GO Launcher seems to be the "go to" launcher of choice for many people, including well read, influential online publications, like lifehacker. I can't bring myself to trust GO Launcher EX though. Outside of the eye candy and polished interface, its aggressive pushing of its own storefronts, apps, libraries, and widgets, many of which request unusual permissions like log file access and root, leaves me feeling that it's very liberal with what it does with any information it collects or tries to collect.
To confirm my suspicions, I whitelisted the launcher in Droidwall and monitored the connections and packets it sent out using Android Network Log .
What I found wasn't all too surprising and honestly not that different from most of the fun "free" apps on the marketplace that phone home and monetize user data. It's just that GO Launcher is phoning home to servers in Bejing, as well as a Chinese operated personalized content delivery network (ChinaCache) with servers in the US (essentially the Chinese counterpart to our Akamai). Many of the packets were directed to 69.28.54.217, which is a ChinaCache Los Angeles CDN server. I'm sure those hundreds of packets was all very intredasting data that gets sent to Beijing, too. Which is why one of 3G.cn/GO Launcher's employees has a linkedin page, one where she obviously forgot to confer with her company's marketing/PR department prior to candidly listing some of her responsibilities which include, verbatim, "data mining". lol. I'm very sure it's to 'serve personalized ads, quality products, and actionable data to high value customers', but still, the writing is on the wall. With how active Chinese companies are in tailoring the online footprint/reputation of their products and software on various websites, I'm sure that linkedin page will be taken down or revised.
Western corporations that broker information vs state influenced Chinese corporations that broker information. While I view both as not the most trustworthy entities in regards to my privacy, I do feel that there are at least some restrictions that could be theoretically enforced to limit the scope of the data shared by corporations in the West.
While I can easily block outbound packets and revoke permissions from GO Launcher EX, I just don't feel like I want to bother using it anymore.
ADWLauncher EX, my main launcher on several of my Android devices, does not generating any outbound traffic and there are no indications that it is collecting or selling my data. A much friendlier option to privacy, in my opinion.
Should I be this paranoid? Should you? I was surprised that I didn't see too much information about GO Launcher's data collection on the web, so I thought I'd share. Thoughts?
Just stick with adw launcher. I use sock launcher to save battery but it is what you prefer to use so sick with it.
~-~-~-~-~-~-~-~-~-~-~-~-~
Phone: Samsung galaxy s2 t989
Rom: Jedi knight 6 4.0.4
Kernel: Jedi kernel 2
-~-~-~-~-~-~-~-~-~-~-~-~-
and you thought celebrities weren't smart. =P
Not paranoid at all. Good info, thanks for sharing.
Sent from my SAMSUNG-SGH-I997 using xda app-developers app
Very detailed and helpful post. I have always felt this about GO products, but thanks for doing your research and making it publicly known.
Sent from my Desire HD using xda premium
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
zelendel said:
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
Click to expand...
Click to collapse
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
MifuneT said:
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
Click to expand...
Click to collapse
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
of course you can, but I prefer Apex
zelendel said:
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
Click to expand...
Click to collapse
Didn't know that. Never used their products but shouldn't that be enough to merit a ban from XDA? Bugless Pete was booted for less (source code issues but nothing as malicious as a keylogger).
We need solid proof and they will be.
Batcom2
zelendel said:
We need solid proof and they will be.
Batcom2
Click to expand...
Click to collapse
With the aggressive number of "updates" they immediately push once you install one of their products or add ons, I don't imagine it shouldn't be too difficult to find something of interest to confirm or deny suspicions. I did find it odd in that GO SMS thread that there were some mentions of whitelisting GO SMS to prevent AV from interfering with it.
I'll see about installing GO on one of my spare devices and routers after work, along with something like wireshark, so I can analyze packet data. This isn't something that I'm too familiar with so it may be a little bit while I re-acclimate myself to the program. If anyone is more familiar with packet analysis and wants to run tests alongside, it can build a stronger case for or against the dev.
Bump. I use go sms, so I would really like to know if this app is doing any other malicious things.
Sent from my XT720 using xda premium
good thread, :good:
anyway i hate this launcher since the day i have an android device.
its tooooooooooo overloaded with useless things.
its my opinion,i prefer apex,adw or holo.less wheight in data,ram,battery usage and looks more cool as the parishilton go launcher a.....s........ssss.lol.
Well, I'm running cm9, and for whatever reason, it won't let me download picture messages with the stock messenger. I actually use google voice for my texts, but that doesn't get mms. Go sms is the only thing that actually let's me download the pictures that get sent to me, so I just use it for that specifically.
Sent from my XT720 using xda premium
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
marhensa said:
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
Click to expand...
Click to collapse
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
sashank said:
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
Click to expand...
Click to collapse
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
frankgreimes said:
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
Click to expand...
Click to collapse
Exactly. I used Go Launcher EX & Go SMS Pro a lot on CM7. They were good till they became creepy. And most of the services were opt-out not opt-in. That's sucks.
Sent from my Nexus 7 using Tapatalk 4
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
NapalmDawn said:
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
Click to expand...
Click to collapse
Not sure, but just to be safe I'd stay awake from anything by the Go Dev Team. Too shady for my taste.
I want to disable the E911 on my phone. People if you dont agree keep it to yourself. I want to disable it. It should not matter why I want to especially not on site designed for people customizing the hell out of their phone. If you think I am paranoid I think your a sheep.
Can anyone actually provide some beneficial help towards my goal.
Maybe being a little more nice will get you your answer. You get more flies with sugar than vinegar.
Sent from my SCH-I500 using xda premium
Do you want to just disable E911 or disable all phone functionality? I haven't seen any way to just disable E911 on any mobile device. By default, every manufacturer puts stuff in that lets 911 locate your phone, and there is no way to disable it in software or hardware without basically stripping the software of its phone functions.
If you are still interested, and want software that strips this phone of all phone services and apps (including E911) try the GeeWiz Media ROM
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Sippi4x4man said:
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Click to expand...
Click to collapse
lol sippi, idk about the OP's reason for this, but ive personally seen people i know last week disable e911 on their phones (through ways like the Geewiz media rom+software mods) to do a drug dealing of all things, little did they know what u said was true and they were tracked not only by 911, but also by the stupidity of leaving my app (SMS Tasks) on their phones, leaving the person who ratted them out (not me but they did know their pass phrase), gave their phone to the local authorites and gave them the command [email protected]****** and with the version my app had on it (unofficial build), it located them with google-maps link that was clicked and gave a perfect track (because the people had gps on of all things), thus leading to the arrest (i personnaly felt good about it cause if i didnt make that app (SMS Tasks) they would be on the loose for a little bit longer causing who knows what cause the police officer said that they were having trouble tracking them with the e911 system for a "unknown error reported" as they told him so idk if it was a glitch with the tracking in my area's e911 or they acually disabled whatever it is that makes them track you (please dont reply with what it was just to be safe), but my app acually lead to an arrest =) so by what i saw i think there might be some workaround, or just a glitch, im not encouraging it one bit, but i know personally that there was at least one person capible of doing it (again unless it was a glitch in their system) =S
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Domush said:
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Click to expand...
Click to collapse
its acually a function of the app, not invasion of privacy, my app is open-sourced on my gitbub as-is for the app's released versions, thats locate command is one of the listed features on the thread, i update the github more then the thread but all the commands are safe, it was just some clever ideas for them to use my app to solve a criminal case thats all, as for the "business transaction and otherwise victimless crime" heroin and drug dealing is highly illegal in this area where it took place at, and the now ex-girlfriend of the guy was a victim from it because before he got out to buy it he beat her black and blue... >=( theres nothing funny about drug dealing making it a "victimless crime" as its a nuicence in our society no matter how many "benefits" people say it has, as for my app its clearly states in the thread for you to keep your pass phrase a secret, as he didnt, and all the commands+usage are all on there and clear warnings for the potentially dangerous commands, but the version he had on his phone was a newer beta test version that uses google-maps links instead of general GEOLocation area. all that was done was completely legal, and not abuse of my app or permissions as it still gives people to where it tells who sent the message in the tracking menu (by phone number) since its a new feature in my beta tester version so it did give full telling who it came from. but ive already been given warnings by the police from an earlier situation with the same people on the same kind of activity about regulations on tracking without consent, so i had to add that prompt to show who initiated the tracking, and am working on a button that will stop it remotely. so until i can comply with the regulations, while keeping it stable, i havent been able to update the app with them untill i get the new tracking system with prompts stable, but to do all that with the new systems i have in the app it needs to be installed in CWM recovery cause the system-app Reboot permissions, and better GPS/wifi Toggling
sorry if it seems like im ranting, im truly not, but that situation was really personally to me and i felt like what i did was the right thing, not a "abuse of permissions app", or to "incarcerating someone for a business transaction and otherwise victimless crime.", as it was more for the fact that he beat her and then he want to do an illegal activity
Wow, Im sorry for the long delay. I had switched phones and forgot all about this thread. I appreciate ALL who provided input. I still dont like the idea of it, but it doesnt bother me as much.
Not sure how far back...
Preexisting rom file from pre-e911 might work
Hello.
I am here seeking for help and advice on how to approach the development of a security framework (via APP or via hacked Android ROM to be used by kids, that could be monitored by adults (parents or legal tutors).
The idea would be to develop a (white hat) hacked ROM, that would allow the kids to communicate with their friends, but also would allow their parents to supervise/monitor in real time what their children are doing, who are they communicating with and that way protect their children. The thing is not to spy on our kids, but to be able to check regularly if there is anything wrong going on with our kids (mobbing, insults or harassment). Kids aged (10-14) could be influenced by other kids, adults, or adults simulating being kids, and on some occasions they can be tricked to do things without their parents consent/knowledge that can lead to a tricky situation.
When I was a kid, we had the telephone (wired telephone, of course) on the middle of the hallway, so all our conversations were basically family-public. The truth is that there are not many secret things a 10yo kid could/should talk about, but nowadays, it could be a little bit worrying to lend a smartphone to a kid. I think it's just as letting a kid drive a car; he can do it right, or not be able to evaluate the whole consequences of driving a car.
Talking to other parents around me, they all found very interesting the idea of having a telephone that one could lend to their son, having the kid available all the time, and with the peace of mind that you could know what's going on. Of course the kid should be aware of this, and that the telephone comms are being supervised. I think it's no big deal. "Kid, it's very simple. The telephone is mine, and if you want to use it you have to use it under my terms".
Probably, all of us working for a company, have also our communications supervised, cannot make personal phonecalls with the company's telephones, probably cannot navigate to webs looking for personal content, and we asume those rules (because neither the company's phones nor the computers are ours but our company's). It's basically the same, switching the company-employee role to a father-son one.
So, let's get to the point (technically). I am a tech-geek, linux pro-user, have compiled a few ROMs just for personal use, but don't feel capable enough of starting a project of these magnitude alone. If there is anyone willing to help, opine, or whatever, will be very welcome.
First of all, APP or ROM? I basically think that the ROM is the way to go, but I'm asking just in case someone can convince me on the contrary. I will make a poll on this question.
APP An APP could be easily downloaded and installed but would require a rooted phone, and I don't see it clearly if an APP could resolve all the needed issues (access to communications for example) and could be fairly easily uninstalled too.
ROM On the other hand, a ROM would be trickier to uninstall (basically flashing another ROM) but wouldn't be as easy to install as an APP (though the installer model of cyanogenmod could be kind of a solution). There could be an universal (if possible) independent flashable module, over whatever android ROM, or an entire ROM solution.
Features that I want to develop in this ROM (by the way, I call it 'Vigilante ROM'):
Suitable for as many devices as possible
Web interface for parents available to see device-related information
Some hack-proof measures to avoid kids bypassing the ROM's security
Alerts triggered on some events (offensive words, whatever)
Position of the mobile -just in case-
Suitable for as many devices as possible
The first thing I though was what platform should be used for this ROM. To select Android over others (iOS, Blackberry, W7) was a no-brainer. Now, the question is should we use pure Android or make a CyanogenMod fork?
In my opinion, even though every phone maker has to supply their ROM sources publicly, they usually introduce so many modifications (HTC Sense, Samsung Touchwizz and so on) that it looks more difficult to develop a common security framework over each manufacturer's version of Android, rather than using a more standardized one like CyanogenMod.
CyanogenMod already works with a wide number of devices (and a wider one if you count the unofficial supported devices), I think CyanogenMod should be the base of this ROM. If all the 'things' needed could be flash on top of any Android device, would be even better, but technically I need help with this one.
I understand that basically there should be an internal proxy setup, so that all the communications go through this internal proxy, and based on the kind of communication, we could log whatever we need. For example:
Visited URLs
Whatsapp or other messaging apps should be decrypted
Incoming/Outgoing calls/SMS
Social network activity
I know the Whatsapp protocol because I'm familiar with a project called WhatAPI. The key point to be able to intercept whatsapp messaging is a key generated and exchanged during the app install (although there are ways to later ask the Whatsapp server to renegotiate this keyword) and that's used later to encrypt all the messages between the phone and the whatsapp server.
Web interface for parents available to see device-related information
Behind every kid with a smartphone there should be a responsible adult supervising the kid -even if it's remotely-. In my idea, logs of messaging activity, incoming/outgoing calls/SMS and even the position should be available to the supervisor through a web interface.
Some hack-proof measures to avoid kids bypassing the ROM's security
That's an easy one. CRC checks on some keyfiles would guarantee that the device is not being 'counter-hacked'. Some kids are also very techie, and we should make some defences against kids trying to hack (counter-hack?) the phone.
Alerts triggered on some events (offensive words, whatever)
It could be interesting if somehow the supervisor could receive a notification whenever the kid sends/receives and offensive word, or tries to enter some special tagged website.
Hello,
First of all I would like to say that I'm completely new to android (except for the occasional dabblin on a friends phone) so please go easy on me. I am tech savy, but just never had anything to do with this platform, due to my not so nice opinion of google...
I am on blackberry passport and am/was a loyal bb customer with all that follows. But please I do not wish to start android vs bb vs ios etc thread. It is a matter of taste in the end.
So long story short, never had anything to do with IOS or android as I prefered BB for security, productivity and slimeline OS. However due to recent BB swithc to android and priv (which id god awful imho) and apparent abandonment of OS10 i am faced with increasing frustraton over current passport usage as it is more and more laggy problematic every day. So seeming that bb has abandoned os10 I have finnaly decided that perhaps it is a time for a different platform.
I am considering getting the oneplus 3.
So my questions are:
- What kernel and ROM to flash? I explicitly do not want anything to do with google or google services, i do not have gmail and have no intentions to open one. I do not use any service connected to google, no cloud sync, no FB, no instagram etc.... I want my phone google free, bloatware, spyware, ads free, cloud sync free etc. so basically I want as much control over what is installed as possible, with preferably NO personal info shared to any service.
- What is the most open source build? (coming from a viewpoint that google is evil, apple too.. I am putting my trust in the open source community) - replicant project peaked my interest, but the supported phones are too old and too few. I would be extremely pleased tho, if sth like this existed for newer phones.
- Encryption is a must, both of memory and communication (pgp)
- advanced app permission control is a must
- if there exist sth like BB hub or other similar true multitasking option even better
to put it simply, what custom rom and kernel to flash to get the most secure, opensource, google and similar companies free phone with maximum control over os and no to minimum personal info shared.
I would very much appreciate if you could point me in the right direction. As i said no experiance with android, but am quick learner and tech savy. so no need to dumb it down for me.
Thank you !!