[Q] Paranoia me ! - Sony Xperia S, Acro S, Ion

I've had several smart phone's in the past all of them with several different roms but still i am wondering.
I have never experianced any of these things but how easy is it for a builder of a rom to obtain info like passwords, usernames or make expansive texting on your phone.
If this is all possible is this happened in the passed and what happened to these builders:
How can i prevent that?
or what can i do to check stuff like that.
I think there is enough brains around these forums to check these things and i think they are checked but still I want to know.....

No one?

Keesjansma2 said:
I've had several smart phone's in the past all of them with several different roms but still i am wondering.
I have never experianced any of these things but how easy is it for a builder of a rom to obtain info like passwords, usernames or make expansive texting on your phone.
If this is all possible is this happened in the passed and what happened to these builders:
How can i prevent that?
or what can i do to check stuff like that.
I think there is enough brains around these forums to check these things and i think they are checked but still I want to know.....
Click to expand...
Click to collapse
When you install a ROM you implicitly trust the developer, he could have installed whatever he wanted on your phone. So basically yes, you're absolutely right. Not all people who cook ROM are experienced, so they, sometimes, may be doing things without understand what they're are doing, exposing you to security risk.
Let's talk about prevention now.
Comments : when you choose a popular ROM it's probable that someone will alert other people if the ROM is doing something suspicious.
Source: The most obvious way and the most efficiently is to look at the source if the developer released it, that's hard, but not impossible since you only need to look to the specific source of your device and not to Cyanogenmod/AOSP sources (you're trusting these ones). If the source is on Github you could see what he changed from the original Kernel or what he change at every release. BTW Someone could share his code but you're not sure that the ROM has not being modified.
Trust: You need to trust someone, so choose well. Remember that even stock rom could have been altered to spy you, especially if you live in a country with limited freedom of speech.
If you're really paranoid then build your ROM, but that's not easy and you need a lot of time, otherwise stick with popular ROM from people that the community trusts.

Thanks Darkorn, I hoped that rommakers were checked more then that they where trusted.
But there are so much roms out there that it cant be all checked exhaustive . It answered my question with questions wether to go on this way or not..... and maybe go try and make my own rom.

Related

Bug tracker website? Would that help? (I'm offering)

Ok. Short story of what I want to do and why.
I am a developer and I feel that I don't contribute enough to this fantastic site and its users. After the recent unpleasantness I went away and thought about what it is that I could do to try and fix this. My idea is a site or section of the wiki built specifically to track bugs and issues in new roms (I was specifically thinking WMXL but there is no reason this can't be used for all of them).
I am currently working on my own XML based site with PHP5 driving and if people think it will be useful I'd write and host this service before I continued with my own site (hopefully before WMXL 0.30 is released).
I want to try and restrict the way people enter and search the information relating to problems with new roms and try to cut out the background noise. I was thinking about having fields such as ROM version (drop down list), radio version (text box), boot loader (drop down list), main program affected (text box), extent of interference (drop down list), description of problem (text area), how to reproduce error (mandatory text area!).
This will hopefully encourage more people to think about what might be causing the problem rather than just posting what they cant do and expecting someone else to work everything out. Forcing a description of how to recreate the problem will hopefully find most users not needing to post after they work it out, and if the recreation steps dont work then the post will be closed. Hopefully people will think enough that I will be able to moderate this forum (type thing) myself and maybe someone in another timezone (closer to the UK) can take care of it while im asleep.
No one can stop n00bs posting silly questions but hopefully we can reduce the amount this annoys everyone else.
Sorry it took so long to describe my idea.
Maz
UPDATE: STARTED!
I got started as soon as I'd got a couple of replies but I still need you all.
For the chef's and other brilliant people:
1. What info do you need with each ticket to try solve them?
2. Do you want to be the only one to close tickets? Or should the submitter be able to?
3. What info do you want to store for the roms to filter to the smallest pool of specific tickets?
For the users:
1. How do you want to be able to search this?
I DON'T ASK FOR DONATIONS! ALL I ASK IS THAT PEOPLE SEARCH BEFORE SUBMITTING!
---------------
http://maz.net.au/
Bugzilla? yes please
This is a very good idea. In fact, I think that we need too a place to store the temporary fixes generated after each ROM publishing. It will be a good place for this too.
Good Idea.
It Would Help A Lot, Sounds Like Finding Answers Would Be Easier And Should Cut Down On The Hostile Atmosphere.
Cheers
Yes, very good idea.
This become easyest forum for everyone.
If it would be of any use, i can host this on one of our UK servers so we get very good speeds? I know 'iammaz' has said he can host it but he is in Australia so for the UK guys it might be a tad slow.
If not then no worries, but just trying to do my bit!
jaso2005 said:
If it would be of any use, i can host this on one of our UK servers so we get very good speeds? I know 'iammaz' has said he can host it but he is in Australia so for the UK guys it might be a tad slow.
If not then no worries, but just trying to do my bit!
Click to expand...
Click to collapse
Cheers and I'm sure everyone appreciates the offer. My site is hosted in the US. At the moment this is being built as a module to my current CMS. Whether or not this adds too much overhead I won't know until I try. The problem will be if I use too much cpu time im sure it's against the ToS with my hosting company and they will shut me down.
I hope that I will have it built as a stand alone object by then and anyone else can take this and run this on php5 hosting or in fact I could run it as web services from my personal server at home.
Progress goes well. Just working on possible searching and indexing algorithms to make searching fast and useful.
Maz
-------------------
I can't believe I forget to type this.
http://maz.net.au/
Great idea
It's 2am. I'm piking for the night. I'm expecting a phone call at 7am tomorrow so will be back into it then for 5 or 6 hours. Hopefully will be almost done by the end of that.
I need to work out how you want to have logins work. I don't think i can make it authenticate against this forum (i havent tried integrating with vBulletin before). Do I allow open registration? do I try make it force you to register the same name but PM'ing the password to that username here? do i manually add people as they ask and restrict the group?
let me know in the next 6 hours or so.
Maz
----------------------
Badly styled CMS can be seen here. (new version looks so much better )
http://maz.net.au/
Open registration, but obviously grant privileges to those of us who classify as developers.
Olipro said:
Open registration, but obviously grant privileges to those of us who classify as developers.
Click to expand...
Click to collapse
And super-user privileges for the chef's for bug tickets that apply to their cooked roms.
Maz
----------------
hard at work again at http://maz.net.au/

Light 6.0 or 6.1 ROM with rgu files...please?

Please will someone post ONE rom without removing .rgu files before posting.
I just want to cook my own ROM.
...
Cmon, guys
I was about to create the exact same thread.
Until a few month ago, I used to re-cook the roms I downloaded here to get rid of the unusefull applications and add my customisation.
Now that wm6.1 is out, I wanted to switch to it but I was unable to find a rom with this f*** dsm and rgu that are mandatory for a clean cooking.
Cookers, why the hell are you removing this files ?!?
Is it to save a few kb which is stupid regarding the pain in the ass trying to improve the rom after this suppression ? (Or did I miss a major revolution in the cooking process that make them unusefull to create packages and registry hives ?)
So could anybody give an advice for a good ROM (light and fast) where this RGU and DSM remains ?
Exactly,
recently I switched from Prophet from Trinity.
I couldn't wait to compare its performances to previous device, but was unpleasantly surprised to see that almost NONE of the ROMs posted in Trinity section is editable.
On the contrary Prophet ROM section is way more advanced.
In the end, I thought that ROMs are (at least ones posted here) kind of public property, and that the they shouldn't be locked (by removing rgu files prior to posting, or putting the time code on them!!!). If you want to sell them - then go apply for job at Micr0s0ft.
On the other hand - I can understand that someone is affraid that someone will overtake his/her work and claim it as their own. But again, we are here to help to each, and I never personally published any of my own modified ROMs - due to respect to the author. It would be good practice that someone who makes modification - always mentiones which ROM is used as a base for development.
Just imagine what would happen if Bepe, Mamaich, Olipro and other real developers made their tools just for themselves!
Cheers!
There's something I can't understand...
Why do you need to edit released ROMs, when you have access to ROM kitchens?
My best guess is that you don't want to spend endless hours figuring out the best tweaks, solving problems, creating packages, and so on, when you can have it all done by others.
Remember one thing:
None of the cookers here are releasing ROMs for profit. We do it as courtesy, to help the less skilled, so they can also have a more updated and efficient system running on their devices.
Cookers aren't by any means obliged to reveal their little secrets, which for you may seem trivial, but in fact, it may be the sum of many hours testing.
Cooking with a untouched kitchen is a good way to get to know how things work, and to improve your own cooking skills. So it's not respectful of you to say that cookers have to release their ROMs editable, or any other related demand for that matter, whether you release your edits or not.
It's the cookers choice to release a ROM as he see fit, and it's the user choice to use it or not.
I don't have a problem with the so called "competition", since I'm not here to compete. I'm not here to win, rather to provide an alternative. But it's hard for me to give up my work just like that.
I wouldn't have any problem providing a kitchen, but unfortunately my main source is XDA-Developers, so I also rely on others to get a base for my work. My skill level is not yet that high, but I'm always trying to improve myself.
I'm sorry if I'm offending someone, but I needed to speak my mind...
FInixNOver said:
There's something I can't understand...
Why do you need to edit released ROMs, when you have access to ROM kitchens?
My best guess is that you don't want to spend endless hours figuring out the best tweaks, solving problems, creating packages, and so on, when you can have it all done by others.
Remember one thing:
None of the cookers here are releasing ROMs for profit. We do it as courtesy, to help the less skilled, so they can also have a more updated and efficient system running on their devices.
Cookers aren't by any means obliged to reveal their little secrets, which for you may seem trivial, but in fact, it may be the sum of many hours testing.
Cooking with a untouched kitchen is a good way to get to know how things work, and to improve your own cooking skills. So it's not respectful of you to say that cookers have to release their ROMs editable, or any other related demand for that matter, whether you release your edits or not.
It's the cookers choice to release a ROM as he see fit, and it's the user choice to use it or not.
I don't have a problem with the so called "competition", since I'm not here to compete. I'm not here to win, rather to provide an alternative. But it's hard for me to give up my work just like that.
I wouldn't have any problem providing a kitchen, but unfortunately my main source is XDA-Developers, so I also rely on others to get a base for my work. My skill level is not yet that high, but I'm always trying to improve myself.
I'm sorry if I'm offending someone, but I needed to speak my mind...
Click to expand...
Click to collapse
+1 you've said everything
Hi, FInixNOver,
well I am glad you replied. Although better anything than nothing.
Watch now:
"Why do you need to edit released ROMs, when you have access to ROM kitchens?"
Well, why do you need kitchens (and tools) - why don't you develop them by yourself?
You say
"So it's not respectful of you to say that cookers have to release their ROMs editable, or any other related demand for that matter, whether you release your edits or not".
No one said they have to. But after hours of testing and achieving something which only you succeeded to - to keep it as a secret? And not share it with the "less skilled" on the forum? I understand if someone invested hours in artistic-visual development of the ROM - everyone will recognize that as effort - but removing .rgu files used for creating the registry during ROM building - is creative???
Or when I dump the ROM and see the folder named "Don't touch my ROM"?
Cmon, thats pure blsht!!!
What if someone makes "Don't touch my Hard-SPL"?
phnikola said:
Hi, FInixNOver,
well I am glad you replied. Although better anything than nothing.
Watch now:
"Why do you need to edit released ROMs, when you have access to ROM kitchens?"
Well, why do you need kitchens (and tools) - why don't you develop them by yourself?
You say
"So it's not respectful of you to say that cookers have to release their ROMs editable, or any other related demand for that matter, whether you release your edits or not".
No one said they have to. But after hours of testing and achieving something which only you succeeded to - to keep it as a secret? And not share it with the "less skilled" on the forum? I understand if someone invested hours in artistic-visual development of the ROM - everyone will recognize that as effort - but removing .rgu files used for creating the registry during ROM building - is creative???
Or when I dump the ROM and see the folder named "Don't touch my ROM"?
Cmon, thats pure blsht!!!
What if someone makes "Don't touch my Hard-SPL"?
Click to expand...
Click to collapse
You may be right about the tools, without them it would have been very hard to get many of the tasks completed successfully and probably I wouldn't have even started cooking.
But, how on earth would you be able to build a ROM without a kitchen?!! You certainly cannot make an omelet without the eggs, now can you?
And I never demanded any tools from anyone or even kitchen. When I have a request or something to say, I usually politely ask or give a suggestion.
You should try to create you own ROM before making assumptions about what cookers should keep a secret or not. Then you'll notice that cookers help each other whenever possible (e.g. when something important is fixed).
And I do share my findings, mainly in my ROMs obviously!! That doesn't mean I have to expose all my work. It's necessary to research a bit. You'll find it rewarding.
Also, almost all of the art work in my ROMs is my hard work, and it's painful to see it scattered around without so much as a credit (I'm not asking to be paid or anything). So, why not protect my work?
Tweaks? That's a whole different subject, the ones you may find helpful other may not, it's up to each one to use the one that will best suit your needs.
You will also learn, that most times, a cooker will not mess with the RGUs in a kitchen. Instead, a brand new package is created just for registry tweaks, this way the changes are easily tracked down. This being said, I can easily build a ROM, that you'll be able to dump and repackage, but you won't find my registry tweaks. Would that work for you? Because, I find this process to be more deceiving than providing the ROM without RGUs and DSMs.
You're making it sound like I say less skilled persons in a bad way. Every user is a potential cooker. Everything is available. Sometimes, you just have to dig a little deeper.
Some find it to hard to learn, others get what they need from the available options, others, well... they're just too damn lazy. But hey, everyone's got their reason, and who the hell am I to judge them?!!
"Don't touch my hard SPL"
This is a funny one!!! You have quite a mess in you attic. You're mixing 2 very different subjects...
I know one thing!! I wasn't fully satisfied, with the options I had, so I decided to get my hands dirty and do it myself. I learn everyday, and I have yet plenty to learn.
My conscience rests easy, as I've made some contributions, maybe not very important ones, but never the less...
I released some fine ROM(not perfect, I'm well aware of that) if I may say so, and made some users happy.
I don't want to start a war or anything. This all subject of protecting or not the cooker's work has already been extensively discussed, and I gave my opinion about it.
In the end I can say:
I've paid my dues. Have you?
OK, I wont argue anymore but will not change my oppinion either.
I am closing this thread by posting HTC Trinity - Complete Cooking tutorial for begginers in the forum.
Maybe my debts will be payed now!
Now let us be more useful and post comments and EDITABLE ROMs!
In the end - I would do that for you as a forum member
Cheers!
FInixNOver said:
There's something I can't understand...
Why do you need to edit released ROMs, when you have access to ROM kitchens?
Click to expand...
Click to collapse
To my mind, kitchen are not made to cook a rom but to learn to the newbies how it works. It's far from beeing a good solution to realy cleanly cook roms (often buggy, not possible to have an up to date OS, ...). However it's really instructive and it's great work from the creators of theese kitchens.
FInixNOver said:
My best guess is that you don't want to spend endless hours figuring out the best tweaks, solving problems, creating packages, and so on, when you can have it all done by others.
Click to expand...
Click to collapse
It's right but it's exactly the point of development, saving hours by using existing libraries to be able to create something realy new that's not another copy of something existing.
Do you know the meaning of a Community of Practice or did you forgot the first function of this board ?
Moreover, you must know that it's way more painfull to cook a rom without kitchen than with a kitchen, even if the result is best.
Finally, this kind of "protection" is quite useless as the rom is still dumpable and editable, it's just a bit more painfull as you need to find the missing files from other roms or from packages.
I was curently working on a rom editor to enable cookers to save time cooking rom with a GUI but I think I will stop the project for a time to try to develop a tool that will be able to recreate the missing dsm, rgu and packages.sof to proove:
1) I'm not a lazy lamer
2) Sharing knowledge is much more profitable for the community than keeping it for itself (even if it has already been done a hundred of times by bepe and so many other on this board)
However, don't think I don't respect cookers work but I think this point stands against this board main function, this will be my way to pay my dues
@phnikola : I found this rom http://forum.xda-developers.com/showthread.php?t=391450&highlight=KAEW working quite well (light, fast, stable and recent build) where the rgu, dsm and .sof are still existing. If you want to use another ROM, just copy all the rgu, dsm and packages.sof from this one to the dump directory of the other rom
Peace
@ phnikola
I welcome your gesture and I'll be more than happy to make some contribution, to make it the best tutorial that I never had.
@ tonio94
Well, my understanding of kitchen is the set that includes the ROM files, packages, tools (whether they are batch files, or fancy tools) used to edit and build the ROM. As I say that's only my understanding of it. I may as well be wrong. And I'm very thankful for the effort and hard work put into developing all the tools that can make our cooking experience so much better
I think you're missing my point. I'm all in favour of sharing. And I try to do it as much as I can, but you may also be aware that even though programmers may use the same libraries, they often protect their final work, so that other cannot take credit for it.
The same happens with ROMs. Altough I'm using the same base as many others to create my ROMs, the final result is different from cooker to cooker, and I can only speak for myself when I say that the main reason for protecting my work is to avoid having my work ripped off.
I have absolutely nothing against making available the kitchen as bug free as possible, so that everyone can make their own customization of it.
I'm well aware that this protection can only slowdown the process of editing the ROM, but it's a way to make it a bit harder for others (I mean only the ones whose sole purpose is to take someone elses's work as their own), to take my work.
Sometimes, just because of a handfull of gready people that take other people work and make it their own without any credits, the rest of the community ends up paying for it.
I wish I had some developer/programmer skils, so i could make a bigger contribution to this community, but unfortunately I've never learned that (however I'm hoping to work on it someday).
In the whole spirit of sharing, I'm going to release some treats, just to prove that it's was never my intention to undermine the work of new cookers (what am i saying?!! I'm also a new cooker!! and a noob for that matter ), I just wanted to protect myself.
FInixNOver said:
In the whole spirit of sharing, I'm going to release some treats, just to prove that it's was never my intention to undermine the work of new cookers (what am i saying?!! I'm also a new cooker!! and a noob for that matter ), I just wanted to protect myself.
Click to expand...
Click to collapse
I have a respect to that, mate
I think your ROMs are among the best. Keep up the good work
Cheers!
tonio94 said:
@phnikola : I found this rom http://forum.xda-developers.com/showthread.php?t=391450&highlight=KAEW working quite well (light, fast, stable and recent build) where the rgu, dsm and .sof are still existing. If you want to use another ROM, just copy all the rgu, dsm and packages.sof from this one to the dump directory of the other rom
Click to expand...
Click to collapse
Thanks a lot, tonio94!
Will try it as soon as download completes
FInixNOver said:
@ phnikola
In the whole spirit of sharing, I'm going to release some treats, just to prove that it's was never my intention to undermine the work of new cookers (what am i saying?!! I'm also a new cooker!! and a noob for that matter ), I just wanted to protect myself.
Click to expand...
Click to collapse
Hi FInixNOver
I don't normally get involved in these threads, but once again I have to admire the way you avoid an argument with yet another member of the community who seems to just take, take, take.
Had he and others bothered to have a look at not just the quantity and quality of ROMs you produce for everyone but the feedback and replies you give on a daily basis to people with problems, maybe he would have a clearer idea as to who the givers are in this forum.
You guys give up your time and effort for free so that others (including myself) can benefit and enjoy the fruits of your work. To show any anger or frustration is ridiculous. At least 70% of the people in Trinity forums have tried and enjoyed your ROMs. And yet still they expect you to give more. Incredible...
Mattster.
Mattster_spv said:
Hi FInixNOver
I don't normally get involved in these threads, but once again I have to admire the way you avoid an argument with yet another member of the community who seems to just take, take, take.
Had he and others bothered to have a look at not just the quantity and quality of ROMs you produce for everyone but the feedback and replies you give on a daily basis to people with problems, maybe he would have a clearer idea as to who the givers are in this forum.
You guys give up your time and effort for free so that others (including myself) can benefit and enjoy the fruits of your work. To show any anger or frustration is ridiculous. At least 70% of the people in Trinity forums have tried and enjoyed your ROMs. And yet still they expect you to give more. Incredible...
Mattster.
Click to expand...
Click to collapse
Man, I already posted that his ROMs are excellent, but you have a real problem with your selfesteem. Anyway we came to agreement - so be more useful and post in another thread

ThemesDroid - Website Progress Updates, Dream Theme Warehouse

i would love to see a website specifically for g1 themes. with images of all themes, all linking back to the developer. as well as all themes and other downloads being hosted on local server, instead of having to use FTP services like megashares etc.
if anyone with web development/programming experience would be interested in assisting me it would be appreciated, and i think a site of this nature would benefit the android global community as a whole.
may i also state that i have a server with enough bandwidth and server space to handle the high traffic volume that follows a site like this.
i see some great possibilities with this, but in order to get it off the ground i will need some help.
I would love to say yes but my web dev skills have never been used in a real environment.
I would like to see something like this get off the ground. Its such a great idea.
although i do not have a crazy lot of time i do have an extra website that i currently do not use. Its good for a little less than a year and i "could" use iWeb or something to put a site together since it would take crazy less time. Its unlimited everything so i could host the .zip files right on it and just have people download from there. If enough people would use it though. I would def have to have everyone's permission though as i am not getting in trouble with people over something like this. if its something some of these Theme devs would enjoy i could use my current site on DreamHost and allow the download straight from the site with Pictures. Could have a page for each one of them too. Let me know as i would be willing to do this so it would be 100% easier to find things.
Email me at [email protected]
I would be willing to put the time in too since i could add an Ad at the top for some income towards the renew cost if necessary. And i do know what i am doing but it would def have to be a use site not just something 10 people use. www.edgewoodcma.org is my newest site i got up and running for a church.
thats pretty much the idea, it doenst really matter which server is used, however i do have a little over 2 years on mine, but it is unlimited just as yours is. however i do not think a page made in iWeb or something will work quite as nicely as something designed for dynamic updating by many devs.
im looking into a PHP CMS engine that will allow devs to name their .zip files and upload with a thumbnail of the theme. and have the site automatically post the new theme with the naming convention used in the .zip and show the thumbnail as a link to the direct download from the server.
i wanted to try and stay away from another forum site, as well. this is the forum site for android pretty much, we may have a discussion area in the theme site, however the downloads and updates will be on another portion of the page as to eliminate the need to sift through threads to find the themes you want.
The reason i posted that i would be willing to make and update the site is so that useless things will be kept out. I would be willing to accept all photos and .zip files in my email then post onto the site so that duplicates and useless things are kept to a minimum. I would also make multiple sections showing what update you are running (i.e. RC33, ADP 1.5, Dude, ect) and a complete breakdown so that it is as easily as possible to do things. The reason i would use iWeb is because of its simplicity. You could update a site within 2minutes for whatever is needed. I could update anywhere in a matter of minutes which would mean more thing up and running. Just an idea though as i too am wishing it was far easier to locate things instead of sifting through hundreds of posts to find the one decent theme out off 100.
that sounds great, will iWeb allow you to create dynamic websites for the dev to upload his work? or will you manage the whole thing as a static database (updated when devs send you their work)?
if you wish to create this, then please do. i shall continue to look for a permanent, maintenance free*, catalogue of themes. but until an engine is created for that purpose your offer sounds perfect. the android community desperately needs someplace organized to find these themes.
thank you for your offer, if you would like any sort of graphic help just let me know and ill do my best.
Dynamic sounds best, you could accept members (ie theme creators) and only have have control over posting themes and updates to their own themes?
We are actually working on this right now. Just purchased themesdroid.com a couple days ago.
We have a dedicated server we are going to be running it on. We are actively developing the site now. Perhaps we should combine our efforts.
awesome, let me know if you need any help, or any server space etc.
id love to help in any way i can.
--peace
It does seem like a good idea, although I have read in the past something about "why have many resources in many places"...one central location for it all is great, so it would have to have many advantages for it to work. I know instant thumbnails would be 1 (forums it doesnt work like that). Local files is another. Purchasable is probably something considerable.
Ive built for big corps before, and know a lot about that stuff. If you guys need help with doing anything I know almost any solution. Something like "if you donate you get extras" or something, and only those that did donate can get certain things. Helps the developers for their time and effort (like the apps, makes sense).
We are currently investigating a couple options for ThemesDroid.com. We have started working on a download site from the ground up, but we are also looking for possible alternatives. Does anyone know of any decent open source CMS/DMS systems? We have not seen anything that was worth a darn, but if anyone knows of a good one then there is no sense in reinventing the wheel.
kronarq said:
We are currently investigating a couple options for ThemesDroid.com. We have started working on a download site from the ground up, but we are also looking for possible alternatives. Does anyone know of any decent open source CMS/DMS systems? We have not seen anything that was worth a darn, but if anyone knows of a good one then there is no sense in reinventing the wheel.
Click to expand...
Click to collapse
What are you looking for in this CMS/DMS system?
well php-fusion is always a safe choice, there was something new... what was it.. http://expressionengine.com/
Ive always found Joomla to be the most flexible system to date, complicated but it will do 'everything' your looking it to do. It has great theme support as well (great flexibility for customizablity). Very secure too.
@malaeus, sorry to say but php-anything is almost always a bad choice, they have many loops/hackable holes.
Xoops is good too. Drupal is good. Or if you have a M$ server (asp), dot net nuke is good, has many add-ons for great flexibility.
Just some suggestions for you guys (btw, all those are free [opensource like android ]
I've been building Drupal sites for years now... if you guys need help, let me know.
http://img38.imageshack.us/img38/6613/demo1z.png
http://img34.imageshack.us/img34/3173/demo2.jpg
Started it 3 hours ago, thats how quick and easy it is. Its just a demo to show you what you can do with it. If you like cool, if not I at least recommend you check out joomla, thats what I created that with (there is no "starting from ground up" with it, its just there to "put the stuff in"). That template is free too (there are plenty out there, I also make my own which takes time). Just threw it together because I had the last three hours off from work and wanted to play with it again.
Drupals good, but I just dont think it has the best of plugins, they are ....awkward or something I dont know.
@kdf2883: Something geared towards downloads. Something preferably lightweight compared to Joomla/Drupal etc
@theslam08: I currently have a test of Joomla + DocMan I have been playing with, but Joomla seems like overkill for what we are doing. It doesn't all our needs so we would still have to modify it yet it does a bunch of junk we don't need. Then there's the usual update every week or get hacked bit...
We are leaning towards just doing everything from scratch. I could have a Joomla site up in a day or two or we can give it a couple weeks to build our own system from the ground up. What do you guys think?
for something like this, we may want to try something as simple as wordpress. each post would be a new theme, images and text would include server direct download link. its at least one of the most compatible backbones i can think of.
i have little to no experience in drupal and joomla etc. however when it comes to the design aspect of the website, thats closing in on my specialty.
@slam nice job on that layout btw. especially considering time spent.
Look at the Lock 2.0 themes site. They use WordPress and in my opinion it's a mess.

are permsissions too obtuse for the average user?

i think guy brings up a good point and perhaps a decent solution. why not allow/encourage the dev's to explain a bit more. I'm a fairly adept nerd but when i'm installing an app sometimes i'm just not sure why in the world this app needs that permission...how is my mom or sister or anyone that i advocate Android to going to figure it out? why does this app need my coarse or fine location or full network access or access to the contact list etc...
and please do not say 'if you don't like what's listed, don't install the app'. that is exactly the point of this thread. the line items in the Review Permissions window don't always make sense. how can the average end user make a educated guess with the current system...they don't, they just start doing the same thing they do on their Windows Desktops...just click right on thru it. then what happens? some jerk writes a piece of malware. user has an issue. now its all androids fault. and viola, proof that linux based devices are still too geeky for avg use.
http://tech.shantanugoel.com/2010/08/14/android-permissions-malware.html
Unfortunately, there's no denying the cold, hard facts - ignorance is not bliss. Everything has a learning curve. Time and effort must be spent to educate users as to why <this> is happening and what it is doing for them. It's sad but true. Besides, if everything that required higher learning could be easily figured out I'm sure humanity would be freed from the shackles of poverty, war and hunger by now. So, yes, permissions are too obtuse for the average user. Unless they want to educate themselves on more generalized computing skills they'll never get it.
That's just my two cents. Sorry I couldn't be of better assistance
ok. so i wish to educate myself. please provide a full and detailed example listing why which permissions may be needed/used so that i will be able to make an educated choice. where is that link again?
i'm bringing up an issue...not asking for others to chime in and tell me how stoopid the end user base is. i'm an admin for over 10yrs. trust me ... i know. in this case i am also confused as are a large numer of folks. i understand the huge development curve android has experienced over the last 18mths. my concern is that if this issue is not addressed, even the folks that would take the time to read the Review Permissions page will give up. i know i have on more than one occasion. that's a bad trend.
Wow. You bring up a good point. Didn't mean to offend you or anything. I still don't have a good answer for you but I will let you know that I only install apps that I can trust usually after researching them via Google searches and talking about them with people here. I too am an admin (been a long, long 15 years now) and if there's 2 things I learned about recommending custom Android setups they are:
- If you think the user is going to use you as Wikipedia it's probably best to leave them at stock
and
- Only recommend this kind of stuff to users who are willing to accept responsibility for their actions otherwise you'll be the fall guy every time something goes wrong.
Again, I'm sure you know this and I didn't mean to offend you so..... bye.
Users can be pretty obtuse, and I think you're completely correct about the current permission system. However, I don't think it could be made much clearer without multiplying the number of permissions. Malware can exist because users consider certain permissions to be common. Conversely, apps with a good reputation can include permissions that make them wonder, "why would they need that?" Look at keyboards and how many people freak out when they go to enable them.
One thing that would be nice for users is if you could tap on a permission and the phone would display a short explanation of that permission. They probably aren't self explanatory for everyone.
beatblaster said:
- If you think the user is going to use you as Wikipedia it's probably best to leave them at stock
and
- Only recommend this kind of stuff to users who are willing to accept responsibility for their actions otherwise you'll be the fall guy every time something goes wrong.
Again, I'm sure you know this and I didn't mean to offend you so..... bye.
Click to expand...
Click to collapse
no offense. i do understand. there was a point in time where i used to openly provide paid tech support to home systems of my coworkers....it was a short point in time. lol. but i digress ... i may have come off too strong in my reply, i was just trying to prevent the thread from wandering off.
I've tried to post on this topic in the past but have not nothing useful. in and of itself, i find that kinda sad. I've even seen some folks suggest that people "take a trusting stance because most developers do not intend harm". i wish i could. but i'm out of college.
it would be wonderful if someone (ie: a google dev or just someone with knowledge of these things) were able to create a page that could give real world examples and general rules of thumb. currently i have only found a couple pages that cover a couple settings. not nearly enough to be of much use.
Saturn2K said:
One thing that would be nice for users is if you could tap on a permission and the phone would display a short explanation of that permission. They probably aren't self explanatory for everyone.
Click to expand...
Click to collapse
I concur.....I look at the permissions that apps ask for all the time. However, if I see a battery management app is asking me for full internet access and access to my contacts, I just pass on it. A lot of times you can figure out if an app is requesting bogus permissions just by using common sense.
rugedraw said:
I concur.....I look at the permissions that apps ask for all the time. However, if I see a battery management app is asking me for full internet access and access to my contacts, I just pass on it. A lot of times you can figure out if an app is requesting bogus permissions just by using common sense.
Click to expand...
Click to collapse
if your app is paid for by advertisements then it will need Internet Access so it can retrieve ads...thus paying the developer. often that's where i see 'coarse location' used as well...for regional specific ads. so in those cases, not nefarious use but a perfect example of what I'm talking about. thank you.
the problem with the current permissions system is twofold;
1) as mentioned, there is no details WHY or WHAT FOR a particular permission is required
2) its all or nothing, ie you can't give permission for network access and restrict access to contact list, etc. You have to accept all the requested permissions or deny and not install the app.
fwiw: There is an app in the market called "permissions" that tells you not only the permissions each app requires but it gets VERY specific. Within each permission category there is a whole list of specifics.
It won't help with apps you haven't installed yet but it's good info on the ones you already have.
*edit- Just revisited this app, it's not as detailed as I remember.
just a lil bump...
bumpity bump ...
nothing? at all?

noobs android rom security question

hi, sorry if this isn't the right place, but wasn't sure where to post.
if i were - for example - a malicious android rom maker - i could add routines, backdoors etc etc into the rom i push out for evil intent. for example i see so many apps in the market wanting fine location (gps) permissions, and reading of phone data contacts when it shouldn't need it. the worst part is, i wouldn't know as any backdoors would be ingrained into the system.
so how do i know that roms out don't do this at all?
bump for an aswer?
MarkusPO said:
hi, sorry if this isn't the right place, but wasn't sure where to post.
if i were - for example - a malicious android rom maker - i could add routines, backdoors etc etc into the rom i push out for evil intent. for example i see so many apps in the market wanting fine location (gps) permissions, and reading of phone data contacts when it shouldn't need it. the worst part is, i wouldn't know as any backdoors would be ingrained into the system.
so how do i know that roms out don't do this at all?
Click to expand...
Click to collapse
A tl;dr version : You don't know, and can't tell easily.
The full version: If you go for a ROM from a trusted and reliable person, you should be OK. It's fairly hard to check everything, but it is possible. You just need to be careful...
Droidwall is potentially of use if you want to block internet access, though obviously it would only be of use if you could whitelist the apps you WANT to ALLOW, as a malicious app wouldn't necessarily get blacklisted by you.
This isn't fool-proof though, as someone could (in theory) put something in a system app. But there is the issue of the fact that someone with skills to do that wouldn't be doing such a thing, as they have better things to do with their time, and they wouldn't dream of doing it.
For ultimate safety, compile yourself from AOSP sources
So basically, you can't tell, but just stay away from ROMs from new users with no history, or people who may have "shady pasts", and it should be OK.

Categories

Resources