I was wondering if someone could tell me if the sailfish version currently available for the oneplus one is as secure as ubuntu touch for the oneplus one?
I want to know this, because I want to make purchases online with this OS, and I don't want my personal info to get stolen.
If someone knows the answer to this question, please respond ASAP.
Thanks.
I'm sure sailfish takes security seriously. IT is a linux based rom, much like Android and Ubuntu Touch. Security specifically for the One Plus One should be no different to any other phone running the same software version. To my knowledge, they are officially supported (in alpha state that is) on the main forums for sailfsih OS. Do you have any specific security risk in mind, or a general risk level?
I d like to now if sailfish or ubuntu touch are secure for privacy, i feel android ios and wp spyware apps are worst than window's virus and os are bot safe enough for me i like to run an os, as linux do, keep my privacy my data for me only without sharing with companies
Related
I read both on Twitter and online about Palm Pre's "WebOS" being based on the same kernel or structure that is designed for Android/G1.
Is anybody in the works on seeing if its possible to run WebOS on a G1?
Note: I guess I'm asking to not to replace the Android but to say that if its possible and that it can be done.
webOS runs on the Linux kernel, but nothing else beyond that is open source. How are you going to port an operating system to a different microarchitecture and hardware specification without its source code? Answer: you're probably not.
Why would you want to though?
It may be cute, but the platform has yet to prove itself. Developers are going to be cautious about developing for that platform due to how palm has so severely stagnated over the last few years. Unless the platform shows signs of really catching on, I would just ignore it.
Hello,
Im currently writing an academic paper on android and openness in my master's programme. If all goes well, it will be submitted for a conference soon.
I'm looking for your opinions on having an android device open for operating system level modifications or not. As you may know, some phones have a signed bootloader such as the Motorola Milestone, t-mobile g2 (who made the phone reinstall stock OS when breached), and probably many others. Google however, make their devices open, even though they are sold as consumer devices. Many others do not bother to install circumvention mechanics.
Obviously, the people here will be biased towards allowing modification to the OS, therefore, i would like to get a discussion going, to discern what problems and possibilities you see in the long run for hardware manufacturers.
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
I would really appericiate your opinions and discussion!
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
As a beginner app developer, this has yet to bother me. I do enjoy being able to add apps that add functionality to my phone but I haven't bothered to get down into the "root" area. So no I do not check nor does it impact my decision...I own a Samsung fascinate by the way
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
My opinion on measures to prevent changes is all about PR and performance. If enough people hacked a phone and the hack caused the phone to work below is ability then the only news report you will see is the phone sucks.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
This is also a give and take if question 2 is not of a concern to them, then its def a gain for the company and to all of the developers out there that do search for the best phone and nick pick around until they find it.
Are there enough of those kind of people out there to affect a companies buttom line. Maybe not yet but in another couple of years who knows.
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
It hasnt yet been a deciding factor on which device to get, primarily because sooner or later they all get cracked open.
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
One reason could be that the carriers demand it as a way to keep any revenue that they get from the preinstalled bloatware.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
The percentage of people that actually tinker in this area is very slim, so the manufacturers most likely don't see that as a big market opportunity.
Don't have any answers, but would like to read your paper when done...sounds interesting and a Masters Thesis is always fun to read! LOL
It's not a thesis, just a short article. I might make a survey for it but I need to ask the right questions.
Not all devices get fully customized, root is common, but in my phone for example it is not possible to load a custom kernel, as the bootloader checks for signed code (Motorola's secret key). There's been a massive uproar from the owners of the Milestone, as people didn't expect to be hustled like that when getting an android phone. The main problem is of course, that Motorola takes a long time to release updates. Even as of today, Froyo has still not been released for my phone by Motorola.
While I am not sure about it, I suspect Sony Ericsson X10i owners are in the same boat, and they will get a really rotten deal, seeing as 2.1 has been officially declared the last version the device will recieve. Yet, an enthusiast could release a perfectly fine version of 2.3 if the phone accepted custom firmware and he had access to drivers etc.
So basically, you buy a piece of hardware that is very capable, but The Company decides for you which software you could run.
Imagine if you bought a Windows Vista PC right before Windows 7 was released, and the only way you could get Windows 7 on it was if that particular PC manufacturer released an official update containing all it's bloatware and applications you don't want. Since the update needs to go through all kinds of verifications and approvals, it might be delayed for a half a year, or maybe 9 months, after the new OS release. Why do we accept this on our phones and tablets?
Hi,
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your desicion?
For me personally, yes, most definately. I like to be able to get in and play, see how things work, change stuff. And i think custom ROMs IMO are a big drawcard of Android.
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
To try and ensure the device works as they want it to. Minimise support costs etc.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
Definately. Encourages improvement of existing features, and development of new stuff beyond the manufacturers initial product scope, which can be integrated in future products.
Android OS its self is an example of this - the developer community is writing apps, logging bugs, and contributing code to the benefit of future releases of Android, which in turn benefits device manufacturers.
- jc
my two cents
1. Does the possibility of making OS level modifications affect your willingness to purchase an android product? i.e. do you check if it can be modified before buying? And how much of an impact does it make on your decision?
>> Personally, I feel like the ability to modify my phone at the core level is something I as a power user can use to tailor my phone's experience in the way I need to make it the most efficient device it can be. This is especially necessary as my phone is my primary connectivity device (I really only use my laptop for things the phone just really isn't capable of handling yet, such as video conversion)
2. Why do you think hardware manufacturers put in measures to prevent custom android OS builds to be installed? Put on the corporate hat and try to see their strategy.
I think this is less the decision of the manufacturers and more of the carriers themselves. This really is because each device has to be tailored to be sold to the average user, rather than power users (read: 85-90% of people who will read this reply) and as a result is designed with an experience in mind. To the suits, anyone who take a phone that is supposed to have a specific experience in mind, and changes that, it becomes a different phone, and anyone who looks at that phone will see that. This means, TMo/HTC can't sell a G2, because everything that my office mates will see when they look at my phone is my android customizations, not a G2. my office mate, who is shopping for a phone, can get an android phone anywhere... but they can only get a /G2/ from TMo/HTC. Similarly, if I like my G2 experience, when i get a new phone, i will be more inclined to continue enjoying that experience with a G3, rather than buying any on sale android phone and making it just like my last one. Hence the need to have a G2 experience on every G2 phone. Just my 2 cents. I am not a businessman, lawyer, or doctor.
3. Do you think manufacturers have anything to gain by making devices open and free for modification, with source code for drivers and the like publically available?
Yes, but nowhere near as much as they can get by keeping their cards close to their hand. see my answer to number 2.
So I've read and heard several people talk about how easy it would be to port over the QNX kernel to Android. So I was wondering, if it's so easy why isn't someone doing it? I mean if you think Google should do this it would make a great proof of concept and could maybe sway Google a bit. Now that's not to say that I myself think Google should do it, I don't really know much about kernels, but I'd be interested in trying it, if nothing else to see if benefits do exist.
The fact that QNX is a proprietary OS might be one of the reasons.
it became closed source when RIM bought it.
You mean porting entire Android software stack to run on top of QNX kernel ? (in order to run it natively). That is not that straightforward and Google would never do it anyway. You can't just "switch" to QNX kernel, it has completely different architecture.
Android is based on old fashioned monolithic Linux kernel, with all the stability, security and performance issues that come with it. QNX has a fantastic real-time microkernel. If Android was QNX-based, that would be a dream come true.
Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
This is still all brand new, so I imagine later that someone will be provided with a prototype of some sort and may be able to answer those questions? I think we should start a donation for the pioneers of homebrew on WP so we can get something good done =)
Sent from my SGH-i917 using XDA Windows Phone 7 App
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
StevieBallz said:
Some pages state that there will be sideloading capabilities. I don't see those happen unless Microsoft is pretty sure that those can't be used to deploy Warez. Also companies will be able to deploy their own software so there has to be an alternate way to deploy software aside from the Marketplace.
But an official side load option would amount to pretty much the same as a current Developer unlock and deeper going functionality as what is provided by Interop/Full-Unlocks won't be available that way.
It is going to be interesting to get around those as the NT Kernel is likely to be a harder nut to crack than whatever Microsoft threw together on top of CE6 for WP7.
Click to expand...
Click to collapse
Agreed. It will be difficult to break and it may take some time, but good thing we have some awesome people that are devoted to making it happen
hack is possible
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Shaggykjb said:
I think were looking at this from the wrong perspective. The App developers for Windows 8 Metro will be key in the implementation of hacking the Windows 8 phone. As Microsoft stated, this phone 8 will work harmoniously with 8 metro.
Windows 8 Metro is comprised of at least 80% HTML5 coded APPS. HTML5 has huge advantages that have been exploited before in the past.
So, If Windows phone 8 is comprised of similar HTML5 code. I'm sure developers will be able to comprise a boot hack to enable sideloading.
:good:
Click to expand...
Click to collapse
I wouldn't say a boot hack could be seen anytime soon due to bitlocker and secure boot.
Have you seen any exploits on the current Windows 8 through HTML5? Since Microsoft's implementations of ANYTHING are always different (Even when they say it is compliant), I would imagine that the HTML5 on W8 won't have the same exploits. I'm thinking it will be quite difficult, but I wouldn't say impossible. That's why I think we need the current WP7 hackers or even the Android hackers in on this... The ones that know and understand the low-level aspects of x86 and ARM to be able to know what is going on behind the scenes and try to get around it. Given that a good bit of the second gen windows phones still aren't able to be interop-unlocked and sideloaded, I am sure Microsoft has patched the ways those backdoors in w8 and wp8.
As so much Malware was installed through IE previously Microsoft did a great deal of work to harden it against Exploits. But furthermore it would only be the first step to find a vulnerability in the browser or an HTML5-App.
IE itself is run in it's own OS compartment which runs below regular user rights. So if code gets run in the Browser context it effectively can't do very much. This is one of the reasons why desktop exploits started to rely more heavily on Flash and Adobe Reader Bugs (those plugins ran on user privileges).
The HTML5-Apps are most likely to execute in the least priviledged chamber separated from each other very much alike to the way WP7s Silverlight Apps are isolated from each other.
Given that I guess it will need people who understand the system architecture pretty well to crack it open. The easiest vector for getting Homebrew Apps on most likely is the LOB (Line of Business)-App support.
Even if you were to find an exploit, it's highly doubtful that it will give you anything. WP8 is with UEFI Secure Boot something entirely new in that aspect, in that it's likely to see a full bottom-up chain of trust. You'd likely need to break UEFI itself to get any binaries persistently with elevated privileges. If the UEFI firmware is not upgradable on the device (for instanced burned on the chip) the protection is unlike for current phones theoretically perfect.
Of course, it remains to be seen in what extend WP8 will validate signatures, but if say any elevated code needs signing, then a permanent full/root unlock is very unlikely to achieve.
Hard SPL unlocks as they're seen with the Titan and Radar will also be a matter of the past with WP8.
TitusO said:
Hello guys,
I'm glad to write the first post in this section.
We've all seen the Microsoft Windows Phone Summit this morning (evening) and had to notice, that they've focused on an "Complete Security Platform". Due to their "Enterprise Ready - Fundamentals", they implemented a Secure Boot and Bitlocker Encryption.
This will be very good for all of you, who are depending on a phone, that doesen't share all it's data if it's getting stolen etc.. But those of you, who built application for customization or any further experience, will get stuck.
I'd really like to discuss these news with you.
(Is the microSD support a hint for a sideloading possibility?)
It has already been hard from an interop to a full unlock for the existing devices. The Lumia 900 is up to now unaccessible...
Will this be a disadvantage in comparison to the Android strategy?
All comments are welcome!!!
Titus
Click to expand...
Click to collapse
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
vickylance said:
i think if memory card access and file access as in symbian and android is available in windows 8 then we can sideload apps if not its impossible as inh lumia 900
Click to expand...
Click to collapse
You have removable SD card support and can install applications to it. However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee. Meaning, it's highly likely that the phone will check signatures on all applications, including those on the SD card and you won't be able to run them otherwise. (actually WP7 does this already - if your devel unlock expires and the phone relocks, all unsigned apps will not run anymore)
ZetaZynK said:
However, Microsoft stated that sideloading is only available for enterprises for a (nominal) fee.
Click to expand...
Click to collapse
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
According to CNet Asia a Microsoft Employee during Technet told them that SD-Card installation meant installation from SD-Card instead of App-Installation to the SD-Card (see here: http://asia.cnet.com/apps-cannot-be-installed-to-microsd-cards-on-wp8-62217133.htm)
The latest rumor is that WP8 will include TPM chips on all handsets. Thus will drive added hardware security to the firmware. I am feeling very skeptical that WP8 will be rootable as a result. I have a TPM system in my Win 8 laptop and it is damned secure.
Sent from my Kindle Fire running ICS
StevieBallz said:
Have you got any source for Microsoft anouncing a fee per device to allow this. To my knowledge not much is yet announced in that regard. We know that there will be a cloud based solution for Management/Deployment (most likely inTune) and an on premise one.
Click to expand...
Click to collapse
Hm, I believed I had read this, but seems you're correct. Not sure where I believed to have done so right now.
kenikh said:
The latest rumor is that WP8 will include TPM chips on all handsets.
Click to expand...
Click to collapse
TPM is not the problem here - secure boot is. Considering Microsoft announced secure boot as part of the WP8 announcement, it's kind of likely that all devices will ship it.
Secure boot and a TPM both can deliver a trusted boot path, but with significant differences in the execution. With a TPM you store a key and Platform Context Registers (PCRs) on the module - if the PCRs mismatch then some part of the configuration was altered which is likely indicating a breach of trust in the boot path. With Secure Boot, one or more vendor generated keys (and not a self-generated one, like on a TPM)are stored in the system's firmware. If the boot loader is not signed by one of those keys, the device refuses to boot. This means that you can't replace the boot loader with custom code (as you do with for instance a HSPL). In a TPM-based scenario, the user can re-assign TPM ownership, Secure Boot has no such concept.
Note: x86 PCs will come with Secure Boot too, soon. However, MSFT requires ARM devices to have these keys assigned by the OEM and requires the manufacturer to allow changing the keys or disabling Secure Boot - for x86, they require the opposite, a PC without an option to add your own keys or to disable secure boot would fail the Windows 8 hardware certification.
If you come across the information again please let us know. There seems to be some confusion on the SD card topic (WinSuperSite reported differently).
As for secure boot and the TPM: if Microsoft decides to make CustomROMs hard the best course of action seems to emulate the "Enterprise Marketplace" given the assumption that those won't user Microsoft certificates but instead company certificates (which could be installed by the user similarily to the Exchange server certificates today). But we'll have to wait and see how that gets implemented in the end.
PS: Just found the following on Microsofts Windows Phone Developer Blog
LOB app deployment – Many enterprises understandably want to keep their line-of-business (LOB) apps in-house, controlling how they get published and deployed. In Windows Phone 8, we support several new channels for deploying LOB apps to enterprise devices, including installing from a website, SharePoint, or email.
Click to expand...
Click to collapse
Sounds pretty much like sideloading might be a lot easier then we think it is.
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently. Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
lseidman said:
Here is the problem with this... We're going to see DRM to the max. This has a chance of ruining the experience, just look at Apple recently.
Click to expand...
Click to collapse
Microsoft ruins the experience for WP7s even more imho. There's really a lot of essential stuff that unlocked WP7s can do, but that stock WP7 is unable to do.
lseidman said:
Also side-loading could be bad for the OS as look at Google with the possible Botnet + Trojans.
Click to expand...
Click to collapse
This can be easily worked around: If they just made developer unlocks free (keeping the same deployment system as is), that would make it near to impossible for malware to spread.
lseidman said:
More importantly as a Dev, I fear more than anything, my code will be stolen, even if I Obfuscate the XAP. I rather my App be taken than my coding be compromised.
Click to expand...
Click to collapse
...and this is why I believe WP8 will have security measures against abuse of that private app deployment feature. Also, XAPs are not even badly protected right now.
Just for fun!
http://www.youtube.com/watch?v=cSnkWzZ7ZAA
He uses WP7 on 1:50
THE most informative thread on the WP8 section hands down....all u guys...BIG thanx for all the info...
Sent from my DROID RaZr.
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
devize said:
This information is kind of making me question whether I really want to switch from Android to WP8. Anyone having used both android and WP8 want to share their thoughts? I know WP7/8 is closed similar to iOS but I think I'd like to atleast be able to sideload apps.
Click to expand...
Click to collapse
Stick with Android. Windows phone will not be developer friendly. This is my biggest problem with windows phone. The whole works out of the box experience really doesn't work when the software is young and lacking basic functionality . There is barely anything you can do with wp7 right now and winp8 is supposed to be even more locked down
Sent from my T8788 using XDA Windows Phone 7 App
Ok first of I understand the nature of Android, Fragmentation asside genuinely why can't we unlock our phones bootloader? What is the reason? Like the reason a sales rep would give you would obviously be much different then say what a tech would know, so what is the true reason and Android device isn't like a PC for example? Thank you
Verizon policy. To say much more is just speculation unless you were a part of that policy making process, or have access to the documentation on the decision.
jayman94fly said:
...so what is the true reason and Android device isn't like a PC for example? Thank you
Click to expand...
Click to collapse
That's really good question. Smartphones are basically PCs and yes could be made without OS and let user to install any compatible OS. Of course, hardware vendors must provide drivers or OS vendor have to make generic ones.
In the previous sentence is hidden answer to your question. Driver/libs are usually closed source and vendors do not wish to provide them as for Windows for example. Many of them not providing for Linux as well. And Android is based on Linux. So in short, business politic (read money) is the answer.
Also, many Android vendors like to modify Android to provide better (usually opposite) user experience, change kernel (should release source according Linux kernel license) and so on.
Android right now is mess, pretty much as Linux with so many distributions. Google is trying to fix that moving core functionality to closed source play service but that makes another problem (notice closed source).