Slashdot Mirror
Popular Android Package Uses Just XOR -- and That's Not the Worst Part
siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?
There's nothing wrong with XOR for encryption as long as your key size is >= plain text size. In fact it's uncrackable!
I experimented with my old flip phone for a few days just to see if I could really go back and discovered that I found myself missing basic smartphone functionality, like threaded SMS conversations. It took all of five minutes for that to annoy the piss out of me. Then there's the smartphone functionality that has become a key part of my daily routine, like my exercise diary, the Wegmans app, my food diary, Google Maps, weather, and so forth. These are all apps that have value for productivity and/or health, not time sinks like Facebook or Angry Birds. They're worth the $30/mo premium, IMHO anyway.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
In fact, it's unbreakable if you do it right. (http://en.wikipedia.org/wiki/One-time_pad)
I'm disappointed that the person who submitted the story said "Just XOR".
F-Droid is a true friend. And that's a rare thing in these circles.
~.~
I'm a peripheral visionary.
http://www.techlicious.com/gui...
http://gmic2012.greatwallclub.... (I imagine NQ Mobile's Vault is the 'Vault' listed, NQ published a press release about it)
I can't find a free copy of PC Magazine's 2012 best apps, but given the others I have little reason to doubt it. The average reviewer has nary a clue about cryptography, and from an end user standpoint, the app seems well made and has several clever features. It would be easy to assume the app lives up to its claims.
Mind you, it still seems a useful app just for its ability to hide content from casual snoops (the app can even hide its presence on the device), though it is quite overpriced and likely to disappear after this entirely deserved PR disaster.
How can I believe you when you tell me what I don't want to hear?
Have fun living in the past.
Here's the reasons my smartphone is extremely valuable to me:
1) Mobile internet access / WiFi hotspot: I can use my phone to give my laptop internet access anywhere there's cellular data service available.
2) Camera: it's not as good as a dedicated camera, but it's better than no camera at all, and is really handy for taking quick photos of things if image quality isn't paramount. Also can take reasonably good videos. You never know when you'll need to film the cops beating someone.
3) Email access: While definitely not as powerful as reading it and typing on my laptop, it's handy to be able to check my email on-the-go.
4) Voice mail: With Google Voice, I can see a transcript of people's rambling voicemail messages. I can read them in seconds, instead of having to waste time listening to them drone on and on.
5) Games: I like doing crosswords when I'm stuck somewhere and bored and have nothing better to do. The "Shortyz" app is brilliant for this.
6) Weather: My phone tells me what the temperature in my zipcode is, and can easily bring up further weather info. It's nice knowing what the high and low will be without having to watch the weather report on TV like in the bad old days, or having to get to a computer to look on a weather website.
7) Google Maps: I use this for navigation all the time. I really don't know how I ever got along without it; oh yeah, I do know, it was horrible, as I had to mess around with paper maps, stopping and asking for directions, making wrong turns, getting lost, etc. Maybe if you never leave your little town or go anywhere new, you won't see the point of this, but for those of us who travel a lot and move frequently it's a godsend. It's also amazingly useful for finding businesses, looking up their phone numbers, seeing their hours at a glance, etc.
8) Texting: For close friends this is pretty handy for staying in touch at times, though I don't use it that much. Smartphones make this better with an actual (on-screen) keyboard, instead of the shitty dumbphone method of using the 0-9 keypad to try to type messages.
9) Playing music (like a "walkman" if you remember those): I can store my entire music collection in my phone and play anything I want through headphones, like when I'm at the gym. No need for a separate iPod. You can also use internet music services like Pandora.
10) Alarm clock: I not only don't need a separate alarm clock, I can set multiple alarms for all kinds of different events. It also has a stopwatch and a countdown timer.
11) Calculator: With the "RealCalc" app, I have an on-screen calculator and looks and works a lot like my old HP-48G RPN calculator.
12) Flashlight: It's handy to have a flashlight on hand sometimes.
13) Uber/Lyft: With these apps, you can call up a ride easily, see where the car is, and pay for it all with your phone and without having to mess around with calling for a cab and talking to people.
If you don't see the need for a smartphone, you probably live an extremely simple life consisting mostly of sitting in a rocking chair on your porch and watching the world go by all day long. For those of us who aren't retired and idle, it's an enormous convenience.
I think Slashdot should take down this article. Under the DMCA it's illegal to bypass flimsy methods intended to enforce security.
To be precise, it's illegal to bypass flimsy methods intended to enforce copyright. Since this tool isn't marketed as a DRM system, the DMCA doesn't apply.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Here's the TRUSTe info:
http://privacy.truste.com/privacy-seal/NQ-Mobile-US-Inc-/validation?rid=e0f97027-af9a-4b8a-91b5-2a33c58a520a
It only seems to cover security/privacy of their ecommerce site. So, their shopping cart may be secure, but it says nothing about app security as they seem to imply in their press releases, etc.
OpenSource.MathCancer.org: open source comp bio
You could at least have some minimal accuracy in the stories. XOR is not a problem and perfectly secure if used with a secure key-stream, like is done in modern stream ciphers. The problem here is that this is a "Vigenère cipher", where a very short, repeating key-stream is used. It was designed in 1553 and a general break was published in 1863.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
http://www.nq.com/vault- scroll down a bit under "NQ Mobile Vault Features." subsection "Photos & Videos" - "They’ll be encrypted..."
I'd say that was a claim that it'll encrypt them.