Slashdot Mirror
Ask Slashdot: Can I Trust Android Rooting Tools?
Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
My phone exploded, and I had to have one of my hands amputated.
Learn from my mistake. Don't do it. Your hands are too important.
http://forum.xda-developers.co...
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
I have had Android devices from Cupcake onward and have always rooted them. That being said, I don't presume that rooting will work and I always presume that I may end up with a bricked device. A reminder that as soon as you start rooting, you have voided your warranty. I have also bricked devices. I learned how to make a jtag that way.
Your milage may vary.
That's a good question. I don't think many of the tools and ROMs have been analyzed for security by qualified people. As someone else mentioned, http://forum.xda-developers.co... is the most popular source. You'd hope that if there were major issues with the tools used there someone would notice.
You can extract a rooted ROM and compare the contents to the stock ROM.
"Computer expert" is a broad, broad definition. Nobody's a "computer expert", except in their narrow field.
So ease off with the smug. One might be an expert in their field and totally suck at another, both computer-related.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
In general, if you're computer-savvy, hitting the XDA Forums will be your best option (IMO) if you're concerned about security. The SuperSU Package can be sideloaded into the device via manual ADB commands for most devices out there (some of them are considerably more difficult than others eg: Current Samsung devices with KNOX). I've owned multiple devices from several vendors and I have yet to have an issue with the posted information from the XDA forums. I would expect that anyone attempting to pass shit-ware in there would get found rather quickly unless it's a very niche device with few people actually interested in it.
Personally I've yet to use any of the "one click root" kinda options I've seen posted to various sites....
My advice: don't rely on specialized tools that claim to do the work for you, but learn how to do it by hand with adb and fastboot.
I've been running rooted for about 4 years on various phones.
There are quite a lot of tools that you can run while rooted that are impossible otherwise.
This includes the ROMs themselves which don't usually come with the normal Google tools at all.
Then you can leverage tools like AppOps (integrated into many of the custom ROMs) to control granularly what info apps can get.
You can run things like AdAway, which basically block ads systemwide (including in apps).
The F-droid app repository has quite a lot of open-source software, and you can build a perfectly functional phone without Google apps.
As already mentioned, XDA-developers is a good place to start, even just to find info about your specific device, and guides for rooting, etc.
On balance, my opinion is that, if you do your diligence and set things up correctly, a rooted phone can absolutely be more secure than not.
As a small suggestion, if you decide to jump in, I highly recommend using ClockworkMod (Koush) superuser manager, because it's open-source and let's you set a pin for SU without paying for an upgrade.
On the PC, typically Odin is the only Windows executable involved with rooting an Android phone. Standard security best-practices should keep you "safe" here. Obtain Odin from trustworthy sites such as XDA. Use a bi-directional firewall package that tells you when your PC tries to make an outbound connection. Odin shouldn't.
On the phone, if you're just rooting, you're trusting the manufacturer of your phone, which isn't necessarily wise, but I see that's WHY you're rooting. So, you can get the XPosed Framework and XPrivacy, and set permissions for the various packages on your phone. Both are open-source.
If you don't actually read the code, then by definition you're trusting, period. So what's the issue?
"Oh no... he found the
The last phone I rooted only had rooting tools available in Chinese. It seems to have worked, but ...
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Most root exploits I've seen have two components to them: the attack vector, and the payload.
The attack vector is usually a series of commands that have to be run to get the payload onto the device. This part is fully auditable and usually "open source" in the sense that you can perform these commands yourself. If someone sends you a .bat script with a bunch of adb commands, you can always open up the script and read it and make sure nothing is malicious in there.
The real problem is that 99% of the root exploits out there have to upload some kind of a binary file to the device, which is then executed. In MOST cases, the source code to this binary is not disclosed, perhaps to make it harder for the manufacturers to fix the exploit, or to keep their attack methods secret, in case the code might expose some more general pattern of attack that would enable the manufacturers to close a whole series of root exploits.
So basically you are trusting someone who compiled a Linux binary *whose job is to obtain escalated privileges on your device* to then not use those privileges to install some kind of tracking malware, data siphon, or cookie exfiltrating software, or even just a rootkit providing them a backdoor, which initially does nothing but can be activated at any time when the author feels they need something from your device (like participating in a botnet, perhaps?).
I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy". Remember, folks, just because it's posted on XDA, doesn't mean it's trustworthy. Anyone can register an account on XDA; absolutely anyone.
I've read statements from root exploit authors who've said in plain language that they have no motivation to bundle malware in their root exploits and thus don't ever do so, but that's like the NSA saying they don't spy on Americans. We have no way of verifying the statement, and several reasons to suspect the contrary.
If you are in doubt, I would suggest that you forego root exploits altogether. Instead, you should simply refuse to buy any Android device where the manufacturer does not provide you a means to unlock the bootloader. Once you have a (legit) unlocked bootloader using official tools from the manufacturer, you can then proceed to install any ROM you want -- even an open source ROM that you could audit yourself -- which then gives you root access. Remember, on an Android device, root is far less powerful than an unlocked bootloader, so that's really what you should be aiming for anyway, to have a truly "open" device as an enthusiast.
We neither know where you take your tools from nor the actual version you're using. And even if we did, by the time such a through analysis is done, the next version rolls about and we can restart rolling that boulder uphill. And even if we did, why should you believe us? There are too many corporations who have a vested interest in you not rooting that device and thinking that any and all rooting tools are malware. Misinformation would most likely dominate such an examination effort.
The best one can tell you is that most likely there are no deliberate malware hooks in rooting kits. Provided that you get those kits from the usual sources and don't download them from some odd corners of the 'net or torrent.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1) Most of the important functionality (including the WebKit/Blink browser engine) are now embedded in Google Play Services, which you can't manage.
2) Total ownership of a device with a proprietary radio isn't realistic - even if you managed to install straight Linux on the thing (unlikely) the underlying firmware is in the bag.
3) Better to return that machine and go with a Yoga 2 Pro honestly. You'll have the ability to install Linux on it and have far greater control over your data.
4) A rooting tool is inherently untrustworthy as it exploits flaws in the target system. How can you truly know whether an oft-used method is trustworthy?
If you're not interested in the above, you don't really care about your data and shouldn't bother rooting it.
// -- http://www.BRAD-X.com/ --
RTFM and get ready to build stuff yourself. You will need to do some research for your particular device and then decide for yourself.
When I started using Android, it was a Nexus 4. Since the Nexus 4 came from Google, and was widely used by developers, it was easy to unlock the bootloader and root it using tools that were open source and reputable.
When I purchased a new and less popular phone, I wanted to root it and give it the same treatment. Unfortunately, the only tools I could find for my new device were posted in threads on the XDA forum. Someone posts a recovery + kernel and everyone just downloads and flashes it. Amazing. Well I run a banking app on my phone, how do I know that this thing is only a recovery + kernel and not something extra?
My other problem with the stuff people post on XDA is that some of the contributors don't seem to really know what they are doing. There's one custom kernel for my device that has a whole slew of useless options and the comment "Please do not ask me to add something, I don't know much about kernel ". So I think there is some amount of "recipe following" by some of the people that contribute on XDA: they figure out a recipe that works, and generate kernels or ROMs without really understanding what it is that they are doing.
So, my ultimate solution to the problem was just to build everything myself. This took several days for me to scrape together all the information I needed from Google, my device vendor, and random places on the web. I ran into the same problem: I needed tools to do this (specifically a compiler toolchain and a few other tools for assembling the kernel and recovery the way my particular device needs it), but I'm not going to download some random binary from GitHub.
I'm running Ubuntu 14.04, and the gcc-arm-none-eabi compiler worked fine for building for my Android. I didn't have to download any mystery meat binaries. I rewarded myself by sticking my name into the kernel version, so it says "3.0.4-AnonymousCoward" instead of "3.0.4-SomeAssholeFromXDA"
RE devices: I've only ever purchased devices from vendors who will let you unlock your bootloader. If you have a device that the vendor doesn't want you to have control over, your only option is to wait for an exploit that can get root (something like Towel Root). I will never trust something like that since the source isn't published, but I would never purchase a device that I can't control completely.
Hope this is helpful
The relevant question is: could you trust the devices firmware in the first place? The las tfew year put a solid upper bound to my trust in this respect?
The fact woz exists shows that isn't the case. There are other similar people.
I had the same thoughts when I tried installing CM on an old Android device. In the end, the platform was never meant to be secure or really open to user scrutiny. I suppose with a considerable amount of effort you could achieve some sense of security by inspecting all major components, but if you are inclined to invest a considerable amount of effort, then you probably want much better security and are looking at the wrong place. Phones/tablets are fundamentally insecure, and this is probably by design.
Using CynogenMod version (android 4.4.4) on HP touchpad ... Haven't noticed anything very different than on Linux Mint on Asus laptop
spying on me" Well, you've completed Step 1: Buy some Google ecosystem. Step 2: ???? Step 3: Profit!
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Especially if you get them from XDA-Developers, where people have reputations.
Let someone else test the tools for you.
At least some of the tools actually let you patch the hole they got in through, this is true of the exploit for Asus Cube.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Here's an idea. If you are uncomfortable with Google and such, eyeing them as a big brother of some sorts and do not want any Google Play Services or anything Google touching the device... you should return that tablet. Buy a Nexus 9, or a used Nexus 10 or Nexus 7 (2013). This may look counter intuitive, however Nexus devices have pretty much some of the strongest following and modding community behind them and since Google releases the full source for these devices, they are the first to get AOSP variant roms such as CyanogenMod, SlimROM, and Paranoid Android. Once you get them, you can easily follow guides on XDA Developers ( http://www.xda-developers.com/ ) to Unlock the bootloader (Via Google released ADB/Fastboot tools), install a custom recovery (I recommend TWRP which is open source as well so you know what you're getting). Then, depending on your level of paranoid, you can sync the AOSP tree from Google itself and build the entire ROM from scratch yourself, or build or download a flashable zip file of any custom ROM such as CyanogenMod, SlimROM, Paranoid Android etc, and then load it onto the device. AOSP based roms such as these DO NOT have Google's Proprietary API's and Google Play Services. Straight Android. Plus, will full open source, you know what's in it. You will still have to deal with the proprietary blobs left in for display, modem, wifi, etc, however it's as close to full control as you can get for Android with a 100% fully functional Android device.
Only for the browser, which is not the main source of ads on Android. Apps like AdFree block adservers on hosts level, removing most ads from apps as well. For the remaining apps there is of course Lucky Patcher to get rid of the ads.
Considering the bloatware that the phones comes with as standard like Facebook (that spies on your address book) and a number of unwanted apps that have been granted unkonwn privileges by the phone vendor I'd trust a rooting tool more.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Basically, all you need is adb and fastboot, both available in the Andorid SDK, which runs on Linux, and the the rooting zip files or images that you upload to the phone/tablet.
Easiest way to root the tablet is to install a rooted image.
This Sig does not Exist.
When you root, you almost always neuter Android security model. So goodbye to any security.
You can always do the flashing properly, with signing and stuff, but the procedure is major PITA: http://mjg59.dreamwidth.org/31...
:wq
What are *your* experiences.
Imagine if Windows PC manufacturers supplied PCs lacking Administrator access in Windows. People would quite rightly complain, and many would sue their respective PC manufacturers in order to gain full control over their own legal possession. But what if Administrator access were not being supplied because Microsoft did not provide it in Windows in the first place? In that situation, the many lawsuits would rapidly collapse into a single class action against Microsoft.
That is exactly the situation we have today in respect of Google as developers of Android. Google has not provided any means for owners of Android tablets to gain root access to their own property and hence full ownership of it. This is not the fault of the equipment manufacturers at all but that of Google, and so Google should be legally actioned for it by Android equipment owners as a class.
If you can't even begin to vet the source there is no accounting for the bugs and potential back doors. We don't know what the adversaries intentions might be. While it could be profit driven as is the case with most malware it could also be espionage, spying on dissidents, or something else. Of which there maybe no acting on the bug/backdoor. That would make it significantly more difficult to detect in a closed source application.
After that, the next step would be to get someone to provably audit that open source code. We have seen that open source is no guarantee that the eyeballs are actually there. Even some malicious party could distribute something heinous and just get away with it by saying "relax, it's open source".
Have you seen any of the customer reviews on tech store sites?
"Tech level: 5/5 - I bought this RAM for my daughter's laptop, but the instructions weren't clear on how to open the case, and she still has a virus. 1/5 stars."
Would mainly be Pris.
But I'd also be pretty keen on rooting Zhora and/or Rachael as well.
Do you buy the device that's 95% of what you wanted and try to modify it for the other 5%? Or do you buy nothing and go without the functionality you want. The vast majority of the time buying the item that's perfect for your needs isn't possible because it simply doesn't exist.
I'm all for voting with your wallet, but you have to be realistic, get the best option, don't hold out for the perfect option or you'll usually spend your life with nothing.
I have a galaxy note 4. I don't have it because I like the locked bootloader or the knox e-fuse, I have it because I live the device itself and all the functionality it provides, and while the security on it sucks, I know I can still get past it to get root. For my purposes there is no better hardware out there, and the ridiculous restrictions they put on it can be bypassed. If they stepped up their security game further and prevented me from getting root the equation would change and I'd vote with my wallet and get a different device.
We just don't live in an ideal world, sometimes perfect just isn't an option.
The same way we noticed teh SSL vulns....?
- http://www.milkme.co.uk
You get used to saying "I'm a computer expert" when you talk to the people who believe in pixie dust. It's just that sometimes you have to tell them that their problem lies in a different field and they have to talk to someone else. If you are wondering why, just try telling them something like "I'm highly trained and experienced in removal of viruses and various other types of malware". You know what they'll do? They'll try to get you to install windows for them, or fix their corrupted MSWord documents. They don't understand a thing you've said, so they assume you can and will do anything, or worse yet, they'll ask you to explain all those words they don't even know the vaguest thing about, understand none of it, then still ask you to fix their corrupted word doc because they don't want to pay microsoft to do it.
It saves everyone a lot of time to just say "I'm a computer expert", and when it's not something you know about, send them to someone who does know that particular area.
I'm the one that had the call where the user kept typing "right click" every time the instructions told him to right-click on something. And you know, that's not even the worst call. (And I'm not even going to detail the numerous people that think scheduled events will work when the desktops have no power. Or the callers than want you to help them when the computer doesn't have a monitor or a keyboard, and the user can't get into the locked room, which wouldn't matter because they don't have the password either.)
That's an interesting thought. I imagine Google would have two responses to that. First, an Android user can install applications, set security policies such as requiring a PIN or pattern lock, encrypt the data storage - mostly the same things a Windows administrator can do. To say, completely wipe the disk and install a different OS, one does that via the bootloader, not in the OS. That can be done on many (most?) Android devices and is outside of Google's control anyway.
Secondly, contrary to your claims, device manufacturers could include sudo in their ROMs if they wanted to. Cyanogenmod AMD others include root; there's nothing stopping Samsung from doing the same with their mods. That's Samsung's decision.
Lastly, they could point out that for the relatively small percentage of users technically knowledgeable enough to modify the OS without breaking it, there are in fact simple ways for them to enable such access. For the majority of users, who don't knsow what "root" is, enabling it by default would reduce the security and reliability of the device. It would make it less good for the vast majority of consumers.
Can you trust the factory installed software?
Can you trust the modded ROM you want to install?
Why should it be different with the rooting tool, the modded recovery or any other thing?
Which ever pill you'll take, you won't ever know!
Welcome in the real world!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
And I'm not even going to detail the numerous people that think scheduled events will work when the desktops have no power.
Don't desktop PCs have a wake-on-RTC feature that will end suspend mode at a given time, analogous to wake-on-LAN but without the network? Or by "no power" did you mean unplugged from AC? In that case, perhaps they think missed scheduled tasks will run at next boot.
No.
And you cannot trust the ROM. And you cannot trust google. And you cannot trust debian.
Go, realize that you're always trusting someone, as long as you're not flipping bits to code your own OS. And then you're trusting the hardware.
Yep, if you have any qualms about doing stuff on Android, feel free to get a cheap Android tablet to experiment on, like the old $200 Nexus 7. Then you can feel free to fill that one with games and crapware and wipe and reload it regularly like a Windows gaming box. This lets you play without too much risk without compromising your primary Android device. If you use the same google Play account, you don't even have to buy your paid apps twice (though of course then you're exposing your google account that you use to pay for Google apps, but if you're like me, that's separate from your personal gmail account)
My primary Android device is my phone, and I just keep a bare minimum of essential apps on it so it runs fast and lean. After the Android 5 update, haven't even felt compelled to root it.
I rooted my Nexus 4 and my Kindle Fire HDX using Towelroot (on the Nexus 4 it is extremely easy to apply - just allow non-store apps and install tr.apk; on the Kindle, I had to install HDXposed, the Xposed framework and Google Apps before I could do that). IIRC it worked fine on Android 4.4 (despite scary warnings issued by Google, which can be safely ignored). But it doesn't work on Android 5. Last time I looked into it (a couple of months ago), there was not an easy way to root Lollipop - you had to back up your data and settings and re-flash.
I had an Android phone which I eventually was able to root/mod; here's some advice, for what it's worth:
- Get a device which has a supported root/mod path via XDA. Some devices are more rootable than others.
- Be careful about updates; most root tools only work for specific versions, and patches regularly break rooting methods/scripts.
- If you want to preserve root, you'll want to run a cusom ROM, so find a device which has a supported mainstream ROM for it.
- Unless you are an expert, it will take a while. Plan on spending at least a week of off/on time messing with it, and be prepared if you brick it.
- If you want full control of the device, plan to make this your full-time job. Nobody really offers this, and you'll need to do it yourself.
- If you just want something with reasonable privacy controls which just works, get an IOS device; that's what I did eventually.
Also, as a side note:
- The regular web does suck, and browsing without an ad blocker these days is pretty horrible. Mainly posting to say that.
Getting cyanogen on my HTC is a maze of shady .exe files linked from shady forums hosted on shady filedrop sites.
Hate to admit it, but this. Trying to find the right set of instructions to follow to get most phones rooted so you can install a custom bootloader and install CyanogenMOD is a big mess. Sort of like an IQ test of trust and persistence to determine whether you're worthy of running a custom ROM.
That said, I've trusted my phone's behavior more when it's running CyanogenMOD than when I was running the manufacturer's ROM.
Apps like AdFree block adservers on hosts level, removing most ads from apps as well.
So if you root, does that mean you can get an APK to add a layer of security the APK way?
... reload it regularly like a Windows gaming box.
Wow! The Windows install/update/drivers process is so painful that I am extremely careful in selecting what I install on my gaming machine. I can upgrade to a new version of Fedora in 15 minutes, give or take a minute or two, though. When it comes to my Windows installation, the ONLY thing I install is games I intend to play. Now if I need to experiment in a Windows environment I don't care about, I use VirtualBox and turn on snapshots.
Is that a roll of dimes in your pocket or are you happy to see me?
Step 1) Doesn't want Google observing them.
Step 2) buys Android tablet, wholly controlled by Google.
At this point, the options are a bit sparse...Google, Apple, Microsoft, maybe Blackberry....I mean, about the only place you won't find that level of mess is an HP Touchpad running WebOS, because I can't see any of the infrastructure still being switched on. The fact of the matter is that, while not outright collusion, I'm unaware of a privacy focused company who has enough chops to release a tablet running their code.
If you were going to root it anyway why not buy an iPad and jailbreak it?
Different apps. I haven't been in Cydia recently, but I'd wager that the variety of apps that leverage the "rootedness" of an Android phone outnumber what's on an iPhone. Similarly, there are a number of apps (Rocketdial, GoSMS, etc.) that require a jailbreak on iOS, but will happily run on a standard issue Android phone.
Nothing preinstalled even talks to Google without you setting it up, so you're already off to a better start.
Well, at initial setup, there's not much that Google can ascertain - your Gmail address, your cell number, your phone carrier, and your location...but neutering that stuff at first run means that they get all of one data point - one more than I'd like, but still not much. Personally, my first installations are Xposed Framework and Xprivacy; I neuter my phone so thoroughly in that respect that it's a royal pain to use the GPS even when I want to...but I'm perfectly fine with that arrangement; ymmv.
Every Android update is going to fight to collect information about you. I don't see why you would buy into a system that by default will do exactly what you do not want.
Because if you're rooting, and more specifically installing a custom ROM, carrier updates become irrelevant. Depending on the ROM, some do OTA updates, others have more conventional means. Either way, I personally have never once installed a carrier/OEM update; I've never once seen one that I wasn't certain was going to make a mess.
tl;dr: Android sucks, except for all the alternatives. There are roundabout ways to get privacy on Android, and as annoying as it is that it's required to do that, Android is the only contemporary mobile OS that supports them at all.
Really? Go to XDA-Forums. Look up your device and start with the sticky that is inevitably there which tells you how to root, return to stock, and everything else you need.
As for exe files you could just use ODIN.
You make some good points, except I think you're confusing "rooting" a device which the OEM locked you out vs what an OEM would do to provide root access. Google DOES provide su, which is the file you use to provide root. OEMs could ship phone with su included. They could get it from the Google code URL below.
What's tricky and risky on some devices, but not others, is getting access to install su if the OEM has not provided it. In other words, su (root) is just like the hotspot feature or any other system-level feature. OEMs can include the standard code to allow it, or they can leave that out of their copy.
Here's su:
http://code.google.com/p/super...
The XDA-Developers forum is full of tinkerers and developers themselves. They get a lot of traffic so proposed roots and mods will have quite a bit of feedback allowing you to judge the quality before you attempt to do something.
Additionally the XDA guys have a known history of calling out other people's shit. They are the ones who find questionable security practices, back to base datalogging and basically nearly everything negative or questionable you have heard about an Android manufacturer you'll have heard it on XDA first.
I wouldn't trust any shady site for any kind of root exploit, just links from the XDA-Developers forum.
"Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer."
That's just plain silly.
Unless your random XDA developer also manufactured the phone and supplied the stock firmware, then you need to trust two parties: that random XDA developer AND your carrier. Remember just because the phone is rooted doesn't mean it also isn't running the manufacturer's (if any) malware.
So a phone which can be unlocked using a manufactured supplied tool is still safer than a phone that needs to be rooted. Safest of course is the phone you assembled yourself, right down to the circuit board level.
Eh, with Windows 7 it hasn't been that bad, or even with Win98 before that. Every six months or so when it starts having problems, just reinstall from scratch, walk away and let it reboot a few times to finish updates, then install the nVidia updater and Steam and anything else from ninite.com . Just a few more steps than setting up a fresh Linux Mint box.
That said, the last time my C:\ drive failed, I restored my AppData dir from backups into the new system but still couldn't get some of my games to find their settings / savegame states. Probably need to dink with something in the registry, but haven't been motivated enough, since most of my current games save state to the cloud.
Really. Here's the "simple" 9-phase process with for the pretty common Nexus 5 :
http://forum.xda-developers.co...
Yes, it's pretty cool to go through that for the first phone or two, but after the 5th or 6th time it kinda gets old to have to spend an hour or two keeping track of how TWRP is replacing the clockworkmod bootloader, which exploit to use to root, backing up using Titanium or Helium, etc. After a while it feels less like you're learning new stuff and more like you're jumping through hoops just to get a new OS version that other people get automatically OTA :P But at least the adb and fastboot stuff from Google stays pretty consistent.
Thats not a 9 step process for rooting a nexus 5. That is all the stickies collected into 9 groups. I mean one of the sections is called "Defects" and talks about things like light bleed.
To root a nexus 5 you don't need to do anything extravagant at all. Basically install the drivers, turn on the phone while holding down volume down, plug it into your usb and from a command prompt type "fastboot oem unlock"
I'm not certain, but I think there is, CTS you need that and comply with ACD (Android Compatibility Definition) to be even considered for a license to ship the Google apps.
I successfully installed CM10 on a Verizon Galaxy phone. It worked pretty well but for some odd reason, it would NOT install gapps. I've done this successfully on several tablets. I confirmed the gapps file version was compatible with the CM10 nightly but the danged thing just wouldn't install. I tried downgrading to CM9 to see if that would work. Same thing. Then I really screwed myself. I ended up flashing and "almost installing" another version of CM but the file was not completely functional. It would bring up the Cyanogen "spinning robot thing" and just stay there forever. That meant that I couldn't get in to Recovery Mode to re-flash the cminstall folder. I've essentially "bricked" the phone with the crappy nightly of Cyanogen Mod. I'm not sure why gapps didn't run but the phone was severely-hobbled by Verizon software. I'm wondering if some remnants of it were still on the phone, preventing gapps from installing. Now, there's no way to reflash a new OS on to the phone because I can't get to it via USB at all.
the only shady part is unlocking (the only way to unlock some devices is through an exploit --a security flaw--) the bootloader! the rest can be done with the platform-tools you can get with the android SDK!
You left the part out where this may take three hours, during which browsing for drivers and programs may be a great security risk.
There's even the bug where the SP1 of Windows 7 refuses to install (mine does, googled answers suggest it's a boot due to using dual boot/multiboot causing the damn thing to not recognize the 100MB "system partition" ; there is no solution besides grabbing a Windows 7 + SP1 warez iso and reinstalling)
There's keeping up with antiviruses to know which "free" one is not pseudo-ransomware (deactivated after one year), my aforementioned borked Windows 7 install has AVG Free from 2011 which stays really free but I'd have to switch to another.
I guess you have fast CPU, SSD, iso with built-in SP1 and fast internet access to wired ethernet or strong wifi.
Windows 98 was much faster to reinstall but back then you didn't really need updates and antivirus.. I was sure as hell ready for it too ( \WIN98 directory from the CD on the hard drive, Windows key known by heart, all drivers and programs ready on the hard drive and for good measure I loaded smartdrv.exe before running the installer from DOS, whether or not that was needed)
or that they will delete all those files they "don't need" in c:\windows\system for that matter.
...works on sooooo many levels ðYf
You should not trust any tool that isn't open sourced. Consider the folks peddling closed solutions to be doing so with nefarious intent. Even without nefarious intent you would not want to hand your device over to some tool constructed by a kid who gleaned the information to write the tool from instructions cobbled together from their various sources. You can also avoid the problem altogether and choose to carry a real phone instead of a "smart phone".
One trick I learned is to format the machine completely (using the clean all command under disk part), install the OS of choice, load needed drivers and updates, and once it is in a place where everything is stable... then activate it, and save off a couple wbadmin backups.
Now, if I need to reload a physical Windows box, I boot the Windows media, format, then reload the image, and reboot. Back to how it was. I can always get fancier by having a USB flash drive with Offline WSUS [1] images so I can get all patches installed if I so chose.
[1]: This isn't a MS product; use at your own risk. However, it is useful for updating a machine with a limited or no Internet connectivity.
Different apps. I haven't been in Cydia recently, but I'd wager that the variety of apps that leverage the "rootedness" of an Android phone outnumber what's on an iPhone. Similarly, there are a number of apps (Rocketdial, GoSMS, etc.) that require a jailbreak on iOS
I'm not sure that's the case... besides there are more app options for things that do not require jailbreaking (like custom keyboards for example).
The examples I provided were a replacement for the dialer and the SMS client; I'm unaware of there being unofficial replacements for them in Cydia, but I'm all but certain that there aren't any in the App Store proper.
As for the example of apps that require jailbreaking... since the basic assumption is rooted/jailbroken system, why is that an issue? You get to use them if you like either way then.
Because very few users of rooted phones use rooted apps in exclusivity. I like having Xprivacy, but it doesn't mean that I don't also play Angry Birds - I can't have booth without root, but they're not mutually exclusive. There are also apps for Android that don't exist on iOS (again, perhaps in Cydia, but certainly not in the App Store) - there are several torrent clients on Android - they don't require root there, but if they're available at all on iOS (I remember cTorrent being a thing on iOS; don't know if there's anything better that's been released there since like 2010), you most certainly need a jailbreak.
Well, at initial setup, there's not much that Google can ascertain - your Gmail address, your cell number, your phone carrier, and your location...
Whereas with an Apple tablet all it's going to get is your IP during activation (it asks on first run if you are OK with it collecting location info).
For the purposes of this post, I'll roll with the assumption that Apple doesn't collect that data anyway. Correct me if I'm wrong, but you need an Apple account to use an iPhone, right? If there's no opt-out, then they get an e-mail address as well. iTunes always got my cell number when I would sync the phone (as well as being necessary for iMessage to work, I'd gather), and carrier is a fairly trivial thing to ascertain based on any number of things - a log file that indicates which .PNG file is accessed for the carrier logo, the aforementioned IP address, or even the serial number of the phone - I'd be shocked if they don't have some sort of record of which batch is sold for which carrier. This leaves us with location. Google also gives an opt-out on the location data, but I tend to not-trust them. The difference between iOS and Android in this respect is that Xprivacy gives a method by which to force an opt-out, completely irrespective of what any given application wants - including all of the system apps.
Because if you're rooting, and more specifically installing a custom ROM, carrier updates become irrelevant.
I'm not talking about carrier updates, I'm talking about installing new Google releases, which may have some new collection mechanisms you have not yet blocked or otherwise break your privacy software.
Xprivacy blocks access at a pretty low level and blocks them pretty effectively despite updates. I could see something interesting happening maybe at the driver level, but every time they update the Play Services, the "good luck with that" response from Xprivacy appears to hold thus far.
tl;dr: Android sucks, except for all the alternatives.
For out of the box privacy (esp. for the non-technical user) iOS is 1000x better than Android.
For jailbroken privacy for a very technical user, iOS is a tad better. But again it's a matter than the OS is not going to care that it's not collecting your data to transmit back.
I can't really dispute that, to be honest. Android, when properly beaten into submission, CAN have more privacy than iOS, but I'd completely agree that this is a very deliberate state that is not the easiest to obtain.
Because very few users of rooted phones use rooted apps in exclusivity.
I still don't understand - neither to jailbrake owners, you can still use the Apple App Store.
If you have the full set of jailbrake + normal apps, the world of apps is not limited.
Correct me if I'm wrong, but you need an Apple account to use an iPhone, right?
No. It's useful because they provide free backup and other things, but you can use the iPhone without an AppleID.
You do need an AppleID to use the App Store. But that login is independent from the rest of the system, and is only used by the App Store app.
You can create an AppleID just for the purposes of using the App Store (and for enabling device backup), it doesn't have to have a credit card tied to it until you need to purchase something.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It's strange to me that there aren't many options to buy phones pre-rooted. Considering how much I value my free time and how little I want to risk bricking my new device, I would easily pay an extra $50-100 for a phone that was both rooted and under warranty. I imagine even less tech-savvy people could be sold on the idea by just demonstrating the new "features" that you gain.
My understanding is that licensing restrictions prevent o e from shipping an android device that includes any of the useful proprietary bits from google, unless you are an "approved" manufacturer. I believe this is why Cyanogen mod had to make some concessions in order to ship a product that can be sold outside the grey market.
Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7