Related
is it legal that companies don't release source code for kernels of certains phones here in the US?
anyone
yuckycool said:
is it legal that companies don't release source code for kernels of certains phones here in the US?
Click to expand...
Click to collapse
anyone knows about this?
Is it a criminal offense? No.
Is it something they could conceivably be sued for? Maybe, but unlikely. Most companies do technically meet the letter of the GPL, even if they abusively stomp all over its intent. Strictly speaking, GPL2 and Apache licenses require the release of source, but impose no duty to ensure that it's nice and buildable. HTC is in murkier water, because they compile their kernels as monolithic binary blobs, then just rip out the source to anything proprietary (which IS a clear GPL violation, and half the reason why loadable kernel modules were invented to begin with).
As far as HTC goes, their behavior is pretty much a blatant violation... but that still doesn't mean it would be an easy lawsuit. In order to sue for a GPL violation, you have to have "standing". In the US, that means you're one of the copyright holders (as in, Linus has committed code you personally wrote into the kernel) AND you can demonstrate to the court that you have personally suffered real harm that can be quantified in dollars.
Put another way, the GPL is a form of contract. In the US, you can't sue somebody just because they breached a term of a contract. You have to show that their breach somehow caused real harm and had real consequences that made you lose money.
In theory, somebody with standing to sue for breach of the GPL2 with regard to the Linux kernel could seek equitable relief in the form of an injunction, but equitable relief is viewed by courts as an extraordinary action. As a practical matter, unless you had Linus Torvalds standing behind you, your likelihood of getting anywhere with this approach would be low. And Linus wouldn't stand behind you, because he's not interested in spending his time fighting technical GPL violations.
The truth is, lack of source (for things the GPL compels release of source) is usually the least of our problems. Proprietary binary loadable kernel modules that break with every new kernel (because Linux doesn't have a stable ABI), and TIVO-ized phones with locked bootloaders that make possession of the source almost completely moot (*cough* just about every Motorola phone, ever *cough*) are the real problem.
The LKM problem is unlikely to be solved by Linus, because it's only a serious problem for Android. IMHO, a project to come up with binary wrappers that could be easily recompiled for new kernels to allow modules built for older kernels to work with new ones would be a massively worthwhile project for XDA that would mitigate, if not solve, the first problem.
The bootloader and locked-hardware problem is pretty much insurmountable absent government regulation that's unlikely to be favorable for us anyway. Android was released under GPL2 and Apache, neither of which prohibit the practice. GPL3 prohibits it, but it would be almost impossible to virally infect Android with it. If new GPL3-only code became part of the Linux kernel, there are now enough Android devices that manufacturers would just branch off with the last GPL2 code, quit calling it "Linux", and go their own way. As a practical matter, this (almost) happened anyway, and you could argue about whether we're in a de-facto state of it now. Officially, though, nobody wants to see an official schism between Android and Linux.
At the end of the day, Linus Torvalds hates political conflict, and just doesn't get worked up over licensing issues. He's not going to bend over backwards to accommodate Android, but he'll never draw a line in the sand and dare Android to cross it (the way Stallman would). He's said, in so many words, that he's content to leave Google in charge as Android's neighborhood watchman/kernel cop. He doesn't agree with everything Google does, but his disagreements aren't big enough to motivate him to put the rest of his life on hold and fight over.
Please use the Q&A Forum for questions &
Read the Forum Rules Ref Posting
Moving to Q&A
My device also not boots up with kernel because it did not have lollipop support.
Well i started a thread about how we need source and everyones favorite mod sgt.slaughter came in and broke up the keyboard warrior fest and shed some light on us and told us to all start asking about source using the example of the folks in the 3d forums who teamed up to get a bootloader unlock which while its kinda half assed, at least they did something.
Many users interested in the development on HTC devices have recently been becoming more and more frustrated with HTC's policy on kernel source code releases. While other companys such as Samsung release their kernel source the same day as a phone is released or an update is pushed to a device, HTC follows a different path. HTC while is supporting development via their bootloader unlocking tools, which we are thankful for, they seem to not care when it comes to how long after an update is pushed or a phone is released that it takes them to release their source code. By doing this they are hindering development on their own devices and tempting developers to leave HTC and move on to Samsung due to the greater support for developers of samsung devices.
The GPL states that the source must be released within 14 of a request of such code. However, it doesn't state a grace period or a timeline for which it has to be released. HTC says that "HTC will normally publish this within 90 to 120 days" (HTCDEV) and in this time they claim that they are still complying with the rules and regulations of the GPL v2.0. This wait is far too long however because after this time and they finally release the source code it may be out of date by 2 maybe 3 updates. This hinders the development on said devices because once a phone is updated, the only source they have to work with is outdated and may be either very hard to work into the new update or even impossible to use on the new software.
Others have alread tried to change the ways of HTC in the past with no success. The below quoted info is from the creator of gpl-violations.org (Harald Welte) and explains his attempts to alter HTC's policy with no success:
"There have been various reports and blog posts about HTC again committing copyright infringement by not fulfilling the GPLv2 license conditions in their latest Android phone, the G2.
While at this point I haven't studied the situation enough in order to confirm or deny any actual violations, let me state this: The number of GPL Violation reports/allegations that we receive at gpl-violations.org on HTC by far outnumber the reports that we have ever received about any other case or company.
In addition, HTC seems to have had a long trail of problems with GPL compliance in their devices. Ever since they have started to ship Android devices containing the Linux kernel, licensed under GPLv2+, we have received those reports.
The reason I have never taken any legal action is merely a result of the fact that HTC seems to first introduce their new devices in the US, then at some point release the corresponding source code before shipping those devices into Europe and Germany. So by the time the devices are sold over here, the legal issues appear to have been resolved before.
Nonetheless, I think it is outrageous for a company of this size and significance in the market to consistently commit copyright violation (or at least walk borderline with it) and thus mistreat the very copyright holders that have created the operating system kernel they use in their devices. The linux kernel developers and the Free Software community as a whole deserve fair treatment.
Also, the competitors of HTC deserve fair treatment: Samsung, e.g. is very forthcoming with their Android phone source code releases. If I was them and would see HTC to fail to comply with the GPL, I would consider filing a unfair competition lawsuit..." (Harald Welte)
This is a follow up post on his blog where he explains more:
"The Taiwanese smart phone maker HTC is widely known to be delaying its Linux kernel source code releases of their Android products. Initially, this has been described to to the requirement for source code review, and making sure that no proprietary portions are ending up in the release.
While the point is sort-of moot from the beginning (there should be no proprietary portions inside the Linux kernel for a product that wants to avoid entering any legal grey zone in the first place), I was willing to accept/tolerate it for some time.
At one point more than one year ago, gpl-violations.org actually had the opportunity to speak in person to senior HTC staff about this. I made it very clear that this delay is not acceptable, and that they should quickly fix their processes in order to make sure they reduce that delay, eventually down to zero.
Recently, I received news that the opposite is happening. HTC still has the same delays, and they are now actually claiming that even a 120 days delay is in compliance with the license.
I do think neither the paying HTC customers, nor tha Free Software community as a whole have to tolerate those delays. It is true that the GPLv2 doesn't list a deadline until when the source code has to be provided, but it is at the same also very clear what the license wants: To enable people to study the program source code. Especially in todays rapid smart phone product cycles, 120 days is a very long time.
So I hereby declare my patience has ended here. I am determined to bring those outrageous delays to an end. This will be one of my new year resolutions for 2012: Use whatever means possible to make HTC understand that this is not how you can treat Free Software, the community, its customers, the GPL and in the end, copyright itself." (Harald Welte)
The goal of this petition is not to bring down HTC but rather to have them change their ways when it comes to releasing source code. We would like to see source the same day as updates and phone releases so that developers can make use of this code; play with it, learn from it, and promote future development on HTC devices.
Click to expand...
Click to collapse
Anyway lets get to the point. Below there is links to their email, twitter, facebook, etc and you guys message them and post what you said below and i will add it to the op here so others can use that message.
also, as sgt.slaughter said, DONT ASK ABOUT ANYTHING OTHER THAN SOURCE. We need to stick to the point here. Don't threaten them or rage at them.
Spread this to other HTC Device forums that aren't getting source if you know of any, the more people we get to the better.
Mods i will update this as often as possible if people actually follow it so perhaps a temp sticky?
Also don't flood this with a bunch of "I won't buy HTC again" talk. It will just make this harder.
Petition Link
Link: http://www.change.org/petitions/htc-htc-needs-to-speed-up-kernel-source-releases?share_id=sLjvObpqne
Personal Contacts [thanks sgt.slaughter]
[email protected]; Senior Director Enterprise Business Unit Americas
[email protected]; Chairman
[email protected]; Chief Marketing Officer, HTC Corporation
[email protected]; Senior Public Relations Manager at HTC 425-679-5328
[email protected]; COO of HTC
[email protected]; Board Member of HTC
[email protected]; CEO
[email protected]; VP HTC
[email protected]; Chief Innovation Officer
Brent Groome, Chief Executive-Customer Operations, at 843-369-8393 or [email protected]
To email all of them at once, copy and paste this:
PHP:
[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected]
HTC
Twitter: https://twitter.com/htc
Facebook: http://www.facebook.com/HTC
Email: http://www.htc.com/us/support/email-support
HTCDEV
Twitter: https://twitter.com/htcdev
Facebook: Don't think they have one
Email: http://www.htcdev.com/contact
HTC USA
Twitter: https://twitter.com/HTCUSA
Facebook: http://www.facebook.com/htcusa
Updates:
Today 8/9/12 i received an email back from HTC giving me the same B.S. they give everyone about the 90 days. Heres the email.
Dear Mike Malloy,
Thank you for contacting HTC regarding Kernel Source code. I know that this code is important to the development community and I will be happy to assist you with the correct information regarding this.
HTC will release source code in accordance with any applicable open source license terms, i.e. GPL v2.0. HTC will typically publish on http://developer.htc.com or htcdev.com the Kernel open source code for recently released devices as soon as possible. HTC will normally publish this within 90 to 120 days. This time frame is within the requirements of the open source community. Other source codes, which are not required to be disclosed by the open source license terms, unfortunately cannot be disclosed by HTC as they may be proprietary to HTC or its licensor.
I hope you enjoy the rest of your week, Mike.
If this answers your comment or question, please click here to complete the process.
To submit another comment, please click here.
Sincerely,
The HTCDev Team
--------------------------- then i sent this
No where in the GPL does it state that you guys have 90 days to release the source code nor does it give you a grace period. you guys have the code already all that has to be done is a simple upload. samsung does it, motorola does it, why can't HTC release their code within a few days of an update? a petition is being started on xda-developers where there is a lot of people that feel the same way and it will only get bigger. you guys will be hearing a lot from us soon.
--------------------------------their reply
Dear Mike Malloy,
Thank you for your reply. Your feedback has been forwarded to the appropriate department for documentation. I hope you enjoy your week!
Click to expand...
Click to collapse
Quotes from you guys:
Racer Of All said:
Hello and thank you for writing in.
Since we are discussing the Linux Kernel, I will refer to version 2 of
the GPL. GPLv2 lays out the terms under which a party can distribute a
work in "object code or executable form" in section 3. The party in
question must do so in one of three ways, but for commercial entities
such as HTC only the first two are relevant: Accompany the binary with
the source (section 3.a), or accompany the binary with a written offer
to provide the source (section 3.b).
Complying with section 3 via subsection (a) is the fastest, safest and
easiest way since section 3 compliance is achieved immediately; you get
the binary and the source together. But according to your description
HTC has opted for section 3.b instead. It is true that section 3.b
doesn't spell out exactly how fast the offer for the corresponding
source code must be deal with, but note that it doesn't explicitly state
a grace-period either. So in order to be in compliance with distribution
under section 3.b, a timely response would be best.
I hope this answer is of help. If you have further questions, please
feel free to write back.
--
I am not a lawyer, the above is not legal advice
* *Regards, Your Name Here
Above is in reference to this post: http://forum.xda-developers.com/showpost.php?p=29932331&postcount=27
A whole bunch or useful information thanks to Racer of All :http://forum.xda-developers.com/showpost.php?p=29940548&postcount=9
Click to expand...
Click to collapse
premo15 said:
Hello,
I am writing to address the current business practice adopted by HTC in which source code is made available to the development community up to 120 days after the official consumer release. While I am a staunch supporter of HTC and its products, I feel that collaboration with the development community can be somewhat lacking in comparison with other manufactures in the same market space. For example, Samsung frequently releases source code prior to or at the same time as the official consumer release of their products and OTA updates. As a result, the open source development for their devices is able to advance much more quickly in comparison to the competing HTC handsets. I have seen this particular issue cause frustration with other users and developers and has influenced some to switch from the EVO 4G LTE to the Samsung Galaxy S3 in order to enjoy the comparatively expedited release of source code from the manufacturer.
I believe one of the main strengths of the Android platform is its open source nature and the fact that there are so many developers willing to provide features and enhancements for those that desire them. Many users share this belief and it is a key factor in their decision to purchase an Android handset. However, in order for the development community to thrive, a timely release of source code is needed. I personally would like to see HTC devices become even more pervasive and I believe that adhering to the GNU General Public License by releasing source code at the same time as, or even prior to, the generally available OTAs would greatly increase the likelihood of acheiving this.
Thank you for your time.
Original Post: http://forum.xda-developers.com/showpost.php?p=29951917&postcount=13
Click to expand...
Click to collapse
I have been posting this on their facebook walls fee free to use it.
----------------------------
HTC when are you going to follow the GPL and stop using the 90 day excuse? No where does the GPL state that you have 90 days to release it nor does it give a grace period. Use samsung as an example. They release their source code within a few hours of an update if not prior to one. Why can't you do the same? All that your hesitation causes is frustration among the developer community and hinder development for your devices. We know you take some ideas from us because you have decided to swap the recent apps key and use it as a menu which the developers have done on the evo lte within a week of the phones release. We scratch your back, you scratch ours.
Click to expand...
Click to collapse
In order to get the sweeping changes we want (to get source released as soon as device is dropped like samsung does) we will need more than our EVO 4G LTE users.
We need all HTC users behind this. Anyway we can get this up on their sections of the forum as well?
true, perhaps submit this to the xda portal and then maybe expand to other sites such as engadget? i already started spreading it to themikmik but only in the evo lte section so far. add me on google talk and we will collaborate. ill send my email via pm
I posted a section on android forums where I am a guide. I'll spread the word there.
I'll hit you up tomorrow
Sent from my EVO using Tapatalk 2
ive sent messages to rootzwiki, themikmik, and xda portal to see if they will write about this and help spread the word. for now im going to bed since its 2a.m.
I emailed AP, lets see.
Hopefully this catches on when everyone sees this thread tomorrow.
This needs to be done/
Rxpert said:
I emailed AP, lets see.
Hopefully this catches on when everyone sees this thread tomorrow.
This needs to be done/
Click to expand...
Click to collapse
I will try to get this done this afternoon when I come home from work.
I passed the word on to android central.
nice job!
need to toss in examples of how HTC is failing compared to the other manufacturers in terms of time they release source...cite Samsung and Motorola and time of OTA released to devices, and then time they released their source code...Show HTC that they are the ONLY one's playing this 90day rule bs crap and its hurting the development community greatly, in turn causing people to leave...
I will be sending emails to the aforementioned news sources as well as my tech friends. It really is a shame companies like HTC can get away with violating the GPL like this. If only we could convince a person with copyright on part of the Linux kernel to join our ranks we could win overnight
Oh in addition to the above email I send them I also found another one that was between a head dev of red hat Linux, I'll see if I can dig it up.
EDIT: Found it, post by Matthew Garrett, developer of red hat linux posted the next couple of entries. They are very interesting reads about the entire situation:
HTC is Willfully Violating the GPL by Matthew Garrett:
As has been discussed before, HTC have a somewhat "interesting" interpretation of the GPL that allows them to claim they don't need to provide source code until between 90 and 120 days after the release of binaries. It's probably noteworthy that the FSF (who, you know, wrote the license and all) disagree with this interpretation, as do the kernel copyright holders (who, you know, wrote the code that the license covers) I've talked to about it. Anyway, after a pile of screaming and shouting from all sides HTC have tended to release their source code in a timely manner. So things seemed better.
HTC released the Thunderbolt last week and we're back to the 90-120 day song and dance. It's probably worth remembering that by behaving in this way HTC gain a competitive advantage over any vendors who obey the terms of their license - HTC can incorporate improvements made by others without releasing their own until through a significant portion of the lifecycle of their phone.
As far as I'm concerned, every single Thunderbolt sold so far embodies a copyright infringement. Wilfully engaging in copyright infringement for commercial benefit is typically frowned upon by courts, especially if by doing so a foreign company is gaining commercial advantage over a domestic one. If you think Microsoft's patent assault on Android is a problem, just imagine what they could do if they hired one significant Linux kernel developer and used their copyrights to attack the overwhelming majority of Android vendors who fail to comply with the GPL. It probably wouldn't be industry ending (companies would merely have improve their compliance procedures) but it'd do a huge deal of damage in the short term. It's insane for companies to behave this way. Don't reward them by giving them your money.
I'll be talking about this at the Linux Foundation Collaboration Summit next month, along with an update on my study of the compliance of Android tablets. I'm hoping that there'll be further developments after that.
Click to expand...
Click to collapse
These two entries are also by Matthew Garrett but they're more a generalized point of view about GPL violations in general and why it's an incentive to do so:
The economic incentive to violate the GPL
The ongoing fight against GPL enforcement
Also let me make this clear (because I've seen people bring this up before): people here aren't complaining that without source we can't do anything or that our devs REQUIRE it. The point is that the Linux kernel is licensed under the GPL and that our devs SHOULDN'T NEED to work without it. It's free open sourced code. We don't care for the "but HTC has hundreds of phones to support please give them [email protected]!" argument either. The GPL is pretty clear, you can use anything licensed under it but if you release a commercial product with it, source MUST be released and source code is easier to distribute than the binary they built using it. It's a non-issue for them.
Sorry for the massive edit. I just love open source software and the advantages it provides for technology and by proxy -- society. I mean, open source is literally everywhere and I can't stand companies with big bucks being able to "buy" their way out of what open source stands for. If you use something licensed under the GPL you MUST provide source. You don't have a day, you don't have a week. You have to either release it alongside the binary or provide it upon request.
I'm done
Sent from my Nexus 7
Glad to wake up and see this thread!
Thanks for getting this going. But it may be difficult without a direct line to one of the higher-ups. It's taken HTC 3 weeks (and counting) to tell me if the EVO's wifi radio can support channel bonding and short guard intervals on the 5ghz band...which I assumed would be an easy, straight forward question. So that doesn't bode well for a hefty request such as this. Nonetheless, I will join you.
Sent from my EVO LTE
Give me source or give me death!!
Sent from my EVO using xda app-developers app
Getting ready to send my message out to HTC, how's the tone? Any critiques?
Hello,
I am writing to address the current business practice adopted by HTC in which source code is made available to the development community up to 120 days after the official consumer release. While I am a staunch supporter of HTC and its products, I feel that collaboration with the development community can be somewhat lacking in comparison with other manufactures in the same market space. For example, Samsung frequently releases source code prior to or at the same time as the official consumer release of their products and OTA updates. As a result, the open source development for their devices is able to advance much more quickly in comparison to the competing HTC handsets. I have seen this particular issue cause frustration with other users and developers and has influenced some to switch from the EVO 4G LTE to the Samsung Galaxy S3 in order to enjoy the comparatively expedited release of source code from the manufacturer.
I believe one of the main strengths of the Android platform is its open source nature and the fact that there are so many developers willing to provide features and enhancements for those that desire them. Many users share this belief and it is a key factor in their decision to purchase an Android handset. However, in order for the development community to thrive, a timely release of source code is needed. I personally would like to see HTC devices become even more pervasive and I believe that adhering to the GNU General Public License by releasing source code at the same time as, or even prior to, the generally available OTAs would greatly increase the likelihood of acheiving this.
Thank you for your time.
Click to expand...
Click to collapse
premo15 said:
Getting ready to send my message out to HTC, how's the tone? Any critiques?
Click to expand...
Click to collapse
My 2 cent review? Leave out the first paragraph entirely and just send the second. The tone is good, and it says everything you want to say while still being quick and to the point.
fachadick said:
My 2 cent review? Leave out the first paragraph entirely and just send the second. The tone is good, and it says everything you want to say while still being quick and to the point.
Click to expand...
Click to collapse
Na they need to hear it from customers that they recognize that HTC's competitors are releasing their source code much earlier. leave that stuff in there...
sgt. slaughter said:
Na they need to hear it from customers that they recognize that HTC's competitors are releasing their source code much earlier. leave that stuff in there...
Click to expand...
Click to collapse
Fair enough, but do you really think that they don't already know that the other guys are releasing their source code earlier? I think that first paragraph creates a "Samsung is better than you guys" tone that will unnecessarily put them on the defensive in a marketing and pr sense. It will make them address the email as if it's an htc vs samsung scenario, instead of keeping the focus on releasing source earlier and following gpl guidelines. My $0.02 anyway.
fachadick said:
Fair enough, but do you really think that they don't already know that the other guys are releasing their source code earlier? I think that first paragraph creates a "Samsung is better than you guys" tone that will unnecessarily put them on the defensive in a marketing and pr sense. It will make them address the email as if it's an htc vs samsung scenario, instead of keeping the focus on releasing source earlier and following gpl guidelines. My $0.02 anyway.
Click to expand...
Click to collapse
If I recall thats how we took the bootloader unlock to them too...Samsung allows unlocking, and HTC used to not be encrypted at least....then they encrypted and all hell broke loose, and their facebook was completely blowing up for weeks straight....so much that they couldnt' manage all the negative posts on there and eventually released a comment on it and changed their ways...
working on starting a petition now. will update the op with it shortly.
EDIT: still working on it. i set one up but i think it has to be approved first before being put on their site. will update as soon as possible
premo15 said:
Thanks for getting this going. But it may be difficult without a direct line to one of the higher-ups. It's taken HTC 3 weeks (and counting) to tell me if the EVO's wifi radio can support channel bonding and short guard intervals on the 5ghz band...which I assumed would be an easy, straight forward question. So that doesn't bode well for a hefty request such as this. Nonetheless, I will join you.
Sent from my EVO LTE
Click to expand...
Click to collapse
got that covered, check the op. has direct contacts now
My canned response from HTC DEV
:Thank you for contacting HTC regarding Kernel Source code. I know that this code is important to the development community and I will be happy to assist you with the correct information regarding this.
HTC will release source code in accordance with any applicable open source license terms, i.e. GPL v2.0. HTC will typically publish on http://developer.htc.com or htcdev.com the Kernel open source code for recently released devices as soon as possible. HTC will normally publish this within 90 to 120 days. This time frame is within the requirements of the open source community. Other source codes, which are not required to be disclosed by the open source license terms, unfortunately cannot be disclosed by HTC as they may be proprietary to HTC or its licensor.
I hope you enjoy the rest of your week
So I found myself looking around at different smartphone related articles like I always do when I stumbled across one in particular that had me scared! The article was talking about Samsung and Google bringing Knox to android L. We all know how much of a problem Knox has been to us here at the dev community.
Anyways have a look for yourself here
skeezer308 said:
So I found myself looking around at different smartphone related articles like I always do when I stumbled across one in particular that had me scared! The article was talking about Samsung and Google bringing Knox to android L. We all know how much of a problem Knox has been to us here at the dev community.
Anyways have a look for yourself here
Click to expand...
Click to collapse
Hate to break it to you, but knox or no knox it will likely be a step up in security.
Why wouldn't it be?
Call it what ever you want, just make sure you start shopping for a dev edition.
Yes this was reported when they released the L preview because it's the first time they've included Samsung code into AOSP.
Every release of android will be a step up in security, I'm just going to move on from Verizon if it gets to the point where no boot loader can be unlocked.
joshm.1219 said:
Yes this was reported when they released the L preview because it's the first time they've included Samsung code into AOSP.
Every release of android will be a step up in security, I'm just going to move on from Verizon if it gets to the point where no boot loader can be unlocked.
Click to expand...
Click to collapse
The bottom line is that flexibility and customization will always interfere with security and both, fortunately and unfortunately, the latter is one that is of major concern to corporations.
Some of the arguments and measures are over the top but for the most part it part of technology maturing. Rooting a phone for most people here is harmless and enables a purpose, but it also opens the door to circumvent security and encrypted materials from our devices.
It seems Samsung and Verizon are open to creating a "developer" version to allow for justified valid reasons to root and customize, but the more personal and business purposes merge the more security becomes more important over flexibility.
I am not saying this makes it good or that you should like it. But it something that inevitably will continue to progress making it more difficult for complete control of your device.
Capitalism is based on profitability and adoption and if you get large corporation to endorse you methods then you have a huge revenue channel, right, wrong or indifferent.
Hopefully an innovation will come along that will enable the right balance, but only time will tell.
Personally I have recently decided to join BYOD at my work and consequently had to unroot my device, and I have to admit that I miss some aspects, but not enough to give up the convenience of having all I need in ONE device.
Just my $0.02
Well the part that had me concerned was knowing how locked down Samsung devices have become, especially on Verizon and ATT networks. I may be wrong but I think part of the reason we still haven't been able to find an exploit to unlock the bootloader is because of the tightening grips of Knox. Now don't get me wrong I understand that there is a need for security, especially in business with BYOD. I was half scared they were attempting to lock down android to that extent as a whole. As I read further into the article I had learned that some of the Knox feature I was fearing wear hard ware implemented. I think this part from the article pretty much sums it up.
"Even though Samsung is sharing many of the Knox functions with Google on Android L, they will still offer a superior security solution on Samsung devices. This is due to several features requiring deep hardware integration that can only be managed directly by Samsung. As listed on the Samsung Knox blog, the following will remain specific to Samsung:
TrustZone-based Integrity Measurement Architecture (TIMA)
Real-time Kernel Protection
Client Certificate Management (CCM)
Trusted Boot-based Key store
Remote attestation
Trusted Boot
Biometric authentication
KNOX Smart Card Support"
skeezer308 said:
Well the part that had me concerned was knowing how locked down Samsung devices have become, especially on Verizon and ATT networks. I may be wrong but I think part of the reason we still haven't been able to find an exploit to unlock the bootloader is because of the tightening grips of Knox. Now don't get me wrong I understand that there is a need for security, especially in business with BYOD. I was half scared they were attempting to lock down android to that extent as a whole. As I read further into the article I had learned that some of the Knox feature I was fearing wear hard ware implemented. I think this part from the article pretty much sums it up.
"Even though Samsung is sharing many of the Knox functions with Google on Android L, they will still offer a superior security solution on Samsung devices. This is due to several features requiring deep hardware integration that can only be managed directly by Samsung. As listed on the Samsung Knox blog, the following will remain specific to Samsung:
TrustZone-based Integrity Measurement Architecture (TIMA)
Real-time Kernel Protection
Client Certificate Management (CCM)
Trusted Boot-based Key store
Remote attestation
Trusted Boot
Biometric authentication
KNOX Smart Card Support"
Click to expand...
Click to collapse
There is a BIG difference between locked bootloaders and Knox...the bootloader is a proprietary part of the firmware, not the OS...Knox is integrated in the OS....neither have anything to do with the other. Please venture into the T-Mobile, Sprint and International S4 forums to see the effects of Knox. If you do not want a locked bootloader switch to a carrier that does not do it or phones that do not have it. I understand Verizon has even blocked the use of HTCDev on their newer HTC devices and updates. These carriers locking the bootloaders do so to have the most secure phones and be able to go after the military and commercial contracts. So again, do not think Knox has anything to do with the lock down of AT&T and Verizon....that is all between the carrier and Samsung.
m3Jorge said:
The bottom line is that flexibility and customization will always interfere with security and both, fortunately and unfortunately, the latter is one that is of major concern to corporations.
Some of the arguments and measures are over the top but for the most part it part of technology maturing. Rooting a phone for most people here is harmless and enables a purpose, but it also opens the door to circumvent security and encrypted materials from our devices.
It seems Samsung and Verizon are open to creating a "developer" version to allow for justified valid reasons to root and customize, but the more personal and business purposes merge the more security becomes more important over flexibility.
I am not saying this makes it good or that you should like it. But it something that inevitably will continue to progress making it more difficult for complete control of your device.
Capitalism is based on profitability and adoption and if you get large corporation to endorse you methods then you have a huge revenue channel, right, wrong or indifferent.
Hopefully an innovation will come along that will enable the right balance, but only time will tell.
Personally I have recently decided to join BYOD at my work and consequently had to unroot my device, and I have to admit that I miss some aspects, but not enough to give up the convenience of having all I need in ONE device.
Just my $0.02
Click to expand...
Click to collapse
I don't know, I don't understand how it would affect anything if they let a user decide if they wanted their bootloader unlocked for every device.
joshm.1219 said:
I don't know, I don't understand how it would affect anything if they let a user decide if they wanted their bootloader unlocked for every device.
Click to expand...
Click to collapse
Because the users are not always the owners. My work phone is an Apple 5s. But "My" is not really accurate. It's my employer's phone that they give to me to use for work purposes. So I'm the user, but if the owner wants it locked down, that's their prerogative.
Sent from my SCH-I545 using Tapatalk
brizey said:
Because the users are not always the owners. My work phone is an Apple 5s. But "My" is not really accurate. It's my employer's phone that they give to me to use for work purposes. So I'm the user, but if the owner wants it locked down, that's their prerogative.
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
So require owner account access then
I personally think if they did include knox in android L there would still be an option to use fastboot to unlock the device.
xXsquirr3lsXx said:
I personally think if they did include knox in android L there would still be an option to use fastboot to unlock the device.
Click to expand...
Click to collapse
This would be correct. Please see OP linked articled to see what is is actually being implemented here.
What are your thoughts on the "Anti Piracy Support" being implemented into their ROMS
ROM Developers are now starting to implement this "Anti Piracy Support" . Many of them do and some of them don't.
So what is AntiPiracySupport?
Meaning, this will block the installation of pirated apps, malware and patchers.
For you, is it good or bad?
Roms that have AntiPiracySupport builtin:
+ ACIP:
Commits in Github: YES
+resurrectionremix
Commits in Github: YES
+ Exodus:
Commits in Github: YES
+ BrokenOS
Commits in Github: YES
+ My Rom Builds(if no other info is added):
Commits in Github: YES
Roms that don't have AntiPiracySupport builtin now:
+ AOSPA
Commit in Gerrit: NO
+ Official OmniRom:
Commit in Gerrit: NO
For me it is very bad. Because in my country many of the apps I need are blocked and some of it wasnt compatible with mi3. So big no to Anti Piracy Support for me. Sorry developers.
Bitti09 said:
Roms that have AntiPiracySupport builtin:...
Click to expand...
Click to collapse
This might help guys :thumbup:
Any it should be AICP not ACIP hahaha!
Sent from my MI 3W using XDA Free mobile app
Here's my take on this blacklist idea.
At least 40% of the reason I bought my first Android after years of iPhones was for ad blocking. I just don't get the reason for clumsily trying to turn a custom rom into iOS. So I did a little digging and found a discussion about this blacklist from an Exodus dev who wrote "The only real reason not to support this is if you support piracy and stealing from developers."
Maybe someone can tell me whether it's a joke or Dave doesn't understand the issues. It takes little brainpower to deduce that app names can be trivially changed, as we've already seen and can even be seen in the blacklist code. So blacklisting apps by name and hardcoding that in your rom is a losing proposition from the start, right?
To stay up to date somebody would need to track package names and add them manually and hope everyone conveniently forgets the past 3+ decades of battles between malware writers and AV guys, eg when viruses started creating their own pseudo-random names to avoid the crummier scanners which Exodus is trying to emulate. We've already seen this simplistic blacklist approach can't possibly scale. Check the google+ link and you see that Kessler is trying to crowdsource a list of app names to blacklist. What happens when somebody maliciously or mistakenly adds a commonly used, objectively benign app? Who is the final arbiter of which apps get the boot? Quid custodiet ipsos custodes?
Factor in Exodus blocking my fave ad service disabler (probably an Irish app ) and debating whether to block Xposed and you have a powerful user motivation to bypass or completely avoid the blacklist and stop it from removing/disabling legit functionality. It seem likely that roms with Exodus' Anti-Adblock anti-feature will be forked if they're worth using. Not to mention, this blacklist only works if the blocked apps play along & their package names never change, and if the user has no motivation to bypass the blacklist. Extra bonus: v2 of the blacklist will be more like real malware, with obfuscated & closed source libraries.
Dave's false dichotomy is basically saying if you don't want spam or ads or closed source crapware clogging your device then you support piracy. I think Dave should've added, another reason not to support this endeavor is because poorly conceived code that goes against user wishes should ALWAYS be turfed.
tl;dr Why would anybody let this guy decide which apps are ok and which aren't, and using an old-school blacklist too? SMH.
XDA fully supports this. IF you cant pay for an app then you dont need it.
zelendel said:
XDA fully supports this. IF you cant pay for an app then you dont need it.
Click to expand...
Click to collapse
What if you want to use app but first want to check the quality of app or you don't have money for every app?
Sent from my MI 3W using Tapatalk
ashish289 said:
What if you want to use app but first want to check the quality of app or you don't have money for every app?
Sent from my MI 3W using Tapatalk
Click to expand...
Click to collapse
Well then you wait to have the money or use a free version. If there is no free version then you save up the money
Is this gonna be a requirement for rom developers?
I'm not against it. But I think it should be something optional. If the rom developer wants to implement it, that's ok. But I think the consumers should have a right to decide whether the rom supports this or not. I mean, like a democracy, the consumers vote, that's something fair...
zelendel said:
XDA fully supports this. IF you cant pay for an app then you dont need it.
Click to expand...
Click to collapse
Can you speak for the whole XDA community? hehehe Anyways you've got a point there.
But I don't see the point of doing apps developer's job. If they want anti-piracy security for their apps they'll get it (built in), unless it's an offline app. So I wouldn't bother trying to prevent the inevitable...
ChazyTheBest said:
Is this gonna be a requirement for rom developers?
I'm not against it. But I think it should be something optional. If the rom developer wants to implement it, that's ok. But I think the consumers should have a right to decide whether the rom supports this or not. I mean, like a democracy, the consumers vote, that's something fair...
Can you speak for the whole XDA community? hehehe Anyways you've got a point there.
But I don't see the point of doing apps developer's job. If they want anti-piracy security for their apps they'll get it (built in), unless it's an offline app. So I wouldn't bother trying to prevent the inevitable...
Click to expand...
Click to collapse
Well your first mistake was thinking you are a consumer. Not in the least. Nor do users have a say in what rom devs put in their roms. Roms are built by people for personal use and then shared to be nice. If you dont like it then you are more then welcome to build your own rom.
Second mistake was thinking it is a democracy. Its not. Users really dont have a say in what rom devs put in their roms.
All I can say is that XDA stands behind this and anything that is used to get around it is banned from the site for good.
zelendel said:
Well your first mistake was thinking you are a consumer. Not in the least. Nor do users have a say in what rom devs put in their roms. Roms are built by people for personal use and then shared to be nice. If you dont like it then you are more then welcome to build your own rom.
Second mistake was thinking it is a democracy. Its not. Users really dont have a say in what rom devs put in their roms.
All I can say is that XDA stands behind this and anything that is used to get around it is banned from the site for good.
Click to expand...
Click to collapse
Sorry for the misunderstood, but I said it because I read rom developers ask for features and bugfixing. So I'll take it as it depends on the developer... some devs are like you said and some others "really care" about what users need/want.
ChazyTheBest said:
Sorry for the misunderstood, but I said it because I read rom developers ask for features and bugfixing. So I'll take it as it depends on the developer... some devs are like you said and some others "really care" about what users need/want.
Click to expand...
Click to collapse
Have you really ever seen Real developers ask this? No. The only ones that do are the ones that do nothing more really then cherry pick other roms commits. There are very few real developer teams around. The rest are what we like to call winzip wizards or compile wizards.
The ones that "really care" As you say are only really doing it for donations. I know it is hard to understand in this forum as there are none of the big teams here as none of them are willing to touch Xiaomi Devices. Heck I know I am not even allowed to use one due to my job.
In the end it is up to the dev to add this if they wish but ill let you in on a secret. Most devs are working closely with each other to make this better. There is even a commit that blocks xposed frameworks.
As XDA stand completely behind it and against warez most of the things that this targets are already banned on the site. Things like lucky patcher and freedom. Both are forever banned on the site.
zelendel said:
Have you really ever seen Real developers ask this? No. The only ones that do are the ones that do nothing more really then cherry pick other roms commits. There are very few real developer teams around. The rest are what we like to call winzip wizards or compile wizards.
The ones that "really care" As you say are only really doing it for donations. I know it is hard to understand in this forum as there are none of the big teams here as none of them are willing to touch Xiaomi Devices. Heck I know I am not even allowed to use one due to my job.
In the end it is up to the dev to add this if they wish but ill let you in on a secret. Most devs are working closely with each other to make this better. There is even a commit that blocks xposed frameworks.
As XDA stand completely behind it and against warez most of the things that this targets are already banned on the site. Things like lucky patcher and freedom. Both are forever banned on the site.
Click to expand...
Click to collapse
Very good explanation. Now I see it from that point of view, you are right.
@zelendel:
I certainly have supported and I am prepared to support more app developers who provide me free software (free as in freedom not free beer), and I'm not interested in buying closed source apps from the playstore, so I'm not really affected by this issue, but seriously? Preventing users from running the software they want on their phone? These opinions are grossing me out. Thankfully (and this might have been one of the most important advances in whole history) the creators of the software that most of our Android world is based on, have shown more wisdom and created the GPL, that forces everyone who wants to be part of this world to open source and to free their own variations of it, so thankfully people will always be able to remove components that restrict the user.
This is not a stance to enable privacy. This is a stance to oppose everybody who wants to place technical faculties in my OS that are able to prevent me from running whatever code I want (because at that precise moment, I do no longer own a personal universal computer). If enabling piracy is a side effect of preserving the freedom of an OS, then it's a small price to pay to preserve freedom. Thankfully again, it will always be possible to remove components from GPL software, even for "compiling wizards".
TinkoB said:
@zelendel:
I certainly have supported and I am prepared to support more app developers who provide me free software (with free as in freedom not free beer), and I'm not interested in buying closed source apps from the playstore, so I'm not really affected by this issue, but seriously? Preventing users from running the software they want on their phone? These opinions are grossing me out. Thankfully (and this might have been one of the most important advances in whole history) the creators of the software that most of our Android world is based on, have shown more wisdom and created the GPL, that forces everyone who wants to be part of this world to open source and to free their own variations of it, so thankfully people will always be able to remove components that restrict the user.
This is not a stance to enable privacy. This is a stance to oppose everybody who wants to place technical faculties in my OS that are able to prevent me from running whatever code I want (because at that precise moment, I do no longer own a personal universal computer). If enabling piracy is a side effect of preserving the freedom of an OS, then it's a small price to pay to preserve freedom. Thankfully again, it will always be possible to remove components from GPL software, even for "compiling wizards".
Click to expand...
Click to collapse
See you are missing one thing. The fact that android is not licensed under the GPL. Only the Android kernel is under the GPL. The rest is apache, which means they can close source any part of the os they want. This is why things like Sense, Touch wiz, Zen, miui and all the others are closed sourced.
Guys whenever you create something with so much hardwork then you expect something in return of it. But if someone stealing those things then obviously you will oppose rather than allow it.
Open source has its own benefit and disadvantages. We have to decide in what way we have to use these things. Developers are protecting their hardwork. And its their right. We can't tell them what to do and what not to do.
zelendel said:
See you are missing one thing. The fact that android is not licensed under the GPL. Only the Android kernel is under the GPL. The rest is apache, which means they can close source any part of the os they want. This is why things like Sense, Touch wiz, Zen, miui and all the others are closed sourced.
Click to expand...
Click to collapse
Yeah with "most" i was referring to the Linux Kernel, which I consider the most important part, as an environment to run APKs could theoretically be substituted. But even the Apache Licence for the Android project is OK for the purpose of retaining the user freedom, although the GPL would obviously be preferable. The most problematic part as far as I can see is the proprietary framework, but at least there are people willing to tackle that issue, like the μg Project..
@vishal24387:
It's well known, that someone who is giving larger contributions to an important free software project will get hired pretty fast. Please tell me of any disadvantage of Open Source (or more importantly of free/libre software, OpenSource without free licences is problematic of course).
Developers are free to think of ways to protect their software. That must not include having OS developers place restrictions on users who aren't even interested in their software.
A developer who believes that's the right way to protect his software can include those restrictions in his own binaries and use some of the Google API features to identify his paying users. In that case the issue of restricting the users freedom only affects those users who run that kind of non-free software.
TinkoB said:
Yeah with "most" i was referring to the Linux Kernel, which I consider the most important part, as an environment to run APKs could theoretically be substituted. But even the Apache Licence for the Android project is OK for the purpose of retaining the user freedom, although the GPL would obviously be preferable. The most problematic part as far as I can see is the proprietary framework, but at least there are people willing to tackle that issue, like the μg Project..
Click to expand...
Click to collapse
Not sure how you see that. The license states that they can do anything they want to the source and completely close it off like the privacy guard. They are making it closed sourced and there are many devs working on it to make it even stronger.
If you agree wit it or not really doesnt matter a whole lot. XDA is against warez and will support anything and everything to prevent the use of it. Like the module that disables the privacy guard which is now banned on XDA.
Not sure how you see that. The license states that they can do anything they want to the source and completely close it off like the privacy guard. They are making it closed sourced and there are many devs working on it to make it even stronger.
Click to expand...
Click to collapse
The only Privacy Guard I'm aware of is a free software encryption tool, what component are you referring to specifically?
As long as the Free Software part of Android stays usable, closed source components are not an issue and can be removed. I don't care how many devs are making a closed source component stronger, as long as I can remove it from my system.
As soon as that's no longer an option, there'll definitely be forks to continue to be able to have projects like replicant.
If you agree wit it or not really doesnt matter a whole lot. XDA is against warez and will support anything and everything to prevent the use of it. Like the module that disables the privacy guard which is now banned on XDA.
Click to expand...
Click to collapse
Anything and everything? If it's at the cost of the users freedom I'll regret my former donation to XDA and have to hope for it's downfall in the long run, but I'm pretty sure not everybody at XDA shares those drastic opinions.
For the most important and tedious parts, like fixes in drivers that are part of the GPL licenced kernel any work on XDA can be used by those who don't want to use certain other components even if all of XDA would endorse them (and I do not believe that's the case).
TinkoB said:
The only Privacy Guard I'm aware of is a free software encryption tool, what component are you referring to specifically?
As long as the Free Software part of Android stays usable, closed source components are not an issue and can be removed. I don't care how many devs are making a closed source component stronger, as long as I can remove it from my system.
As soon as that's no longer an option, there'll definitely be forks to continue to be able to have projects like replicant.
Anything and everything? If it's at the cost of the users freedom I'll regret my former donation to XDA and have to hope for it's downfall in the long run, but I'm pretty sure not everybody at XDA shares those drastic opinions.
For the most important and tedious parts, like fixes in drivers that are part of the GPL licenced kernel any work on XDA can be used by those who don't want to use certain other components even if all of XDA would endorse them (and I do not believe that's the case).
Click to expand...
Click to collapse
Then what your missing is the new privacy guard which is coded into the base OS which prevents things like freedom, lucky patcher and every warez market known at the time with more being added every day.
Maybe not everyone. Most users in China and India (Where warez are common place) dont really agree with it but all the mods have talked about it and agree Warez is not something XDA has now or ever will support.
This is not kernel based. That is what you are missing. This is coded into the base OS. The part that is not covered by the GPL.
https://www.reddit.com/r/Piracy/comments/3eo8sj/antipiracy_measures_on_android_custom_roms/
Also remember that we are a developer forum. Made for and by developers. So we will back any and everything that rips them off of their rights to protect their software from being pirated.
Does anyone care about the presence of Trojans, viruses, sniffers and malware in custom firmwares?
Depends on what kind of danger you're thinking about.
If you feel threatened in the sense of being tracked and having your personal information collected by "Big Brother", then you are primarily threatened by the factory software.
If you feel threatened by misuse of your accounts or misappropriation of funds, you may be more concerned about this with custom ROMs.
Declaring a ROM "OFFICIAL" does not guarantee anything. It's a community ROM and nobody watches the code in detail. Most custom ROMs are open development projects.
In that respect, I see perhaps only Lineage OS as closed. So I would look at it as a factory ROM. If it is OFFICIAL from the creators website.
To keep everything safe, don't use your phone to make payments, to access your bank account and for your accounts with the most sensitive data.
All this is not to say that every ROM is actually dangerous.
I'm just saying it's not really safe either.
Always monitor your assets to detect account breaches fast. Have a backup plan in place and act asap if breached.
Stock firmware is released on a large number of devices so it has a lot of eyes scrutinizing it.
Look what Apple is proposing to do.
No warrant searches of all their devices.
Apple Will Scan iPhones for Illegal Child Abuse Images, Sparking Privacy Debate
Apple announced Thursday it is planning to scan all iPhones in the United States for child abuse imagery, ...
m.theepochtimes.com