steal or borrow each others new/featuring features to their phones can u imagine iTunes running on Android or customization featured on a new IPhone? This is good for both companies they both have their fan base and its gonna be hard to steal customers away from each other since half the people hate iPhones and half the people hate Android
they already steal stuff from each other ie iPhone notification dropdown. can't believe there's no lawsuit about that
--sent from my glacier.
The tittle made me giggle a little
Sent from my Nexus S using xda premium
How? Its not even funny
alexmdz said:
How? Its not even funny
Click to expand...
Click to collapse
Peace talks + device manufacturers. Its hilarious!!!
Sent from my GT-S5830 using xda premium

Why does Google hold events on days Microsoft has already chosen for big events?

This is something that just occured to me. Microsoft always comes out with dates for big events and after a few days you also hear Google planning an event on that same day; time and location may vary though. For example; Google released the soo called Motorola Droids the same day Microsoft talked about Windows Phone 8...I think a couple of months ago. Now Microsoft has planned Windows Phone 8 launch on October 29th and as you all know from last week, Google has also planned to release the next Nexus on that same day....Now is this a coincidence or Foul play??
Foul play in a sense to divide the number of techies who will attend these events....as you know these two giant companies don't go along very well (Google being too stingy with Microsoft and even refusing to release offical apps for Windows Phone.....and what pains me a lot is Microsoft always taking care of them by releasing beautiful apps and better servicies to Android)....but this is a different discussion alltogether.
What do you think??
Google hates everything there is to be about ms, cause ms is their prime competitor:
1) Bing -> this search engine is pretty powerful and offers results as good as Google's. A shame it doesn't come in all languages. Google tried several time to discredit bing,
2)Chroome OS-> this is Google's attempt at removing windows from its monopole position over OS. Of course, it failed dramatically.
3) Windows Phone -> Of course Google finds it a threat, a pretty big one. After Samsung lost the battle with apple, Google is kinda scared that their biggest client, Samsung, might go around and make more WP instead. There is also the nostalgic popularity of Nokia, which did come back in play with the Lumia line.
So google does try to minimize the impact of Microsoft over its domains as much as possible. However, from a consumer's point of view, having at least two players that are actually in conflict (Apple vs google does not count, apple does not care about google),is a good thing, so I hope MS will succeed.
These were exactly my thoughts and I think it's clear enough to be known by everyone in the tech industry.
mcosmin222 said:
3) Windows Phone -> Of course Google finds it a threat, a pretty big one. After Samsung lost the battle with apple, Google is kinda scared that their biggest client, Samsung, might go around and make more WP instead. There is also the nostalgic popularity of Nokia, which did come back in play with the Lumia line.
So google does try to minimize the impact of Microsoft over its domains as much as possible. However, from a consumer's point of view, having at least two players that are actually in conflict (Apple vs google does not count, apple does not care about google),is a good thing, so I hope MS will succeed.
Click to expand...
Click to collapse
Actually I don't think google finds WP as a threat... Android has a bigger share of the mobile market whereas iOS is slowly losing the pace...all in all while WP is eating on BlackBerry and symbian...
Taurenking said:
Actually I don't think google finds WP as a threat... Android has a bigger share of the mobile market whereas iOS is slowly losing the pace...all in all while WP is eating on BlackBerry and symbian...
Click to expand...
Click to collapse
....yeah and maybe when WP eats BB and Symbian, they'll grow and attack them. I don;t think Google is looking at the race now but in five years time....where most giants are going to fall since they'll have nothing more to offer. Lets just hope all goes well.
This is a fairly standard industry practice and they all do it to each other whenever possible. No point in singling out any one of them.
Moved to Q&A as this is a question thread.
Thank you,
mf2112
XDA Moderator
The bitterness is only set to grow as MS has just named google in its case against Motorola. Google is running out of friends as they leave there oems open to attack and steal tech without the ability to defend there moves. Google is a vile company Android is a great OS its my second love to WP like a second child but Google over all makes companies like Fox, BP, British Gas etc look like saints
mf2112 said:
This is a fairly standard industry practice and they all do it to each other whenever possible. No point in singling out any one of them.
Moved to Q&A as this is a question thread.
Thank you,
mf2112
XDA Moderator
Click to expand...
Click to collapse
Thanks for the correction mf2112.
Come to think of it, if this a fairly standard industry practice and Company giants all doing whatever (Gorilla warfare) to each other whenever possible, why is Microsoft always kind and releasing apps for them whilst they have never released anything for WP since it came out 2 years ago? Microsoft even planning on releasing Office for Android and iOS in 2013. Is Microsoft afraid? or trying to be a Mother? I understand when it comes to the market size and all about Benjamins, but it should be tit for tat. Microsoft should stop offering them good services if they are not doing same for us.....maybe I'm missing something and you can make me understand.
One will say WP market size is soo tiny that Google refuses to release anything for them...some sort of market demand should be in play...BUT, if you are a big company like Google and really want your services to be popular and widespread (Google+ challenging Facebook), will you think about Market share of a competitor before releasing an app for it? Does Facebook think about market share of a mobile OS before releasing it's app? They just release it no matter what because they want it to be used and popular...more benjamins
Google should just understand that, not all consumers will love their mobile OS but at least one consumer will use at least one of their services. (I for one use Google scholar, Gogle+, Google Drive as a backup to my Skydrive and Google maps A LOT) Why shouldn't I have an app for any of these Google services? Because my beloved WP OS is a competitor with a tiny market share and there's no demand? Why should Google punish me if I'm not using Android OS? and why should they force me to use it? SMH
Kenzibit said:
Thanks for the correction mf2112.
Come to think of it, if this a fairly standard industry practice and Company giants all doing whatever (Gorilla warfare) to each other whenever possible, why is Microsoft always kind and releasing apps for them whilst they have never released anything for WP since it came out 2 years ago? Microsoft even planning on releasing Office for Android and iOS in 2013. Is Microsoft afraid? or trying to be a Mother? I understand when it comes to the market size and all about Benjamins, but it should be tit for tat. Microsoft should stop offering them good services if they are not doing same for us.....maybe I'm missing something and you can make me understand.
One will say WP market size is soo tiny that Google refuses to release anything for them...some sort of market demand should be in play...BUT, if you are a big company like Google and really want your services to be popular and widespread (Google+ challenging Facebook), will you think about Market share of a competitor before releasing an app for it? Does Facebook think about market share of a mobile OS before releasing it's app? They just release it no matter what because they want it to be used and popular...more benjamins
Google should just understand that, not all consumers will love their mobile OS but at least one consumer will use at least one of their services. (I for one use Google scholar, Gogle+, Google Drive as a backup to my Skydrive and Google maps A LOT) Why shouldn't I have an app for any of these Google services? Because my beloved WP OS is a competitor with a tiny market share and there's no demand? Why should Google punish me if I'm not using Android OS? and why should they force me to use it? SMH
Click to expand...
Click to collapse
Well, having worked at Microsoft twice and for Microsoft partner companies previously and currently, I would hesitate at describing Microsoft's business practices as "kind".
It is not that Google doesn't want to offer services to Windows Phone users, it is that they want to do so on their terms. Microsoft would prefer to dictate the terms in such an engagement. Apple dictates the terms for iOS devs and how the apps get distributed in the app store. Oracle tries to control their environment. All companies do this as much as they can, so nothing out of the ordinary there.
Google also has a limited number of developers available to spend on projects and they want those developers to spend their time on the things that are going to be most beneficial (profitable) to Google in the end. All companies have business strategies and different behaviors but in general the profit motive is the driving factor. This is true for Microsoft as well.
Many people use Google's services. It actually is a pretty big thing for many people to at least have them available and by not having them available for WP they can in fact impact the growth of the Windows Phone platform (YouTube being a great example there). So unless Microsoft gains enough Marketshare to make it problematic for Google to leave them out I guess this situation will continue.
Concerning how Microsoft deals with Android and iOS the situation is different. Those two OSes basically own the market. Unless Microsoft wants those users to go with alternative Software they have to have there core applications available there. This means that Bing, SkyDrive, Xbox Live and Office have to be available there. For other Apps they go with the iPhone partly because it was not yet viable to do on the Windows Phone platform (e.g. PhotoSynth) but you will notice that Android is quite often left out or only done quite some time later.
I actually don't see the benefit of hosting those events on days when Microsoft is releasing Windows Phones. The Lumias arguably had more publicity then the lackluster Razr series that left journalists rather disappointed. Also the new Nexus 4 seems to bring little new stuff to the table. If they were to launch a really new version of Android like during I/O or if Apple launched the iPad mini on the same day they actually might hurt Microsoft but with stuff like this they rather risk being second page news themselves.
But we will see what they are bringing to the table this time around.
Kenzibit said:
This is something that just occured to me. Microsoft always comes out with dates for big events and after a few days you also hear Google planning an event on that same day; time and location may vary though. For example; Google released the soo called Motorola Droids the same day Microsoft talked about Windows Phone 8...I think a couple of months ago. Now Microsoft has planned Windows Phone 8 launch on October 29th and as you all know from last week, Google has also planned to release the next Nexus on that same day....Now is this a coincidence or Foul play??
Foul play in a sense to divide the number of techies who will attend these events....as you know these two giant companies don't go along very well (Google being too stingy with Microsoft and even refusing to release offical apps for Windows Phone.....and what pains me a lot is Microsoft always taking care of them by releasing beautiful apps and better servicies to Android)....but this is a different discussion alltogether.
What do you think??
Click to expand...
Click to collapse
The Galaxy Nexus was unveiled by Google on October 19, 2011.
So ,I think this year just the same.
mcosmin222 said:
1) Bing -> this search engine is pretty powerful and offers results as good as Google's. A shame it doesn't come in all languages. Google tried several time to discredit bing,
Click to expand...
Click to collapse
They've tried to point out before that Bing is ripping off Google search results and they have some very compelling evidence that this is the case:
http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914
http://googleblog.blogspot.com.au/2011/02/microsofts-bing-uses-google-search.html
I thought this was pretty much accepted as common knowledge now... unless you have another explanation as to how Bing returned the same results as Google after the Google experiment?
SlCKB0Y said:
They've tried to point out before that Bing is ripping off Google search results and they have some very compelling evidence that this is the case:
http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914
http://googleblog.blogspot.com.au/2011/02/microsofts-bing-uses-google-search.html
I thought this was pretty much accepted as common knowledge now... unless you have another explanation as to how Bing returned the same results as Google after the Google experiment?
Click to expand...
Click to collapse
As if google doesn't use all kind of software to see what you are looking for on the web with other search engines.
It is just that they never did something against any other engine because Bing is the only real threat.
I agree
Sent from my HTC HD7 using Board Express
mcosmin222 said:
As if google doesn't use all kind of software to see what you are looking for on the web with other search engines.
It is just that they never did something against any other engine because Bing is the only real threat.
Click to expand...
Click to collapse
That's a diffferent tangent from what youj quoted. Using other engines search results is weak. Seeing what other engines come up with is smart.
Since you said bing is a threat, how is that so ?
Aside from that the Bing Bar looks at all Search-Input fields and reports what search parameters made people end up at certain sites. Therefore if you enter "HTC Titan" in the Search-Box of the XDA-Developers Forum Bing will take that one up too and report back which topic of the presented list you then chose (given that if you search for something and then select a certain result it is highly likely that you thought it was relevant in the context of your search).
It is one of many signals Bing relies on in it's rankings. But given that the search term only appeared in the tests of Google's team it was the only hint available for the search. This still is not copying of Google's search results at large.
The search engine discussion is somewhat offtopic here - don't you think?
absorootly!

XDA ToS designed to shield Motorola's poor security patch cycle?

Information available on Reddit seem to show that several of Motorola's phones have not had any security patch levels applied since after January. It also seems like as long as the known security issues are just documented as theoretically possible that Lenovo/Motorola seem happy to keep reiterating the same lie that they make security a "top priority" while not actually addressing these problems. It is also frustrating that Motorola seems unwilling to release a version of the Motorola One that is intended to be used in the USA.
It would be nice to have a proof of concept repository similar to Rapid7's metasploit but for the Motorola G-series. Please keep in mind, I am *NOT* talking about violating responsible disclosure. This would not include any unpatched vulnerabilities. Instead, this would be known issues were AOSP has provided fixes to Motorola for over a month and Motorola has selected to still notify it's customers that their device is "up to date" without having addressed the known issues.
I believe only by showing customers what is possible with this exploits can enough pressure be put on Lenovo/Motorola to make "top priority" mean actual action instead of empty posturing.
However, based on my careful reading of the XDA ToS, it seems anything that facilitate the creation of malicious content is not allowed. This seems vaguely worded enough to exclude all proof of concept exploit discussion. But several of the issues left unaddressed by Motorola seem to be fairly easy to exploit. So, is XDA really improving the situation or avoiding transparency in favor of shielding Motorola's poor behavior?
It would be really nice if someone could provide some clarification behind the wording of this ToS and XDA's position on vendors that make security a "top priority" leaving months of patches outside of the scope available to customers if the device is to remain under warranty.
This is what I already said.
Motorola is just a retarded company.
I don't know in which universe this is acceptable.
Someone needs to sh*t in a bag and address it at Motorola, so they see what they sell.
The G6 was my last Motof**k phone.
F**k Motorola. F**k Lenovo and f**k all the retards which work in this companies.
I hope the company dies and never sells a f**kphone again.
I completely understand your level of frustration ThisIsRussia but please don't get the thread locked.
If I were to mail something to Motorola to make a statement, it would probably be a finger-print reader attached to swiss cheese. They keep using user facing features to give the illusion of security while leaving the rest of the product full of security holes.
Yeah, sorry I was a little upset because they are always responding with phrases like "soon it will be updated" etc.
Since February. Its May now.
I just don't use Motorola phones anymore and if someone asked me for opinion I didn't recommend Motorola/Lenovo.
They are a bunch of liars. period.
I picked up the g6 on Fi just to have a cheap phone. I thought it was just the Fi version not getting security updates.. luckily I don't keep financials, etc on. Only good as a glorified phone and music streaming device, but for $99?
Not many budget phones get monthly patches on time. None that are under$150 anyways.
$99 or $150 isn't what I was charged for the Moto G6. It was released for a price of $200.
The Federal Trade Commission has fined D-Link, TP-Link and ASUS for marketing *BUDGET* wireless routers that sold for much less than $200 or $150 or $99 for misrepresenting their products as providing security while "failing to take reasonable steps to secure."
According to David Kleidermacher, Google's head of security for Android, ""Android security made a significant leap forward in 2017 and many of our protections now lead the industry" and also "as Android security has matured, it has become more difficult and expensive for attackers to find high severity exploits."
Google owned Motorola, they should have been able to established policies and procedures for Motorola to make good on David Kleidermacher's statements. Or they should have made establishing those part of terms of the sale to Lenovo.
Lenovo and Motorola also market themselves as providing security even for budget devices with statements as:
* "Prevent unauthorized access with secure biometrics"
* "keeping your devices and systems secure and your digital privacy intact is a top priority"
At no point do they put any exclusionary statement such as "but only if it is not a budget device."
Also, while Motorola One is also a budget device, it does get more frequent updates. However, the Moto One is clearly not intended for purchase in the USA market and is missing support for several LTE bands.
And the Moto G6 is supposed to be a Treble/GSI device were any effort Motorola put into providing updates to flagship GSI devices should also apply to being able to also update the G6 for almost no additional effort.
So, I reject the claim no one should expect Feb 2019 security updates by May 2019 because it is simply a budget device.
Then let's also look at the claim that if financials or similar are not stored directly on the phone then it is not really a big issue.
To respond to that I am going to focus on just one Feb 2019 patch. There have been plenty of other security issues in Jan 2019 to now but for purposes of this discussion, I will just focus on one. The CVE-2019-1988 seems to still apply to still apply to any Motorola phone that is "up-to-date" but has a Jan 2019 security level. This vulnerability as a high impact score of 10 out of 10 and an easy exploitability score of 8.6 out of 10. The attack complexity is low and "could lead to remote code execution in system_server with no additional execution privileges needed."
What would need to result from this for it to be considered a violation of Lenovo and Motorola's marketing of making security a top priority?
What if an email or MMS ("text message") or instant message could do any of the following:
* Open and stream the microphone while the phone is locked
* Take and transmit pictures from either the front or rear camera while the phone is locked
* Send and receive text messages while the phone is locked
* Transmit phone location while the phone is locked
* Access and transmit email and files/documents on Google Drive and Google Docs while the phone is locked
Would any of this be disturbing? Is Lenovo/Motorola really delivering on "[preventing] unauthorized access with secure biometrics" if this is possible while the phone is locked?
I get this is all theoretical and I sound like I have been wearing a tin foil hat (maybe I am ). Anyone want to find out? Anyone want to give me the phone number to a Moto G6? Anyone want to give me the email address that they use with their Moto G6? How confident are people that not having financials stored directly on the phone means CVE-2019-1988 is not a major issue?
So far, people's reactions have been similar to this forum that there is still things people can do to maintain their privacy while using a device in this state. No one wants to believe that a major company would leave them so exposed. Lenovo/Motorola seems to be banking on no one understand the full scope of the problem. But what if a Proof of Concept of a Remote Access Trojan launched not via installing an application but simply from viewing a PNG really happened, would anyone be interested that? Would being able to actually demonstrate a PoC RAT have any positive value in holding Motorola accountable to their marketing claims or simply feed "hackers" with an exploit? If it is already known to be easily exploitable, shouldn't it be safe to assume any criminal that wanted it already has created their own implementation?
What exactly is XDA's stand on a real PoC RAT full disclosure? Is XDA taking on the stance that a RAT disclosure is always only harmful? Or is it that Motorola's actions are harmful?
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
I didn't say you or anyone should accept it. I said it's common on low end devices. Even low to midrange devices.
I don't care what you paid for it. I have the g6 play and paid $99 for it. And it has been updated to pie with March security patch.
Moto is not great at supplying updates the way they were when they were under Google. Not many companies in China that are shopping phones to other countries are good at it.
It sucks, I was agreeing with you.
So rant at someone else. Geez
madbat99 said:
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
Click to expand...
Click to collapse
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
chilinux said:
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
Click to expand...
Click to collapse
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
madbat99 said:
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
Click to expand...
Click to collapse
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
chilinux said:
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
Click to expand...
Click to collapse
Nope. Nobody is "honest" in marketing. They would sell nothing. Is it right....? No. Is it going to continue? Of course.
There are places to speak out. This isn't IT. Period.
You want a Google device that updates with every patch, you're gonna have to get a Pixel. Flat out. No company truly cares about you're security. They start companies to make money. The end. Right or wrong. Sorry bro. It is what it is.
Unless a company specifically spelled it out in the laws of the country their marketing in they don't have to do it. They can skirt rules and regulations anyway they possibly can. And they have lawyers to make sure they get around that crap. Marketing gimmicks do not equal legal regulation obedience.
if you have a medium to carry out the plan you intend to, find it and do it. just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
companies are going to sell their products at the greatest profitt imaginable and that's just the way things are going to be until some company proves that profits lie somewhere else. There isn't much you or I can do about it.
Again, this is not the medium for you to carry out such a vision. the most we hope to do here is to give users the keys to find a way to pick the lock for themselves. Not a way to circumvent the rules, punish the guilty, or vindicate innocence. There are places for that.
I'm going to bed now because I get up for work early. Good luck dude. hope you feel better in the morning.
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Infinity gems be damned, level-headed decisions with your device make all the difference in the world
madbat99 said:
just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
Click to expand...
Click to collapse
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
The security audit PoC suite would be similar to previously publicly released project. It would have a method of install via exploit similar to JailbreakMe and it would provide demonstration on what privileged level access provides similar to Back Orifice 2000. Both of those previous project had the potential to weaponize but also helped customers make a better informed decisions about the products they use.
madbat99 said:
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Click to expand...
Click to collapse
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
It is also a level of mistaken trust that was contributed to by people like Ronald Comstock with the XDA Developers sponsorship team which recommended this phone. It might be possible to make an excuse that at the time the recommendation was made it wasn't known how far behind security updates for the product would go. However, the XDA sponsorship team never posted a retraction and the XDA ToS makes it hard to effectively counter the vendor's misrepresentations of the XDA recommended product.
chilinux said:
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
.
Click to expand...
Click to collapse
It can be said that security and privacy are separate issues.
But your insights are well stated.
I remember when a "researcher" seemingly died right before demonstrating how security flaws in insulin pumps could kill a man. (We know who did it Jack) so security is a real concern. And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
madbat99 said:
And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
Click to expand...
Click to collapse
I have hard feeling about this issue but not about what you have said.
I also have a much less issue with "big money" not spending money were it does not need to. But they need to be transparent about that.
What I have hard feelings about is this:
https://androidenterprisepartners.withgoogle.com/device/#!/5659118702428160
And statements from Google related to that page such as:
"Organizations can then select devices from the curated list with confidence that they meet a common set of criteria, required for inclusion in the Android Enterprise
Recommended program ... Mandatory delivery of Android security updates within 90 days of release from Google (30 days recommended), for a minimum of three years"
As appears in this document:
https://static.googleusercontent.co...droid_Enterprise_Security_Whitepaper_2018.pdf
Ninety days from the February 5, 2019 security update bulletin was May 6, 2019. Choosing from that list does not result in mandatory delivery of security updates within 90 days. Google and David Kleidermacher are drowning consumers with willfully misleading information to put trust into devices that aren't held to the criteria they claim they are.
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Dadud said:
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Click to expand...
Click to collapse
You are far from the only one who doesn't care about security patches. I would agree with you that you should not have to care. Addressing problems that are over 90 days old are stated to be the responsibility of Google and Motorola to have taken care of.
In terms of it working just fine, my point is while it appears to normally be fine there is known ways that unapproved behavior can be applied to the product without the owners being aware of them. To me that is not working as advertised and is also not really working fine.

Android becoming closed source?

Hey there, long time no chat in this forum
So, with all the recent censorship scandal by big companies such as Twitter and Facebook, many 'suspicious' things have been happening recently. For example, with Twitter's suspension of Trump's personal account, people has been moving on to Parler (a somewhat more "free-speech" oriented alternative to Twitter). But yesterday, Google removed the app from the Play Store and Apple threatened with doing the same if they don't adjust their censorship policies.
Of course, non-jailbroken iPhone users are screwed with the app and have to use the web version, but Android users are still able to download it via 3rd-party app stores and websites such as apkpure. And considering this last bit I ask you:
Do you think Google would be willing to make Android closed source to enforce their censorship policies in the future?
Hope to read yout thoughts on this one
no lol calling it censorship is pretty dumb imo
Don't see it on the horizon...
affigne said:
Hey there, long time no chat in this forum
So, with all the recent censorship scandal by big companies such as Twitter and Facebook, many 'suspicious' things have been happening recently. For example, with Twitter's suspension of Trump's personal account, people has been moving on to Parler (a somewhat more "free-speech" oriented alternative to Twitter). But yesterday, Google removed the app from the Play Store and Apple threatened with doing the same if they don't adjust their censorship policies.
Of course, non-jailbroken iPhone users are screwed with the app and have to use the web version, but Android users are still able to download it via 3rd-party app stores and websites such as apkpure. And considering this last bit I ask you:
Do you think Google would be willing to make Android closed source to enforce their censorship policies in the future?
Hope to read yout thoughts on this one
Click to expand...
Click to collapse
I really don´t think so, but I think (in the future) that using certain features and having full access to the device will be more complicated, such as Huawei's devices, you literally need to register and get their permission to get the bootloader unlocked.
What I see in the recent censorship is that it's all about Trump and the extremists following him, and this demonstrates two things:
1) Twitter is clearly not supporting Trump as it's becoming more and more out of control.
2) Twitter always said it was for free speech, but when they saw that free speech is what gathered the BuffaloMan and his fellows at Capitol Hill, well, then free speech became a danger.
So if you plan to overthrow some african or asian government, they will let you do it, but if you try to overthrow the government of US, then it becomes a problem
In any case, Twitter, Google, Apple, and all the other companies are private, independent companies, with their own regulations. In my opinion there's nothing wrong if they block someone or some products in their platform or store. It's like a golf club banning a member or a shop owner not selling anymore a product.
If Trump wants to start his own social network, he can do it, unless what he does on the site is against US laws.
So, in conclusion, i'm not worried about Android becoming closed source, as this wave of censorship regards a specific group of people, and also because being open source is what made Android's wide success possible. And while Android is successful, Google can push their already closed source Play Services on the devices.
I hope not....
When I saw this thread title, I feared that this was recent news and the ROM scene was over. When I read this thread, I took a sigh of relief even if the post is complete nonsense. To answer your question: No, Android is not going closed source and nobody is censoring anybody. If Android were to go closed source it would have to find an entirely different kernel to use as the Linux kernel is open source and open sourceness is a key principle for Linux-based OSes. And Twitter, Facebook, Google, etc are all private companies and get to decide who can and can't use their platforms.
I don't think that Android will be a closed source. Actually I believe Android market will grow. I even decided to create an app both for Android and iOS. Not just for iOS. Easy to do so with modern technologies https://itmaster-soft.com/en/cross-platform-app-development Sooo I'm sure Android will be fine

Categories

Resources