Related
Few things about the Android as background;
1) Android is open source and is enough to run a device on its own.
1a) People will argue that it isn't, that proprietary binaries are required. This is a *hardware dependent* argument. Blame HTC for having proprietary closed source binaries. 'Droid works fine on an openmoko using all open source software. http://wiki.openmoko.org/wiki/Android
2) Not all of what is on your phone is actually part of AOSP, i.e. *market*, *gmail*, etc.
3) Open and closed source components can exist in the same system without conflict.
4) Any particular organization can develop BOTH open AND closed source components, and these can, in fact, exist in the same system without conflict.
The situation:
Cyanogen has been issued a cease and desist order by Google related to inclusion of closed source Google apps in "CyanogenMod ROMs".
The legal situation: These closed source apps are not licensed to Cyanogen for redistribution. Google does have the legal right to restrict distribution of said apps.
Why now: The most obvious recent change that could have prompted this order to happen now is the inclusion of the as-of-yet unreleased MARKET app. This market app, being unreleased, is in an unknown state. This app may not be finished testing, i.e., it may be quite buggy, to the point where it could do all kinds of nasty things, like MULTIPLE-CHARGING of customer's when they buy paid apps, releasing payment and/or account information to unauthorized targets, failure to put secure apps into secure locations or other vulnerability allowing easy copying of protected apps, OR OTHER vulnerabilities. That being the case, Google may be *WORRIED ABOUT POTENTIAL PROBLEMS* in the new market app (rightly, as it may not have completed testing and/or may have KNOWN issues).
Why the order against *all* closed-source apps: This is simple. How can they order the removal of *just one*? If they order the removal of *just* the new market app, the legal implication is that the other closed source apps *can* be redistributed, i.e. precedence is 9/10ths of the law -- they would be closing the door on the enforcement of those apps in the future, i.e., for security reasons since regarding the closed source apps, Google is legally liable for their correct function.
So would the ignorant people talking about how evil Google is for doing this, PLEASE STOP spewing your mouths off regarding things that YOU DON'T UNDERSTAND? You're not helping anybody.
EVERYONE should read this.
I will admit, this post made me re-think what is really going on. He is just the first to get a finger shook at him, the rest will follow unless the developers and Google get stuff squared away.
i still think google is acting like asswholes though.
I do to but thank you for looking at things clearly unlike alot of other people inlcuding my self at first but once i started thinking about the new market i understood google
Just curious here but can an open source app be developed to access Market? Or are the codes for accessing Market closed?
Makes sense now, Google Just don't want to be responsible for something like customer's info being stolen.. and have the masses calling or infront of their door with pitch forks inhand,,
Then,
Why didn't Google say this?
Instead, they patronize and belittle the community.
http://forum.xda-developers.com/showpost.php?p=4609612&postcount=3
I don't mean to attack the OP with this post.
It's just a question.
Most likely because they are a dev or a lawyer. They just don't like speaking English. They have to say it all complicated and then have someone else translate it for them.
i think that this is from a stupid lawyer team, and google just sent it for legal reasons, i think the dev team has nothing to do with this.... isnt this why the created android, to have an open source platform.... i think Cyanogen and google just need to come to a compromise, either that or we just dont use googles apps even though half of them have better counterparts in the market
i do know this, the law is the law. Is the law always perfect, hell no. Cyanogen did no wrong. He helped out every single one of us running an android powered phone.
Could something wrong happen with an experimental build? Ofcourse. That is why he has his own disclaimer. If you are smart enough to root your phone, you should be smart enough to realize potential dangers in running leaked and/or experimental code.
Google is being a douchebag for their actions. Htc doesnt issue cease and desist orders for all of you running hero and that directly involves their sales in their phones. How many windows mobile roms are on this xda forum? How many have been ordered by microsoft to stop distributing their work?
To me it is ridiculous google is doing this. I know they are legally right but that doesnt mean they should screw us early adopters of their software with lame and slow updates and a product that is obviously inferior to the coding and development of one man with the help of a few others.
The reason i bought my g1 instead of an iphone or windows mobile phone was because of this community. Now all of us have had the benefits of cyanogen in one way or another. I dont want to be a douchebag as well and not speak up for a man who has helped me out when he had no reason to do so
honestly cyanogen would have probably been fine had he left the new market out. fact is our phones came with the old version and thats what we payed for when we got them. if say on the g1 t-mobile decides not to offer and upgrade to 1.6 then that means there not going to pay google to have the new app on our phones so if we hack it and throw it on anyway then google doesnt make there money and we are in every way STEELING IT. if you worked for and got payed by google i bet it would upset you if people were steeling your product that you worked hard to create.
so do i agree they should force him to rethink some of his newer roms? yes
but i think the older ones that just have software our phones already came with should be left alone
AND i think we should be aloud to purchase the new software from google if we want it.
but google search google maps and all that crap has nothing to do with this as you can get them all FREE online this is probably 99% the new app being on peoples phones that didnt pay for it. you bought the original market when you bought your phone thats why google hasnt had a problem untill now.
everything set aside i love cyanogens work i love my 4.0.4.... i HAVE 4.1.11.1 saved i will probably even install it just to check it out if he doesnt come out with a stable version which is what i was waiting for. but if he comes out with a non google stable version i have no problem installing my old market onto it, i already have it backed up and ready to go. i payed for it and im keeping it no matter what rom i run! and i hope he keeps doing his thing im all for him and love what he does and would even pay for it if i had to! i hope this doesnt stop him and i hope they work things out. if he wants money for all the work hes been doing im sure people wont blame him and as long as it gives him insintive to keep going im happy!
my two cents
cy has been perfecting their roms and now that they got the tools that they need they are going to plagerize his programming and impliment it into their next great g phone....and the only way to say its theirs is by getting rid of any shred of evid that is out there
i understand what Google is doing..its upsetting but they have a point, they gave us an OPEN SOURCE OS, thats good enough, the devs make it a better, more fun, experience...so just shrug it off, rid it of ALL closed source apps.
Google should than allow the All Google apps available to those with Google Experience phones(before customizing with a ROM), they could make you register with your phones EMEI (maybe? if possible).
Also so this obviously means his ROMs arent here on XDA...What is XDAs stand on the situation? Were they pulled by XDA or did Cyanogen pull them?
I don't know if this has been suggested before. I've seen dev-team on iphone doing something similar: why don't you make an "installer" script that takes all Google APKs from the device (which has stock image) then flash the rom and reinstall the APKs.. This way you don't have to distribute google apks. Not sure if that's possible if there is some kind of encryption protection on Google apps, just a suggestion .
No matter what it was a mountain made out of a mole hill.
id just like to see google allow open access to their market place.
then put all closed source google apps on there for download just like any other apps.
However from what I understand its not as simple as this as they arent just apps there is a whole framework that goes with it. bah.
MS never sent a takedown notice
MS never sent a takedown notice to xda-developers.
Ready.........Fight!
http://googlefight.com/index.php?lang=en_GB&word1=Google&word2=Cyanogen
wshwe said:
MS never sent a takedown notice to xda-developers.
Click to expand...
Click to collapse
That is the stupidest thing I've ever heard;
1) xda doesn't host any wimo roms.
2) xda doesn't develop any roms at all -- that is up to the individual who does so.
3) How the hell would you know? MS probably did some real *****y stuff like sending goons to the modder's home, harassing the modder's wives, and issuing threats like "stop doing this, don't tell anybody we threatened you, and pay up $10,000 or we're taking you to court over it".
First of all: I'm an OSS advocate and love the idea of open source. Don't forget that while reading this.
Some 2 month ago, I got myself a Galaxy S. It's not exactly cheap, but on the other side, it's really good hardware. This thread is not about Samsung or the Galaxy S. It's about the missing parts of android security.
We all know it from our home computers: Software sometimes has bugs. Some just annoy us, others are potentially dangerous for our beloved data. Our data sometimes gets stolen or deleted due to viruses. Viruses enter our machines by exploiting bugs that allow for code execution or priviledge escalation. To stay patched, we regularly execute our "apt-get update;apt-get dist-upgrade" or use windows update. We do this to close security holes on our systems.
In the PC world, the software and OS manufacturers release security bulletins to inform users of potentially dangerous issues. They say how to work around them or provide a patch.
How do we stay informed about issues and keep our Android devices updated?
Here's what Google says:
We will publicly announce security bugs when the fixes are available via postings to the android-security-announce group on Google Groups.
Click to expand...
Click to collapse
Source: http://developer.android.com/guide/appendix/faq/security.html#informed
OK, that particular group is empty (except for a welcome post). Maybe there are no bugs in Android. Go check yourself and google a bit - they do exist.
"So why doesn't Google tell us?", you ask. I don't know. What I know is that the various components of Android (WebKit, kernel, ...) do have bugs. There's nothing wrong with that BTW, software is made by people - and people make mistakes and write buggy code all the time. Just read the changelogs or release notes.
"Wait", I head you say, "there are no changelogs or release notes for Android releases".
Oh - so let's sum up what we need to stay informed about security issues, bugs and workarounds:
* Security bulletins and
* Patches or Workaround information
What of these do we have? Right, nada, zilch, rien.
I'll leave it up to you to decide if that's good common practise.
"But why is this important anyway", you ask.
Well, remember my example above. You visit a website and suddenly find all your stored passwords floating around on the internet. Don't tell me that's not possible, there was a WebKit bug in 2.2 that did just that. Another scenario would be a drive-by download that breaks out of the sandbox and makes expensive phone calls. Or orders subscriptions for monthly new ringtones, raising your bill by orders of magnitute. Or shares your music on illegal download portals (shh, don't tell the RIAA that this is remotely possible).
The bug is probably fixed in 2.2.1 - but without changelogs we can't be sure.
But that's not all - there's a second problem. Not only are we unaware of security issues, we also don't have automated update mechanisms.
We only receive updates when our phone's manufacturers release new firmware. Sadly, not all manufacturers support their phones in the long run.
In the PC world, most Distros have a central package management - that Google forgot to implement in Android. Agreed, some phones can receive OTA updates, but that depends on the carrier. And because of the differences in Android versions it's not possible to have a central patch management either. So we do not know if our Android devices might have security issues. We also have no easy way to patch them.
Perhaps you knew this before, then I apologize for taking your time.
What do YOU - the computer literate and security aware XDA users - think about this? Do you think that's a problem? Or would you rather say that these are minor problems?
Very intresting, thanks! The update problem should be fixed with the next release, no more custom UIs and mods from phone manufacturers,at least google said that
Sent from my Nexus One using XDA App
Excellent post and quite agree with you. The other significant problem looming is the granularity (or rather, lack thereof) in app permissions which can cause problems you describe without bugs and exploits. I install an app that does something interesting with contacts and also has internet access to display ads. How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
I love Android but it's an accident waiting to happen unless the kind of changes you advocate are implemented and granularity of permissions significantly increased. I don't like much about Apple but their walled garden app store is something they did get right although IMHO, they also abuse that power to stifle competition. Bring out the feds!
simonta said:
The other significant problem looming is the granularity (or rather, lack thereof) in app permissions [...]
How do I know that my contacts are not encrypted, so making sniffing useless, and beamed back to mummy? Nothing other than blind trust!
Click to expand...
Click to collapse
I agree, although I'm not sure that less experienced users might have difficulties with such options.
simonta said:
I love Android but it's an accident waiting to happen
Click to expand...
Click to collapse
Sad but true. I'm just curious what Google will do when the first problems arise and the first users will have groundshaking bills.
If that happens to just a few users, it'll get a kind media coverage Google surely won't like.
I've seen quite a few android exploits posted on bugtraq over the years. It's a high-volume email list, but with some filtering of stuff you don't care about, it becomes manageable. It's been around forever and is a good resource if you want the latest security news on just about anything computer related.
http://www.securityfocus.com/archive/1/description
People are bashing a lot about the Android security model but the truth is you can never have 100% protection with ANY solution.
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Speaking again of Android. I think the permission model is not bad. I mean, no other OS got such detailed description about what an app can do or not. But unfortunately it can only filter out very conspicuous apps, i.e. a Reversi game asking for your location and internet access. But then you never know... if the app is using ads it requires location and internet access, right? so what can you do?
RAMMANN said:
Apple is not allowing any app in their store. Fine. but mostly they are only filtering out apps that crash, violate some rules or they just don't like them or whatever. but they can never tell what an app is really doing. Therefore they would neeed to reverse-engineer every app they get etc. That's just impossible considering the amount of apps....
Click to expand...
Click to collapse
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Of course you can't get 100% security and I don't think that's what we're saying, but there is a lot you can do.
Take for example internet access which is the biggest worry I have. The only reason most apps request internet access is to support ads. I now have a choice to make, don't use the app or trust it. That simple, no other choice.
If I installed an app that serves ads but did not have internet access, then the only way that app can get information off my phone is to use exploits and I'm a lot more comfortable knowing that some miscreant needs to understand that than the current situation where some script kiddy can hoover up my contacts.
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
I absolutely agree with you on Apple, one of the main reasons that I chose a Desire instead of an iPhone, but the Android approach is too far the other way IMHO.
Just my tuppence, in a hopeless cause of imagining someone at Google paying attention and thinking you know what, it is an accident waiting to happen.
marty1976 said:
Not really, they do blackbox testing and let the apps run on emulated devices they then check if the app "behaves" as desired...
Click to expand...
Click to collapse
Well, so why did a tethering app once make it into the appstore?
Also I think there are many possibilities for an app to behave normal, and just start some bad activity after some time. Wait a couple months until the app is spread around and then bang. Or remotely launch some action initiated through push notifications etc.
If there is interest, then there is always a way....
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
I agree that a seperate permission for ads would be a good thing.
But there are still many apps which need your location, contacts, internet access.... all the social media things nowadays. And this is where the whole thing will be going to so I think in the future it will be even harder to differenciate.
Getting back on topic: I just read that Windows 7 Phone will get updates and patches like desktop windows. That means patchday once a month plus when urgency is high...
simonta said:
However, if internet access and ad serving were separate permissions, you could in one hit address, taking a wild guess, 90% of the risk from the wild west that is Marketplace. With a bit more design and work, it would be possible to get the risk down to manageable and acceptable levels (at least for me).
Click to expand...
Click to collapse
But, how do you distinguish them? Today, (as a developer) I can use any ad-provider I want. In order to distinguish ads from general internet access, the OS would need one of:
A Google-defined ad interface, which stifles "creativity" in ad design. Developers would simply ignore it and do what they do now as soon as their preferred ad-provider didn't want to support the "official" ad system or provided some improvement by doing so.
An OS update to support every new ad-provider (yuck^2).
Every ad-provider would have to go through a Google whitelist that was looked up on the fly (increased traffic, and all ads are now "visible" to Google whether Google is involved in the transaction or not). This would also make ad-blocking apps harder to implement since Google's whitelisting API might not behave if the whitelist was unavailable. On the upside, it would make ad-blocking in custom ROMs be trivial.
Even if Google did one of these things, it still wouldn't provide any real increase in privacy or security. The "ad service" would still need to deliver a payload from the app to the service (in order to select ads) and another from the service to the app (the ad content). Such a mechanism could be trivially exploited to do anything that simple HTTP access could provide.
http://code.google.com/p/android/issues/list
issues submitted are reviewed by google employed techs... they tell you if you messed up and caused the issue or if the issue will be fixed in a future release or whatever info they find.
probably not the best way to handle it but its better then nothing.
twztdwyz said:
http://code.google.com/p/android/issues/list
Click to expand...
Click to collapse
Knew that bug tracker, but the free tagging aka labels isn't the best idea IMHO.
You can't search for a specific release, for example...
twztdwyz said:
probably not the best way to handle it but its better then nothing.
Click to expand...
Click to collapse
Ack, but I think Google can do _much_ better...
Two more things to have in mind:
1. I doubt that many Android users bother much about what permissions they give to an app.
2. Using Google to sync your contacts and calendar (and who knows what else), is a bad, bad idea.
http://forum.xda-developers.com/showthread.php?t=1453695
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Rayman96 said:
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Click to expand...
Click to collapse
sorry if i did hurt you. well i was a beta tester for the app. it did performed well for me, besides comodo is a reputed company after all and they are standing for free softwares.
I posted the links cause it contains all the details of the software, details about the company etc, i thought its better than i explain those details.
about double posting, the one i posted is in the general section is for all to see. The second is for my fellow lgp500 users, where i really belogs. i hope i am clear enough. no harm ment
Best free antivirus is your brain - never install app without good amount of comments about app.
AdvDretch said:
Best free antivirus is your brain - never install app without good amount of comments about app.
Click to expand...
Click to collapse
Who in this world has time to read all that? Have you ever tried to read Google’s conditions and policies while creating a Google account? Certainly the answer would be ‘NO’. Do you know that Google had 60 different policies that helped them to collect data from your personal Gmail and other Google apps? Now do you know that they had merged all these in to one policy?
Google will know more about you than your wife does. Everything across your screens will be integrated and tracked. Google noted that it collects information you provide, data from your usage, device information and location. Unique applications are also noted. Sure you can use Google’s dashboard and ad manager to cut things out, but this policy feels Big Brother-ish. Google is watching you as long as you are logged in. It’s also unclear whether this privacy policy move will be considered bundling in some way by regulators. This unified experience hook appears to be at least partially aimed at juicing Google+. Google responded with clarification: Google noted that it already has all that data, but it’s now integrating that information across products. It’s a change in how Google will use the data not what it collects. In other words, Google already knows more about you than your wife.( not my comment go read this.... http://m.zdnet.com/blog/btl/googles-new-privacy-policy-the-good-bad-scary/67893)
Now my question is whether Google is good or bad? Do you need Droidwall to defend your privacy? Or do you still believe in your Brain(better do not believe in brain but use it to think rationally)?
Conclusion: we need a new definition to “virus”...My contribution is Anything that steals your private data is a virus.( no flames needed, no harm meant...just my thought about the relevancy of protective apps like Droidwall, comodo, avg, etc. ...etc)
,do we realy need anti virus?,
algie17 said:
,do we realy need anti virus?,
Click to expand...
Click to collapse
You dont need one
Sent from my LG-P500 using XDA Premium App
josinpoul's mean run anti virus before creating Google account
And if too don't have anti virus then don't use Google. Josin your explanation is wrong. Brain and antivirus both useful.
No need for 2 topics about one thing but thanks for sharing!!!
http://ca.reuters.com/article/technologyNews/idCATRE81N1T120120224
By Jim Finkle
BOSTON (Reuters) - Cybersecurity experts have uncovered a flaw in a component of the operating system of Google Inc's widely used Android smartphone that they say hackers can exploit to gain control of the devices.
Researchers at startup cybersecurity firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user's phone carrier. The message urges the recipient to click on a link, which if done infects the device.
At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike's claim.
Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents.
He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
"With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices," said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike. Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple's App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple's iPhone by sending malicious code embedded in text messages that was invisible to the phone's user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1.
Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google.
CrowdStrike's method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system's Web browser.
Webkit is also incorporated into other software programs, including Google's Chrome browser and the Apple iOS operating system for the iPhone and iPad.
CrowdStrike said it had not attempted to create software to attack iOS devices or the Chrome browser.
Ok, now a group of hackers control 500000000 devices... an antivirus will slow the phone down more than a hacker trying to run a phone from another continent over your 2G network... just think about it... how can your screen be monitored over 3G in real-time? It can't be done on my 5Mbps PC...
And if you turn data off, then 1GB of data will be sent to google when you turn it on??? Think logic...(where the f**k do you store that??? I think the effect will be noticed right away, and the attacker has no time to take control, unless you are stupid enough to see a 1GB file and not suspect anything...) PCs have real-time protection, but that is because there are terrible threats out there, and they are optimized, they don't slow down... on your phone, you will regret having a phone for 2 years running like **** and then dropping in water, while you could have best performance in those 2 years...
We are not windows, but we are android, and it is the most unsafe mobile OS, if you want a safe one, get from apple... just 2x price at ½ quality...
Sent from my LG-P500
well i use avast antivirus
but not for scanning viruses
but rather for anti-theft feature and firewall(blocking apps)
and isnt android a java based OS ??
im sure there are not many virus's
that can cause heavy damage
I have been a fan of XDA and appreciate the development and support the devs provide. But last few days a thought is bugging me continuously. We saw a lot of posts about S Voice and other apps being ported to other devices. Specially for S Voice, I believe that it's illegal as this could potentially cause Samsung to lose sales. My views:
1] We know that this is re-designed vlingo. vlingo is available in market, S Voice is NOT. Clear indication that they (as in Samsung) don't want the app to be used with other devices and they are not willing to sell it separately. Using vlingo from market is NOT same as using S Voice.
2] Did Samsung give us the permission to use/modify and distribute the app?
3] There is some infrastructure costs associated with running the services. It costs money to install and maintain servers and network. I work in enterprise storage management, so I am aware of costs associated with such massive infrastructure. Who pays for the non-SGS3 devices using the services?
4] Did Samsung every promise that SGS2/Nexus or other phones will get S Voice? So, why should we assume that other Samsung-device owners have the divine right to use a feature meant for SGS3?
5] It is one of the main USP for SGS3. Check here. This is listed as the top-most feature in the SGS3 product page. Hacking this app to be used with other phones is going to harm the phone sale. Is that not clear enough?
6] When Samsung started blocking connections from other devices - was that not an indication that they want the service exclusive for SGS3?
7] How is this different from movie piracy? The uploader never gains anything, but the studios/producers lose money.
8] What if Samsung starts locking their device in future with locked bootloaders/DRM/encryption because of such activities? Can we then blame Samsung for locking the devices?
9] Android is open source - but why assume that every feature in any Android is also open source? If someone can show me that S Voice is open source software, I will retract my statement.
It's sad that most people here equate freedom with piracy. Freedom and piracy are not same thing. Such act in the name of open source and community-feeling does not make it right. Maybe Samsung won't do anything about it -- but it does NOT make this act any better. It will just prove that Samsung considers this to be a petty nuisance (I am not using the word crime as I know nobody is doing this for any monetary gain).
Though I support open initiative with regards to Android, but I can't support such act.
Last check this statement from Samsung in VERGE
An initial test version of S Voice which was found online has been blocked as Samsung Electronics does not want consumers to judge the quality of the voice feature based on a test version. When the product is launched, users of GALAXY S III will be able to fully experience S Voice.
Exactly my thoughts. Though I am not sure what can be done to stop it.
Sent from my GT-I9100 using Tapatalk 2
rd_nest said:
I have been a fan of XDA and appreciate the development and support the devs provide. But last few days a thought is bugging me continuously. We saw a lot of posts about S Voice and other apps being ported to other devices. Specially for S Voice, I believe that it's illegal as this could potentially cause Samsung to lose sales. My views:
1] We know that this is re-designed vlingo. vlingo is available in market, S Voice is NOT. Clear indication that they (as in Samsung) don't want the app to be used with other devices and they are not willing to sell it separately. Using vlingo from market is NOT same as using S Voice.
2] Did Samsung give us the permission to use/modify and distribute the app?
3] There is some infrastructure costs associated with running the services. It costs money to install and maintain servers and network. I work in enterprise storage management, so I am aware of costs associated with such massive infrastructure. Who pays for the non-SGS3 devices using the services?
4] Did Samsung every promise that SGS2/Nexus or other phones will get S Voice? So, why should we assume that other Samsung-device owners have the divine right to use a feature meant for SGS3?
5] It is one of the main USP for SGS3. Check here. This is listed as the top-most feature in the SGS3 product page. Hacking this app to be used with other phones is going to harm the phone sale. Is that not clear enough?
6] When Samsung started blocking connections from other devices - was that not an indication that they want the service exclusive for SGS3?
7] How is this different from movie piracy? The uploader never gains anything, but the studios/producers lose money.
8] What if Samsung starts locking their device in future with locked bootloaders/DRM/encryption because of such activities? Can we then blame Samsung for locking the devices?
9] Android is open source - but why assume that every feature in any Android is also open source? If someone can show me that S Voice is open source software, I will retract my statement.
It's sad that most people here equate freedom with piracy. Freedom and piracy are not same thing. Such act in the name of open source and community-feeling does not make it right. Maybe Samsung won't do anything about it -- but it does NOT make this act any better. It will just prove that Samsung considers this to be a petty nuisance (I am not using the word crime as I know nobody is doing this for any monetary gain).
Though I support open initiative with regards to Android, but I can't support such act.
Last check this statement from Samsung in VERGE
An initial test version of S Voice which was found online has been blocked as Samsung Electronics does not want consumers to judge the quality of the voice feature based on a test version. When the product is launched, users of GALAXY S III will be able to fully experience S Voice.
Click to expand...
Click to collapse
Samsung will have known about this,
If they explicitly didnt want it to be shared with other android phones they could have prevented this easy in one of 2 ways,
1. integrate it into touchwiz framework
2. link the phones imei or unique identifier to the app and set up a database on the servers, similar to siri's protection.
Samsung wanted this app to be freely available as they have done nothing to protect its redistribution. I dont think they mind this because they have NO competitor in the Android market and are far superior to any other OEM that produces android phones.
PS. The Android OS is open source but there are many applications that have closed source to protect their business. Touchwiz source is never fully open sourced and neither is Sense.
I remember a year ago with the CM team asking for help from Samsung for little bits of protected code to get the camera fully functioning on the stock android rom (CM7 ROM).
JD
JupiterdroidXDA said:
Samsung will have known about this,
If they explicitly didnt want it to be shared with other android phones they could have prevented this easy in one of 2 ways,
1. integrate it into touchwiz framework
2. link the phones imei or unique identifier to the app and set up a database on the servers, similar to siri's protection.
Samsung wanted this app to be freely available as they have done nothing to protect its redistribution. I dont think they mind this because they have NO competitor in the Android market and are far superior to any other OEM that produces android phones.
PS. The Android OS is open source but there are many applications that have closed source to protect their business. Touchwiz source is never fully open sourced and neither is Sense.
I remember a year ago with the CM team asking for help from Samsung for little bits of protected code to get the camera fully functioning on the stock android rom (CM7 ROM).
JD
Click to expand...
Click to collapse
My view is that we took the application and made it compatible with other devices, Samsung never explicitly gave the permission.
Maybe they thought it would be easier to upgrade the app if it's not integrated into the TW. But I fear such activity may force them to become less dev-friendly in future.
It's a different story if in future they make the code available for CM9 or other projects separately. I just hope not, but the way it's being spread over the internet, I fear they will react in some way. Also throws a bad light over XDA.
JupiterdroidXDA said:
Samsung wanted this app to be freely available as they have done nothing to protect its redistribution.
Click to expand...
Click to collapse
They obviously didn't want it to be freely available because they have blocked it now.
Anyway, I don't get this mentality that if something is not impossible to take, it's ok to take it.
I will ask about the validity of ripping/porting the samsung apps and post back to this thread. If there is anything illegal about it (and im not sure there is unless the apps have been licensed specifically to the Galaxy S3) then any links on xda will be taken down.
I cant do anything about the rest of the internet though lol.
Mark.
mskip said:
I will ask about the validity of ripping/porting the samsung apps and post back to this thread. If there is anything illegal about it (and im not sure there is unless the apps have been licensed specifically to the Galaxy S3) then any links on xda will be taken down.
I cant do anything about the rest of the internet though lol.
Mark.
Click to expand...
Click to collapse
Much appreciated. I wanted this to be brought to the notice of MODs. Nobody wants XDA to be in bad light for such a petty affair.
As for the apps (specially S Voice) being exclusive to SGS3, I think so. That's what I infer from Samsung's statement in Verge:
http://www.theverge.com/2012/5/22/3037943/samsung-blocking-s-voice-app-leak
But please do verify with relevant authorities and take appropriate actions (if required).
Mac OS X doesn't require a product key, but that doesn't mean my friend can just use my installation DVD legally, it all depends on the T&C's
The fact Samsung have blocked it for other devices should give an indication of their decision towards people using this software on another device. They may not send the FBI to kick down your door and arrest you, but cracking it to spoof a SGSIII for example would probably get a DMCA take-down notice pretty quickly. They almost certainly won't want all and sundry freely enjoying one of the big features of their new flagship device.
I have e-mailed Samsung PR dept on their views about this issue. Not sure if they check their Inbox
Unless we hear otherwise from Samsung, we will follow the normal site policy. In this case (though it is an edge case) for the moment we're allowing it.
If this is the case, then all devs who port roms from other models are in breach also.
Is this thread trying to stop dev work, and has the OP loaded the program, if he has shame on him for going against his beliefs, now let us and the devs get on with it.:what:
Sent from my GT-I9300 using Tapatalk 2
Edit: phone model is Arc, now why did I change the prop build?
OP - Care to share how this is any different from all of the Sense ports to other devices? It's not.
I also like how you thanked Mark for checking into this - and that you were waiting to hear.... And then not even an hour later you go and contact Samsung PR? It sounds to me like you have an ax to grind.
I think everything that needs to be covered has been
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.