Develop Bugs

The Protected Apps Issue

First of all, we know why this is the case. For anyone that doesnt, see the below:
Protected apps that are missing from the market. There are generally two reasons why apps will be missing from the market.
When a new ROM/Phone is released, the manufacturer, in this case HTC, sends the build to Google, which includes a 'Fingerprint' (a unique line of text which governs its market access) in the build.prop file. Generally, it states the name of the phone and Android version in the fingerprint. With Root & system write access, this fingerprint can easily be changed... but we don't have that luxury right now.
Once Google approve the build, the fingerprint will be added to their allowed database to view protected apps on the market.
The other cause for apps missing from the market in builds (such as twidroid, layar, barcode scanner etc) is that these apps require permissions to use the camera/auto focus. They are NOT protected apps. If the XML permission files are missing from system/etc/permissions, then Google Market will simply block these apps from showing.
So again... to answer your question... we'll see the protected apps as soon as either:
a) HTC chase up Google
b) Google get around to activating the fingerprint
Now.. on to the point. I bought my un-branded HTC Desire from Mobilephonesdirect and there are NO protected apps on the market.
A friend of mine ordered his un-branded device from Vodafone.... No protected apps on the market.
Last night, another mate of mine rocked up with a new HTC Desire... branded, from Orange UK. HE HAD FULL MARKET ACCESS.
Piss poor that the unbranded devices are having issues really.
At least this means that as soon as I can get system write and root access, I can give us all full market access immediately

there are also no protected apps on t-mobile with a t-mobile branded phone as of yet...

I think it's simply all unbranded handsets.
Mine is unbranded on Vodafone and I have no protected apps.
I'm a bit confused by what is meant by "protected" however, as some paid apps like CoPilot work fine, whereas free apps like Google Earth are missing.
I read on another forum that part of the issue was that the Desire was reporting to the Market that it has no camera (or missing some other hardware), and thus the Market was only serving apps which didn't require the device to have a camera.... However, this doesn't seem to be the case as I managed to get Google Goggles which works fine...

so this would explain why i cant see google maps in my market place? even though it came pre installed on my phone? is it something that will be address sooon?

Hmm... I can see google maps OK

Today in france, we have access to the full market...

They are back!
http://forum.xda-developers.com/showthread.php?t=665742
Rejoice!

[INFO] Protected Apps Now in Market!

Well, I've turned on my Desire this morning, and performed the daily search for the Paypal app. There it is.
Tapatalk, and all the rest of the protected apps are now available on the generic ROM it seems!
Great news!
EDIT - All except Google Earth it seems.

I can see those two, but not Google Earth?
T-Mobile here.

I also see the applications you mention, but I still only see free apps?

Already posted in the Desire Themes and Apps forum 9 hours ago... Search before posting?

NZtechfreak said:
Already posted in the Desire Themes and Apps forum 9 hours ago... Search before posting?
Click to expand...
Click to collapse
I did actually, but missed it somehow.
Anyway, it's still news to some, obviously.

No worries, as the OP in the other thread I can understand how excited you were!

Seems to be a lot of demand for Google Earth. I've attached it if you guys want it.
But yes, Its not on the market on Vodafone either. Sounds like it might of been pulled altogether
KYI

Cheers for Google Earth!

Thx for the upload. Needs 23 mb rom lol. Root plz...
Oh come on, no paypal app for me in the market, strange

Argh, I cannot see the Paypal app!
I have an unbranded/unlocked Desire with the latest stock ROM (1.15.405.4) and I've set my locale to "English (United States)" with MoreLocale2. (doesn't work either with the "English (France)" settings)

UK Desire on T-Mobile, branded- have access to protected apps - and can see paypal app on market

I tried the install from #7 but I get 'there is a problem parsing the package'.

I have Google Earth, I always did have Google Earth.
Infact it was one of the first apps I installed on 27/03, I only just got protected apps today (I knew because I downloaded a copy of Abduction World Attack off the internet (it is an app I purchaed) and today I got prompted there was an update (it wasn't in my market before))
Edit: Just to add, I did also once have to do a reset and was able to redownload earth from the market again.

Most apps are showing up now in the market for me. Still can't see Google Earth though.

Here is some interesting news re "Market"
http://www.techradar.com/news/phone...ate-fixes-market-problems-desire-next--685321

i have google earth in the market. bit no paid apps here in Sweden.
Sent from my HTC Desire using the XDA mobile application powered by Tapatalk

now we have "protected" apps, can anyone suggest some ones we're missing out on?

Security

Please can anyone expand on some of the security issues that are worrying me. I have been a pocket PC user up till now (HTC HD).
Every time I download an application I am informed that the application will may access one of the following:
1. SD card
2. The internet
3. The local network
As I keep many private things on my Desire I am worried that I am unknowingly "opening doors" for people to steal information.
What should I turn off or on to secure my Desire?
Are items downloaded from the Market secure?
Are items downloaded from other places secure?
Thanks
Sams

Don't worry about those security warnings, I just ignore them

samcory said:
As I keep many private things on my Desire I am worried that I am unknowingly "opening doors" for people to steal information.
Click to expand...
Click to collapse
Essentially, yes you are!
When you install an app, it requests certain permissions so it is in your interest to review that list and make sure that the permissions that the application is asking for reconcile with what the application is supposed to do.
For example, if I'm installing a video player, I don't expect that it should need access to my contacts, emails, or SMS messages, so if I installed one that asked for those permissions I would refuse it.
Are items downloaded from the Market secure?
Are items downloaded from other places secure?
Click to expand...
Click to collapse
Unlike the Apple AppStore, applications on the Market are not vetted so there is always the potential that someone could post up some malware - it is one of the few downsides of being an open platform.
Regards,
Dave

security
Virtually every other app seems to want acces to the internet, that does seem a bit dangerous!!
What we need is a nice site setup that vets the apps and makes a small charge for the service. I certainly would be happy to pay for such a service toavoid having my Exchange contacts and notes being used by some nasty stranger.
Sam

^ but then every other app needs internet access. Even if it was just to post a high score. More worrying is when an app wants access to contacts/SMS/ or wants read AND Write access to something.
I was unaware the apps were not vetted.

[Q] Email digital signature and encryption

I have a couple Email Digital Certificates (.p12) that I use to sign and encrypt emails from my desktop. I would like to start using them on my phone, but cannot seem to find any options in the native HTC Email app. I got them installed in the security settings on the phone, but just cannot find an option to use them in my emails. I have also tried using K-9, but cannot find an option within that app either.
So, is there any way to digitally sign and/or encrypt emails within the native email app?
If not, are there any reputable, trustworthy 3rd party apps in the app store that have this capability?
Oh and not sure if it actually matters, but I have the VZW variant One M8....
Thanks in advance,
Kratos

king kratos said:
I have a couple Email Digital Certificates (.p12) that I use to sign and encrypt emails from my desktop. I would like to start using them on my phone, but cannot seem to find any options in the native HTC Email app. I got them installed in the security settings on the phone, but just cannot find an option to use them in my emails. I have also tried using K-9, but cannot find an option within that app either.
So, is there any way to digitally sign and/or encrypt emails within the native email app?
If not, are there any reputable, trustworthy 3rd party apps in the app store that have this capability?
Oh and not sure if it actually matters, but I have the VZW variant One M8....
Thanks in advance,
Kratos
Click to expand...
Click to collapse
I think I finally figured this out. Android (for some very strange reason) doesn't actually support digital signatures or encryption with email natively. Therefore, one MUST use a third party app to process encrypted or digitally signed emails.
I have checked out R2Mail2 as a possible solution and am thus far liking it. There were a couple other options (but only a couple I could find) and they either had very low reviews or were requesting permissions that just didn't make sense. In fact one of them actually tried to explain why they needed permissions to view call logs, but weren't convincing enough for me so I skipped over it.
I also have a Galaxy Tab 2 10.1 and it supposedly supports certificates natively (something Samsung added themselves), but I guess it doesn't support S/MIME with the .p12 extension as it continues to tell me that there are no files found on my device.
If anyone has any other solutions that are better than having to use (and pay for) a 3rd party app, please do tell.
Thanks Kratos

king kratos said:
I think I finally figured this out. Android (for some very strange reason) doesn't actually support digital signatures or encryption with email natively. Therefore, one MUST use a third party app to process encrypted or digitally signed emails.
I have checked out R2Mail2 as a possible solution and am thus far liking it. There were a couple other options (but only a couple I could find) and they either had very low reviews or were requesting permissions that just didn't make sense. In fact one of them actually tried to explain why they needed permissions to view call logs, but weren't convincing enough for me so I skipped over it.
I also have a Galaxy Tab 2 10.1 and it supposedly supports certificates natively (something Samsung added themselves), but I guess it doesn't support S/MIME with the .p12 extension as it continues to tell me that there are no files found on my device.
If anyone has any other solutions that are better than having to use (and pay for) a 3rd party app, please do tell.
Thanks Kratos
Click to expand...
Click to collapse
No one has any ideas about native S/MIME support?
Kratos

I've been looking into this for a while... and I think you already found the best solution. R2Mail2 handles both S/MIME and PGP. I haven't seen any other good options for S/MIME. K9 + APG can give you PGP. There used to be a simple native mail app that would do PGP, but it looks like thats been pulled by Google.

Privacy in relation to Google

A while ago I came across this thread:
https://news.ycombinator.com/item?id=12016011
and I'd like to know whether the Google collecting stuff also applies to a default LineageOS install? Or does it start only after GApps is installed (even the smallest possible one)?

Personal info, the minute you enter your google email address.
Sent from my Sprint Note 3 running Lineage 7.1.1 on T-Mobile. using XDA-Developers Legacy app

When you put you email or use some Google app product you agree to share your personal data.
Enviado de meu Mi 5s Plus usando Tapatalk

OK, but that's limited to that app and the permissions you give it - and that goes pretty much for all apps, Google or not. I was thinking more about the system-wide "telemetry".

Neuromancer said:
OK, but that's limited to that app and the permissions you give it - and that goes pretty much for all apps, Google or not. I was thinking more about the system-wide "telemetry".
Click to expand...
Click to collapse
Not really. Google has tentacles into so many things it's mind boggling.
For example: you may think that you are keeping your location data private by turning off that nice shiny location services toggle right at the top of your screen. But guess what? By default, various Google frameworks are set to override that whenever they feel like it, to ping your location silently anyway.
And even if you have the GPS chip disabled in hardware (or it doesn't exist at all), they will try to triangulate you based on other visible entities like WiFi and Bluetooth signals. (You know those Google Streetmap cars that drive around everywhere taking pictures of everything? They also are collecting a giant database of every single wireless signal they encounter, and linking them to the exact geo coordinates where they were detectable. And they also collect this data from every device running Android. So if your downstairs neighbor has a WiFi access point or bluetooth device in Google's location database, the simple fact your mobile device can see one of those signals means they've now got YOUR location, too.)
Neat, huh?
---------- Post added at 13:25 ---------- Previous post was at 13:21 ----------
Neuromancer said:
A while ago I came across this thread:
https://news.ycombinator.com/item?id=12016011
and I'd like to know whether the Google collecting stuff also applies to a default LineageOS install? Or does it start only after GApps is installed (even the smallest possible one)?
Click to expand...
Click to collapse
Even the "pico" Gapps - which includes (IIRC) just the Gplay services framework, Gplay app, PIM sync and Google Cloud Messaging components is enough.
On one of my devices I have pico Gapps installed on Lineage 14.1 and, as per usual, it is constantly trying to get my location. (I know this because I have Privacy Manager set to popup an approval prompt for both Gplay and Gplay services.) Another thing that the Google frameworks like to do is send/receive silent SMS messages. Once again, if it were not for the CM/Lineage Privacy Manager prompts, this would all be invisible.

Agree with Exabyter. Google is soo inside the apps and it's services that it's hard to predict if they can get your data or not. The Google Services Apps that give you access to lot of apps features have a lot of phone permission
Enviado de meu Mi 5s Plus usando Tapatalk

So using alternative markets such as F-Droid and Aptoide, and not installing GApps at all, can be a mitigating factor?

Neuromancer said:
So using alternative markets such as F-Droid and Aptoide, and not installing GApps at all, can be a mitigating factor?
Click to expand...
Click to collapse
Yes. And I was thinking along those lines myself for quite a while.
Unfortunately the big problem with those app sources is that they cannot handle paid apps/subscriptions.
F-droid is great if you are an open-source pedant, and as much as I like it (because among other things, generally speaking most of the stuff on there isn't doing sneaky stuff), the selection is very small.
Aptoide has a large percentage of the major apps on Gplay, but many of them are there without the developer's permission. Anyone can create an appstore there and upload any APK they want. (I actually have a private store there I intend to use at some point as a sort of APK repository for my various devices, but in practice I'm not sure how well this will work) And if you get apps from a personal user's store there there's a possibility there's something illegitimate about it. Aptoide checks APK signatures but I like to run a local A/V scanner anyway.
My current thinking is install the smallest possible open-source Gapps (eg pico), and then try to put a leash on what is left.
I'm still trying to work out how to accomplish that. Going to be posting a question in this forum shortly about location spoofing, for example. (In short: a recent AOSP patch may have really set us back here. )