Develop Bugs

HTC opposing modding, but sure as hell they are willing to take your money!!!

I've been enjoying the custom ROM features for a short while, but when I came across the HTC's desicion to put shipped-roms down, I had to make a statement.
I've contacted HTC about the matter, and the answer I got did not please me, at all. They just ignored the fact that the success(and their money) comes greatly because of the open Android platform, and the eager programmer communities contributing to it. Which is the reason and soul, to promise, for the platform, to get success and long life, in the future.
Their claim stands on the corporate ignorance on that fact I mentioned. As the original binaries are not to be used in any other way, than to give a rescue route, if some customization route takes the wrong turn, and ends in bricking the device. In those occations we could take the step back and restore the original image, into a device, and keep hunting the bug's in custom cooked roms.
So I hope that more people will get in touch directly to HTC, and make them understand that keeping the binaries out in the open, does not steal any money or intellectual property from them, in any way, but is solely to keep supporting the device sales, and the life of the platform as a whole.
Yours truly
sawe
P.S. Sorry for the bad language, I'm not a native english speaker.

I personally think that response is reasonable. They can't guarantee that anything won't go wrong with ROMs other than their own and therefore won't support it.
They don't however try to actively stop it which is why there is such a great community of developers.
Sent from my HTC Desire using XDA App

They don't actively stop modding. They just want to keep their own ROMs safe.

I think they are not reasonable on the matter. Reasonable would be if they give us the possibility to download released ROMs from their web servers.
By taking that possibility away, they deny us to revert back to official version, and by that put a much bigger risk in testing the new mods.
No intellectual property is at risk because official packages are .exe binary files, so no way to missuse them, only ability to flash the device back to factory defaults.

Aren't they taking issue with the fact that the HTC Roms include their copyrighted Intellectual property? THe sense UI and the other apps the HTC develop to go with their devices for example? I don't agree with the HTC tactic here, but just wondering if thats their whole issue?

badgerarc said:
Aren't they taking issue with the fact that the HTC Roms include their copyrighted Intellectual property? THe sense UI and the other apps the HTC develop to go with their devices for example? I don't agree with the HTC tactic here, but just wondering if thats their whole issue?
Click to expand...
Click to collapse
Those binary coded .exe files are only usable to flash the device they are ment. You cannot use the file in any other way.

this thread is aload of crap, htc have the right to take whatever steps they feel are justified to protect there work, if you dont like it dont buy htc simple, but we all know people will buy htc because whatever you think of them they are that best smartphone manufacturer

HTC have more rights than they actually use, agreed this thread is pointless.
Xda could drown under 2 meters of dung and htc wouldn't even notice, or maybe they would just be happy to do away with all the idiots bogging down customer support with questions about froyo and then moaning it's not ready a split second after the android team released it.
not sent from an iToilet

saweboy said:
Those binary coded .exe files are only usable to flash the device they are ment. You cannot use the file in any other way.
Click to expand...
Click to collapse
Sorry, but that just isn't true!
When you run an HTC Android RUU it extracts a file called ROM.ZIP into a temp directory before it starts to flash the phone and you can pull this out and do pretty much whatever you like with it.
Regards,
Dave

foxmeister said:
Sorry, but that just isn't true!
When you run an HTC Android RUU it extracts a file called ROM.ZIP into a temp directory before it starts to flash the phone and you can pull this out and do pretty much whatever you like with it.
Regards,
Dave
Click to expand...
Click to collapse
thats true ive done that using ms process manager when i wanted the stock htc bootanimation.zip

I wonder how much information HTC have syphoned off these and other similar forums without acknowledging it? Essentially we are provided a beta testing service for them at no risk to themselves. They could just look through all the problems folks are reporting with various ROMs and RADIO files and use that info to make them stable.

SimonCraddock said:
I wonder how much information HTC have syphoned off these and other similar forums without acknowledging it? Essentially we are provided a beta testing service for them at no risk to themselves. They could just look through all the problems folks are reporting with various ROMs and RADIO files and use that info to make them stable.
Click to expand...
Click to collapse
I sincerely hope they don't, since 90% of the supposed beta testing here is unscientific at best and plain wrong at worst
not sent from an iToilet

I think HTC would have much more sophisticated testing methods than relying on comments like....
ZOMG!!! THE CAMERA APP FORCE CLOSES, THIS ROM SUX!!!
HTC have every right to protect their intellectual property. In fact they're being very nice with the modding community. If they full exercised their rights then there roms including HTC Sense would be illegal.

Hacking WP7 - any REAL beginner guides?

Hi
I'm pretty sure this hasn't been covered off already - well - not to the level of detail I need anyway.
I came to the xda forums after a friend of mine suggested that there were hacks available.
It's clear that 'something' is available, but what I am not finding is:
A) A SIMPLE guide that shows us people totally new to phone 'hacking' how to do it, from start to finish, with minimal lingo and acronyms.
B) An clear and simple explanation on the different 'hacking' options available
C) The reason you would want to do it? From what I can see, the only benefit seems to be a few pointless homebrew apps that you can download - and for the risk involved...why would you chance it?
Don't get me wrong, tinkering in itself is the reason you would want to do it - it's fun - but I can't help thinking that the WP7 side of 'hacking' doesn't offer much reward.
Would really appreciate any advice/help/links with my questions.
Thanks

Did not know whether to bother answering or not but okay. First welcome to XDA, uhhh in easy laymens terms hacking is not for the inexperienced and it is not totally idiot proof so you should have some fair knowledge of the systems and what they do. Don't hack if you need a kindergarten book to explain it all out for ya simple as that. WP is closer too iOS than Android main point being it is the most secure as far as I personally care of the 3, and the system is just as smooth and fluid as iOS. No there are not alot of Homebrew available at the moment, but if you happen to have a phone able to be fully unlocked then you have the option to use many functions that were not available before.
Device specific is where you should such that search block is your best friend, nobody here is going to write a full guide to the whole forum section for every single new hack and crack that comes out. If you want to you are more than welcome.

Thanks pal
I'm ok with the concepts of hacking, just not specifically this OS.
I'm technically minded and do a lot of similar stuff elsewhere, but when it comes to the phone that I use daily, and comntracted for another 12 months with and have no experience with tinkering WP7 - Im slightly more nervous.
I guess my main issue was the d&h forum for WP7. Every sticky/thread is far too long and they all contain a lot of acryonyms that a new WP7 hacker wouldn't understand. So my forum instinct is to look for the sticky that says "start here - everything explained" - but there isn't one?!
It's almost like "where do people start if there is no starting point"?

As far as covering a good amount of info, this post is a good one:
http://forum.xda-developers.com/showthread.php?t=1299134
Don't really think there is a way to avoid all the jargon though, if there is something that isn't explained well it should be simple to find information to fill in the gaps. The terms used are very specific to the environment, so anything returned in a search would probably be relevant.
The most common homebrew option is Interop Unlock, Samsung models of phone are the easiest to unlock. This allows you to use native code that has not been wrapped in a tidy c# class.
The benefit of all this is that your phone is a full fledged computer that by default is locked down like an appliance. Developing additional homebrew apps allow you to get further phone customization out of your device, and therefore the most value out of your purchase.

I for myself thought about unlocking my device considering the risks involve. but I weighed the consequences. Thus, I end up now, having a fully unlocked HTC 7 Mozart with a custom rom. I am happier with my device now, I can do BT transfers, explore the folders within my device, install more applications than the usual apps/games from the marketplace, and tweak my device. One more thing, when my device was still running on stock rom, battery life is shorter, now I have 1.5x the battery life.
MY CONCLUSION: unlock your device's potential
as for the guides, yes it is not really like spoon feeding, but contents of the guides/tutorials are somehow progressive. one can learn from them, so that on the next development, we can do the "hacking" easier since we understood how the process goes. This is why it is called development. Cheers!

before i can give you advice on what hack that you can use, what is the name your device that way there are more specific hacks that we can talk about.

Hi
Thanks for the helpful replies.
I have a HTC Trophy. I'm doing the SD card upgrade next week to start with, so I can finally put all my music on it, so thought i'd look at hacking it at the same time.
Cheers
Sent from my 7 Trophy using Board Express

look at the HTC part of this guide, http://forum.xda-developers.com/showthread.php?t=1271963

lovenokia said:
look at the HTC part of this guide, http://forum.xda-developers.com/showthread.php?t=1271963
Click to expand...
Click to collapse
Looks like a good guide but how am I meant to know if I have a first or second gen phone....there's no definitive list?! And I can't remember what updates I have.
This is a nightmare - I'll give it a miss

check your processor, as far as i know, if your phone has 1.5GHz then it's a gen2, otherwise, it's just gen1

Let me at least give the "legitimate" talk about unlocking your phone:
For $99/year, sign up for a developers account with Microsoft (create.msdn.com). You can unlock up to 3 separate devices officially for app development. Then you can build and deploy all kinds of .xaps to your phone. To top it off, you can get the betas and early OS upgrades (had Mango almost 6 months before my friend got it from his vendor). Ultimately, you can even release your own apps to the marketplace for sale or for free.
sounds like, since this is a phone you use every day, this might be an investment worth considering. Its an easy and legitimate way for someone not too experienced with the phone's innards to get it unlocked and get exposed to how things work. Plus if you back up your phone vefore you unlock it, and something goes wrong, you haven't done anything thats voided a warranty. If the OS crashes, try returning to the "pre-unlocked" backup and bring it back to the store saying it crashed. They'll replace it. Nice deal, considering most Windows phones run around $500 to replace.
Now as for unlocking it via other means: maybe you dont want to sell apps. Maybe you dont really want to give microsoft a credit card for $100 every year. Maybe you want to just do more than a developer unlock will get you - like load a whole new aspect of the operating system. Or maybe you just dont want to pay to unlock your phone. Understandable, i suppose (though for MOST people, a developer unlock is more than sufficient). There are options, but they will require a lot of time and investigation (maybe even translation) to get it right, because the WP7 is new. The devices are many - its not like having a single hardware baseline to crack - like the iPhone. And to throw another monkey in the wrench, they did a full-fledged update to the OS not 6 months ago. So - no - not a a lot of "beginners" guides out there. Even for experienced people, an unofficial unlock is still a tricky feat. Take a look at the number of posts that have to do with phones randomly "re-locking" themsleves. Hell, I'm a legit developer and my phone "re-locked" itself last night. (turns out MS has a "lease" on deve unlocks that you need to physically update every year by un-registering and re-registering the device)
hope this was informative and helps.

I found exactly the same problem. Today I saw this post in the HTC Titan forum which helped me understand all the different unlocks that you hear mentioned on the web.
Hope this helped

[Q] How to Eliminate Kingo from PC and Device(s)

Hi Folks:
I'm afraid I rooted a couple of my devices via Kingo a couple weeks ago and only now am I learning of the various confirmed/potential consequences. Based on feedback from a couple programmers and developers, coupled with what I've seen in some of the forums, this application employs its exploit as a guise not only to obtain personal information on the device, but also the PC. Furthermore, from what I understand, it installs very questionable, unnecessary material on one's PC that enables KINGO to track a user indefinitely.
In any case, I want to ensure that I can verify the material that was installed on my PC/phone and to greatest extent possible, remove all traces off my PC. That's my first objective. Second, I'd like to address my device in much the same capacity. Unfortunately, I'm quite lay when it comes to technical matters of this nature and thus I reach out to the community for guidance.
Thanks!

rhetorician said:
Hi Folks:
I'm afraid I rooted a couple of my devices via Kingo a couple weeks ago and only now am I learning of the various confirmed/potential consequences. Based on feedback from a couple programmers and developers, coupled with what I've seen in some of the forums, this application employs its exploit as a guise not only to obtain personal information on the device, but also the PC. Furthermore, from what I understand, it installs very questionable, unnecessary material on one's PC that enables KINGO to track a user indefinitely.
In any case, I want to ensure that I can verify the material that was installed on my PC/phone and to greatest extent possible, remove all traces off my PC. That's my first objective. Second, I'd like to address my device in much the same capacity. Unfortunately, I'm quite lay when it comes to technical matters of this nature and thus I reach out to the community for guidance.
Thanks!
Click to expand...
Click to collapse
Your PC will have to be cleaned very well.
Your phone will wipe it go back to stock and root away
TWEAKED 2.0

BACARDILIMON said:
Your PC will have to be cleaned very well.
Your phone will wipe it go back to stock and root away
TWEAKED 2.0
Click to expand...
Click to collapse
Roger that. I feel pretty comfortable rescuing my devices. It's the PC I'm worried about. What, exactly, does "very well" entail? Do you recommend a particular program? So far, Microsoft, McAfee, and Iobit all fail to identify potential vulnerabilities.

rhetorician said:
Roger that. I feel pretty comfortable rescuing my devices. It's the PC I'm worried about. What, exactly, does "very well" entail? Do you recommend a particular program? So far, Microsoft, McAfee, and Iobit all fail to identify potential vulnerabilities.
Click to expand...
Click to collapse
I am a security freak so you can't go by me. My step would be a full wipe on PC. But that is so extreme. I think is u use good virus protection and a reg checker/ cleaner you should be good. But I am not a pro. You might need to check in PC forums
TWEAKED 2.0

I had my PC checked by many friends who are in the security business and they found nothing after using it. Since I have wiped and installed Linux but they found nothing on my system after using it
Temasek CM11 & Yank Powered SM-N900T

I don't know if I'd go so far as to install Linux (unless, of course, that works for you and your needs...then I would recommend the idea highly)...but to guarantee any level of success I would absolutely insist on a complete repartition and reformat of your hard drive (and an ODIN flash of the complete factory restore image....bootloader, recovery and all)
If there is any residual risk of compromise I would expect virus scanners to pick it up (but not McAfee or Norton...they are the most popular therefore the most targeted for compromise)....AVG, Kaspersky, Avira....Just like Opera is the most secure browser or OSX and Linux are the most secure OSs. It's not that it's necessarily the most inherently secure options but they are also representative of the smallest fractions of the market therefore they are less attractive. The effort required to compromise them would be better spent on a more popular attack surface.
If your personal information and device performance means a goddamned thing to you WIPE EVERYTHING AS THOROUGHLY AS POSSIBLE. I am not kidding, I am not overstating the situation in the slightest. Do as I say.
To do anything less is to consider your personal information (top priority) and device performance (secondary priority) less than important.

Seriously now, does anybody have shred of evidence Kingo is a virus, besides hears says? Don't anti virus companies have a place to submit suspicious programs for evaluation? Did anybody with proper tools run trace to see what exactly Kingo is doing? There are tools to see registry entries made by Kingo and what they mean, there are ways to trace program etc I really would like to see some hard evidence or at least link to it.

daneurysm said:
I don't know if I'd go so far as to install Linux (unless, of course, that works for you and your needs...then I would recommend the idea highly)...but to guarantee any level of success I would absolutely insist on a complete repartition and reformat of your hard drive (and an ODIN flash of the complete factory restore image....bootloader, recovery and all)
If there is any residual risk of compromise I would expect virus scanners to pick it up (but not McAfee or Norton...they are the most popular therefore the most targeted for compromise)....AVG, Kaspersky, Avira....Just like Opera is the most secure browser or OSX and Linux are the most secure OSs. It's not that it's necessarily the most inherently secure options but they are also representative of the smallest fractions of the market therefore they are less attractive. The effort required to compromise them would be better spent on a more popular attack surface.
If your personal information and device performance means a goddamned thing to you WIPE EVERYTHING AS THOROUGHLY AS POSSIBLE. I am not kidding, I am not overstating the situation in the slightest. Do as I say.
To do anything less is to consider your personal information (top priority) and device performance (secondary priority) less than important.
Click to expand...
Click to collapse
LOL wasn't recommending Linux but yes I only installed win 8 to use kingo then back to Linux which is all I have used for years
Tweaked & Lean SM-N900T

The only security concern was their collection of your IMEI number. However, they removed this shortly after being contacted about it. As it currently stands, there are no known risks of using this program.

That and using some public chinese website to store all the software fixes for all different devices, at least as far as I know. This is not some kind of program that appeared from nowhere last night, this was published by Kingoapp technology, or something like that and the program works as advertised. They don't want to publish source code and I don't blame them, maybe they don't want other people to copy their work, maybe they don't want Samsung to patch security holes they found, or maybe they use other developers work, I don't care. I think I read somewhere that none of the 27 or so respectable antivirus programs flag Kingo as harmful and by now somebody should have found something if there was anything to find, especially that there was so much suspicion and controversy. There is always a risk when you download software from the web (whole websites could be fake and look official), but I have not seen one single proof Kingo was harmful in any way from anybody yet and I'm sure many people used it already.

This is all a red herring. The IMEI collection was the really only issue and they stopped that fairly quickly.

krelvinaz said:
This is all a red herring. The IMEI collection was the really only issue and they stopped that fairly quickly.
Click to expand...
Click to collapse
So it's safe to use?
I was planing to root my note 3 and kingo seems good was just worried.

xile6 said:
So it's safe to use?
I was planing to root my note 3 and kingo seems good was just worried.
Click to expand...
Click to collapse
I have encountered 0 problems using it. Used on my note and both of my note 3's. No problems PC or device wise. And there is no proof of KingoApp doing anything malicious, just hearsay.

Samsung Knox

Samsung KNOX?.....I remember there is a time AMD is very popular and very demanding not because its better than INTEL proc. Computer enthusiast go for AMD it's not because it is cheaper, its because they feel the freedom of doing something to enjoy, to explore, to over clock to the extent. Then Intel decided to sell unlock proccessor, and suddently intel market change. My point is not all people buy phone just to call and recieve call. they want to explore and have freedom to enjoy it to the extent, unlock it, put custom rom and develop. I feel they start taking away this freedom we had, as Doc say "Leaving Samsung won't get you away from Knox anymore. Google is going to begin using it in ALL android builds. Probably starting with Android"L". I know there's a lot of knowledgeable people on XDA who is enjoying and itching to break this barrel. We have to wait for this hope, i have faith.

gmenik6 said:
Samsung KNOX?.....I remember there is a time AMD is very popular and very demanding not because its better than INTEL proc. Computer enthusiast go for AMD it's not because it is cheaper, its because they feel the freedom of doing something to enjoy, to explore, to over clock to the extent. Then Intel decided to sell unlock proccessor, and suddently intel market change. My point is not all people buy phone just to call and recieve call. they want to explore and have freedom to enjoy it to the extent, unlock it, put custom rom and develop. I feel they start taking away this freedom we had, as Doc say "Leaving Samsung won't get you away from Knox anymore. Google is going to begin using it in ALL android builds. Probably starting with Android"L". I know there's a lot of knowledgeable people on XDA who is enjoying and itching to break this barrel. We have to wait for this hope, i have faith.
Click to expand...
Click to collapse
You do realize that the inclusion of Knox has nothing to do with trying to prevent rooting. It is security to prevent criminal hackers from getting all your banking and personal information off of your phone. Knox to date has also not prevented rooting. Even the phones with locked bootloaders and Knox have achieved root. The locked bootloaders are what prevent certain phone models from flashing non-stock based ROMs. If you do use your phone for more than calls and text then you should be happy they are trying to make them more secure for those uses. Will Knox slow down development....a little...as work arounds to the secure kernels and constant checks will take more time to get all the bugs out. Bottom line though is to stay away from carriers that lock bootloaders...that is the message you want to send. Push for them to offer unlock solutions the way HTC does for the 1% of community that is on XDA. Remember...security is meant for the 99% of phone buyers that know nothing about XDA or root...and for corporate and military contract sales.

KennyG123 said:
You do realize that the inclusion of Knox has nothing to do with trying to prevent rooting. It is security to prevent criminal hackers from getting all your banking and personal information off of your phone. Knox to date has also not prevented rooting. Even the phones with locked bootloaders and Knox have achieved root. The locked bootloaders are what prevent certain phone models from flashing non-stock based ROMs. If you do use your phone for more than calls and text then you should be happy they are trying to make them more secure for those uses. Will Knox slow down development....a little...as work arounds to the secure kernels and constant checks will take more time to get all the bugs out. Bottom line though is to stay away from carriers that lock bootloaders...that is the message you want to send. Push for them to offer unlock solutions the way HTC does for the 1% of community that is on XDA. Remember...security is meant for the 99% of phone buyers that know nothing about XDA or root...and for corporate and military contract sales.
Click to expand...
Click to collapse
just everybody knows, I don't think knox will not secure you phone from criminals. if not thousand hundred of people selling their phone everyday knowing factory reset and taking out sdcard will not leaved a trace, it's not true...I know you know that. And what I believed company protect their interest before consumer.

murayoshi said:
just everybody knows, I don't think knox will not secure you phone from criminals. if not thousand hundred of people selling their phone everyday knowing factory reset and taking out sdcard will not leaved a trace, it's not true...I know you know that. And what I believed company protect their interest before consumer.
Click to expand...
Click to collapse
We are talking about criminals hacking your phone while you still possess it. Perhaps you are not aware of all the hacking and identity theft that has gone on in Android over the past years. Exploits would be forced onto your phone giving hackers access to much of your phone.

And in reality, if used as intended, Knox can protect the data stored in its containers. It is encrypted to DoD standards and if any tampering is detected it breaks access to those containers. Sure, any encryption can be broken, but it would take a very talented and determined hacker to first regain access and then break that encryption. It may not prevent hardcore industrial espionage, but it certainly will protect a lot of sensitive info from bring had by most identity thieves or from being inadvertently released to the general public.
Knox was never intended to secure the average users data. Its intended for use by security professionals in an Enterprise environment.
There are plenty of solutions already out there for people to protect themselves with, most simply just elect to not use it. Number 1 IMO would be simple common sense! Unfortunately, many replace this with ignorance and end up paying for it with increasing frequency.

DocHoliday77 said:
And in reality, if used as intended, Knox can protect the data stored in its containers. It is encrypted to DoD standards and if any tampering is detected it breaks access to those containers. Sure, any encryption can be broken, but it would take a very talented and determined hacker to first regain access and then break that encryption. It may not prevent hardcore industrial espionage, but it certainly will protect a lot of sensitive info from bring had by most identity thieves or from being inadvertently released to the general public.
Knox was never intended to secure the average users data. Its intended for use by security professionals in an Enterprise environment.
There are plenty of solutions already out there for people to protect themselves with, most simply just elect to not use it. Number 1 IMO would be simple common sense! Unfortunately, many replace this with ignorance and end up paying for it with increasing frequency.
Click to expand...
Click to collapse
I work for DVD, that made me chuckle... If you guys only knew how incompetent the IT department is.
Sent from my Amazon Jem using XDA Premium 4 mobile app

Shack70 said:
I work for DVD, that made me chuckle... If you guys only knew how incompetent the IT department is.
Sent from my Amazon Jem using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Im assuming you meant DoD, right? And yeah....contractors....lol!
No offense to those who really do try and really do care, but man, it does seem like so many are just along for the government ride!

Good info on KNOX, thanks

[BUG] [woods] Blueborne is NOT patched in the Latest NMA26.42-113 (for Moto E4)

Hello,
After some investigation on https://github.com/MotorolaMobilityLLC/kernel-mtk/tree/MMI-NMA26.42-113 and inside the /etc/bluetooth/btstack.conf I found out the Moto E4 device is using the BlueZ stack, with the unpatched l2cap_core.c.
Just look, this is a sample from the official Motorola github kernel site (the prototype of the function l2cap_build_conf_req)
Code:
static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
And this one is from the official Linux kernel source:
Code:
static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size);
data_size, where is data size on Motorola, this is the problem!
Fix it, Mediatek! Fix it, Motorola!

I forgot to mention, NMA26.42-113 promised October 2017 security level.

More proof: Just look at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
This shows exactly the spots that need to be changed!

You are dreaming if you think Motorola will release an update ....
Your answer is a custom rom with newer patches like the ones by Izaq......
Go check out the patch level of his DotOs & RR
That's why we come to XDA ..to root & flash custom roms .

KevMetal said:
You are dreaming if you think Motorola will release an update ....
Your answer is a custom rom with newer patches like the ones by Izaq......
Go check out the patch level of his DotOs & RR
That's why we come to XDA ..to root & flash custom roms .
Click to expand...
Click to collapse
True. Take time reading through pros/cons of each option (there are many); not all ROMs are equal and may lack the necessary customizations for this device. Ignore the happy extremes ("it's great"/"it sucks") as neither typically reflect reality. I generally stick with rooted stock on unlocked Moto devices enhanced with a few Magisk and Xposed modules. Everything just works and I'm not concerned with obscure vulnerabilities. Stability and solid battery life are top priorities. Very little bloatware added by Moto and most of it is useful; carrier crap is a different story (FWIW - I never purchase carrier branded phones). Responsible app selection and browsing behavior are cornerstones of good device hygiene. I also run a VPN based ad blocker and firewall which ads another virtual condom. My mobile is a productivity tool that needs to be there 7x24. For that stock is often, albeit not always, the best option. Good luck.

Thank you, but unfortunately a custom ROM is not an option. I use the Moto E4 as a daily driver, if I do this, then I lose stability. Plus Motorola says I might lose encryption if I unlock bootloader (and root the stock ROM) and I know custom ROMs often have broken encryption (not in sense of security, just doesn't work, bootloop, etc....).

iodev said:
Thank you, but unfortunately a custom ROM is not an option. I use the Moto E4 as a daily driver, if I do this, then I lose stability. Plus Motorola says I might lose encryption if I unlock bootloader (and root the stock ROM) and I know custom ROMs often have broken encryption (not in sense of security, just doesn't work, bootloop, etc....).
Click to expand...
Click to collapse
There are steps you can take to maintain data encryption on a unlocked device running a rooted Moto (stock) ROM. That said, if there is no compelling reason to root don't! There are many easy, practical ways to mitigate security concerns without resorting to paid apps & subscriptions that offer little benefit given the robust Android/Google Services security framework already in place. Rooting can undermine that model unless other precautions are taken ... most of them behavioral.
Reread my prior post. If you are loosing sleep over Blueborne simply disable the Bluetooth radio in public locations. Before doing that ask yourself why someone would target you and/or your device with a short range 'attack' that will likely yield nothing of interest. Mainstream media does a huge disservice identifying potential vulnerabilities without accompanying risk profile. Yes, Moto should fix it but they probably won't.

Davey126 said:
Reread my prior post. If you are loosing sleep over Blueborne simply disable the Bluetooth radio in public locations. Before doing that ask yourself why someone would target you and/or your device with a short range 'attack' that will likely yield nothing of interest. Mainstream media does a huge disservice identifying potential vulnerabilities without accompanying risk profile. Yes, Moto should fix it but they probably won't.
Click to expand...
Click to collapse
Yes, I am already doing that (seemed common sense to turn off Bluetooth when not using it, to ensure safety and preserve battery). Thank you anyway!
Yeah, they won't fix it ... they don't care.

iodev said:
Yes, I am already doing that (seemed common sense to turn off Bluetooth when not using it, to ensure safety and preserve battery). Thank you anyway!
Yeah, they won't fix it ... they don't care.
Click to expand...
Click to collapse
Boils down to resource management. This isn't a big threat and fixing it isn't going to sell more handsets in a world where 95% of customers/users don't weigh vendor security posture when making purchase decissions.

Davey126 said:
Boils down to resource management. This isn't a big threat and fixing it isn't going to sell more handsets in a world where 95% of customers/users don't weigh vendor security posture when making purchase decissions.
Click to expand...
Click to collapse
That's because people don't read CNET Security News
Instead they totally ignore that and when it hits them they go "Why me!?" instead of actually fixing it, so next time they also go "WHY does this happen to ME!?"

iodev said:
That's because people don't read CNET Security News
Instead they totally ignore that and when it hits them they go "Why me!?" instead of actually fixing it, so next time they also go "WHY does this happen to ME!?"
Click to expand...
Click to collapse
Surfacing potential and exposing bad behavior is a journalistic responsibility. That said, potential and reality are often distant partners that leaves the audience unsettled as risk assessment/mitigation are usually omitted. Read responsibly, my friend.

Davey126 said:
Surfacing potential and exposing bad behavior is a journalistic responsibility. That said, potential and reality are often distant partners that leaves the audience unsettled as risk assessment/mitigation are often omitted. Read responsibly, my friend.
Click to expand...
Click to collapse
Yeah, you're right, I'm sorry, I find it hard to differentiate between potential and reality (sometimes).