Jump to content

Thoughts folks....

Guest

By Guest
in ZTE Blade / Libra - Blade.MoDaCo.com

 Share

Recommended Posts

Guest Arr Too

Guest Arr Too

Posted
Posted

Suggesting that the 'alterations' have been in order to steal people's Facebook data? Sounds to me like someone who is ignorant of the issues in porting a ROM from a Japanese or Chinese handset to our Blades...

Guest Magnets

Guest Magnets

Posted
Posted

Quote for the lazy ;)

Haven't modded mine, but happy enough with the stock firmware at the moment. I have the exceptional three mifi device which works perfectly. The advantage being I can stick that in the upstair window and still use my phone normally around the place. The orange niggles soon pass you by. Not trying to warn people off doing it - it's your choice but I'm always reserved about unsigned software to key loggers or other bits and pieces being installed into the firmware.

Found it suspicious that on one of the modded roms on earlier release had a a syncing problem with facebook. Might be nothing - but gave me the impression someone had been tampering with the sync code, and the only reason you'd do that is to extract your data.

Possible, but very unlikely.

Each to their own I guess, if that's what he thinks then... whatever.

Guest Aquilo

Guest Aquilo

Posted
Posted

Well, if anyone has any doubts as to what the programs are doing, it's fairly simple to investigate. The kernel is required to be open source, so you can check that easily. All Dalvik programs can be disassembled using baksmali, so you can check those, too. If, at this stage you feel convinced that there's some evil in the system libraries, just set the phone to Wifi-only, and run it through a PC set up to log all packets.

Of course, all of that effort will lead to you one conclusion: sometimes things just don't work.

Guest cartierv

Guest cartierv

Posted
Posted (edited)

He's talking about Kalt Kaffe's Rom. I'm using KK's rom now myself now so I don't want to sound hypocritical or just aimlessly fanning flames or indeed rude to KK who I'm chatting to in his thread.

But it's important ROMs don't attract the wrong attention in places if I can put it like that. I talked about Google DNS here for instance.

You see.. sometimes I write things on here and expect others to know exactly what I mean and exactly where I'm coming from and they don't . And some probably see me as a troll.

I used to spend a bit of time interested in privacy oriented -software circles amongst others. If people saw something like Google DNS they would just go up the wall and that ROM would be instantly flagged up as a massive problem.

And the problem is, and someone asked about this the other day, is that even if Google DNS is explicit and it's mentioned on the front page, it starts to make you wonder what else is in there.

Again, I'm not pointing the finger here. I'm saying you have to really be careful what you put in to your ROMS.

Edited by cartierv
Guest RunTimeWorld

Guest RunTimeWorld

Posted
Posted
He's talking about Kalt Kaffe's Rom. I'm using KK's rom now myself now so I don't want to sound hypocritical or just aimlessly fanning flames or indeed rude to KK who I'm chatting to in his thread.

But it's important ROMs don't attract the wrong attention in places if I can put it like that. I talked about Google DNS here for instance.

You see.. sometimes I write things on here and expect others to know exactly what I mean and exactly where I'm coming from and they don't . And some probably see me as a troll.

I used to spend a bit of time interested in privacy oriented -software circles amongst others. If people saw something like Google DNS they would just go up the wall and that ROM would be instantly flagged up as a massive problem.

And the problem is, and someone asked about this the other day, is that even if Google DNS is explicit and it's mentioned on the front page, it starts to make you wonder what else is in there.

Again, I'm not pointing the finger here. I'm saying you have to really be careful what you put in to your ROMS.

Dude what are you talkin about? You running a google powered phone.. so whats up with that DNS stuff?

Guest IronDoc

Guest IronDoc

Posted
Posted (edited)
He's talking about Kalt Kaffe's Rom. I'm using KK's rom now myself now so I don't want to sound hypocritical or just aimlessly fanning flames or indeed rude to KK who I'm chatting to in his thread.

But it's important ROMs don't attract the wrong attention in places if I can put it like that. I talked about Google DNS here for instance.

You see.. sometimes I write things on here and expect others to know exactly what I mean and exactly where I'm coming from and they don't . And some probably see me as a troll.

I used to spend a bit of time interested in privacy oriented -software circles amongst others. If people saw something like Google DNS they would just go up the wall and that ROM would be instantly flagged up as a massive problem.

And the problem is, and someone asked about this the other day, is that even if Google DNS is explicit and it's mentioned on the front page, it starts to make you wonder what else is in there.

Again, I'm not pointing the finger here. I'm saying you have to really be careful what you put in to your ROMS.

Tbh if you don't like data-mining, you shouldn't be running an OS engineered by google. They don't give android away for nothing.

'If you're not paying for something, you are the product'.

How hard is it to change DNS on android? I'm not all that familiar with how a DNS is registered (or whatever the word is).

Wrt to that HUKD guy, he's clearly just pretty underinformed.

Edited by IronDoc
Guest cartierv

Guest cartierv

Posted
Posted (edited)

Is it a google powered phone ? It looks like just a piece of hardware to me. This is a hacking community, albeit one which has as much testicles as it has brains sadly.

Here, on this rare point, is where I agree with the Linux crowd. I buy a piece of hardware. And I will damn well run what I like on it. Suddenly it's not really a 'Windows-powered' PC anymore but whatever I want it to be.

As I said in the other thread about this:

The whole point, is not about ME turning off Google DNS, it's about people in the community producing ROMS which sign people up to other Google services without their specific opt-in.

Doesn't matter a hoot that Android is something to do with Google, and comes with a lot of Google apps and widgets. That's nothing to do with the point at all.

Doesn't matter that Google have a reputation for gathering data. They don't have any rights to be some bottomless pit of data sucking. But it's interesting you see it that way. Then others should not be signing them up to more of their services, that's a total no no, isn't it ?

By the way even if Google are a business, they can't just do 'anything' to make money. It doesn't work like that at all.

I'm actually amazed quite a few people here think the model is 'Google get to mine my data in exchange for a free mobile OS'. That's something you've created in your mind. It doesn't apply to me.

And as I said, I can monkey around with my phone as much as I like to remove as much Google as I want, even all of Google. Or I can OPT IN to certain services and EXCLUDE myself from others. And I can manage what data I give those services I have opted in to. I'm under no obligation to do something else.

So this is what I'm saying. Sadly this community is extremely vulnerable to a bad Rom because you can't identify it to begin with. You guys are sitting ducks for this.

It's quite possible that those producing ROMs are just not familiar with the issues either, hence I'm offering the benefit of the doubt. But actually that's not good enough. A special responsibility falls on them to get this bit right.

By the way Aquilo: a malicious rom would go to some lengths to hide how it operated. It's not going to advertise itself like that or make it that easy but I do suggest people do check their outbound data.

I

Edited by cartierv
Guest Arr Too

Guest Arr Too

Posted
Posted
And the problem is, and someone asked about this the other day, is that even if Google DNS is explicit and it's mentioned on the front page, it starts to make you wonder what else is in there.

Well, nobody's ramming this stuff down your throat. If you can read then you can make your own informed choice, and if you don't trust kallt_kaffe and you don't trust Google, then I recommend you don't ever install anything from either of them. Or you could use your knowledge to alter all the bits to exactly how you like them. And maybe lose a bit of sleep worrying about all the stuff you (and possibly others) don't know about.

Good luck with that! ;)

Guest Smiff2

Guest Smiff2

Posted
Posted

what is Kalt Kaffe doing to his ROMs that decreases privacy with respect to the stock ROMs? that's all anyone wants to know.

Guest buneech

Guest buneech

Posted
Posted
what is Kalt Kaffe doing to his ROMs that decreases privacy with respect to the stock ROMs? that's all anyone wants to know.

He changed DNS servers from some japanese to Google's DNS. (Some people are not comfortable using Google's DNS servers)

That's it. The change for facebook sync was, that he wanted to enable it, and he did enable sync, only joining contacts doesn't work. Yet.

Guest kallt_kaffe

Guest kallt_kaffe

Posted
Posted
He changed DNS servers from some japanese to Google's DNS. (Some people are not comfortable using Google's DNS servers)

That's it. The change for facebook sync was, that he wanted to enable it, and he did enable sync, only joining contacts doesn't work. Yet.

Actually I added the resolv.conf from CyanogenMod in one release as I noticed CM had it and the Blade ROMs didn't. Tought it might help but I don't think it was ever used. Propably some CM modifcation that needs it so I removed it in the next release. However all ZTE roms comes with a strange default wifi DNS setting that I always disable.

Regarding Facebook sync that this thread is about is not supported at all in the Japanese ROM from ZTE. So I compared ContactsProvider.apk with a version that was know to work with facebook sync and fouind an array with apps that ContactProvider appearntly "trusted" that was practicly empty in the ZTE rom. The only modification made to get Facebook sync to work was to tell ContactsProvider.apk to trust the Facebook app. (Facebook sync is still kind of useless in JJ as I haven't managed to get the join function in Contacts.apk to work.)

But sure there is a of course a valid point. When you install a custom ROM most people have no idea what modifications may have been put into it. On the other hand why worry about Facebook when modified the crap out of Contacts.apk to get the stock dialer to work. Also included an Mms.apk from another ROM that has indeed also been modified (replaced icon).

Maybe that's part of why I prefer making my own ROMs, at least I have some control over what I put on my phones.

Guest Smiff2

Guest Smiff2

Posted
Posted (edited)

right so this is a non-story.. I trust kallt_kaffe more than Orange or ZTE actually. but it would be a good idea to have a note on these types of changes for the ROM release, for those who care about this kind of thing.

Edited by Smiff2
Guest IronDoc

Guest IronDoc

Posted
Posted
Here, on this rare point, is where I agree with the Linux crowd. I buy a piece of hardware. And I will damn well run what I like on it. Suddenly it's not really a 'Windows-powered' PC anymore but whatever I want it to be.

Yeah, I agree, so use a different OS. Like it or not, there's not a widely used mobile OS that doesn't do this sort of thing to my knowledge.

I'm actually amazed quite a few people here think the model is 'Google get to mine my data in exchange for a free mobile OS'. That's something you've created in your mind. It doesn't apply to me.

If that wasn't true, Facebook wouldn't we worth however many $million. I'm not sure how this attitude can be surprising to you, it's been extensively commented on basically everywhere. That is the model. That is how google makes money from android, targeted advertising. Sure there are those who will implement taintdroid or whatever, but the reason google developed android is because most people won't.

And as I said, I can monkey around with my phone as much as I like to remove as much Google as I want, even all of Google. Or I can OPT IN to certain services and EXCLUDE myself from others. And I can manage what data I give those services I have opted in to. I'm under no obligation to do something else.

Bottom line, it is a google developed OS and I don't think it would be unexpected by anyone who downloads that pretty much everything defaults to google. Perhaps I'm expecting more knowledge from the average user than you.

Sure, change the default DNS to one with more privacy, but I don't think there's any need to suggest the ROM developers might be doing anything malicious without evidence. Also, KK and the like are not 'responsible for getting this right'. I'm not one of those who worships the devs, but I appreciate what they do and they don't owe us anything.

If you're really concerned, take a look inside. Test what information is being sent; I'm sure if you find something, we'd all be interested to know.

Guest isambard

Guest isambard

Posted
Posted

yes. you do trust people who run the software on your phones/computers. shouldn't be a surprise to anyone.

i guess we at least have the power to audit these changes ourselves. this wouldn't be a bad idea.

e.g run MD5sum on all files in a ROM and compare for differences. These differences can then be explained and shown how to get from stock to the altered jar/apk.

this would also be a useful way to catalogue all the fixes.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept