Related
Many of you have probably already read the news:
Apple, Google Receive Phone Users' Locations
I must say, they're doing it to a degree beyond what most of us may have assumed was taking place.
How can we stop this? Do we know if cooked ROMs also do it?
Update 4/25/2011 5:00PM ET:
- Here's how I stop Android from phoning home.
- I dont' use this, but here's a sweet google removal script.
- A seperate thread for discussion: Why the data Android sends to Google is less anonymous than Apple's implementation
Update 4/26/2011 9:25PM ET:
- [Q] How do we protect our Android device from the CelleBrite UFED?
Update 6/8/2011 5:24PM ET:
- Use Autostarts to stop apps from opening behind your back!
Its not that they care where you are personally, you're more of an anonomous statistic to them. They use these huge mountains of collected data to decide which markets are the most potentially lucrative fir them to invest their zillions of dollars of advertising and marketing money into. You and I will likely never be directly affected by our locations being disclosed, save for more accurate search suggestions from our google search widgets.
Sent from my HTC HD2 using XDA App
I'll ask again to try and keep this thread on topic. Anyone who wants to discuss why the companies do it is free to start another thread and discuss that there.
How can we stop this? Do we know if cooked ROMs also do it?
Droidwall...
I was so mad when I heard what they were doing, I wanted to throw my phone out the window. How is it even legal for them to do this, regardless of where its anonymous or not its still bs and I want that crap off my phone. I am a newb to the whole android and software thing and I wish I could help.
There out to find your house and steal your prized poodle. Honestly if its for marketing then it what it is. Honestly if you want to get mad at something, get mad at T-Mobile for throttling 4G speeds. I see what your saying but I would like them putting the right ads for my area and know quickest way to the quickie-e-mart.
Also we are using their OS.
Every other OS is monitored also.
Sent from my UD Glacier
What's with the useless comments defending these companies?
Can anyone answer the question - DO cooked ROMs also track your location?
According to this article, Android tracks the last 50 mobile masts and last 200 WiFi networks.
This is a problem, anyone have the solution?
I found this comment on one of the articles, does this explain it?
All mobile phones keep a record of the locations and unique IDs of the most recent mobile masts that it has communicated with. It's called the neighbour cell list and normally it enables the phone to connect to the network more quickly than it otherwise would. GSM mobile phones have done this since about 1992.
To see the benefits storing the neighbour cell list compare the time it takes a mobile to find a network after it is switched on in a new location, e.g., after a long flight, with the time it takes to find a network when the phone is switched on in the location where it was switched off.
The difference in the iPhone case is that the iPhone is keeping this information for such a long period of time.
Click to expand...
Click to collapse
wrapper said:
I found this comment on one of the articles, does this explain it?
Click to expand...
Click to collapse
That is about the iPhone storing, not about a device sending GPS location data day and night.
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.
There's a related app named HiSurfing, but one reviewer says that does not work as well as DroidWall. Seems DroidWall does a better job of keeping things from slipping out when they've been blocked.
Darnell_Chat_TN said:
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.
Click to expand...
Click to collapse
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.
I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.
wrapper said:
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.
Click to expand...
Click to collapse
Yea, it uses a different listing number on my device, but "Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync" may be the one to disable to stop the device from phoning home. I sync my data locally (via MyPhoneExplorer), so I can't think of any personal need for those, I've disabled that from all network and WiFi connectivity.
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.
Darnell_Chat_TN said:
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
Click to expand...
Click to collapse
That's because DroidWall is just an interface for iptables, the built-in firewall. So your battery life will not change at all, that's correct.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.
Click to expand...
Click to collapse
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.
frosty_ice said:
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.
Click to expand...
Click to collapse
Or turn on my router's logging and check there, yea either of those would work.
Not sure if/when I'll get around to it .
droidhell said:
I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.
Click to expand...
Click to collapse
that seems like the best app if it works, any way to verify?
slapshot136 said:
that seems like the best app if it works, any way to verify?
Click to expand...
Click to collapse
I'm new to Droid, I really don't know how to test and see, it does stop other app really well, as far as a OS I don't know.
From what i here it's all stored in a location history file.
One simple solution might be to routinely delete this file.
Doesn't exactly solve the problem.
Might we consider expanding the subject to protecting our privacy? If not, I apologize in advance, as I think it is all connected.
It is probably Darnell's call, as he started the thread.
In the meantime, please consider this article: http://bit.ly/gCynrh
So let me understand this. I buy access to a network for my phone, which I also paid for. My location information, which is the result of my purchases is being used to generate income. So I'm allowing my spent cash to generate data and be leveraged to generate income. My information wouldn't exist with out my investment in the technology, so I own it.
I'm paying to be stalked !!!
Reduce my bill, provide remuneration for my investment in this technology, prove that it's anonymous, remember since I paid for the means to generate the data- the data belongs to me.
BTW for $1.50 I'll wire the battery to switch off, try getting data then.
I'd rather have an app which monitors my relevant info and bills the users for access to it.
Anyone tried it ? What are the first impressions ?
http://developer.android.com/guide/google/gcm/index.html
pandata000 said:
Anyone tried it ? What are the first impressions ?
http://developer.android.com/guide/google/gcm/index.html
Click to expand...
Click to collapse
Why should anybody want this?
Well, it depends from the app, iOS has push notifications (which are almost the same), and this one will be good if you want to send messages to users app remotely - for example alerting them for event or something ....
pandata000 said:
Well, it depends from the app, iOS has push notifications (which are almost the same), and this one will be good if you want to send messages to users app remotely - for example alerting them for event or something ....
Click to expand...
Click to collapse
But you could have done this without google... push notifications do not require a server by google (however you need one, but that shouldn't be the problem these days)
iOS and Windows Phone both have an OS dependant push notification service. That's simple because you have (or had) no internet connection from background apps on those OSs - so the only way to reach an app is via push using apple/microsoft servers - android does not have this restriction - so why give your/your user's data to google?
MaR-V-iN said:
....... the only way to reach an app is via push using apple/microsoft servers - android does not have this restriction - so why give your/your user's data to google?
Click to expand...
Click to collapse
To avoid having background tasks and permanent connections that would degrade the performance of the device.
However, I don't feel that sending a push message that just tells the user that there's new stuff in the app hurts or discloses any private info. Even, thanks to Android, you could use the push notification to "awake" the app, then the app connects silently to your own server to get the info it needs, without google knowing, and closing the connection right after.
mocelet2000 said:
To avoid having background tasks and permanent connections that would degrade the performance of the device.
Click to expand...
Click to collapse
That's not correct - you just give away the background task / permanent connection to another application, it's still needed. Moreover, with using this "service" you force your users to have gapps installed (and currently also JB, as gcm is currently only available in the newest Google APIs)
mocelet2000 said:
However, I don't feel that sending a push message that just tells the user that there's new stuff in the app hurts or discloses any private info.
Click to expand...
Click to collapse
If its only a tickle to notify the app that there is sth to update its not a privacy problem. But gcm allows you to send 4k of payload - this could be a private or chat message. (google gives such an example: http://developer.android.com/guide/google/gcm/adv.html#payload )
mocelet2000 said:
Even, thanks to Android, you could use the push notification to "awake" the app,
Click to expand...
Click to collapse
That's right, but the question is if I - as a user for now - want this. Should the app developer (and Google!) be able to start apps on my phone to do things?
mocelet2000 said:
without google knowing
Click to expand...
Click to collapse
I'm not going to tell you that google will know about it - it's up to you to find this out.
I agree, being not universal is a problem. But I prefer just an open connection to a notification server than many connections and multiple background services that developers might have not optimized.
Regarding what Google knows or not, it actually has nothing to do with GCM
mocelet2000 said:
I agree, being not universal is a problem. But I prefer just an open connection to a notification server than many connections and multiple background services that developers might have not optimized.
Click to expand...
Click to collapse
GCM does not stop developers from doing **** with their background services.
You might be right, that one connection is better than many, however it is important to see, that most traffic on android devices today is with google servers - even if your mails are not there. All this traffic is not done with a single connection, but often many parallel connections. So google should optimize thier own things, else this is useless to me, as i do not need those google apps and i would have less connections with every other app using their own connection than with google apps installed.
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Thanks ✟
Moving to Q&A
MaR-V-iN said:
GCM does not stop developers from doing **** with their background services.
You might be right, that one connection is better than many, however it is important to see, that most traffic on android devices today is with google servers - even if your mails are not there. All this traffic is not done with a single connection, but often many parallel connections. So google should optimize thier own things, else this is useless to me, as i do not need those google apps and i would have less connections with every other app using their own connection than with google apps installed.
Click to expand...
Click to collapse
However GCM is just an additional option for developers, which itself is good. The C2DM was a poor try to make things done. I hope this time its better
pandata000 said:
However GCM is just an additional option for developers, which itself is good. The C2DM was a poor try to make things done. I hope this time its better
Click to expand...
Click to collapse
GCM is just an additional option for developers who want to make their apps incompatible with AOSP. However as there still are developers out there that do not know what AOSP is, they do not know that using GCM makes them incompatible. So GCM is not good at all, because it may be used "accidentally" by those developers.
So GCM is even worse than the pendants for iOS or WP, because there the push service is available for everyone.
MaR-V-iN said:
GCM is just an additional option for developers who want to make their apps incompatible with AOSP. However as there still are developers out there that do not know what AOSP is, they do not know that using GCM makes them incompatible. So GCM is not good at all, because it may be used "accidentally" by those developers.
So GCM is even worse than the pendants for iOS or WP, because there the push service is available for everyone.
Click to expand...
Click to collapse
Agree ! But without any other alternatives, it's still an option
pandata000 said:
Agree ! But without any other alternatives, it's still an option
Click to expand...
Click to collapse
There is an alternative: write your own stuff. A push server is not that complicated. As you propably already got a server (because i dont think you want to send GCM pings from your home ) you got all you need, to not use GCM.
Hello
Google Cloud Messaging apparently not working on my device. Reported by a web service (not from Google but using GCM). Why?
My Google account fully configured and all used services assigned and working.
Where's the problem??
This is used by a few big developers. In their own apps. One of the biggest being AOKP with their AOKP push app.
Wayne Tech Nexus
In new Cyanogenmod Google CloudMessaging been used. CM 10 encodes SMS and these SMS been send per Google Cloud Messaging. CM is Open Source so you can get tipps from there
Hi all,
I am moving into a shared accommodation soon and will be sharing a wifi network with a few other people and whilst I hope I can eventually trust them I would prefer to keep possible access to my account and password details at a minimum to begin with. I have tried a forum and google search but information seems to be focused around not using sensitive data on public wifi networks.
What I need to know is how can I block someone on my wifi network from snooping on my accounts and internet browsing whilst using the samsung galaxy s2. I'm sure some of this also crosses over with normal pc/mac safe practice and I'm sure there are many people/students that would find this information very useful. Thank you in advance and by the way I am rooted.
Anyone?
Sent from my GT-I9100 using xda app-developers app
Is incognito browsing using the android chrome browser enough?
How about a proxy server?
Solved, I think the TOR (Orbot) app seems like a good way to go.
theinstagator said:
What I need to know is how can I block someone on my wifi network from snooping on my accounts and internet browsing whilst using the samsung galaxy s2. I'm sure some of this also crosses over with normal pc/mac safe practice and I'm sure there are many people/students that would find this information very useful. Thank you in advance and by the way I am rooted.
Click to expand...
Click to collapse
You should consider different kinds of traffic:
1- Unsecure unimportant traffic. I don't care if someone else snoop the web pages I'm reading from accuweather or XDA.
2- Secured traffic. Anything HTTPS is safe. People could figure out you're accessing your bank's site, but can't know what you're doing there.
3- Unsecured important traffic. If you send login or other personal information without using encryption (https), that's problematic. A secure proxy / VPN can help here. There shouldn't be much in that category though.
4- Bad traffic. If you want to google how to kill kittens and sell organs, use Tor whether or not you're on shared wifi.
Tor's always good, and the more people use it the better it gets, but it's slow. You might not want to use it all the time.
androidpicks said:
You should consider different kinds of traffic:
1- Unsecure unimportant traffic. I don't care if someone else snoop the web pages I'm reading from accuweather or XDA.
2- Secured traffic. Anything HTTPS is safe. People could figure out you're accessing your bank's site, but can't know what you're doing there.
3- Unsecured important traffic. If you send login or other personal information without using encryption (https), that's problematic. A secure proxy / VPN can help here. There shouldn't be much in that category though.
4- Bad traffic. If you want to google how to kill kittens and sell organs, use Tor whether or not you're on shared wifi.
Tor's always good, and the more people use it the better it gets, but it's slow. You might not want to use it all the time.
Click to expand...
Click to collapse
Thanks for your reply, I had given up hope that anyone would reply to this. Would TOR also encrypt app traffic as well? For example I have read about an app for android that you can get/compile that would allow you access to someones facebook account if they were on the same wifi network.
In reference to your point 2 about secured traffic, I'm curious about about what dangers there are that we are warned about when using public wifi if important HTTPS sites traffic is encrypted?
Even if the webpage is secured by AES-256 bit key and you're browsing it on unsecured network, you're still vulnerable to attacks.
Hi,
I've been assigned to set up my schools tablet system. I've got to somehow build a login system that can login the user, then send the login details to a network folder, and then after a set interval log the user out again and lock them out from logging in again that same day. I know a bit about android roms but not that much about apps. Anyone who want's to GUIDE me on how to do this? I'd really like to create something myself with the help of others and not get something prebuilt.
Thanks in advance,
Shadow
Do you have programming experience in general?
If you send info to a network folder how would you prevent a user from connecting to the network and changing the network folder manually?
Bikonja said:
Do you have programming experience in general?
If you send info to a network folder how would you prevent a user from connecting to the network and changing the network folder manually?
Click to expand...
Click to collapse
I don't really have any experience programming. I'm learning Java right now. And the system is for a primary school, so unless these kids are geniuses I don't think they'll change the network folder.
ShadowCodeGaming said:
I don't really have any experience programming. I'm learning Java right now. And the system is for a primary school, so unless these kids are geniuses I don't think they'll change the network folder.
Click to expand...
Click to collapse
In that case, I think it's a pretty great project to learn Android development for a programmer. But since you're not a programmer, you will need to learn Java before...
But also, you'd be surprised what kids these days are doing.. With a simple download of Wireshark and the likes of it, snooping network traffic, etc... It really isn't rocket science anymore. But if it's not absolutely imperative that no student ever beats the system that really makes it a great learning project.
Unfortunately, I do not have time to properly and fully guide you through the whole process as I'd like, but for any direct question you have, I'll help as much as I can.
I assume you have some kind of deadline? How much time do you have for it?
Bikonja said:
In that case, I think it's a pretty great project to learn Android development for a programmer. But since you're not a programmer, you will need to learn Java before...
But also, you'd be surprised what kids these days are doing.. With a simple download of Wireshark and the likes of it, snooping network traffic, etc... It really isn't rocket science anymore. But if it's not absolutely imperative that no student ever beats the system that really makes it a great learning project.
Unfortunately, I do not have time to properly and fully guide you through the whole process as I'd like, but for any direct question you have, I'll help as much as I can.
I assume you have some kind of deadline? How much time do you have for it?
Click to expand...
Click to collapse
I have about a month for it.
Sent from my Sense 5 powered HTC Sensation
Well, that will definitely make you cut corners in your learning...
You'll either need lots of help from somoene experienced or use something prebuilt...
Hopefully there's someone here (or somewhere) who has the time and knowledge to help you. As I said, I can give you straight answers with a little bit of help, but guiding you through the whole project is unfortunately out of my available free time...
Another piece of helpful information for potential people to guide you though would be what exactly does "login" mean in the sense of will the tablet be unusable/locked while not logged in? While there be some apps locked? Will the tablet be "normal", but the login allows the user to access within the same login app some other stuff? Etc... This could potentially significantly change the weight of the project.
Bikonja said:
Well, that will definitely make you cut corners in your learning...
You'll either need lots of help from somoene experienced or use something prebuilt...
Hopefully there's someone here (or somewhere) who has the time and knowledge to help you. As I said, I can give you straight answers with a little bit of help, but guiding you through the whole project is unfortunately out of my available free time...
Another piece of helpful information for potential people to guide you though would be what exactly does "login" mean in the sense of will the tablet be unusable/locked while not logged in? While there be some apps locked? Will the tablet be "normal", but the login allows the user to access within the same login app some other stuff? Etc... This could potentially significantly change the weight of the project.
Click to expand...
Click to collapse
The login app basically needs to act as a launcher so that when people unlock the device they have to login to proceed to the homescreen.
In that case, I have no experience with developing custom launchers/lockscreens which would be the best solution. Hopefully someone who has experience and knowledge in that field will help you. You would also need to disable installation of custom launchers/lockscreen because that would easily override your lock so it makes the project actually not that basic and out of my domain, I'm sorry.
Sent from my HTC Desire using xda app-developers app
Bikonja said:
In that case, I have no experience with developing custom launchers/lockscreens which would be the best solution. Hopefully someone who has experience and knowledge in that field will help you. You would also need to disable installation of custom launchers/lockscreen because that would easily override your lock so it makes the project actually not that basic and out of my domain, I'm sorry.
Sent from my HTC Desire using xda app-developers app
Click to expand...
Click to collapse
It doesn't need to be a fully fledged launcher, it just needs to appear when pressing the home button
Sent from my Nexus 7 using Tapatalk
But does the tablet need to be disabled if not logged in? If so, I'm not sure this could be achieved without a lockscreen/launcher and even then what if the user goes to apps and changes the default launcher... Hmmm...
Sent from my HTC Desire using xda app-developers app
It just needs to be the default launcher, not really much else. Settings and other unnecessary apps will be disabled using the multi account feature
Sent from my Nexus 7 using Tapatalk
ShadowCodeGaming said:
It just needs to be the default launcher, not really much else. Settings and other unnecessary apps will be disabled using the multi account feature
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
Hm, I'm reading up a bit on the multi account feature and it seems that users can still change some settings and install apps and also the feature itself seems to be available only on some devices so you might want to check for all this (installing apps might be a problem if a user can install another launcher instead of the current one). I don't have a multi-account capable device to check that out.
I'm guessing that whatever the case may be, the code for login would be the same so you might want to get started with a simple android app that just does the login (without actually logging in meaning anything) so you have that code ready. Until then, hopefully you, me or someone more experienced will think of what would be the easiest way to achieve the locking out and triggering the login and logout.
Bikonja said:
Hm, I'm reading up a bit on the multi account feature and it seems that users can still change some settings and install apps and also the feature itself seems to be available only on some devices so you might want to check for all this (installing apps might be a problem if a user can install another launcher instead of the current one). I don't have a multi-account capable device to check that out.
I'm guessing that whatever the case may be, the code for login would be the same so you might want to get started with a simple android app that just does the login (without actually logging in meaning anything) so you have that code ready. Until then, hopefully you, me or someone more experienced will think of what would be the easiest way to achieve the locking out and triggering the login and logout.
Click to expand...
Click to collapse
It works on the nexus 7, which is the tablet we're going to use
Sent from my Nexus 7 using Tapatalk
It's its called data gospel
I put this it in Android system hacking feel free to move it around any other place. But this service showed up as a system service
data_gospel
then I've dug a few more details about it
And the name showed up very suspicious.
Does anyone have a clue what what this thing does.
needless to say for the time being I am disabling this
See the attached screenshot
Sent from my JY-S3 using XDA Free mobile app
data_gospel app removal
Hi, I found data_gospel showed up as a threat when I scanned the phone with ESET security. I used System App Remover from the Play store to delete the app and the phone works perfectly well without without it!
[/B]
sieger007 said:
It's its called data gospel
I put this it in Android system hacking feel free to move it around any other place. But this service showed up as a system service
data_gospel
then I've dug a few more details about it
And the name showed up very suspicious.
Does anyone have a clue what what this thing does.
needless to say for the time being I am disabling this
See the attached screenshot
Sent from my JY-S3 using XDA Free mobile app
Click to expand...
Click to collapse
These types of things are normal for China based devices. They have things built in that allow them to monitor what people do with their devices. Just something you will get used to if you buy devices from China.
it's a similar or sometime worse deal from US based cell phones. example there is a process called Google backup transport or something like that and another one that is so nice specific called g a proxy that stands for Google Analytics proxy and both these processes connect to Google servers to transmit your data everybody wants to be big brother watching over you
but the Chinese ones are very surreptitious and hard to detect if they come embedded along with the stock OS which does not report them as being Malware