Related
I realise that this is very much a "how-long-is-a-piece-of-string" type question, but I'd really like to get some idea of the costs and time involved in developing an app for the Android market compared to the iPhone.
My understanding is that it doesn't cost developers to submit apps to the Android Marketplace (as opposed to the iPhone Developer’s Program which costs $99 a year). So there's a saving there.
But in terms of development costs, would you suggest that hiring a developer to create an Android app would be cheaper because the market's smaller? Would it make no difference at all? Would it be harder to find a developer to code for Android?
Basically, any thoughts anyone has on this would be really appreciated.
Cheers,
Why don't you try and find out? Ask some (android)developers what app x would cost and ask some (iphone)developers the same
for most applications it should be cheaper to hire an Android programmer because you develop in standard Java and this is the most widely used language in computer science education. Eclipse is also a standard development environment many young programmers are familiar with. Even I was able to code my first Android application in a matter of minutes.
Objective-C on the other side is a nieche language. Of course, every good progammer can learn that language in a couple of hours or at least days but there are definitly more experienced Java programmers out there and they can reuse code (snippets). Java code is so ubiqitous you can find for a lot of problems coded and tested solutions. So two reasons: there are much more Java programmers out there and they can develop faster. Specific Android experience is not needed as long as you don't want to program kernel extensions or things like that.
But I guess the Apple-market is still more profitable because Apple users are trained to spend money. So even as it may cost more to develop it also brings in more revenue. I hope the sheer amount of Android handsets out there will outweigh this advantage soon.
Humm .. i think this is a tricky question.
While it will definitely be cheaper to develop an application for android, the question you might want to ask (depending on what you want to do) is what is the ROI of an Android application versus and IOS application.
And even then, depending on the type of application & the demographic your app will be targeting (not to mention usability, design, general app quality) the response will likely vary quite a bit too.
But globally yeah, it's cheaper and less a hassle to make an android app i'd say. ..then again, i have an allergy to apples, and this is an android forum after all
robert_tlse said:
Humm .. i think this is a tricky question.
While it will definitely be cheaper to develop an application for android, the question you might want to ask (depending on what you want to do) is what is the ROI of an Android application versus and IOS application.
And even then, depending on the type of application & the demographic your app will be targeting (not to mention usability, design, general app quality) the response will likely vary quite a bit too.
But globally yeah, it's cheaper and less a hassle to make an android app i'd say. ..then again, i have an allergy to apples, and this is an android forum after all
Click to expand...
Click to collapse
Hehe, I agree on that Robert.
ten chars!!!
You can also spend many months developing an iPhone app, only to have it rejected by Apple for no good reason. That's quite expensive.
It is, however, unescapable that there are a lot of iOS users who buy a lot of apps from the App Store, so the potential ROI is higher. There's also only a few platforms to develop for (although this is becoming increasingly less the case).
Would like for Android to have more focus though; it's getting there!
(The diminutive term "app" does irk me slightly - Apple have popularised it in relation to phones when they convinced everyone that the iPhone was the first phone to support third-party software. Guess it's stuck now though.)
then why are Android apps more expensive??
Android apps aren't more expensive. They have by far the largest proportion of free apps on any mobile platform and even those that do cost are comparatively cheap.
Android will probably be easier and cheaper to develop for..the only concern people have with Android is fragmentation...aka when developing you gotta decide which versions and up to develop for and choose the appropriate functions for the documentation. Of course in the end all the old devices will upgrade eventually and be compatible anyways..
My hope is though Apple lets 3rd party development tools back in...cause that way you can use Adobe AIR and make an App for both Android and iPhone at the same time....How I wish for cross platform app development...but Apple will fight it till the and cause if they don't they will loose one of their biggest advantages...
In my opinion Android is just now getting to the average joe especially in the United States. Older people are even trying the droid line of devices since there are so many to choose from now on all carriers (vs 1 iphone on AT&T forever just revised of course) So yeah, even people here in hicksville, MO USA are even trying it out go figure. If everyone hasn't heard of HTC or Android, they're definitely being introduced to it now through the Galaxy S series since it's on almost all carriers and has some snazzy media buzz.
With all these new cells and tablets coming out I give it a mere 2-3years and everyone will know our lil green droid dude globally, and use it on multiple devices around the house. Just my theory. I'm sure the Marketplace will grow 10/fold in that time, peace!
I guess there are a few things to keep in mind:
Politics:
1) Apple tries to regulate what is permitted to be installed on their phones. They don't provide any real guidelines, nor do they tell you in advance if your application will be accepted. You'll only discover after submitting your app that it isn't permitted. So they waste your time, and numerous high end projects have developed their application only to discover Apple blocks them because "they are duplicating functionality" *cough competing*. Yes, lots of money has been lost.
2) Apple is Non-Disclosure Agreement overload. Send an email to apple and it always says "this information is confidential". Basically, Apple's agreement is so bad (unless it's changed recently) that they can cancel the account/sue you any time they wish. That increases your risk further.
3) iPhone's can be jail-broken to install 3rd party apps, but many people wont. Even if the Google store wont accept your app, they can manually install it, or you can use another store... Without jailbreaking.
4) Many developers often complain of long delays getting their apps approved, and when removed from the store by Apple, they have to flood Apple with emails for reason's why. On android, you don't even need to use the App store, in fact, Android has the benefit of allowing paid apps to be sold in countries with export restrictions (because they can sell it via other means).
5) Piracy is possibly more rife on Android, however, Google are apparently implementing an API which allows apps to check if they were purchased for that phone, which should strongly reduce piracy once available (because it means that dodgy stores will need to actually crack the programs). Once this is implemented, hopefully it will stop the jackass spammers from selling pirated stuff.
Development Process:
1) iPhones use objective C, Android uses Dalvik. Dalvik is VERY similar to java, one simply needs to learn the differences. Objective C is also quite easy to learn though, but it probably takes more experience to do well (because c++ doesn't have the idea of selectors). If you try creating apps on the iPhones without using objective C originally though, your app might be removed. On android, frankly, Google doesn't give a damn provided, it works.
2) Big win for Android here, the Android SDK works on Linux,Windows AND OSX. It integrates with eclipse which already has a large user-base. Whereas, you need to buy a mac for code for the iPhone, and the SDK is OSX only.
3) That being said, you can make a cross-platform webapp that can be sold for both, but the user needs to be online.
4) Objective C is compiled code, whilst Java is bytecode. Bytecode can run as fast as compiled (with some initial overhead). Native sounds great, but if Apple ever does a processor change for their phones, it might be a world of hurt. If massively-multicore mobile processors are released, Android is probably better suited. That being said, by then, you'll probably need to fix some things in your app anyway because of API changes.
Actual sales:
1) Apparently in the past, you would have sold more in the Apple market. However, in the past, Android mobiles were actually quite rare because Android stunk. Froyo is probably the first Android OS that can compete against iOS effectively because it now supports JIT. There is also a much greater emphasis on Android these days in advertising, and I see more Android advertising than iPhone. Possibly inaccurate predictions suggest they will overtake the iPhone in 2012 too.
2) Sales figures don't represent profit though (so whilst iOS may generate more still, it's less than Apple claims). A google market account costs $25, whereas an Apple iPhone development account costs $99. Furthermore, you need Apple equipment to code for the Apple market (which can be significantly more expensive than PC's), and there is no estimates done to determine profits lost by being rejected from the Apple app store (there have been major projects which cost thousands to develop which have been rejected). So greater overheads on the Apple store, which means for cheap/quick apps, you are probably safer developing for Android (especially if you don't already own a mac).
My opinion:
For me, developing major apps is too high risk for iPhones. Although, if your app is approved, there are potentially bigger payoffs than Android. For small apps which don't have a predictable further, you may earn more on Android because of lower overheads. If you app is rejected for iPhone though for competing, you wasted weeks/months of your life, and need to use a 3rd party store (since only hacked phones can use them though, you dramatically decrease your sales instantly).
Anyway, my thoughts are that by the end of the year, everyone will know what Android is, and you may start to see manufacturers getting together to launch MAJOR campaigns to promote Android, especially since they now all have a common enemy (Apple basically took a cheapshot at other major manufacturers to justify their design flaw). Apple is only a small guy when it comes to manufacturing phones, and so it's as though they threw a few tiny pebbles at a team of football players to show off. Of course, some of those football players have already started retaliating, and it just depends on how annoyed they got.
Personally, I think iPhone would be great if they didn't do the "anti-competitive" thing they always do, but as it stands, I am now doing my Oracle/Sun SCJP, and hope to get into Android coding soon. If Apple starts acting less evil though, I will take another look in their direction, but they are mistreating the users they need the most, the developers. It's a pity, because Apple really has potential.
Source: I haven't sold any apps on either market yet, but I have mostly decided on developing for Android.
Developing new iPhone app looking for developer
I have a cool iPhone app idea it's a very simple game that I could like to create I am looking for a developer in the Los angeles area I am new here so please if your interested or can redirect me to the right person I would appreciate it thank you...email me with any info
As Nokia's Stephen Elop puts it:
"The premise of a true open software platform may be where Android started, but it's not where Android is going."
http://www.engadget.com/2011/03/31/google-tightening-control-of-android-insisting-licensees-abide/
http://www.slashgear.com/google-put...ontracts-standardized-arm-chips-more-31143565
First the delay of HC, now I wonder if AOSP will ever see the light of day
All good intentions start with good intentions.
The future of Android, therefore, looks to be a little less open and a little more Googlish -- for better or worse.
Click to expand...
Click to collapse
Minor typo I think -- that should read "a little less open and a lot more Appleish".
RMS is really the Cassandra of our age.
I haven't checked -- are there valid Android forks? It's apparently mostly Apache licensed, which explains why Google (and Motorola) can withhold the source code at will even though they're shipping binaries.
Edit: Still, we're only in the rumor, FUD, and whining stage regarding what happens with Honeycomb.
jbcollins said:
All good intentions start with good intentions.
Click to expand...
Click to collapse
Or rather... "The path to hell is paved with good intentions."
This is something that just occured to me. Microsoft always comes out with dates for big events and after a few days you also hear Google planning an event on that same day; time and location may vary though. For example; Google released the soo called Motorola Droids the same day Microsoft talked about Windows Phone 8...I think a couple of months ago. Now Microsoft has planned Windows Phone 8 launch on October 29th and as you all know from last week, Google has also planned to release the next Nexus on that same day....Now is this a coincidence or Foul play??
Foul play in a sense to divide the number of techies who will attend these events....as you know these two giant companies don't go along very well (Google being too stingy with Microsoft and even refusing to release offical apps for Windows Phone.....and what pains me a lot is Microsoft always taking care of them by releasing beautiful apps and better servicies to Android)....but this is a different discussion alltogether.
What do you think??
Google hates everything there is to be about ms, cause ms is their prime competitor:
1) Bing -> this search engine is pretty powerful and offers results as good as Google's. A shame it doesn't come in all languages. Google tried several time to discredit bing,
2)Chroome OS-> this is Google's attempt at removing windows from its monopole position over OS. Of course, it failed dramatically.
3) Windows Phone -> Of course Google finds it a threat, a pretty big one. After Samsung lost the battle with apple, Google is kinda scared that their biggest client, Samsung, might go around and make more WP instead. There is also the nostalgic popularity of Nokia, which did come back in play with the Lumia line.
So google does try to minimize the impact of Microsoft over its domains as much as possible. However, from a consumer's point of view, having at least two players that are actually in conflict (Apple vs google does not count, apple does not care about google),is a good thing, so I hope MS will succeed.
These were exactly my thoughts and I think it's clear enough to be known by everyone in the tech industry.
mcosmin222 said:
3) Windows Phone -> Of course Google finds it a threat, a pretty big one. After Samsung lost the battle with apple, Google is kinda scared that their biggest client, Samsung, might go around and make more WP instead. There is also the nostalgic popularity of Nokia, which did come back in play with the Lumia line.
So google does try to minimize the impact of Microsoft over its domains as much as possible. However, from a consumer's point of view, having at least two players that are actually in conflict (Apple vs google does not count, apple does not care about google),is a good thing, so I hope MS will succeed.
Click to expand...
Click to collapse
Actually I don't think google finds WP as a threat... Android has a bigger share of the mobile market whereas iOS is slowly losing the pace...all in all while WP is eating on BlackBerry and symbian...
Taurenking said:
Actually I don't think google finds WP as a threat... Android has a bigger share of the mobile market whereas iOS is slowly losing the pace...all in all while WP is eating on BlackBerry and symbian...
Click to expand...
Click to collapse
....yeah and maybe when WP eats BB and Symbian, they'll grow and attack them. I don;t think Google is looking at the race now but in five years time....where most giants are going to fall since they'll have nothing more to offer. Lets just hope all goes well.
This is a fairly standard industry practice and they all do it to each other whenever possible. No point in singling out any one of them.
Moved to Q&A as this is a question thread.
Thank you,
mf2112
XDA Moderator
The bitterness is only set to grow as MS has just named google in its case against Motorola. Google is running out of friends as they leave there oems open to attack and steal tech without the ability to defend there moves. Google is a vile company Android is a great OS its my second love to WP like a second child but Google over all makes companies like Fox, BP, British Gas etc look like saints
mf2112 said:
This is a fairly standard industry practice and they all do it to each other whenever possible. No point in singling out any one of them.
Moved to Q&A as this is a question thread.
Thank you,
mf2112
XDA Moderator
Click to expand...
Click to collapse
Thanks for the correction mf2112.
Come to think of it, if this a fairly standard industry practice and Company giants all doing whatever (Gorilla warfare) to each other whenever possible, why is Microsoft always kind and releasing apps for them whilst they have never released anything for WP since it came out 2 years ago? Microsoft even planning on releasing Office for Android and iOS in 2013. Is Microsoft afraid? or trying to be a Mother? I understand when it comes to the market size and all about Benjamins, but it should be tit for tat. Microsoft should stop offering them good services if they are not doing same for us.....maybe I'm missing something and you can make me understand.
One will say WP market size is soo tiny that Google refuses to release anything for them...some sort of market demand should be in play...BUT, if you are a big company like Google and really want your services to be popular and widespread (Google+ challenging Facebook), will you think about Market share of a competitor before releasing an app for it? Does Facebook think about market share of a mobile OS before releasing it's app? They just release it no matter what because they want it to be used and popular...more benjamins
Google should just understand that, not all consumers will love their mobile OS but at least one consumer will use at least one of their services. (I for one use Google scholar, Gogle+, Google Drive as a backup to my Skydrive and Google maps A LOT) Why shouldn't I have an app for any of these Google services? Because my beloved WP OS is a competitor with a tiny market share and there's no demand? Why should Google punish me if I'm not using Android OS? and why should they force me to use it? SMH
Kenzibit said:
Thanks for the correction mf2112.
Come to think of it, if this a fairly standard industry practice and Company giants all doing whatever (Gorilla warfare) to each other whenever possible, why is Microsoft always kind and releasing apps for them whilst they have never released anything for WP since it came out 2 years ago? Microsoft even planning on releasing Office for Android and iOS in 2013. Is Microsoft afraid? or trying to be a Mother? I understand when it comes to the market size and all about Benjamins, but it should be tit for tat. Microsoft should stop offering them good services if they are not doing same for us.....maybe I'm missing something and you can make me understand.
One will say WP market size is soo tiny that Google refuses to release anything for them...some sort of market demand should be in play...BUT, if you are a big company like Google and really want your services to be popular and widespread (Google+ challenging Facebook), will you think about Market share of a competitor before releasing an app for it? Does Facebook think about market share of a mobile OS before releasing it's app? They just release it no matter what because they want it to be used and popular...more benjamins
Google should just understand that, not all consumers will love their mobile OS but at least one consumer will use at least one of their services. (I for one use Google scholar, Gogle+, Google Drive as a backup to my Skydrive and Google maps A LOT) Why shouldn't I have an app for any of these Google services? Because my beloved WP OS is a competitor with a tiny market share and there's no demand? Why should Google punish me if I'm not using Android OS? and why should they force me to use it? SMH
Click to expand...
Click to collapse
Well, having worked at Microsoft twice and for Microsoft partner companies previously and currently, I would hesitate at describing Microsoft's business practices as "kind".
It is not that Google doesn't want to offer services to Windows Phone users, it is that they want to do so on their terms. Microsoft would prefer to dictate the terms in such an engagement. Apple dictates the terms for iOS devs and how the apps get distributed in the app store. Oracle tries to control their environment. All companies do this as much as they can, so nothing out of the ordinary there.
Google also has a limited number of developers available to spend on projects and they want those developers to spend their time on the things that are going to be most beneficial (profitable) to Google in the end. All companies have business strategies and different behaviors but in general the profit motive is the driving factor. This is true for Microsoft as well.
Many people use Google's services. It actually is a pretty big thing for many people to at least have them available and by not having them available for WP they can in fact impact the growth of the Windows Phone platform (YouTube being a great example there). So unless Microsoft gains enough Marketshare to make it problematic for Google to leave them out I guess this situation will continue.
Concerning how Microsoft deals with Android and iOS the situation is different. Those two OSes basically own the market. Unless Microsoft wants those users to go with alternative Software they have to have there core applications available there. This means that Bing, SkyDrive, Xbox Live and Office have to be available there. For other Apps they go with the iPhone partly because it was not yet viable to do on the Windows Phone platform (e.g. PhotoSynth) but you will notice that Android is quite often left out or only done quite some time later.
I actually don't see the benefit of hosting those events on days when Microsoft is releasing Windows Phones. The Lumias arguably had more publicity then the lackluster Razr series that left journalists rather disappointed. Also the new Nexus 4 seems to bring little new stuff to the table. If they were to launch a really new version of Android like during I/O or if Apple launched the iPad mini on the same day they actually might hurt Microsoft but with stuff like this they rather risk being second page news themselves.
But we will see what they are bringing to the table this time around.
Kenzibit said:
This is something that just occured to me. Microsoft always comes out with dates for big events and after a few days you also hear Google planning an event on that same day; time and location may vary though. For example; Google released the soo called Motorola Droids the same day Microsoft talked about Windows Phone 8...I think a couple of months ago. Now Microsoft has planned Windows Phone 8 launch on October 29th and as you all know from last week, Google has also planned to release the next Nexus on that same day....Now is this a coincidence or Foul play??
Foul play in a sense to divide the number of techies who will attend these events....as you know these two giant companies don't go along very well (Google being too stingy with Microsoft and even refusing to release offical apps for Windows Phone.....and what pains me a lot is Microsoft always taking care of them by releasing beautiful apps and better servicies to Android)....but this is a different discussion alltogether.
What do you think??
Click to expand...
Click to collapse
The Galaxy Nexus was unveiled by Google on October 19, 2011.
So ,I think this year just the same.
mcosmin222 said:
1) Bing -> this search engine is pretty powerful and offers results as good as Google's. A shame it doesn't come in all languages. Google tried several time to discredit bing,
Click to expand...
Click to collapse
They've tried to point out before that Bing is ripping off Google search results and they have some very compelling evidence that this is the case:
http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914
http://googleblog.blogspot.com.au/2011/02/microsofts-bing-uses-google-search.html
I thought this was pretty much accepted as common knowledge now... unless you have another explanation as to how Bing returned the same results as Google after the Google experiment?
SlCKB0Y said:
They've tried to point out before that Bing is ripping off Google search results and they have some very compelling evidence that this is the case:
http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914
http://googleblog.blogspot.com.au/2011/02/microsofts-bing-uses-google-search.html
I thought this was pretty much accepted as common knowledge now... unless you have another explanation as to how Bing returned the same results as Google after the Google experiment?
Click to expand...
Click to collapse
As if google doesn't use all kind of software to see what you are looking for on the web with other search engines.
It is just that they never did something against any other engine because Bing is the only real threat.
I agree
Sent from my HTC HD7 using Board Express
mcosmin222 said:
As if google doesn't use all kind of software to see what you are looking for on the web with other search engines.
It is just that they never did something against any other engine because Bing is the only real threat.
Click to expand...
Click to collapse
That's a diffferent tangent from what youj quoted. Using other engines search results is weak. Seeing what other engines come up with is smart.
Since you said bing is a threat, how is that so ?
Aside from that the Bing Bar looks at all Search-Input fields and reports what search parameters made people end up at certain sites. Therefore if you enter "HTC Titan" in the Search-Box of the XDA-Developers Forum Bing will take that one up too and report back which topic of the presented list you then chose (given that if you search for something and then select a certain result it is highly likely that you thought it was relevant in the context of your search).
It is one of many signals Bing relies on in it's rankings. But given that the search term only appeared in the tests of Google's team it was the only hint available for the search. This still is not copying of Google's search results at large.
The search engine discussion is somewhat offtopic here - don't you think?
absorootly!
I would like to bring to the attention of the community, and seek your help with respect to, Australian online reseller Kogan, who I recently discovered are knowingly and intentionally infringing on the copyrights of many by copying and commercially distributing GPL'd software on a variety of Android devices and refusing to comply with their licenses, by not providing the source-code to product owners. The software in question includes both the Linux kernel and U-Boot, but most likely other software too.
I have of course contacted Kogan support and was responded to by a staff member; who I believe is their job to illegally dismiss and mislead customers who make legitimate legal requests for GPL'd source-code and the such. I have thus far endured a lengthy exchange from August 24th, 2013, up until my most recent message to Kogan support member Arun, on October 21st, 2013. I suspect it is Arun's job to dismiss GPL requests and the such because during this two month period, a friend of mine also purchased a different Kogan branded Android product and subsequently requested the source code; only to receive near identical responses from none other than Arun.
Devices that we (myself and my friend) personally bought from Kogan and have requested (and have been denied) source-code for include:
Dual-core Kogan Agora Smartphone - http://www.kogan.com/au/buy/agora-50-dual-core-smartphone/
Entering the exciting world of Android handsets has never been easier or more affordable than right now with Kogan’s Agora Smartphone.
Click to expand...
Click to collapse
42" Agora Smart 3D LED TV (Full HD) - http://www.kogan.com/au/buy/42-agora-smart-3d-led-tv-full-hd/
Packed full of features and running the powerful Android 4.2 (Jelly Bean), you will soon be accessing the newest video content, browsing the internet, checking your Facebook, posting to Twitter, managing your emails and making use of the rapidly expanding range of Android apps and games, all of which are easily accessible via the Google Play store.
Click to expand...
Click to collapse
47" Agora Smart 3D LED TV (Full HD) - http://www.kogan.com/au/buy/42-agora-smart-3d-led-tv-full-hd/
Packed full of features and running the powerful Android 4.2 (Jelly Bean), you will soon be accessing the newest video content, browsing the internet, checking your Facebook, posting to Twitter, managing your emails and making use of the rapidly expanding range of Android apps and games, all of which are easily accessible via the Google Play store.
Click to expand...
Click to collapse
I believe the following are also a list of infringing devices:
Agora HD Smartphone - http://www.kogan.com/au/buy/agora-50-quad-core-smartphone/
Packed with a powerful 1.2GHz Quad Core processor, a dazzling 1280×720 IPS screen, high quality 8MP rear camera and running Android 4.2.2 (Jelly Bean), this smartphone is unbelievable value!
Click to expand...
Click to collapse
32" Agora Smart LED TV (HD) - http://www.kogan.com/au/buy/32-agora-dual-core-smart-led-tv/
Featuring High Definition 720p for HD Broadcasts and HDMI devices, while supporting crystal clear HD 720p playback via built-in Agora Smart TV.
Using Android 4.2 (Jelly Bean) you can access video content, browse the internet, check up on your friends via Facebook, keep up to date on Twitter, manage your emails, watch the latest trending videos on YouTube and make use of an ever expanding variety of Android apps and games, which are all easily accessible via the Google Play store.
Click to expand...
Click to collapse
55" Agora Smart 3D LED TV (Full HD) - http://www.kogan.com/au/buy/55-agora-smart-3d-led-tv-full-hd/
Packed full of features and running the powerful Android 4.2 (Jelly Bean), you will soon be accessing the newest video content, browsing the internet, checking your Facebook, posting to Twitter, managing your emails and making use of the rapidly expanding range of Android apps and games, all of which are easily accessible via the Google Play store.
Click to expand...
Click to collapse
Agora Smart TV Quad Core HDMI Dongle - http://www.kogan.com/au/buy/agora-smart-tv-quad-core-hdmi-dongle/
There is always something great on TV with the Agora Smart TV HDMI Dongle.
Plug it into the back of the television, complete the 3-step set-up and be greeted by a menu that will revolutionize how you spend your time on the couch.
Android Operating System delivers never-ending possibilities.
Click to expand...
Click to collapse
Agora Mini 8" Dual Core Tablet (8GB) - http://www.kogan.com/au/buy/agora-mini-8-dual-core-tablet-8gb/
The Kogan Agora Mini 8” Dual Core Tablet PC is perfect for anyone who wants to experience Android on a bright and responsive multi-touch screen with illuminated soft-keys, while maintaining the portability thousands of happy customers have loved in the Kogan Agora Tablet Series.
Click to expand...
Click to collapse
Agora Mini 8" Dual Core Tablet (16GB) - http://www.kogan.com/au/buy/agora-mini-8-dual-core-tablet-16gb/
The Kogan Agora Mini 8” Dual Core Tablet PC is perfect for anyone who wants to experience Android on a bright and responsive multi-touch screen with illuminated soft-keys, while maintaining the portability thousands of happy customers have loved in the Kogan Agora Tablet Series.
Click to expand...
Click to collapse
Agora 10" Dual Core Tablet (8GB) - http://www.kogan.com/au/buy/agora-10-dual-core-tablet-8gb/
The Kogan Agora 10” Dual Core Tablet PC is perfect for anyone who wants to experience Android on a large, bright, and responsive multi-touch screen with illuminated soft-keys, while maintaining the portability thousands of happy customers have loved in the Kogan Agora Tablet Series.
Click to expand...
Click to collapse
Agora 10" Dual Core Tablet (16GB) - http://www.kogan.com/au/buy/agora-10-dual-core-tablet-16gb/
The Kogan Agora 10” Dual Core Tablet PC is perfect for anyone who wants to experience Android on a large, bright, and responsive multi-touch screen with illuminated soft-keys, while maintaining the portability thousands of happy customers have loved in the Kogan Agora Tablet Series.
Click to expand...
Click to collapse
Yes, that's a lot of infringing devices! These are only the Android-running devices. I suspect their other TVs, their routers, and perhaps other embedded devices are also running Linux and other GPL'd software.
I am seeking the community's help in rectifying this situation. Kogan must provide the source-code to owners' of the above products upon the owner's request. In fact they must (and are definitely not in all cases), distribute the GPL license with these products along with a written offer provide (or instructions to obtain) the source-code for the GPL'd software running on these devices. As such, I would like every one of you to blog, video blog, write about, yell about, or otherwise make publicly known, that Kogan are knowingly and intentionally violating these licenses.
If by the off chance you are a contributor to the mainline Linux kernel, you can also send Kogan a legal complaint that they are infringing on your copyright. If you are a Linux contributor and willing to help, please do not hesitate to contact me.
If you are the owner of one of the products mentioned above, please contact Kogan support and request the source-code for the device(s) you own. Feel free to include in your contact messages the GPLv2 license (as it pertains to the Linux kernel).
Exchange with Kogan
Below are a few excerpts of my lengthy exchange with Kogan support staff member, Arun. Please excuse the typos, when I get frustrated and offended (yes as developer I find this offensive) I find it very difficult to write!
Myself said:
Hi Arun,
Sorry, I'd did try to be explicit in my request, but it does look as though you may have misinterpreted me.
I am after the source code for any open source software that runs on the the Kogan Agora 47 (and the Kogan Agora Smartphone as well actually) specifically as these are both products I've purchased from Kogan. What you've linked to is the source-code for the Android Open Source Project (AOSP) which is used as a basis for Android manufacturers. On it's own AOSP will not run on third-party devices. Every device is unique and has its own modifications to Android. Some of this software is licensed under the GPL[1] of which manufacturers (and resellers) are legally required to make available to owners of devices running the software.
I don't know precisely what GPL (or LGPL) licensed software runs on my Android TV (KALED473DSMTZA) and my Android phone (KHPHN05ANDA) because the licenses weren't included with the devices (which is actually a violation of the licenses). However, I do know that at minimum they both run a modified version of the Linux kernel, which is a core component of Android and licensed under GPL. I'd be inclined to think that the bootloaders running on the device are also derivatives of GPL licensed source code. I haven't bothered investigating on my own because I would have assumed you at Kogan already has access to this information and would be able to provide it to me.
As such I'm requesting the source code and a list of open-source software that run on the following devices that I own and operate:
- KALED473DSMTZA: 47 inch Android Smart TV
- KHPHN05ANDA: 5 inch Android Dual-Sim Smartphone
I do understand that any potential GPL (or other open source license) violations may be accidental on Kogan's behalf. I do also understand that Kogan works with Chinese manufacturers to provide these products and may need to chase this up with individual manufacturers. However, if this is going to take some time I would appreciate it if you could provide me with regular updates so that I can ensure that you're trying to address this. Otherwise I will need to report any violations of licenses to their respective copyright holders (and GPL Violations[2]) whom, hopefully it wouldn't come to this, may need follow up with legal action.
Thanks,
Benjamin Dobell
[1] GPL - http://www.gnu.org/licenses/gpl.htmlhttp://www.gnu.org/licenses/gpl.html
[2] GPL Violations - http://gpl-violations.org/http://gpl-violations.org/
Click to expand...
Click to collapse
Arun claims:
Arun said:
We have thoroughly investigated this issue of GPL.
Now as we understand we have not made any changes to the Kernel source code.
Thus we are not required to publish or share anything and are fully complaint to GPL.
We have added the interface on top and are covered by Android licensing which is licensed under Apache 2.0.
http://www.apache.org/licenses/LICENSE-2.0.html
We don't need to give source code for the product, as we are entitled to modify Android base system and not release those changes to customers.
Android source is 100% available for everyone to download from Google.
Click to expand...
Click to collapse
Arun said:
I have already explained, the Kernel is not changed and it is available for you to download online.
Drivers have been added to support the hardware and we have built an interface that goes over the top of Android, just a skin/theme.
We are not required to publish or share this information.
We are not violating any license agreement and not intending to do so.
Click to expand...
Click to collapse
This is despite the fact that I had explicitly pointed out, and explained, the exact relevant portions of the GPLv2. The GPLv2 makes it very clear that the exact source code for each software release distributed to customers/consumers must be made available, which is entirely irrespective of whether the source-code is actually modified. This is because simply stating an embedded device runs Linux kernel is entirely ambiguous/useless; as there are plethora of versions, variants and even forks that one could be referring to. GPL violations FAQ (http://gpl-violations.org/faq/sourcecode-faq.html) summarise this requirement nicely:
What version of the source code do I have to release?
For each and every version of the executable program, you have to release the precisely corresponding version of the complete corresponding source code.
So if you have distributed ten different versions of firmware for an embedded product, and this firmware contains GPL licensed software, then you need to release ten different source code packages, each one corresponding for each executable version.
Please note that if you chose GPL Option 3b (rather than 3a), then the obligation only lasts for three years. This means that you do not have to provide source code for any executable code that was last distributed more than three years ago.
Please also keep in mind that both distribution on physical storage medium and distribution via data networks such as the Internet count as distribution.
Click to expand...
Click to collapse
Of course, the "unmodified Linux kernel" argument, despite being entirely wrong, is also a complete and utter lie on Kogan's behalf. The mainline Linux Git repository most certainly does not include the necessary source-code and install scripts to build and install a version of the Linux kernel that would run on any of Kogan's Android devices.
NOTE: Arun is completely correct with respect to any modifications to the Apache 2.0 licensed components of Android; Kogan are under no obligation to release them. Which is why at no stage did I ask for the source-code to this software. This is simply Kogan intentionally trying to confuse matters in order to avoid their obligations.
Kogan seems to be a smaller player, but on Android Platform, there are bigger players who are violating the GPL intentionally.
Micromax, Karbonn and Celkon are 3 brands which manufacture budget phones in India. Micromax is a very popular brand and it is currently the top selling phone company in India provided they sell phones at very cheap prices encouraging everyone to purchase them. The market is huge and Micromax would no more translate to a Local brand. The phones are being reviewed on Gsmarena and Youtube too making them more and more popular.
http://www.gsmarena.com/results.php3?sQuickSearch=yes&sName=micromax
Micromax was making budget phones in India based on Chinese OS earlier. Most of their phones were rebranded Chinese phones and few of them still are. They made a move to Android, cutting down the Software Development cost for obvious reasons and reducing the price of the device. There have been numerous petitions and requests for source releases but none have been paid off so far. We all know that most of the Android AOSP code is not released, but all the major players atleast release the kernel sources, which is not the case for these brands. I have contacted them numerous times, but they have blindly refused to do anything about it stating that GPL doesn't exists and is not enforced in India.
Myself being a Recognized Developer and Contributer from India, I have been receiving a lot of PMs from other forum members asking me if there is a way to use the generic kernel source code and port it to the device, which I regard would be a lot painful and definitely not worth the effort.
Most manufacturers only know how to sell their phones, but they give a damn about the Software crime that they are committing. I haven't contributed to mainstream kernel myself and I could imagine how frustrated could one be when their intellectual property is shamelessly stolen.
dhiru1602 said:
Kogan seems to be a smaller player, but on Android Platform, there are bigger players who are violating the GPL intentionally.
Micromax, Karbonn and Celkon are 3 brands which manufacture budget phones in India. Micromax is a very popular brand and it is currently the top selling phone company in India provided they sell phones at very cheap prices encouraging everyone to purchase them. The market is huge and Micromax would no more translate to a Local brand. The phones are being reviewed on Gsmarena and Youtube too making them more and more popular.
http://www.gsmarena.com/results.php3?sQuickSearch=yes&sName=micromax
Micromax was making budget phones in India based on Chinese OS earlier. Most of their phones were rebranded Chinese phones and few of them still are. They made a move to Android, cutting down the Software Development cost for obvious reasons and reducing the price of the device. There have been numerous petitions and requests for source releases but none have been paid off so far. We all know that most of the Android AOSP code is not released, but all the major players atleast release the kernel sources, which is not the case for these brands. I have contacted them numerous times, but they have blindly refused to do anything about it stating that GPL doesn't exists and is not enforced in India.
Myself being a Recognized Developer and Contributer from India, I have been receiving a lot of PMs from other forum members asking me if there is a way to use the generic kernel source code and port it to the device, which I regard would be a lot painful and definitely not worth the effort.
Most manufacturers only know how to sell their phones, but they give a damn about the Software crime that they are committing. I haven't contributed to mainstream kernel myself and I could imagine how frustrated could one be when their intellectual property is shamelessly stolen.
Click to expand...
Click to collapse
Yea Micromax definitely refuses to comply with the GPL. I've only dealt with a couple of Micromax devices on request from users to build CWMR for them and then asked to build CM* for them and various other mods. Which w/o kernel src, it makes things alot more difficult, if not impossible. I just ended up declining to work on the devices.
Huawei and ZTE dont fully comply with the GPL on all their devices either. They like to only release src for a few devices and we dont want to get into their awful coding. lol
PlayfulGod said:
Yea Micromax definitely refuses to comply with the GPL. I've only dealt with a couple of Micromax devices on request from users to build CWMR for them and then asked to build CM* for them and various other mods. Which w/o kernel src, it makes things alot more difficult, if not impossible. I just ended up declining to work on the devices.
Huawei and ZTE dont fully comply with the GPL on all their devices either. They like to only release src for a few devices and we dont want to get into their awful coding. lol
Click to expand...
Click to collapse
It is unfortunate but also true that they are all doing it. For instance, Vizio gave me answers, regarding the Co-Star, that are almost verbatim what OP got from Kogan: "no they are not obligated to release anything; if I want to see their kernel I can ask Google for the GTV source code, etc."
cyansmoker said:
It is unfortunate but also true that they are all doing it. For instance, Vizio gave me answers, regarding the Co-Star, that are almost verbatim what OP got from Kogan: "no they are not obligated to release anything; if I want to see their kernel I can ask Google for the GTV source code, etc."
Click to expand...
Click to collapse
Dont know to take their answers as just being defiant or ignorant. lol
How do they think they are except from complying to the GPL for using/modifying the kernel src in which we all know they have to do to get it to work with their devices. lol
My vote is ignorance on behalf of the human relations depts, which dont have a clue wtf they are even talking about.
@Benjamin Dobell
How is progress going? I just saw this in an article on ausdroid
As utterly ridiculous this is, being a supposedly 100% google kernel (which it 100% can't be to run on this hardware etc) and how you are correct, there are big violators out there and frankly the "GPL" is nothing. It is kind of like threatening someone with no intent of hurting them: GPL are not going to do much. When HTC release broken kernel sources, 80 days after official OTA is out (when the new base is already out) people are just happy they release it. And while HTC, Samsung, Sony etc are legally supposed to provide kernel source, the main reason imo they release is to keep this xda/hacking community happy. If HTC didn't release kernel sources anymore, most of the community would leave the HTC devices, and buy a samsung or something. It might even make the news, so HTC would get bad publicity.
What does Kogan care, they are selling very small volumes of these phones compared with the big guns, and there are even less people interested in the sources. While I agree that you are correct and Kogan need to release source, not much can be done
Just my 2 cents
Good catch on the Kogan issue, but it will be hard to make a difference by going it alone. Best if you can get friendly with some journalists, perhaps the APC Mag guys or whatever to build up some buzz. Once you have someone interested you can fan the flames from there, to get the word out. You'll probably be surprised what they are willing to run on a slow news day As an idea, if you look at a number of the Kogan stories running in the news recently you might also find some interested journos.
BTW, I suspect Kogan could fix this quite easily by requesting that their Chinese suppliers also supply the kernel source along with the hardware/software deliverables. Might be hard to do that retrospectively but they should do that for all future devices.
Post this on the gpl-violations mailing list.
http://lists.gpl-violations.org/mailman/listinfo/legal/
It wouldn't be the first Android violator they've dealt with this year.
Kogan and the GPL http://ausdroid.net/2013/11/04/kogan-and-the-gpl/?utm_source=ausdroidnetapp
Kogan have been emailed twice re this but haven't responded at all. Hopefully this Might make them get their butts into gear.
Sent from my Nexus 7 using Tapatalk 4
LLStarks said:
Post this on the gpl-violations mailing list.
http://lists.gpl-violations.org/mailman/listinfo/legal/
It wouldn't be the first Android violator they've dealt with this year.
Click to expand...
Click to collapse
Just out of interest how many times has a violator been dealt with?
MontAlbert said:
Kogan and the GPL http://ausdroid.net/2013/11/04/kogan-and-the-gpl/?utm_source=ausdroidnetapp
Kogan have been emailed twice re this but haven't responded at all. Hopefully this Might make them get their butts into gear.
Sent from my Nexus 7 using Tapatalk 4
Click to expand...
Click to collapse
If it makes it to sites other than ausdroid and portrays Kogan in a bad light... yeah I do see it evoking change. To get rid of their bad image if they want to keep selling phones
Most violators tend to comply when confronted by GPL organizations like the Software Freedom Conservancy and Free Software Foundation. Samsung partnered with the SFC recently to peacefully come into compliance over their exfat implementation which used a lot of GPL-licensed Linux filesystem code. Going to court is very rare.
And yes, most of these violations are discussed in the mailing list by people responsible for enforcement. Armijn Hemel and Brad Kuhn of the SFC especially.
I'd be willing to bet that Kogan is also using a GPL-licensed Busybox along with their Linux kernel.
LLStarks said:
Most violators tend to comply when confronted by GPL organizations like the Software Freedom Conservancy and Free Software Foundation. Samsung partnered with the SFC recently to peacefully come into compliance over their exfat implementation which used a lot of GPL-licensed Linux filesystem code. Going to court is very rare.
And yes, most of these violations are discussed in the mailing list by people responsible for enforcement. Armijn Hemel and Brad Kuhn of the SFC especially.
I'd be willing to bet that Kogan is also using a GPL-licensed Busybox along with their Linux kernel.
Click to expand...
Click to collapse
I am wondering now, does Kogan even make their phones or is it another company that Kogan pays and puts their name on it? In that case, kogan representatives would have no clue at all
I guess the exfat thing worked, hopefully Kogan will be compliant
Doesn't really matter. Kogan is distributing binaries that contain GPL code. If there's a contracted hardware/software manufacturer involved they're also responsible but Kogan still has to do a lot on their end. They must be having one of those "what the hell are we even doing moments" since they control so little of the process behind their business model.
If Kogan is just putting their name on it, they have to ask that manufacturer (which I assume is foreign) to provide the source for the software involved. Out of matters of sheer practicality and perceived language barriers, Kogan would then share these sources with the English-speaking world. The manufacturer could do this themselves, but whatever.
Quick update for those interested.
Re: http://www.zdnet.com/kogan-to-comply-with-gpl-requirements-for-android-source-7000022847/
1. Kogan have not contacted me at all to indicate that they intend to resolve their GPL infringement.
2. Kogan claimed they have only had one request for source code; this is completely false. As I mentioned in my original post, at least both myself and my friend have requested the source code for various devices. Since then I have also been contacted by a few others that requested the source code also.
3. Kogan claimed that I was requesting source-code for a brand new phone. Which they seem to be using as an excuse for why the source is not yet available. This is completely false, I actually requested the source-code for Dual-Core Kogan Agora phone. Which is the previous generation of Kogan Agora (compared to the Quad core model) and has been available for almost 12 months. In addition to this, I also requested the source-code for a Kogan Agora TV. This particular model of Android TV has only been available for around 3-4 months, I believe. However, other Kogan Android TVs have been available for around 6 months.
Re: Sending Kogan a notice of copyright infringement; still working on getting that sorted.
any update on this?
Hey Ben, have you heard any further from Kogan? I'm keen to get my hands on the gpl stuff for my 55" Agora (nee. Konka ) SmartTV but there seems to have been no movement besides an attempt by Kogan to quell any negative publicity over 6 weeks ago... despite them having shipped modified firmware on TVs that hit the country mid - December. ...
adr6ian said:
Hey Ben, have you heard any further from Kogan? I'm keen to get my hands on the gpl stuff for my 55" Agora (nee. Konka ) SmartTV but there seems to have been no movement besides an attempt by Kogan to quell any negative publicity over 6 weeks ago... despite them having shipped modified firmware on TVs that hit the country mid - December. ...
Click to expand...
Click to collapse
Funny they lied their butts off in that article they did about it wrt who asked for it, how many asked for it and what they asked for. Not once did they reply to any of my emails from Ausdroid. We wanted to give them a chance to put their story in print but maybe I upset them ?
Ben did receive the source code. Not sure how public kogan have made this. Ie. Can anyone find it of their website or do they need to request it and then will get a private link?
I am yet to hear back from him as to whether the source actually works and builds the kernel correctly.
Sent from my Nexus 5 using Tapatalk
MontAlbert said:
Funny they lied their butts off in that article they did about it wrt who asked for it, how many asked for it and what they asked for. Not once did they reply to any of my emails from Ausdroid. We wanted to give them a chance to put their story in print but maybe I upset them ?
Ben did receive the source code. Not sure how public kogan have made this. Ie. Can anyone find it of their website or do they need to request it and then will get a private link?
I am yet to hear back from him as to whether the source actually works and builds the kernel correctly.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
here's their public site
http://www.kogan.com/au/
MameTozhio said:
here's their public site
http://www.kogan.com/au/
Click to expand...
Click to collapse
And? So what? Everyone knows their public site. Where is the link to the source on their site?
Good on them for coming up with the source. I for one doubted they'd be able to get it. Chinese manufacturers tend to not give up the source often, if ever. But it shouldn't be hard to find if someone wants it.
Sent from my Nexus 5 using Tapatalk
My Google foo is failing me, because I can't unearth a publicly linked version... closest I can find is the X 8000 series stuff on a Chinese forum, but the X 8000 is different enough from the v712 series based on specs that without the OEM firmware I'm not game to dabble with..
All I really want is to re enable the KKMULTISCR service that isn't active in the Kogan build but is present in all other re badged konka units such as the TCL and HiSense units and the Direct Sale v712 in NZ...
MontAlbert, if you have any suggestion feel free to PM me
I've mailed Kogan and formally requested the source, but I suspect I'll get a run around... maybe I'm cynical but
Sent from my SM-N9005 using Tapatalk
Information available on Reddit seem to show that several of Motorola's phones have not had any security patch levels applied since after January. It also seems like as long as the known security issues are just documented as theoretically possible that Lenovo/Motorola seem happy to keep reiterating the same lie that they make security a "top priority" while not actually addressing these problems. It is also frustrating that Motorola seems unwilling to release a version of the Motorola One that is intended to be used in the USA.
It would be nice to have a proof of concept repository similar to Rapid7's metasploit but for the Motorola G-series. Please keep in mind, I am *NOT* talking about violating responsible disclosure. This would not include any unpatched vulnerabilities. Instead, this would be known issues were AOSP has provided fixes to Motorola for over a month and Motorola has selected to still notify it's customers that their device is "up to date" without having addressed the known issues.
I believe only by showing customers what is possible with this exploits can enough pressure be put on Lenovo/Motorola to make "top priority" mean actual action instead of empty posturing.
However, based on my careful reading of the XDA ToS, it seems anything that facilitate the creation of malicious content is not allowed. This seems vaguely worded enough to exclude all proof of concept exploit discussion. But several of the issues left unaddressed by Motorola seem to be fairly easy to exploit. So, is XDA really improving the situation or avoiding transparency in favor of shielding Motorola's poor behavior?
It would be really nice if someone could provide some clarification behind the wording of this ToS and XDA's position on vendors that make security a "top priority" leaving months of patches outside of the scope available to customers if the device is to remain under warranty.
This is what I already said.
Motorola is just a retarded company.
I don't know in which universe this is acceptable.
Someone needs to sh*t in a bag and address it at Motorola, so they see what they sell.
The G6 was my last Motof**k phone.
F**k Motorola. F**k Lenovo and f**k all the retards which work in this companies.
I hope the company dies and never sells a f**kphone again.
I completely understand your level of frustration ThisIsRussia but please don't get the thread locked.
If I were to mail something to Motorola to make a statement, it would probably be a finger-print reader attached to swiss cheese. They keep using user facing features to give the illusion of security while leaving the rest of the product full of security holes.
Yeah, sorry I was a little upset because they are always responding with phrases like "soon it will be updated" etc.
Since February. Its May now.
I just don't use Motorola phones anymore and if someone asked me for opinion I didn't recommend Motorola/Lenovo.
They are a bunch of liars. period.
I picked up the g6 on Fi just to have a cheap phone. I thought it was just the Fi version not getting security updates.. luckily I don't keep financials, etc on. Only good as a glorified phone and music streaming device, but for $99?
Not many budget phones get monthly patches on time. None that are under$150 anyways.
$99 or $150 isn't what I was charged for the Moto G6. It was released for a price of $200.
The Federal Trade Commission has fined D-Link, TP-Link and ASUS for marketing *BUDGET* wireless routers that sold for much less than $200 or $150 or $99 for misrepresenting their products as providing security while "failing to take reasonable steps to secure."
According to David Kleidermacher, Google's head of security for Android, ""Android security made a significant leap forward in 2017 and many of our protections now lead the industry" and also "as Android security has matured, it has become more difficult and expensive for attackers to find high severity exploits."
Google owned Motorola, they should have been able to established policies and procedures for Motorola to make good on David Kleidermacher's statements. Or they should have made establishing those part of terms of the sale to Lenovo.
Lenovo and Motorola also market themselves as providing security even for budget devices with statements as:
* "Prevent unauthorized access with secure biometrics"
* "keeping your devices and systems secure and your digital privacy intact is a top priority"
At no point do they put any exclusionary statement such as "but only if it is not a budget device."
Also, while Motorola One is also a budget device, it does get more frequent updates. However, the Moto One is clearly not intended for purchase in the USA market and is missing support for several LTE bands.
And the Moto G6 is supposed to be a Treble/GSI device were any effort Motorola put into providing updates to flagship GSI devices should also apply to being able to also update the G6 for almost no additional effort.
So, I reject the claim no one should expect Feb 2019 security updates by May 2019 because it is simply a budget device.
Then let's also look at the claim that if financials or similar are not stored directly on the phone then it is not really a big issue.
To respond to that I am going to focus on just one Feb 2019 patch. There have been plenty of other security issues in Jan 2019 to now but for purposes of this discussion, I will just focus on one. The CVE-2019-1988 seems to still apply to still apply to any Motorola phone that is "up-to-date" but has a Jan 2019 security level. This vulnerability as a high impact score of 10 out of 10 and an easy exploitability score of 8.6 out of 10. The attack complexity is low and "could lead to remote code execution in system_server with no additional execution privileges needed."
What would need to result from this for it to be considered a violation of Lenovo and Motorola's marketing of making security a top priority?
What if an email or MMS ("text message") or instant message could do any of the following:
* Open and stream the microphone while the phone is locked
* Take and transmit pictures from either the front or rear camera while the phone is locked
* Send and receive text messages while the phone is locked
* Transmit phone location while the phone is locked
* Access and transmit email and files/documents on Google Drive and Google Docs while the phone is locked
Would any of this be disturbing? Is Lenovo/Motorola really delivering on "[preventing] unauthorized access with secure biometrics" if this is possible while the phone is locked?
I get this is all theoretical and I sound like I have been wearing a tin foil hat (maybe I am ). Anyone want to find out? Anyone want to give me the phone number to a Moto G6? Anyone want to give me the email address that they use with their Moto G6? How confident are people that not having financials stored directly on the phone means CVE-2019-1988 is not a major issue?
So far, people's reactions have been similar to this forum that there is still things people can do to maintain their privacy while using a device in this state. No one wants to believe that a major company would leave them so exposed. Lenovo/Motorola seems to be banking on no one understand the full scope of the problem. But what if a Proof of Concept of a Remote Access Trojan launched not via installing an application but simply from viewing a PNG really happened, would anyone be interested that? Would being able to actually demonstrate a PoC RAT have any positive value in holding Motorola accountable to their marketing claims or simply feed "hackers" with an exploit? If it is already known to be easily exploitable, shouldn't it be safe to assume any criminal that wanted it already has created their own implementation?
What exactly is XDA's stand on a real PoC RAT full disclosure? Is XDA taking on the stance that a RAT disclosure is always only harmful? Or is it that Motorola's actions are harmful?
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
I didn't say you or anyone should accept it. I said it's common on low end devices. Even low to midrange devices.
I don't care what you paid for it. I have the g6 play and paid $99 for it. And it has been updated to pie with March security patch.
Moto is not great at supplying updates the way they were when they were under Google. Not many companies in China that are shopping phones to other countries are good at it.
It sucks, I was agreeing with you.
So rant at someone else. Geez
madbat99 said:
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
Click to expand...
Click to collapse
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
chilinux said:
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
Click to expand...
Click to collapse
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
madbat99 said:
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
Click to expand...
Click to collapse
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
chilinux said:
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
Click to expand...
Click to collapse
Nope. Nobody is "honest" in marketing. They would sell nothing. Is it right....? No. Is it going to continue? Of course.
There are places to speak out. This isn't IT. Period.
You want a Google device that updates with every patch, you're gonna have to get a Pixel. Flat out. No company truly cares about you're security. They start companies to make money. The end. Right or wrong. Sorry bro. It is what it is.
Unless a company specifically spelled it out in the laws of the country their marketing in they don't have to do it. They can skirt rules and regulations anyway they possibly can. And they have lawyers to make sure they get around that crap. Marketing gimmicks do not equal legal regulation obedience.
if you have a medium to carry out the plan you intend to, find it and do it. just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
companies are going to sell their products at the greatest profitt imaginable and that's just the way things are going to be until some company proves that profits lie somewhere else. There isn't much you or I can do about it.
Again, this is not the medium for you to carry out such a vision. the most we hope to do here is to give users the keys to find a way to pick the lock for themselves. Not a way to circumvent the rules, punish the guilty, or vindicate innocence. There are places for that.
I'm going to bed now because I get up for work early. Good luck dude. hope you feel better in the morning.
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Infinity gems be damned, level-headed decisions with your device make all the difference in the world
madbat99 said:
just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
Click to expand...
Click to collapse
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
The security audit PoC suite would be similar to previously publicly released project. It would have a method of install via exploit similar to JailbreakMe and it would provide demonstration on what privileged level access provides similar to Back Orifice 2000. Both of those previous project had the potential to weaponize but also helped customers make a better informed decisions about the products they use.
madbat99 said:
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Click to expand...
Click to collapse
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
It is also a level of mistaken trust that was contributed to by people like Ronald Comstock with the XDA Developers sponsorship team which recommended this phone. It might be possible to make an excuse that at the time the recommendation was made it wasn't known how far behind security updates for the product would go. However, the XDA sponsorship team never posted a retraction and the XDA ToS makes it hard to effectively counter the vendor's misrepresentations of the XDA recommended product.
chilinux said:
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
.
Click to expand...
Click to collapse
It can be said that security and privacy are separate issues.
But your insights are well stated.
I remember when a "researcher" seemingly died right before demonstrating how security flaws in insulin pumps could kill a man. (We know who did it Jack) so security is a real concern. And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
madbat99 said:
And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
Click to expand...
Click to collapse
I have hard feeling about this issue but not about what you have said.
I also have a much less issue with "big money" not spending money were it does not need to. But they need to be transparent about that.
What I have hard feelings about is this:
https://androidenterprisepartners.withgoogle.com/device/#!/5659118702428160
And statements from Google related to that page such as:
"Organizations can then select devices from the curated list with confidence that they meet a common set of criteria, required for inclusion in the Android Enterprise
Recommended program ... Mandatory delivery of Android security updates within 90 days of release from Google (30 days recommended), for a minimum of three years"
As appears in this document:
https://static.googleusercontent.co...droid_Enterprise_Security_Whitepaper_2018.pdf
Ninety days from the February 5, 2019 security update bulletin was May 6, 2019. Choosing from that list does not result in mandatory delivery of security updates within 90 days. Google and David Kleidermacher are drowning consumers with willfully misleading information to put trust into devices that aren't held to the criteria they claim they are.
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Dadud said:
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Click to expand...
Click to collapse
You are far from the only one who doesn't care about security patches. I would agree with you that you should not have to care. Addressing problems that are over 90 days old are stated to be the responsibility of Google and Motorola to have taken care of.
In terms of it working just fine, my point is while it appears to normally be fine there is known ways that unapproved behavior can be applied to the product without the owners being aware of them. To me that is not working as advertised and is also not really working fine.