Database Develop

[Q] [CM7] Security Issues (Viruses, Passwords, Network, Privacy)

I'm just getting started with CM7 and the Nook Color, but I have some general security concerns that perhaps you could help me with?
1. Viruses. I understand that these are real in Android. I've temporarily disabled non-Market apps, but I believe viruses and/or spyware have shown up in Market Apps too. Are there decent AntiVirus apps and what do you recommend?
2. Firewall. What services are open by default? Are there good software firewalls available?
3. Adware. Is it always clear which Market apps are ad-supported? Have apps crossed the line into malicious or near-malicious spyware? (Taking over browsers, redirecting home pages or searches, infecting other apps, etc.)
4. Apparently Google does not require password-confirmation for Market purchases, and no real solution exists, since available apps complicate things and don't address the root issue. Do they have any plans to change that?
5. Where are application and web site passwords, WiFi keys, and the like stored, and are they encrypted?
6. Is there a multi-user / multi-profile facility to allow different users to log in to different desktops and/or applications? (Or is that best accomplished with dual booting.)
7. What major applications are known to "phone home" or otherwise divulge more information than might be expected? I was quite surprised that CM7 itself phones home to CyanogenMod by default, and even with that turned off the ROM Manager still reports usage statistics to Google?
8. Is anyone independently reviewing CyanogenMod itself for privacy and security implications? Right now many of us are relying on a hodgepodge of hacker contributions and the good will of those creating them. I'm sure that anything malicious would eventually come to light, but is anyone proactively checking out the release CM7 distribution, the GApps distribution, and the various installers and packagers? Right now the only verifiable "web of trust" that seems to exist is the good intentions of every contributor, and the general availability of the source code (which should make the review possible, if not particularly easy!).
9. Are there any "best practices" as a user? For example, I've set up a new GMail ID for use with the NC, and haven't yet linked any credit card or payment data. Meanwhile, for the B&N side I've had to submit a credit card number to get access to their market (even to get their "Free" offerings).
10. Any implications for configuring e-mail and/or contacts, etc.? Mass remailing trojans certainly exist on the Windows side.
11. Do the application specific permission settings compare favorably to those of the BlackBerry, and are they easily adjustable after you've already granted permissions to an app?
12. Is there any concept of sandboxing a new app to prevent it from possibly adversely affecting other applications or files?
13. Is there a best practice for how to manage files on both the eMMC and SD card storage, particularly when booting between the two? Can one be locked out from the other?
Okay, that's a baker's dozen. I'll stop now.
Thanks much for any input.

Really? Nobody has an opinion to share on this?

rooting /cm7 / and the purpose behind it may just not be for you. I don't think your going to get an answer your looking for. Also not trying to be rude, but you pretty much wrote a book in your first post. Just ask a question dude.

Thanks for the response, but I asked roughly 13 questions -- would you prefer I "just asked a question" by starting 13 different threads? I certainly wouldn't.
And your first sentence makes it sound as if there's no one here who gives a damn about their own data and that everyone views the Nook Color as a toy -- and I seriously doubt that.

xdabr said:
I'm just getting started with CM7 and the Nook Color, but I have some general security concerns that perhaps you could help me with?
1. Viruses. I understand that these are real in Android. I've temporarily disabled non-Market apps, but I believe viruses and/or spyware have shown up in Market Apps too. Are there decent AntiVirus apps and what do you recommend?
2. Firewall. What services are open by default? Are there good software firewalls available?
3. Adware. Is it always clear which Market apps are ad-supported? Have apps crossed the line into malicious or near-malicious spyware? (Taking over browsers, redirecting home pages or searches, infecting other apps, etc.)
4. Apparently Google does not require password-confirmation for Market purchases, and no real solution exists, since available apps complicate things and don't address the root issue. Do they have any plans to change that?
5. Where are application and web site passwords, WiFi keys, and the like stored, and are they encrypted?
6. Is there a multi-user / multi-profile facility to allow different users to log in to different desktops and/or applications? (Or is that best accomplished with dual booting.)
7. What major applications are known to "phone home" or otherwise divulge more information than might be expected? I was quite surprised that CM7 itself phones home to CyanogenMod by default, and even with that turned off the ROM Manager still reports usage statistics to Google?
8. Is anyone independently reviewing CyanogenMod itself for privacy and security implications? Right now many of us are relying on a hodgepodge of hacker contributions and the good will of those creating them. I'm sure that anything malicious would eventually come to light, but is anyone proactively checking out the release CM7 distribution, the GApps distribution, and the various installers and packagers? Right now the only verifiable "web of trust" that seems to exist is the good intentions of every contributor, and the general availability of the source code (which should make the review possible, if not particularly easy!).
9. Are there any "best practices" as a user? For example, I've set up a new GMail ID for use with the NC, and haven't yet linked any credit card or payment data. Meanwhile, for the B&N side I've had to submit a credit card number to get access to their market (even to get their "Free" offerings).
10. Any implications for configuring e-mail and/or contacts, etc.? Mass remailing trojans certainly exist on the Windows side.
11. Do the application specific permission settings compare favorably to those of the BlackBerry, and are they easily adjustable after you've already granted permissions to an app?
12. Is there any concept of sandboxing a new app to prevent it from possibly adversely affecting other applications or files?
13. Is there a best practice for how to manage files on both the eMMC and SD card storage, particularly when booting between the two? Can one be locked out from the other?
Okay, that's a baker's dozen. I'll stop now.
Thanks much for any input.
Click to expand...
Click to collapse
I have to admit, you come off as rather paranoid, and i am not sure why you are so.
Yes, there have been a couple of problem apps recently, but Google took care of them, and i would not worry. The best security you can have, is looking at what you are installing. The application cannot hide what permissions it needs, so if you have something asking for way more than you think it should need, take that as your first red flag.
Currently, Virus Scans on Android are a joke, and simply unneeded. Don't even waste you time. Firewalls are just about the same, and again, not worth the effort. One thing to keep in mind, that this is a linux system, and is not as prone to the Windows based attacks that you are used to. Things like email spam bots and such are not a problem.
As for Cyannogen - no code is added to the repository without being peer reviewed; and every code submission is available in public records. Frankly, they did not make it to CM7 by stealing people's data, nor is it simply a hodge podge of devs.
Frankly, I think right now more research is in order for ya. Most of what you ask is already discussed in many places, or is never discussed, because it simply isn't a worry...

Thank you, Divine_Madcat, for the advice and explanation. By hodgepodge I was more referring to the multiple installer methods and packages that newbies like me are relying upon to get everything installed easily. There are a lot of them, from a lot of nice people, from preconfigured SD card images to installation methods with modified boot loaders to interface and performance hacks. Even if Cyanogen itself is well maintained it would be pretty easy for someone to include a little trojan in one of those third-party "distributions".
It's not exactly paranoia, I've just seen this happen so often. Trojan horses are certainly not limited to Windows. Worms and other compromises have affected thousands of Unix and Linux machines in the past. Web sites and PHP and Perl scripts and databases and web frameworks regularly see vulnerabilities discovered and/or exploited. So since this device will be used in part by children with access to my credit card, I wanted to know what we're dealing with.
No, I was not familiar with Cyanogen's review practice (which is one reason I asked), so thanks for that reassurance! I will try to learn more as I go.
I do apologize for the length of the OP though -- I was trying to brainstorm and get everything down in one place that related to possible security concerns. It's not as if I'm worried sick about every little point.

One of the apps I install on all my installs is 'Lookout'. This app scans all my programs I install and update and I have heard very good reviews of it.
I did see that Eric Lundcrest did an article today:
http://web.eweek.com/t?r=2&c=38783&l=64&ctl=11B38843F5D4C728CF30E9F23F9E91BB51617&
You can check them out. I haven't tried them all myself and I noticed that he didn't include the app that I recommended above (and I use it on both my Nook and my HTC EVO)

You Should Also be Aware..
that one of the joys of Android (and of course Unix/Linux) is that everything is "sandboxed" unlike Windoze - there are not many apps that interfere with others - that's why it's so easy to install and uninstall from Android. Compare the uninstalling of even a large Android app with that of uninstalling from Windows.
I would not worry about interfering apps

Thanks, doc. I'm moderately familiar with the Unix security model, but not so much with Android. Is sandboxing really accurate? In Linux processes run with particular user rights, much as in Windows but more flexible -- that is, it's just much more common to have different daemons running as different users. Still, I don't think they're really isolated from one another as they might be with a "chroot jails" kind of function...

I don't think electronics are for you, I suggest books and a cabin in the woods.
No virus really exist yet, a few flaws in the code have been found but they are patched quick.
No real firewall, doesn't work quit that way with android.
Yes, it will say in the permissions of the app in the market.
You sign into the market when you first use it, making sure your devise has a lockscreen PW is how you keep it safe.
/data
no
Some apps phone home, check permissions before you install.
All CM code can be seen in the github, you can compile it yourself if you wish.
Use smart internet credit card practices such as only attaching a low limit card to accounts etc.
If the google email server was hacked maybe but all that stuff is stored encrypted on googles end.
Permissions need to be approved of by you if they change.
Android sandboxes all apps.
Dono, I have CM7 on internal and books etc stored on the SD card.

Nanan00, your actual answers were great, but "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
Thanks for the substance of your response.

Truthfully... My parents practice pretty much all of the stuff you have said, they're very careful with credit cards and anything that could be used as personal information.
And yet... Someone got ahold of their credit card numbers and bought something for almost 3k last year...
I have no virus software or even firewall software on this computer, it has not received a virus in over 5 years (I know... it needs an upgrade) and I'm running Windows XP SP2.
If you're prone to viruses then go ahead and install some antivirus software. If you're scared about your kids + your credit card + the nook, then have them make all transactions on the computer.
The reason no one is taking this seriously is because Android is to new for there really to be anything worthwhile on the market. People are just now learning how to develop and code for it. So there aren't a bajillion(give or take one or two) viruses or trojans running around the google market.
On top of that, so long as your legally buying your apps from the google market, you have even less to worry about. As google has shown in the past that they'll go ahead and delete it the second they find it.
As far as permissions go, don't get to hung up on it. Everybody trust Pandora and yet it requires more permissions then some of googles own apps. =\

Thank you, Gin1212. I don't use an AntiVirus on my own Windows machines either -- it's more trouble than it's worth when you know what you're doing. (On Android I don't know what I'm doing, yet.)
And yeah, I already made sure to use a disposable credit card number ("ShopSafe") with a limit when setting up the Nook for the young'un. Google Market, thankfully, doesn't require a credit card unless you buy something, so I'll be checking out the free apps for a while (so that's part of why I asked about adware/spyware).
I was approaching the thing as I would any new (to me) full fledged operating system and computer, fully aware it's not the "safe" and dictatorially controlled little world of iOS or, to some extent, BlackBerry OS.
So thanks for the real world advice!

xdabr said:
Nanan00, your actual answers were great, but "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
Thanks for the substance of your response.
Click to expand...
Click to collapse
Suffice it to say that Android's and Microsoft's, and even Linux's app model is vastly different. Google does not just act as a repository, as in Linux. From my understanding, Google is rather guarded about it's app market and if anything heretofor is found, the app is yanked from the market immediately.
I agree that website security is more an issue that needs to be looked at, but the lion's share of websites that have virii and adware are aimed at infecting windows machines, but your concerns are noted.
As to the intent of the Devs here, I think you need to understand that these roms, mods and apps are their children, and their passion of the moment. No one goes through all the crap they do just to foment adware. This is their meat and drink and trust me, if there were a dev whose morality came into question, they would police themselves and it would be all here for us to read. There are no secrets here. These aren't script kiddies looking to wreak havoc.
I agree that security is a good thing, but the twin natures of Android are openness and isolation. Each app, at least from my understanding is an island unto itself with rare exception. So I think that while your concerns in themselves are noble, they are unwarranted, and at some points even seem absurd. No offense intended here.
We aren't just drinking the kool-aid here, everyone knows the risks of adopting an unknown and untested ROM, everyone takes the responsibility to themselves when they violate their warranty in search of a better tablet experience. The average person who roots their nook is not your average idiot windows user. We are here because we want more and better than our legacy alientation by microsoft and those who can't think outside of their security model.
Well, there is my Android manifesto. Sorry for rambling.
migrax

No, I appreciate the manifesto -- thanks. Again, I tried to brainstorm and throw the kitchen sink into the original post so as to get everything down in one place. I was hoping it could serve as a general security discussion thread. Not everything there is a huge concern of mine, and sorry if it made things seem absurd.
I appreciate your points about the intentions of the developers and the operation of Google's market (although of course a big selling point is we are NOT limited to that market... conversely, I suppose anything I chose off-market would be something I had by definition come to trust independently).

xdabr said:
Nanan00... "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
.
Click to expand...
Click to collapse
I think your overreacting a wee bit too much. I can't speak for Nanan00 but the first sentence of his post feels like a joke. He took the time to write out the answers of OP's question...
Also since you were referring to my post at the top..... I was just being candid with OP.
I read his post, I could see that he was a bit paranoid (IMO) and told him my honest opinion. Which is: Hacking your nook, or any device for that matter, may not be for you. The reasons being that when you hack your device, you inevitably increase its chances of being exposed (even if the increase is small, its there.) I don't feel that I am being arrogant, and I didn't catch that drift from Nanan00. But I wanted to address this since you obviously feel strong that this type of behavior is "devaluing the entire community and its projects."
Anyways to the OP:
Sorry if my post came off rude. I should of taken the time to give you my explanation.

colbur87 said:
I think your overreacting a wee bit too much. I can't speak for Nanan00 but the first sentence of his post feels like a joke. He took the time to write out the answers of OP's question...
Also since you were referring to my post at the top..... I was just being candid with OP.
I read his post, I could see that he was a bit paranoid (IMO) and told him my honest opinion. Which is: Hacking your nook, or any device for that matter, may not be for you. The reasons being that when you hack your device, you inevitably increase its chances of being exposed (even if the increase is small, its there.) I don't feel that I am being arrogant, and I didn't catch that drift from Nanan00. But I wanted to address this since you obviously feel strong that this type of behavior is "devaluing the entire community and its projects."
Anyways to the OP:
Sorry if my post came off rude. I should of taken the time to give you my explanation.
Click to expand...
Click to collapse
Um, colbur87, "OP" and I are the same person.
Asking questions is one way we learn. As an Android newbie many of my questions would apply to any Android device, hacked/rooted or not. If they're not appropriate for this forum, or if no one here thinks they're valid or worth a response, that would be okay. But to say in effect "your concerns are stupid and you don't belong here" is not only insulting, but factually wrong. Just because some people are content to not consider security implications doesn't mean they're not real.
Blithe unquestioning acceptance and faith is more of an Apple iFanboy trait, I would have thought.
And much as with Linux as a whole, positioning "hacked" Android as something not amenable to ordinary consumers is counterproductive.
(By the way, I'm not an ordinary consumer.)
Anyway, I do appreciate the answers people have given.

Wasn't lookig at the names so my bad on the mix up.
Anyways if you still think im being rude even after my previous post then so be it.
im out
Sent from my Desire HD using XDA Premium App

Divine_Madcat said:
The application cannot hide what permissions it needs, so if you have something asking for way more than you think it should need, take that as your first red flag.
Click to expand...
Click to collapse
Actually, that isn't true. There are holes in Android Market, so if app makers really wanted to, they can hide certain permissions even if your app calls out that permission through androidmanifest, which is how the permission is given in the first place. It was shown that even big name developers had exploited this one time or another. Of course this has nothing to do with CM7. Even stock Android phones are vulnerable to this. However, in general, if you download a popular app, you should be able to trust the permissions listed. Unless your the first person to download an app, you'll usually hear back from initial users if there's something funky going on.

Google's Philosiphy

Google sure doesn't seem to be sticking true to their own philosiphy. It says we can hold them to it. The way they are treating this device launch goes back on their own statements.
As seen here: http://www.google.com/intl/en/about/company/philosophy/
Ten things we know to be true
We first wrote these “10 things” when Google was just a few years old. From time to time we revisit this list to see if it still holds true. We hope it does—and you can hold us to that.
Focus on the user and all else will follow.
Since the beginning, we’ve focused on providing the best user experience possible. Whether we’re designing a new Internet browser or a new tweak to the look of the homepage, we take great care to ensure that they will ultimately serve you, rather than our own internal goal or bottom line. Our homepage interface is clear and simple, and pages load instantly. Placement in search results is never sold to anyone, and advertising is not only clearly marked as such, it offers relevant content and is not distracting. And when we build new tools and applications, we believe they should work so well you don’t have to consider how they might have been designed differently.
It’s best to do one thing really, really well.
We do search. With one of the world’s largest research groups focused exclusively on solving search problems, we know what we do well, and how we could do it better. Through continued iteration on difficult problems, we’ve been able to solve complex issues and provide continuous improvements to a service that already makes finding information a fast and seamless experience for millions of people. Our dedication to improving search helps us apply what we’ve learned to new products, like Gmail and Google Maps. Our hope is to bring the power of search to previously unexplored areas, and to help people access and use even more of the ever-expanding information in their lives.
Fast is better than slow.
We know your time is valuable, so when you’re seeking an answer on the web you want it right away–and we aim to please. We may be the only people in the world who can say our goal is to have people leave our website as quickly as possible. By shaving excess bits and bytes from our pages and increasing the efficiency of our serving environment, we’ve broken our own speed records many times over, so that the average response time on a search result is a fraction of a second. We keep speed in mind with each new product we release, whether it’s a mobile application or Google Chrome, a browser designed to be fast enough for the modern web. And we continue to work on making it all go even faster.
Democracy on the web works.
Google search works because it relies on the millions of individuals posting links on websites to help determine which other sites offer content of value. We assess the importance of every web page using more than 200 signals and a variety of techniques, including our patented PageRank™ algorithm, which analyzes which sites have been “voted” to be the best sources of information by other pages across the web. As the web gets bigger, this approach actually improves, as each new site is another point of information and another vote to be counted. In the same vein, we are active in open source software development, where innovation takes place through the collective effort of many programmers.
You don’t need to be at your desk to need an answer.
The world is increasingly mobile: people want access to information wherever they are, whenever they need it. We’re pioneering new technologies and offering new solutions for mobile services that help people all over the globe to do any number of tasks on their phone, from checking email and calendar events to watching videos, not to mention the several different ways to access Google search on a phone. In addition, we’re hoping to fuel greater innovation for mobile users everywhere with Android, a free, open source mobile platform. Android brings the openness that shaped the Internet to the mobile world. Not only does Android benefit consumers, who have more choice and innovative new mobile experiences, but it opens up revenue opportunities for carriers, manufacturers and developers.
You can make money without doing evil.
Google is a business. The revenue we generate is derived from offering search technology to companies and from the sale of advertising displayed on our site and on other sites across the web. Hundreds of thousands of advertisers worldwide use AdWords to promote their products; hundreds of thousands of publishers take advantage of our AdSense program to deliver ads relevant to their site content. To ensure that we’re ultimately serving all our users (whether they are advertisers or not), we have a set of guiding principles for our advertising programs and practices:
We don’t allow ads to be displayed on our results pages unless they are relevant where they are shown. And we firmly believe that ads can provide useful information if, and only if, they are relevant to what you wish to find–so it’s possible that certain searches won’t lead to any ads at all.
We believe that advertising can be effective without being flashy. We don’t accept pop–up advertising, which interferes with your ability to see the content you’ve requested. We’ve found that text ads that are relevant to the person reading them draw much higher clickthrough rates than ads appearing randomly. Any advertiser, whether small or large, can take advantage of this highly targeted medium.
Advertising on Google is always clearly identified as a “Sponsored Link,” so it does not compromise the integrity of our search results. We never manipulate rankings to put our partners higher in our search results and no one can buy better PageRank. Our users trust our objectivity and no short-term gain could ever justify breaching that trust.
There’s always more information out there.
Once we’d indexed more of the HTML pages on the Internet than any other search service, our engineers turned their attention to information that was not as readily accessible. Sometimes it was just a matter of integrating new databases into search, such as adding a phone number and address lookup and a business directory. Other efforts required a bit more creativity, like adding the ability to search news archives, patents, academic journals, billions of images and millions of books. And our researchers continue looking into ways to bring all the world’s information to people seeking answers.
The need for information crosses all borders.
Our company was founded in California, but our mission is to facilitate access to information for the entire world, and in every language. To that end, we have offices in more than 60 countries, maintain more than 180 Internet domains, and serve more than half of our results to people living outside the United States. We offer Google’s search interface in more than 130 languages, offer people the ability to restrict results to content written in their own language, and aim to provide the rest of our applications and products in as many languages and accessible formats as possible. Using our translation tools, people can discover content written on the other side of the world in languages they don’t speak. With these tools and the help of volunteer translators, we have been able to greatly improve both the variety and quality of services we can offer in even the most far–flung corners of the globe.
You can be serious without a suit.
Our founders built Google around the idea that work should be challenging, and the challenge should be fun. We believe that great, creative things are more likely to happen with the right company culture–and that doesn’t just mean lava lamps and rubber balls. There is an emphasis on team achievements and pride in individual accomplishments that contribute to our overall success. We put great stock in our employees–energetic, passionate people from diverse backgrounds with creative approaches to work, play and life. Our atmosphere may be casual, but as new ideas emerge in a café line, at a team meeting or at the gym, they are traded, tested and put into practice with dizzying speed–and they may be the launch pad for a new project destined for worldwide use.
Great just isn’t good enough.
We see being great at something as a starting point, not an endpoint. We set ourselves goals we know we can’t reach yet, because we know that by stretching to meet them we can get further than we expected. Through innovation and iteration, we aim to take things that work well and improve upon them in unexpected ways. For example, when one of our engineers saw that search worked well for properly spelled words, he wondered about how it handled typos. That led him to create an intuitive and more helpful spell checker.
Even if you don’t know exactly what you’re looking for, finding an answer on the web is our problem, not yours. We try to anticipate needs not yet articulated by our global audience, and meet them with products and services that set new standards. When we launched Gmail, it had more storage space than any email service available. In retrospect offering that seems obvious–but that’s because now we have new standards for email storage. Those are the kinds of changes we seek to make, and we’re always looking for new places where we can make a difference. Ultimately, our constant dissatisfaction with the way things are becomes the driving force behind everything we do.

What exactly are they "going back on"?

"The way they are treating this device launch"
What? They took preorders and said 3-4 weeks. That timeframe still isn't up, and they are currently sending out stock to brick and mortar retailers so they can have a unified launch. What exactly is the problem?

*philosophy

Trollololol
Sent from my SGH-I777 using xda premium

Really?! For a TABLET?! It's not that serious.
Sent from my EVO using Tapatalk 2

Damn dude. Get a grip.
Sent from my Galaxy Nexus using Tapatalk 2

jamerican413 said:
Really?! For a TABLET?! It's not that serious.
Sent from my EVO using Tapatalk 2
Click to expand...
Click to collapse
It is serious. It's life or death :laugh:
Seriously though, I was just trolling to stir the masses. Take this sh*t with a grain of salt.

Idiots. It will be shipped mid July. Quit crying. They are planning to do (and will likely achieve) EXACTLY what they said.

You could get yourself an iPad...

timmytim said:
It is serious. It's life or death :laugh:
Seriously though, I was just trolling to stir the masses. Take this sh*t with a grain of salt.
Click to expand...
Click to collapse
You have to much time on your hands
Sent from my HTC Sensation 4G using xda premium

P1 Wookie said:
Trollololol
Sent from my SGH-I777 using xda premium
Click to expand...
Click to collapse
Trollololol Guy

chROMed said:
You could get yourself an iPad...
Click to expand...
Click to collapse
I would never own that peice of over priced trash but thanks for the advice :good:

Got to get in before the ban hammer.
Sent from my Galaxy Nexus using Tapatalk 2

Android 4.2 Promotes Piracy?

4.2 multi-user function does not allow apps to be shared between users on the same device. (An app can share the same storage space, but you'd still need to pay for separate copies for each user.)
I'll use OmniWrench's comment on ArsTechnica in lieu of my own argument:
"I ask this as someone who codes for a living - Do you really think families sharing a single device are going to buy multiple copies of the same app? How realistic an expectation is that? Allowing sharing of paid apps on a single device seems like a raw deal for devs certainly, but realistically how many people would actually buy the same thing 2 or more times on the same device?
...
"The consequence of this approach is that my wife will not use my android devices under her account, she'll just occasionally do some stuff "as me", so she won't "feel at home" with the device or android, and hence, won't be as likely to purchase her own device (or apps) down the road."
A counter-argument presented is that Android apps are cheap vs PC apps, so app-sharing isn't needed. But this faceplants upon closer examination. An Android app isn't the functional equivalent of a PC app. A mobile game doesn't have the same content as a PC game. There are also various money-making mechanisms (IAPs) being employed in mobile games that aren't in PC games. But the bottom line is per OmniWrench's above: It's not realistic to expect people to pay for multiple copies of the same app on the same device, no matter what the cost is. People will just use a single account, or they will resort to warez.
This segues into the piracy issue. We all know that apps piracy is rampant on Android, and it's a major detractor for developing the eco. Devs won't play if they can't make money. My feeling is that 4.2 will promote more piracy, by pushing erstwhile legit users to resort to the warez route to make multi-user work per their expectations, ie with app-sharing. It's a slippery slope: Once people make the decision to use warez for certain situations, the natural inclination is that they'll use warez for other situations as well.
Please participate in the poll above, and voice your opinions.

Wow... this really grosses me out. I don't share my phone, but I certainly expected to share my Nexus 7 tablet (with wife and three kids). I don't want any of them in my email or other communication apps, but I'm happy to let them use anything else. I'd really looked forward to easy, one-click, secure sharing of my tablet. But on reading this, I think that I'll just continue to use App Protector to lock down Gmail, etc. The bum thing is that I also have to lock down Chrome, because the bugger either logs users into mail.google.com automatically or offers to do so. Thus, I can't let family members use Chrome at all on my tablet (although Dolphin is a fine substitute).

The adding a second user feature is something that I will never even try.

--
I go through enough gadgets that my wife and kids end up with their own tablets = "I do not share my (latest) toys" .

No it does not, it enables multiple users to use their own apps on the same tablet. Turning one tablet into four different ones.
What people seem to be confusing this with is a "kid's mode", where a different user is allowed limited access to another user's apps.
Either way Google was damned if they did/ damned if they didn't. They let everyone have access to paid apps they tick off devs, they don't they tick off some users.

It is quite a poorly developed idea.
My nexus is a family tablet, with a shared Gmail account.
I was hoping to put on my own Gmail account as a new user to migrate & amalgamate the two accounts' purchases.
No dice.

Concerned Android User.
I knew this was coming in some form or another.The whole thing is whats the right solution..
I actually thought Google would end up putting some type of device id tag in each app. This would allow it to run only on the device it was purchases for. But of course as much as we change devices and buy new ones. This would be very flawed.
Then there is the Each app linked to one google account. The app can then only be installed on a device using that Google account and only on one device at a time.. Well CO-PILOT tried this.. It failed miserably because of the Administration overhead when users switched or upgraded devices.(I was frustrated beyond belief).
I know its different but with windows Apps and programs for the most part are based on cpu id .. well product key generated from that and coa key. To install on that S pacific pc only.
So what would be Fair to everyone. Especially the Developers.. That is what this is all about. fair to developers and still works for users..
My opinion.. Some apps like simple games email type apps and so on are not so personal and should be allowed to carry on as they are.. But i do see how the apps like high end games and work processors apps. Should be maybe Tied to a Device not so much a Google account.. Well rephrase that
They should be somehow tied to a Google account but allowed to Run on One Device at a time.Any user on that device. Maybe pay a small fee per device above its primary device..
We will all have to give some on this Subject to keep app development moving to better app quality . Keeping developers and users Somewhat happy.. But there is not a solution to Keep this fair for both...
I am willing to pay a slight extra amount to use Really good apps on multiple devices. But only apps that truely make my life easier. Well more fun with some of the games.(thou im not big with games )
Sorry this is such a long winded post . There is change in the air.. Someone should start a true real discussion about this. Get Google and app developers involved . Before Google just decides for us.. We will loose on both ends if they do Developers and users..
PIRACY IS NOT A ANSWER TO THE PROBLEM....
you can get around this.. Setup your google account on the second user . Install the apps.. Then remove the account. Should work..
Work around ... Add the second account for this test ..
Primary account is Erica .
second account Erica Renee
I installed my google account to the erica renee user account. Open play store.. go to your apps .They will show as if they are not purchased . EXIT play store. REBOOT THE TABLET. log back into the second account and then you will see apps purchased .. You can install the paid apps..
Exit back to home screen. Go into setting and accounts Open the google account and delete it.. The paid apps from the first account will Be there still and usable.
The app i used to try this was Sketchbook Pro.. So this is not that big of a deal . My huge post above i still agree i would pay a small extra amount to use apps on multi devices. If the apps were worth it..

The only thing I thought about using a second user account is for my 3yr old, since she figured out how to exit out of Kid Mode (I swear this kid is more tech savy than most adults I know)

Problem is, one size does not fit all.
I can certainly see how highly personalized apps, such as games, should warrant a re-purchase of the game. Maybe that's just the developer in me talking, but when you look like online games like SC2, Diablo3 ... you can borrow the "device" to someone, and they could play it, under your account, but it's not the same experience, and neither is it legal under EULas for these games.
However, it is also clear to me that purchasing, for example, a widget (such as HD widgets) should really be tied to device. I made a second account for my wife, and while I appreciate that we can now have different account for Words With Friends, I will not be rebuying HD widgets, so my wife's account loses that ability.
And there are gray areas. Does VPlayer warrant a re-purchase? I don't know. But I can name many very expensive desktop applications that I have used for decades now, sharing them with my family, under the same device - Office, Photoshop, every single single player game.... this is where the confusion comes from. people are just not used to this re-purchase model, and for good reason!

kangy said:
The only thing I thought about using a second user account is for my 3yr old, since she figured out how to exit out of Kid Mode (I swear this kid is more tech savy than most adults I know)
Click to expand...
Click to collapse
Ha! Our 3 year old has figured out the same thing on the phone. He figured out some combination of the right app, going to landscape and back and the brief appearance of the menu bar which gets him to the desktop. We're still not totally sure how he manages it because the sneaky little monster will only do it when we're not looking. No joke.
I was hoping the multi user mode would have allowed me to set up a profile with just the few apps I'll let him play with (he is great at Cut the Rope, Bad Piggies, and all the angry birds).

Google really didn't think about this too deeply. The lead account should be the administrator of the device and when installing an app should be allowed to choose to install "Just for you" / "All users" / "Specific users".. etc etc..
It seems like a really half baked idea especially with the shifting folder tree for user accounts.. Seriously who thought of that idea? It's beyond stupid. Linux has the most simple and effective user and group management and it seems Google tried reinventing the wheel by making it square.

styckx said:
Google really didn't think about this too deeply. The lead account should be the administrator of the device and when installing an app should be allowed to choose to install "Just for you" / "All users" / "Specific users".. etc etc..
It seems like a really half baked idea especially with the shifting folder tree for user accounts.. Seriously who thought of that idea? It's beyond stupid. Linux has the most simple and effective user and group management and it seems Google tried reinventing the wheel by making it square.
Click to expand...
Click to collapse
Its more flat then square.. .
I totally agree with the deciding on What user to install for.. As well there should be settings in the admin account as to what type of apps a user can install. how much disk space they can use.. To really make it usable for what most in here want.. Limit time constraints and so on .
Im sure they will Build more into it as they go.. The way windows does multi user is awesome..
/user
/user/ erica
/user/ erica renee
/user/ guest
I have my /user /erica located on a second partition.. So if i wipe windows no worry about any data because now games email and everything uses the user account for the most part..
Something similar would be awesome..

Poll does not cover my use case.
My daughter can download free games on her ID. She can use my ID if she needs something I purchased.
Bringing up piracy in the context of multi-user is just stupid - people into stealing will and the rest of us won't.
Multiuser has nothing to do with it.
Current Google PlayStore works fine for me. I can download a paid app onto any device I register on my account.
Greedy developers who want more money out of me - can just go find a different customer. I won't buy their product.
I say that as a developer.

SoonerLater said:
Thus, I can't let family members use Chrome at all on my tablet (although Dolphin is a fine substitute).
Click to expand...
Click to collapse
Lol, as if that's a bad thing. Chrome is horrendous. I also think having played apps only work on one user is stupid as well.
Sent from my Nexus 7 using xda premium

I have a solution, though I'm not sure whether it's legal or not.
As you can still add multiple Google-accounts to a user, it's not really a problem, just can just add your google account to the other users,disable sync, switch to your account it in the Play Store, install the apps you want(it's just a matter of seconds,no second download needed)..problem solved.
As for your Kids, delete your Google-Account from their account after installing, the apps should still be available.
Worked for me.

I find myself agreeing with many of the sentiments voiced thus far.
I agree that this is part of Android's maturity process as it grows out of its phone roots. For phones, a per-user license model is the natural choice, as device-sharing isn't common. But once device-sharing is needed, this model breaks, and needs modification.
While there are various workarounds available as mentioned, I think there needs to be an official solution, if only for ease-of-use alone. Normal users shouldn't be expected to jump through hoops for a functionality as basic as sharing a device between family members.
For the short term, I think a restricted-mode (aka kid's mode) for the primary account would be very useful for a family device, more useful than the current fully-segregated acct scheme. This avoids any app-sharing abuse, as the restricted mode can't be used as an independent account.
For the long term, I think a more granular licensing scheme is needed for apps. Example: For a $5 app, an "auxiliary" license (say $1) may be offered for a separate account on the same device. This allows the dev to still make some money, but not large enough to push users to avoid paying the cost of a full second license.
I don't think a per-device scheme would be advisable, as it would get confusing and complicated when mixed in with per-user apps. The more complications to paying, the more people will opt for the easy way out, which is warez.
Speaking of piracy, yes, there will alway be people who pirate no matter what. But the facts are that piracy is a major problem for Android, because it is so damn easy and convenient for people to find pirated apps. The more hassle it is for users to pay for what they want, the more people will pirate. Think of it as a convenience function.
It's also a function of user expectation. As some said, we are used to the PC's per-device licensing model for family devices, and paying multiple times for the same thing on the same device just seems wrong, no matter how you couch the argument. I think users can be weaned away from this to the per-user model, but only gradually, and with carrots to lead the way. Doing an abrupt about-face like the current multiuser implementation would only antagonize the user, and be a recipe for increased piracy. Look no further than the music and movie markets for a taster of the draconian approach.

I consider it to be the same thing as two different devices. My solution there? The official Google one. I add my Google account to the Play Store so when I buy something, my wife can use her tablet, go into the store, switch to my account and install it. I'm in the same boat as one of the previous folks said and upgrade often so I don't anticipate having to worry about the multi user deal. I'd actually rather see the ability to add other accounts that aren't tied to a google account for more of a work / fun separation.

My experience is different.
I have separate Google account for buying app, email, and even contacts.
So, I can still share my purchased apps with multi user setup.
On my main account, I setup in the following order:
- google account for buying app
- then add my Gmail account
On second user:
- my wife Gmail account
- then add the Google account for buying app
And I have no problem installing my purchased apps on both users.
Note that I always buy apps, I don't pirate. Even app as expensive as TomTom.
The thing is... I want to share with my family members. Those are my families, we share a house, television, Nintendo Wii, etc.
I share a desktop computer pc with all the apps.
I always do that, and I don't think that's wrong.
And I don't want to change that.
That should be the way multi user setup in a single device.
If I have to buy multiple copies of app, then that's just greedy, and not practical.
Sent from my Nexus 7 using xda premium
---------- Post added at 10:24 PM ---------- Previous post was at 10:14 PM ----------
I don't think I can agree with calling apps sharing an "abuse" and wrong.
I meant, if I have a tablet with an app there, I am may not give it to my wife or kids to play with it? Just because I bought only one license?
"Sorry kid, this is daddy's toy. You may not play this game, daddy only bought one license"
So for that, I must hide the tablet?
That's absurd.
I have never thought like that ever.
e.mote said:
I find myself agreeing with many of the sentiments voiced thus far.
I agree that this is part of Android's maturity process as it grows out of its phone roots. For phones, a per-user license model is the natural choice, as device-sharing isn't common. But once device-sharing is needed, this model breaks, and needs modification.
While there are various workarounds available as mentioned, I think there needs to be an official solution, if only for ease-of-use alone. Normal users shouldn't be expected to jump through hoops for a functionality as basic as sharing a device between family members.
For the short term, I think a restricted-mode (aka kid's mode) for the primary account would be very useful for a family device, more useful than the current fully-segregated acct scheme. This avoids any app-sharing abuse, as the restricted mode can't be used as an independent account.
For the long term, I think a more granular licensing scheme is needed for apps. Example: For a $5 app, an "auxiliary" license (say $1) may be offered for a separate account on the same device. This allows the dev to still make some money, but not large enough to push users to avoid paying the cost of a full second license.
I don't think a per-device scheme would be advisable, as it would get confusing and complicated when mixed in with per-user apps. The more complications to paying, the more people will opt for the easy way out, which is warez.
Speaking of piracy, yes, there will alway be people who pirate no matter what. But the facts are that piracy is a major problem for Android, because it is so damn easy and convenient for people to find pirated apps. The more hassle it is for users to pay for what they want, the more people will pirate. Think of it as a convenience function.
It's also a function of user expectation. As some said, we are used to the PC's per-device licensing model for family devices, and paying multiple times for the same thing on the same device just seems wrong, no matter how you couch the argument. I think users can be weaned away from this to the per-user model, but only gradually, and with carrots to lead the way. Doing an abrupt about-face like the current multiuser implementation would only antagonize the user, and be a recipe for increased piracy. Look no further than the music and movie markets for a taster of the draconian approach.
Click to expand...
Click to collapse
Sent from my Nexus 7 using xda premium

Perhaps it could be something set at the app level by developers. If a developer doesn't mind his app being used by multiple users on a device then he can allow it in the app itself. However there will also need to be some way of managing this, perhaps via another option on the play store. a simple check box with "make this app available to other users of this device" would be more than enough, and it's either visible only on apps which allow it, or it's greyed out on apps that disallow it with an explanation why.
Devs could then offer single user and multiuser apps for additional cost.

adfad666 said:
Perhaps it could be something set at the app level by developers. If a developer doesn't mind his app being used by multiple users on a device then he can allow it in the app itself. However there will also need to be some way of managing this, perhaps via another option on the play store. a simple check box with "make this app available to other users of this device" would be more than enough, and it's either visible only on apps which allow it, or it's greyed out on apps that disallow it with an explanation why.
Devs could then offer single user and multiuser apps for additional cost.
Click to expand...
Click to collapse
I would agree with this . But i think the best solution is to somehow bind each user to your google app account. And have the app limited to run on say 3-5 devices Only.. As to where you can remove a device when you retire it. Get a new one you can install your apps. Of course some type of device validation. Google has that now with wallet . As far the above with multi user a device. There needs to be in the app manager a way to make this app available for all users.. FIXES Both issues.
Great Replies everyone.. I am so glad to see this thread civil. they usually are not so much

Google's thirst for your info.

i guess this is a general subject, but fits in this forum because we're (nexus users) probably more affected than the rest of the android world. In short, i'm not liking Google's thirst for collecting info in order to sell us ads, tailor and filter information that gets to us, or even sell our info to other companies (android police had an article a while back about a company who was doing this). But let's go back in time a bit first...
My first android device was back in 2010, and i've been through a few htc and samsung devices, galaxy nexus, nexus 4 and of course nexus 5. Now, whoever had a galaxy nexus might remember how android was back then, ICS just came out, it was the first version that could actually compete with it's rival OS's, and the official builds on the galaxy nexus were very close to AOSP.
On the nexus 4 we started to see some changes, Chrome replaced AOSP's browser (Browser) even though it was still not ready for that role yet and despite it coming a long way to where it is now, IMO it's still not as good as the stock browser was. Google Play Music also replaced Music as the default music player and so on..
On the nexus 5 Hangouts replaced stock Messaging (in my opinion it also is not ready for that role yet) and last but not least we're witnessing how G+'s Photos is going to replace Gallery (which is simple and fast, works great, and has a mighty lil photo editor).
Let's add to that Photosphere, a feature exclusive to nexus devices, and the Google Experience launcher (exclusive to nexus 5). So we've reached quite a big divergence from AOSP.
Another thing is how Google is forcing it's social network, either through binding playstore/youtube comments with it, photos, G+ sign in, Game hub (Play Games) etc.. Basically, you have to have G+ to be able to do simple stuff.
Also, we all know that one of the reasons they killed microSD support was to get people to use their cloud services, Keep, Drive, GMusic, G+ autobackup photos...
Other than forcing it's services, Google likes to tailor things for us. A simple example is the Youtube app, it's default opening screen is "What to watch" instead of subscriptions.
Also, Google Now is a cool concept, and it can be very helpful, but it kind of adopts the concept of offering you the info (it thinks) you need, according to certain algorithms. And that's the way Google's search engine has been functioning for years. And it's not only a Google thing, everybody does it, facebook, yahoo etc..
If you've read this far, and this subject interests you, watch this TED talk http://www.youtube.com/watch?v=B8ofWFx525s
I've been thinking about this subject for a while, and honestly, i have mixed thoughts about it. I use Google's services and i actually like Google as a company -despite the lil rant above- but i try my best to control what info i share with them, and i'm definitely not liking the route Google is taking with android, causing fragmentation even between nexus devices, closing down a lot of open source services and forcing it's own, and tailoring stuff for me. I don't need someone to think or make decisions on behalf of me, i want to be able to decide what i want to see/read/know about/use. I also want android to stay as open sourced and available to everyone as it can be.
So what's your take on this subject? do you have any concerns about your privacy and the info you share with Google's servers? and how about the android -or should i say Google- experience on the N5 compared to AOSP or past experiences you had with previous nexus devices, do you see any difference?

Google uses your data to build out great services. They also get a lot of money for advertising, and that's just the way it is. Do you think they should give Maps and Gmail away for free to people without getting something in return? Everyone who buys a Nexus device or uses Google's services understands this. You said in your post that Google forces their services on us, but you aren't being forced to use a Nexus device, or use Maps and Gmail. You made that decision yourself, so I don't understand why you're complaining.

Oh no, Google can't do nothing bad. It's Apple's fault.
Sent from my Nexus 5 using Tapatalk

I don't really understand what you are getting at. If you don't like all of the Google services then why not install cyanogen mod? The sole purpose of a business is to make money for it shareholders and Google is a business. They provide amazing apps and services for "free". I put free in quotes because you are indirectly paying for it. No one is forcing you to use Google phones or Google services.
Edit* okay I do understand what you are getting at but I don't feel that Google is hiding it from its users. It's no secret that Google sells ads. That is their business. They can become a more successful business if they gather more information about its users. I am aware of what Google does when I use its services and I accept it because I use the services they provide and don't have to pull out my credit card.

It's not that hard to understand; why are we all flaming this dude? He was just asking for everyone's opinions.
I agree with you 100%. Especially as I initially made the switch from CM9 to CM10, I was really wary about Google Now. It seemed like it was collecting waaaayyyyy too much info. The G+ integration in Google Play and Youtube also ticked me off.
However, the more I think about it, Google is still being sensible. Google Now can't be compared to Siri because Siri can't do crap; Siri just takes what you say and searches it up. Google Now can be turned off, and if you don't want it always tracking your location, just turn off location and it'll turn off all the location-based cards.
I'm also intrigued (not concerned) by Google's recent actions, especially with the acquisition of Moto, the release of Moto X and Moto G, and the introduction of so many GPe devices. Perhaps Google feels threatened by Samsung and feels the need to tighten its grip? The Nexus/GPe community used to be solely dominated by Samsung, but now it's seen entrances by HTC, LG, Asus and Sony. It seems to me that everything Google has done in the past few months has been forced by Scamsung and Crapple, and that we shouldn't really feel concerned in any way...yet.

The whole world runs on information and EVERYONE is trying to collect as much as possible. You might as well let it benefit you. Imagine if you had to pay for an email client, gps, countless news subscriptions, data hosting, and on top of that, had to pay for every new software version as it was made available. Even paid services are focused primarily on learning as much about you as possible. At least they are trying to learn what interests you to offer you something you might actually want!
I for one am very sad to see Google's Android deviate so far from pure Android. I am not a fan of the Google Experience launcher and I miss the beautifully simple AOSP experience. Even when I do run stock android, I fill it up with Google services. I think the point here is that you should choose what you want... ESPECIALLY with a Nexus device. The Nexus has become too commercial with the N5.
Sent from my Nexus 5 using xda app-developers app

I dont want anyone selling my data. I do appreciate that I use many Google services for free so I'm happy for their bots to analyse my data to sell tailored advertising to support these services.
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit

rootSU said:
I dont want anyone selling my data. I do appreciate that I use many Google services for free so I'm happy for their bots to analyse my data to sell tailored advertising to support these services.
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
Click to expand...
Click to collapse
Long as i dont get junk in my email or mailing address, besides what do you got to hide huh? unless you're al qaeda right? or some terrorist..
Google doesn't sell your info to other people, and nor does it "read" your inbox or someone is "reading" it, it looks for certain keywords then deliver ads based on that... test it your self on your phone email your self with any subject and just make a random sentence containing the word viagra, you will now receive ads that have to do with "Male enhancement pills".. google does this to provide cheap devices such as the chromecast and nexus line they want you to buy it in return for your interests then deliver ads based on that then google gets paid by the advertiser or the marketing campain, so lets just call this instead of google stalking you or like mining your information like gold think of it as google trying to see what you're interested into and deliver that to you!
oh also inb4 someone says punctuation is your friend

I've always been very bugged about this that's why I try to download privacy apps to control what permissions they are asking for
Sent from my Nexus 5 using Tapatalk

Google is just a modern day netzero (from back in the days). The sooner you realize that, the better you'll be able to set your expectations.
That being said everything you find worrisome, you can substitute with a different service. It's not being forced to you.
The reality is, you made a calculation that the benefits outweighs the costs. You just may not be conscious of it.
Lastly, the nexus line is pure Google, it's not pure asop. It's Google flavored android, just as htc one is htc flavored android.
Sent from my Nexus 5 using Tapatalk
---------- Post added at 12:08 AM ---------- Previous post was at 12:04 AM ----------
nohcho said:
Oh no, Google can't do nothing bad. It's Apple's fault.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Stawman
Sent from my Nexus 5 using Tapatalk

markdapimp said:
Long as i dont get junk in my email or mailing address, besides what do you got to hide huh? unless you're al qaeda right? or some terrorist..
Google doesn't sell your info to other people, and nor does it "read" your inbox or someone is "reading" it, it looks for certain keywords then deliver ads based on that...
Click to expand...
Click to collapse
This is exactly my point. You seem to be arguing my point back to me, which makes no sense. Perhaps you misread my post

Nothing online belongs to you.. there are many ways to stay frosty on android.
Sent from my AOSP on HammerHead using Tapatalk

i guess some people didn't get my point, maybe since English is not my native language.
Anyways, as i mentioned in my previous post i do use Google services, and i'm grateful that most of them are free. But it's getting harder and harder to control your privacy. Look at the new location concept in kitkat, you can't switch location OFF completely from the power widget, you have to take additional steps and go into settings. Furthermore, on previous versions, you could use GPS, let's say for sport tracking apps, but deny location from all Google apps. Now you can't do it anymore, even if you use "device only" Google's apps (and facebook and others) are able to ask for your location.
Same goes to the Photos app, if you log in your G+ account, and choose photos from the slide menu, you'll see all your photos, even if they are still only on your device (autobackup OFF), something like the GMusic concept with on-device/cloud music. Honestly, i don't want my photos on G+, and i have a feeling i'll be forced soon to upload them whether i like it or not, just like the location thing.
Also i want to be able to choose what G services i want to use. AOSP still gives that freedom, but no one can deny that Google progressively is stopping to develop AOSP apps, and it's forcing it's own. I think some around here take stuff that Cyanogenmod or the Paranoid team (and others) do for granted. I think people should be thankful for things like 8Sms , Focal and so on, and recognize the effort put in them, and help (test/report bugs) and donate to those devs to encourage them to polish these apps and make them even better. Honestly, i think we were lucky to get to choose what sms client we want as default, if it was up to Google, we wouldn't have that option available.
And lastly, look at what happened to App Ops, it would've been a nice tool to give back control to the end users, but it was killed in the last update with a statement that it was never meant to go public. If they are afraid some people will misuse it and break app-functionality (then whine about it) , well they could've put it in Developer Options right beside ART and the rest of the stuff that can potentially break things on your device.
So as a conclusion, i do like and use Google services, but i also don't want to be forced to share my private data, i just want to be able to do it in the range that i'm comfortable with, and putting everything on Google's servers does not make me feel comfortable :good:

You're never forced to share your data... You don't even have to use your real name on an account!
Sheesh.
Sent from my Nexus 5 using Tapatalk

Cirkustanz said:
You're never forced to share your data... You don't even have to use your real name on an account!
Sheesh.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That's cool, can I use your name when buying my next phone.... how about my Google store/wallet account, oh yeah and PayPal
makes you wonder why so many laws in the past prohibited such practises... they must of been real stooooopid!! haha
also if it was a bad thing lots of literature would have been written about it, warning us

meangreenie said:
That's cool, can I use your name when buying my next phone.... how about my Google store/wallet account, oh yeah and PayPal
makes you wonder why so many laws in the past prohibited such practises... they must of been real stooooopid!! haha
also if it was a bad thing lots of literature would have been written about it, warning us
Click to expand...
Click to collapse
Don't be silly.
You can pay cash for an Android phone. You can even pay cash for a Nexus 5.
You have the option of paying for mobile purchases with your carrier account, and have you never heard of a pre-paid visa card? There are all kinds of ways to get one without providing any personally identifiable information of any kind. The point of google store purchases being an invasion of your personal information is also entirely moot as you can very easily use an Android phone without making a single purchase on the play store.
You don't even have to use wallet, in fact most Android users CANNOT even use wallet to its fullest since they don't have NFC in their phones.
For real now, if you think your personal data is so valuable and sacred, have fun not having a checking account, loan, a real job, or a real place to live.
You don't even have to have google services running on your phone. This is XDA...install a custom rom and just don't load gapps. Or be even more lazy about it and just disable those apps in settings and they don't run.
That's me being silly. See how that works?

Here's my theory on the issue...
The way I see it is that a person has three choices:
1. Go completely off-the-grid, paying (limited) bills in cash, never engaging with the internet, and forgoing many modern technological conveniences.
2. Allow some personal information here and there, trying to maintain control by engaging with services that can be discontinued when they "cross the line".
3. Allowing access to all personal information online, engaging with anything and everything.
The third is simply not an option for me. I have no desire to have for-profit corporations spamming me with offers for crap I don't want and selling my private, personally identifiable information to anyone and everyone.
The first is really not an option, either. I don't want to be completely cut off from friends or have contacting them be excessively difficult. It is convenient to pay my rent, utilities, and other bills online. Frankly, I'm not good enough with any type of work that allows one to go off the grid to make a living.
So, that leaves me with the second option. I monitor changes to privacy and terms of service policies for the services that I use. I try to limit the services that I use. Obviously, I have a bank account and that comes with the need to provide some information to the bank, but also the ability to monitor my money and immediately flag appropriate people if anything suspicious happens. I have a Google account and a Nexus 5, ergo I use Google's services. And here's what's important to me: I can delete my Google account any time I want. With something like Facebook, it was a lot more difficult to do that once I became uncomfortable with my of the changes Facebook was making. Also, with Google, I can opt-out of many of the services that make me uncomfortable, such as targeted advertising or using my +1's as endorsements. If that ever goes away, I will absolutely reconsider my position. I maintain multiple Google accounts, actually, as a means of limiting who can see what information about me. I have a personal account, which has the most information about me and which is as locked down vis-a-vis Google as I can make it, but which allows my friends and family the best means of interacting with me. I have a professional account, which has only information relevant to my work. I have an "partial-incognito" account, which does not have explicitly identifiable information about me. I have a few completely incognito accounts, which I only ever access through very restricted circumstances, like a proxy server, and have absolutely no information that could be tied back to me. Frankly, that's about the best I can do.
I have chosen to make a tradeoff, information for convenience. The line where I am willing / unwilling to make that tradeoff is a massive grey area and I constantly reevaluate it. Sure, it's annoying to have to stay on top of it, but it's a fact of modern life. As long as Google gives me the option to delete my account whenever I want, I give them the benefit of the doubt and continue providing (limited) information about myself in exchange for some extremely useful services (unfortunately, this isn't the same deal I can make with the NSA).

Lokitez said:
Here's my theory on the issue...
The way I see it is that a person has three choices:
1. Go completely off-the-grid, paying (limited) bills in cash, never engaging with the internet, and forgoing many modern technological conveniences.
2. Allow some personal information here and there, trying to maintain control by engaging with services that can be discontinued when they "cross the line".
3. Allowing access to all personal information online, engaging with anything and everything.
The third is simply not an option for me. I have no desire to have for-profit corporations spamming me with offers for crap I don't want and selling my private, personally identifiable information to anyone and everyone.
The first is really not an option, either. I don't want to be completely cut off from friends or have contacting them be excessively difficult. It is convenient to pay my rent, utilities, and other bills online. Frankly, I'm not good enough with any type of work that allows one to go off the grid to make a living.
So, that leaves me with the second option. I monitor changes to privacy and terms of service policies for the services that I use. I try to limit the services that I use. Obviously, I have a bank account and that comes with the need to provide some information to the bank, but also the ability to monitor my money and immediately flag appropriate people if anything suspicious happens. I have a Google account and a Nexus 5, ergo I use Google's services. And here's what's important to me: I can delete my Google account any time I want. With something like Facebook, it was a lot more difficult to do that once I became uncomfortable with my of the changes Facebook was making. Also, with Google, I can opt-out of many of the services that make me uncomfortable, such as targeted advertising or using my +1's as endorsements. If that ever goes away, I will absolutely reconsider my position. I maintain multiple Google accounts, actually, as a means of limiting who can see what information about me. I have a personal account, which has the most information about me and which is as locked down vis-a-vis Google as I can make it, but which allows my friends and family the best means of interacting with me. I have a professional account, which has only information relevant to my work. I have an "partial-incognito" account, which does not have explicitly identifiable information about me. I have a few completely incognito accounts, which I only ever access through very restricted circumstances, like a proxy server, and have absolutely no information that could be tied back to me. Frankly, that's about the best I can do.
I have chosen to make a tradeoff, information for convenience. The line where I am willing / unwilling to make that tradeoff is a massive grey area and I constantly reevaluate it. Sure, it's annoying to have to stay on top of it, but it's a fact of modern life. As long as Google gives me the option to delete my account whenever I want, I give them the benefit of the doubt and continue providing (limited) information about myself in exchange for some extremely useful services (unfortunately, this isn't the same deal I can make with the NSA).
Click to expand...
Click to collapse
That's the type of answer i was looking for, thank you for this :good:
i can recognize myself in most of the things you wrote, basically that's how i feel about it too. i hope we won't get to the part where we'll have to "reconsider our position", but all the closing down and limitations are an indication that we're heading that way (i hope i'm wrong).
I started this thread to hear what others think about this subject, and to see if maybe i'm being excessively paranoid

Cirkustanz said:
Don't be silly.
You can pay cash for an Android phone. You can even pay cash for a Nexus 5.
You have the option of paying for mobile purchases with your carrier account, and have you never heard of a pre-paid visa card? There are all kinds of ways to get one without providing any personally identifiable information of any kind. The point of google store purchases being an invasion of your personal information is also entirely moot as you can very easily use an Android phone without making a single purchase on the play store.
You don't even have to use wallet, in fact most Android users CANNOT even use wallet to its fullest since they don't have NFC in their phones.
For real now, if you think your personal data is so valuable and sacred, have fun not having a checking account, loan, a real job, or a real place to live.
You don't even have to have google services running on your phone. This is XDA...install a custom rom and just don't load gapps. Or be even more lazy about it and just disable those apps in settings and they don't run.
That's me being silly. See how that works?
Click to expand...
Click to collapse
well none of that was my point, but don't worry about it. your willing to give my and my children's freedom away.. no argument will ever be good enough for you to stop you doing that.

Personally i don't care what Google knows about me (i'm not that interesting and i got nothing to hide - heck let the NSA spy on me too. don't care). I love their services and don't see anything wrong with them using my info to make $$. They are providing me with a service that makes my life a lot easier/better. I also really like the consolidation of Google aps and services and the synergy it creates. Google may force you to use one service to access part of another, but they do not force you to use anything you choose not to. If you don't like G+ integration, don't use Google's suite. I'm not trying to flame the OP, but i just don't get the point of this post. If you don't like something the best way is the speak with your wallet. If enough people do that maybe Google will pay attention.
---------- Post added at 12:58 PM ---------- Previous post was at 12:49 PM ----------
rayiskon said:
That's the type of answer i was looking for, thank you for this :good:
i can recognize myself in most of the things you wrote, basically that's how i feel about it too. i hope we won't get to the part where we'll have to "reconsider our position", but all the closing down and limitations are an indication that we're heading that way (i hope i'm wrong).
I started this thread to hear what others think about this subject, and to see if maybe i'm being excessively paranoid
Click to expand...
Click to collapse
this is why you started the thread? to hear opinions that validate your own? i thought it was to spark discussion?

De-Google-ing my Note 9

Hi guys. I'm starting this thread in hopes of sparking a conversation and a concerted effort to rid ourselves as users from the clutches of Google and other big tech companies. I am sick and tired of Google tracking me and attempting to force feed me ads on a daily send constant basis. Then selling my info to other companies such as Facebook. So, I have started down the path of decluttering (De-Google-ing) my device(s). I am primarily interested in securing my device as much as possible and protecting my privacy.
So far, I have reformatted my entire device to factory default settings installed and using F-Droid (FOSS) for all my apps. I use Yandex as my search engine (I am often to suggestions and recommendations) in the "private browser" app. I use Aurora instead of Google Play store, New Pipe for YouTube-ing, Frost for Facebookingand SlimSocial for Twitter. I have stopped using Google keyboard and any other Google apps. I have abandoned gmail and replaced it with proton mail instead. So far, no ads and as far as I can tell, no tracking. I have also installed a VPN and am using it religiously—Cyber Ghost, a $99 for 3 years subscription with support up to 8 devices.
However, I am still very much connected to Samsung for I am not privy as to whether or not Samsung is as sinister as Google and Facebook.
Again, I am open to all suggestions, corrections and recommendations. Thank you and I hope to engage with you all.

leave it up to them yandex russians to protect your privacy.
but seriously. the most dangerous thing you can do is acctualy think that the steps you take are really making your life private.
vpns just channel the traffic to an other end point and does the queries for you then sends the data encrypted to you.
the queries are still made on the www. account info and all things you store or access online is still accessible by the www. vpn companies just fool you into thinking that the data being relayed to you is the only weak link. plus the free ones mine your data.
best thing you can do is not use social media. its made to invade your privacy. its designed to fool you into giving as much of your personal life info as possible and sell your habits to add companies so they can in turn send you quatered adds.
the minute you use the internet you void your privacy regardless of how you think the measures you take are working or effective. and what are you going to do about the 100 and 1000's of companies being hacked and their data mined and sold every month? you cant do anything about that. plus its much better for hackers to get their info from a big company because you get much more than just 1 dude that does his banking online and chat every now and then.there is no money to be made from 1 individual.
if you think people are specifically after you, you are gravely being fooled by the vpn ad campaigns that have been poping up everywhere about "privacy".( they must hide the fact that they also get hacked very well.its just that the media hasint picked up on it yet)
anyways who want to waste time on an end user/device?
when again you just need to hack equifax like a few years back and you get the motherload instead.
all in all I've abandoned the thought of real privacy. its futile.( even abstinents dosen't work because companies and governments don't secure customer data correctly. and unfortunately if you are born, you must be branded and labeled and filed away.)
live your life. just know that what ever you do you can't escape big brother and your data from being leaked by the big companies that say that it is secured with them.
the whole infrastructure relies on them companies and the habits we have been embraining ourselves and our children with is the problem.. we live our lives intertwined with the services and devices that we take for granted and have clicked next next next through polices and consent forms for over 25 years now whithout even giving it a second though. we're in over our heads now and it is a little late to back out. this was al dine by design and all voluntarily. its crazy how marketing is evil.
a cabin in the woods is the easiest and most secure thing one can do. anything shy of that is a waste of time and a false feeling of privacy.
anyways I'm going around in circles now.
one thing for sure is that the criminals we think that we need cover from are not who we think they are.
they are the FCC dealing with big telcos, they are the big media giants spewing false information and fabricates facts. they are in our governments in the highest ranks pushing hidden agendas and most of all they are the big social media platforms remodeling our society each day under our noses at our expense.
but hey this is not new. the internet police is just tring to make you think it is and spend 9.99$ a month for a vpn lol
good luck.

I just stopped using as many Google apps as I can and switched over to MS Office apps and use Samsung services where I can too...

bober10113 said:
leave it up to them yandex russians to protect your privacy.
but seriously. the most dangerous thing you can do is acctualy think that the steps you take are really making your life private.
vpns just channel the traffic to an other end point and does the queries for you then sends the data encrypted to you.
the queries are still made on the www. account info and all things you store or access online is still accessible by the www. vpn companies just fool you into thinking that the data being relayed to you is the only weak link. plus the free ones mine your data.
best thing you can do is not use social media. its made to invade your privacy. its designed to fool you into giving as much of your personal life info as possible and sell your habits to add companies so they can in turn send you quatered adds.
the minute you use the internet you void your privacy regardless of how you think the measures you take are working or effective. and what are you going to do about the 100 and 1000's of companies being hacked and their data mined and sold every month? you cant do anything about that. plus its much better for hackers to get their info from a big company because you get much more than just 1 dude that does his banking online and chat every now and then.there is no money to be made from 1 individual.
if you think people are specifically after you, you are gravely being fooled by the vpn ad campaigns that have been poping up everywhere about "privacy".( they must hide the fact that they also get hacked very well.its just that the media hasint picked up on it yet)
anyways who want to waste time on an end user/device?
when again you just need to hack equifax like a few years back and you get the motherload instead.
all in all I've abandoned the thought of real privacy. its futile.( even abstinents dosen't work because companies and governments don't secure customer data correctly. and unfortunately if you are born, you must be branded and labeled and filed away.)
live your life. just know that what ever you do you can't escape big brother and your data from being leaked by the big companies that say that it is secured with them.
the whole infrascturuce relies on them companies and the habits we have been embraining ourselves and our children with is the problem.. we live our lives intertwined with the services and devices that we take for granted and have clicked next next next through polices and consent forms for over 25 years now whithout even giving it a second though. we're in over our heads now and it is a little late to back out. this was al dine by design and all voluntarily. its crazy how marketing is evil.
a cabin in the woods is the easiest and most secure thing one can do. anything shy of that is a waste of time and a false feeling of privacy.
anyways I'm going around in circles now.
one thing for sure is that the criminals we think that we need cover from are not who we think they are.
they are the FCC dealing with big telcos, they are the big media giants spewing false information and fabricates facts. they are in our governments in the highest ranks pushing hidden agendas and most of all they are the big social media platforms remodeling our society each day under our noses at our expense.
but hey this is not new. the internet police is just tring to make you think it is and spend 9.99$ a month for a vpn lol
good luck.
Click to expand...
Click to collapse
Oy vey! Thank you very much for yor contribution. It is very much appreciated and I see what you are saying.

AndroidUser00110001 said:
I just stopped using as many Google apps as I can and switched over to MS Office apps and use Samsung services where I can too...
Click to expand...
Click to collapse
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?

Nonetheless, what are some good and viable alternatives to Google and optimally "securing" one's device (taking everything bober10113 has said).

michel5891 said:
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?
Click to expand...
Click to collapse
Like the other poster said, I gave up on worrying about privacy. I made the switch for other reasons and privacy was down on the list...
I just do not like what Goolge has been doing lately, especially blocking ad blockers soon in Chrome so I switched to MS Edge on Android and the Chromium version of Edge for desktop and the rest of the apps just followed through. I am seeing how the switch works for myself and if all goes well I will switch back to MS for the small company I work for.
I gave up on Gmail, Google Drive and all their office apps so far and I stopped using Nexus/Pixel phones for the first time in 10 years. I started with the S9+ which I enjoyed for a couple of months and then got a Note9 during a holiday special and now I cannot wait for the Note10.
Privacy is what it is nowadays... We should all own our data and if we choose to let be used as companies are doing now then we should get a slice of all the money being made but I doubt it will ever get to be something like that.

michel5891 said:
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?
Click to expand...
Click to collapse
I wouldn't think that they are any better than Google's. Majority of the companies out there that are international had to adhere to the EU rules of privacy, so a lot of them have adopted those standards. NOT ALL OF THEM. That's why all of a sudden you are getting new agreements from all the major companies that touch each section of land on the world.
I still don't trust any of them even to that point.
This is morbid. I have been thinking a lot more about death, debt, privacy and such, and I have come to the conclusion that I honestly don't care about my own anymore because it has been stolen, including my wife's. Future children though, I worry about them because you don't even have to mention their name on the internet and somehow every major company knows about them.
Ever had a conversation with someone without actually looking something up on the web, and then a day or two later Google and other ads start showing things concerning what you were talking about to someone in person? Yeah, it has happened to me numerous times now I can't even count anymore.

Jammol said:
Ever had a conversation with someone without actually looking something up on the web, and then a day or two later Google and other ads start showing things concerning what you were talking about to someone in person? Yeah, it has happened to me numerous times now I can't even count anymore.
Click to expand...
Click to collapse
YES!!! I noticed this a few months ago. My wife and I were talking about some random subject and BAM there it was in my Google discovery feed.
I mentioned that to her and she thought I was crazy until it happened again.
My friend was over last week, he mentioned something about a car he is fixing up and once again in my Google feed...
*EDIT*
I am not going to go as far as saying they are listening because my wife did say she looked up what we were talking about later on that day on her phone so I am guessing it is more GPS based then Google listening to give them the benefit of doubt for now. I need to ask my friend if he searched anything while here...

You want to De-Google your phone? Sell it and don't get an Android phone. Don't get an iPhone, either. In fact, get one of those huge car phones from the 80s. I can't add really anything that hasn't been said, other than some slight humor, but again, if you want privacy, stay off the internet.

AndroidUser00110001 said:
YES!!! I noticed this a few months ago. My wife and I were talking about some random subject and BAM there it was in my Google discovery feed.
I mentioned that to her and she thought I was crazy until it happened again.
My friend was over last week, he mentioned something about a car he is fixing up and once again in my Google feed...
*EDIT*
I am not going to go as far as saying they are listening because my wife did say she looked up what we were talking about later on that day on her phone so I am guessing it is more GPS based then Google listening to give them the benefit of doubt for now. I need to ask my friend if he searched anything while here...
Click to expand...
Click to collapse
This is what I'm trying to prevent. Exactly the same thing had happened to me. We were simply discussing an AC unit; never looked it up or mentioned the name of it and the exact make and model in the room we were in showed up.

michel5891 said:
This is what I'm trying to prevent. Exactly the same thing had happened to me. We were simply discussing an AC unit; never looked it up or mentioned the name of it and the exact make and model in the room we were in showed up.
Click to expand...
Click to collapse
Yeah it's super duper creepy. Funny thing is since I refreshed my Note 9 up to PIE, I haven't given assistant or google search any permission to use my microphone and I don't even have them setup!

this might help:
https://support.google.com/websearch/answer/6030020?co=GENIE.Platform=Android&hl=en
turn voice activity off. also check your history to see if it has any recording...