Related
Hi,
Stock ROMs aren't really trustworthy by default (e.g., phandroid.com/2014/11/06/carrier-iq-settlement).
Some manufacturers' devices aren't really trustworthy, even with stock ROMs removed (e.g., theepochtimes.com/n3/830922-chinas-xiaomi-smartphones-may-be-spying-on-you).
Cyanogenmod went donwhill:
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where your product or device is used so that we can better understand customer behavior and improve our products, services, and advertising.
Click to expand...
Click to collapse
(from cyngn.com/legal/privacy-policy) They started on this path long ago, but I won’t go there now.
I would like to buy a new Android phone. I won’t have national secrets on it, but I still don't want any Google-style spying. Assuming I don't add GApps, is Paranoid Android a good choice for me? Does it respect the privacy of its users? Does it contain any components that would ever connect anywhere to trunsmit any information like GApps do. Obivously, I'm not talking about user initiated events.
One more thing, does it have a permission manager? Ideally, something that allows the user to choose for each permission for each apps whether real, fake or blank data is shared, but a bit cleaner than XPrivacy.
Thanks!
We don't track users or data in the ROM. The only thing that will initiate a connection is with the OTA app, when it connects to our API and asks for any updates. ( you can control this by just turning off the OTA app checks for updates within the app)
Pirateghost said:
We don't track users or data in the ROM. The only thing that will initiate a connection is with the OTA app, when it connects to our API and asks for any updates. ( you can control this by just turning off the OTA app checks for updates within the app)
Click to expand...
Click to collapse
Excellent. This is the exact response I was hoping for. Thank you.
For anyone that is reading this,I encourage you to get Google's attention for this utter nonsense and join together to show some backlash against these changes.
I found out about this because I was neglecting to update some listed apps because the changes of the apps weren't worth the update yet.
Recently I noticed a few of the apps I know had updates to them mysteriously vanished from the updates list on my Android Shield TV Pro (2015),which is still on Nougat OTA 6.3, and I couldn't figure out what was going on for a bit.
So when I found out they were suddenly listed as incompatible on Google Play via an already installed Opera for Android web browser that I commonly use,I had to message the app developers.
One of those apps I helped brainstorm a few features for ,so I am fairly acquainted with one of the devs more than the other app developers that I also notified via e-mails.
Turns out,they have to go through some new survey/review garbage now in order to pass a test designed for the most lax Shield TV users (users that never side-load anything and never use a keyboard on it,or users who only use a small number of apps).
Sorry if this offends any users that don't do a bunch of extra things on their Shield TV,its Google messing with Android TV again which causes more extensive users to suffer.
The attached image shows what stuff every app must do in order to become "eligible" to be accessible on a Shield TV.
That means,any abandoned old app that was previously listed more-or-less or any app that the developers don't want to update to make it compatible or "eligible" or any app that the developer is too lazy to even bother with making it compatible again will be locked away from proper updates if they were previously listed on Google Play as compatible for being possible to install/update directly.
The biggest problem in all of this mess is that anyone on the Oreo update is stuck with that stubborn and extra difficult untrusted app sources change that makes it basically impossible to install many apps due to them failing to show up in the list that comes up for allowing you to install each app that you wish to side-load.
I encourage anyone that reads this to help get Google's attention for this utter nonsense and give them some backlash.
Hi all, I have finally had enough of Apple (and planned obsolescence!). I have never used Android before, got myself a Galaxy Tab S and once I learn how to use it well, I will be dumping my faulty iPhone in favour of a Galaxy phone as well.
I bought a used Tab S with 4G in lovely condition. Just turned it on and it says Insert Sim. I skipped that and it said "Many features will not work without an active Sim".
Therefore the first question I have is how much to read into that message?! Do I believe it? I don\'t plan on using a data Sim, only want to use WiFi. Will the Tab S work just fine without a cellular SIM or is it going to give me constant errors and problems? If the latter I may have to sell it in favour of a non SIM version. Any advice appreciated. I quite like the idea of being ABLE to use a data SIM if I want to some time, hence why I bought it.
Second question is I DESPISE Google and all the tracking stuff. I use a VPN much of the time. A friend of mine has a Galaxy Tab and said I should "root" the device. Can anyone tell me the main benefits of doing so? I am trying to work out how necessary is it (as I am short of time so won't do it unless it will give me benefits). I intend to use VPN and try my best to prevent google tracking what I watch on youtube, what searches I do, and just about anything else I can. I also notice that for Earth and Maps to work, I obviously need to let it know my location (which I don't generally like doing but understand the trade off and will do it in this case). Is there a way (perhaps via rooting) to enable GPS location sharing without feeding GOOGLE my whereabouts (i.e. using other map software instead of Google's)?
I am blown away by the quality of this device. thanks for anyone who has time to offer their thoughts on the above. Thanks
Welcome to the real world, Neo!
SIM Card allows having such things like mobile data (this works just the same as the iPad LTE) and voice calls from a tablet (this feature is unique to Android - you can make voice calls just like it is a big phone, using either built-in mic and speakers or via Bluetooth headset). If the SIM is not inserted, there will be no problems - you can safely dismiss the warning.
Regarding the Google-free experience and rooting. Rooting is direct equivalent to iOS jailbreak. Both result in getting root shell (# or uid 0).
To root the Tab, you must flash the CF-Autoroot via Odin: https://www.theandroidsoul.com/root...10-5-lte-sm-t805-one-click-cf-auto-root-tool/ This is for 10.5 LTE aka SM-T805, for 8.4 LTE aka SM-T705 the instruction is similar: https://www.theandroidsoul.com/root...-8-4-lte-sm-t705-one-click-cf-auto-root-tool/
Also it is good to flash the TWRP recovery after you get root to get a rich recovery environment helping you to backup and restore your device, flash custom ROMs etc.nMore info here: https://twrp.me/FAQ/
Dont hesitate to ask questions once they arise.
---------- Post added at 02:28 PM ---------- Previous post was at 02:12 PM ----------
Ph, and forgot to mention Google free experience. Once you get root, you can debloat your stock ROM but I'd advise flashing a LineageOS ROM for newer Android version and latest security patches. Also, Google services are not present by default in LineageOs but can be flashed separately. However, I am already more than a year without Google services and apps.
For example, I use K-9 Mail + OpenKeychain from F-Droid open-source app market to use GMail with OpenPGP support.
F-Droid is the primary marketplace app having opensource applications. For closed-source apps available on Google Play, the open-source Google Play client app named Yalp Store offers the same functionality as play market but not requiring Google services.
Youtube client I use is Newpipe, opensource app available in F-Droid. There are other clients too, like SkyTube.
Google Maps can be replaced by OsmAnd+ - an opensource client for OpenStreetMap infrastructure, again available from F-Droid app store.
Office application suite I recommend is Hancom Office - it is free for Samsung devices, and it processes documents faster than Office365.
Also, I made it work on LineageOS and other custom ROMs.
I use Brave Browser as a primary Web browser, as it is opensource app based on Google Chromium code but heavily de-Googled and having some cool features like embedded ad-blocker.
Hope this helps you a bit.
gellmar said:
Welcome to the real world, Neo!
SIM Card allows having such things like mobile data (this works just the same as the iPad LTE) and voice calls from a tablet (this feature is unique to Android - you can make voice calls just like it is a big phone, using either built-in mic and speakers or via Bluetooth headset). If the SIM is not inserted, there will be no problems - you can safely dismiss the warning.
Regarding the Google-free experience and rooting. Rooting is direct equivalent to iOS jailbreak. Both result in getting root shell (# or uid 0).
To root the Tab, you must flash the CF-Autoroot via Odin: https://www.theandroidsoul.com/root...10-5-lte-sm-t805-one-click-cf-auto-root-tool/ This is for 10.5 LTE aka SM-T805, for 8.4 LTE aka SM-T705 the instruction is similar: https://www.theandroidsoul.com/root...-8-4-lte-sm-t705-one-click-cf-auto-root-tool/
Also it is good to flash the TWRP recovery after you get root to get a rich recovery environment helping you to backup and restore your device, flash custom ROMs etc.nMore info here: https://twrp.me/FAQ/
Dont hesitate to ask questions once they arise.
---------- Post added at 02:28 PM ---------- Previous post was at 02:12 PM ----------
Ph, and forgot to mention Google free experience. Once you get root, you can debloat your stock ROM but I'd advise flashing a LineageOS ROM for newer Android version and latest security patches. Also, Google services are not present by default in LineageOs but can be flashed separately. However, I am already more than a year without Google services and apps.
For example, I use K-9 Mail + OpenKeychain from F-Droid open-source app market to use GMail with OpenPGP support.
F-Droid is the primary marketplace app having opensource applications. For closed-source apps available on Google Play, the open-source Google Play client app named Yalp Store offers the same functionality as play market but not requiring Google services.
Youtube client I use is Newpipe, opensource app available in F-Droid. There are other clients too, like SkyTube.
Google Maps can be replaced by OsmAnd+ - an opensource client for OpenStreetMap infrastructure, again available from F-Droid app store.
Office application suite I recommend is Hancom Office - it is free for Samsung devices, and it processes documents faster than Office365.
Also, I made it work on LineageOS and other custom ROMs.
I use Brave Browser as a primary Web browser, as it is opensource app based on Google Chromium code but heavily de-Googled and having some cool features like embedded ad-blocker.
Hope this helps you a bit.
Click to expand...
Click to collapse
Crikey!! Can't thank you enough for the time and effort there, what a great welcome to the other side
I confess most of what you said went straight over my head, ROMS and such like, but I will learn as there are clearly some great tips in this post.
So - fine without SIM, cool thanks.
Flashing - gonna take some time to learn but I think the link you posted is what I need, I have the SM-T800
So Lineage is an OS, is that right? And it comes free of Google bloatware/spyware?
I can't believe there are ways to view youtube and maps etc without giving Google your retinal scan. JUST what I hope to do!
Brave Browser - not heard of that, was gonna look for Firefox or Waterfox and set it up myself with RTC discabled, Ublockorigin etc etc (if poss) but maybe don't need to now as Brave sounds built to do what I want already.
Thanks again, great post
marrteee said:
Crikey!! Can't thank you enough for the time and effort there, what a great welcome to the other side
I confess most of what you said went straight over my head, ROMS and such like, but I will learn as there are clearly some great tips in this post.
So - fine without SIM, cool thanks.
Flashing - gonna take some time to learn but I think the link you posted is what I need, I have the SM-T800
So Lineage is an OS, is that right? And it comes free of Google bloatware/spyware?
I can't believe there are ways to view youtube and maps etc without giving Google your retinal scan. JUST what I hope to do!
Brave Browser - not heard of that, was gonna look for Firefox or Waterfox and set it up myself with RTC discabled, Ublockorigin etc etc (if poss) but maybe don't need to now as Brave sounds built to do what I want already.
Thanks again, great post
Click to expand...
Click to collapse
Strange the T800 has no dedicated SIM slot, it is WiFi only. T805 does have a SIM card though. You can check it opening Settings - Phone info. Also you can use the dialer to enter a magic code *#1234# to get info about your firmware (pay attention to PDA and CSC values). Would be good if you provide these here before you start any flashing.
LineageOS is a community built distribution of Android OS (like Ubuntu or Debian are GNU/Linux distributions) with some additional tweaks like Privacy Guard (a framework giving you control about permissions application ask, like a consent or denial to read contacts, GPS location, phone number etc). Full disclosure: I am an official maintainer of LineageOS for SM-T805 and I belong to the team creating LineageOS for other devices on the same chipset, like SM-T800, SM-T705, SM-T700, SM-P600 etc. There are also ResurrectionRemix ROM based on LineageOS and also there are de-bloated stock ROMs based on latest available Android 6.0.1 official factory OS. The official LineageOS is based on Android 7.1.2, and there is a (not very stable) 8.1.0.
I was a long-term fan of Firefox on Android (and I still am on PC!), but Chromium engine is twice as fast on our tablet (90.08 for Brave vs 45.04 for Firefox in browser benchmark)
SORRY! The seller called it a T800 but I checked and yes it's a T805.
I am SO busy at the moment with work and family stuff, not sure when I can get round to this and it looks like I have a lot of learning to come which I am dreading a bit with my schedule as it is! Don't suppose there is any chance someone (if not yourself) on this forum offers any kind of service? By that I mean, I post the Tab with cash to cover the job, and someone roots it and does the things you have mentioned then post it back? Probably a bit too much wishful thinking, but if you don't ask.......
marrteee said:
SORRY! The seller called it a T800 but I checked and yes it's a T805.
I am SO busy at the moment with work and family stuff, not sure when I can get round to this and it looks like I have a lot of learning to come which I am dreading a bit with my schedule as it is! Don't suppose there is any chance someone (if not yourself) on this forum offers any kind of service? By that I mean, I post the Tab with cash to cover the job, and someone roots it and does the things you have mentioned then post it back? Probably a bit too much wishful thinking, but if you don't ask.......
Click to expand...
Click to collapse
This can be done remotely via TeamViewer - you can be around and follow my commands like press home button etc. The rest is done via ADB on PC side. But write me in PM next week - I have some things to do that I promised before.
That's too kind of you. Not sure if you mean Teamviewer with the actual device or another computer. I am in no hurry at all. My device is factory stock right now, been reset and I am not doing anything with it for now.
Thanks again
I don't suppose (given your knowledge of privacy issues etc) you know of a secure alternative to Skype? I am talking mainly about a desktop app. I have researched many times over the past year and it seems to me that every time something decent gets going, they get shut down or just close down without much explanation. Sure seems suspicious in some cases. Best I could find was ViPole, which is good although has some weaknesses. I can't believe nobody has made something that can do the basic stuff Skype can do! (text, video/voice, screenshare and file share). It's so simple by today's standards! Of course plenty of options until you get to P2P or encryption, then there seems to be nothing which actually works very well at all! Just in case you know of anything?
marrteee said:
I don't suppose (given your knowledge of privacy issues etc) you know of a secure alternative to Skype? I am talking mainly about a desktop app. I have researched many times over the past year and it seems to me that every time something decent gets going, they get shut down or just close down without much explanation. Sure seems suspicious in some cases. Best I could find was ViPole, which is good although has some weaknesses. I can't believe nobody has made something that can do the basic stuff Skype can do! (text, video/voice, screenshare and file share). It's so simple by today's standards! Of course plenty of options until you get to P2P or encryption, then there seems to be nothing which actually works very well at all! Just in case you know of anything?
Click to expand...
Click to collapse
Look for Signal and qTox.
Thanks. Tried and still use Signal, although it's got some flaws and not at all sure I trust the privacy side. I really need screenshare too which it doesn't have.
qtox and utox i have tried, tried all the tox chat programs. Completely buggy and unusable. Nice and secure though , which makes it a shame they can't make the software work properly! notifications dont work, cam, calls completely broken. unusable.
I looked at variuos others but it's all going over to apps for smartphones and tabs now, I want a desktop app. Maybe Skype through VPN would help a bit, but not ideal!
Thanks again
marrteee said:
Thanks. Tried and still use Signal, although it's got some flaws and not at all sure I trust the privacy side. I really need screenshare too which it doesn't have.
qtox and utox i have tried, tried all the tox chat programs. Completely buggy and unusable. Nice and secure though , which makes it a shame they can't make the software work properly! notifications dont work, cam, calls completely broken. unusable.
I looked at variuos others but it's all going over to apps for smartphones and tabs now, I want a desktop app. Maybe Skype through VPN would help a bit, but not ideal!
Thanks again
Click to expand...
Click to collapse
To accelerate the process of bringing up the quality of opensource projects, one must at least report the bugs timely. Have you filed a feature request? We all donate either our money, or our time to the community. Some of us donate both
Ha, yes I do make reports whenever I spot anything. I am talking to one of the developers about it but I don't see it getting fixed as the impetus seems to have gone and no way they will add screenshare I dont think. I will try though yes, least I can do in the hope that someone produces something useful but not "in bed" with the government!
Need some feedback from the community. What the title says. I can download Hulu on Windows 11/10 (desktop computer with unlocked processor and root permissions of the OS) and watch everything through my account but with Android P6P rooted, it's a PAIN IN THE ASS to watch hulu through the app.
I just don't understand the logic here. Can someone explain the difference?
rester555 said:
Need some feedback from the community. What the title says. I can download Hulu on Windows 11/10 (desktop computer with unlocked processor and root permissions of the OS) and watch everything through my account but with Android P6P rooted, it's a PAIN IN THE ASS to watch hulu through the app.
I just don't understand the logic here. Can someone explain the difference?
Click to expand...
Click to collapse
They are different things. I am not an expert but I know that android is linux based and windows isn't. There are different techniques used to display things, get root access, use the internet/apps etc. Also, the processor comes unlocked and it is meant to be that way unlike the phone which comes locked.
stelmilt said:
They are different things. I am not an expert but I know that android is linux based and windows isn't. There are different techniques used to display things, get root access, use the internet/apps etc. Also, the processor comes unlocked and it is meant to be that way unlike the phone which comes locked.
Click to expand...
Click to collapse
Fair point, my computer comes with an unlocked processor, but the phone comes with an unlockable bootloader, but that's a pretty weak argument with over the top restrictions from these vendors. It seems like they all have a vision in the future and that's everything behind a server wall in the future I bet and you are just a dumb terminal with a data pipe.
I guess another side point is how do you check which level of widevine you have? If memory serves me, on A13 if you don't have the proper level apps don't show movies like Hulu. Has this been solved for A13 on P6P?
Further review of doing identity check, I am getting an HDCP disconnected error when using hulu. Seems like the Hulu apk is looking for HDCP connect status.
Yep, Windows is a very different animal. Even with UAC (User Account Control) that has existed since Windows Vista, the main account of a Windows PC is still an Admin and effectively has root control. You can store Word documents in the Windows\System32\Drivers subfolder if you want. This kind of thing happens by accident all the time. It's pretty crazy, really.
I think even "Standard" (non-Admin) Windows accounts have far greater permissions than they would for some aspects they would on a Linux-based device. I think Standard users can still store things in the wrong places, but probably not as many wrong places, and they can't access other users' folders.
In the end, streaming services operating on a Windows PC have to operate without as strict conditions because the computer is already "rooted" as it comes from the manufacturer.
rester555 said:
Need some feedback from the community. What the title says. I can download Hulu on Windows 11/10 (desktop computer with unlocked processor and root permissions of the OS) and watch everything through my account but with Android P6P rooted, it's a PAIN IN THE ASS to watch hulu through the app.
I just don't understand the logic here. Can someone explain the difference?
Click to expand...
Click to collapse
There is ZERO difference, except EXPECTATION.
Because the software vendor CANNOT expect any desktop/laptop to not provide elevated privileges on demand, but STUPID FRIKKIN GOOBLE built it with these fundamental restrictions in as expectation.
I have hulu bought, but I can't watch it, so I ended up getting a modded apk
tl;dr; because android and Linux are open source
Whenever the app is starting either in windows or android, the only thing it can reach out it's an operating system. The app has almost no privileges over the OS while the OS has ALL over the app. Since the app wants to work with its own data that shouldn't be leaked, the app somehow must ensure it can trust the highly privileged OS before it brings the data into it. How an app can ensure? Well, with certain assumptions it can.
Windows is a proprietary OS with proprietary drivers. All drivers and critical binaries in the OS are passing Microsoft's signing to ensure they aren't modified and their developers are known. OS and drivers are all binaries which makes them hard to be modified or at least such modification would require abnormal resources like expertise, time, money, and knowledge. Windows passes different certifications, security audits, and under permanent attention from security researches. Such things as audits are trying to ensure the OS applies all available security measures and is using available hardware to protect the system and apps from intrusion/modification, thus enterprises trust it. Considering the all above, you, as an app developer, can easily assume: I can trust Windows as its binaries can be hardly modified as it leverages hardware to secure everything, so whenever our app will ask the OS to provide a hardware protected storage for the data, the app will get it.
The all above applies to the stock Android as well, and apps trust such systems. The only difference here is that app developers know that Android and Linux kernel are open source and anyone can modify them and flash into the phone. Now, how an app can ensure it runs on the OS that can be trusted? The app can do that by checking whether the OS is rooted or not. If it's rooted, the OS is certainly somehow modified. The app's devs are assuming that highly privileged modified OS can fake/emulate secure storage and steal the app's data from the less privileged app.
If you wish here is an analogy: Windows is a Ritz Hotel and Android is AirBnB. While they are serving the same purpose: host you as a guest, they are different, and you'll deal with them differently as a guest. Ritz has reputation, a license to run a business, and no one can fake a Ritz hotel. When you stop in a Ritz hotel, you can 100% be sure you can trust it and there are no hidden cameras in rooms as well as you can expect a decent service. Absolutely different story with AirBnB. In AirBnB everyone can be a host, and this brings a problem with a trust to a random person. Once you stop in Airbnb apartments, you highly likely will try to find a hidden camera to understand whether you can trust the host or not.
PS: as per my knowledge, some banking apps aren't running on rooted phones due to same reasons
burned-donut said:
tl;dr; because android and Linux are open source
Whenever the app is starting either in windows or android, the only thing it can reach out it's an operating system. The app has almost no privileges over the OS while the OS has ALL over the app. Since the app wants to work with its own data that shouldn't be leaked, the app somehow must ensure it can trust the highly privileged OS before it brings the data into it. How an app can ensure? Well, with certain assumptions it can.
Windows is a proprietary OS with proprietary drivers. All drivers and critical binaries in the OS are passing Microsoft's signing to ensure they aren't modified and their developers are known. OS and drivers are all binaries which makes them hard to be modified or at least such modification would require abnormal resources like expertise, time, money, and knowledge. Windows passes different certifications, security audits, and under permanent attention from security researches. Such things as audits are trying to ensure the OS applies all available security measures and is using available hardware to protect the system and apps from intrusion/modification, thus enterprises trust it. Considering the all above, you, as an app developer, can easily assume: I can trust Windows as its binaries can be hardly modified as it leverages hardware to secure everything, so whenever our app will ask the OS to provide a hardware protected storage for the data, the app will get it.
The all above applies to the stock Android as well, and apps trust such systems. The only difference here is that app developers know that Android and Linux kernel are open source and anyone can modify them and flash into the phone. Now, how an app can ensure it runs on the OS that can be trusted? The app can do that by checking whether the OS is rooted or not. If it's rooted, the OS is certainly somehow modified. The app's devs are assuming that highly privileged modified OS can fake/emulate secure storage and steal the app's data from the less privileged app.
If you wish here is an analogy: Windows is a Ritz Hotel and Android is AirBnB. While they are serving the same purpose: host you as a guest, they are different, and you'll deal with them differently as a guest. Ritz has reputation, a license to run a business, and no one can fake a Ritz hotel. When you stop in a Ritz hotel, you can 100% be sure you can trust it and there are no hidden cameras in rooms as well as you can expect a decent service. Absolutely different story with AirBnB. In AirBnB everyone can be a host, and this brings a problem with a trust to a random person. Once you stop in Airbnb apartments, you highly likely will try to find a hidden camera to understand whether you can trust the host or not.
PS: as per my knowledge, some banking apps aren't running on rooted phones due to same reasons
Click to expand...
Click to collapse
That is all hogwash. They harass owners of mobile devices *because they can*, which is exclusively connected to expectation and not security.
As for your example of a custom compiled kernel, THAT IS NOT ROOT. That's just a custom compiled kernel.
96carboard said:
As for your example of a custom compiled kernel, THAT IS NOT ROOT. That's just a custom compiled kernel.
Click to expand...
Click to collapse
It’s not a “just”. Kernel is the most privileged part of the whole system and “just custom compiled” for app developers means “it’s no longer a kernel signed by the manufacturers we trust as they have contracts with vendors supplying a DRM subsystem and this unknown kernel has endless power over the system and who knows how it was altered”. Thus “just custom compiled android” with “just root functionality” is the same thing from the app’s perspective. Google for “android verified boot” and you’ll learn why “just custom compiled kernel” breaks the chain of trust.
PS: in past I was a developer of a linux multimedia devices that had supported the same thing to play drm media. Without proper drm support which requires a verified boot no one will allow you to join the US media market and import your devices. If Hulu app would allow to play a licensed content on devices without drm+verified boot — the Hulu immediately would be kicked out from the market by other players.
burned-donut said:
tl;dr; because android and Linux are open source
Whenever the app is starting either in windows or android, the only thing it can reach out it's an operating system. The app has almost no privileges over the OS while the OS has ALL over the app. Since the app wants to work with its own data that shouldn't be leaked, the app somehow must ensure it can trust the highly privileged OS before it brings the data into it. How an app can ensure? Well, with certain assumptions it can.
Windows is a proprietary OS with proprietary drivers. All drivers and critical binaries in the OS are passing Microsoft's signing to ensure they aren't modified and their developers are known. OS and drivers are all binaries which makes them hard to be modified or at least such modification would require abnormal resources like expertise, time, money, and knowledge. Windows passes different certifications, security audits, and under permanent attention from security researches. Such things as audits are trying to ensure the OS applies all available security measures and is using available hardware to protect the system and apps from intrusion/modification, thus enterprises trust it. Considering the all above, you, as an app developer, can easily assume: I can trust Windows as its binaries can be hardly modified as it leverages hardware to secure everything, so whenever our app will ask the OS to provide a hardware protected storage for the data, the app will get it.
The all above applies to the stock Android as well, and apps trust such systems. The only difference here is that app developers know that Android and Linux kernel are open source and anyone can modify them and flash into the phone. Now, how an app can ensure it runs on the OS that can be trusted? The app can do that by checking whether the OS is rooted or not. If it's rooted, the OS is certainly somehow modified. The app's devs are assuming that highly privileged modified OS can fake/emulate secure storage and steal the app's data from the less privileged app.
If you wish here is an analogy: Windows is a Ritz Hotel and Android is AirBnB. While they are serving the same purpose: host you as a guest, they are different, and you'll deal with them differently as a guest. Ritz has reputation, a license to run a business, and no one can fake a Ritz hotel. When you stop in a Ritz hotel, you can 100% be sure you can trust it and there are no hidden cameras in rooms as well as you can expect a decent service. Absolutely different story with AirBnB. In AirBnB everyone can be a host, and this brings a problem with a trust to a random person. Once you stop in Airbnb apartments, you highly likely will try to find a hidden camera to understand whether you can trust the host or not.
PS: as per my knowledge, some banking apps aren't running on rooted phones due to same reasons
Click to expand...
Click to collapse
A custom kernel is not the same thing as root. In classic Linux and UNIX, root is a user account that can do pretty much anything (even delete the entire OS if you know what flags to pass to rm, I will not go into what they are). Root is present on a lot of Linux distros until disabled, and all variants of BSD.
Next time do your research before acting like you know what you're talking about, there will always be someone who actually knows that will take you down a peg.
dragynbane222 said:
A custom kernel is not the same thing as root.
Click to expand...
Click to collapse
You didn't read my comment carefully. I did say:
burned-donut said:
Now, how an app can ensure it runs on the OS that can be trusted? The app can do that by checking whether the OS is rooted or not. If it's rooted, the OS is certainly somehow modified.
Click to expand...
Click to collapse
The app doesn't care about the rooting itself, it has only concerns about whether it can trust the whole system or not. If the system is rooted → it came from an unverified source → it's likely somehow modified because it's open source → no trust. The rooting is only a red flag because none of stock Androids have it. Nowadays, there could be other options to check whether the chain of trust is broken or not, so apps could decline to work even if there is no rooting at all but custom kernel had broken the chain.
dragynbane222 said:
root is a user account that can do pretty much anything even delete the entire OS
Click to expand...
Click to collapse
That's no longer true. The Linux kernel (and Android particularly) has the SELinux subsystem that can be tuned up to prevent a root user from doing that. Kernel has absolute privileges, and kernel can manage what's allowed to the root user. Next time, do your research before acting like you know what you're talking about.
burned-donut said:
It’s not a “just”. Kernel is the most privileged part of the whole system and “just custom compiled” for app developers means “it’s no longer a kernel signed by the manufacturers we trust as they have contracts with vendors supplying a DRM subsystem and this unknown kernel has endless power over the system and who knows how it was altered”. Thus “just custom compiled android” with “just root functionality” is the same thing from the app’s perspective. Google for “android verified boot” and you’ll learn why “just custom compiled kernel” breaks the chain of trust.
PS: in past I was a developer of a linux multimedia devices that had supported the same thing to play drm media. Without proper drm support which requires a verified boot no one will allow you to join the US media market and import your devices. If Hulu app would allow to play a licensed content on devices without drm+verified boot — the Hulu immediately would be kicked out from the market by other players.
Click to expand...
Click to collapse
What are you on about? That has nothing to do with this discussion.
burned-donut said:
it's likely somehow modified because it's open source
Click to expand...
Click to collapse
Being open source has NOTHING AT ALL to do with whether or not it is modified.
96carboard said:
Being open source has NOTHING AT ALL to do with whether or not it is modified.
Click to expand...
Click to collapse
Sorry, no wish to continue a discussion after such confident but fallacy statement. Good luck.
Hi there.
I want to share what I found outhere.
Its a SERIOUSLY privacy focussed ROM, wich I havent tried yet, but I think at this times we need things like that, and you maybe could share here your thoughts and knowns about this kind of developments.
Here is the link to the official website:
Home - DivestOS Mobile
divestos.org
And the rom for Alioth:
Devices - DivestOS Mobile
divestos.org
Cheers!
My thoughts: no Google Play Services. For the moment I skip this one till I find some time to migrate to non google apps.
Yes, migrating from Google might be too hard and frustrating.
This shows how far we are trapped, that we are in many cases unable to get out of there, to a great extent by our comfort.
BTW, I'm in the process of getting out of google, there are good alternatives for most of services, wich maybe I'll share when I'm done.
The key is to have an own server, better at home and not VPS's, to host all your services.
The biggest problem (in android) is getting push notifications without Google Services (neither MicroG), because most of apps uses Google Clouds to manage it. "Unifiedpush" is a great and versatile alternative, but your apps has to implement support for it, and there are very few of them.
This Is swimming against the current, but there are others trying to swim in this direction, and together will be at least easier.