Related
"If you find yourself with a Samsung Galaxy S device, and you’re branded by Vodafone, you may want to think twice about upgrading any software. Apparently, Vodafone has begun terminating the carrier warranty of the device, if users install “unapproved” software upgrades to their devices. That means, even if you upgrade to the latest version of Android, no matter how small the update, and you didn’t get it specifically from Vodafone, they won’t do anything for you in their stores."
http://androidcommunity.com/vodafon...if-not-on-carrier-approved-firmware-20100823/
I guess that's one reason to not use Kies if you are on Vodafone. Seriously, I think this is a terrible policy, it's trying to do more than just get people to not root and install custom firmware. It's not trying to prevent them from downloading beta software. It's trying to force them into carrier branded bloatware with potentially crippled features and, in the process, delaying updates.
For all those who wonder why Kies does software upgrades through Kies, it's for precisely these reasons, some carriers will do all they can to stand in the way of an upgrade. I know some may stick up for the carrier and say they need to do network testing and yada yada, but seriously, when looking at the networks themselves there are reasons why some networks delay the mess out of updates while others just seem to flow through like water after they are announced.
And personally, to me, I don't know if this in their original terms of sale, but this is something that if it weren't there I'd be looking to get out of my contract if I could get the same phone on a competing network at the same price. This is nearly a deal breaker, when the Galaxy S & Android are pushing features that some carriers wont want or will want to charge extra for. I want the carrier as far away from my software as possible and this is a policy to support.
deleted.....
http://pocketnow.com/android/vodafone-blocks-samsungs-update-efforts-on-galaxy-s
FTA: Update: According to Vodafone UK, the update will not void your warranty. Glad the issue has been clarified and the confusion is due to the fact that the JM1 update in question originated from Samsung rather than from Vodafone.
Thanks for the update, but...
Rawat said:
http://pocketnow.com/android/vodafone-blocks-samsungs-update-efforts-on-galaxy-s
FTA: Update: According to Vodafone UK, the update will not void your warranty. Glad the issue has been clarified and the confusion is due to the fact that the JM1 update in question originated from Samsung rather than from Vodafone.
Click to expand...
Click to collapse
Reading that story, it seems there is still an open and unresolved issue going forward.
"the update will not void your warranty" is definitely not the same as saying all official Samsung updates will not void your warranty. It definitely, from this quote and the source article, sounds like they will do this somewhat on a case-by-case basis. Meaning, should they decide at any point in time due to network traffic caused by included software to not support an update and/or lots of extra warranty claims (let's say it's just bad software and runs the processor too hard and too much and the phone just melts ) they may say "We never supported update X - build Y".
For now it sounds like this will be a rare, if ever occuring, but the potential is there. I guess it's a dead issue...for now...
Read the article below.
Some might argue why T-Mobile and Sprint version N3 is unlocked that's because of their network coverage. If you do little research you will find that most of the giant firms use either Verizon or At&t for their employees. This now confirms how Saamy is forgetting about us and mostly putting their focus on giant firms. Give me your point and lets see where this goes.
TechnoBuffalo said:
Samsung already has a firm grip on the consumer smartphone market, but the enterprise sector is a completely different ballgame. So in an effort to put businesses at ease and gain a larger corporate following, the Korean company this year officially unveiled a new mobile security system called Knox. With so many Samsung devices available, the company certainly has the potential to make inroads at some big firms around the world—only, a new report from The Wall Street Journal suggests Knox has been full of bugs and delays, annoying some big clients.
One of Samsung’s clients, the U.S. Defense Department, has allegedly become frustrated by Samsung’s Knox system, leading to some internal strife among the Samsung brass; the company is supposedly hard at work bringing Knox back into 100 percent shape. With BlackBerry ailing—enterprise market share has reportedly fallen from 68 percent in 2010 to 5.4 percent today—Samsung certainly has an opportunity to fill that void. There’s still the stigma of Android to contend with, however, making Apple’s iOS a more appealing option.
According to WSJ, “many corporate tech administrators widely perceive its smartphones, which run on Google Inc.’s open-source Android operating system, as being more prone to viruses and easier to hack than Apple Inc.’s iOS and BlackBerry proprietary software.” Fixing that perception has become one of Samsung’s top priorities, WSJ added.
Knox essentially gives corporate tech admins complete control over their employees’ Samsung device or devices. Handsets can remotely be shut down, company data cordoned off, and alerts can be set if a device’s code has been tampered with—all excellent features for sensitive corporate data. But if those promised features aren’t working as advertised, especially for a customer such as the U.S. Defense Department, Samsung could lose its small portion of the enterprise market pretty quick.
One source admitted that Samsung isn’t a service business, which is why it’s experiencing so many issues. “Creating this new organization that specializes in selling software and services, that took us longer than expected,” the source said. Over the course of 2013, Samsung repeatedly assured potential clients Knox would be ready, and even come preloaded on the Galaxy S4. It didn’t wind up coming preloaded on a Samsung devices until the Note 3 hit a few months back.
Deployment thus far has been slow while Samsung works through the issues. But if those issues don’t get patched up, the company’s big enterprise push could fall flat. One BlackBerry exec said of Knox, “[It] can potentially pose threats to enterprises.” With the consumer market locked up, definitely not the start to enterprise life that Samsung would have wanted.
Click to expand...
Click to collapse
http://www.technobuffalo.com/2013/1...rogram-running-into-major-issues-says-report/
I would agree. Sounds right and does make sense!
Sent from my Nexus 7 using Tapatalk
Does make sense until you wonder why other carriers have the bootloader unlocked. Unless those people saying the bootloader is unlocked they mean it has been unlocked by a hack.
Delakit said:
Does make sense until you wonder why other carriers have the bootloader unlocked.
Click to expand...
Click to collapse
85% of the Fortune 1K in the U.S. are on VZW and AT&T.
Im nkt sure this really explains why AT&T's bootloader is locked. This article discusses the issues with Knox, something that is present in the VZW Note 3 but missing from the ATT version. If the bootloader is locked due to trying to attract enterprise business then why would Knox (the container application) be missing from our version of the phone? Even if Knox is being wonky it still should have been included if they were going after the enterprise market.
AT&T Samsung Galaxy Note 3 stock rooted with changes by Wanam
Samsung Galaxy Note 10.1 GT-N8013 rooted w/Hyperdrive RLS6
This…..
Sent from my Nexus 7 using Tapatalk
---------- Post added at 05:45 PM ---------- Previous post was at 05:44 PM ----------
BarryH_GEG said:
85% of the Fortune 1K in the U.S. are on VZW and AT&T.
Click to expand...
Click to collapse
HappyPessimist said:
Im nkt sure this really explains why AT&T's bootloader is locked. This article discusses the issues with Knox, something that is present in the VZW Note 3 but missing from the ATT version. If the bootloader is locked due to trying to attract enterprise business then why would Knox (the container application) be missing from our version of the phone? Even if Knox is being wonky it still should have been included if they were going after the enterprise market.
AT&T Samsung Galaxy Note 3 stock rooted with changes by Wanam
Samsung Galaxy Note 10.1 GT-N8013 rooted w/Hyperdrive RLS6
Click to expand...
Click to collapse
This and this....
Sent from my Nexus 7 using Tapatalk
HappyPessimist said:
Im nkt sure this really explains why AT&T's bootloader is locked. This article discusses the issues with Knox, something that is present in the VZW Note 3 but missing from the ATT version. If the bootloader is locked due to trying to attract enterprise business then why would Knox (the container application) be missing from our version of the phone? Even if Knox is being wonky it still should have been included if they were going after the enterprise market.
AT&T Samsung Galaxy Note 3 stock rooted with changes by Wanam
Samsung Galaxy Note 10.1 GT-N8013 rooted w/Hyperdrive RLS6
Click to expand...
Click to collapse
Not sure where you got your ATT N3 from, but mine has KNOX and it is a 900A like the others here. You can even look at running apps and see KNOX listed. you can also go into the upload menu and see the KNOX status.
It depends on Sammy's customer base spread. If the majority are suits, Sammy loses very little by losing the nerd market. But if the majority are teen-agers texting their BFF, Sammy is going to see that a little bad press in the Blogosphere goes a LONG way. The under-21 set will believe a blog stating that the Martians have landed faster than they'll believe the WSJ that the big yellow ball in the sky is the sun.
We'll just have to wait and see, but if Sammy keeps welding these things shut, a lot of ROM builders are going to be building non-Sammy ROMs. And a lot of people will put up with the Sprint dead spots rather than be treated like numbers by Big Red.
Since my crystal ball battery is dead, all I can do is make wild guesses.
Solarenemy68 said:
Not sure where you got your ATT N3 from, but mine has KNOX and it is a 900A like the others here. You can even look at running apps and see KNOX listed. you can also go into the upload menu and see the KNOX status.
Click to expand...
Click to collapse
I'm talking abiut the Knox container. The other variants of the Note 3 had a Knox app of sorts that acts as a container for more sensitive information. See this thread-
http://forum.xda-developers.com/showthread.php?t=2470278&page=8
AT&T Samsung Galaxy Note 3 stock rooted with changes by Wanam
Samsung Galaxy Note 10.1 GT-N8013 rooted w/Hyperdrive RLS6
Can't quote the guy above for some reason but I don't see KNOX running anywhere on my phone.
HappyPessimist said:
I'm talking abiut the Knox container. The other variants of the Note 3 had a Knox app of sorts that acts as a container for more sensitive information. See this thread-
http://forum.xda-developers.com/showthread.php?t=2470278&page=8
AT&T Samsung Galaxy Note 3 stock rooted with changes by Wanam
Samsung Galaxy Note 10.1 GT-N8013 rooted w/Hyperdrive RLS6
Click to expand...
Click to collapse
KNOX container most certainly works on 900A.
Quick question for everyone here...
Do you think that filing complaints with government agencies over the locked bootloader issue might be an effective route for seeking change? Consider that when complaints were filed against them for blocking FaceTime on their network, the groups that filed those complaints did achieve a limited measure of success.
I would envision that the complaint could look as follows:
1. Denying users root access to their own phones and locking the phone's bootloader prevents access to all features of some software packages. (e.g. Titanium Backup)
2. Some of the packages that AT&T effectively blocks through these policies (i.e. Titanium Backup) compete with software they offer. (e.g. AT&T Locker)
3. Ergo, AT&T seeks to obtain an unfair competitive advantage over other applications through its behavior.
I also wonder if it would be possible to argue that AT&T is knowingly selling defective phones through its policy of locking the bootloader. I'm sure we can all point out many bugs in the stock firmware which have been addressed by custom ROMs. An argument could be made that AT&T's action of preventing custom ROMs from being installed is forcing its customers to use materially defective equipment - it's just a question of whether or not an agency could be convinced of this amidst AT&T's "greasing of the palms" to quiet complaints against them.
now i'm clearly understand
Unless the private key slips, or if people don't care about warranty (in about 10 months ) the bootloader won't be unlocked.
Personally, I think this allows for more inventive solutions to processes which have become so routine we expect them to work on every phone. RDLV for example. The Kn0x0ut script. My MJ5 Recovery methods -- all include unique techniques to catch up to the level of security ATT/Samsung has surprised us with.
This process, of course, is cyclical. Both sides have an opportunity to gain here and I welcome it!
evilpotatoman said:
Unless the private key slips
Click to expand...
Click to collapse
If I only worked for Samsung in a capacity to help...
evilpotatoman said:
or if people don't care about warranty (in about 10 months )
Click to expand...
Click to collapse
Hopefully we don't have to wait that long for it... I'm almost ready to purchase a Note 3 from TMO just to have an unlocked bootloader. If I could get a new one locally for around $500 this weekend I probably would. (Just got the Note 3 this week so I'm still within my 14 day return period with ATT.)
evilpotatoman said:
Personally, I think this allows for more inventive solutions to processes which have become so routine we expect them to work on every phone. RDLV for example. The Kn0x0ut script. My MJ5 Recovery methods -- all include unique techniques to catch up to the level of security ATT/Samsung has surprised us with.
Click to expand...
Click to collapse
I'm glad you and others enjoy the challenge presented by AT&T's greed, and am thankful for each of you and the hours you spend trying to figure out how to remove or bypass the artificially created limitations and restrictions on our devices.
In my opinion, limitations like locked bootloaders are material defects, and should be treated as such by government. Once one enters into a contract with the wireless provider, the phone is yours as long as you continue to abide by the terms of the contract (on time payments, staying within acceptable use policies). As such, one should be free and clear to modify the phone in any way - as long as expectations of service and support are diminished appropriately for "non standard configurations". No carrier should be allowed to lock bootloaders or otherwise take measures to prevent users from rooting their devices.
rooted_1 said:
Quick question for everyone here...
Do you think that filing complaints with government agencies over the locked bootloader issue might be an effective route for seeking change? Consider that when complaints were filed against them for blocking FaceTime on their network, the groups that filed those complaints did achieve a limited measure of success.
I would envision that the complaint could look as follows:
1. Denying users root access to their own phones and locking the phone's bootloader prevents access to all features of some software packages. (e.g. Titanium Backup)
2. Some of the packages that AT&T effectively blocks through these policies (i.e. Titanium Backup) compete with software they offer. (e.g. AT&T Locker)
3. Ergo, AT&T seeks to obtain an unfair competitive advantage over other applications through its behavior.
I also wonder if it would be possible to argue that AT&T is knowingly selling defective phones through its policy of locking the bootloader. I'm sure we can all point out many bugs in the stock firmware which have been addressed by custom ROMs. An argument could be made that AT&T's action of preventing custom ROMs from being installed is forcing its customers to use materially defective equipment - it's just a question of whether or not an agency could be convinced of this amidst AT&T's "greasing of the palms" to quiet complaints against them.
Click to expand...
Click to collapse
Hmmm...
That actualy sounds like legit reasons!
Does AT&T sell the developer edition like Verizon?
I so want to come back to AT&T but had to jump ship to VZE because they had SafeStrap. How much I hate Verizon! They used to have best signal in town. Now its no better than Sprint.
Anyways back on topic. That seems like reasonable pitch. Where do we / you file that complaint? FCC? FTC?
Why not offer a corporate version? If you want to use it at work, you never have the corporate locked bootloader.
They could even make it a ROM update accessible by corporate accounts.
Sent from my SAMSUNG-SM-N900A using xda app-developers app
designgears said:
KNOX container most certainly works on 900A.
Click to expand...
Click to collapse
I'm sure it works on the 900A, but I think he meant it's not on there by default for the 900A AT&T variant. Do you have an apk for it?
scrosler said:
Hmmm...
That actualy sounds like legit reasons!
Anyways back on topic. That seems like reasonable pitch. Where do we / you file that complaint? FCC? FTC?
Click to expand...
Click to collapse
I filed a complaint with the FCC the other week using the precise argument I suggested above. Of course, I've yet to hear anything from them. If it's anything like the net neutrality complaints I filed against AT&T years ago, the FCC will forward the comment along to AT&T and the company will provide a written response back to both me and the agency in a couple months.
I'm also wondering if there would be any sort of way to get the FTC involved in this as well, by making an argument that AT&T is knowingly selling defective devices, refusing to fix the defects in a timely manner (by releasing new versions of Android, quicker), and preventing users from fixing the defects on their own (by locking the bootloader). I'm sure that there's a plethora of issues with 4.3 and TouchWiz and Knox that could be pointed out... the least of which would be the constantly-nagging security error notification that shows up every time one uses WiFi on a stock phone.
I'm generally not a big fan of big government, but this is one exception. The more government agencies we can legitimately engage with valid points, the more effort that AT&T has to put into defending its decision to only market phones with locked bootloaders. If enough agencies get involved from enough angles with reasonable and logical arguments, there *may* come a time at which AT&T decides that it's not worth the effort. They obviously feel that some economic benefit come from their decision. The trick is to create the perception that the economic benefit they gain from locked bootloaders is outweighed by the ill will and cost of participation in government inquiries they bear. There's only a slim chance that this will work, but I'm willing to take a few minutes to file complaints and let the wheels of our government agencies churn. After all, isn't that what they're there for?
rooted_1 said:
I filed a complaint with the FCC the other week using the precise argument I suggested above. Of course, I've yet to hear anything from them. If it's anything like the net neutrality complaints I filed against AT&T years ago, the FCC will forward the comment along to AT&T and the company will provide a written response back to both me and the agency in a couple months.
I'm also wondering if there would be any sort of way to get the FTC involved in this as well, by making an argument that AT&T is knowingly selling defective devices, refusing to fix the defects in a timely manner (by releasing new versions of Android, quicker), and preventing users from fixing the defects on their own (by locking the bootloader). I'm sure that there's a plethora of issues with 4.3 and TouchWiz and Knox that could be pointed out... the least of which would be the constantly-nagging security error notification that shows up every time one uses WiFi on a stock phone.
I'm generally not a big fan of big government, but this is one exception. The more government agencies we can legitimately engage with valid points, the more effort that AT&T has to put into defending its decision to only market phones with locked bootloaders. If enough agencies get involved from enough angles with reasonable and logical arguments, there *may* come a time at which AT&T decides that it's not worth the effort. They obviously feel that some economic benefit come from their decision. The trick is to create the perception that the economic benefit they gain from locked bootloaders is outweighed by the ill will and cost of participation in government inquiries they bear. There's only a slim chance that this will work, but I'm willing to take a few minutes to file complaints and let the wheels of our government agencies churn. After all, isn't that what they're there for?
Click to expand...
Click to collapse
Thank you for doing this..
I feel the only way we will ever be heard is to start a Samsung boycott petition. Even if those who sign the petition has no plans to truly boycott Samsung, the negative publicity and the potential for consumers to boycott them would be a huge risk in Samsung eyes. Imagine if we had 10k users signed the boycott petition because of the bloatware & locked bootloader. Samsung could care less about the 10k consumers but the word of mouth from those consumer could equal millions. Samsung might not officially release an unlock bootloader but might allow leaks to occur to keep us quiet. If one website picked up the story about Samsung boycott petition, Samsung would do everything in their power to correct or fix the problem. Due to carrier restrictions and request they would have to come up with clever ways or do what htc does and allow you to unlock your phone on their site with a code.
I haven't posted on XDA for a while, but recently my friend purchased a Verizon Motorola G for himself and couldn't find a way to unlock the bootloader.
Being *that* kind of friend and all, I did a bit of research and discovered this:
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html
I was curious if this exploit was still viable, so I quickly captured the latest OTA update of the Verizon Moto G firmware and started IDA...
Amazingly, although the exploitation method would have to be a little different due to changes in the TrustZone kernel,
the original arbitrary memory writing vulnerability still existed and could be exploited.
Code:
int __fastcall smc_vector(int code, int arg1, int arg2, int arg3, int alwaysZero)
{
.........
do
{
*(_DWORD *)(_R6 + 4 * v40) = dword_FC492C8[v40];
++v40;
}
while ( v40 < 4 );
.........
}
The only downside is that to perform said exploit, the smc call would have to execute in kernel context (i.e. kernel space).
Has anyone capitalized on said vulnerability yet and built a bootloader unlocker using this method, or do I have to get to work
and release my own ""exploit"" for this bug?
Or is there some other technical problem hindering the feasibility of all of this?
joshumax said:
I haven't posted on XDA for a while, but recently my friend purchased a Verizon Motorola G for himself and couldn't find a way to unlock the bootloader.
Being *that* kind of friend and all, I did a bit of research and discovered this:
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html
I was curious if this exploit was still viable, so I quickly captured the latest OTA update of the Verizon Moto G firmware and started IDA...
Amazingly, although the exploitation method would have to be a little different due to changes in the TrustZone kernel,
the original arbitrary memory writing vulnerability still existed and could be exploited.
Code:
int __fastcall smc_vector(int code, int arg1, int arg2, int arg3, int alwaysZero)
{
.........
do
{
*(_DWORD *)(_R6 + 4 * v40) = dword_FC492C8[v40];
++v40;
}
while ( v40 < 4 );
.........
}
The only downside is that to perform said exploit, the smc call would have to execute in kernel context (i.e. kernel space).
Has anyone capitalized on said vulnerability yet and built a bootloader unlocker using this method, or do I have to get to work
and release my own ""exploit"" for this bug?
Or is there some other technical problem hindering the feasibility of all of this?
Click to expand...
Click to collapse
SunShine will unlock the XT1028.
http://theroot.ninja
I was under the assumption that old exploits like this won't wouldn't work on the Moto G...you haven't tried this yet, correct?
d4rk3 said:
SunShine will unlock the XT1028.
http://theroot.ninja
Click to expand...
Click to collapse
I don't trust or like SunShine that much; nor does my friend have the money to purchase the app.
d4rk3 said:
I was under the assumption that old exploits like this won't wouldn't work on the Moto G...you haven't tried this yet, correct?
Click to expand...
Click to collapse
Old exploits probably won't work out-of-the-box with the Moto G, things have changed...however the code above was in the latest firmware revision of the Verizon Motorola G,
which to me means that theoretically a few smc calls could unlock the Motorola G for good.
And no, sadly I haven't tried this yet, but it still *should* be possible.
XT1028 not unlockable with Sunshine
Sunshine will only unlock Android 4.4.3 and earlier on the Moto G. Verizon pushed the 4.4.4 update out via OTA long before November when Sunshine released support for the Moto G. You would have had to have bought your Moto G earlier in the year and would have had to continually refuse OTA updates to use it. And I also have read some people saying the OTA update went ahead and automatically installed itself anyway despite the phone's owner saying no.
---------- Post added at 10:26 AM ---------- Previous post was at 10:07 AM ----------
joshumax said:
I don't trust or like SunShine that much; nor does my friend have the money to purchase the app.
Old exploits probably won't work out-of-the-box with the Moto G, things have changed...however the code above was in the latest firmware revision of the Verizon Motorola G,
which to me means that theoretically a few smc calls could unlock the Motorola G for good.
And no, sadly I haven't tried this yet, but it still *should* be possible.
Click to expand...
Click to collapse
I suspect this exploit is what the Sunshine developer used in Weaksauce 2.0. But that temproot program has only been written for the HTC. It does not work on the Moto G.
Statements by jcase several months ago claim there is no known exploit for 4.4.4 on the Moto G and that Sunshine 3.0 when it is released in January will not work for the Moto G.
I cannot believe jcase is unaware of this exploit, however. So this indicates to me that jcase deliberately lied a few months ago. My guess is that he has figured out that Verizon has been watching and reading his public statements on this forum, and he knows that Verizon is extremely slow at releasing updates, and he does not want them to rush out an OTA update before he gets Sunshine 3 shipped.
Hopefully that is the case, and hopefully Verizon does not consider YOU worth following, and does not rush an update for Lollipop out for the Moto G. before Sunshine 3 releases.
Otherwise you may have just scotched it for the rest of us.
joshumax said:
I don't trust or like SunShine that much; nor does my friend have the money to purchase the app.
Old exploits probably won't work out-of-the-box with the Moto G, things have changed...however the code above was in the latest firmware revision of the Verizon Motorola G,
which to me means that theoretically a few smc calls could unlock the Motorola G for good.
And no, sadly I haven't tried this yet, but it still *should* be possible.
Click to expand...
Click to collapse
We don't trust or like you, either. Also, that vuln in your OP is long patched and non-useful.
joshumax said:
I don't trust or like SunShine that much; nor does my friend have the money to purchase the app.
Click to expand...
Click to collapse
Yawn, it is safe, it works, and we are upfront about what we do.
joshumax said:
Old exploits probably won't work out-of-the-box with the Moto G, things have changed...however the code above was in the latest firmware revision of the Verizon Motorola G,
which to me means that theoretically a few smc calls could unlock the Motorola G for good.
And no, sadly I haven't tried this yet, but it still *should* be possible.
Click to expand...
Click to collapse
That vulnerability is confirmed patched in the MotoG, and has no chance of working. The "unlock function" in trustzone is disabled once fully booted.
tmittelstaedt said:
Sunshine will only unlock Android 4.4.3 and earlier on the Moto G. Verizon pushed the 4.4.4 update out via OTA long before November when Sunshine released support for the Moto G. You would have had to have bought your Moto G earlier in the year and would have had to continually refuse OTA updates to use it. And I also have read some people saying the OTA update went ahead and automatically installed itself anyway despite the phone's owner saying no.
Click to expand...
Click to collapse
That is true, and it sucks, but it still works on most out of box.
tmittelstaedt said:
---------- Post added at 10:26 AM ---------- Previous post was at 10:07 AM ----------
Click to expand...
Click to collapse
tmittelstaedt said:
I suspect this exploit is what the Sunshine developer used in Weaksauce 2.0. But that temproot program has only been written for the HTC. It does not work on the Moto G.
Statements by jcase several months ago claim there is no known exploit for 4.4.4 on the Moto G and that Sunshine 3.0 when it is released in January will not work for the Moto G.
I cannot believe jcase is unaware of this exploit, however. So this indicates to me that jcase deliberately lied a few months ago. My guess is that he has figured out that Verizon has been watching and reading his public statements on this forum, and he knows that Verizon is extremely slow at releasing updates, and he does not want them to rush out an OTA update before he gets Sunshine 3 shipped.
Hopefully that is the case, and hopefully Verizon does not consider YOU worth following, and does not rush an update for Lollipop out for the Moto G. before Sunshine 3 releases.
Otherwise you may have just scotched it for the rest of us.
Click to expand...
Click to collapse
Actually no, WeakSauce2 targets dmagent, like WeakSauce1, its almost identical in fact, is very specific to HTC and the vulnerability is original to research done by myself and @beaups.
I haven't lied about jack, and dont appreciate eluding that i was, even "to hide" from Verizon.
Common sense says this vulnerability is patched, as it is fairly old. Actual effort to look at the trustone proves this.
jcase said:
I haven't lied about jack, and dont appreciate eluding that i was, even "to hide" from Verizon.
Common sense says this vulnerability is patched, as it is fairly old. Actual effort to look at the trustone proves this.
Click to expand...
Click to collapse
No offense intended jcase but I have worked for software companies since 1990 (not as a developer - in accounting and later IT) and I have to believe that you don't quite really understand what you did with Sunshine.
As long as breaking root on phones was a hackers contest, and the exploit scripts were free, the phone companies and software companies didn't really give a damn about you or what you did or anything else that the security people came up with. They were fat, dumb, and happy and lazy and were contented to let Google and the manufacturer deal with security with minimal effort on their part.
The minute you started charging money, you became public enemy #1 to Verizon and any other carrier who wants to control their users. Because they know this - as long as the cracks are free the developers aren't going to have any incentive to wrap them in a slick wrapper that Ma and Pa Kettle can download, stick in a credit card number and click.
Once you start charging - why then you know (or will discover if you don't know already) that the revenue you get is directly proportional to how easy you make the package to run for Ma and Pa Kettle. And it really doesn't take a lot of extra work. For every 10% easier you make Sunshine to use, your going to see 1000% increase in revenue. Verizon knows this. Google knows this. Motorola knows this. And that is what scares them. Their goal right now is to shut you down. And they are gonna do it by doing whatever they can to break your stuff as quickly as possible.
Do you know how hard it is to find a cheap used Verizon Moto G nowadays off Ebay or someplace with 4.4.3 or earlier on it? Ever since November when you released support, Ebay has had a run on those phones. And Ebay is flooded now with Verizon Moto G's that have 4.4.4 on them and a bunch of panicked sellers who are doing whatever possible to make it hard for the buyers to determine what the Android version is.
A couple days after you released weaksauce2 the m8 sold out in every Verizon store in my city. Sold out - or recalled - or withheld, I don't know what.
Verizon and friends don't care about people like me who spend the hours of time on these forums to research to figure out what's what. They care about Pa Kettle who gets on Play Store, downloads an app and runs it and the app pops up a screen saying "you must root your phone to run this app" complete with an auto-installer that downloads and installs Sunshine and executes it for them. Pa Kettle is just going to fork over the $25 and think nothing of it and ca-ching there slips another phone out of the carriers control - a phone that can get ad-blocker loaded on it, a phone that can get that idiotic NFL garbage unloaded from it - a phone the carrier figures they have lost.
From their point of view you are stealing their customers. They don't care as much about the revenue from the wireless plan as they care about their ability to track their customers intimate buying habits and sell them to the highest bidder. They paid damn good money for the cost of the phone hardware so they could snare another mark to sell advertising to and you came along and flushed that money down the crapper with your software.
I guarantee to you there's been much discussion about Sunshine in the Verizon boardrooms. If your not lying now on these forums or at least being very evasive about what your working on, you should be. Their gunning for you.
That's a neat theory, but I can assure you the mfr's patch tactics have been no different with sunshine than they have been with our other (free) releases. Further, based on our sales #'s, I can assure you that sunshine has not caused any phones to sell out...its not like we have 1000's upon 1000's of sunshine sales. Lastly, your theory that "they don't care as much about the wireless plan revenue" is pure tin foil hat stuff.
I dont think you understand what I do, I work with carriers, OEMs and the like. I've trained some them, I go out to dinner with them, I've invited them to my home, I exchange christmas gifts with them, I have met their families. Their cell phone numbers are in my contacts list. I'm drinking my coffee from a cup one of them gave me, right now. When I am stuck, I've gone to them for help more than I can count. This is my industry, and these people are my friends. These people are not fat dumb or lazy. They care deeply about security, and work their butts off with the limited resources they have. The good ones engage the "hackers", and actually enjoy it. Many of them are on a skill level above and beyond myself.
I'm actually a firm believer they would rather see something packaged and sold, than out in the open, as it results in many times less people using it, as well as the time packaging it will stop or greatly slow down anyone trying to use the material for bad purposes (malware etc). Honestly, they probably don't care how something is distributed at all.
Verizon MotoG with 4.4.2 is is $65 at bestbuy and something like $75 at walmart, how do I know this, we bought many.
I've not lied nor been evasive, I've actually been more open on what I am doing with my time. We are working on 3.0 to add more support to HTC. These people know me enough to know they can ask what I am working on, and I give them a straight answer. More often than not, I will email the company who is responsible for what I find, and let them know before, or at release time when I release something. Often I will give them details and source code not public.
tmittelstaedt said:
No offense intended jcase but I have worked for software companies since 1990 (not as a developer - in accounting and later IT) and I have to believe that you don't quite really understand what you did with Sunshine.
As long as breaking root on phones was a hackers contest, and the exploit scripts were free, the phone companies and software companies didn't really give a damn about you or what you did or anything else that the security people came up with. They were fat, dumb, and happy and lazy and were contented to let Google and the manufacturer deal with security with minimal effort on their part.
The minute you started charging money, you became public enemy #1 to Verizon and any other carrier who wants to control their users. Because they know this - as long as the cracks are free the developers aren't going to have any incentive to wrap them in a slick wrapper that Ma and Pa Kettle can download, stick in a credit card number and click.
Once you start charging - why then you know (or will discover if you don't know already) that the revenue you get is directly proportional to how easy you make the package to run for Ma and Pa Kettle. And it really doesn't take a lot of extra work. For every 10% easier you make Sunshine to use, your going to see 1000% increase in revenue. Verizon knows this. Google knows this. Motorola knows this. And that is what scares them. Their goal right now is to shut you down. And they are gonna do it by doing whatever they can to break your stuff as quickly as possible.
Do you know how hard it is to find a cheap used Verizon Moto G nowadays off Ebay or someplace with 4.4.3 or earlier on it? Ever since November when you released support, Ebay has had a run on those phones. And Ebay is flooded now with Verizon Moto G's that have 4.4.4 on them and a bunch of panicked sellers who are doing whatever possible to make it hard for the buyers to determine what the Android version is.
A couple days after you released weaksauce2 the m8 sold out in every Verizon store in my city. Sold out - or recalled - or withheld, I don't know what.
Verizon and friends don't care about people like me who spend the hours of time on these forums to research to figure out what's what. They care about Pa Kettle who gets on Play Store, downloads an app and runs it and the app pops up a screen saying "you must root your phone to run this app" complete with an auto-installer that downloads and installs Sunshine and executes it for them. Pa Kettle is just going to fork over the $25 and think nothing of it and ca-ching there slips another phone out of the carriers control - a phone that can get ad-blocker loaded on it, a phone that can get that idiotic NFL garbage unloaded from it - a phone the carrier figures they have lost.
From their point of view you are stealing their customers. They don't care as much about the revenue from the wireless plan as they care about their ability to track their customers intimate buying habits and sell them to the highest bidder. They paid damn good money for the cost of the phone hardware so they could snare another mark to sell advertising to and you came along and flushed that money down the crapper with your software.
I guarantee to you there's been much discussion about Sunshine in the Verizon boardrooms. If your not lying now on these forums or at least being very evasive about what your working on, you should be. Their gunning for you.
Click to expand...
Click to collapse
jcase said:
I dont think you understand what I do, I work with carriers, OEMs and the like. I've trained some them, I go out to dinner with them, I've invited them to my home, I exchange christmas gifts with them, I have met their families. Their cell phone numbers are in my contacts list. I'm drinking my coffee from a cup one of them gave me, right now. When I am stuck, I've gone to them for help more than I can count. This is my industry, and these people are my friends. These people are not fat dumb or lazy. They care deeply about security, and work their butts off with the limited resources they have. The good ones engage the "hackers", and actually enjoy it. Many of them are on a skill level above and beyond myself.
I'm actually a firm believer they would rather see something packaged and sold, than out in the open, as it results in many times less people using it, as well as the time packaging it will stop or greatly slow down anyone trying to use the material for bad purposes (malware etc). Honestly, they probably don't care how something is distributed at all.
Verizon MotoG with 4.4.2 is is $65 at bestbuy and something like $75 at walmart, how do I know this, we bought many.
I've not lied nor been evasive, I've actually been more open on what I am doing with my time. We are working on 3.0 to add more support to HTC. These people know me enough to know they can ask what I am working on, and I give them a straight answer. More often than not, I will email the company who is responsible for what I find, and let them know before, or at release time when I release something. Often I will give them details and source code not public.
Click to expand...
Click to collapse
Is 5.0 or 5.0.2 going to get Pie or cfroot on xt1028 Verizon when it comes out?
cell2011 said:
Is 5.0 or 5.0.2 going to get Pie or cfroot on xt1028 Verizon when it comes out?
Click to expand...
Click to collapse
Neither
Won't it be rootable or boot loader unlocked ever? If not I'll sell it and get 1031 boost. Do you this 1031 will ever get lollipop?
jcase said:
I dont think you understand what I do, I work with carriers, OEMs and the like. I've trained some them, I go out to dinner with them, I've invited them to my home, I exchange christmas gifts with them, I have met their families. Their cell phone numbers are in my contacts list. I'm drinking my coffee from a cup one of them gave me, right now. When I am stuck, I've gone to them for help more than I can count. This is my industry, and these people are my friends. These people are not fat dumb or lazy. They care deeply about security, and work their butts off with the limited resources they have. The good ones engage the "hackers", and actually enjoy it. Many of them are on a skill level above and beyond myself.
I'm actually a firm believer they would rather see something packaged and sold, than out in the open, as it results in many times less people using it, as well as the time packaging it will stop or greatly slow down anyone trying to use the material for bad purposes (malware etc). Honestly, they probably don't care how something is distributed at all.
Click to expand...
Click to collapse
Your not working with the upper level execs. Your working with the lower level people who have no control over what their company does. Their upper execs tell them "make the phone so that we own it completely even if the customer forks over their money or your fired" and they work their butts off to do that. I'm not talking about the lower level people and I think you know that.
The upper level execs set the company culture. And the company culture at Verizon is the customer is nothing more than fodder. If Verizon's company culture gave a damn about the customer they would have both bootloader locked and bootloader unlocked phones for sale in the retail outlets. If bootloader locking is such a security advantage the customers would buy them over bootloader unlocked phones. But no, instead, the bootloader locking is hidden away and the only way to buy one that can be unlocked is to pay ten times more for one. Your friends may be friends with you but they are supporting their families off of that company. They cannot go against that culture even though they probably would agree with me that Verizon should give customers a choice about buying a locked or unlocked phone.
Verizon does not need to force Motorola to refuse to hand out bootloader unlock codes for the Moto G. Nor do they need to make it insanely difficult to do a network unlock. Verizon posts a statement on their website saying that after you have owned your carrier-subsidized phone for a year you can network-unlock it. But they say NOTHING about bootloader-unlocking it. And if you try calling Verizon's support and asking for a network unlock code you will waste hours of time. I finally got a support tech in Verizon who was willing to look at their own website - after they told me Verizon didn't unlock phones - and do what she needed to do to answer my question - which is, when I am ready to network-unlock my phone, I have to call in and get the request escalated to 3rd tier before I'll be talking to a tech that even knows what network unlocking _is_. And the FCC - who forced them to allow for network unlocking - didn't force them to bootloader unlock. And of course they won't do it.
Verizon could go to Motorola and say "every phone that is 2 years old or older you are free to hand out bootloader unlocks on" But they won't.
No, you are very naive if you think that your friends who work at the carriers represent the carrier's approach and view of it's customers. They don't. I have no doubt that they are nice people. But the organization they work for is rotten to the core. I judge carriers by how they treat their customers. I judge them about how they treat me. And when I bought my phone and called into Verizon asking about what date I would get my phone network unlocked - just as a test to see if Verizon is really upholding the terms of it's agreement with the FCC where the FCC required them to network unlock phones - I was repeatedly lied to by their support people. So I am not basing my statements about that carrier on reading some crank who is spewing on the Internet against the carrier because he doesn't want to pay his phone bill. I'm basing them on how I've been treated. Where I live Verizon is a requirement due to coverage issues. But I have no qualms about what kind of a company I'm dealing with. I'm dealing with a company that buys phones by the hundreds of thousands from Motorola at $50 per device, marks them up 100%, and has a contract with Motorola that says Motorola must advertise a MSRP of $200, so that the sheeple who walk into the Verizon store think they are "gettin a deal" I don't trust them any further than I could spit a rat.
The PC community - Dell, HP, and all the rest of them - worked with Microsoft to develop a standard for encrypted bootloaders too. But ya know what? Microsoft put into the standard for encrypted bootloaders a requirement that the customer and go into BIOS and turn them off. PC makers that don't adhere to this aren't allowed to advertise compliance with the security standard. Verizon has that behavior as a model. But instead of requiring Motorola to make turning off encryption an option for the customer, they did exactly the opposite.
You can go and buy a brand new low-end PC today in the $250 range. That's a cheap PC equivalent to a cheap phone. But it's bootloader encryption is customer-selectable. The same should be the case for cell phones. When you released Sunshine you firmly put yourself behind that ideal. But don't for a second believe that your friends are working for a carrier that has any other position that your software is completely opposite what they believe.
jcase said:
I dont think you understand what I do, I work with carriers, OEMs and the like. I've trained some them, I go out to dinner with them, I've invited them to my home, I exchange christmas gifts with them, I have met their families. Their cell phone numbers are in my contacts list. I'm drinking my coffee from a cup one of them gave me, right now. When I am stuck, I've gone to them for help more than I can count. This is my industry, and these people are my friends. These people are not fat dumb or lazy. They care deeply about security, and work their butts off with the limited resources they have. The good ones engage the "hackers", and actually enjoy it. Many of them are on a skill level above and beyond myself.
I'm actually a firm believer they would rather see something packaged and sold, than out in the open, as it results in many times less people using it, as well as the time packaging it will stop or greatly slow down anyone trying to use the material for bad purposes (malware etc). Honestly, they probably don't care how something is distributed at all.
Verizon MotoG with 4.4.2 is is $65 at bestbuy and something like $75 at walmart, how do I know this, we bought many.
I've not lied nor been evasive, I've actually been more open on what I am doing with my time. We are working on 3.0 to add more support to HTC. These people know me enough to know they can ask what I am working on, and I give them a straight answer. More often than not, I will email the company who is responsible for what I find, and let them know before, or at release time when I release something. Often I will give them details and source code not public.
Click to expand...
Click to collapse
They all come with 4.4.4 out of the box. Sucks that people charge for this even worse people actually spent money... Left this phone cuz of its horrible Dev capabilities. Got an lg g3 now. Would have loved to had a non Verizon moto g
Sent from my XT1028 using XDA Free mobile app
tmittelstaedt said:
Your not working with the upper level execs. Your working with the lower level people who have no control over what their company does. Their upper execs tell them "make the phone so that we own it completely even if the customer forks over their money or your fired" and they work their butts off to do that. I'm not talking about the lower level people and I think you know that.
The upper level execs set the company culture. And the company culture at Verizon is the customer is nothing more than fodder. If Verizon's company culture gave a damn about the customer they would have both bootloader locked and bootloader unlocked phones for sale in the retail outlets. If bootloader locking is such a security advantage the customers would buy them over bootloader unlocked phones. But no, instead, the bootloader locking is hidden away and the only way to buy one that can be unlocked is to pay ten times more for one. Your friends may be friends with you but they are supporting their families off of that company. They cannot go against that culture even though they probably would agree with me that Verizon should give customers a choice about buying a locked or unlocked phone.
Verizon does not need to force Motorola to refuse to hand out bootloader unlock codes for the Moto G. Nor do they need to make it insanely difficult to do a network unlock. Verizon posts a statement on their website saying that after you have owned your carrier-subsidized phone for a year you can network-unlock it. But they say NOTHING about bootloader-unlocking it. And if you try calling Verizon's support and asking for a network unlock code you will waste hours of time. I finally got a support tech in Verizon who was willing to look at their own website - after they told me Verizon didn't unlock phones - and do what she needed to do to answer my question - which is, when I am ready to network-unlock my phone, I have to call in and get the request escalated to 3rd tier before I'll be talking to a tech that even knows what network unlocking _is_. And the FCC - who forced them to allow for network unlocking - didn't force them to bootloader unlock. And of course they won't do it.
Verizon could go to Motorola and say "every phone that is 2 years old or older you are free to hand out bootloader unlocks on" But they won't.
No, you are very naive if you think that your friends who work at the carriers represent the carrier's approach and view of it's customers. They don't. I have no doubt that they are nice people. But the organization they work for is rotten to the core. I judge carriers by how they treat their customers. I judge them about how they treat me. And when I bought my phone and called into Verizon asking about what date I would get my phone network unlocked - just as a test to see if Verizon is really upholding the terms of it's agreement with the FCC where the FCC required them to network unlock phones - I was repeatedly lied to by their support people. So I am not basing my statements about that carrier on reading some crank who is spewing on the Internet against the carrier because he doesn't want to pay his phone bill. I'm basing them on how I've been treated. Where I live Verizon is a requirement due to coverage issues. But I have no qualms about what kind of a company I'm dealing with. I'm dealing with a company that buys phones by the hundreds of thousands from Motorola at $50 per device, marks them up 100%, and has a contract with Motorola that says Motorola must advertise a MSRP of $200, so that the sheeple who walk into the Verizon store think they are "gettin a deal" I don't trust them any further than I could spit a rat.
The PC community - Dell, HP, and all the rest of them - worked with Microsoft to develop a standard for encrypted bootloaders too. But ya know what? Microsoft put into the standard for encrypted bootloaders a requirement that the customer and go into BIOS and turn them off. PC makers that don't adhere to this aren't allowed to advertise compliance with the security standard. Verizon has that behavior as a model. But instead of requiring Motorola to make turning off encryption an option for the customer, they did exactly the opposite.
You can go and buy a brand new low-end PC today in the $250 range. That's a cheap PC equivalent to a cheap phone. But it's bootloader encryption is customer-selectable. The same should be the case for cell phones. When you released Sunshine you firmly put yourself behind that ideal. But don't for a second believe that your friends are working for a carrier that has any other position that your software is completely opposite what they believe.
Click to expand...
Click to collapse
Tldr, you have no idea what your are talking about or who you are even talking to. If you think a single "high level exec" cares or even knows what an unlocked bootloader is, you are sadly mistaken.
Spend another 20 years in corporate america, like I have, and then maybe you'll have some wisdom to share in your lectures.
Hallaleuja brotha
Sent from my XT1028 using XDA Free mobile app
tmittelstaedt said:
Your not working with the upper level execs. Your working with the lower level people who have no control over what their company does. Their upper execs tell them "make the phone so that we own it completely even if the customer forks over their money or your fired" and they work their butts off to do that. I'm not talking about the lower level people and I think you know that.
Click to expand...
Click to collapse
I have, and I do.
tmittelstaedt said:
The upper level execs set the company culture. And the company culture at Verizon is the customer is nothing more than fodder. If Verizon's company culture gave a damn about the customer they would have both bootloader locked and bootloader unlocked phones for sale in the retail outlets. If bootloader locking is such a security advantage the customers would buy them over bootloader unlocked phones. But no, instead, the bootloader locking is hidden away and the only way to buy one that can be unlocked is to pay ten times more for one. Your friends may be friends with you but they are supporting their families off of that company. They cannot go against that culture even though they probably would agree with me that Verizon should give customers a choice about buying a locked or unlocked phone.
Click to expand...
Click to collapse
I'm not going to go over the reasons why bootloaders are locked again. Feel free to search for one of the dozen times I've replied, I think I did it recently on google plus. You don't have an understanding why these bootloaders are locked.
I do not agree that the average user should have a device with an unlocked bootloader, the shear number of people emailing me daily on this that have absolutely nothing to do with me is enough to prove that point.
tmittelstaedt said:
Verizon does not need to force Motorola to refuse to hand out bootloader unlock codes for the Moto G. Nor do they need to make it insanely difficult to do a network unlock. Verizon posts a statement on their website saying that after you have owned your carrier-subsidized phone for a year you can network-unlock it. But they say NOTHING about bootloader-unlocking it. And if you try calling Verizon's support and asking for a network unlock code you will waste hours of time. I finally got a support tech in Verizon who was willing to look at their own website - after they told me Verizon didn't unlock phones - and do what she needed to do to answer my question - which is, when I am ready to network-unlock my phone, I have to call in and get the request escalated to 3rd tier before I'll be talking to a tech that even knows what network unlocking _is_. And the FCC - who forced them to allow for network unlocking - didn't force them to bootloader unlock. And of course they won't do it.
Click to expand...
Click to collapse
CMDA is a whitelist technology, it is not "unlocked" like GSM. Their devices are not "LOCKED" to their network, they network itself does the rejection. Their few devices that do support GSM, tend not to be network locked (some were locked against certain carriers).
CDMA != GSM
tmittelstaedt said:
Verizon could go to Motorola and say "every phone that is 2 years old or older you are free to hand out bootloader unlocks on" But they won't.
No, you are very naive if you think that your friends who work at the carriers represent the carrier's approach and view of it's customers. They don't. I have no doubt that they are nice people. But the organization they work for is rotten to the core. I judge carriers by how they treat their customers. I judge them about how they treat me. And when I bought my phone and called into Verizon asking about what date I would get my phone network unlocked - just as a test to see if Verizon is really upholding the terms of it's agreement with the FCC where the FCC required them to network unlock phones - I was repeatedly lied to by their support people. So I am not basing my statements about that carrier on reading some crank who is spewing on the Internet against the carrier because he doesn't want to pay his phone bill. I'm basing them on how I've been treated. Where I live Verizon is a requirement due to coverage issues. But I have no qualms about what kind of a company I'm dealing with. I'm dealing with a company that buys phones by the hundreds of thousands from Motorola at $50 per device, marks them up 100%, and has a contract with Motorola that says Motorola must advertise a MSRP of $200, so that the sheeple who walk into the Verizon store think they are "gettin a deal" I don't trust them any further than I could spit a rat.
The PC community - Dell, HP, and all the rest of them - worked with Microsoft to develop a standard for encrypted bootloaders too. But ya know what? Microsoft put into the standard for encrypted bootloaders a requirement that the customer and go into BIOS and turn them off. PC makers that don't adhere to this aren't allowed to advertise compliance with the security standard. Verizon has that behavior as a model. But instead of requiring Motorola to make turning off encryption an option for the customer, they did exactly the opposite.
You can go and buy a brand new low-end PC today in the $250 range. That's a cheap PC equivalent to a cheap phone. But it's bootloader encryption is customer-selectable. The same should be the case for cell phones. When you released Sunshine you firmly put yourself behind that ideal. But don't for a second believe that your friends are working for a carrier that has any other position that your software is completely opposite what they believe.
Click to expand...
Click to collapse
Bootloaders are not encrypted.
I'm not insulting you here but I'm being to the point. You lack a fundamental understanding of each aspect of this conversation, which makes much of it not even worth replying to.
You don't have an understanding of the industry, of me, or how the devices work themselves.
Gsm rules
Sent from my XT1028 using XDA Free mobile app
Cdma will be extinct soon anyways soon
beaups said:
We don't trust or like you, either. Also, that vuln in your OP is long patched and non-useful.
Click to expand...
Click to collapse
I'm going to ignore any insults directed directly to me, because I understand people forget there's an actual person behind the text.
It seemed too good to be true, I just wanted some confirmation on whether the vuln was truly patched or not.
Have fun insulting others in teh interwebs
In light of the new Investigatory powers act 2016 that has come into effect in UK, the new legislation stipulates that any telecommunications operator or electronic communication device manufacturer/software programme, has to include a backdoor access to allow decryption for probing and ''equipment inteference' by the relevant governing bodies.
This applies to all communication/device manufacturers/software that is currently sold in the UK.
The legislation also requires that any further software updates or new communication equipment be made available to certain governing bodies before the sale of software/devices, to allow a review and insertion of backdoor access, whether physically or via software programming.
Is anybody familiar with how this will apply to Google/android and the regular security updates that are provided to these devices? Will google promptly follow the requirements for this legislation, which would mean, the next security update will include this backdoor access?
This raises major concerns for the security and privacy for all google/android based handsets that are sold within the UK, as over 50 government organisations will be allowed to request probing and bypass of any encryption. What concerns me more so, is the misuse of this backdoor access by rogue hackers that unfortunately, may now be able to hack devices more easily with this backdoor access enforced by this new legislation.
As far as I am aware, other manufacturer software updates for their handsets are never as rapid as googles own devices to receive these updates, and I am thinking, does this mean the implementation of this backdoor access will be likely to be included in either December 2016 or January 2017?
Will google issue this backdoor access for only handsets connected in the UK or will it be a worldwide update?
If anybody has any relevant information to elucidate me on this, it would be greatly appreciated, as unfortunately, the new legislation also includes a gagging clause, which prohibits any manufacturer or software programme/oS, from revealing if/when a backdoor access has been initialized.
Wow. If this is true, and I were Google, Apple etc. I would not adhere to this local legislation. How hard is it for the local authorities to prove they need the info on a device in order to get a court order to get access to said device? Sounds to me like they just want an excuse to probe any and all devices regardless of their need for the info on them.
Edit: I just looked it up, it doesn't seem to state anything about manufacturers having to allow a back door. It states that the government has the authority to hack, look for and retain personal information. So in short, no. Google will not allow this. The UK will have to learn to hack their way in just like anyone else.
Also, Canada has basically been doing this for quite some time.. maybe not to the extent the UK wants to..
k.s.deviate said:
Wow. If this is true, and I were Google, Apple etc. I would not adhere to this local legislation. How hard is it for the local authorities to prove they need the info on a device in order to get a court order to get access to said device? Sounds to me like they just want an excuse to probe any and all devices regardless of their need for the info on them.
Edit: I just looked it up, it doesn't seem to state anything about manufacturers having to allow a back door. It states that the government has the authority to hack, look for and retain personal information. So in short, no. Google will not allow this. The UK will have to learn to hack their way in just like anyone else.
Click to expand...
Click to collapse
For reference, http://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdoors/
I have a copy of the new leglislation, but it is a 300+ page document. It is quite frightening.
You can view it online, it specifically states about ''backdoor access''.
If anyone has ANY information on how this will effect android security and when google will implement this, please share
newsbtc.com/2016/12/11/investigatory-powers-act-decentralized-internet/
:/
So I'm assuming this will either effect the pixel/nexus updates, or the next pixel successor, or even both
This legislation has come into effect from today.
Google, as well as practically all telecoms manufacturers and telecoms service providers are affected.
Cannot really trust the security offered from updates from now on unfortunately.
Good luck enforcing something like this when there is no way to ensure a encryption system with a back door is actually secure.
What is the UK going to do when Google and other software companies say no. Have them stop providing their goods to the UK? Maybe there will be no pixel updates or new phones for the UK market?
How are banks and other financial institutions which risk substantial loss because of an insecure encryption system going to react? No more online banking or financial transactions?
krelvinaz said:
Good luck enforcing something like this when there is no way to ensure a encryption system with a back door is actually secure.
What is the UK going to do when Google and other software companies say no. Have them stop providing their goods to the UK? Maybe there will be no pixel updates or new phones for the UK market?
How are banks and other financial institutions which risk substantial loss because of an insecure encryption system going to react? No more online banking or financial transactions?
Click to expand...
Click to collapse
It seems like the legislation stipulates and enforces any telecommunications provider/manufacturer to provide a accessible route into devices for something classified as "equipment interference", which in layman terms, is basically legalised hacking.
If a notice is served to the provider/manufacturer, they must comply otherwise it is unlawful. The legislation also stipulates that it is unlawful to declare that a notice has been served, which in essence means that we will never know or have any knowledge of this occurring.
Quite a sinister draconian piece of legislation if you ask me.
I have a hard time believing Google or Apple will just hand them the keys . Apple wouldn't even let American government access. Amazon won't give cops access to a murder they think was recorded on a Amazon echo
FYI the US government is on the same path. We should all be concerned and demand that elected officials work to reverse these trends.
Besides the privacy issue I personally don't have anything I'm worried about. Don't get me wrong, the privacy part of it is major as I value it more than 90% of life so I'm not saying "who cares". I'm also not in Europe so I'm really not worried. That is until the US goes public with it. That being said, unless there is a hardware backdoor implemented, it won't last long. If it's coded in software it'll be found and removed. So unless it's software based and you stay stock unrooted, there's nothing to worry about.
It does kinda seem funny that after this comes around, updates have been pushed with a second European carrier fix update though.
https://www.theguardian.com/technol...ackdoor-allows-snooping-on-encrypted-messages
"In the UK, the recently passed Investigatory Powers Act allows the government to intercept bulk data of users held by private companies, without suspicion of criminal activity, similar to the activity of the US National Security Agency uncovered by the Snowden revelations. The government also has the power to force companies to “maintain technical capabilities” that allow data collection through hacking and interception, and requires companies to remove “electronic protection” from data. Intentional or not, WhatsApp’s backdoor to the end-to-end encryption could be used in such a way to facilitate government interception.
Jim Killock, executive director of Open Rights Group, said: “If companies claim to offer end-to-end encryption, they should come clean if it is found to be compromised – whether through deliberately installed backdoors or security flaws. In the UK, the Investigatory Powers Act means that technical capability notices could be used to compel companies to introduce flaws – which could leave people’s data vulnerable.”
I just read/heard… source
Now that Google's exclusivity with "Big Red" (Verizon) is done, I have a couple of thoughts and was wondering what this community (or at the very least whomever other users…) thoughts on this were…intelligent (thoughts) or otherwise (meaning I still wish to know even if it might be considered [personally] foolish)…
I'm unsure whether it was at Verizon's insistence or not, but do you think the other (T-Mobile it looks like, but maybe in the future, it could be others…) company/companies would lock their device's bootloader like Verizon does? I remember (at least with the Pixel 2) that, initially, there were instances where Verizon (maybe Google themselves; knowingly or uknowingly) "claimed" to inquirers that their device would be "exactly the same" as the one's sold from Google (website) – I don't have the exact sources, but I'm sure a simple easy search here on XDA and/or on Google would result in enough of them. Of course, now (here in "the future") we know better and it has a definite key difference. Also, the fact that (at least in the first 6 months after the Pixel 2 release) warranty replacements and refurbished units that went to Verizon proved that there was really no "verizon variant" until you activated the device onto the Verizon network (usually via the [Verizon] SIM card); this is how many (including me) were able to lease a Pixel 2 with Verizon and have an unlocked bootloader as well. I could understand if, somehow, there was a different variant that was different in hardware specific to the Verizon ones as well as most likely including their horrid pre-installed "stock" apps (I've seen it happen with "Big Red's" Samsung Galaxies; i.e. varied different but specific hardware that physically included "safeguards" and random apps that came "stock" in hidden in other partitions…) and/or other difference that helped "streamline" the device to the network. But, at the very least, it leads me to believe that initially there was no difference -- even in bootloader "unlockibility" – and Verizon, rather close to launch, changed their minds and forced Google's hands to lock it down; in "fear of" (doubtful; probably bs claim) unlocking and screwing with the phone which would cause broken devices and headaches "for Verizon" – most likely just wanted to force lease and market share opportunities. Either way, do you think other company/companies (like T-Mobile) would follow the same line of thinking and also follow suit?
I doubt I'd leave Verizon, but let's say I was willing; knowing that T-Mobile's variant would not lock down the bootloader like Verizon does and it would be closer (or an exact duplicate) to a direct Google variant would help me choose in changing to their service and/or lease with T-Mobile and also enjoy added bonuses for starting a new line and leasing with them...
Or, might the exact opposite be true and, to follow suit of T-Mobile and Google, Verizon would stop being foolish and simply do the smart decision to keep it as close to Google's variant as possible…? (yea….I find this highly doubtful as well…but it is a thought, isn't it?)
In any case, I most likely will be "going for" the upcoming Pixel 4 & Pixel 4 XL; especially if it got rid of that god-awful god-forsaken notch and went with the "pinhole" design that's supposedly like the Samsung S10. For whatever it's worth, if it continues on as with the Pixel 3 and includes a similar notch (as with the 3), I will further skip this model and wait yet another year for Google to "wise up"… But, because of the planned purchase, and because I (myself consider) made a mistake in not purchasing/leasing directly from Google and wish to do right/correct this time around, these are thoughts that would inevitably come up (especially considering the breaking news) and have to be considered…
Some other thoughts…
Reading the androidpolice article (SOURCE), the writer does make a good point that this "move" by Google is a good way to expand and position itself to cater to the "mid-level crowd" where its (Google's Pixels) presence above the cheap rather awful $30-ish smartphones but below the very premium (with its definitely "premium" price; I'm looking at you Samsung and Apple); where I believe is a really great "niche" to cater to; it's why me and my wife love their device! But, then again, there are many, many, MANY others who consider even the Pixel line (most especially the XLs) to be at already a "premium" price (MSRP $800 for Pixel 3, $900 for XL or 128GB, and 4 digits for the 128GB XL) which makes having/including a sub-par [insert here] (whatever prejudice [justified or not] you or another owner you know) a big blow (too much of a big blow in some cases that some owners have refused to purchase or even returned their Pixel) and a definite travesty that a big company (Google, which is "ginormous"!) and "premium" product would dare to have such a sub-par part! But, with it moving on to another (and possibly more, maybe in the future) company/companies, do you think this is a good "move" – at least in the right direction – and/or a positive sign/signal towards good things to come? Or the exact opposite?
In whatever case, again, with the (breaking) news, it inevitably caused some thoughts to come to mind and I thought I'd ask my highly regarded and preferred community here what they might think and their further thoughts on the subject…
simplepinoi177 said:
I just read/heard… source
Now that Google's exclusivity with "Big Red" (Verizon) is done, I have a couple of thoughts and was wondering what this community (or at the very least whomever other users…) thoughts on this were…intelligent (thoughts) or otherwise (meaning I still wish to know even if it might be considered [personally] foolish)…
I'm unsure whether it was at Verizon's insistence or not, but do you think the other (T-Mobile it looks like, but maybe in the future, it could be others…) company/companies would lock their device's bootloader like Verizon does? I remember (at least with the Pixel 2) that, initially, there were instances where Verizon (maybe Google themselves; knowingly or uknowingly) "claimed" to inquirers that their device would be "exactly the same" as the one's sold from Google (website) – I don't have the exact sources, but I'm sure a simple easy search here on XDA and/or on Google would result in enough of them. Of course, now (here in "the future") we know better and it has a definite key difference. Also, the fact that (at least in the first 6 months after the Pixel 2 release) warranty replacements and refurbished units that went to Verizon proved that there was really no "verizon variant" until you activated the device onto the Verizon network (usually via the [Verizon] SIM card); this is how many (including me) were able to lease a Pixel 2 with Verizon and have an unlocked bootloader as well. I could understand if, somehow, there was a different variant that was different in hardware specific to the Verizon ones as well as most likely including their horrid pre-installed "stock" apps (I've seen it happen with "Big Red's" Samsung Galaxies; i.e. varied different but specific hardware that physically included "safeguards" and random apps that came "stock" in hidden in other partitions…) and/or other difference that helped "streamline" the device to the network. But, at the very least, it leads me to believe that initially there was no difference -- even in bootloader "unlockibility" – and Verizon, rather close to launch, changed their minds and forced Google's hands to lock it down; in "fear of" (doubtful; probably bs claim) unlocking and screwing with the phone which would cause broken devices and headaches "for Verizon" – most likely just wanted to force lease and market share opportunities. Either way, do you think other company/companies (like T-Mobile) would follow the same line of thinking and also follow suit?
I doubt I'd leave Verizon, but let's say I was willing; knowing that T-Mobile's variant would not lock down the bootloader like Verizon does and it would be closer (or an exact duplicate) to a direct Google variant would help me choose in changing to their service and/or lease with T-Mobile and also enjoy added bonuses for starting a new line and leasing with them...
Or, might the exact opposite be true and, to follow suit of T-Mobile and Google, Verizon would stop being foolish and simply do the smart decision to keep it as close to Google's variant as possible…? (yea….I find this highly doubtful as well…but it is a thought, isn't it?)
In any case, I most likely will be "going for" the upcoming Pixel 4 & Pixel 4 XL; especially if it got rid of that god-awful god-forsaken notch and went with the "pinhole" design that's supposedly like the Samsung S10. For whatever it's worth, if it continues on as with the Pixel 3 and includes a similar notch (as with the 3), I will further skip this model and wait yet another year for Google to "wise up"… But, because of the planned purchase, and because I (myself consider) made a mistake in not purchasing/leasing directly from Google and wish to do right/correct this time around, these are thoughts that would inevitably come up (especially considering the breaking news) and have to be considered…
Some other thoughts…
Reading the androidpolice article (SOURCE), the writer does make a good point that this "move" by Google is a good way to expand and position itself to cater to the "mid-level crowd" where its (Google's Pixels) presence above the cheap rather awful $30-ish smartphones but below the very premium (with its definitely "premium" price; I'm looking at you Samsung and Apple); where I believe is a really great "niche" to cater to; it's why me and my wife love their device! But, then again, there are many, many, MANY others who consider even the Pixel line (most especially the XLs) to be at already a "premium" price (MSRP $800 for Pixel 3, $900 for XL or 128GB, and 4 digits for the 128GB XL) which makes having/including a sub-par [insert here] (whatever prejudice [justified or not] you or another owner you know) a big blow (too much of a big blow in some cases that some owners have refused to purchase or even returned their Pixel) and a definite travesty that a big company (Google, which is "ginormous"!) and "premium" product would dare to have such a sub-par part! But, with it moving on to another (and possibly more, maybe in the future) company/companies, do you think this is a good "move" – at least in the right direction – and/or a positive sign/signal towards good things to come? Or the exact opposite?
In whatever case, again, with the (breaking) news, it inevitably caused some thoughts to come to mind and I thought I'd ask my highly regarded and preferred community here what they might think and their further thoughts on the subject…
Click to expand...
Click to collapse
To be honest I feel it is a good move and can potentially be a bad move all in the same. I personally have Verizon service and I admit I didn't do any research before getting my pixel 2 xl from Verizon as in the past I've had the Galaxy Nexus and never had an issue unlocking the bootloader until my Motorola Droid 2 turbo xt1585. To this very day I cannot unlock the bootloader on that device or my pixel 2 xl. I didn't have much of a choice as the xt1585 charge Port took a dump on me and I needed to access text messages for some extremely important codes and such related to one of my 2 full-time jobs I had at the time so I replaced the xt1585 asap. I for one didn't like that the girl upgrading my contract decided to put a Sim card in and proceed to try setup the phone for me and all though I know she was just trying to be nice and all, I'm not one of those people that need that kind of help. Later I find out that I cannot unlock the bootloader and have had to roll with all the updates and am currently on q beta 3 etc. I've noticed with the pie update before q beta was launched they would upgrade the bootloader and again with q beta 3 they update the bootloader. Both Verizon and Google send you in pointless circles when asked about this unlocking the bootloader deal. Not thrilled with either company as they are both full of bull**** and claim they don't don't know what I'm talking about and they both tell you to talk to their tech support. As soon as I'm paid off on this phone all I can say is Verizon had better allow me to unlock the bootloader. Not alot I can do if they don't but regardless when it's paid off I'm switching carriers. I like the service I get with them but that is it. I've been following Google fi and their progress and may try them out. Verizon in my opinion is a good investment stock market wise with the 5g unrolling and where Verizon plans to go with it. T Mobile is a good decision versus Sprint , at&t, or Verizon for what you are talking about. Better than cricket or boost Mobile or metro pcs. As for the Verizon variant deal, well Verizon did buy a nice chunk and I'm sure the bootloader issue is in the vendor files that Google has allowed though I've read that it is at the kernel level though. Not completely sure on it but I am not an expert programmer or developer as I am trying to learn it as a hobby but I'm not a noob either and as far as I have found, the issue with the bootloader is in files that Verizon has control over, as it is a read only file setup that is installed after Google passes it to Verizon. I've gone over everything that Google has multiple times and there is no real difference between Google's and Verizon's version. The pixel 2 and 2xl when first released had individual OTA releases of Oreo but as of June or July of 2018 Google started rolling out one OTA update for all carriers but the OTA doesn't update any of Verizon's files in which the ro.boot.flash.lock, oem_unlock_allowed etc. are located. Eff Verizon and their control issues and eff Google for playing dumb and advocating silently for Verizon, in my opinion, and giving them the control only device oems or device owners should have. I am glad their contract is or will finally be over though the damage is done. Verizon will never openly let people unlock their bootloader's because they don't want that vulnerability on their Network so they say. Sad but true.
i really wanted to write my own run on sentence/paragraph but i dont have the energy lol... instead ill just copy paste an article i found. Following a report from 9to5Google this morning, we were able to independently corroborate that T-Mobile plans to sell Google's current Pixel 3 and 3 XL smartphones, as well as add that the upcoming (and still unannounced) Pixel 3a and 3a XL will also be available in T-Mobile stores. The exact sale date is unclear, but my guess is that it will be timed against the launch of the new 3a devices, which we're expecting on May 7th. T-Mobile being added to the Pixel roster isn't just news in the sense of T-Mobile, though - it's a pretty big deal in regard to the larger strategy with the Pixel brand and what the end of Verizon exclusivity means, as well. Verizon was the launch partner for the original Pixel three and a half years ago, and it's been the exclusive carrier for the devices since. While they've been available on Google's Fi MVNO nearly as long, no one in the industry considers Fi much of a threat to Verizon, and Google probably worked out a deal Verizon was happy enough with to allow what probably just amounted to a market share rounding error. But Fi has continued to grow, and late last year graduated from "Project" status to a full-fledged service. Thanks to Sprint, Project Fi even has a 5G roadmap - and that does probably ruffle Verizon's feathers. Equally possible is that the timing is just a coincidence, and Verizon and Google's exclusivity deal had a previously agreed expiration date that's come and gone. Regardless of the reason for the exclusivity breakup, no one is going to mourn it - exclusives limit consumer choice.Verizon's Pixel exclusive has held for three generations - it seems like the fourth may be the end of the line. T-Mobile as Google's first new partner makes sense, and their mutual desire to cooperate hasn't been a secret: T-Mobile has long wanted very, very badly to sell Google's phones. It has advertised compatibility with Pixels from the beginning, and would offer yet another avenue through which T-Mobile can siphon customers from Verizon, Sprint, and AT&T. Sprint would be a pretty terrible choice, by comparison, with its stagnant growth and icky phone "leasing" schemes (which I absolutely revile). And AT&T, while massive, has among the worst device update policies of any carrier in the business, one for which I think Google would require an opt-out that to date only Apple has received. Fast and frequent updates are a huge part of the Pixel brand's appeal, and while Verizon has played gatekeeper for the Pixel OTAs on its network, they've always been pushed through Google's update framework and kept on the same update track as the unlocked phones. AT&T exerts far more control over the OTA process, and from an outside perspective, often seems slower to get updates certified. With a growing subscriber base and a strong brick and mortar retail presence, that leaves T-Mobile as not only the best fit for the Pixel, but probably the one most likely to generate success. Then there's the question of what happens on Verizon going forward - will the Pixel continue to receive special treatment like limited launch exclusives? Until the Pixel 4 is announced, we really won't know, but my guess is that Google wouldn't partner with a new carrier unless it would be on equal footing with Verizon (after all, even Fi gets the phones at launch now). And while Verizon has certainly put some marketing muscle (and dollars) behind Google's phones, there was no doubt that they'd also become the single biggest limiting factor for growth. Google Fi is fine for some people, but most aren't even aware it exists, and Verizon simply doesn't have a reputation as a value operator that T-Mobile does.
The book editor in me just died seeing this thread. Posting a single obscenely long paragraph as shown in the first response doesn't help people who might want to read your thoughts. It just encourages them to tune you out. If you expect to be taken seriously and have your thoughts actually be read, you've gotta break down your stuff into discrete chunks. It isn't just what you have to say that matters, but how you say it.
Strephon Alkhalikoi said:
The book editor in me just died seeing this thread. Posting a single obscenely long paragraph as shown in the first response doesn't help people who might want to read your thoughts. It just encourages them to tune you out. If you expect to be taken seriously and have your thoughts actually be read, you've gotta break down your stuff into discrete chunks. It isn't just what you have to say that matters, but how you say it.
Click to expand...
Click to collapse
Word
Haha ':-\ I'll try to keep this post short and simple...
Thanks for all the thoughts (I guess...), but I'd like to still ask, do you guys think that getting the Pixel 4 (I haven't done research on the 3a's, but including them if this hasn't been established) and future models from carriers will mean that the bootloader is locked like it initially has been done from the Pixel OG to Pixel 3's? Or will the exact opposite maybe come true and Verizon will stop the practice following suit that the other 3 US wireless carriers will not/won't lock the bootloader?
simplepinoi177 said:
Haha ':-\ I'll try to keep this post short and simple...
Thanks for all the thoughts (I guess...), but I'd like to still ask, do you guys think that getting the Pixel 4 (I haven't done research on the 3a's, but including them if this hasn't been established) and future models from carriers will mean that the bootloader is locked like it initially has been done from the Pixel OG to Pixel 3's? Or will the exact opposite maybe come true and Verizon will stop the practice following suit that the other 3 US wireless carriers will not/won't lock the bootloader?
Click to expand...
Click to collapse
If the past is any indication of the future, then I surmise that all the US carriers will keep the bootloaders locked. However, should google NOT partner with any specific carrier, then I would think it would negate the need for different versions of upcoming devices, hence, allowing the user to unlock the bootloader if we choose to do so. Then again, that's all just spec on my part