Our Euro friends beware - Android Phone shipped with spyware!

[mganz121 159]

I came across this interesting article and If this is true, I feel sorry for those people with cheap Androids imported from drop ship services:  Android smartphone shipped with spyware

 

"For the first time ever, the experts at the German security vendor have discovered a smartphone that comes with extensive spyware straight from the factory. The malware is disguised as the Google Play Store and is part of the pre-installed Android apps. The spyware runs in the background and cannot be detected by users. Unbeknownst to the user, the smartphone sends personal data to a server located in China and is able to covertly install additional applications".

 

Let's not turn this into an Apple is better discussion please. This is a Chinese manufactured phone now available for sale in Europe. It makes for very interesting reading

 

 

 

 

[MdMax 233]

Cool, now we have the choice: we can buy phones with spyware from the NSA, or we can buy phones with spyware from the NSA and spyware from China.
 

:wacko:

 

Always use verified free software (open source).

[gandy 18]

Cool, now we have the choice: we can buy phones with spyware from the NSA, or we can buy phones with spyware from the NSA and spyware from China.

 

:wacko:

 

Always use verified free software (open source).

 

I believe Apple and Google have more snooping powers than the NSA and CIA combined

 

p.s. The UK gov has just announced its legal for our agency's to snoop with out a warrant if the company is based in another country.. example: Facebook, Google Email etc...

[stans 708]

This is why I still use an old, pre-Bluetooth, flip phone.  No camera, no video, not able to text in a reasonable amount of time, no apps, no internet, no GPS, just voice comms and a pull out antenna that allows for good signal pick up almost anywhere. :biggrin:

[Jim Young 2,356]

I love it when Google displays a warning message on my SmartPhone that Google has lost contact with me.

 

Best regards,

[3-2-1-Now 126]

Always use verified free software (open source).

 

Hmm - "verified" "free software" means nothing. As the OpenSSL (and long before it, IPSec - still a problem today) vulnerabilities/backdoors proved, open source software is, at best, no better than closed source applications for security, and as I constantly argue, because the "contributors" to an open source project are not vetted (anyone can contribute code to anything), open source is actually more likely to be subverted than closed source.

 

Regarding this smart phone debacle - if you buy gray-market, BEWARE!

 

Best regards,

Robin.

[vr-pilot 11]

When hearing about espionage here, there and everywhere, I always get this song in my ears:

 

https://www.youtube.com/watch?v=hdmIhCkp3p4

 

Especially the lines:

We can't go on together, with suspicious minds,
and we can't build our dreams, on suspicious minds...

 

Sad but true and part of our world.

 

Greetings,

Claus

[MdMax 233]

This is why I still use an old, pre-Bluetooth, flip phone. No camera, no video, not able to text in a reasonable amount of time, no apps, no internet, no GPS, just voice comms and a pull out antenna that allows for good signal pick up almost anywhere. :biggrin:

:wink: You're still using an old phone ? This is very very suspicious. Is the black van with tinted windows still in front of your home ? :biggrin:

 

 

Hmm - "verified" "free software" means nothing. As the OpenSSL (and long before it, IPSec - still a problem today) vulnerabilities/backdoors proved, open source software is, at best, no better than closed source applications for security, and as I constantly argue, because the "contributors" to an open source project are not vetted (anyone can contribute code to anything), open source is actually more likely to be subverted than closed source.

 

A fixed version of OpenSSL was released on the same day Heartbleed was publicly disclosed. This is very fast, and before that, the source code has not really been verified. OpenSLL had only a team of 2 full-time people to write, maintain, test, and review 500,000 lines of business critical code. Open source is no guarantee of security, but unlike closed proprietary software, you can check everything, or pay security experts to do it for you and improve it. Open source projects are not vetted ? Just try to commit a change to the LibreSSL project.

 

Fact is, with proprietary closed source software, you'll never know how much bugs, vulnerabilities and back-doors you install. Restricting knowledge is the best way to introduce software flaws.

 

[stans 708]

When hearing about espionage here, there and everywhere, I always get this song in my ears:

 

https://www.youtube.com/watch?v=hdmIhCkp3p4

 

Especially the lines:

We can't go on together, with suspicious minds,

and we can't build our dreams, on suspicious minds...

 

Sad but true and part of our world.

 

Greetings,

Claus

 

This is the song that plays inside my head.

 

 

 

:wink: You're still using an old phone ? This is very very suspicious. Is the black van with tinted windows still in front of your home ? :biggrin:

 

 

 

A fixed version of OpenSSL was released on the same day Heartbleed was publicly disclosed. This is very fast, and before that, the source code has not really been verified. OpenSLL had only a team of 2 full-time people to write, maintain, test, and review 500,000 lines of business critical code. Open source is no guarantee of security, but unlike closed proprietary software, you can check everything, or pay security experts to do it for you and improve it. Open source projects are not vetted ? Just try to commit a change to the LibreSSL project.

 

Fact is, with proprietary closed source software, you'll never know how much bugs, vulnerabilities and back-doors you install. Restricting knowledge is the best way to introduce software flaws.

 

No, the black van is no longer parked in front of my house.  It's parked at the end of the street. :lol:

[vr-pilot 11]

 

 

:wink: You're still using an old phone ? This is very very suspicious. Is the black van with tinted windows still in front of your home ? :biggrin:

 

 

No, the black van is no longer parked in front of my house. It's parked at the end of the street. :lol:

Oh, I have a black van with tinted windows parked at the end of the street. Am I suspicious now?  :ph34r: 

[Rocky_53 1,594]

This is why I still use an old, pre-Bluetooth, flip phone.  No camera, no video, not able to text in a reasonable amount of time, no apps, no internet, no GPS, just voice comms and a pull out antenna that allows for good signal pick up almost anywhere. :biggrin:

 

Wow, now that's really novel... using a phone as a phone!

[stans 708]

Oh, I have a black van with tinted windows parked at the end of the street. Am I suspicious now?  :ph34r:

 

Maybe. :ph34r:

 

 

 

Wow, now that's really novel... using a phone as a phone!

 

Yeah, I am the sort of guy who likes to live on the bleeding edge of innovation and creativity. :lol:

[Rocky_53 1,594]

:lol:

[3-2-1-Now 126]

Fact is, with proprietary closed source software, you'll never know how much bugs, vulnerabilities and back-doors you install.

 

How nieve. As the OpenSSL and IPSec vulnerabilities/backdoors proved, having access to source code is no defence against subversion!

 

I suggest you check out the obfuscated and underhanded C competitions whilst you're at it.

 

The idea that open source is somehow more secure/better than proprietory code should be long dead by now.

 

Best regards,

Robin.

[MdMax 233]

The idea that open source is somehow more secure/better than proprietory code should be long dead by now.

 

If you still feel better trusting closed source code...

 

"Sunlight remains the best disinfectant. Open source is no guarantee of perfect results, but every controlled comparison that has been tried has shown that closed source is generally worse."

http://www.techrepublic.com/article/open-source-vs-proprietary/