Keyboard Network Access? Privacy Concern? - Android Q&A, Help & Troubleshooting

Can someone who's done keyboard development based on the AOSP keyboard please tell me if keystrokes are sent to Google to assist with word prediction, etc? If not, why else does the Google keyboard need full network access? I know there's a local Android dictionary that works even when a device is offline but there seems to be enhanced typing functionality when a device is online (at least using the closed-source Google keyboard).
If keystrokes are being sent to Google, isn't that perhaps a privacy concern? Presumably even your passwords to non-Google accounts could be sent to, and stored by, Google and associated with your device/account/email/etc. I know there have been reports of keyboards sending every keystroke to mysterious servers in China. Is Google doing the same thing with AOSP or the Google keyboard?

Interesting, I'm also curious about this issue, it would be nice if one of the devs replied. For what bizarre reason should a keyboard application have network access? Currently I'm using CM 13, whose stock keyboard is the open source AOSP keyboard. Among its permissions, there are: "download files without notification" and "view network connections". Does anybody know if it sends keystrokes "anywhere" outside the phone? If it did, it would be a massive security problem, think about passwords for example. Plus, is there any difference between the "AOSP keyboard" and the "Google keyboard", especially regarding this issue?

Related

[Q] Do using CyanogenMod make it possible to not associate your phone to Google?

I was thinking about buying an Android smartphone since I have a >4yr old Nokia, but I would like to use a Phone without a 3rd party account that syncs with Apple/Google whatever and send everything I do on my cellphone to them. I would like to think as "like a Linux machine, but with a SIM card".
Meego is dead, iPhone I can't install what I want, so I'm stuck with Android. I've read somewhere that when installing CyanogenMod, it doesn't ask for a Google Account. Is it true? Can I use it without associating it with Google? (I know I won't have access to Marketplace, but I can live with that). I'll use the smartphone mainly for webbased mail, dont need facebook/twitter/gmail/maps, and will sync all contacts locally.
Even if I don't associate my phone with google, is it going to send "data for better experience" like app usage, gps location and such using an unique identifier from my cell phone to google?
(I tried to search 'cyanogen "google account" on search, but couldn't find an answer. Sorry if this is a duplicate :/)
Technically, you wouldn't need to asscoiate any rom with Google as long as you don't enter a gmail address. Also, some roms don't come with gapps, allowing you to utilize the phone without any Google apps installed. Cyanogenmod is one of those roms. I suggest checking out the developer page for the various phones you're considering and seeing the type of roms they offer.
Sent from my PC36100 using XDA App

[Q] Android stock SMS client SIP support

Tried searching these forums, other forums, the internets and can't find anything - which leads me to think maybe this is a stupid question for some reason, but I don't understand why
I'm experimenting with SIP/VOIP on my Android device (Galaxy Nexus).
I'm using the SIP account settings in the stock dialer app, this works fine for dialing/voice.
The issue is there are no similar SIP settings for the stock SMS client...
is this simply a feature that was not added for some reason?
is there a technical reason why this is not possible? (other third party clients support it)
or can the stock SMS client use SIP and I just can't figure it out?
Thank you kindly for any help, and for your patience.
Did you ever find a answer to this? I'm going through the same process right now and this seems to be a stumbling block. Thanks,
I too have been looking for ways to make this work.
I've read that vanilla SIP itself doesn't support SMS but with extensions it does, so first check with your VOIP provider, then with your SIP app/client. (though these were random forum comments not necessarily from experts, as is this one). Also note that some providers or apps do this "properly" with (as I gather) something called SIP MESSAGE extension, some do it with HTTP push and pull requests behind the scenes. (E.g. some elaboration on reddit "sip_and_sms" - sorry I can't post links)
My provider les.net, claims to have this working with Asterisk (full PBX software : - (, with Bria (paid SIP client), and with CSipSimple (open source SIP client).
So even though my provider doesn't "support" or document it, I first tried it with the native Android SIP client but I still get the "Currently can't send your message. It will be sent when the service becomes available." message (even when SIP calls are working).
And even with one of their suggested clients, CSipSimple, I set it up exactly as they document and I still get the same "Currently can't send..." message.
So anyone else more expert than me, please chime in if you can!!
...and yes I know this is a bleeping old thread.

[Q] Privacy question

Was going to download and try this app from the Google store but have issues with privacy concerns:
This app has access to these permissions:
Your accounts
read Google service configuration
find accounts on the device
use accounts on the device
Your location
approximate location (network-based)
precise location (GPS and network-based)
Your messages
read your text messages (SMS or MMS)
receive text messages (SMS)
access mail information
Network communication
full network access
view network connections
view Wi-Fi connections
Your personal information
read calendar events plus confidential information
Phone calls
directly call phone numbers
read phone status and identity
Storage
modify or delete the contents of your USB storage
Your applications information
retrieve running apps
Your social information
read your contacts
read call log
System tools
read Home settings and shortcuts
write Home settings and shortcuts
test access to protected storage
Affects battery
control vibration
Status bar
expand/collapse status bar
Wallpaper
set wallpaper
adjust your wallpaper size
Click to expand...
Click to collapse
Why does this app need to access so much of my personal information?
Yearoftherat said:
Was going to download and try this app from the Google store but have issues with privacy concerns:
Why does this app need to access so much of my personal information?
Click to expand...
Click to collapse
Hi,
As you know, Themer helps increase the user experience by providing valuable information straight onto your homescreen.
This includes:
1. Displaying how many unread emails/SMS/missed calls you have. (Your messages
read your text messages (SMS or MMS)
receive text messages (SMS)
access mail information))
2. Displaying your map coordinates on a map image. (Your location
approximate location (network-based)
precise location (GPS and network-based))
3. A built-in dialer app that can display your recent contact as well as allow you to call a number directly from your homescreen. (Phone calls
directly call phone numbers
read phone status and identity) (Your social information
read your contacts
read call log)
4. Display agenda information. (Your personal information
read calendar events plus confidential information)
As you can see, it's all for display purposes. If you look at other widgets on the Play Store that perform the same activities, they will also require these permissions. It just so happens that Themer has all of these features built into one app. Hope this helps clarify the matter.
Thanks for the clarification. Looking forward to trying out the app!
I have the same concerns, beginning with the need to login before using any themes. (The explanation given in the faq seems too lame for me). Looks like a terrific app but possibly not for those who worry about privacy. I'm personally too scared to try it.
One option to explore is using this app with xprivacy installed which allows one to restrict unneeded permissions. Maybe a firewall might help?
Anderson2 said:
I have the same concerns, beginning with the need to login before using any themes. (The explanation given in the faq seems too lame for me). Looks like a terrific app but possibly not for those who worry about privacy. I'm personally too scared to try it.
One option to explore is using this app with xprivacy installed which allows one to restrict unneeded permissions. Maybe a firewall might help?
Click to expand...
Click to collapse
Hi Anderson2,
That FAQ actually sums it up quite well. The login feature creates a security barrier for us, which even though is not the most advanced way of preventing intrusions into our theming servers, it does a good job in finding people who are trying to tamper with our systems. That and of course sending users email updates of new features if they request it.
When exactly do you need login? Just to download themes? After the download can one log out? I don't like the idea that you have access to my emails, texts, and any files your widgets access. That is what concerns me.
I don't know enough about themer because I'm afraid to use it, but I believe your zooper widget doesn't require login. (Does it?) Can you explain how they differ in the need for protection?
I have to say that I share those concerns. Why do you force users to login with their Google or Facebook accounts? I do not understand why this should be a better securitry barrier than the login data from mycolorscreen.com? I would not even give away my login data to someone I know, so why should I give away this data to someone I do not know at all???
Well said.
+1
shibadoo said:
I have to say that I share those concerns. Why do you force users to login with their Google or Facebook accounts? I do not understand why this should be a better securitry barrier than the login data from mycolorscreen.com? I would not even give away my login data to someone I know, so why should I give away this data to someone I do not know at all???
Click to expand...
Click to collapse
Yet you log in to this forum and use it.
The explanations have been given. It's to ensure you are who you say you are when you access their servers to download the themes.
As for all the other access, Themer provides a lot of different information as explained (you DID read what he posted, correct?) GPS position, weather, etc. All of this is based on location, etc, as well as if you want unread email counts, etc. It's all there in Themer given you everything all rolled into one app, rather than having to download each piece separately. If you don't like it, don't use it. Thousands upon thousands of users are using it without any issues. I definitely like to protect my privacy, but this app is the least of your worries about privacy.
There are many other problems that could result if they didn't want you to verify who you say you are. Do you want someone to hack their servers and then you download a hacked theme that could result in even more privacy issues for you?
In the end, if you don't want to use it, don't. Nobody is forcing you to use it and they have every right to protect their investments as well. There are plenty of other apps out there you can use that can provide the same type of experience. Usually, the themes are not housed in a server so you can download them from elsewhere, but unless you're getting them from Google Play, then who is to say how safe those are? Many 3rd-party app stores are NOT the safest as they do not follow Google's security policy. At least with Themer, it's in the Google Play market and has had to go through Google's scrutiny.
A few weeks ago, the app was erroneously flagged as something that could steal your information. Google came back later and stated it was an error on their part and verified that the app is safe and it will not steal your information.
I've used it for months and nothing bad has happened to me.
There are many other ways for hackers to get your PI and this is the least of your worries.
vulcanvillalta said:
As an American, and therefore afraid of everything, I personally vote to not give out so much information. But on the other hand, IF someone wanted to get all of your information, they could probably do it without your consent. I would probably stay away from it, though. Just to "try" to be safe.
Click to expand...
Click to collapse
Once Facebook introduces its anonymous login feature, our developers will implement the feature into Themer
iBolski said:
Yet you log in to this forum and use it.
Click to expand...
Click to collapse
Yes, I do use this forum, but of course I do not log in with my Google account. There would be no reason to do so - same goes for Themer. I would have no problem if Themer would ask for my login data from mycolorscreen.
iBolski said:
The explanations have been given. It's to ensure you are who you say you are when you access their servers to download the themes.
Click to expand...
Click to collapse
You think you know who I am because I enter some data that nobody ever controls? I could simply enter some Google account data I created only for Themer. But honestly, this is too much effort for me only the check if I like an app.
iBolski said:
As for all the other access, Themer provides a lot of different information as explained (you DID read what he posted, correct?) GPS position, weather, etc. All of this is based on location, etc, as well as if you want unread email counts, etc. It's all there in Themer given you everything all rolled into one app, rather than having to download each piece separately. If you don't like it, don't use it. Thousands upon thousands of users are using it without any issues. I definitely like to protect my privacy, but this app is the least of your worries about privacy.
Click to expand...
Click to collapse
What exactly has GPS and weather to do with my Google Account data? I do not share GPS data with Google, so I would not with Themer as well. And for a weather forecast I would simply type in 5 numbers - my zip code. This is exactly what I do right now.
iBolski said:
There are many other problems that could result if they didn't want you to verify who you say you are. Do you want someone to hack their servers and then you download a hacked theme that could result in even more privacy issues for you?
Click to expand...
Click to collapse
And because the people at Themer have may account data, nobody can hack their servers? So the solution to all hacked servers worldwide is so simple? Just giving them Google account data?
iBolski said:
In the end, if you don't want to use it, don't. Nobody is forcing you to use it and they have every right to protect their investments as well. There are plenty of other apps out there you can use that can provide the same type of experience. Usually, the themes are not housed in a server so you can download them from elsewhere, but unless you're getting them from Google Play, then who is to say how safe those are? Many 3rd-party app stores are NOT the safest as they do not follow Google's security policy. At least with Themer, it's in the Google Play market and has had to go through Google's scrutiny.
Click to expand...
Click to collapse
Yes, I do not use it. This is the consequence.
iBolski said:
There are many other ways for hackers to get your PI and this is the least of your worries.
Click to expand...
Click to collapse
So what should be my worries if it is not giving away voluntarily my Google account data to someone I do not know???
And you forgot something: I know at least 5 people that use their Android phones without a Google account, and they also do not use Facebook. Believe it or not: these people do really exist, and they even survive without a Google and a Facebook account.
So for me there is no credible information why the people at themer need my Google account data, and why this should protect them from being hacked. Or why my Google Account data should be safer than my mycolorscreen account data. This is why I will not use themer and would not recommend it to others.
shibadoo said:
Yes, I do use this forum, but of course I do not log in with my Google account. There would be no reason to do so - same goes for Themer. I would have no problem if Themer would ask for my login data from mycolorscreen.
You think you know who I am because I enter some data that nobody ever controls? I could simply enter some Google account data I created only for Themer. But honestly, this is too much effort for me only the check if I like an app.
What exactly has GPS and weather to do with my Google Account data? I do not share GPS data with Google, so I would not with Themer as well. And for a weather forecast I would simply type in 5 numbers - my zip code. This is exactly what I do right now.
And because the people at Themer have may account data, nobody can hack their servers? So the solution to all hacked servers worldwide is so simple? Just giving them Google account data?
Yes, I do not use it. This is the consequence.
So what should be my worries if it is not giving away voluntarily my Google account data to someone I do not know???
And you forgot something: I know at least 5 people that use their Android phones without a Google account, and they also do not use Facebook. Believe it or not: these people do really exist, and they even survive without a Google and a Facebook account.
So for me there is no credible information why the people at themer need my Google account data, and why this should protect them from being hacked. Or why my Google Account data should be safer than my mycolorscreen account data. This is why I will not use themer and would not recommend it to others.
Click to expand...
Click to collapse
You describe me exactly. I don't use my Google account to login anywhere, don't use Facebook, have phone GPS and location turned off, only enter zip code for weather, turn off sync everywhere, use a firewall, xprivacy, etc. - - and Google only thinks it has my info.
Everyone I know who is not a teenager or addicted to Facebook does the same.
vulcanvillalta said:
If you use fake names etc and are vague about your location, no, google doesnt have your name. But what about your IP address. They can tell that your pseudonym is performing functions from the specific location you are in. You might not GIVE them your name or address, but with the IP address linking you to a specific internet connection, they certainly can figure out who you are and where you are, if they want to.
Click to expand...
Click to collapse
Which is why I don't want to help other sites identify me by giving them my Google login. Not everyone has Google capabilities.
The points made in defense of keeping your personal information private (and not using your Google login for Themer) are valid and understood.
However, Themer is not designed for that type of mindset.
Themer is designed for the overall market - the vast majority if you will - not for privacy advocates.
It's simply a tool that allows the general Android user base (the FB'ers, Google +'ers, i.e. Socialites) to easily login to an app designed to make their phones look cool. Most of the functionality of the Themes are far more invasive than your Google login anyway (GPS coordinates, access to text/email notifications, call logs, etc) so I really don't see the point of wildly waving your arms around saying "privacy breach! privacy breach!"
Don't use it. Cool. I'm OK with that. I'm sure they are too. But why complain about it? What is the goal? Surely you cannot think they will redesign the app for you.
So really, you're just posting on XDA to aggravate the devs. I mean, what launcher doesn't have access to all of your info? It's like complaining that a specific model of car has a license plate that can be used to identify you. Guess what? All cars do. Take the bus bro
Anderson2 said:
Which is why I don't want to help other sites identify me by giving them my Google login. Not everyone has Google capabilities.
Click to expand...
Click to collapse
But your phone can still identify you. You are still logged into the internet via your carrier's internet and they can definitely get who you are on the phone.
You might as well just stay off the internet completely then.
And, if you're going to stay off the internet, then why have a smart phone? You're already identified out there through your carrier. If they breach your carrier account, they have all sorts of information right then and there, more so than Google would have. Think about it. Your billing address, etc.
Don't think for a minute that your carrier is completely safe. Even Verizon has had breaches.
vulcanvillalta said:
Like I said above, IF PEOPLE WANT YOUR INFORMATION, THEY CAN GET IT. There are nasty identity thieves out there that can find all of your information SOOOO easily. So easily. So whether or not you use an app or make a phonecall or whatever, you can still be traced and you can still be monitored and your information can still be acquired. I'm not trying to be a downer, but you can either accept that you are at the mercy of whoever wants to stalk you, or you can spend the rest of your life worrying and trying to protect yourself from something you literally have no control of.
IMHO, if you can use the app and it would benefit you, you might as well enjoy it.
Click to expand...
Click to collapse
Not sure why you quoted me bro, I'm on the same page you are.
IT need to display some information about your phone

[Q] Secure Contacts Manager/Address Book (with db encryption) [Android]

I am looking for a secure contact (and related misc. information) manager/phone-address book that encrypts the database and protects its records from other apps as well as in case of the phone being lost. This is for Android.
I've been looking for such an app for quite some time and in various sources. I found some people asking for something similar, but with no answers. I also found some "secure wallet" programs that could almost do the trick, except that they store secure information but no people's contacts. While, of course, I can record phone numbers (and addresses) in a free-note format, that wouldn't allow easy dialing of those numbers, or easy copying of the addresses to the navigation apps (Google Maps, Waze, etc.).
None of the contacts managers I found offer encryption/protection.
I couldn't find any discussion about this type of app. I am surprised why nobody is interested in such an app. Or am I just looking in a wrong way?
Do such apps exist?
I have been looking for the same thing.
So far the only thing I have found is essential pim pro app. It uses it's own encrypted database to save the contacts. It also can share the contacts through an account in Android 6+ (not sure how secure that feature is)
There was a very old personal information manager app that had very few permissions that might also work but I have not used it in 4 years and forget the name(not could I find it when I searched Google play)
So I'm still looking for a open source app that is very similar.

Question Cannot search Contacts Notes field?

Hi everyone!
Just got my Nord 2.
In general really satisfied (hope it doesn't explode)!
Anyway, coming from a Huawei I miss the really useful feature of being able to search through your contacts using the Notes field.
This way you do not have to bloat the contact's name or other fields with ugly information. You could just write it down in the Notes field and when you search it, it appears.
Unfortunately, this cannot be done with the Google contacts version embedded in the phone latest firmware v11.3
It is possible on the web version of Google contacts and in other 3rd party Android apps and other phones as well.
I find this feature missing quite annoying.
Has anybody any different experience with this?
UPDATE:
It seems this is a bug with Google Contacts and Phone app with the Greek Alphabet I am using. This is not the case when using Latin alphabet. Everything works normally then.
Also in the Phone app search actually uses the Notes field when written in Greek but ONLY IF it is an EXACT MATCH including capital letters

Categories

Resources