Develop Bugs

Virus in the ads for this forum

There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.

chumatha87 said:
There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.
Click to expand...
Click to collapse
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have

not necessarily, depends on the distribution algorithm of the ads you have...

Fallen Spartan said:
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have
Click to expand...
Click to collapse
Same here no such issues also if was XDA side with 8000 people on @ time would expect more than one user with the issue mentioned since Kaspersky is a well used AV product "mind you not my flavour"
OP scan computer, also worth running malwarebytes it's free.

Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.

ROCOAFZ said:
Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.
Click to expand...
Click to collapse
Can you remember which ad you clicked on or give us any more info so we can investigate?

PPCGeeks has been having a similar issue reported by some users.
Sometimes IE will report it as unsafe and sometimes their A/V will come up with a warning.
Seems to be an issue with some of the AdSense ads. Hopefully Google will fix it soon.

I still think it's humorous that my Kaspersky Internet Security 2010 blocks all of the Mobile Speed Test signatures, because it thinks the Mobile Speed Test website is a huge fail or something.

[Q] Mobile Security...?

I've read an article recently (forgot the link and where, my memory is horrible) stating that creators of viruses (Malware specifically if i remember correctly.) are starting to focus in on the Android OS more and more ...
Windows gets major viruses because its easy to write viruses for, and the amount of people possible to infect is outrageous.
People don't usually write for OS's like Linux/Unix because its more difficult and they don't affect as many users...
I know most responses to these types of questions are "It's a matter of opinion", so I'm looking for responses from people that know a little something about malware, how it works, and what will work best to protect my Samsung Galaxy S2 Epic 4G Touch.
I want to know what experienced programmers and developers think the best Mobile Security would be for our android devices.
I don't care about how much system resources it uses.
I've been using ESET Mobile Security as the 30 day trial and i likes its options. Plus, it has advanced heuristics, which helps catch viruses that are not in the virus definitions received when updating.
I'm looking for an antivirus that has a high detection rate, but low false-positives. I did some research and it was found that Avast! is one of the most trusted, plus its free. But i also go by the motto "You get what you pay for"...
Another thing I want is an antivirus that will protect Operah Mobile, and not just the stock browser. Avast seems to only protect the default browser.
Any information on this would be greatly appreciated.

In my opinion it's not worth it to run antivirus on our phone unless you are going to be doing alot of piracy of apps .... If you only get apps from market Google catches must stuff t really fast .... Read descriptions on apps you download and don't pirate games and such you should never need avast out such to slow down your phone ...
Sent from my SPH-D710 using xda premium

Epix4G said:
In my opinion it's not worth it to run antivirus on our phone unless you are going to be doing alot of piracy of apps .... If you only get apps from market Google catches must stuff t really fast .... Read descriptions on apps you download and don't pirate games and such you should never need avast out such to slow down your phone ...
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
I use my phone for both business and recreational use. If i get a movie file sent to me from a friend and i don't know where he got it from, i want some kind of protection.
I understand that an antivirus on Android phones is usually an overkill... But i will be kicking myself in the ass if a password to my email ends up being compromised.
I understand that Android phones hardly ever have apps that contain viruses, but based upon that article i ready (I really wish i'd have kept it) its becoming a problem, although not a big problem.
I just want to be protected. For all i know, i could open an excel spreadsheet that i received from a spoofed email address that contains a virus.
You see my dilemma.... So lets start talking about which anti viruses are the most effective.
Regardless,
Thanks for you response.

Anything malicious can only be in the form of an app, because of the Linux structure. Permissions have to be enabled for any R/W access. So the prior recommendation of staying away from pirated apps will suffice.
Also, news articles prey on sensationalism to encourage reading the article. Don't believe everything you read.
Sent from my SPH-D710 using Tapatalk

What the last person said!!! If you get a movie file that has a virus most likely its written for windows anyway and will not do anything to you're phone. Also no movie file, pic file, or file in general can gain permissions that the app using it does not have. So the biggest thing is making sure the apps you download are legit.
There are a few bugs and flaws like with htc sense where a malicious app can gain access to things because HTC sense logs things it should not. TW does not have those problems now that CIQ is gone.
Sent from my SPH-D710 using XDA

I don't run any kind of anti-virus. Even on my PC. If you stay away from anything shady, keep a throwaway gmail account for anything online you're not 100% sure about and pay attention to where things are coming from, you'll be all set. Unless there is some reason that somebody would want to hack into your phone specifically, then it's just random crap that will hurt you. If you don't know where the movie file your friend send you came from, don't open it.

Ok. So everything that you guys said I about apps being the main way to get infected, I completely agree on.
But what about websites? I'm sure sites, especially mobile websites, have some kind of way to get in through some type of Malware/spyware.
The best way to never get a virus is to watch where you download from and be wary of any sites you go to. I know this. But i use my phone frequently, browse the internet frequently, and I know that all kinds of sites have crap on them. All of them can't JUST be for windows OS. What about websites that specialize in stuff for Android phones?
Also... Can't QR Codes from websites contain malicious things?
Call me paranoid. Call me OCD. But i like things a certain way and i'm just trying to find out what I can do to ensure nothing happens on my phone that i don't approve of.

exitprogram said:
Also... Can't QR Codes from websites contain malicious things?
Click to expand...
Click to collapse
I don't really think so, since it's basically pointing you to a webpage. If it points to an app you have to choose to install it from there.
It's very hard (if the end user pays attention) to actually give someone a virus.
If your downloading all your apps legit from the 'Play store' you're going to be fine 99% of the time.
I think the worst we have seen so far is status bar spam anyhow.

The only thing that an antivirus is gonna do is use up more memory on your phone.

So what you guys are telling me is...
#1 Antiviruses of any kind for an Android Phone are completely useless.
#2 These companies wrote Antivirus/Security Apps.... FREE, for no reason.
#3 Their is no possibility of anything getting infected when connecting your device to a PC or Mac.
Well. I guess I was being either way too paranoid, or you guys are wrong and don't even consider the fact that you could already be infected. I mean, how would you even know your phone hasn't been compromised and people are waiting for you to make a credit card purchase? If they want it, do you think they'd advertise it and TELL you or let it be KNOWN they've written something for it? No. They will keep it quiet so they can steal your information without you knowing it. I mean, We can't even get updates on unreleased ROMS! How do you think the hacker community deals with the viruses that they create? Make a forum about it and let Norton add it to its virus definitions? As I've said, i read an article about it, and where there is smoke, there is usually fire.
There are exploits on every device out there. I don't care what it is. People just don't take the time to write them all if the user base isn't big enough to justify the effort. But it doesn't mean they aren't out there.
Did you know gas pumps have been tampered with to save debit card transactions, along with PIN numbers, and then downloaded wirelessly by the criminal via laptop? This was not a small amount of numbers, either.
Sh*t, i didn't even know my gmail got hacked until i checked my sent box and saw spam messages being sent from my account.
I guess this is why people say it is a matter of opinion.
Didn't mean to start a "Politics" type of debate.
I will just keep using ESET Mobile Security since that is what I deem fit.
Thanks for all of your guys's input.

Most virus for Android will request su permissions to actually do any real. Damage considering only a small portion of. The Android users ever. Root their devices the time it takes to write a virus is almost wasted by the cracker, not hacker as hackers are actually coders crackers are the malicious form of hackers, coming from cracking the securities/passwords to steal info, and most ppl who root know what to look for and what to do if they get infected.. Mobile security companies don't write their apps for free, they get ad revenue from the ads in the free apps or you pay 1-10$ to get rid of ads so nothing is. Done for free, the worst virus ever created for Android was CiQ as it logged and sent almost everything you did on your device to who knows what 3rd party companies. So more or less your best antivirus for Android is you
________________________________
{We are legion, for we are many}
>Sent from my Anonymous DeathStar in the depths of GalaXy S2<
-Coming soon to an Evo4G near you?: [AoSP]EViL-MoD_FReEvO v0.1[Free your phone]-

They are "tampering" with credit cards at gas pumps and ATMs, by creating a separate magnetic reader and putting it over top of the reader already present. Not by any software hacking.
No one has said that PC's and Macs are immune from malicious apps.
GNu/Linux is a completely separate security suite vs a PC.
On a PC, any app that is "clicked" will immediately have access to the registry. By which you can change user permissions and application permissions. And the filesystem is immediately available to do whatever the code wants to do. And by proxy, any file accessed by the application also has no limitation to the damage it can wreak. That's how mp3's carry viruses. They are attached to files that would normally have access to the more secure registry keys. Firewalls are made to limit access to the registry. That is a necessity and why people trust security programs. Their software requires it.
Whereas, in Linux, the kernel is seperated from the OS and applications are kept in a sandbox completely seperate from the OS's filesystem. You have to physically allow "permissions" which dictate how far that application can reach. Files do not have any R/W access to the filesystem. The OS just reads and views them. It is not impossible to get in this way, but it is highly unlikely and no known exploits have been found in the wild.
So for anything malicious, you are allowing the corruption, and the only way to know is to only deal with trusted sources.
And to answer your question, Security companies make the software because they can. They are making ad revenue just for you loading the app. And it helps with piece of mind having a repository of known malicious apps. No one has said they aren't what they are advertised, they are. But they are also resource hogs, and unneeded if you understand what is going to be bad content.
Sent from my SPH-D710 using Tapatalk

I hear what you guys are saying. As far as security for an Android phone goes, just be careful and don't install anything from anywhere that you don't trust.
But like i said.... What about when connecting your phone to your PC? Couldn't something be laying dormant on a windows machine and infect an android device? I'll just be paying more attention to what i allow super user permissions to. (Not that i don't already)
Since the vital portion of the OS are kept separate or are "sandboxed" in a way... I will have to ALLOW these things, before they cause damage, right? Or did i already "allow" them when i installed the app and agreed to all of the things they have access to? Like when it sais "This app can read call history, access contacts, etc" ... I know that some apps i install seem to have access to things that have nothing to do with its functionality. Like why would a game need access to Contacts?
I think i ran across some kind of security app that has a firewall that will restrict outgoing and incoming connections for any app. I will probably just use something a long those lines to ensure none of my sensitive information is leaving the phone.
Thanks again! These are the responses that i was looking for.

exitprogram said:
I think i ran across some kind of security app that has a firewall that will restrict outgoing and incoming connections for any app. I will probably just use something a long those lines to ensure none of my sensitive information is leaving the phone.
Thanks again! These are the responses that i was looking for.
Click to expand...
Click to collapse
This APP is actually an antivirus w/firewall. Its Avast. Its free.
I think the "Freeze" option in Titanium Backup would have a similar effect, but you have to pay for that feature.
Even if your not concerned with getting a virus... At least you can control the data that apps send to and from your phone.
It also could be helpful if you download an app a buddy said his friend created and your a little paranoid about it. Or if the app isn't available from your carriers market and you need to download it by other means.
Anyway. This should suffice as far as the security i (was) looking for.
Now i know viruses can't just run rampant on Linux/Unix based system like Android. But JUST IN CASE, i will restrict all apps from communicating to the outside world using that firewall =)
You guys have been very helpful and very informative and even refrained from being d*cks .... Amazing! =)
Thanks guys.

security
what about security from another person hacking into the phone. I have a disgruntled ex-wife that constantly hacks into my phone, fowards my texts and email to people and displays pictures of her for me to see when I turn my phone on. How do I stop this? to me this is much more important than a virus. A phone can always be wiped clean, but a hacker can still get in.
Jerry

jjdellorusso said:
what about security from another person hacking into the phone. I have a disgruntled ex-wife that constantly hacks into my phone, fowards my texts and email to people and displays pictures of her for me to see when I turn my phone on. How do I stop this? to me this is much more important than a virus. A phone can always be wiped clean, but a hacker can still get in.
Jerry
Click to expand...
Click to collapse
Did you try calling the cops? That's more than one law she's breaking.

Take a look at this
Http://www.itworld.com/security/267484/android-apps-dont-need-permission-see-your-data
Sent from my SPH-D710 using Tapatalk 2

Also for your reviews check this one out
www.droid-life.com/2012/03/07/over-...nly-7-have-malware-detection-rate-of-over-90/
Sent from my SPH-D710 using Tapatalk 2

Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Umm... did I make my point clear?
Sent from my Samsung® Galaxy™ SII Epic™ Touch 4G running CyanogenMod9™ ICS!

Bypassing the Android Permission Model

i just wanted to share this article for everyone to see!
http://privacy-pc.com/articles/bypassing-the-android-permission-model.html
what do you guys think about this? and about android as a whole (security wise)?

jamcar said:
i just wanted to share this article for everyone to see!
http://privacy-pc.com/articles/bypassing-the-android-permission-model.html
what do you guys think about this? and about android as a whole (security wise)?
Click to expand...
Click to collapse
I wouldn't say that the permissions system is "completely flawed," though it does lack significantly in key areas. Some of the permissions would be better served if they were split into multiple sub-permissions (eg. phone ID), but I'm relatively content with the current status quo.
Additionally, using Facebook, or heck, a mobile device on it's own even, means that you already thrown away any claims to your own data and privacy. While there is always room to better the system, it is important to remember that we've all signed clauses with a bold BUYER BEWARE heading. It is the user's job to take additional steps to secure all that, rather than waiting on Google to clean up their act IMO.
If you have any concerns about privacy on an Android device, I highly suggest using this app LBE Security Master http://forum.xda-developers.com/showthread.php?t=1422479 (there's a hint of irony there, as the app is from China with root and internet access). That one works on JB unlike the previous released with worked up to ICS.

[Petition][Poll] We want Https on XDA!

[Petition][Poll] We want Https on XDA!
Three days ago I had a conversation with @benkxda. During that conversation, he pointed out that XDA uses no https encryption. Therefore everybody can read our passwords and PMs when we send them to the server. What if someone replaced our downloadable files with viruses?
Is that really what we want? Neither @benkxda nor I think so. Hence we decided to create this thread.
Now you might ask what you can do to get https on our forum. The first and easiest option is probably the most effective. Vote in the poll at the top of the page.
If you've got some spare time, you can also write a short (or long) post explaining your opinion.
If we get enough votes for this petition, the admins might consider supporting the https protocol.
To ensure that everybody sees this, we want to get this on the portal. Please help us by either clicking this link or by clicking the "Tip us?" button in the right upper corner of this post.
It would also help to spread the word if you put a link to this thread into your signature.
Thanks for reading.

Announcements
4th March 2014: 1000 supporters.
2nd January 2014: bitpushr implemented https for the login form! Thanks to all supporters.
23rd December 2013: And again, doubled. 800 votes now.
1st November 2013: Another announcement by bitpushr: They "have gotten [their] CDN provider to add SSL." Moreover, he will "add this to the forums".
28th September 2013: Doubled, again. 400 now.
31st August 2013: We just hit the 200 voters mark. Thanks.
13th August 2013: We reached 100 supporters. Keep voting.
7th August 2013: bitpushr announced that the admin team is working on https. I want to say thank you to all who have voted yet. But remember, we don't have https yet. So continue to vote.
29th July 2013: This petition was created.
Click to expand...
Click to collapse
Code for the signature
Code:
[SIZE="5"[B][/B]][[B][/B]URL="http://forum.xda-developers.com/showthread.php?t=2383868"][[B][/B]COLOR="Blue"]Vote for a secure XDA: [/[B][/B]COLOR][Petition][Poll] We want Https on XDA![/UR[B][/B]L][/SI[B][/B]ZE]

Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection for the whole XDA website, including linked in scripts and images and not limited to the login sequence. This is state of the art even at Google or Facebook.

benkxda said:
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection, which is state of the art at Google or Facebook.
Click to expand...
Click to collapse
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.

calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.

calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
Of course, it should be added to the entire site. However, I didn't even think about the downloading thing. That's definetly true and I'll add that.
Feel free to spread the word.
Thank you very much. :good:
benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Posted at the same time. :laugh:

benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm

Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.

Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
This must be verified first, but frankly I really believe, they try to get those master keys. But they would need a master key to get access. At least, an encryption keeps out most assailants.

nikwen said:
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Click to expand...
Click to collapse
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think

Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
Oh yes, indeed I recently thought almost the same. And maybe we are a bit special picky, hope the "normal" users can keep up that indignation or sometimes outrage on these spy stuff. Also true, off topic.

Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
you realize there aren't one set of master keys for all certificates right? lol. Each certificate has a master key owned by the company owning the cert. If facebook gives them their master keys that doesn't mean they can snoop your xda or bank account traffic.
ok back on topic! I digress!

Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.

pulser_g2 said:
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.
Click to expand...
Click to collapse
Thanks for the info. I didn't know that.

Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion

nikufellow said:
Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion
Click to expand...
Click to collapse
Great.
Are you sure that you are not affected? Everyone is, some more, some less.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(http://upload.wikimedia.org/wikipedia/commons/5/5c/Boundless-heatmap-large-001.jpg)

We've reached over 50 votes.

nikwen said:
We've reached over 50 votes.
Click to expand...
Click to collapse
Nice. So, some people know about HTTPS and encryption and prefer that. Not only because of the secret services of the "Five Eyes", but also to protect me from curious network administrators. There are surely more on XDA, who want to support this necessary petition.
EDIT: Oh, please don't misunderstand, I did not want to protect the secret services from other countries, as they might be not better in privacy protection, for eg the German secret service called "BND" seems to be the sixth eye. Again, I did not want to say only those five do bad things.

As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.

rog_star said:
As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.
Click to expand...
Click to collapse
Yeah, I hope so.
Thanks for voting.

A new Nexus 7 user desperately seeking advice:

Ok,
The nexus 7 is my very first tablet that I bought last week.
I need to keep Google at bay to some degree and guard my privacy. My tablet is not rooted but I need a top notch privacy application.
A link to an xda post about the best Nexus 7 apps would be nice too.
I chose the Nexus 7 to avoid the Vendor bloatware/crud but Google had movie, books and other crud to remove. Sheesh!

klepto said:
Ok,
The nexus 7 is my very first tablet that I bought last week.
I need to keep Google at bay to some degree and guard my privacy. My tablet is not rooted but I need a top notch privacy application.
A link to an xda post about the best Nexus 7 apps would be nice too.
I chose the Nexus 7 to avoid the Vendor bloatware/crud but Google had movie, books and other crud to remove. Sheesh!
Click to expand...
Click to collapse
(You should have posted in General or Q/A Thread about this) but what exactly are you looking for? Everyone seems to be worried about Google's Privacy issues, and I'm not sure why.

Movies and books are a big reason why people buy tablets..
Sent from my Nexus 7 using XDA Premium 4 mobile app

You can just disable them if you want.

Opethsgh747 said:
Movies and books are a big reason why people buy tablets..
Sent from my Nexus 7 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
And in my opinion Google's apps work pretty well anyways.
Sent from my Nexus 7 using XDA Premium 4 mobile app

klepto said:
Ok,
The nexus 7 is my very first tablet that I bought last week.
I need to keep Google at bay to some degree and guard my privacy. My tablet is not rooted but I need a top notch privacy application.
A link to an xda post about the best Nexus 7 apps would be nice too.
I chose the Nexus 7 to avoid the Vendor bloatware/crud but Google had movie, books and other crud to remove. Sheesh!
Click to expand...
Click to collapse
I share your sentiments. Unfortunately it is hard to do without rooting.
If you don't want your calendar and contacts on Google, be sure to turn off "sync" in their settings. Turn off sync in all apps you don't want to share with the world. Use Adaway app.
Avoid Google searches and use DuckDuckGo or Ixquick instead.
LBE security suite, firewall apps (I use Avast but there are others) help.
Look at Xposed Framework installer (there's an xda thread) and the XPrivacy Module.
Hope this helps.

Anderson2 said:
I share your sentiments. Unfortunately it is hard to do without rooting.
Look at Xposed Framework installer (there's an xda thread) and the XPrivacy Module.
Hope this helps.
Click to expand...
Click to collapse
I heard that there are some risks involved with that application I broke down and rooted my Nexus 7 and installed AppOpsX. Is the app you suggest much better?

Not familiar with with Appopsx. Sorry.
Have had no problems with what I recommended.

Anderson2 said:
Not familiar with with Appopsx. Sorry.
Have had no problems with what I recommended.
Click to expand...
Click to collapse
Xprivacy is excellent but as soon as I enabled the module SuperSu went nuts and wouldn't allow root access for other apps.

Interesting. Doesn't do it on my Nexus 7 2013 with Android 4.3. Maybe something on KitKat.

I would suppose so as I enabled shell access with Xprivacy.. I'll keep testing.. It's too great to give up on.

Xprivacy is great, it is working fine with Cyanogenmod 11. I have to tweak it every now and then but it is far and above better than any privacy based app I've ever used.

Don't forget to wear your tinfoil hat. Lol.

Out of curiosity, what exactly are you worried about?

Actually it should be obvious, if you go to your Google account via desktop Google has a log of where you have been via GPS. It has voice prints from Google Now, it keeps wifi passwords and much much more. I don't work for Google so I don't know how trustworthy they are with other people's data. I wouldn't want any company to have all my information at their fingertips.
Some companies sell your information, others use it to profile you so that they can show ads that are closer to your liking. Trust is everything.

@klepto You can close location reporting, and it won't have a log of where you've been. I don't know what a "voice print" is, but google now is all about collecting information about you, i know this answer is frustrating but if you want privacy don't use google now. It keeps wifi passwords for your convenience, who would google sell your wifi password, your neighbour? Every company you ever used have all information you give them at their fingertips, but they cannot use it as they like because you are protected by law, you are not trusting and you shouldn't trust any company, you are trusting the law. As for the OP, first decide which information you want to hide from them, for example are you trying to hide your searches, or your messages etc, then search/use the app that hides it. There is a project like this if you are interested: http://forum.xda-developers.com/showthread.php?t=1715375

klepto said:
Actually it should be obvious, if you go to your Google account via desktop Google has a log of where you have been via GPS. It has voice prints from Google Now, it keeps wifi passwords and much much more. I don't work for Google so I don't know how trustworthy they are with other people's data. I wouldn't want any company to have all my information at their fingertips.
Some companies sell your information, others use it to profile you so that they can show ads that are closer to your liking. Trust is everything.
Click to expand...
Click to collapse
It's hardly important, or a big deal though. If you're concerned about what they do/can do with the data, read their policies.

Dan1909 said:
It's hardly important, or a big deal though. If you're concerned about what they do/can do with the data, read their policies.
Click to expand...
Click to collapse
I agree with the OP. Many others do too. Privacy may be a thing of the past but one can try.
When identify theft becomes more rampant than it already is, more effective privacy laws will probably be enacted. Till then, some of us prefer to lock our home's front doors - even though we are well aware that they can be kicked open. Not everyone has joined the Facebook groupies who share all their private moments for all to see.

Anderson2 said:
I agree with the OP. Many others do too. Privacy may be a thing of the past but one can try.
When identify theft becomes more rampant than it already is, more effective privacy laws will probably be enacted. Till then, some of us prefer to lock our home's front doors - even though we are well aware that they can be kicked open. Not everyone has joined the Facebook groupies who share all their private moments for all to see.
Click to expand...
Click to collapse
I agree with you though, privacy is important.
However, the information google use/take isn't ever going to cause an issue to my life, so there's no reason for me to get worked up worrying about nothing. So what if they have some records of where I've been, or any wifi passwords I've let them save, what negatives can actually happen arising from that?
Fair enough if it's just a matter of principle, but there's no actual need to worry about anything happening.

Dakura said:
@klepto You can close location reporting, and it won't have a log of where you've been. I don't know what a "voice print" is, but google now is all about collecting information about you, i know this answer is frustrating but if you want privacy don't use google now. It keeps wifi passwords for your convenience, who would google sell your wifi password, your neighbour? Every company you ever used have all information you give them at their fingertips, but they cannot use it as they like because you are protected by law, you are not trusting and you shouldn't trust any company, you are trusting the law. As for the OP, first decide which information you want to hide from them, for example are you trying to hide your searches, or your messages etc, then search/use the app that hides it. There is a project like this if you are interested: http://forum.xda-developers.com/showthread.php?t=1715375
Click to expand...
Click to collapse
The problem with that thinking is that 1 your expecting them to obey the laws and 2 you don't know what level of protection they or their partners that they share your info with have in place, and how easily it can be uses to steal your identity. What is a internet the if "is" your neighbor we give out our email address freely with that if they hax Google they can now remotely access your WiFi and put a keystroke logger on your network. Sounds a bit far fetched but just think just because you live in a good neighborhood don't you still lock your doors at night?
Sent from my Nexus 7 using Tapatalk