Related
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Hoodahottie said:
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Click to expand...
Click to collapse
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
This is a timely question with a very reassuring response. There is F-Droid instead of PlayStore (but it tends to be a few months behind) and OsmAnd instead of Maps (which is better in some ways). I would like to see more in this direction too.
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Unfortunately, this is the biggest problem that the security industry (ie. people like me) face, in trying to explain the issues here.
Here's a small example, to show you the problems, not specifically with the NSA, but with anything "cloud". Let's imagine a malicious attacker is going after you...
Let's look at your gmail account. It's likely that you signed up for it with your old Hotmail account (the previously most common type of email service). Most people did. It's also likely that you protect your Gmail account fairly well, but have likely not changed your Hotmail password in a while. That's likely the best way in for an attacker.
Now, before you say "OK, but what's the risk", let's take a look at what information is accessible to someone getting into your Google account.
Firstly, they know the details of all your android devices (IMEI etc) - they know what tablets you have, what phones you have, and their serial numbers and identifiers. They can also carry out a remote wipe on any of your devices via Mobile Device Manager. Let's come back to this later though
From Google Mail, they have a fair idea of what you're up to, based on your communications to other people. They can access your location history, and data-mine that, to figure out where you are. They can also look at your communications with other people via Hangouts and G+, and attempt to work out where you are (or simply use the GPS location). They can access the location sharing features of google's services, and see where you and your family are. They can see you're not at home (getting your address from an email), and go to your house, aware your kids are home alone, and rob the place, abducting them.
When you return home, you meet a scene of devastation. You take out your phone and call the cops. You call 911/999/112/whatever, but the call was intercepted and passed to the attackers, via software that was installed onto your phone remotely (via the play store's remote push system).
At this point, the attacker takes your phone, and puts you in the back of the van. He uses Google Device Manager, and removes the lockscreen password from your phone (via the forgot lockscreen code feature). This also resets your device encryption password to a known one. At this point, all the devices are turned off, and their SIMs removed, and you are driven to a remote location.
The attackers then call your partner (having got their number from your Google contacts), and demand $1 million, while telling your partner that you know they are currently in <name of place from their google shared location feature>. The same remote access toolkit is installed onto their phone (given they had used your email as a recovery email for their Google account), and this permits monitoring of their phone to check if they call 911 etc.
OK, that all sounds far-fetched, but that is all entirely possible. The sheer amount of data being held about you, by google and other cloud providers, is insane. I didn't even go into the possibility of financial theft here. Cellphones are a very important thing to people, and they often take them for granted. Would you consider that when you called 911 in a moment of need, that someone had remote-installed a piece of malicious software, which exploits an android security hole, to replace the dialer app, and route the call to a rogue attacker, pretending to be the emergency services?
The amount of control that "other people" have over a phone running "Google Apps" is immense. Don't just think about the "NSA" aspects of this - consider how devastating it would be if someone had access to your Google account. And now remember that anyone on the technical team of Google could (in theory) issue an access token to your account to a well-paying attacker...
Oh, and one of the best ways an attacker can get into your Google account is simply to steal a phone or tablet, and extract the Google authentication token. Sure, they might not be able to change your password, but they are now "into" the chain, and will be able to start the attack.
If this don't bother you, I don't know what will...
scanno said:
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
Click to expand...
Click to collapse
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
I
pulser_g2 said:
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
Click to expand...
Click to collapse
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
scanno said:
I
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
Click to expand...
Click to collapse
I've found a nice notepad app, but none yet that use OwnCloud sync.
I was thinking about looking into https://github.com/spacecowboy/NotePad and trying to get it working with the API. It would be fairly easy to remove the "closed" bits like Dropbox sync etc, and use the OwnCloud backend. It would also be nice to add proper encryption of notes later on.
Anyone else interested? (I hate android app coding, I can't even get the dependencies to resolve for it to build... Thus contributing to my dislike for ANYTHING java based)
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
I'm thrilled to hear this! Do other omnirom devs share your opinion?
I know it's early, but does the omnirom team have specific security/privacy ideas they want to implement?
In the long run, I don't see the Android ecosystem remaining in one piece. It's going to fragment. Amazon has already done it. Samsung may make this move. And people who want privacy and secure communications need a rom (and perhaps it's own app ecosystem) to which they can turn.
Please think about changing your why omnirom page. Right now, its pitch is very weak. Add a section about privacy and security and people will flock to this rom.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I'm absolutely shocked every time I hear people say this. So many people just dismiss the NSA spying because they're not terrorists. They don't have the imagination it takes to understand that today's citizen is tomorrow's terrorist. Every country that spied on it's citizens has oppressed them.
I'm not a spy or terrorist, but I don't want my every thought and action logged away to be used against me later.
boernie said:
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I can't post links, but if you want your own secure cloud, look at the Freedombox project. It's Debian based and it has some radical ideas. Eben Moglen and Bdale garbee have worked on it since 2010. Eben Moglen's talk about countries spying on citizens came long before the NSA story came to light.
The website is kind of dead, but in August Bdale gave a talk where he said Freedombox 1.0 should come before 2014. It's on youtube.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
Click to expand...
Click to collapse
There is a pretty simple solution to this!
Don't behave like expected.
Sent from my Find 5 using Tapatalk
Hoodahottie said:
Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
We techsavvy people want more
Click to expand...
Click to collapse
With all due respect to the OP, the above is the major problem. While many of us are "tech savvy" to one degree or another, I think we forget how to read sometimes.
When you're given that stack of papers to sign for your mortgage, car loan, credit card or bank account, how many blindly sign where we are told to be the agent of that company? Do you read what you are signing? If you answer yes, why is setting up your phone any different? We are told that such and such information is going to be collected when we sign up for our Google accounts. We are told that additional information is going to be collected when we set up our phone. Every time we start up GPS services, we are told Google is going to use this data they collect.
This causes me to wonder why it takes people by surprise when they learn that Google isn't a computer hardware and software company, but a marketing company. And even more wonder happens when they mention it's without their knowledge. Reading terms of service is important. They spell out exactly what they are going to do and give you the option not to participate. When I worked for IBM in the 80's, I had to sign away any rights to technology I developed while working there (with the exception of anything I started before employment and listed on their agreement). If I didn't want to do that I was my choice to not work there. The same thing happened with Tricord, Wang, Computer Associates, MAI, Excactium, Pivotal, etc
The other response about the NSA is troubling as well. We elect our representatives in this country every two four or six years. How many of those people that you voted into office voted yes to the Patriot Act? You want some scary reading, research the rights we gave up allowing that to happen.
We are innocent until proven guilty. The NSA "spying" doesn't just ensnare terrorist, but easily the whole population of the USA. Their model of two, three and more levels of contact captures everyone. The real question isn't I'm not a terrorist so why does it matter, it is I'm not a terrorist so why are you doing it?
We setup up these phones with the knowledge we would be tracked. We walk down the street and see security cameras watching. Then we complain about it? We allowed it to happen to have a whiz bang new phone or to feel safer.
" Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin
I work in retail. Every year I hear people complain that we set Christmas stuff too early. Those same people are buying their lights, cards and trees in the same visit. If they didn't buy early, we wouldn't set early. If we truly cared about not being used as marketing data, we wouldn't be using these phones. We wouldn't use Google.com to search. We wouldn't re-elect many of those in office at the local state and federal levels.
Sorry for the rant, I'll step of the soapbox and allow this discussion to get back on track.
Sent from my Nexus 4 using Tapatalk
With no disrespect, I wonder if people who ask me to take full responsibility understand life and power.
I understand that I have to take some responsibility for signing on for services and programs, but I blame the government and corporations more because they are many times richer and more powerful than me.
And they take advantage of that.
How many Terms of service agreements have I had to sign to use internet services? If I really read all of their ToS, I wouldn't have time for anything else. I'll bet that the ceos of these companies haven't read the ToS of their own products. They don't have to because they have the money to hire 50 of the best lawyers and ask them to craft a bullet-proof ToS.
They probably spent tens of thousands of dollars on the ToS. And I stand against all of that money and power, with limited time and resources and no law degree. Am I the one to be blamed? They know I'm tired from work, that I don't have a legal background and my attention span is limited and I need this product, and there is no other choice unless I'm willing to suffer a lot.
Often these multinational corporations control the whole market and I don't really have any choice. Look at the phone OS market now. I can choose between Android, iOS or Windows Phone. My choices are an open source OS built to facilitate spying, an overpriced, closed source, simplistic OS built by a company that co-operates with the NSA or a closed source, proprietary phone from an industry giant accused of anti-competitive behaviour and also collaborating with the NSA.
There's no real choice. Not just in the phone industry, but in most places in life. Powerful people don't become powerful by giving everyone else choices and freedom. They take freedom away. You ask me to take responsibility as if I had another, better choice. Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices. It's always been that way, and why I blame the government, corporations and powerful people more than myself.
To really win, I'd have to devote my life to fighting all these powerful forces and even if I win, I'll have to spend the rest of my life defending against other crooks who'd try to do the same thing. I wouldn't have any time left for a life.
"You ask me to take responsibility as if I had another, better choice."
Who else is responsible for your actions?
"Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices."
Yes, these companies are in business to make money. That is no different than you having a job to make money.
But do not tell me you or Bill or Steve or Larry do not have à choice. Ever heard of CP/M? An Altair? AltaVista? If you haven't, here is some history.
CP/M was a dominant operating system before DOS. Bill Gates made a choice to create Altair Basic for the Altair microcomputer being sold mail-order. That was the start of Micro-Soft (now Microsoft). He made another choice to create MS-DOS to compete against CP/M for the IBM PC and clones. He made another choice to start work on Windows to compete against Apple's graphical interfaces and IBM's TopView.
Before Steve Jobs made the choice to sell Woz's garage built microcomputer (later named the Apple) there was the Altair mentioned above. They made a choice to build an alternative.
Larry Page and Sergey Brin made the choice to start Google, thinking they could do search better than AltaVista, Yahoo, Excite, HotBot, MetaCrawler, etc.
Powerful people become powerful many times by giving others alternatives. The above mentioned powerful people are examples.
We can make the choice to use prepaid basic phones and not worry about anyone watching us because you don't use personal information to activate.
"To really win, I'd have to devote my life to fighting all these powerful forces"
You should. Doing so makes you powerful. Recently two women changed how one of the world's largest food brands makes their products. One of them eventually dropped out of the spot light and it became the crusade of ONE woman. Kraft Foods is changing how they make some of their Mac and Cheese products due to the efforts of one individual. No more Yellow #5 in their Mac and Cheese products specifically marketed at children. That was a choice she made. A fight that became part of her life.
We all have choices. We are all responsible for our own actions. We can't blame government as a whole because they are largely elected by us. We work to make money to live the life we choose. Corporations (started by individuals) do the same thing.
Sorry again for diverting off topic, but I have a difficult time with responsibility shifting to account for mistakes. We all make them (this reply is probably one of mine). A wise person once said, the man who makes no mistake, usually doesn't make anything worthwhile.
This particular set of threads, all the Omni threads, are what make communities like this work. We can voice opinions, state facts, help with commands to build a repository, compile a kernel, even agree to disagree.
This is how XDA started, while maybe some sections have stayed from the roots, Omni has brought it back full circle.
Sent from my Nexus 4 using Tapatalk
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
You may want to skim through this: http://online.wsj.com/news/articles/SB10001424052748704471504574438900830760842
Some laws (in many? all? countries) are so loosely worded that you're probably breaking some of them right now. Now remember that the government/google/facebook/whoever is watching everything you do. If you ever become "a problem" you're not going to be too difficult to "deal with". Just a potential look at one of the many problems with complete surveillance.
You guys talk about this as if Google, Facebook and all these companies willingly gave up this information.
But the reality is this: the government (NSA) asks for the data. If the companies deny them this, the NSA then goes to obtain a generalized warrant from the FISA courts, secret courts with a 99.7% warrant approval rate, and then obtain the data regardless of what these companies want.
And for those of you who STILL think it's the companies, read this: http://www.washingtonpost.com/world...1d661e-4166-11e3-8b74-d89d714ca4dd_story.html
---------- Post added at 10:38 AM ---------- Previous post was at 10:31 AM ----------
And yes, these companies DO own your data. As soon as you click "I accept these terms" on the registration page, they are now the owners of everything that goes through their online services.
But, here's the catch. Companies are individuals too, as established in Citizens United v. FCC, and are protected under the same rights as any other individual. And it logically follows that because of this, it is a breach on each company's 4th amendment rights for the NSA to obtain generalized warrants, that list NO goal for the investigation, and use these in order to force each company to fork over account details among other things.
frustration pure
one of the most common arguments of those who don't care or don't want to face the
risks of others knowing anything or almost everything of us is:
i have nothing to hide so what !
now to make a point i would like to come up with a very simple and for many
perhaps a bit strange example but i think most will understand what i mean.
ALBEIT I'M ALLOWED TO MAKE LOVE TO MY WIFE AND IT'S TOTALLY LEGAL
AND RIGHT, I DO NOT WANT ANYONE TO LISTEN OR WATCH :laugh:
UNDERSTOOD ?
regards
+1
I've been lurking and decided to give my opinion. First though, let me give a little background. Two years ago I bought my first Nexus and I rooted it right away. I left the bootloader unlocked, the CWM recovery installed, and USB debugging left on. Any app that could log me in automatically I allowed...Ebay, Amazon, Gmail, etc. I thought I was doing a good job protecting my privacy by using a strong password lock and installing Lookout.
I had no idea how easy it was to gain access to all of my data. My ignorance would not have protected me. Now to today. I have a rooted phone, but the bootloader is locked with the stock recovery installed. I will install a custom rom when a good one is available, but the stock recovery will be re-flashed and the bootloader locked when I'm done. I still use Lookout. I'm using LastPass to manage unique strong passwords now...no more saving passwords. I'm waiting for ADB Toggle to be fixed for Kitkat and USB Debugging will be turned off when my phone plugs into a computer. I am constantly looking for ways to protect my data.
To have total convenience, you must give up privacy and security. To have total privacy and security, you must give up convenience. I know that google has access to EVERYTHING I do with my phone and am not happy about it. I try to be informed and balance convenience, privacy, and security.
:good: I second the suggestion that OmniROM should attempt to become the ROM for people who want to protect their privacy and security. :good: There is a lot that can be done at the operating system level that cannot be performed by individual apps. Sure, I love all the features that custom ROMs offer and look forward to see what can be done, but privacy and security are #1 for me.
If you agree, then +1 this post.
Information available on Reddit seem to show that several of Motorola's phones have not had any security patch levels applied since after January. It also seems like as long as the known security issues are just documented as theoretically possible that Lenovo/Motorola seem happy to keep reiterating the same lie that they make security a "top priority" while not actually addressing these problems. It is also frustrating that Motorola seems unwilling to release a version of the Motorola One that is intended to be used in the USA.
It would be nice to have a proof of concept repository similar to Rapid7's metasploit but for the Motorola G-series. Please keep in mind, I am *NOT* talking about violating responsible disclosure. This would not include any unpatched vulnerabilities. Instead, this would be known issues were AOSP has provided fixes to Motorola for over a month and Motorola has selected to still notify it's customers that their device is "up to date" without having addressed the known issues.
I believe only by showing customers what is possible with this exploits can enough pressure be put on Lenovo/Motorola to make "top priority" mean actual action instead of empty posturing.
However, based on my careful reading of the XDA ToS, it seems anything that facilitate the creation of malicious content is not allowed. This seems vaguely worded enough to exclude all proof of concept exploit discussion. But several of the issues left unaddressed by Motorola seem to be fairly easy to exploit. So, is XDA really improving the situation or avoiding transparency in favor of shielding Motorola's poor behavior?
It would be really nice if someone could provide some clarification behind the wording of this ToS and XDA's position on vendors that make security a "top priority" leaving months of patches outside of the scope available to customers if the device is to remain under warranty.
This is what I already said.
Motorola is just a retarded company.
I don't know in which universe this is acceptable.
Someone needs to sh*t in a bag and address it at Motorola, so they see what they sell.
The G6 was my last Motof**k phone.
F**k Motorola. F**k Lenovo and f**k all the retards which work in this companies.
I hope the company dies and never sells a f**kphone again.
I completely understand your level of frustration ThisIsRussia but please don't get the thread locked.
If I were to mail something to Motorola to make a statement, it would probably be a finger-print reader attached to swiss cheese. They keep using user facing features to give the illusion of security while leaving the rest of the product full of security holes.
Yeah, sorry I was a little upset because they are always responding with phrases like "soon it will be updated" etc.
Since February. Its May now.
I just don't use Motorola phones anymore and if someone asked me for opinion I didn't recommend Motorola/Lenovo.
They are a bunch of liars. period.
I picked up the g6 on Fi just to have a cheap phone. I thought it was just the Fi version not getting security updates.. luckily I don't keep financials, etc on. Only good as a glorified phone and music streaming device, but for $99?
Not many budget phones get monthly patches on time. None that are under$150 anyways.
$99 or $150 isn't what I was charged for the Moto G6. It was released for a price of $200.
The Federal Trade Commission has fined D-Link, TP-Link and ASUS for marketing *BUDGET* wireless routers that sold for much less than $200 or $150 or $99 for misrepresenting their products as providing security while "failing to take reasonable steps to secure."
According to David Kleidermacher, Google's head of security for Android, ""Android security made a significant leap forward in 2017 and many of our protections now lead the industry" and also "as Android security has matured, it has become more difficult and expensive for attackers to find high severity exploits."
Google owned Motorola, they should have been able to established policies and procedures for Motorola to make good on David Kleidermacher's statements. Or they should have made establishing those part of terms of the sale to Lenovo.
Lenovo and Motorola also market themselves as providing security even for budget devices with statements as:
* "Prevent unauthorized access with secure biometrics"
* "keeping your devices and systems secure and your digital privacy intact is a top priority"
At no point do they put any exclusionary statement such as "but only if it is not a budget device."
Also, while Motorola One is also a budget device, it does get more frequent updates. However, the Moto One is clearly not intended for purchase in the USA market and is missing support for several LTE bands.
And the Moto G6 is supposed to be a Treble/GSI device were any effort Motorola put into providing updates to flagship GSI devices should also apply to being able to also update the G6 for almost no additional effort.
So, I reject the claim no one should expect Feb 2019 security updates by May 2019 because it is simply a budget device.
Then let's also look at the claim that if financials or similar are not stored directly on the phone then it is not really a big issue.
To respond to that I am going to focus on just one Feb 2019 patch. There have been plenty of other security issues in Jan 2019 to now but for purposes of this discussion, I will just focus on one. The CVE-2019-1988 seems to still apply to still apply to any Motorola phone that is "up-to-date" but has a Jan 2019 security level. This vulnerability as a high impact score of 10 out of 10 and an easy exploitability score of 8.6 out of 10. The attack complexity is low and "could lead to remote code execution in system_server with no additional execution privileges needed."
What would need to result from this for it to be considered a violation of Lenovo and Motorola's marketing of making security a top priority?
What if an email or MMS ("text message") or instant message could do any of the following:
* Open and stream the microphone while the phone is locked
* Take and transmit pictures from either the front or rear camera while the phone is locked
* Send and receive text messages while the phone is locked
* Transmit phone location while the phone is locked
* Access and transmit email and files/documents on Google Drive and Google Docs while the phone is locked
Would any of this be disturbing? Is Lenovo/Motorola really delivering on "[preventing] unauthorized access with secure biometrics" if this is possible while the phone is locked?
I get this is all theoretical and I sound like I have been wearing a tin foil hat (maybe I am ). Anyone want to find out? Anyone want to give me the phone number to a Moto G6? Anyone want to give me the email address that they use with their Moto G6? How confident are people that not having financials stored directly on the phone means CVE-2019-1988 is not a major issue?
So far, people's reactions have been similar to this forum that there is still things people can do to maintain their privacy while using a device in this state. No one wants to believe that a major company would leave them so exposed. Lenovo/Motorola seems to be banking on no one understand the full scope of the problem. But what if a Proof of Concept of a Remote Access Trojan launched not via installing an application but simply from viewing a PNG really happened, would anyone be interested that? Would being able to actually demonstrate a PoC RAT have any positive value in holding Motorola accountable to their marketing claims or simply feed "hackers" with an exploit? If it is already known to be easily exploitable, shouldn't it be safe to assume any criminal that wanted it already has created their own implementation?
What exactly is XDA's stand on a real PoC RAT full disclosure? Is XDA taking on the stance that a RAT disclosure is always only harmful? Or is it that Motorola's actions are harmful?
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
I didn't say you or anyone should accept it. I said it's common on low end devices. Even low to midrange devices.
I don't care what you paid for it. I have the g6 play and paid $99 for it. And it has been updated to pie with March security patch.
Moto is not great at supplying updates the way they were when they were under Google. Not many companies in China that are shopping phones to other countries are good at it.
It sucks, I was agreeing with you.
So rant at someone else. Geez
madbat99 said:
@chilinux
Relax, you don't need to attack me. I can see you're feeling very hostile.
Click to expand...
Click to collapse
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
chilinux said:
I am very sorry you feel personally attacked. I do admit that I have taken a hostile stance but I wasn't trying to attack you.
My point is that I have already heard from users that the issue is not really that bad. It really seems like a demonstration is the only way to change the Lenovo/Motorola business model of leveraging customer misconception. At the same time, the XDA ToS seems to be at odds with using this forum as the method of giving such a demonstration. To me, this means XDA is passively contributing to Motorola's clearly invalid marketing of using product security to protect against unauthorized access.
Allowing remote unauthorized access is very much part of how the Moto G6 functions.
Click to expand...
Click to collapse
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
madbat99 said:
XDA needs to cover their butts. They walk a fine line on many things.
To provide members the most information, useful guides, and general Android knowledge; they do have to remain, for lack of a better term, "neutral".
They allow us access to guides, knowledge, and even files, that allow us to take back some semblance of "ownership" of our devices. And that is despite many OEM, and country, restrictions, regulations, and "ownership", be it proprietary or what have you, that threaten their voice.
We, in turn, try to adhere to their rules to maintain an even keel, so to speak. So as not to make it harder, or impossible, to do the good work they are doing.
That said, this may not be the platform to achieve the ends you seek. Even if others share your view, in part, or otherwise.
Make sense?
Click to expand...
Click to collapse
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
chilinux said:
I understand what it is you are trying to saying that XDA sees it to their advantage to not rock the boat too much. That doesn't mean it makes sense to me.
Here is how I view how the world works when people don't speak out:
https://www.cnn.com/2019/01/12/middleeast/khashoggi-phone-malware-intl/index.html
If Motorola wants to specify that security and safety simply is not part of this product, then I can understand them making that part of their *stated* business model. But Lenovo/Motorola has decided they can market a product as preventing authorized access without doing the work required to actually provide that feature. There should be moral and ethical issues raised when knowingly letting a company mislead their customers to that extent.
There should be room someplace on the XDA forum to create a penetration/vulnerability to put customers of Motorola in a better position for informed consent. The idea that the average person can take the April and May 2019 security bulletins and understand what that really means just doesn't work out. They know what the word "critical" means but usually don't know what RCE is and largely take it as being someone else's problem. The level of conflict of interest on the part of Motorola is not made clear.
Instead, the average person still focuses on if when they are going to see the latest Avengers movie. "CVE-2019-2027" means nothing but if you show them April/May gives criminals all of the infinity gems such that at a click of their fingers half of customers of Motorola have their privacy turn to dust, then that is something they can at least understand. Then they can more meaningfully decide if it is reasonable/safe to use that device without leaving airplane mode permanently on.
Click to expand...
Click to collapse
Nope. Nobody is "honest" in marketing. They would sell nothing. Is it right....? No. Is it going to continue? Of course.
There are places to speak out. This isn't IT. Period.
You want a Google device that updates with every patch, you're gonna have to get a Pixel. Flat out. No company truly cares about you're security. They start companies to make money. The end. Right or wrong. Sorry bro. It is what it is.
Unless a company specifically spelled it out in the laws of the country their marketing in they don't have to do it. They can skirt rules and regulations anyway they possibly can. And they have lawyers to make sure they get around that crap. Marketing gimmicks do not equal legal regulation obedience.
if you have a medium to carry out the plan you intend to, find it and do it. just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
companies are going to sell their products at the greatest profitt imaginable and that's just the way things are going to be until some company proves that profits lie somewhere else. There isn't much you or I can do about it.
Again, this is not the medium for you to carry out such a vision. the most we hope to do here is to give users the keys to find a way to pick the lock for themselves. Not a way to circumvent the rules, punish the guilty, or vindicate innocence. There are places for that.
I'm going to bed now because I get up for work early. Good luck dude. hope you feel better in the morning.
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Infinity gems be damned, level-headed decisions with your device make all the difference in the world
madbat99 said:
just make sure no consumers are harmed in the process. because then the line has been crossed where you're not helping anyone but hurting people.
Click to expand...
Click to collapse
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
The security audit PoC suite would be similar to previously publicly released project. It would have a method of install via exploit similar to JailbreakMe and it would provide demonstration on what privileged level access provides similar to Back Orifice 2000. Both of those previous project had the potential to weaponize but also helped customers make a better informed decisions about the products they use.
madbat99 said:
how many people in the budget phone range are still using phones that haven't even been updated past kit Kat. Just a bit of a reality check. Up-to-the-minute security patches don't mean much to those who are struggling just to have a device to communicate with.
Click to expand...
Click to collapse
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
It is also a level of mistaken trust that was contributed to by people like Ronald Comstock with the XDA Developers sponsorship team which recommended this phone. It might be possible to make an excuse that at the time the recommendation was made it wasn't known how far behind security updates for the product would go. However, the XDA sponsorship team never posted a retraction and the XDA ToS makes it hard to effectively counter the vendor's misrepresentations of the XDA recommended product.
chilinux said:
I can not no consumers would ever be harmed by anything I ever released. TeamViewer has been weaponized to performing scams. UPX was weaponized to help hide malware from detection. Cerberus antitheft app for Android has the potential to be weaponized. Magisk can be weaponized for malware to avoid detection on Android. To claim any of those projects is "not helping anyone" is really a stretch.
Just a bit of a reality check, I know a medical doctor that discusses information that should be legally protected under HIPAA in the same room as a Moto G6. When a vendor misrepresents the degree to which unauthorized access to a device's microphone is prevented, then more than just people struggling to communicate are impacted. That level of misplaced trust also means the privacy impact extends beyond just owners of the phone.
.
Click to expand...
Click to collapse
It can be said that security and privacy are separate issues.
But your insights are well stated.
I remember when a "researcher" seemingly died right before demonstrating how security flaws in insulin pumps could kill a man. (We know who did it Jack) so security is a real concern. And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
madbat99 said:
And big money will always try to silence what is too expensive to fix. So I get your point. Just goes a little beyond XDA is all I meant. No hard feelings intended, so I hope you didn't take it that way.
Click to expand...
Click to collapse
I have hard feeling about this issue but not about what you have said.
I also have a much less issue with "big money" not spending money were it does not need to. But they need to be transparent about that.
What I have hard feelings about is this:
https://androidenterprisepartners.withgoogle.com/device/#!/5659118702428160
And statements from Google related to that page such as:
"Organizations can then select devices from the curated list with confidence that they meet a common set of criteria, required for inclusion in the Android Enterprise
Recommended program ... Mandatory delivery of Android security updates within 90 days of release from Google (30 days recommended), for a minimum of three years"
As appears in this document:
https://static.googleusercontent.co...droid_Enterprise_Security_Whitepaper_2018.pdf
Ninety days from the February 5, 2019 security update bulletin was May 6, 2019. Choosing from that list does not result in mandatory delivery of security updates within 90 days. Google and David Kleidermacher are drowning consumers with willfully misleading information to put trust into devices that aren't held to the criteria they claim they are.
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Dadud said:
am i the only one who doesn't give a crap about security patches? i just want my phone to work, which my G6 does, just fine.
Click to expand...
Click to collapse
You are far from the only one who doesn't care about security patches. I would agree with you that you should not have to care. Addressing problems that are over 90 days old are stated to be the responsibility of Google and Motorola to have taken care of.
In terms of it working just fine, my point is while it appears to normally be fine there is known ways that unapproved behavior can be applied to the product without the owners being aware of them. To me that is not working as advertised and is also not really working fine.
https://www.reuters.com/article/us-...ei-after-trump-blacklist-source-idUSKCN1SP0NB
"Huawei Technologies Co Ltd will immediately lose access to updates to the Android operating system, and the next version of its smartphones outside of China will also lose access to popular applications and services including the Google Play Store and Gmail app."
Not good news
This happened to ZTE as well for the same reason but the company was later reinstated to 'approved'.
Is this due to the trade dispute, which will only be temporary, or is this because of the spying fears, which would be long lasting...
It's because of the Trump Executive Order:
https://www.androidauthority.com/huawei-loses-access-to-google-android-987873/
Welp, people with bootloader unlocked devices might be able to emulate signature of another device to keep passing cts/google play certification (if Google going to revoke it, and its possible that they will).
https://github.com/Magisk-Modules-R...ices-fingerprint-to-pass-the-ctsprofile-check
For everyone else who doesn't have unlocked bootloader, its not going to be fun. Migrate to Huawei Pay.
Still no idea how it will affect Android updates, but it will at least be delayed now. We have to wait for Huawei response, because they have to give statement until their business in ROW (anywhere aside of Asia) burns.
iainmann said:
It's because of the Trump Executive Order:
https://www.androidauthority.com/huawei-loses-access-to-google-android-987873/
Click to expand...
Click to collapse
Is Trump's executive order because of the trade dispute or fears of spying? Or he just decided on an executive order because he lost a bet?
chetly968 said:
Is Trump's executive order because of the trade dispute or fears of spying? Or he just decided on an executive order because he lost a bet?
Click to expand...
Click to collapse
Probably a mix of the three
chetly968 said:
Is Trump's executive order because of the trade dispute or fears of spying? Or he just decided on an executive order because he lost a bet?
Click to expand...
Click to collapse
Yeah exactly another collateral damage and derivatives from Trade Dispute. He uses his 'exclusive rights' trying to curb competition from another country's manufacture ZTE was a previous example.
they saw it coming....
https://www.google.com/amp/s/www.cn...operating-system-for-smartphones-laptops.html
demon2112 said:
they saw it coming....
https://www.google.com/amp/s/www.cn...operating-system-for-smartphones-laptops.html
Click to expand...
Click to collapse
But, what about the Google products like Playstore, YouTube, Gmail, etc
samnettt said:
But, what about the Google products like Playstore, YouTube, Gmail, etc
Click to expand...
Click to collapse
I guess you want get them with new Huawei phones in the near future
samnettt said:
But, what about the Google products like Playstore, YouTube, Gmail, etc
Click to expand...
Click to collapse
If it's not resolved, I presume Play Store would be a no-go, but could Huawei get access to YouTube etc?
samnettt said:
But, what about the Google products like Playstore, YouTube, Gmail, etc
Click to expand...
Click to collapse
that will be no longer... if all pushes through...... app gallery would be the way to get apps
Trump the dictator wants to slow Huawei (and China in general) down by any means possible. He sent his henchmen all over to world to bully nations to stop using Huawei kit, but most didn't listen. His only last card to play was to "blacklist" Huawei from doing business with US companies, this is the nuclear option. Trump and his flunkies know that western 5G vendors are about 18 months behind Huawei, so they were looking at ways to sabotage the company and this is it. Plain and simple, there's no spying or tin-foil-hat conspiracies, only that Trump can't handle losing to the Chinese. The backlash from the BS move will be massive .. Let's wait and see, I think it'll be reversed.
enrique71 said:
Trump the dictator wants to slow Huawei (and China in general) down by any means possible. He sent his henchmen all over to world to bully nations to stop using Huawei kit, but most didn't listen. His only last card to play was to "blacklist" Huawei from doing business with US companies, this is the nuclear option. Trump and his flunkies know that western 5G vendors are about 18 months behind Huawei, so they were looking at ways to sabotage the company and this is it. Plain and simple, there's no spying or tin-foil-hat conspiracies, only that Trump can't handle losing to the Chinese. The backlash from the BS move will be massive .. Let's wait and see, I think it'll be reversed.
Click to expand...
Click to collapse
Someone gets it! :good:
enrique71 said:
Trump the dictator wants to slow Huawei (and China in general) down by any means possible. He sent his henchmen all over to world to bully nations to stop using Huawei kit, but most didn't listen. His only last card to play was to "blacklist" Huawei from doing business with US companies, this is the nuclear option. Trump and his flunkies know that western 5G vendors are about 18 months behind Huawei, so they were looking at ways to sabotage the company and this is it. Plain and simple, there's no spying or tin-foil-hat conspiracies, only that Trump can't handle losing to the Chinese. The backlash from the BS move will be massive .. Let's wait and see, I think it'll be reversed.
Click to expand...
Click to collapse
We hope so.
Because, alot of users outside of China are in anxiety
From Huawei UK
enrique71 said:
Trump the dictator wants to slow Huawei (and China in general) down by any means possible. He sent his henchmen all over to world to bully nations to stop using Huawei kit, but most didn't listen. His only last card to play was to "blacklist" Huawei from doing business with US companies, this is the nuclear option. Trump and his flunkies know that western 5G vendors are about 18 months behind Huawei, so they were looking at ways to sabotage the company and this is it. Plain and simple, there's no spying or tin-foil-hat conspiracies, only that Trump can't handle losing to the Chinese. The backlash from the BS move will be massive .. Let's wait and see, I think it'll be reversed.
Click to expand...
Click to collapse
ORANGE MAN BAD, eh? Huawei has been a target of the U.S. long before Trump was in office. I guess Huawei stealing Billions of R&D from Nortel is just 'okay' by you, then. As far as the spying goes, everyone is spying. The whole Iran sanction thing is also laughable. Just please don't pretend that Huawei isn't an arm of the Chinese government, and that they are wholly innocent on the World stage.
This all sucks, I guess we will be stuck with AOSP updates until there is some actual real development for this phone. sigh, should have stuck with a Samsung I guess.
---------- Post added at 09:40 AM ---------- Previous post was at 09:20 AM ----------
From the Google statement, it looks like existing devices will be covered. But... Just how much effort is Huawei going to put into keeping a smattering of people happy? Are we ever going to see the 9.1 update now? Or, anything but barebones security updates? Bleh, it was always a bit of a risk to go with this phone, I hope we see real development for 3rd party roms.
kaibosh99 said:
ORANGE MAN BAD, eh? Huawei has been a target of the U.S. long before Trump was in office. I guess Huawei stealing Billions of R&D from Nortel is just 'okay' by you, then. As far as the spying goes, everyone is spying. The whole Iran sanction thing is also laughable. Just please don't pretend that Huawei isn't an arm of the Chinese government, and that they are wholly innocent on the World stage.
This all sucks, I guess we will be stuck with AOSP updates until there is some actual real development for this phone. sigh, should have stuck with a Samsung I guess.
---------- Post added at 09:40 AM ---------- Previous post was at 09:20 AM ----------
From the Google statement, it looks like existing devices will be covered. But... Just how much effort is Huawei going to put into keeping a smattering of people happy? Are we ever going to see the 9.1 update now? Or, anything but barebones security updates? Bleh, it was always a bit of a risk to go with this phone, I hope we see real development for 3rd party roms.[/QUote
Existing devices will continue to work but will get no more updates including security updates, unless those are made available to AOSP
Click to expand...
Click to collapse
'Huawei loss of Google certification temporarily delayed to August [Updated] - Official end date of Android license still uncertain as negotiations continue."
https://www.androidcentral.com/huaw...tw_card&utm_content=75027&utm_campaign=social
told you so ..
Hi guys. I'm starting this thread in hopes of sparking a conversation and a concerted effort to rid ourselves as users from the clutches of Google and other big tech companies. I am sick and tired of Google tracking me and attempting to force feed me ads on a daily send constant basis. Then selling my info to other companies such as Facebook. So, I have started down the path of decluttering (De-Google-ing) my device(s). I am primarily interested in securing my device as much as possible and protecting my privacy.
So far, I have reformatted my entire device to factory default settings installed and using F-Droid (FOSS) for all my apps. I use Yandex as my search engine (I am often to suggestions and recommendations) in the "private browser" app. I use Aurora instead of Google Play store, New Pipe for YouTube-ing, Frost for Facebookingand SlimSocial for Twitter. I have stopped using Google keyboard and any other Google apps. I have abandoned gmail and replaced it with proton mail instead. So far, no ads and as far as I can tell, no tracking. I have also installed a VPN and am using it religiously—Cyber Ghost, a $99 for 3 years subscription with support up to 8 devices.
However, I am still very much connected to Samsung for I am not privy as to whether or not Samsung is as sinister as Google and Facebook.
Again, I am open to all suggestions, corrections and recommendations. Thank you and I hope to engage with you all.
leave it up to them yandex russians to protect your privacy.
but seriously. the most dangerous thing you can do is acctualy think that the steps you take are really making your life private.
vpns just channel the traffic to an other end point and does the queries for you then sends the data encrypted to you.
the queries are still made on the www. account info and all things you store or access online is still accessible by the www. vpn companies just fool you into thinking that the data being relayed to you is the only weak link. plus the free ones mine your data.
best thing you can do is not use social media. its made to invade your privacy. its designed to fool you into giving as much of your personal life info as possible and sell your habits to add companies so they can in turn send you quatered adds.
the minute you use the internet you void your privacy regardless of how you think the measures you take are working or effective. and what are you going to do about the 100 and 1000's of companies being hacked and their data mined and sold every month? you cant do anything about that. plus its much better for hackers to get their info from a big company because you get much more than just 1 dude that does his banking online and chat every now and then.there is no money to be made from 1 individual.
if you think people are specifically after you, you are gravely being fooled by the vpn ad campaigns that have been poping up everywhere about "privacy".( they must hide the fact that they also get hacked very well.its just that the media hasint picked up on it yet)
anyways who want to waste time on an end user/device?
when again you just need to hack equifax like a few years back and you get the motherload instead.
all in all I've abandoned the thought of real privacy. its futile.( even abstinents dosen't work because companies and governments don't secure customer data correctly. and unfortunately if you are born, you must be branded and labeled and filed away.)
live your life. just know that what ever you do you can't escape big brother and your data from being leaked by the big companies that say that it is secured with them.
the whole infrastructure relies on them companies and the habits we have been embraining ourselves and our children with is the problem.. we live our lives intertwined with the services and devices that we take for granted and have clicked next next next through polices and consent forms for over 25 years now whithout even giving it a second though. we're in over our heads now and it is a little late to back out. this was al dine by design and all voluntarily. its crazy how marketing is evil.
a cabin in the woods is the easiest and most secure thing one can do. anything shy of that is a waste of time and a false feeling of privacy.
anyways I'm going around in circles now.
one thing for sure is that the criminals we think that we need cover from are not who we think they are.
they are the FCC dealing with big telcos, they are the big media giants spewing false information and fabricates facts. they are in our governments in the highest ranks pushing hidden agendas and most of all they are the big social media platforms remodeling our society each day under our noses at our expense.
but hey this is not new. the internet police is just tring to make you think it is and spend 9.99$ a month for a vpn lol
good luck.
I just stopped using as many Google apps as I can and switched over to MS Office apps and use Samsung services where I can too...
bober10113 said:
leave it up to them yandex russians to protect your privacy.
but seriously. the most dangerous thing you can do is acctualy think that the steps you take are really making your life private.
vpns just channel the traffic to an other end point and does the queries for you then sends the data encrypted to you.
the queries are still made on the www. account info and all things you store or access online is still accessible by the www. vpn companies just fool you into thinking that the data being relayed to you is the only weak link. plus the free ones mine your data.
best thing you can do is not use social media. its made to invade your privacy. its designed to fool you into giving as much of your personal life info as possible and sell your habits to add companies so they can in turn send you quatered adds.
the minute you use the internet you void your privacy regardless of how you think the measures you take are working or effective. and what are you going to do about the 100 and 1000's of companies being hacked and their data mined and sold every month? you cant do anything about that. plus its much better for hackers to get their info from a big company because you get much more than just 1 dude that does his banking online and chat every now and then.there is no money to be made from 1 individual.
if you think people are specifically after you, you are gravely being fooled by the vpn ad campaigns that have been poping up everywhere about "privacy".( they must hide the fact that they also get hacked very well.its just that the media hasint picked up on it yet)
anyways who want to waste time on an end user/device?
when again you just need to hack equifax like a few years back and you get the motherload instead.
all in all I've abandoned the thought of real privacy. its futile.( even abstinents dosen't work because companies and governments don't secure customer data correctly. and unfortunately if you are born, you must be branded and labeled and filed away.)
live your life. just know that what ever you do you can't escape big brother and your data from being leaked by the big companies that say that it is secured with them.
the whole infrascturuce relies on them companies and the habits we have been embraining ourselves and our children with is the problem.. we live our lives intertwined with the services and devices that we take for granted and have clicked next next next through polices and consent forms for over 25 years now whithout even giving it a second though. we're in over our heads now and it is a little late to back out. this was al dine by design and all voluntarily. its crazy how marketing is evil.
a cabin in the woods is the easiest and most secure thing one can do. anything shy of that is a waste of time and a false feeling of privacy.
anyways I'm going around in circles now.
one thing for sure is that the criminals we think that we need cover from are not who we think they are.
they are the FCC dealing with big telcos, they are the big media giants spewing false information and fabricates facts. they are in our governments in the highest ranks pushing hidden agendas and most of all they are the big social media platforms remodeling our society each day under our noses at our expense.
but hey this is not new. the internet police is just tring to make you think it is and spend 9.99$ a month for a vpn lol
good luck.
Click to expand...
Click to collapse
Oy vey! Thank you very much for yor contribution. It is very much appreciated and I see what you are saying.
AndroidUser00110001 said:
I just stopped using as many Google apps as I can and switched over to MS Office apps and use Samsung services where I can too...
Click to expand...
Click to collapse
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?
Nonetheless, what are some good and viable alternatives to Google and optimally "securing" one's device (taking everything bober10113 has said).
michel5891 said:
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?
Click to expand...
Click to collapse
Like the other poster said, I gave up on worrying about privacy. I made the switch for other reasons and privacy was down on the list...
I just do not like what Goolge has been doing lately, especially blocking ad blockers soon in Chrome so I switched to MS Edge on Android and the Chromium version of Edge for desktop and the rest of the apps just followed through. I am seeing how the switch works for myself and if all goes well I will switch back to MS for the small company I work for.
I gave up on Gmail, Google Drive and all their office apps so far and I stopped using Nexus/Pixel phones for the first time in 10 years. I started with the S9+ which I enjoyed for a couple of months and then got a Note9 during a holiday special and now I cannot wait for the Note10.
Privacy is what it is nowadays... We should all own our data and if we choose to let be used as companies are doing now then we should get a slice of all the money being made but I doubt it will ever get to be something like that.
michel5891 said:
How has this been working out for you? What are your thoughts on Samsung's and Microsoft privacy policies etc?
Click to expand...
Click to collapse
I wouldn't think that they are any better than Google's. Majority of the companies out there that are international had to adhere to the EU rules of privacy, so a lot of them have adopted those standards. NOT ALL OF THEM. That's why all of a sudden you are getting new agreements from all the major companies that touch each section of land on the world.
I still don't trust any of them even to that point.
This is morbid. I have been thinking a lot more about death, debt, privacy and such, and I have come to the conclusion that I honestly don't care about my own anymore because it has been stolen, including my wife's. Future children though, I worry about them because you don't even have to mention their name on the internet and somehow every major company knows about them.
Ever had a conversation with someone without actually looking something up on the web, and then a day or two later Google and other ads start showing things concerning what you were talking about to someone in person? Yeah, it has happened to me numerous times now I can't even count anymore.
Jammol said:
Ever had a conversation with someone without actually looking something up on the web, and then a day or two later Google and other ads start showing things concerning what you were talking about to someone in person? Yeah, it has happened to me numerous times now I can't even count anymore.
Click to expand...
Click to collapse
YES!!! I noticed this a few months ago. My wife and I were talking about some random subject and BAM there it was in my Google discovery feed.
I mentioned that to her and she thought I was crazy until it happened again.
My friend was over last week, he mentioned something about a car he is fixing up and once again in my Google feed...
*EDIT*
I am not going to go as far as saying they are listening because my wife did say she looked up what we were talking about later on that day on her phone so I am guessing it is more GPS based then Google listening to give them the benefit of doubt for now. I need to ask my friend if he searched anything while here...
You want to De-Google your phone? Sell it and don't get an Android phone. Don't get an iPhone, either. In fact, get one of those huge car phones from the 80s. I can't add really anything that hasn't been said, other than some slight humor, but again, if you want privacy, stay off the internet.
AndroidUser00110001 said:
YES!!! I noticed this a few months ago. My wife and I were talking about some random subject and BAM there it was in my Google discovery feed.
I mentioned that to her and she thought I was crazy until it happened again.
My friend was over last week, he mentioned something about a car he is fixing up and once again in my Google feed...
*EDIT*
I am not going to go as far as saying they are listening because my wife did say she looked up what we were talking about later on that day on her phone so I am guessing it is more GPS based then Google listening to give them the benefit of doubt for now. I need to ask my friend if he searched anything while here...
Click to expand...
Click to collapse
This is what I'm trying to prevent. Exactly the same thing had happened to me. We were simply discussing an AC unit; never looked it up or mentioned the name of it and the exact make and model in the room we were in showed up.
michel5891 said:
This is what I'm trying to prevent. Exactly the same thing had happened to me. We were simply discussing an AC unit; never looked it up or mentioned the name of it and the exact make and model in the room we were in showed up.
Click to expand...
Click to collapse
Yeah it's super duper creepy. Funny thing is since I refreshed my Note 9 up to PIE, I haven't given assistant or google search any permission to use my microphone and I don't even have them setup!
this might help:
https://support.google.com/websearch/answer/6030020?co=GENIE.Platform=Android&hl=en
turn voice activity off. also check your history to see if it has any recording...
Some may feel "targeted" by this thread. I don't really care, though. I feel it was necessary to post this.
Imagine buying a phone meant for Chinese market, and then whining and moaning on XDA forums about some features (Google Play) - that are meant for the GLOBAL market, i.e NOT China- not working properly.
People buy this phone for its cameras. Everything-Google being wonky on China phones (again, phones meant for the CHINA MARKET) is nothing new. And no, it's not just Vivo phones.
If you didn't know that, well... sucks to suck, I guess?
You didn't do [enough] research prior to purchasing, and now you are venting on the forums. Cool, but I'm pretty sure nobody wants to read your bs complaints.
It's kinda like buying a Blu-Ray disc from another region and then whining online that it doesn't work on your player. Get how stupid you sound yet? Vivo never released this particular model for the global market. It's China only, for the time being, at least. You can import it of course, but at your own risk. And that's exactly what some of you don't seem to understand. Somehow you feel entitled to your non-global phone having perfect Google Play functionality. Ridiculous.
If Vivo decides to improve the functionality of Google features on the X90 Pro+, good! They don't have to, though.
If they decide to absolutely do nothing about it, oh well. Again, they don't have to do anything. We'll try to find workarounds.
Do you understand what I'm saying to you right now?
When a China citizen purchases a phone in their country, there's zero Google stuff pre-installed on that phone. And guess what, the large majority of people in China DON'T install Google stuff, EVER. Because they don't need it. Google is not used in China. They have their own search engines etc.
We are here to help each other, find workarounds to problems. That's what these forums are for. Think twice before making a post whining and bashing brands, because it's very likely that your complaints are completely invalid.
Thanks for reading.
{Mod edit: Inappropriate language edited. Oswald Boelcke}
jericho246 said:
Some may feel "targeted" by this thread. I don't really care, though. I feel it was necessary to post this.
Imagine buying a phone meant for Chinese market, and then whining and moaning on XDA forums about some features (Google Play) - that are meant for the GLOBAL market, i.e NOT China- not working properly.
People buy this phone for its cameras. Everything-Google being wonky on China phones (again, phones meant for the CHINA MARKET) is nothing new. And no, it's not just Vivo phones.
If you didn't know that, well... sucks to suck, I guess?
You didn't do [enough] research prior to purchasing, and now you are venting on the forums. Cool, but I'm pretty sure nobody wants to read your bs complaints.
It's kinda like buying a Blu-Ray disc from another region and then whining online that it doesn't work on your player. Get how stupid you sound yet? Vivo never released this particular model for the global market. It's China only, for the time being, at least. You can import it of course, but at your own risk. And that's exactly what some of you don't seem to understand. Somehow you feel entitled to your non-global phone having perfect Google Play functionality. Ridiculous.
If Vivo decides to improve the functionality of Google features on the X90 Pro+, good! They don't have to, though.
If they decide to absolutely do nothing about it, oh well. Again, they don't have to do anything. We'll try to find workarounds.
Do you understand what I'm saying to you right now?
When a China citizen purchases a phone in their country, there's zero Google stuff pre-installed on that phone. And guess what, the large majority of people in China DON'T install Google stuff, EVER. Because they don't need it. Google is not used in China. They have their own search engines etc.
We are here to help each other, find workarounds to problems. That's what these forums are for. Think twice before making a post whining and bashing brands, because it's very likely that your complaints are completely invalid.
Thanks for reading.
{Mod edit: Inappropriate language edited. Oswald Boelcke}
Click to expand...
Click to collapse
Good job buddy. A post like this was long overdue even when it should be mandatory to search and read before importing a chinese device.
I don't have any issues, notifications arrive in time, etc.
If you have any issues or do you work and research or just get another phone
Before google was blocked by the chinese governement - it was widely used. Still many people use google via VPN.
But yes - google apps that require to be system apps like Android Auto or Google assistant will never work on a China OS phone that has no root. Becasue the Chinese government doesn't allow google to be used.
This is not about what Chinese user wants, but what the CCP dictates.
Also spyware going crazy (you can check with Rethink DNS how many connections are built up to Chinese servers all the time) to fulfill the CCP data hunger is something immiment to any China OS phone. Yes that includes apple phones sold in China (or maybe even global ones activated in China) or any other phone officially sold in China, else it would not be allowed to be sold.
There are plenty more issues than just google when buying a China OS phone - and most sites mentioning shortcomings do not mention them.
A good clue of what the Vivo phone spyware will likely collect can be to read reports about Feng Cai or BXAQ:
https://7asecurity.com/reports/analysis-report_bxaq.pdf
e.g.: All calendar entries, phone contacts, country codes and dialed numbers;
All stored text messages (SMS);
All information accessible for various installed apps + an MD5 hash of the app;+
Well said.
I'm super happy. I just hope to be able to add a card to Google wallet and I can't ask for more in a phone. Got over my initial disappoint about that issue as I can just use my actual card.
Camera is a photographer's dream and everything is so fast and smooth.
The Chinese can spy all they want as I'm in the UK with no relation to China. Could. Not. Care. Less
Haskren said:
The Chinese can spy all they want as I'm in the UK with no relation to China. Could. Not. Care. Less
Click to expand...
Click to collapse
Weill it could actually be much worse - it's really not unlikely the Chinese government has superuser access on all China OS phones. They used to do this with an app, but it would be much easier for them to do this with inbuilt tools:
https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html
This way it cannot be discovered easily at all like with the app they used to.
Implications of this - oh but I have absolutely nothing to worry are stupid in my eyes. How do you know the Chinese government doesn't have data breaches? The data that is known about you - would be easily enough to destroy your finances. There have been breaches in China and chinese users were financially harmed by data breached. As a foreigner you are less likely target but that data could be easily sold.
Any website offering pay services now has to secure itself from card scanning, because credit card numbers aren't expensive to buy anymore (usually missing CVC - sometimes with CVC ) those credit cards come usually from data breaches (and yeah a shop doesn't see the full credit card number - so it's not the shop that breached that data).
e.g. the vivo secure keyboard. I mean how do you know your credit card number doesn't end up in China when using it? It's enabled by default... I would not trust it a dime.
The past has shown problems already on greater scale, google up XcodeGhost and Tencent...
here it comes, another thread blocked by this guy.
If your so afraid if getting your data leaked just don't use Internet. Don't leave your house cause ur neighbours will leak your position aswell. If you're so afraid of the Chinese, just buy another Smartphone.
extremecarver said:
Weill it could actually be much worse - it's really not unlikely the Chinese government has superuser access on all China OS phones. They used to do this with an app, but it would be much easier for them to do this with inbuilt tools:
https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html
This way it cannot be discovered easily at all like with the app they used to.
Implications of this - oh but I have absolutely nothing to worry are stupid in my eyes. How do you know the Chinese government doesn't have data breaches? The data that is known about you - would be easily enough to destroy your finances. There have been breaches in China and chinese users were financially harmed by data breached. As a foreigner you are less likely target but that data could be easily sold.
Any website offering pay services now has to secure itself from card scanning, because credit card numbers aren't expensive to buy anymore (usually missing CVC - sometimes with CVC ) those credit cards come usually from data breaches (and yeah a shop doesn't see the full credit card number - so it's not the shop that breached that data).
e.g. the vivo secure keyboard. I mean how do you know your credit card number doesn't end up in China when using it? It's enabled by default... I would not trust it a dime.
The past has shown problems already on greater scale, google up XcodeGhost and Tencent...
Click to expand...
Click to collapse
Everybody knows this happens with chinese phones , nothing new .Why have you bought one ? I mean you were aware Vivo its a chinese company , right ?
vendetta17 said:
Everybody knows this happens with chinese phones , nothing new .Why have you bought one ? I mean you were aware Vivo its a chinese company , right ?
Click to expand...
Click to collapse
That's simply not the case. So far phones produced in China for global market spy much less than phones produced for China. Because even Iphone produced for China or Samsung produced for China will have to comply with the Chinese government orders on receiving the content of all messages, a list of all phone calls and more data (maybe even all call content).
There is a difference between China OS phone and Chinese global phone - and most people do NOT know this.
And then - as long as there is no sticky for China OS phones listing exactly what google services are unreliable (like google wallet) and which don't work (e.g. Android Auto, google Assistant, Google Backup, Google Location History) or restrictions like very hard to exchange system launcher - and if you do you receive a notice that you have to click away (but not click on it) every reboot or every few days - most people simply aren't aware of all the problems.
I haven't seen a single review of the X90 Pro+ listing all the missing google services - on the contrary the say it's easy to install google playstore and everything works (notebookcheck) - showing that they clearly never used the phone as daily driver (but 90% of the readers will not know this!) to XDA review mentioning only Android auto and okay google not working (that way you believe the rest - including conversation with google assistant does work) or Chinahandys.net which goest the furthes but still misses some points - however does explain to remove vivo.pem (single review ever mentioning this) if you want to receive notifications - but still misses out on location history and google backup.
If the reviews all mentioned the above problems, then much less people would buy China OS phones in first place, and then it really would be justified saying don't vent about google stuff not working. But the fact is that the reviews all miss this. Even more they often tell you that you can just flash the global firrmware (in case of Xiaomi) - though with Xiaomi 13 for example this has become super complicated, and very easy to brick your phone while doing so.
That goes so far that Trading Shenzen advertises google wallet working - and I still think it's possible to get it to work so far on every phone - and people just not having the right framework installed - but there is no guarantee whatsoever it will continue to work with Android 14.
Same for updates - all the reviews mention either the global update policy which doesn't apply, or like chinahandys saying no guarentee but 2-3 years of updates including major android versions - which again ist not true - because e.g. Vivo X70 Pro+ never got Android 12, and very likely a single major updgrade - Android 13 - and very very delayed security patches (and as long as you use Android - those patches are essential - they have nothing to do with google itself).
Many people buying the X90 Pro+ come from Huawei P30 Pro or even Mate 20 Pro - those had really good / reliable software with the caveat of course of being stuck with Android 10 due to the Huawei ban. However no single other Chinese brand ever got close to the Huawei software quality...
And no - I wasn't aware of most of those points - before buying - because no damn review mentions them! And I thought chinese phones = China OS chinese phones when it comes to spyware (similar to bloatware ). But this is simply not the case. I didn't know that the China spyware costs a lot of battery life (see identical phones on dxomark or gsmarena battery tests - with the China OS version usually having 7-15% less battery life, espcially standby much shorter!)
And youtube reviews are even worse - they usually mention no single point at all of the above.
jericho246 said:
Some may feel "targeted" by this thread. I don't really care, though. I feel it was necessary to post this.
Click to expand...
Click to collapse
I stopped reading here.
When a company advertises that the phone they sell will work 100% with Google Payment applications and banking apps which require secure/high integrity. Then when I pay them for that phone, I expect these things to work. When it doesn't work, I demand compensation. That's fair, that's life.
Honestly threads and posts like this belong on Reddit where you can scream into the void at your own expense and because you literally have nothing else better to do. I for one have better things to do.
Writing a long-winded rant that no one who values their time is going to read really tells more about yourself than it does about the people you have directed this thread at. Here's your free bump. But I'll make sure to ignore all of your posts going forward. I suggest others do the same.
EDIT: I got a 15% refund of my 512GB Vivo X90PP, because it doesn't pass SatfetyNet. That brings the price down to just under 850€ for me. Also this will likely be fixed in the next software update, as the trial/beta update has Google Pay working for everyone on XDA who has tested it so far.
So partial refund + working on next update. So I guess the joke is on you for not having done your own research. Clearly I did mine.
luontokoodaus said:
I stopped reading here.
When a company advertises that the phone they sell will work 100% with Google Payment applications and banking apps which require secure/high integrity. Then when I pay them for that phone, I expect these things to work. When it doesn't work, I demand compensation. That's fair, that's life.
Click to expand...
Click to collapse
Aight, you sound upset (for no good reason), so let's get this over with quick. Show me where Vivo actually stated that the Vivo X90PP supports "Google Payment applications".
I'll save you the trouble; you can't, because they never advertised it. Google is never mentioned anywhere.
Now if you are talking about resellers like Wonda Mobile or Trading Shenzhen, then your issue is with them, not Vivo.
Greetings to all. Just a friendly reminder about XDA Rule 2.3:
2.3 Flaming / Lack of respect: XDA is about sharing and this does not involve virtual yelling (flaming) or rudeness. Flaming or posting with a lack of respect is unacceptable. Treat new members in the manner in which you would like to have been treated when you were a new member. When dealing with any member, provide them with guidance, advice and instructions when you can, showing them respect and courtesy. Never post in a demanding, argumentative, disrespectful or self-righteous manner.
Click to expand...
Click to collapse
While everyone is entitled to post their opinion, we ask only that you do so in a polite and respectful manner, or not at all. So let us please leave the name calling out
of it shall we. Thank you.
-Regards: Badger50