Hi all.
Haven't seen this topic yet so I thought I'd introduce it. Has a petition ever been sent directly to Microsoft to allow jailbreaking and development of apps in a Cydia like store. I'm positive this would increase the popularity of wp8. There are are so many little things like decreasing the interval for updating live tile, and creating playlists on the phone itself. Widgets would also be nice. I just got a 920 and like it a lot. I was using launcher8 on my gn2 before and that launcher allowed widgets on tiles, more rectangular tile options etc.
Are you really think that Microsoft or somebody else care about these petitions?
Useless guy said:
Are you really think that Microsoft or somebody else care about these petitions?
Click to expand...
Click to collapse
if enough people sign, then yes I do. I'm convinced that many iOS and android users would try a windows phone. There would be far more developers making apps also.
Jailbreaking will never be allowed on windows phone becuase Microsoft wants to win over the business sector. One of the reason the secure boot was implemented was because of businesses complaining about security on WP7.
Besides, there aren't really BIG things to get from jailbreaking, other than useless things some individuals care about. the vast majority of WP8 users are happy with their phones, plus most of the things you are asking (like adding playlists on the phone), will be supported eventually.
Lowering the interval for live tiles is a really bad idea btw.
If microsoft ever allows access to the file system, there will be no need for anything else: developers will pick it up from there and do their thing.
Ain't ever going to happen. Ms is bent over backwards by OEMS and carriers
Sent from my Arc using xda app-developers app
we need to start a kickstarter or offer a bounty on xda
I am sure if we started a bounty or kickstarter and rightfully paid one of the hackers to jailbreak wp8 they could get the job done a lot sooner
so how shall we go about this?
I am ready to offer my contribution
noelito said:
I am sure if we started a bounty or kickstarter and rightfully paid one of the hackers to jailbreak wp8 they could get the job done a lot sooner
so how shall we go about this?
I am ready to offer my contribution
Click to expand...
Click to collapse
Still won't happen dude. I don't know but there seems to be some sort of aversion to WP by all the devs. The iPhone/iPad community has a number of devs piling over eachother to bring out the "next best way to JB". Android, I don't even need to get started. Other OSs too will fall in place soon. But what keeps the devs away from WP is a bit of a mystery to me.
BTW, I hope you know what happened to the kids that jailbroke the first Gen WP devices. They got hired by MS and were given a T shirt, if my memory is good.
So... that's that.
It's hilarious how you people believe that is easy to exploit WP8, Devices that use it have Secure Boot and Bitlocker so exploiting the boot process is practically impossible, exploiting on app-level is also hard as all apps run over a sandbox and the user has no administrator privileges so you can't use the sandbox exploitation available for Windows RT.
Plus there's overall no appeal for hacking it other than it runs over NT.
I think we should do it, there is nothing to loose, but it shouldn't be for jail breaking but for allowing file system access similar to Windows RT
Everybody can try to found a exploit.
If somebody will have luck, he will be the man....
But like people here say...
Its very very hard!
Sent from my GT-I8750 using Board Express
It's better for Microsoft (in the long run) that the OS will not be jailbroken: Jailbroken devices can install pirated applications, and pirated applications makes application developers angry.
Currently, app devs have no choice but to develop their applications to the 2 major OSs out there (iOS and Android), and know that in some point it is quite likely that people who jailbreak their devices can install pirated copies of their applications.
In the long run, as WP would start gaining major market share, application developers would be more keen to focus their development for WP as they'd know their property could not be pirated (if, supposedly, WP will remain unhacked).
This is of course only hypothetical - there's no protection which is made by men and cannot be hacked by men, and I'm more than sure that the more user-base and interest WP gains, the more likely is that someone would find a loophole in the OS and it'd be jailbroken...
And maybe not
Thread moved to General
I am as well very certain that Microsoft will not allow for Jailbreaking of the devices. They have some programs that will get you a free dev account to develop on top of the Plattform but they don't Support changes to the Plattform itself. If you want to make your Point about giving Devs certain APIs go to wpdev.uservoice.com and Support them with your votes.
As for jailbreaking WP: I'm sure it can be done because in the end: techniques exist to exploit basically everything but as was already said: Microsoft isn't making it easy.
StevieBallz said:
I am as well very certain that Microsoft will not allow for Jailbreaking of the devices. They have some programs that will get you a free dev account to develop on top of the Plattform but they don't Support changes to the Plattform itself. If you want to make your Point about giving Devs certain APIs go to wpdev.uservoice.com and Support them with your votes.
As for jailbreaking WP: I'm sure it can be done because in the end: techniques exist to exploit basically everything but as was already said: Microsoft isn't making it easy.
Click to expand...
Click to collapse
It may be possible, but as for now they have closed damn near every hole we could think of. I'd say the only way we can hope for SOME progress is if we can exploit the root certificate and policies somehow. I know GoodDayToDie had a few good potential ideas. It's not that the device NEEDS to be jailbroken, we need to be given more trust. I feel as if Microsoft automatically feels like we will screw everything up so it's being our overprotective mother instead. We all know what happens when you are too overprotective to those you care about.....
With that said, if we can just be given a LITTLE more freedom.. That's all I ask for. I don't think we would have to worry about any type of malware since the App Hub process is smart enough to give me the red X if I'm trying to call MessageBox.Show() from a background task.
/endrant.
What if we paid you the bounty?
Sent from my SGH-T899M using XDA Windows Phone 7 App
iOS is certified afaik for government use, so the business security issue is specious. Not everybody will hack their device anyway.
There are different levels of security certifications, similarily to Mil-Spec Standards that exist for a lot of different criteria. Allowing people to do more with their devices isn't really at the core of Microsoft's concerns here. They don't try to push it though as they want applications in the Store and not on the web. Piracy is likely to play a role here too.
As for a bounty to make a JailBreak happen - it might be an incentive for certain developers to start looking into it. With WP7 the way most of the time was to hack the Bootloader and then flash a custom ROM to allow for additional access. With WP8 people might need to look into other ways in given that Secure Boot is likely to be a very hard nut to crack. Given that the original Jailbreak for WP7 relied on custom certificates it's likely that Microsoft invested there to close this off better but it's of course still worth investigating.
The more important part in the end would be to get Microsoft to make more available through the official APIs. They are extending those and this has made more functionality available every time they did a major update to the OS (Mango, Apollo).
Another point to note is that native interop is now part of the regular SDK. It's therefore likely that native APIs will be better protected against accesses from unauthorized Apps than they have been in WP7 (where the problem was getting native code to run at all).
RCranium666 said:
if enough people sign, then yes I do. I'm convinced that many iOS and android users would try a windows phone. There would be far more developers making apps also.
Click to expand...
Click to collapse
Not trying to be negative but I don't think the would care. On their won suggestion site (http://windowsphone.uservoice.com/forums/101801-feature-suggestions/suggestions/2281201-custom-sounds-for-sms-mms-email-notifications-e) the haven't even responded to the 40,000 + petitions that people have been voting for 2 years for custom MMS\SMS; something that is so easy to do.
Thanks for everyone's responses. I just went back to my gn2. I found too many compromises in wp8. The funny thing is, I use a wp8 launcher on android and it's much more versatile than wp8 itself. The l920 was also a disappointment. I'm no stranger to phone cameras and I was rarely able to take a good picture with it. I like the l920's design better than the gn2, but not much else.
Related
I want to start this discussion because I haven't seen it anywhere and I read several Android forums. I love the platform and it's "openess" but it seems that requirements from Google fall just short of making this the best platform ever for handsets.
We are all screaming at Motorola about the signed bl but we aren't focusing enough on the greater issue. The Android license from Google seems to allow this or maybe it is less specific to Google than to some other entity but I don't speak lawyerese so i'm not sure. Anyway, here is what I keep reading from Motorola...
"The use of open source software, such as the Linux kernel or the Android platform, in a consumer device does not require the handset running such software to be open for re-flashing. We comply with the licenses, including GPLv2, for each of the open source packages in our handsets"
My point of discussion is this, why aren't we asking Google what they can do? Why can't Google simply state that "we will not allow our software to be damaged in this way"? Why do they allow Verizon, at&t, Motorola, HTC or anyone else manipulate their software in a way that brings so much resentment? Is it not in Google's best interest to force this platform to remain open? I realize this is a double edged sword because open means people can do what they want, which holds true for companies also but I think that everyone realizes that Google's intent was that this would benefit everyone, not just the companies.
Also, everyone seems to forget that HTC is messing around with trying to lock down the NAND. Just because geniuses get past the protection doesn't mean that HTC isn't trying. If the Droid X is a huge success, even with this restriction in place, then what makes any of you think that the rest will not follow suit?
Because open means that you can do whatever you want with it. There is nothing stopping anyone from using it, modifying it for their own uses, and putting it in any device that would support it. That's why a company can strip down all of Google stuff from it and put Bing if they want to, and Google wouldn't be able to complain. The whole point of open and free software is that you compete by actually being the best at something. You keep Google stuff in Android because well, they work best.
Now, when you put Android in a device you manufacture, you do have the rights to do whatever you want with the device. This seems to be a hardware protection on top of the software ones. You know how DRM'd mp3 stop working? well, it's not much different, except that now there is physical damage.
True, these measures defeat the whole purpose of being open, but what the heck. Being truly open means making a great product, and then not complaining when someone grabs it and beats you with it. You have are always competing to deliver the best product, and that's why open is awesome.
Who was it that said: "I can't agree with what you are saying, but I will defend to the death your right to say it"?
Open goes both ways. The company (Motorola) has every right to lock down the bootloader and prevent others from flashing.
You guys are looking at it as if Motorola did this to prevent people from flashing custom roms. The real reason they did it was to prevent others from stealing their rom and porting it to another phone. If you like the "ninjablur" UI, you need to buy the DroidX.
Ryan Frawley said:
Open goes both ways. The company (Motorola) has every right to lock down the bootloader and prevent others from flashing.
You guys are looking at it as if Motorola did this to prevent people from flashing custom roms. The real reason they did it was to prevent others from stealing their rom and porting it to another phone. If you like the "ninjablur" UI, you need to buy the DroidX.
Click to expand...
Click to collapse
Actually, I don't agree. I'm pretty sure one could extract those widgets if you really wanted to. (They "Ain't all that" if you ask me. - And yes, I did buy an X yesterday and love it. Just ain't crazy about those widgets).
I think the real reason this is locked down is to prevent custom ROM/Root access to enable tethering. There are other issues I'm sure, but at the top of the list is to protect that revenue Big Red is trying to generate.
As to Google 'Stopping' the carriers from locking this down, please understand that if the carriers can't protect their revenue streams, they simply won't allow the phones on their network, and that would hinder the growth of the OS in general.
Don't take any of my words as endorsement of VZW/Moto actions. I'll be first in line to flash/root my phone when/if its ever possible. I'm just a realist. VZW wants $20/month for WiFi Tether. They are going to do as much as reasonably possible to keep you from doing that for free.
In a related note, 2.2 Froyo does tethering natively. I expect this to be crippled/disabled when we get our update in a couple of months.
I don't agree with the idea that companies would stop supporting the platform. The Droid has been a cash cow for verizon and it is an open book. Google could easily ask that their platform remain open for all to enjoy.
Beyond that, if Google allows them to gimp their OS then Google has created something entirely for the benefit of companies and not at all for the general population. I don't believe this is true. I think that the changes will start with Android v3.0. Google will start getting more pissy about custom crap especially if it makes their product seem worse and increase the chance that Android will be looked upon negatively.
Despiadado1 said:
I don't agree with the idea that companies would stop supporting the platform. The Droid has been a cash cow for verizon and it is an open book. Google could easily ask that their platform remain open for all to enjoy.
Beyond that, if Google allows them to gimp their OS then Google has created something entirely for the benefit of companies and not at all for the general population. I don't believe this is true. I think that the changes will start with Android v3.0. Google will start getting more pissy about custom crap especially if it makes their product seem worse and increase the chance that Android will be looked upon negatively.
Click to expand...
Click to collapse
Its the same problem with windows, the OS gets blamed for what hardware vendors do to it... we see this $400 computers getting compared to Apples $1500+ computers and thats some how proof windows sucks, I never had problems with Vista being slow, but people and there $400 computer did.
The problem with Android, specifically the scrolling smoothness, is the vendors custom Android OS setups...
FtL1776 said:
Its the same problem with windows, the OS gets blamed for what hardware vendors do to it... we see this $400 computers getting compared to Apples $1500+ computers and thats some how proof windows sucks, I never had problems with Vista being slow, but people and there $400 computer did.
The problem with Android, specifically the scrolling smoothness, is the vendors custom Android OS setups...
Click to expand...
Click to collapse
To be fair, I think the scrolling smoothness is half crappy hardware and half Android's lack of hardware acceleration.
Mikerrrrrrrr said:
To be fair, I think the scrolling smoothness is half crappy hardware and half Android's lack of hardware acceleration.
Click to expand...
Click to collapse
No some custom roms fix those issues because they enable the hardware acceleration, which again shows that Google really should crack down on some of these custom versions of Android on phones.
Zaphod-Beeblebrox said:
Actually, I don't agree. I'm pretty sure one could extract those widgets if you really wanted to. (They "Ain't all that" if you ask me. - And yes, I did buy an X yesterday and love it. Just ain't crazy about those widgets).
I think the real reason this is locked down is to prevent custom ROM/Root access to enable tethering. There are other issues I'm sure, but at the top of the list is to protect that revenue Big Red is trying to generate.
As to Google 'Stopping' the carriers from locking this down, please understand that if the carriers can't protect their revenue streams, they simply won't allow the phones on their network, and that would hinder the growth of the OS in general.
Don't take any of my words as endorsement of VZW/Moto actions. I'll be first in line to flash/root my phone when/if its ever possible. I'm just a realist. VZW wants $20/month for WiFi Tether. They are going to do as much as reasonably possible to keep you from doing that for free.
In a related note, 2.2 Froyo does tethering natively. I expect this to be crippled/disabled when we get our update in a couple of months.
Click to expand...
Click to collapse
Motorola has said so itself. The reason Droid X is locked down is because they don't want people stealing their custom UI. Widgets are only part of this UI. The inability to flash custom roms is merely a consequence of protecting their UI.
FtL1776 said:
No some custom roms fix those issues because they enable the hardware acceleration, which again shows that Google really should crack down on some of these custom versions of Android on phones.
Click to expand...
Click to collapse
Ah. Didn't know that.
First i must give a standing ovation to the DARK FORCES TEAM (D.F.T.) on there accomplishment on the win phone 7 os as i am very impressed with performance.
Second my recommendations to improve the future builds.
1 change the phone identification in the os from HTCLEO to HD7 so as u no longer have to go through as much trouble to activate live services.
2. make os preactivated or precracked for live services. (This May Seem as a difficult task but in actuality its not.. A good Example would be windows xp as many people have made various keygens and cracks to bypass activation, there is even a hacked version of xp where it is preactivated with genuine certificates working so dont tell me it cant be done, if anything u could come up with a registry patch that activates win phone 7's os,
if u were able to accomplish these 2 things DFT you would be the gods of Phone modding, hacking, integration, and os development (Although many already think of u as such but why not take it to the next level?)
Your requests clearly tend into the "hacking" and "warez" direction. I don´t think both of your requests will be easily fulfilled, and if, you won´t find the solution here at xda.
From my gutt feeling, I believe that the current solution stays in the grey zone where all the "classic" flashing, hacking, tweaking and modding has been for years, but overriding activation routines breaks laws.
Frankly spoken, getting the activation code from the OS maker is not a big issue as of now. In a year or two, many HD2 users will have moved on, either to Android, or maybe to WP7, or iOS, who knows - but HD2 will be outdated sometime.
I myself would much more prefer to get a properly working camera, that´s it.
very understandable about the law issues, but correct me if im wrong, did we not already break the laws by customizing the os in the beginning??? im not the most knowledgeable on this and by no means do i want to start a controversy, i just figure if we have already come this far go all the way..
Well... I'm pretty sure there is no law against porting OS's to devices besides the fact that it could break your warranty.
And Microsoft said they would not add the WP7 update to previous devices because it doesn't meet their hardware standards, but they never said it would be ported on to previous devices.
Furthermore, at the moment you have to call Microsoft for an activation key that they generate on the spot for any phone, model, etc... They even ask if you need a key before asking for your name, email, phone number and other information (at least they did for me), so in a way, they are promoting this behaviour.
So there is nothing completely wrong with doing this at all, but it sounds like you just don't want to call Microsoft for key that takes all of 5 minutes.
And what tictac0566 is right. All we do is take their OS and move it to our phone. That's like installing Windows 7 to your exclusive Dell Windows XP.
And we have not customised the OS that much as of yet.
darkowler said:
very understandable about the law issues, but correct me if im wrong, did we not already break the laws by customizing the os in the beginning??? im not the most knowledgeable on this and by no means do i want to start a controversy, i just figure if we have already come this far go all the way..
Click to expand...
Click to collapse
Forgive some of the answers, we don't mean to be mean . You see, sometimes it's difficult to distinguish most of the good intentions in touchy subjects like this one. It might be that it has been asked repeatedly with it only ending on a flame war or perhaps something along the lines and some are getting tired of it. It's not your fault bro.
Let me put it into perspective though, as far as I'm concerned, yes.. technically speaking, porting WP7 goes against the licensing terms. As a matter of fact, we aren't really supposed to do it at all. But then again, the same can be said about Winmo and all its variants.
In the past MS has stated that as long as only the software that has been shipped on the cellphone is included sans any commercial software you'd have to buy normally, then it's a go. I believe we could assume the same about WP7 for the time being. Asides it helps them find bugs faster and treat like a big beta-testing but just in real life by XDA.
I believe Microsoft isn't much bothered by it or rather is not a threat. But the moment you mess with it's DRM or rather the services (XBOX mainly to be specific) being protected by whatever algorithm Microsoft has put in place it then you are already touching their crown jewel.
Hacking the device for tiles is not a priority for MS, but hack the Live services and this can only assure or give the impression anyone can tinker enough to hack to cheat on the Live service (which is rather amusing, since hacking gamer points and scores is just so wrong in so many levels).
I'd say it's just like the Xbox console. As long as you don't mess with Xbox Live, then most of the hacks aren't really blocked unlike Sony, which sued the pants off everyone and now that is why the PS3 was gutted to pieces recently. I hope that helps a little more.
Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
This is still all brand new, so I imagine later that someone will be provided with a prototype of some sort and may be able to answer those questions? I think we should start a donation for the pioneers of homebrew on WP so we can get something good done =)
Sent from my SGH-i917 using XDA Windows Phone 7 App
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
StevieBallz said:
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
Click to expand...
Click to collapse
Agreed. It will be difficult to break and it may take some time, but good thing we have some awesome people that are devoted to making it happen
hack is possible
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Shaggykjb said:
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Click to expand...
Click to collapse
I wouldn't say a boot hack could be seen anytime soon due to bitlocker and secure boot.
Have you seen any exploits on the current Windows 8 through HTML5? Since Microsoft's implementations of ANYTHING are always different (Even when they say it is compliant), I would imagine that the HTML5 on W8 won't have the same exploits. I'm thinking it will be quite difficult, but I wouldn't say impossible. That's why I think we need the current WP7 hackers or even the Android hackers in on this... The ones that know and understand the low-level aspects of x86 and ARM to be able to know what is going on behind the scenes and try to get around it. Given that a good bit of the second gen windows phones still aren't able to be interop-unlocked and sideloaded, I am sure Microsoft has patched the ways those backdoors in w8 and wp8.
As so much Malware was installed through IE previously Microsoft did a great deal of work to harden it against Exploits. But furthermore it would only be the first step to find a vulnerability in the browser or an HTML5-App.
IE itself is run in it's own OS compartment which runs below regular user rights. So if code gets run in the Browser context it effectively can't do very much. This is one of the reasons why desktop exploits started to rely more heavily on Flash and Adobe Reader Bugs (those plugins ran on user privileges).
The HTML5-Apps are most likely to execute in the least priviledged chamber separated from each other very much alike to the way WP7s Silverlight Apps are isolated from each other.
Given that I guess it will need people who understand the system architecture pretty well to crack it open. The easiest vector for getting Homebrew Apps on most likely is the LOB (Line of Business)-App support.
Even if you were to find an exploit, it's highly doubtful that it will give you anything. WP8 is with UEFI Secure Boot something entirely new in that aspect, in that it's likely to see a full bottom-up chain of trust. You'd likely need to break UEFI itself to get any binaries persistently with elevated privileges. If the UEFI firmware is not upgradable on the device (for instanced burned on the chip) the protection is unlike for current phones theoretically perfect.
Of course, it remains to be seen in what extend WP8 will validate signatures, but if say any elevated code needs signing, then a permanent full/root unlock is very unlikely to achieve.
Hard SPL unlocks as they're seen with the Titan and Radar will also be a matter of the past with WP8.
TitusO said:
Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
Click to expand...
Click to collapse
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
vickylance said:
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
Click to expand...
Click to collapse
You have removable SD card support and can install applications to it. However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee. Meaning, it's highly likely that the phone will check signatures on all applications, including those on the SD card and you won't be able to run them otherwise. (actually WP7 does this already - if your devel unlock expires and the phone relocks, all unsigned apps will not run anymore)
ZetaZynK said:
However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee.
Click to expand...
Click to collapse
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
According to CNet Asia a Microsoft Employee during Technet told them that SD-Card installation meant installation from SD-Card instead of App-Installation to the SD-Card (see here: http://asia.cnet.com/apps-cannot-be-installed-to-microsd-cards-on-wp8-62217133.htm)
The latest rumor is that WP8 will include TPM chips on all handsets. Thus will drive added hardware security to the firmware. I am feeling very skeptical that WP8 will be rootable as a result. I have a TPM system in my Win 8 laptop and it is damned secure.
Sent from my Kindle Fire running ICS
StevieBallz said:
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
Click to expand...
Click to collapse
Hm, I believed I had read this, but seems you're correct. Not sure where I believed to have done so right now.
kenikh said:
The latest rumor is that WP8 will include TPM chips on all handsets.
Click to expand...
Click to collapse
TPM is not the problem here - secure boot is. Considering Microsoft announced secure boot as part of the WP8 announcement, it's kind of likely that all devices will ship it.
Secure boot and a TPM both can deliver a trusted boot path, but with significant differences in the execution. With a TPM you store a key and Platform Context Registers (PCRs) on the module - if the PCRs mismatch then some part of the configuration was altered which is likely indicating a breach of trust in the boot path. With Secure Boot, one or more vendor generated keys (and not a self-generated one, like on a TPM)are stored in the system's firmware. If the boot loader is not signed by one of those keys, the device refuses to boot. This means that you can't replace the boot loader with custom code (as you do with for instance a HSPL). In a TPM-based scenario, the user can re-assign TPM ownership, Secure Boot has no such concept.
Note: x86 PCs will come with Secure Boot too, soon. However, MSFT requires ARM devices to have these keys assigned by the OEM and requires the manufacturer to allow changing the keys or disabling Secure Boot - for x86, they require the opposite, a PC without an option to add your own keys or to disable secure boot would fail the Windows 8 hardware certification.
If you come across the information again please let us know. There seems to be some confusion on the SD card topic (WinSuperSite reported differently).
As for secure boot and the TPM: if Microsoft decides to make CustomROMs hard the best course of action seems to emulate the "Enterprise Marketplace" given the assumption that those won't user Microsoft certificates but instead company certificates (which could be installed by the user similarily to the Exchange server certificates today). But we'll have to wait and see how that gets implemented in the end.
PS: Just found the following on Microsofts Windows Phone Developer Blog
LOB app deployment – Many enterprises understandably want to keep their line-of-business (LOB) apps in-house, controlling how they get published and deployed. In Windows Phone 8, we support several new channels for deploying LOB apps to enterprise devices, including installing from a website, SharePoint, or email.
Click to expand...
Click to collapse
Sounds pretty much like sideloading might be a lot easier then we think it is.
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently. Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
lseidman said:
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently.
Click to expand...
Click to collapse
Microsoft ruins the experience for WP7s even more imho. There's really a lot of essential stuff that unlocked WP7s can do, but that stock WP7 is unable to do.
lseidman said:
Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
Click to expand...
Click to collapse
This can be easily worked around: If they just made developer unlocks free (keeping the same deployment system as is), that would make it near to impossible for malware to spread.
lseidman said:
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
Click to expand...
Click to collapse
...and this is why I believe WP8 will have security measures against abuse of that private app deployment feature. Also, XAPs are not even badly protected right now.
Just for fun!
http://www.youtube.com/watch?v=cSnkWzZ7ZAA
He uses WP7 on 1:50
THE most informative thread on the WP8 section hands down....all u guys...BIG thanx for all the info...
Sent from my DROID RaZr.
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
devize said:
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
Click to expand...
Click to collapse
Stick with Android. Windows phone will not be developer friendly. This is my biggest problem with windows phone. The whole works out of the box experience really doesn't work when the software is young and lacking basic functionality . There is barely anything you can do with wp7 right now and winp8 is supposed to be even more locked down
Sent from my T8788 using XDA Windows Phone 7 App
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
Read here.... http://www.wpcentral.com/mercenary-hackers-hackingteam-claim-full-control-over-windows-phone. Not sure how to feel about this??? If true then there's definately hope for unlocking more WP8 handsets yet at the same time with all the NSA crap going on and concerns about privacy and security...WTF??? Reading around various forums and sites I am actually surprised how many people are NOT interested in unlocking their devices naming security as their number one reason for switching to the WP8 platform. In all the time I've spent here on the forums, with the exception of a few shady posts by no one of any consequence, I have never seen any maliciousness in the the search for exploits and attempts to unlock devices. If anything it almost seems like a game between devs and MS/OEMS and it wouldn't surprise me one bit if some of the devs here were offered opportunities by those same entities; if not then our gain, MS's loss. However this article got me thinking about the possibilities and implications of any exploits or unlocks found and just wondering what others thought... As for my mindset....I paid for my device with hard earned cash therefore it should be mine to F up as I see fit and I will deal with the consequences like a big boy.
Microsoft buying Apple is much more plausible that what is in there.
Part of having a secret surveillance plan is to actually keep the plan secret.
I doubt the group "responsible" for this would post their achievements on the internet, provided they are supported by the government.
tonbonz said:
Read here.... http://www.wpcentral.com/mercenary-hackers-hackingteam-claim-full-control-over-windows-phone. ... As for my mindset....I paid for my device with hard earned cash therefore it should be mine to F up as I see fit and I will deal with the consequences like a big boy.
Click to expand...
Click to collapse
You and folk like you are in the insignificant minority of the population
There are far to many people that will quite happily blame MS / OEMs / Networks for any and all problems regardless of who actually broke it.
The other thing is said networks / OEMs don't want you arsing about with their phone, for example, ATT take great pride in being able to charge you for a service that is free, if the phone was unlocked that would stop and ATT would be out of pocket. They pull out of WP arena and rollocks your fathers uncle, MS loses market share.
it sucks, but such is life, now that MS has locked down the market place with from what I can tell is completely impervious to abuse, I doubt very much they could give a $h!t what you do to the platform and if you can unlock it, they do however care about market share which is where the networks come in...
Oh, that's pretty plausible, actually. Even if you assume it's for every device on every version of the OS, I'd still be willing to believe it. Microsoft has done well on security with WP8, hardening the OS (NT in general) over the last decade or so to remove vulns, and using pretty good sandboxing of WP8 apps to minimize attack surface. With that said, there are still items being found, and patched (at least on the PC), regularly in Windows. Some of those vulnerabilities will be present and reachable on WP8 as well, and given how slowly phone updates roll out, I wouldn't be surprised if there's a known but un-patched issue being exploited. For that matter, it could be a true zero-day - something Microsoft is completely unaware of, at least when the exploit was first used - although I think that's less likely.
dazza9075 said:
You and folk like you are in the insignificant minority of the population
There are far to many people that will quite happily blame MS / OEMs / Networks for any and all problems regardless of who actually broke it.
The other thing is said networks / OEMs don't want you arsing about with their phone, for example, ATT take great pride in being able to charge you for a service that is free, if the phone was unlocked that would stop and ATT would be out of pocket. They pull out of WP arena and rollocks your fathers uncle, MS loses market share.
it sucks, but such is life, now that MS has locked down the market place with from what I can tell is completely impervious to abuse, I doubt very much they could give a $h!t what you do to the platform and if you can unlock it, they do however care about market share which is where the networks come in...
Click to expand...
Click to collapse
I'm used to being the minority, in a world full of sheep I'd much rather be a wolf, but insignificant? Harsh... Of course the security of the platform is probably the biggest selling point MS had to offer the networks and with perfect timing. I'm sure it's helped increase market shares when everyone's worried about keeping their data secure. As for the marketplace, I am constantly amazed at the apps being created but use very few myself. My kid spends more time on my Lumia than I do; using the Kid's Room feature to play games. Another brilliant "security" feature and one of the first features I point out to any parent asking about the platform. Anyways, knowing the work done here and intentions behind it, seeing that some group possibly gained full access to the platform simply for the purpose of "spying" for anyone that can pay their fees kinda p***ed me off and wondered what others thoughts were...
"Mercenary hackers claim full control over Windows Phone"
and my grandpa told me he had sex with Lili Marleen... but who know... maybe has maybe not
tonbonz said:
I'm used to being the minority, in a world full of sheep I'd much rather be a wolf, but insignificant? Harsh... Of course the security of the platform is probably the biggest selling point MS had to offer the networks and with perfect timing. I'm sure it's helped increase market shares when everyone's worried about keeping their data secure. As for the marketplace, I am constantly amazed at the apps being created but use very few myself. My kid spends more time on my Lumia than I do; using the Kid's Room feature to play games. Another brilliant "security" feature and one of the first features I point out to any parent asking about the platform. Anyways, knowing the work done here and intentions behind it, seeing that some group possibly gained full access to the platform simply for the purpose of "spying" for anyone that can pay their fees kinda p***ed me off and wondered what others thoughts were...
Click to expand...
Click to collapse
aye, we are significant in our world but there are a lot more numpties out there then there are of us
GoodDayToDie said:
I wouldn't be surprised if there's a known but un-patched issue being exploited..
Click to expand...
Click to collapse
I totally agree with you but until I see something concrete these are only words...or like I can say in Italian:
fatti, non pugnette!:laugh: (facts, no word please)
Oh, to be sure. Still, it actually gives me a little hope for finding a universal "jailbreak" hack... although I'd prefer one that isn't remotely exploitable.