Related
Well I was just reading a thread about someone buying a Vibrant from someone who "found" it and this person was looking for a way to bypass WaveSecure.
We all know that with a little know how that it is possible with Recovery Mode.
The question I have is there a way to prevent even a Recovery Mode reflash? To absolutely stop someone from touching the ROM at all?
I know the Security Apps out right now can track you from GPS, wipe the phone remotely, etc... But can it stop someone from reflashing a ROM?
If there is a app out there like that please let me know, but if not, what would it take to create such a app.
What are YOUR thoughts??
What if this happens and then you brick for some reason need to reflash and it's locked. I would just bank on the fact that most people think that it's a "Droid" phone and don't know ****.
I was hoping for a question like that.
Either there is a security measure which at some point of using Recovery that it asks for a password or pin. Something that will allow you to access it securely and nobody else.
Yes, it is a droid, very true, but how many droids are out there now, are going to be out there, and with the new laws that allow you to unlock your device and pretty much do anything with it, more and more people are going to start playing around. Not only that, there is always somebody who knows someone, you know.
Personally myself, I would feel secure with having an implementation like this, everything else is pointless.
It's sort of like having a anti virus on your computer but not scanning for rootkits, only viruses.
The idea of that app sounds nice and all that but I seriously doubt that the average Android user would know about flashing ROMs and all that. But if it does get into the hands of somebody that does know how to do it then it can be a problem.
jzero88 said:
Yes, it is a droid, very true, but how many droids...
Click to expand...
Click to collapse
First of all these are android devices / android phones. I was mocking the people who call these phones "droid" phones.
Now on topic: All it takes to break this security is for one person to say, "I forgot my password on for the ==sUPERlOCKER== what do I do to get access?" Then all your worry is for nothing again.
What has been done can always be undone.
Sure, unlike me, I never forget my passwords. Especially for something this serious.
Second, of course something can be undo, but to what extent, after hearing your lack of concern makes me think you don't even have a lock on your phone
Again, would you rather have a password like "1234" that is easily guessed, or would you rather have something like "00LowJK54889$3%#". It's really a matter of personal security.
You sound like one of those people who would have Security Cameras, but never has the DVR on to record anything.
I'm saying your idea is bad. I have illustrated why. You have no counterpoint other than that I am 'relaxed' about my phone security.
How about this, keep your phone in your pocket or hand? 100% security.
This should be in general and not development
Sent from my Vibrant using xda app
This has been discussed a few times, you could compile your own recovery image and program in a password while at it, or you can accept that 90% of theives(or people who would find your phone) cannot get to recovery. If I found a phone then yeah I would go straight to recovery but I'm not your average user.
Sent from my T-Mobile myTouch 3G Slide using XDA App
I'm saying your idea is bad. I have illustrated why. You have no counterpoint other than that I am 'relaxed' about my phone security.
How about this, keep your phone in your pocket or hand? 100% security.
Click to expand...
Click to collapse
First, my idea is not bad, give it time, you will see.
Second, I do not have a counterpoint because my main point is stated in the first post. Read again.
Third, I don't care if you are relaxed about your security or not. This post obviously is not for you, another negative person who stunts development if they do not see a logical use for themselves.
I wish you the best and hope that you do not need to ever use such a tool or measure. Take it easy.
This has been discussed a few times, you could compile your own recovery image and program in a password while at it, or you can accept that 90% of theives(or people who would find your phone) cannot get to recovery. If I found a phone then yeah I would go straight to recovery but I'm not your average user.
Sent from my T-Mobile myTouch 3G Slide using XDA App
Click to expand...
Click to collapse
On the Vibrant forums? Haven't seen anything yet.
Also, I am not betting on a thief or someone who found the phone to be able to get to recovery, I'm worried about who these people might know. It's surprising to see how many people out here think that they are the only person in a 20 mile radius who knows how to do such mods... Maybe it's just the people I know but I know quite a few people who can easily google and find a way, easily.
I can bet that 90% of people here do not know anything except following directions, no pun intended to those who do. I definitely do not know half of what I should know, but again, is it really that hard?
Your own logic defeats what you are saying here. Don't you understand OP?
If there is a security measure, there will be a work around it? So why have more than ONE thing for the uneducated masses and stop there?
If the person who steals your phone knows someone who could get around WaveSecure, or any other security application. Then that same person can get around ANY AND ALL other types and forms of theft deterrent. If not, they will know someone, ask on forums, etc. UNTIL they gain access.
zaduma
Then why have any security on anything at all?
You my friend make no sense, good day!
jzero88 said:
Then why have any security on anything at all?
Click to expand...
Click to collapse
Ok, I will lay it out as simply as I can man. I do not want to argue, but you are missing why this is impossible to accomplish.
The existing security layers can be compromised by lets say... 10% of the population, seeing as most people who are thieves do not talk about it, most people dislike thieves.
So effectively 90% of people will be stopped dead in their tracks by having WaveSecure, etc.
The 10% who are not stopped however, can not be stopped by any means. None. They are the people who read these forums, have technical ability, etc.
Therefore having one layer of security means 90% of people are stopped from using your device. But it has ridiculously diminishing returns. With two layers, say stopping access to recovery, 10% are now stopped. Just boot into download mode and flash with odin. Stop download mode? First of all how? Second of all, there has to be a workaround for people who forget their passwords and stuff. And guess what, those 10% will know about that as well.
So please, address these issues and resolve them somehow, and your idea has merit. Without doing so you are wasting your time.
Also, much to your liking I will assume, I will no longer be posting in this thread due to your constant elevation of flaming.
Any security pro will tell you, if you have physical access to a computer, you can make it usable for you. The only real security you can hope for its to prevent access to your data by the thief. That's what full disk encryption and such is about. For our phones, we could achieve this much with a custom kernel perhaps, but how would you enter the password? No keyboard at that level.
The cellular providers can prevent the stolen phone from getting on their networks, and some do, but that's about as far as it goes.
Its like having a lock on your front door.. Its only going to keep out the honest people... Thats what they are made for, honest people, because dishonest people will just kick the door in.. And the good thieves can pick a dead bolt...
Sent from my SGH-T959 using XDA App
I'm starting to think this request/question is for the wrong crowd, truly it is...
If you build it they will hack it... Hands down... Look at the droid x, the unhackable phone, it took 5 weeks..
Sent from my SGH-T959 using XDA App
I agree, never did I not. This thread wasn't to debate whether a security measure could be hacked or not, the thread was created to see what we could do to implement such a measure.
I am totally aware of that. I know that if there is a will there is a way.
PERSONALLY, that is something I wouldn't mind having. Though some of you disagree and have a right to your own opinion, that is beyond the point. I am trying to see if a) is it possible. and b) what it would take to do so, and possibly c) if anyone was interested in trying or helping out.
So feel free to express your opinion. Mine is that you can never have enough protection cuz I would never bring a knife to a gun fight. But that's just me...
BTW, those who hacked the unhackable phone I would consider being part of the .01%.
jzero88 said:
I'm starting to think this request/question is for the wrong crowd, truly it is...
Click to expand...
Click to collapse
If you mean people that know how things work, I suppose. It's the same problem as drm. When you understand why that's not possible, you will understand this. Read up on jtag as well, you can't protect against that. 90% is about as good as it gets.
http://www.youtube.com/watch?v=ev3rUQMvyhU
In an attempt to distance themselves from the increasingly volatile Carrier IQ situation, we’ve been told that Sprint has ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible.
This comes after a number of dramatic turns over the past few weeks. During that time Carrier IQ was called a lot of things, from a harmless mobile intelligence company to a vicious rootkit designed to steal our personal data and sell it to the ne’er-do-wells. In my opinion, Carrier IQ is a company that provides a service that benefits everyone with a cellphone by giving information to the carriers about when their network has problems that affects our service. Unfortunately, this software was installed in such a manner that, when discovered, there was a significant panic. This is understandable because the software was forced onto unsuspecting users with no real oversight to speak of.
That panic was made worse when the company responded by trying to silence the person who discovered the software, instead of trying to explain what was actually happening. So here we sit, a month away from a Senate hearing on whether or not Carrier IQ is doing anything illegal, on top of a barrage of lawsuits against all of the companies involved.
Sources at HTC have told us that, as a result of the lawsuits targeting Carrier IQ, Sprint, and other CIQ-using OEMs, Sprint has asked all of their partners to get rid of Carrier IQ. Starting with the high-volume and high-profile devices on the network, each of the OEM’s has been asked to quickly release binaries that do not contain Carrier IQ so that over-the-air updates can be pushed to those devices as quickly as possible. The eventual plan is to remove Carrier IQ from all of the devices on Sprint’s network.
This is being done as soon as possible and, according to our source at HTC, anyone who is working with Sprint in testing labs have even had their vacation time over the holidays seriously restricted. No official rollout plan for these updates has been devised, but it has been made clear to everyone involved that this change needs to happen soon. I would assume that we will see updates for devices including the iPhone, HTC Evo 3D, and the Samsung Galaxy S II Epic 4G Touch before 2012.
At this time, Carrier IQ, Samsung, and Apple all refused to comment on any developments in this matter.
Some may view this as a classic “too little, too late” situation. Sprint waited until there were lawsuits to start removing Carrier IQ from their network, where previously they had been defending their use of the mobile intelligence service. This could possibly even be seen as an admission of guilt, as them removing the software in an attempt to make amends for what they have been caught doing.
Even so, Sprint could have just as easily made a public statement announcing that they were turning off the servers that collected the information, pending the results of the trial and the Senate inquiry. At that point a simple test from any of the security researchers that have gotten involved would confirm Sprint’s cancellation of CIQ and they wouldn’t have to involve every manufacturer on their network.
Click to expand...
Click to collapse
http://www.geek.com/articles/mobile...trip-carrier-iq-from-their-hardware-20111216/
TrevE > CIQ
Nuff said!!!
Another victory!!!! TrevE is forever my hero!
While this is nice and all the article seems to be lacking some knowledge in itself on some things. mainly the fact it included iPhone in the list of devices that would be getting updates. I'm pretty sure Apple commented on this long ago stating they do not use CarrierIQ in their devices anymore at all.
And I can't really see Sprint able to force Apple to load it on the device either...
Awsome just hope we didn't make it worst for sprint
Sent from my PG86100 using xda premium
tech7 said:
Awsome just hope we didn't make it worst for sprint
Sent from my PG86100 using xda premium
Click to expand...
Click to collapse
I just had to laugh I mean Sprints network already sucks how could it possibly get worse. CarrierIQ is not going to fix 4G or even poor 3G speeds due to network congestion. They know they have a problem doubt they need an app to confirm it.
Can you say Pwned! TrevE is the man!
Tons of idiots. Ciq is made to learn how you do things, so they can make it better. Yet, you complain about things your phone can't do. How the **** are they supposed to know what you want if you don't tell them? Oh yeah HTC is supposed to troll the forums and sees that one person doesnt like sense and remove it bc one person doesn't like it. Or they could use ciq, see that 50% of people who have sense, use a different launcher and then rethink their approach. You guys are pathetic.
Sent from my PG86100 using Tapatalk
bloodrain954 said:
Tons of idiots. Ciq is made to learn how you do things, so they can make it better. Yet, you complain about things your phone can't do. How the **** are they supposed to know what you want if you don't tell them? Oh yeah HTC is supposed to troll the forums and sees that one person doesnt like sense and remove it bc one person doesn't like it. Or they could use ciq, see that 50% of people who have sense, use a different launcher and then rethink their approach. You guys are pathetic.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
How are we pathetic..... Ciq is the one that is pathetic. They had the chance to explain what CIQ does but instead they try to silence TrevE. On top of that they install CIQ without even letting you know.
I understand that it's probably used to make phones and services better, but they should at least give you a disclaimer, an opt out option, and an explanation of what CIQ does and maybe then so many people wouldn't be angry at CIQ.
I think the *****ing and complaining is like he said...the fact they covered it up, tried to silence someone. Not that its probably bad software but bad business ethics. Agreed?
Sent from my PG86100 using XDA App
bloodrain954 said:
Tons of idiots. Ciq is made to learn how you do things, so they can make it better. Yet, you complain about things your phone can't do. How the **** are they supposed to know what you want if you don't tell them? Oh yeah HTC is supposed to troll the forums and sees that one person doesnt like sense and remove it bc one person doesn't like it. Or they could use ciq, see that 50% of people who have sense, use a different launcher and then rethink their approach. You guys are pathetic.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
Oh please, its fine that you are ok with invasive measures that reduce your personal security, freedom, and privacy but criticizing other's opinions based on your lack of knowledge is crap. When your life is ruined because data isn't protected and you didn't authorize or get the choice in giving that info up I hope you remember your BS logic that the risk is fine and dandy because they were "trying" to gather data to improve things.
So naive, yeah they want to mine and transfer data to make your life better. Wrong, bottom line is the almighty dollar. They make millions doing what they do, they could give two ****s less about you and your experience
+1 so true
Information was still being withdrawn from my phone without my permission. Individual info should never be given out for free nor taken without consent.
Sent from my PG86100 using XDA App
CIQ might have done the right thing collecting error logs on the phone to troubleshoot. But installing it on devices without user permission or any kind of disclosure of the software being install is just "unethical".
P.S. the reason why they are being sued was due to unethical practices.
Sent from my PG86100 using xda premium
The fact that it was capable of reading texts, emails, URLs, passwords is what the problem is. We're just supposed to believe they aren't using it for that? Why the hell is it even possible to do so then?!
Cuss all you want..you can be a tool. I'll go with the crowd that wants it gone.
Sent from my PG86100 using xda premium
Sad Panda said:
Oh please, its fine that you are ok with invasive measures that reduce your personal security, freedom, and privacy but criticizing other's opinions based on your lack of knowledge is crap. When your life is ruined because data isn't protected and you didn't authorize or get the choice in giving that info up I hope you remember your BS logic that the risk is fine and dandy because they were "trying" to gather data to improve things.
So naive, yeah they want to mine and transfer data to make your life better. Wrong, bottom line is the almighty dollar. They make millions doing what they do, they could give two ****s less about you and your experience
Click to expand...
Click to collapse
LOL! When my life is ruined? They aren't stealing credit card and social security numbers, they are just reporting what apps and hardware is used during the day. Huge difference. Yeah, CIQ didn't do the right thing with the lawsuit, boo hoo life goes on.
You know people at your local bank track everything you do, have access to your credit cards and social security number. They can tell you where you've spent your money, what you bought, and all your personal information, yet nobody cries about that. But its a huge deal to report to Sprint that your playing angry birds at 1pm.
Sent from my PG86100 using Tapatalk
bloodrain954 said:
You know people at your local bank track everything you do, have access to your credit cards and social security number. They can tell you where you've spent your money, what you bought, and all your personal information, yet nobody cries about that. But its a huge deal to report to Sprint that your playing angry birds at 1pm.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
That's because by choosing the bank you opt into that, and go in knowing that they can track your money. And for the record they don't know what you bought, just that you spent so much money here and so much money there. The cc from the bank gets an amount taken not an itemization of funds spent per transaction. CIQ was added without knowledge, why can't you grasp the differences?
http://allthingsd.com/20111201/carr...monitors-service-messages-ignores-other-data/
Learn what it really does before you jump on the zomg my personal info is compromised!!1! Bandwagon.
Sent from my PG86100 using Tapatalk
bloodrain954 said:
http://allthingsd.com/20111201/carr...monitors-service-messages-ignores-other-data/
Learn what it really does before you jump on the zomg my personal info is compromised!!1! Bandwagon.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
First of all I never said anything about personal info. I don't like how it was forced onto us without control. Second, just because they say (AFTER they were found out about) that their software does do anything with personal data doesn't mean it's true. The US Gov said there were weapons of mass destruction and we should go to war, there wasn't and we were there for oil only. Don't believe something especially when the company has their back against the wall trying to fish their way out.
wardfan220 said:
The US Gov said there were weapons of mass destruction and we should go to war, there wasn't and we were there for oil only.
Click to expand...
Click to collapse
Iraq war is a great analogy for Carrier IQ....
As a person who has had two phones stolen I can tell you one thing - there needs to be a password on the use of flashing. First I had a galaxy note, which has Samsung locate. But hardware reset saw to that. Second I had a CSL Spice, knowing about hardware reset, I set about finding an un resettable program. In comes avast (brilliant though it is).
Two criticisms, first is its method of retrieval. Sms. Yes, sms. The thief has thrown your sim card in a bush, but in order to remotely access your phone, avast smses your sim card. Classic. Try it, steal your own phone, or get a mate to, it's so tragic its funny. Go on, back up your apps, take out your sd card, and be your own thief. Second issue, obviously is flashing. Avast hides on the partition, but this is wiped and remade based upon your new OS. Bye bye avast.
So really there are two key solutions: password protection on the flashing access. Set by the user, changeable only by those the user gives it to (engineers/new owners). And the other is set a hardware code like IMEI on accessing not just a phone network, but also Google Play registration, and Samsung /other apps registration. That way the code can be flagged by the owner. Actually thirdly is an email address which appears upon failed flashing password attempts. To remind the thief that he can still take the brick of plastic and metal (and gps) back.
I'd like all new owners to be informed of what to do upon loosing their phone, codes to note down etc. As I feel this is not done enough. I'd love to start a push to get Samsung and other droid phones as well as Google Play to start this and maybe we can finally end phone theft.
Anyone think a petition is possible?
How were your phones stolen? I have never had one of the 40+ phones i or my immediate family have owned (knock on wood here as i probably just jinxed myself) stolen.
In my case it could be just locale, but i have worked in some pretty rough areas with high crime rates so i could just be lucky or plain diligent with what i do with my phone when not in use.
Not being disrespectful here, just seeking enlightenment on what behaviours/actions leads to them being stolen to see how it is different to my experience.
As to your proposal, not a bad idea. One thing i can think of is that like the locked bootloaders that were/are put on some phones, somebody will most likely find an exploit/hack to get around it. They almost always do. Could be talking out my arse on that as i am not knowledgeable with this but they always seem to find a way.
Sent from my SAMSUNG-SGH-I717 using xda premium
but this dexpends where you go and therefore stuff as such.....if i were to stay home alot im sure the 40+ phones ive had would hardly get stolen as well. saying this I've had to phones stolen as well and its not fun. i would sign
Sent from my SAMSUNG-SGH-I717 using xda premium
I do like the Imei idea. I've never had a phone stolen. I've worked in gyms, restaraunts, public schools, indoor reffing, etc
Sent from my SAMSUNG-SGH-I717 using xda premium
depends how tech savy the thief is.. if they perform an Odin flash then only thing preventing use of the phone on ATT is IMEI blacklisting. Couple of things come to mind that might help. If they pick up the phone and try to use it as-is without switching SIMS or factory reset Plan-B can help. If either of these is done then only thing that will help would be something such as a preconfigured Plan-B app in the CWM image to "phone home" after SIM change and factory reset.
Security would lay back and laugh at your problem.
Just being aware of your environment and using sensible precautions will go a long way towards preventing theft. Treat your phone like it's worth hundreds of dollars and you should be OK. For example, If you were at a social gathering where there were many people you didn't know would you leave six one hundred dollar bills sitting on a table in a secluded area while you went to the bathroom? Probably not, yet I commonly see people doing just that with their $600 phones at parties or while at the park with friends. They rely on strangers honesty and their friends vigilance to protect their property. The trouble is, cell phones have become so common place the friends would be as likely wonder why someone is picking up their beer as to why they are picking up your phone. Honest folks expect others to be just as honest as they are and why not? They are normal after all and aren't all normal people honest just like them? So, if someone sees another picking up a random ubiquitous phone and putting it to their ear while they walk out the door they will surely not think twice about it. The phone is obviously that person's, else why would they pick it up? Thief's who steal in public rely on people not noticing "normal" behavior. Just treat your phone like it's a hundred dollar bill and you should suffer no more losses due to theft, unless you are mugged of course.
Just get Cerberus. Problem solved.
TheMrRoxtar said:
but this dexpends where you go and therefore stuff as such.....if i were to stay home alot im sure the 40+ phones ive had would hardly get stolen as well. saying this I've had to phones stolen as well and its not fun. i would sign
Sent from my SAMSUNG-SGH-I717 using xda premium
Click to expand...
Click to collapse
I wish i could stay at home a lot. Not the case. Do lot of traveling and in a lot of different locales/ environments. Just don't put my property where there is an opportunity for some one else to make it theirs. That is why i asked what the circumstances were behind theirs being stolen. If it was stolen due to lack of diligence on their pArt or were they physically assaulted.
Sorry about your losses and i am sure it is not a pleasant experience. I know i would not be happy.
I personally think the idea is sound.
Sent from my SAMSUNG-SGH-I717 using xda premium
jpeg42 said:
Just get Cerberus. Problem solved.
Click to expand...
Click to collapse
what he said...
and, be more aware of where your phone is at ALL TIMES...
one time is understandable; two times is carelessness..
I love how western these answers are. Lol, left it in a cafe. My galaxy note was ripped out of my hands my a thief on a motorcycle in Malaysia while I was checking gps map, and my CSL Spice was pushed out of my pocket as I was being dry humped on a moped in Bali. That last one is classed as an accidental loss, which turned into a theft as the lucky buggers driving behind me probably found it. How is besides the point really. "you were stabbed? Oh, we're you in stab proof armour? Carrying a gun? Oh, silly girl!"
Cerberus is bandied around like avast anti theft, if it's flash proof, then I'll bite (as it were), but I'd like to see that claim.
Chiefly what we could do with is a hardware code that content providers request on account activation. Something a phone can't change. It needs a built in theft message/action not one remotely sent. And it needs a flash password.
Actually a readable hardware code would suffice if all content providers signed up.
Who would you speak to to suggest such a thing?
Already in chats with Samsung and Google Play customer services, but they aren't really the development team sadly.
In my city there are at least 4,000 phones for sale on Craigslist daily. Can you imagine how many customer service people at&t would need to manage the IEMI switching? It would be like the frakkin DMV for transfer of ownership. And managing blacklisted IEMI? Fuggetaboutit. I asked one about that idea and their response was "stolen phones are new customers".
the only way to prevent stuff from being stolen, is not to own it in the first place...IMHO
That being said, we all take the risk together when we pull out these fancy devices for the world to see. and lets face it, we all like to flaunt our wares as a status symbol on occasion.
the note is a big fancy eye catcher, and a prime target for crooks to swipe from unsuspecting folks not paying attention. ( sorry about the dry humping moped issue).
And since the odds are, your device will get stolen again, you should change your habits of usage if possible.
I agree that security of the device after theft is difficult, and I would support a petition to enhance the security measures, but I'm not gonna hold my breath on any carrier taking the task on. Like ranger said, a stolen phone is a new customer.....g
It wouldn't require any work, nor switching, just adding a field for IMEI. This is automatic for carriers right, but it needs to be the same for Google play and other app sites.
When a user looses his phone, he logs the IMEI as stolen, and the Google Team put that code on a watch list. Any Form designer could handle that. IMEI or serial number or whatever is hardware based.
Simple idea no?
Thats why I bought this app called gotya.
https://play.google.com/store/apps/details?id=com.myboyfriendisageek.gotya
-Once you go NOTE, you'd say 4 inches a Joke
NOTE user:
"take a deep breath, make sure to get a good look at it, relax and slowly take it in, the size is overwhelming at first but you will have a happy ending afterwards".
Woman:
:O
Veruvir said:
It wouldn't require any work, nor switching, just adding a field for IMEI. This is automatic for carriers right, but it needs to be the same for Google play and other app sites.
When a user looses his phone, he logs the IMEI as stolen, and the Google Team put that code on a watch list. Any Form designer could handle that. IMEI or serial number or whatever is hardware based.
Simple idea no?
Click to expand...
Click to collapse
And when the vindictive girlfriends and exwifes report out of spite?
rangercaptain said:
And when the vindictive girlfriends and exwifes report out of spite?
Click to expand...
Click to collapse
you'd think they'd just smash it on the floor or drop it in the toilet...
You probably live in a ****ty neighbourhood no offence.
Sent from my SGH-I717M using xda premium
Sarius24 said:
You probably live in a ****ty neighbourhood no offence.
Sent from my SGH-I717M using xda premium
Click to expand...
Click to collapse
Yeah, there's no criminals in "nice" neighborhoods.
I use Tasker for:
When I switch locations, a front/back pic + GPS, sent to google drive.
When not at a location that has is known, it sends the same info every time the screen comes on.
Tasker locks certain apps in unknown locations, so the main screen stays unlocked. I figure the longer they can play with the phone on the more likely I am to get it back.
Sms of course to trigger by minute pics and GPS.
rangercaptain said:
Yeah, there's no criminals in "nice" neighborhoods.
Click to expand...
Click to collapse
sure there is; thats where they go to steal stuff!
In the past, CM has allowed users to opt out of sending their data. It's recently decided to remove the "optout feature" (c'mon, is that really a "feature"), forcing users to eat it.
http://www.androidpolice.com/2013/0...pting-out-of-cm-stats-cyanogen-says-to-chill/
"Cyanogenmod Will No Longer Allow Opting Out of CM Stats-- Cyanogen Says to Chill"
in response, i kindly made this argument:
"A fundamental issue still exists. If the data is collected via a unique identifier, and it has a timestamp, then it isn't as anonymized as people think. Anyone with a basic understanding of data security knows that. I think the uproar has to do with the reputation of the team as the protectors and defenders of our platform...you give us choice. But when we see behavior that doesn't add up, were naturally going to believe you've used that position in the community to do evil. We understand you want the the data.
What doesn't make sense, and the natural road for us all to go down:
1) is this being used to monetize CM?
2) installation data: to include location, language, device, build version, and carrier, are all things that can be identified using a single, static event report. Why should we be comfortable with an always-collecting, transmitting-in-the-background service? What's the use-case for this? You've said yourself that Google Play apps themselves often collect this data..why is that method insufficient for CM? And why should we have to expect the same from you guys as we do from everyone else. Surely there's a way to collect the necessary data you need with a scalpel, negating the need for a device drag-net like this.
In all seriousness, i trust CM to do the right thing...i just can't tell right now if they've done the lazy thing, and created a service which is omnipresent, omnipotent, running in the background and silently spying on me, just so CM can tell which language my device is running, my general location, my build information, etc.
That's fine, it's simple data, and it's fairly straight forward.
The question is, if you needed that data (which CM says it does), then why are you collecting a much, much more complicated data set, and why won't a simple installation report do? Why won't running for a short period of time...say, 5-7 days do?
Why did they take the Carrier IQ route?
Maybe they want it just so they can have it. As Koushik stated on the google plus post (where he does a great job at assuaging some fears, and creating others):
"---Did you know over half of our users are in China? They just passed the US in terms of CM installation base.
Call it ego surfing, but the data is incredibly useful."
So they're collecting all this data, without a need? It's obvious why it's extremely useful to understand, say....which language most of your users use, etc. But you don't need a 24/7 service to find out what language people use your device in.
Anyways, here's the Google + Post:
https://plus.google.com/103583939320326217147/posts/GwnzKJijBKj
Here, he has, however, provided a screenshot of your data in action, assuaging the fears of most (we never truly get to see what our data looks like after its sent through the mizteereeus pipez of the interwebz, magically transformed, and then spit back out to an analyst), and he even tells you a bit about what data it collects. What he doesn't say, is why on earth submitting the data once, after installation, in a single report wont do, or why a build report once a week, or however often, wont do.
That's the end of my tinfoil hat tirade. Like i said, i love CM, i trust them, but i'm disappointed. The reasons i listed above are arguments made to explain why people are raising hell because of this. I don't believe they'll do anything nefarious, and personally, they can ego=surf with my data all they want. It IS pretty cool. Maybe the move was a tad bit short-sighted though, because they may have gotten a bit out of touch with their users, and their users opinion of them-- and that's what my posts were supposed to do...they were supposed to bring the way I (and other's) think about them more in line with reality.
Edit: It's important to note that, as explained to us by CM, CM Statistics calls home upon reboot. Whether it runs all the time, or just for a nanosecond upon reboot, or 24/7 is important as well, but I'm unable to verify any of this, because my github skills are w34ks4uce. If we had a independent dev who could take a look at CM Stats and then explain exactly (key word) what it was collecting, that'd be über helpful....but it wouldn't mean anything in the long run. Because I was viewing the macroscopic effects of the decision. A comprehensive announcement and explanation wold probably have been prescient, because the information contained in the Google+ post is just as key as the announcement itself-- the stigma of collecting data is far to strong to just say one day-- "sneaky, sneaky--no more opting out".
Nothing has changed here, only the fact that it's enabled by default vs opt-out. The dataset hasn't changed.
Don't use it if you don't like it. They are not spying on you. WITHOUT stats they would have zero visibility to what is actually used. Download data is trash compared to actual usage.
And what if they decide they want to improve Language X translations, but only 10 people use it? Worth it? Or what about Device Y that only a handful of people are still clinging onto? Resources can be used in better ways.
I knew I'd see a post crying about this eventually...
If this thread turns into a flame fest it will be locked
As for data collection...you are using Android right?
Also check the permissions to all those third party apps.
Thanks in advance for keeping this thread civil or ignoring it.
Friendly Neighborhood Moderator
I take my privacy seriously, as I'm sure most of us do. As mentioned previously market apps gain a certain amount of info from us.
Maybe CM should have a free version with no opt out or a pay version with one (key maybe). That should make everyone happy.
Sent from my SAMSUNG-SGH-I717 using xda premium
khaytsus said:
Nothing has changed here, only the fact that it's enabled by default vs opt-out. The dataset hasn't changed.
Don't use it if you don't like it. They are not spying on you. WITHOUT stats they would have zero visibility to what is actually used. Download data is trash compared to actual usage.
And what if they decide they want to improve Language X translations, but only 10 people use it? Worth it? Or what about Device Y that only a handful of people are still clinging onto? Resources can be used in better ways.
I knew I'd see a post crying about this eventually...
Click to expand...
Click to collapse
This.
Whoooooooo caaaares delete thread
RoOt-[]D [] []V[] []D-BeEr
Solution to all this: OpenPDroid
briand.mooreg said:
I take my privacy seriously, as I'm sure most of us do. As mentioned previously market apps gain a certain amount of info from us.
Maybe CM should have a free version with no opt out or a pay version with one (key maybe). That should make everyone happy.
Sent from my SAMSUNG-SGH-I717 using xda premium
Click to expand...
Click to collapse
I think this is a brilliant idea, regardless of the status of CM Stats. A paid version with a extra feature set would be awesome.
As far as the argument for data like language, region, build, etc. I think we can say conclusively that this could be handled by a installation report, that runs once after installation or upgrade.
The type of data they need doesn't neccesitate a background service, which is why its naturally suspicious.
Sent from my Transformer using XDA Premium HD app
btswein said:
This.
Click to expand...
Click to collapse
I though is was enabled by default. Is this something the devs choose? Upon installation, i see a "cm statistics is running" banner in notification. Even so, what's changing, is their removing opt out all together.
Sent from my Transformer using XDA Premium HD app
http://review.cyanogenmod.org/#/c/35047/
well there you have it:
Commit MessagePermalink
Restore the opt-out for stats.
* Apparently this is a bigger issue for a small number of extremely
vocal users. We should respect their wishes, no matter how off-base
their claims are in this context.
Change-Id: I9eef9a65260ec4e360d398f80d610a198c09c915
Thanks to: khaytsus
for posting the link
khaytsus said:
http://review.cyanogenmod.org/#/c/35047/
Click to expand...
Click to collapse
Is there a way we can educate/frame a conversation around how to do this in a way accepting of the vocal crowd? Perhaps an outreach campaign, minimal in effort that might encourage more users to opt in? This is an area where fundamental good can be done. The same people who've been vocal should have no problem explaining what would get them to opt in.
I think this whole thing might have been a brief thing, but if the statistics really help the project, we can all have our cake and eat it too.
Sent from my SAMSUNG-SGH-I717 using XDA Premium HD app
khaytsus said:
I knew I'd see a post crying about this eventually...
Click to expand...
Click to collapse
You knew you'd see a post crying about this because of all that data your collecting told you lol!
Just teasin!
I would have just frozen the background service. ...
We rooty types can do that sort of thing now days. ..
And just to prevent the assumption that I missed the point of the OP. ...I didn't, and can only imagine the amount of target data our carriers pull by simply using our device. (See lengthy contract and service agreement of your carrier)...
CM data is small potatoes by comparison. ..and while quite useful to them in the generation of custom firmwares, it's a useless data source for us.
I've freely given cyanogen my data for years. And in return Steve has given me high quality work for my trouble. .....privacy concerns accepted. ....g
The easiest way to prevent CM from getting any data from you is too not install, not really that hard to figure out.
Sent from my SAMSUNG-SGH-I717 using xda premium
When I connected to the colleges wifi this morning I noticed a little message when I used wifi assist, I'm starting not to trust Google anymore or seems like they are shooting on us more and more each day
It's like 15 years ago and we're all suspicious of what they do.
I won't even mention Project Fi, but have you read any of Google's data disclaimers?
Can you not turn it off? It's likely just a Google VPN. They probably decided this is preferable to the alternative of letting average users connect to an open WiFi with SSID "Starbucks" that's actually someone running a WiFi hotspot in their car in the parking lot
LOL,
---------- Post added at 06:40 PM ---------- Previous post was at 06:38 PM ----------
LOL, I am neither scared or ashamed of anything Google knows about me. In the end whats it worth?
popper668 said:
LOL,
---------- Post added at 06:40 PM ---------- Previous post was at 06:38 PM ----------
LOL, I am neither scared or ashamed of anything Google knows about me. In the end whats it worth?
Click to expand...
Click to collapse
I dont mean to turn this into a big discussion but to answer your question, the data has value. In the book 1984 there were "telescreens" everywhere (devices that work as TV & camera. Sound familiar?) The point is there isnt always someone spying on you. BUT there COULD be at any given time. And when people think theyre being watched they generally behave different.
Just another way of looking at it. Because I think most people believe the way you do--theyre not breaking laws so they have nothing to hide. Its a low bar in terms of privacy which should be everyone's right.
KLit75 said:
I dont mean to turn this into a big discussion but to answer your question, the data has value. In the book 1984 there were "telescreens" everywhere (devices that work as TV & camera. Sound familiar?) The point is there isnt always someone spying on you. BUT there COULD be at any given time. And when people think theyre being watched they generally behave different.
Just another way of looking at it. Because I think most people believe the way you do--theyre not breaking laws so they have nothing to hide. Its a low bar in terms of privacy which should be everyone's right.
Click to expand...
Click to collapse
I understand, consider Google as data trade off, give and take.
You supply data to improve their services, pedestrian data, locations, etc,
They provide you the same data although compiled and applied, when you open google maps for example, and ask for directions.
The data you provide to them is not "personal" per se, but used to improve general services which every user uses and accesses.
You can always stop it.
I don't feel like this should be a surprise to anyone. Google is Google. Their data collection isn't exactly a secret. It would be naive to think the services they provide don't collect at least some data on you in some form. At the end of the day, I do value and enjoy what they provide me. I personally don't mind trading some of my privacy for it. But I do acknowledge what they are doing and I don't pretend like they're providing all these services for free because they're nice.
"Oooooh, google is monitoring my network activity. Here, let me put my all life in Facebook."
This is old news! A concern might be the intrusive big bro gov cia, nsa, fbi, hs, etc...
MidnightDevil said:
I understand, consider Google as data trade off, give and take.
You supply data to improve their services, pedestrian data, locations, etc,
They provide you the same data although compiled and applied, when you open google maps for example, and ask for directions.
The data you provide to them is not "personal" per se, but used to improve general services which every user uses and accesses.
You can always stop it.
Click to expand...
Click to collapse
I wasnt implying this specific case was grounds for outrage. My concern is people dont fully grasp that information is power and despite that theres a growing attitude of nonchalance . Sure you can turn it off here but you have to care, and to care you need to be informed. I dont mean purposely trading data for access to apps, features or helping to improve services. Thats different.
Id also point to the story (which should've been huge) from just a couple weeks back. Yahoo willingly allowed state sponsored hackers to access millions of user accounts. None of the customers were aware, neither the well informed nor the ones who care. And my biggest grievance with this is its not quite the breaking news it should be. The fact that many would consider me paranoid or a conspiracy theorists because this disturbs me is the most concerning part.
***I dont really mean xda members since they seem to be more knowledgeable about privacy. But the general population isnt really catching up.
Here's a link to what they mean by this message.
https://support.google.com/nexus/answer/6327199?hl=en
The only thing Google collects through Wi-Fi assist is location and ssid/bssid. If you actually researched this stuff you are so worried about you would be a lot more concerned with what your phone carrier does with your data than Google any day of the week...
Sent from my Nexus 6P using XDA-Developers mobile app
Bounty44 said:
The only thing Google collects through Wi-Fi assist is location and ssid/bssid. If you actually researched this stuff you are so worried about you would be a lot more concerned with what your phone carrier does with your data than Google any day of the week...
Sent from my Nexus 6P using XDA-Developers mobile app
Click to expand...
Click to collapse
Well i guess that is true but i've seen a lot of research about google and they collect everything... like the average google phone user, they let google acces to all their information/location... specailly with all those people that keep everything on like GPS. But its the same with Windows or Facebook, all those privacy settings that are by default on. Its all about the money and control over the masses... also for NSA/FBI/CIA very handy.... its not that weird to know that they have access to all those systems if they need to, thats no secret. It's all about if you got nothing to hide... everybody has something to hide. I keep tabs on all my privacy settings of all my apps as far as i can go. I accept certain privacy breaches but thats ok, thats the world we live in and i accept that. The same with people that dont mind all those freaking ads on their phone and websites..... for me mind boggeling. Especially here on xda forum, people that keep everything stock with no adjustments... first thing for me is that adaway has to work....
Here in The Netherlands, we have laws for ISP's and phone carriers, they collect but cant use it for other purposes then for criminal justice orders. Google has no laws to ibide here in Holland, they can collect en use your data unrestricted.
rayraycarter4 said:
When I connected to the colleges wifi this morning I noticed a little message when I used wifi assist, I'm starting not to trust Google anymore or seems like they are shooting on us more and more each day
Click to expand...
Click to collapse
Its a VPN that Google provides on open WIFI Hot spots in order to ensure that your data is not being being intercepted while you're connected to that network. I have project fi and thats one of the benefits of the service, and also because a good portion of the service relies on silently connecting to google approved wifi host spots all over the country. In order to ensure your data is not at risk, because all someone would need to do is create their own wifi hotspot with the unique name that google uses and they could steal info from anyone who happened to connect to their base. As long as they forward you to the internet while the connection is active then you wouldn't even notice there was anything wrong. Google is the most benevolent corporation on the planet. I highly doubt that anyone need worry about any data they collect as I'm sure its all being used for the purposes of trying to provide new technology based on what the consumer wants and at a price that makes you wonder how they are still the top technology company in the world because they surely have to be losing money with the prices they charge for their goods and services.
So you're connecting to an open wifi AP and you're scared about your privacy?
You do know that your connection to the AP is unencrypted and by that fact, people have been spying on you for ages?
That's what I do regularly when I go in hotels and I'm bored because there's nothing on TV.