Related
DISCLAIMER:
This is totally academic, and I only pose the question as that of mere curiosity.
In no way do I mean to accuse any developer here or elsewhere of intentionally or otherwise installing malicious software in our ROMs. Not trying to start a flame war or anything.
What is the possibility that a rogue ROM creator would or could install malicious content on one of our devices? What kind of things would we look for to indicate that our device may be compromised? Perhaps packet sniffing for the extra paranoid.
I am the type that, when I see something that doesn't look normal, I question it. That said, I am a very experience Linux, *BSD, and Solaris administrator; but my experience with Android is just blooming. So I might not know where to look in the Android filesystem, or know which processes may be irregular.
I did some Googling but haven't found anything to indicate this has happened before (thank God). Are there self-checks in Android to prevent this from happening? Call me paranoid, but I just like to know what's going on.
Do the "anti-virus" softwares in the App market actually help with this?
Again just curious. I heard about some apps on the Market that Google had to remotely erase. And I believe I am correct in understanding that Google isn't as restrictive with its applications as Apple.
Any takes on this?
Antivirus and Task killers all that are garbage and slow your phone down. You won't have to worry about that happening on this site.
It depends if he/she is an asshole...
The first "viruses" for android were because people were downloading paid apps on the internet, from some site in china, that had viri put into those apps that people were downloading.
Just dont get on the bad side of a dev.
adrynalyne said:
Just dont get on the bad side of a dev.
Click to expand...
Click to collapse
LOL! I'll make sure not to do that!
I know that task-killers are BS. I figured the anti-virus was a gimmick, too. As far as for self-replicating viruses on the phones I doubt that will occur.
I'm more worried about malware in the form of a sleeper-trojan that calls home with my personal phone information, or gets added to some jack-asses botnet for DDoSing.
That was a worry of mine when I first came to this site, but the dev's I download from I find quit professional. I have since just started to dig into roms trying to port them to the tb, and compare the contents and begin to see what is normally packed in the zip. I have never found a dev on this site attempt to introduce malware. I have seen some intro warz but the site immediately banned them. The site has banned devs for not giving credit were credit is due, and opening multiple accounts in a way to circumvent the system.
This site is great for all, and they do their best to keep everyone honest.
I've been here and ppcgeeks for nearly 3 and 1/2 years, both with winmo and android, and I have never had an issue. It seems that these sites really do the best they can to catch things before they happen. Personally, I can't say enough about our devs. They're great, and they do a good bit of work for people who are honestly not thankful enough to them. I personally don't think you will ever have an issue, as I haven't. And I download tons of stuff from here and other places.
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
I've always been curious of this myself. I am no advanced Linux administrator (yet), just an aspiring IT student. I would think the best people to ask would be the developers themselves, though.
funkybside said:
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
Click to expand...
Click to collapse
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Actually I believe it has happened at least twice. Once by accident, and once there may have been malicious code put into a rom that was set as bate for code thieves.
The first one was stupid, an update agent was left in the rom, and an update got pushed that loaded the phone browser to a certain site (it was not a bad site either). This effected a VERY minor few, as you had to have a certain version of a rom, and have rebooted over a very specific point in time.
The latter I will not go into as I do not know the specifics, or the validity of any of what happened.
g00s3y said:
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Click to expand...
Click to collapse
Sorry if my post offended you and no disrespect intended, but I think you are mistaken. The question of whether or not something "can happen" is fundamentally different from the question of whether or not anyone is actually doing it. Also, saying that any "experienced Linux admin should already know how to check for these things" is in poor taste; it's a personal attack that adds no value to the discussion. The idea here is to address the OPs question as a purely acedemic thought experiment; there is no implict reference to the morality of the developers here...
Perhaps we should ask the same question in a differnet way:
If net-sec researcher working at SANS wanted to test expolitation vectors against their own personal HTC Thunderbolt. Is it physically possible for them to build a custom ROM and/or Kernel such that this custom module includes malicious code that executes automatically after installed on the device?
I'd be highly surprised if anyone claims the answer is no. If the kernel itself is custom, anything the hardware can do is fair game...
Concerning the question of how to know if anything is happening, since we're talking about the firmware itself, it would be difficult to do anything in userspace with confidence. To be really sure, you'd likely need to sniff traffic (both mobile and wifi) as well as physically monitor the hardware's debug output (and perhaps even the circuit traces themselves). With a comprimized kernel, you can't trust anything running throuh the operating system's APIs.
It's very doubtful that any reputable developer on XDA would do this. Impossible? No. But XDA is the kind of place where something like this would be discovered very quickly and spread like wildfire.
Now, some unknown developer, on a random website? While I havent come across this yet, I'd say: More likely.
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
funkybside said:
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
Click to expand...
Click to collapse
I think you are right. As long as there is superuser access, then basically anyone with su can pretty much to anything to your phone.
At least that's my take on it.
I'm new to android in general and XDA in particular, so please forgive my ignroance (and yes I will try searching), but this makes me wonder: Do the established developers of custom ROMs and Kernels release their source code? I'd imagine the same terms of the GPL that require HTC to release their source would also require anyone building custom Kernels to do the same. Is this also true for ROMs?
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
nerozehl said:
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
Click to expand...
Click to collapse
Agreed that the liklihood of stuff here being questionable is low, but the simple fact that there is a non-zero risk certainly makes me think a little bit. You summed it up well and the examples are spot on - this is why I immediately wonderd if developers here are publishing the source code on their customized versions. Ignoring the GPL angle, its just good to know it's out there if it is, and by the same token, also good to know if it's not out there.
I have another question to add. I love miui, and to my understanding miui is made by Chinese developers and it is not open source, it is just translated and ported to our devices. If it is not open source, is there anyway to know for sure?
I am a little bit wary of the security, although I love the rom. I trust all of the credible devs on xda, however I don't know anything about the Chinese devs developing miui. Would the devs porting miui be able to see the malware if it isn't open source
Sent from my ADR6400L using XDA App
It is definitely possible. I read a paper a while back that I've been referencing in my own research where some researchers compiled some kernel modules to do malicious tasks in the background without knowledge of the user, mind you this was on an open source linux based phone system similar to android. Basically compiled in root kits, which replacing your kernel/rom w/ a community developed system would result in possibilities of this occurring. The primary solution to preventing these things from ending up on your phone as well as keeping the Trojans and other malware on the android market come down to the same thing knowing your publisher and being careful what permissions you allow. Like stick to kernels/roms from reputable developers on XDA, and make sure your "movie player" doesn't have access to your SMS system and you'll be fine
Mind you my own research currently is in detection of malware/malicous code & anomalous behavior. As well as hopefully prevention techniques eventually.
or does anyone else feel like we dont have enough aosp love? I mean we have miui, cm7, had decks(went ghostbusters on us) and empiire(heard he got grounded for molesting his hard drive.) I understand theirs still kinks to be worked out but everything is Sense. Just wanted to see who else felt this way. PLEASE DONT COME IN AND START A PARAGRAPH WAR, I read enough in high school.
Temari x Shikamaru
Evervolv exists.
il Duce said:
Evervolv exists.
Click to expand...
Click to collapse
Link please. Ive been hunting it.
Temari x Shikamaru
Talked to shift on twitter yesterday, he said CM7 is being worked on. I honestly think what it is that people are happy with their phones just the way they are, so it brings less crowd. While it is smaller than the original Evo, there is still a pretty big following. Plus, this is just a US phone, so when comparing the Sensation with us is like apple and oranges. We just got mike and androidrevolution! Which is great.
Sent from my PG86100 using xda premium
PatrickHuey said:
Talked to shift on twitter yesterday, he said CM7 is being worked on. I honestly think what it is that people are happy with their phones just the way they are, so it brings less crowd. While it is smaller than the original Evo, there is still a pretty big following. Plus, this is just a US phone, so when comparing the Sensation with us is like apple and oranges. We just got mike and androidrevolution! Which is great.
Sent from my PG86100 using xda premium
Click to expand...
Click to collapse
Its not just US. Theres gsm models for overseas.
Temari x Shikamaru
The problem is, most AOSP ROM's(99.99%) are based off CM kernel source, so with no update to CM, there's no update to other AOSP ROM's. Many devs might want to wait until a few more bugs are worked out of CM before they start kanging. Once we get an RC1 or a stable CM release, you may see more AOSP love.
Can the gsm users get some aosp love? Any roms?
Sent from my Evo 3D GSM...bring on the AOSP!!!
housry23 said:
The problem is, most AOSP ROM's(99.99%) are based off CM kernel source, so with no update to CM, there's no update to other AOSP ROM's. Many devs might want to wait until a few more bugs are worked out of CM before they start kanging. Once we get an RC1 or a stable CM release, you may see more AOSP love.
Click to expand...
Click to collapse
This man is right. Most AOSP is done by Cyanogenmod devs and kanged from there. I can guarantee you when they come out with a CM7 RC, there will magically be other AOSP roms.
housry23 said:
The problem is, most AOSP ROM's(99.99%) are based off CM kernel source, so with no update to CM, there's no update to other AOSP ROM's. Many devs might want to wait until a few more bugs are worked out of CM before they start kanging. Once we get an RC1 or a stable CM release, you may see more AOSP love.
Click to expand...
Click to collapse
Your right. I forgot about that.
Temari x Shikamaru
housry23 said:
The problem is, most AOSP ROM's(99.99%) are based off CM kernel source, so with no update to CM, there's no update to other AOSP ROM's. Many devs might want to wait until a few more bugs are worked out of CM before they start kanging. Once we get an RC1 or a stable CM release, you may see more AOSP love.
Click to expand...
Click to collapse
I have complained about this over and over, and will continue to complain in multiple threads until more people see the point I make and support that. Using someone else's kernel and/or ROM as a base for their "new" ROM isn't all bad all the time. It is analogous to game development on a PC using another developer's graphics/game engine (only with permission and proper credit of course!!). It saves time, and in some cases help that particular engine to advance, but it slows down new technological advancement in the industry as a whole.
Developers need to start honing their skills, start attempting to bring a ROM to the public that they built from the ground up, that includes a kernel build from the ground up too. Doing this eliminates such a large collection of ROMs that are all essentially the same, and because of the open source nature of Android it brings new technological advances to the public faster. It also raises the bar, the standard. The public will begin to expect more out of Android, and this in turn creates more motivation for a newer, better Android.
I think some developers have lost sight of the purpose and nature of open source information and products. Instead of hijacking someone's source code, and using it as a base for a new ROM with a new name, and small amount of new features, development should be done that conforms to the original intent and purpose of open source. Work together with a developer that has created a ROM [from the ground up] that is most similar to the product you want to create. Improve the ROM as a team, make bug fixes and enhancement to the existing ROM. That is what open source was meant to do. This will prevent a forum list of 32 half assed roms, and replace it with 10 really good yet unique roms.
If you can't find an existing ROM, a Dev team that has different ideas of what make a ROM good, or there is no ROM that exists that is similar enough to your vision of the product then, and only then should you develop something new.
I realize my views aren't going to match up with everyone else, but I am sure a happy medium could be found that produces a situation better than what we have now. Thanks for letting me rant, and for reading my thoughts!
Sad Panda said:
I have complained about this over and over, and will continue to complain in multiple threads until more people see the point I make and support that. Using someone else's kernel and/or ROM as a base for their "new" ROM isn't all bad all the time. It is analogous to game development on a PC using another developer's graphics/game engine (only with permission and proper credit of course!!). It saves time, and in some cases help that particular engine to advance, but it slows down new technological advancement in the industry as a whole.
Developers need to start honing their skills, start attempting to bring a ROM to the public that they built from the ground up, that includes a kernel build from the ground up too. Doing this eliminates such a large collection of ROMs that are all essentially the same, and because of the open source nature of Android it brings new technological advances to the public faster. It also raises the bar, the standard. The public will begin to expect more out of Android, and this in turn creates more motivation for a newer, better Android.
I think some developers have lost sight of the purpose and nature of open source information and products. Instead of hijacking someone's source code, and using it as a base for a new ROM with a new name, and small amount of new features, development should be done that conforms to the original intent and purpose of open source. Work together with a developer that has created a ROM [from the ground up] that is most similar to the product you want to create. Improve the ROM as a team, make bug fixes and enhancement to the existing ROM. That is what open source was meant to do. This will prevent a forum list of 32 half assed roms, and replace it with 10 really good yet unique roms.
If you can't find an existing ROM, a Dev team that has different ideas of what make a ROM good, or there is no ROM that exists that is similar enough to your vision of the product then, and only then should you develop something new.
I realize my views aren't going to match up with everyone else, but I am sure a happy medium could be found that produces a situation better than what we have now. Thanks for letting me rant, and for reading my thoughts!
Click to expand...
Click to collapse
Damn. Such a long read. It was good though.
Temari x Shikamaru
knowledge561 said:
Damn. Such a long read. It was good though.
Temari x Shikamaru
Click to expand...
Click to collapse
I'm sorry, I originally had hoped for a much shorter post. I always try to get the thoughts in my head out "on paper" in the shortest, most efficient and least complex manner. This is my vision of a more free, "open source" world though. I think the freedom of information could be applied to many facets of society that would create a better future for all of us, and still preserve the competition that drives a more peaceful, better, cheaper, faster world. Sorry again!
Sad Panda said:
I have complained about this over and over, and will continue to complain in multiple threads until more people see the point I make and support that. Using someone else's kernel and/or ROM as a base for their "new" ROM isn't all bad all the time. It is analogous to game development on a PC using another developer's graphics/game engine (only with permission and proper credit of course!!). It saves time, and in some cases help that particular engine to advance, but it slows down new technological advancement in the industry as a whole.
Developers need to start honing their skills, start attempting to bring a ROM to the public that they built from the ground up, that includes a kernel build from the ground up too. Doing this eliminates such a large collection of ROMs that are all essentially the same, and because of the open source nature of Android it brings new technological advances to the public faster. It also raises the bar, the standard. The public will begin to expect more out of Android, and this in turn creates more motivation for a newer, better Android.
I think some developers have lost sight of the purpose and nature of open source information and products. Instead of hijacking someone's source code, and using it as a base for a new ROM with a new name, and small amount of new features, development should be done that conforms to the original intent and purpose of open source. Work together with a developer that has created a ROM [from the ground up] that is most similar to the product you want to create. Improve the ROM as a team, make bug fixes and enhancement to the existing ROM. That is what open source was meant to do. This will prevent a forum list of 32 half assed roms, and replace it with 10 really good yet unique roms.
If you can't find an existing ROM, a Dev team that has different ideas of what make a ROM good, or there is no ROM that exists that is similar enough to your vision of the product then, and only then should you develop something new.
I realize my views aren't going to match up with everyone else, but I am sure a happy medium could be found that produces a situation better than what we have now. Thanks for letting me rant, and for reading my thoughts!
Click to expand...
Click to collapse
The problem is that people don't always give credit where credit is due, which is one of the reasons some people don't like sharing stuff. I mean, let's say I made this awesome mod and let everybody use it. Then some kitchen dev comes along, kangs the **** out of it, doesn't mention me in his rom, and slaps a gigantic DONATE button at the bottom of his signature. It's frustrating.
Now I'm all about open source. I won't use a rom that doesn't post the source. That's the exact reason I won't use MIUI.
SolsticeZero said:
The problem is that people don't always give credit where credit is due, which is one of the reasons some people don't like sharing stuff. I mean, let's say I made this awesome mod and let everybody use it. Then some kitchen dev comes along, kangs the **** out of it, doesn't mention me in his rom, and slaps a gigantic DONATE button at the bottom of his signature. It's frustrating.
Now I'm all about open source. I won't use a rom that doesn't post the source. That's the exact reason I won't use MIUI.
Click to expand...
Click to collapse
I fully understand your frustration. I am a software engineer too so I know what you are going through. I have not yet begun developing for Android, but will. There is a little bit of a problem here that could easily be solved, and the community has a responsibility to protect the intellectual property rights that you and every other developer like you is entitled to. In fact it is a right that is protected by the integrity of the constitution of the united states, and many other countries and law enforcement around the world. This is a failure that not just developers, mods, and admins have, but a responsibility and failure that every user at xda shares no matter who they are.
First off; not to offend any MIUI developers that may be watching, but if you are developing for Android you need to be using a license that is open, and your source needs to be open too. This is especially true if you are using xda as a distribution medium, but sadly while xda has said they encourage, and want every development to be open source they are not forcing the matter. This is a failure I think. It also makes MIUI look suspicious too, as there isn't a way to verify if their source is uniquely theirs'. I personally believe xda should not allow software that is not open source to be distributed. If google didn't keep the open source principle when they acquired Android roms like MIUI would NOT exist! It is highly unethical to take the base ROM from google because it is open source, and then close the source. That is wrong wrong wrong! It is also illegal! You can not redistribute the Android OS even if you have made changes and then close the source and not maintain the software license google has on place.
Second; I believe as a user of xda it is your duty to maintain the integrity of the principles of xda, and Android. Don't support closed source works, voice your disgust so that xda sees the will of its users, that the over whelming majority wants things to remain open source. Tattle your ass off if someone has broke the copyright law and used someone's work without permission and credit.
It is important to keep both xda and Android running on the same principles it started with. Don't let this keep happening guys! This is very serious, a lot of developers are breaking the law doing what they are doing!
Sad Panda said:
I have complained about this over and over, and will continue to complain in multiple threads until more people see the point I make and support that. Using someone else's kernel and/or ROM as a base for their "new" ROM isn't all bad all the time. It is analogous to game development on a PC using another developer's graphics/game engine (only with permission and proper credit of course!!). It saves time, and in some cases help that particular engine to advance, but it slows down new technological advancement in the industry as a whole.
Developers need to start honing their skills, start attempting to bring a ROM to the public that they built from the ground up, that includes a kernel build from the ground up too. Doing this eliminates such a large collection of ROMs that are all essentially the same, and because of the open source nature of Android it brings new technological advances to the public faster. It also raises the bar, the standard. The public will begin to expect more out of Android, and this in turn creates more motivation for a newer, better Android.
I think some developers have lost sight of the purpose and nature of open source information and products. Instead of hijacking someone's source code, and using it as a base for a new ROM with a new name, and small amount of new features, development should be done that conforms to the original intent and purpose of open source. Work together with a developer that has created a ROM [from the ground up] that is most similar to the product you want to create. Improve the ROM as a team, make bug fixes and enhancement to the existing ROM. That is what open source was meant to do. This will prevent a forum list of 32 half assed roms, and replace it with 10 really good yet unique roms.
If you can't find an existing ROM, a Dev team that has different ideas of what make a ROM good, or there is no ROM that exists that is similar enough to your vision of the product then, and only then should you develop something new.
I realize my views aren't going to match up with everyone else, but I am sure a happy medium could be found that produces a situation better than what we have now. Thanks for letting me rant, and for reading my thoughts!
Click to expand...
Click to collapse
Or learn to code yourself and create roms from the ground up. Most devs do what they do for themselves first, and allow us to ride on their coattails. Not a bad ride if your like me and have no coding skills. Otherwise, I doubt your plea is going to convince a dev to do anything more or less then they do now, unless it interest them personally.
I do agree with you though. I'm coming from Android on the Touch Pro 2 where a small group of devs are building EVERYTHING from scratch. From the modems to the light sensor. It's a huge job done out of love for the hardware, for fun, and a passion for coding.
knowledge561 said:
Link please. Ive been hunting it.
Temari x Shikamaru
Click to expand...
Click to collapse
he links only via twitter posts and in his IRC, send him a tweet. iirc still in beta, but he does some nice ROMs
Serren said:
Or learn to code yourself and create roms from the ground up. Most devs do what they do for themselves first, and allow us to ride on their coattails. Not a bad ride if your like me and have no coding skills. Otherwise, I doubt your plea is going to convince a dev to do anything more or less then they do now, unless it interest them personally.
I do agree with you though. I'm coming from Android on the Touch Pro 2 where a small group of devs are building EVERYTHING from scratch. From the modems to the light sensor. It's a huge job done out of love for the hardware, for fun, and a passion for coding.
Click to expand...
Click to collapse
Thank you for your comment and support. I don't disagree with you. If you steal a loaf of bread to feed yourself, is it any less of a crime than to steal a loaf of bread to feed you and your family and friends? Or is it the same or worse?
I think either way it isn't ethical. People need to think less about themselves I think. I must reiterate and clarify so I am not misunderstood. I don't think it is inherently bad to be using a ROM as your base, but it is wrong to then close the source of a previously open piece of work and/or not maintain the original license, and give credit in every spot it should be given in. That would include its distribution, the license, the source code itself, and any where else that you put your own version, app info, and copyright notice. Am I wrong?
Sad Panda said:
I fully understand your frustration. I am a software engineer too so I know what you are going through. I have not yet begun developing for Android, but will. There is a little bit of a problem here that could easily be solved, and the community has a responsibility to protect the intellectual property rights that you and every other developer like you is entitled to. In fact it is a right that is protected by the integrity of the constitution of the united states, and many other countries and law enforcement around the world. This is a failure that not just developers, mods, and admins have, but a responsibility and failure that every user at xda shares no matter who they are.
First off; not to offend any MIUI developers that may be watching, but if you are developing for Android you need to be using a license that is open, and your source needs to be open too. This is especially true if you are using xda as a distribution medium, but sadly while xda has said they encourage, and want every development to be open source they are not forcing the matter. This is a failure I think. It also makes MIUI look suspicious too, as there isn't a way to verify if their source is uniquely theirs'. I personally believe xda should not allow software that is not open source to be distributed. If google didn't keep the open source principle when they acquired Android roms like MIUI would NOT exist! It is highly unethical to take the base ROM from google because it is open source, and then close the source. That is wrong wrong wrong! It is also illegal! You can not redistribute the Android OS even if you have made changes and then close the source and not maintain the software license google has on place.
Second; I believe as a user of xda it is your duty to maintain the integrity of the principles of xda, and Android. Don't support closed source works, voice your disgust so that xda sees the will of its users, that the over whelming majority wants things to remain open source. Tattle your ass off if someone has broke the copyright law and used someone's work without permission and credit.
It is important to keep both xda and Android running on the same principles it started with. Don't let this keep happening guys! This is very serious, a lot of developers are breaking the law doing what they are doing!
Click to expand...
Click to collapse
Let me preface this by saying that I agree with you..
However android is meant to be open source, the license that they use (Apache) does not require it.. The reason they chose the Apache license was to give people the freedom to choose (their words). So technically people like miui don't have to post source for anything other than kernel (which is GPL).
This link has some good info on it.
http://source.android.com/source/licenses.html
But even CM doesn't have to provide source, which in recent history they haven't while starting builds.. We can't demand source, when the licensing doesn't demand, but that doesn't mean we still can't prove direct kang. The reason I have android over anything else is the freedom it gives and the open nature of it.
Edit: and you should always credit someone if you are using their work, and also have their permission. I was referring to general source from android itself, not from each other.
_______________________
No d3rp left behind - ranger61878
The problem is, nobody wants to start a ROM from the ground up, and the people that do are already involved into team projects (CM/MIUI). It takes a long time to create a ROM from the ground up that utilizes all of a phone's hardware properly. Look how long it took CM to get 4G onto the EVO 4G, and that was a team of highly skilled individuals practically reverse engineering code to do it.
Now imagine all of the copy and paste kitchen users here trying to accomplish that. It just won't happen lol.
That's why we have pretty much the same thing in different colors. It kind of sucks, but hey, HTC did the majority of the work, and if something already works good enough, the average person will be fine with and use that.
Yeah, it does slow down the evolution and innovation of Android as a whole, but you have to put some of the blame on OEMs for pushing out 45 different phones a year. Nobody is going to be encouraged to create something from the ground up for a phone that will be replaced and obsolete by the time they're finished.
The G1 is the prime example of a great phone that got tons of developer support, tons of new things, and tons of unique ROMs. But that was the beginning, and I doubt that's ever going to happen again.
HTC all but pushed this EVO 3D out, and forgot about it. They've released a good 19 phones since then at the rate they're going, most of us will have moved on to the next one in a few months. Sad but true.
That is why I have stuck with and will probably continue to use a Stock ROM, modified to my liking and stripped. There isn't much else you can hope for. 3D has failed to really take off like HTC and the rest of us wanted. There is no motivation for any of the teams out there to focus on reverse engineering their ROMs to use 3D. MIUI to this day hasn't bothered with WiMAX and with good reason. Sprint all about blatantly announced its slow death in favor of LTE. It would have been a waste of time for the MIUI team to implement it. Kudos to Team Win and CM for gracing us with it on the EVO 4G. But, hindsight has probably made people mad that all of their time and energy went into something that's getting canned.
Alot of good points freeza. These are paragraphs I like to read.
Temari x Shikamaru
I am a high school student inchina, I want to become a Android developer, what should I do
Sent from my XT910 using xda premium
Hi,
If you're looking for information regarding development of ROMS, working on the actual Android operating system itself or developing hacks for the hardware, you are in the right place. XDA is an absolute goldmine of information regarding this. There are many many posts on how to cook your own ROM, how to use tools such as RSDLite and QPST; all you have to do is read inbetween the lines and dig a little deeper to understand how these tools could be used for your own purposes (retrieving/modifying Android system files for example) and you are well on your way.
If you are looking to develop Android apps and games, then take a look here and here. The reason I link to a Java Beginners site is that Android development can be done in Java, and it is a fairly good, solid language for anyone who has not previously used object orientated programming techniques or ever developed deployable applications before.
I hope this helps a little as a starting point. There is so much more I could write here but I'm not going to - as a developer, you will run into issues that people aren't going to be able to answer to you as these issues are going to be unique to you and you alone. That means you are going to have to go off and research these issues either via Google or searching online resources (such as XDA).
Ok, I want to make this as straight forward as possible, but give you the details you are curious about.
Let me start by saying that personally, I, and only I, have been creating this conceptual idea of Android on the desktop since March 2013. This is my soul here, and I have been, for over a year, trying to bring this to light for everyone. But that is not the easiest thing to do.
I have page after page, PSD after PSD of ideas written out all over the place for how Android on the desktop will work, full of redesigns and structures. But it is going no where for one reason.
I need coders.
I have 4 - 5 people preparing soon enough to get started on developing. My main coder and adviser, has found something, which I cannot speak of here, that makes developing this idea so easy and pretty smooth. We have a lot of this mapped out already, but we need a team to make this happen. You must trust that what we have planned here will be the next big thing. This isn't just a knock off, this is what it is meant to be. Do not worry that "Android was created for phones and tablets" as we have over looked that minor idea and moved past it already.
What we have planned will work without a doubt. But we need you; rom developers, those who know what they are doing and have knowledge in python, c or java, either one.
I have someone offering me to put this on their hardware which will be released in the fall, I have a few people interested in this, but the problem is, no one can touch it because it isnt in a workable form. Maybe a minor form, but not enough for you to touch.
I want to show you a fraction of the work I've done, which I've posted on XDA
I would also like for you to check out the G+ group and join if you have G+.
Also if you are a ui/ux/icon designer, by all means please help me out. This is a pain to do by myself.
But, please contact me and I will bring you in with the small group of people we have, we would be more than happy to have you.
Thanks for looking.
Hi,
I'd like to get some very important info from Remix OS dev team.
Users unrelated to the dev team or with no android-x86 OS dev experience, please DO NOT attempt to answer these questions.
Could you please make a thorough guide on how to report bugs, suggestions, feature requests and hardware incompatibilites?
Which tools should we use to report bugs or hardware problems - be precise please. Current feedback form seems very modest and inefficient.
Except for bug description and device info should we provide a full logcat, dmesg, per-app logcat - please point out the most effective way to report this stuff.
Where should we post feature requests or suggestions?
I personally think, that e-mails or forum threads are really inefficient for this. I'd recommend using Uservoice service (https://uservoice.com) or something familiar . Example of uservoice usage in practice: https://touchpal.uservoice.com/ There are plenty of web services like these and they are very powerful and efficient.
Perhaps there is a web service that would help making an official list of supported hardware?
Remix OS, Android-x86 and Phoenix OS all base pretty much on the same ground here, so they could share same list, but none of these actually has a nice, neat tool to report supported hardware. Except for a list of officially supported devices, it's a total mess.
I know that ChromeOS with android apps support and upcoming Android releases may be groundbreaking for whole Android-x86 related projects, but if we mobilize ourselfs and use all resources efficiently, I'm pretty sure Remix OS can become very popular and liked. Devs - help us, users, help you achieve that.
Right now it seems like you don't really care about other devices compatibility or about what people may report. If you did, you would provide better tools for that in order to do your work more efficiently. Don't take it as offense, it's just cirtical point of view.
Please optimize that - this will help speed up the development process and community contact a ton.
Please reply Remix OS, Jide, @RemixOS_Cameron , @RemixOS_Guannan , @RemixOS_Jason , @RemixOS_Josh , @RemixOS_Joshua , @RemixOS_Valentina , @AmoraRei
Hey Ventricle,
Thanks for the message and the suggestions!
Currently:
We have the help center setup for general inquires as well as leaving technical feedback here: http://support.jide.com/hc/en-us/requests/new
We also have a google form specifically set up for Remix OS for PC users: https://docs.google.com/forms/d/1WMRbcwDqcoZ1vyUq68AJKCYvXBGvUIEvbgHhuySrUUc/viewform
On products like Remix Mini, clicking on the power options will allow you to "Report a problem" and then "Submit feedback". This will also send a user log along with the report.
We also actually read through almost every one of these threads for bug reports and feature requests. As for hardware incompatibilities, we accumulate a list based on the comments here as well as in our google group (https://groups.google.com/forum/#!forum/remix-os-for-pc). However, these incompatibilities are much trickier to tackle as the hardware configurations are so varied and diverse.
However, I will admit that the user feedback process can be better. We'll work on a more streamlined process, write up an easy to follow guide and then we'll post it here in XDA as well as other channels.
Thanks again for your comments. We clearly need the support of our user community as we grow. Sometimes, in the process of growing as a young company, processes need to keep getting better or else we fall behind. Appreciate the reminder and I'll drop you a note after we've created the guide.
Best,
Jason
@RemixOS_Jason that's great, thanks. I'm looking forward to your actions.
A little overhaul in this part of Remix development can have a powerful impact and spare so much time both for the devs and the users.
Wysłane z mojego Nexus 4 przy użyciu Tapatalka
@RemixOS_Jason I've just checked how feedback for Phoenix OS looks like and they're ahead of you! Anyway, this is what I think is better than just e-mails, forms and forums - http://www.phoenixos.com/feedback/page/1
Unfortunetly they don't have everything translated to English yet, but I hope this will change.
Just a suggestion from my side.
UPDATE:
Phoenix is definitely not ahead, so I take my words back. The feedback page is still a mess and all bushy (Chinese).
Ventricle said:
@RemixOS_Jason I've just checked how feedback for Phoenix OS looks like and they're ahead of you! Anyway, this is what I think is far better than just e-mails and forums - http://www.phoenixos.com/feedback/page/1
Unfortunetly they don't have everything translated to English yet, but I hope this will change.
Just a suggestion from my side.
Click to expand...
Click to collapse
I fail to see how that is any better that Jide's feedback forms form1/form2 or the submit a request
That page from PhoenixOS looks just like a nonsensical mess that there team would need a crystal ball to decipher what the posters 'issues' are.
HypoTurtle said:
I fail to see how that is any better that Jide's feedback forms form1/form2 or the submit a request
That page from PhoenixOS looks just like a nonsensical mess that there team would need a crystal ball to decipher what the posters 'issues' are.
Click to expand...
Click to collapse
It's true that the page looks a bit chaotic and as if people don't suggest anything useful (technical) to devs - but THATS BECAUSE THERE ARE NO GUIDELINES. And of course it looks like alpha state feedback page which isn't even translated to English yet. The description text area in Remix feedback form is like those suggestions on Phoenix feedback page - it's simply bad, because it doesn't hint people how they should describe things and what should be mentioned.
I didn't say Phoenix feedback is perfect, I'm only suggesting what direction is good in my opinion. TouchPal uservoice page looks awesome and you can see that devs read these reports and they let you know wheter they will add something or fix it. Also it lets community decide which things should be dealth with first - by upvoting them.
The forms you mentioned seem quite inefficient to me (except the booting problems one - it's great) - you can only describe a bug or a problem, you can't attach any error files and the forms don't ask what camera, audio, bluetooth devices you have. What's important - after you send it, you will never get a notification about anything coming to life - you can only hope that the next OS release will include fixes you need.
I've spoken to few devs and they usually need logcats dmesg files and as much HW info as possible. This form is just too poor to provide nice information and a gazzilion of people can report the same thing.
Instead, I'd rather visit f.e remixos.uservoice.com search if someone has the same problem as me and then if I find it, I'd upvote it and maybe add a comment. In other case, I'd post a new "ticket" following specially written guidelines on how to report/suggest stuff.
To sum up, feedback needs:
1. Guidelines on how to report (error files, which apps to reproduce etc.)
2. Anti-redundancy filter - upvoting existing feedback reports
3. More direct contact with devs - by them replying to feedback when it's a major or very popular issue (then it's not a waste of dev team's time, because it's like replying to hundreds or thousands of people) and ITS PUBLIC.
4. After a new version of system is released, the devs should also point volunteer testers to what they should focus on in testing.
Trust me, this may seem like devs will have to focus on community instead of real work, but actually if this is better designed and more efficient, they will eventually spend way less time on it then they might now.
Also using Google Groups to get to the community is a mediocre measure in my opinion. I get that it's free, has google class stability and requires almost no time to maintain or set up, but it's hugely inefficient, chaotic and inconvenient.
Remember, I only want to help improve Remix, so I suggest what may be better. I'm on Jide's side, specially now when they have Android-x86 founder working with them.
Ventricle said:
Hi,
I'd like to get some very important info from Remix OS dev team.
Users unrelated to the dev team or with no android-x86 OS dev experience, please DO NOT attempt to answer these questions.
Could you please make a thorough guide on how to report bugs, suggestions, feature requests and hardware incompatibilites?
Which tools should we use to report bugs or hardware problems - be precise please. Current feedback form seems very modest and inefficient.
Except for bug description and device info should we provide a full logcat, dmesg, per-app logcat - please point out the most effective way to report this stuff.
Where should we post feature requests or suggestions?
I personally think, that e-mails or forum threads are really inefficient for this. I'd recommend using Uservoice service (https://uservoice.com) or something familiar . Example of uservoice usage in practice: https://touchpal.uservoice.com/ There are plenty of web services like these and they are very powerful and efficient.
Perhaps there is a web service that would help making an official list of supported hardware?
Remix OS, Android-x86 and Phoenix OS all base pretty much on the same ground here, so they could share same list, but none of these actually has a nice, neat tool to report supported hardware. Except for a list of officially supported devices, it's a total mess.
I know that ChromeOS with android apps support and upcoming Android releases may be groundbreaking for whole Android-x86 related projects, but if we mobilize ourselfs and use all resources efficiently, I'm pretty sure Remix OS can become very popular and liked. Devs - help us, users, help you achieve that.
Right now it seems like you don't really care about other devices compatibility or about what people may report. If you did, you would provide better tools for that in order to do your work more efficiently. Don't take it as offense, it's just cirtical point of view.
Please optimize that - this will help speed up the development process and community contact a ton.
Please reply Remix OS, Jide, @RemixOS_Cameron , @RemixOS_Guannan , @RemixOS_Jason , @RemixOS_Josh , @RemixOS_Joshua , @RemixOS_Valentina , @AmoraRei
Click to expand...
Click to collapse
Hey Ventricle,
Again, thanks for your comments on our communication channels. I've consolidated our feedback channels into their core functions and how one can access them. In short, we're constantly trying to improve so we'll take a step back and evaluate how this can be done better. As of now, here is the short guide on how to communicate with us most effectively:
Feedback/bugs channels
Remix OS for PC: Google form: https://docs.google.com/forms/d/e/1FAIpQLSeqaTBTPzHgjwUKtn08zUDusKTYXQtG8mLczmo7D6bDgd_17A/viewform
Remix Mini: Go to power options, select â??Report a problemâ?
Remix Ultratablet: Go to power options, select â??Report a problemâ?
Feature requests/suggestions
Help Center: http://support.jide.com/hc/en-us/requests/new
Official list of supported hardware
Remix OS for PC
Google group: https://groups.google.com/forum/#!forum/remix-os-for-pc
Thanks and I hope this helps,
Jason
Could we have a development road map somewhere please? I would like to know what the devs are working on and where we are heading. I would like to know what to expect in a future release. At least what's the plan in general terms. I feel it's a bit too quiet when we talk about future releases/versions/patches.
Still no improvement?
@RemixOS_Cameron , @RemixOS_Guannan , @RemixOS_Jason , @RemixOS_Josh , @RemixOS_Joshua , @RemixOS_Valentina , @AmoraRei
Still no improvement in how you gather feedback and still no guidelines for reporting issues and giving the feedback. Why is that? This is as important as education is for a country - no education means slow or no development.
If you invest just a little more effort and time into what I suggest, I guarantee you huge improvement in feedback value and that will result in faster development. Also this will truly involve users in the development and make them want to support the idea even more.
If you don't like the Uservoice methods then I suggest you making a seprate repository on GitHub called f.e Remix OS feature requests, Remix OS problem reports, Remix OS hardware incompatibilities etc.
In these repositories, people could make Issues that your actual devs could assign to future builds or at least they would acknowledge them - people would actually feel like devs really read their feedback!
This way, people would also be able to sign under existing issues instead of duplicating them. Just like here:
https://github.com/FortAwesome/Font-Awesome/issues/878
Look just how awesome this can be:
https://github.com/FortAwesome/Font-Awesome/issues
I honestly can't understand why you neglect this part of Remix OS.
It's beyond my imagination how a company like this uses such inefficient feedback tools.
I know you use Zendesk for feature requests, but doesn't it have an option to make requests public? It'd avoid duplication of requests. Maybe it's possible to view all reports; both feature requests and problem reports? But users just don't know about it?
It could be so much better with the tools I mentioned. Come on... use them!
Please reply and let me know what you think of my suggestions.
dag u done tagged everybody ?. I see u and I forward ur message.
Ventricle said:
@RemixOS_Cameron , @RemixOS_Guannan , @RemixOS_Jason , @RemixOS_Josh , @RemixOS_Joshua , @RemixOS_Valentina , @AmoraRei
Still no improvement in how you gather feedback and still no guidelines for reporting issues and giving the feedback. Why is that? This is as important as education is for a country - no education means slow or no development.
If you invest just a little more effort and time into what I suggest, I guarantee you huge improvement in feedback value and that will result in faster development. Also this will truly involve users in the development and make them want to support the idea even more.
If you don't like the Uservoice methods then I suggest you making a seprate repository on GitHub called f.e Remix OS feature requests, Remix OS problem reports, Remix OS hardware incompatibilities etc.
In these repositories, people could make Issues that your actual devs could assign to future builds or at least they would acknowledge them - people would actually feel like devs really read their feedback!
This way, people would also be able to sign under existing issues instead of duplicating them. Just like here:
https://github.com/FortAwesome/Font-Awesome/issues/878
Look just how awesome this can be:
https://github.com/FortAwesome/Font-Awesome/issues
I honestly can't understand why you neglect this part of Remix OS.
It's beyond my imagination how a company like this uses such inefficient feedback tools.
I know you use Zendesk for feature requests, but doesn't it have an option to make requests public? It'd avoid duplication of requests. Maybe it's possible to view all reports; both feature requests and problem reports? But users just don't know about it?
It could be so much better with the tools I mentioned. Come on... use them!
Please reply and let me know what you think of my suggestions.
Click to expand...
Click to collapse
@Ventricle - After receiving your message, I shared your suggestions with our PMs, engineering team and customer support. Long story short is, they are trying to work out the feasibility, the timing and the execution of your suggestions. Although I cannot confirm at this time if and when these changes will be made, I can tell you that it's not something they haven't thought of. It does come down to the internal planning, human resource allocation and execution. Thus, please give me a few days to reply to you about your suggestions. Thanks again for pushing us to improve!
Jason
Sure thing @RemixOS_Jason ,I understand it completely. Just you saying that gives the community the sense that improvements are coming.
I'm looking forward to your follow up on this issue.
Some high hopes there!
Cheers,
Karol
UPDATE:
Got a very informative and valuable quote from @RemixOS_Jason here:
RemixOS_Jason said:
@alz_uk - Wow! It's pretty clear you have it in your mind that we are quite an evil, greedy company! Not sure if I can make a dent in your opinion, but I thought it prudent to give you a transparent answer:
As @Vioner and other users have pointed out to us, they'd like to see a different user feedback system. However, we designed it because we in the International (meaning outside of China) PR, marketing and customer support team is two full time staff and 2 part time interns. This means that our resources are limited.
Thus, the way the system is currently designed is for us to:
1) gather feedback - this is what this form is for: https://docs.google.com/forms/d/1cZNesOmnmO2esilFpvMzFZ874rvwsiKgWIX2fo9QsDk/viewform
2) organize the feedback regularly - once a week, my colleague organizes all the feedback into topics and sections and prioritizes them based on volume of reported bugs, issues, and compatibility with specific devices. This includes issues like the audio over HDMI, black screen, Wi-Fi, Bluetooth, gaming, app specific, etc. Device specific is numerous, but consider this: currently we support roughly 65% of the PCs out in the wild. This means that there will be 35% of the PCs that just don't work for one reason or another yet. That also means that for every person with a PC that doesn't work, there are around 2 people whose PC does work. With a small dedicated engineering staff as well, we try to tackle these issues from a platform point of view. Thus, you've seen in some updates the fact that we worked on GPUs that were vendor or brand specific, rather than only tackle one specific set of hardware components in a reported device. This is where the feedback form helps us to gather data so that we focus on fixing the issues that affect the widest range of users first.
3) send the feedback to the engineers - when it reaches the devs, they tweak our prioritization order based on what's feasible and what's not in the short and long term. Thus, you can be certain that we know about outstanding audio issues (we all dogfood our prodcuts and so, there are colleagues who's Remix OS for PC machines also don't have audio coming out). However, if we haven't update with this fix, you can be certain that whatever we've tried haven't passed testing, or is in the process of testing. Thus, there are two layers of what we do with feedback: count them, and then see which ones we can actually fix.
4) The fixes we do come up with must pass internal and external testing.
5) If they do pass, they are put into updates.
The installer issue was pretty simple. Most 3rd party installer do work, but as we gathered feedback from back in Remix OS for PC based Lollipop, our product manager noticed a trend where some of the OTA issues were due to 3rd Party installers. Thus, we put out the message that we couldn't promise that 3rd party installers would work 100% to support future OTAs.
Releasing fixes take time because they need to be tested. If a fix worked for some, but might cause issues for others, we don't release that fix for a stable release. Let's take the black screen issue during installation as a case example. We gathered around 65 users' emails who had this issue during installation. When we had a fix, we sent out emails and a testing ROM just for these folks with the potential fix. After around a week, most reported that their issue was fixed and that they didn't experience any other significant issues after being able to boot Remix OS (outside of some minor app compatibility issues). Thus, after a few more days of testing internally in parallel with this tester group, we rolled into that update. If you didn't see the fix applied in an update yet, it's probably because it didn't pass testing internally, or with their related testers, meaning though some folks' issues got fixed, many did not, or it caused other significant issues.
With limited resources, we do tackle issues from a platform (CPU, GPU, broadcom wireless chip, etc.) and not focus on your device, or his device or her device specific. We also work with the patches that are given out by the Android-x86 team (of which their founder, Chih-Wei Huang actually is our tech lead on Remix OS for PC) as can be evident by the update that integrated their latest release (rc2). In fact, we are small enough as a startup that we welcome our user developers assistance. So much so that I'm trying to work on making GitHub a place where interested developers can work on projects with us (where applicable since most of Remix OS is closed source). This is how much we actually need your development help!
In the end, I beg you to consider that people in general post 4-7 times more likely if they have outstanding issues, and not because we fixed any of their issues. Thus (and I know this all too well as the manager of our forums here) it can seem like everything is terrible, that Remix OS for PC just doesn't work for anyone and that no improvement has ever been made, ever. However, I just need to remember that for every 1 person with an issue that we're still trying to resolve, there are many more where the fixes we've implemented have made a difference.
As a startup, having the amount of users we have is a blessing. As a startup, having the amount of users we have with the limited resources, I mean engineers and folks like myself who communicate with the community, has been challenging. But, I ask that instead of giving up on us or spiting us for being a "mind game" playing, evil, greedy company, that you work with us to make a difference.
It wasn't that long ago that we had users who called us out on forums and tell we needed to improve our feedback system, and they're right. I'm working on improving it to offer more transparency into the process without increasing our workload to the point where it's not sustainable. Those same users who called us out are now working with us to improve through our Ambassador program. So, the challenge is, can you help us rather than just spite us? Running a startup in the industry we're in isn't easy, but it's something we're passionate about. Clearly we can still get better. Please help us.
Thanks,
Jason Zheng
Head of International PR, and Community Management at Jide Technology
I'm also frequently on our Facebook page and Twitter page
Click to expand...
Click to collapse