Slashdot Mirror
CyanogenMod 13.0 Release 1 Released (androidpolice.com)
An anonymous reader writes: CyanogenMod 13.0 Release 1 is now available as the Android community's first release based off Google's 6.0 Marshmallow. [...]
Not long after Google released the code for Android Marshmallow, CyanogenMod started rolling out nightly builds. Now, CyanogenMod has officially released its first Snapshot release for those looking for more stable development. Many of the improvements detail changes to the privacy settings. For example, CyanogenMod 13.0 has removed encrypted Whisperpush text messaging, and Privacy Guard has been altered to comply with Marshmallow's new permission model. Some other changes include a new AOSP SMS/MMS application, memory screen that shows memory usage over a selected period of time, new controls for the status bar icons, and an enhanced Snap camera app based on Qualcomm's Snapdragon camera. A Cyanogen Apps pack is not yet available, but should be coming in a week or so.
Not long after Google released the code for Android Marshmallow, CyanogenMod started rolling out nightly builds. Now, CyanogenMod has officially released its first Snapshot release for those looking for more stable development. Many of the improvements detail changes to the privacy settings. For example, CyanogenMod 13.0 has removed encrypted Whisperpush text messaging, and Privacy Guard has been altered to comply with Marshmallow's new permission model. Some other changes include a new AOSP SMS/MMS application, memory screen that shows memory usage over a selected period of time, new controls for the status bar icons, and an enhanced Snap camera app based on Qualcomm's Snapdragon camera. A Cyanogen Apps pack is not yet available, but should be coming in a week or so.
Can I run CyanogenMod as the main OS on my PC? I currently use Debian GNU/Linux but I'm getting very disappointed with it all. Systemd has caused me nothing but trouble, GNOME 3 is awful, Wayland is going nowhere fast, and desktop Firefox keeps getting worse and worse.
But I'm really happy with my Android phone. It gives me the kind of experience I want: graphical, simple, and efficient. I would absolutely LOVE it if I could ditch Debian from my PC, and run Android or ideally CyanogenMod instead. I like how it would not force systemd on me, it would have its own sweet UI that's fast and responsive, it would have Firefox for Android (which I think is sweet) and it would probably run really fast since it normally targets phones that are way less powerful than my PC is.
Please tell me that this is possible and tell me how I can run CyanogenMod as the main OS on my PC!
If only carriers and vendors would make it easier to unlock bootloaders on some devices, not cause installing such software to void warranties, and didn't cause issues with things like KNOX. Installing Linux on a computer doesn't void its warranty. Why should the equivalent action on a phone void that warranty? I wish I could install this and still know that my phone would be under warranty if there's an issue with something like the hardware. CyanogenMod is a big improvement over the Android-based systems (I say this because all the vendors and carriers add their own software) and lets me get rid of the crapware. It's a shame that doing so voids the warranty. What will it take to change this?
For those of us that do not sync with Google, or as is my case, do not have any Google services or apps, the new messaging app is worse than the previous one.
The CM12 messaging app allowed all SMS/MMS to be exported as a zip file, that could be imported to another phone, or to the same phone after a clean wipe. The CM13 messaging app is missing this functionality, and I could not find another one that would replicate it.
Otherwise, CM13 is pretty solid. I've been running the nightlies since they came out on an LG G3 d852, which is a bit of a crappy phone, and it is much more stable than CM12. I do like the new camera app, as it has a lot more functionality than the old one, and the OS overall is a bit more polished.
YMMV, as it really depends on the hardware. I'm sure on a Nexus 5p or 6x, CM13 is stellar. On my frankenstein LG G3, it's ok, as I am forced to run a KK bootloader (only rootable bootloader), a LL modem (most recent modem released by the Canadian carriers) and a MM CM13 OS.
For some reason the CM releases have had immense problems with implementing full-disk encryption over the years. It just doesn't work, not even on popular flagship models.
On my Galaxy S3 (CM11) I was once able to encrypt my phone, but it would only allow the use of either a PIN or password – and CM also wiped the user data clean one day by itself. The use of a password is very much desirable per se, but the thing is you'd have to enter it every time you unlock the screen. A PIN is as secure as leaving your phone with a post-it note on it with the actual PIN written on it.
After trying the new CM13 nightlies on my Galaxy S5, I'm still having problems with full-disk encryption. This time around it won't encrypt at all, and even if it would, the aforementioned limitations with the password/PIN are still present. In the newer version you theoretically could use a pattern too, but it's still not secure enough (nor does the whole damn encryption work to begin with).
It's been discussed for several years now how people could have a secure FDE key and a also use a pattern or PIN to unlock the screen. For some god-knows-why reason the password has also been limited to 16 characters in the official Android documentation and nobody came up with the idea to actually increase that. Having experimented with encryption on my Android/CM devices, I have to say that security never really was a key feature in the whole damn ecosystem.
-SR
Rooted Android can already combine a pin screen lock and password for FDE. Cm11 had it built in. For CM12 or stock Android with root, there are apps that can set the FDE password, or you could do it via command line over adb if you want to spend 15 minutes to figure out the right syntax.
Avantslash: low-bandwidth mobile slashdot.
I had this same problem, but found this link http://forum.cyanogenmod.org/topic/82292-cm102-encryption-does-not-start-stuck-at-splash-screen/page__hl__+encryption#entry460839
solution: /proc/partitions -> figure out data partition size in blocks
cat
substract at least 32768 blocks
boot to recovery and via ADB format again data partition
example with data partition mmcblk0p12 with size 12091392 blocks: /dev/block/mmcblk0p12 12058624
mke2fs -T ext4 -L data
dont ask me why developers cannot make FDE working by default, its really shame
I use and generally like Cyanogenmod but when are they going to start being an actual ROM? Right now they 100% rely on phone manufacturers to release a ROM before they can make their own modded copy for devices. Therefore if your phone is not supported for the latest X ROM by the manufacturer then you generally can't run a newer cyanogen either... so like, what's the point.
What I would like to see is the ability to run the latest Android on devices that manufacturers have abandoned. Face it, manufacturers never support anything more than one major upgrade for any device because they want you to buy more product. Fuck that and fuck them! I want proper aftermarket ROM support.
Bullshit. CM versions often exceed what the oem offers, especially on old/popular phones. Sent from my S2 running CM13 nightly.
Rooted Android can already combine a pin screen lock and password for FDE. Cm11 had it built in.
It was indeed "possible", but it was not a supported solution like it is not one even in the current releases. Manually decoupling the FDE password and screen lock means trouble, especially when you update the phone. I once tried this approach, but eventually it wouldn't accept the FDE password upon boot any more even though the password had not been changed. Getting this stuff to work properly is a hassle.
-SR
The two of you have "glass half empty vs half full" arguments. On devices supported by Cyanogenmod, they usually provide more recent version of Android than stock ROM's do, BUT usually they need to find updated devices drivers out of updated stock ROM's for other phones with the same hardware as yours. Usually after 2-3 years no manufacturer provides updates and so without updated device drivers, support totally dies off. This is also the reason why there are delays before older phones are updated for newer OS's, old hardware is usually the last to get updates rolled out from the manufacturers which means delayed device drivers.
FYI they do have their own ROM, it's called Cyanogen OS (not to be confused with CyanogenMod).
https://en.wikipedia.org/wiki/...
This post is exactly why I have gave up on Cyanogenmod.
larf... "supported hardware" being the key
Lets be honest, Android is a failure simply because of "openness" and "open" does not always equal "success", especially when your whole business model relies on a captive audience (ie. lemmings).
I'm not sure I understand. A major problem with Android is the lack of openness. Locked bootloaders prevent changing or upgrading your OS and binary blobs (as opposed to open source drivers) that only work with certain versions of Android and are required to get working cameras and other hardware make Android devices a real pain. More openness would solve these issues. Maybe as Android matures and its ABIs/APIs stabilize it will be possible for binary blobs from hardware makers to work in more versions of Android; I'm not really sure but it would be nice if so.
I agree that open doesn't mean success. Marketing is important as is having a product that is useful and usable. Some people (a minority) do see openness as a worthwhile quality though, whether because they like hacking on things, value transparency, or something else.
When you change the screen-lock PIN, the FDE password will be reset as well. Are you sure that that isn't what happened?
But yes, I admit that I have had my problems, too. When I updated my nexus 7 (2012) from stock 4.4.4 to 5 lollipop, I got the boot message: something went wrong with the encrypted data partition. Factory reset needed. Grrrrr.... That's when I moved to Cyanogenmod.
Avantslash: low-bandwidth mobile slashdot.
I stopped using Cyanogen as their releases have gotten slower and slower. This is an "M" based release 1 after Google has released the preview of "N".
Cyanogen's releases were faster as a community based fork then they are as a company.
Pinky, are you thinking what I'm thinking? Yea Brain but me and Pipi Longstocking? I mean what would the children look
A PIN is as secure as leaving your phone with a post-it note on it with the actual PIN written on it.
You should submit that as expert advice in the current Apple vs Three Letter Agency debate case.
For some god-knows-why reason the password has also been limited to 16 characters in the official Android documentation and nobody came up with the idea to actually increase that.
Stupidity protection. You get all sorts of strange issues when you start allowing users to enter stupidly long passwords such as them forgetting them mid typing, timeouts, and my favourite: complaints that they take a long time to enter as it is :-)
Having experimented with encryption on my Android/CM devices, I have to say that security never really was a key feature in the whole damn ecosystem
Depends. Are you trying to protect yourself from the NSA, or just want your data encrypted so when you lose your phone no one sees your dick picks? The vast majority of uses cases are the latter and for that it is well and truly good enough.
Here's how you can manually "decouple" FDE and screen lock keys (different CM versions require slightly different syntax, try all the commands in an ABD shell):
https://github.com/nelenkov/cr...
As for the lenght of the key, the problem is that stock Android (on which CM is based) encrypts using AES 128 instead of 256, so it's pretty pointless to have enormously long passwords. Plus, randomization is achieved using a proper key derivation function (i.e., your password is not the actual encryption key, it's only one of the variables from which the key is derived).
I'm not sure whether are commands that would allow for AES 256 to be used instead of AES 128, however, then you would want to use a longer password and the GUI code should be changed too. Hopefully they will add this option soon, I also think Cyanogenmod should focus more on security.
Yes, I'm sure it wasn't a case of resetting the password. I was simply rebooting the phone every now and then and then it suddenly wouldn't accept the FDE password any more. I've read about similar cases and it's probably not even a bug, but a feature somewhere in the OS that somehow overwrote the password because something specific happened in the OS.
I really hope one day we'll get a proper encryption suit in Android. Supported, easy to use and secure. :-\
-SR
You should submit that as expert advice in the current Apple vs Three Letter Agency debate case.
You need to remember this is Android we're talking about. Most Android devices lack any real hardware or software security infrastructure, which means you have infinite tries. In many cases you could also brute force the whole thing offline by dumping the contents of the phone on a computer. Even in Apple's case, though, the PIN is incredibly weak. If apple decides to help, it means there's practically no protection for the data. If a long enough password was used instead of a PIN, even with Apple's help the attempts to open the phone's contents would be futile.
Stupidity protection. You get all sorts of strange issues when you start allowing users to enter stupidly long passwords such as them forgetting them mid typing, timeouts, and my favourite: complaints that they take a long time to enter as it is :-)
Well, purposefully limiting security is also stupid in my books, heh.
Depends. Are you trying to protect yourself from the NSA, or just want your data encrypted so when you lose your phone no one sees your dick picks? The vast majority of uses cases are the latter and for that it is well and truly good enough.
NSA, FSB and the like, but also in case I lose my phone. I find this type of argument just as fallacious as "if you have nothing to hide...".
One of my former colleagues actually had his phones and laptop confiscated by the FSB toward the end of his business trip there (non-US government employee). A nation state has the resources to try to gain access to encrypted data in many cases. Having access to someone's personal data on a mobile phone, like in this case, opens up all kinds of possibilities and we all know that.
Security in computers and similar devices should be ubiquitous and purpose-agnostic.
-SR
Even in Apple's case, though, the PIN is incredibly weak. If apple decides to help, it means there's practically no protection for the data. If a long enough password was used instead of a PIN, even with Apple's help the attempts to open the phone's contents would be futile.
If you know so much about this case why aren't you helping the FBI or at least publishing your massive insights? You sound like one of the "net sec" crowd trying to torpedo Android by making such a claim about Apple. It's not going to work.
I find this type of argument just as fallacious as "if you have nothing to hide...".
It's not an argument. It's a question of what's important to you as an end user and a consumer. Some people seriously have nothing to hide from authorities and don't care but also do have something they don't want every other chump to know. It's a matter of fact and with that in mind it lowers the bar on what is and is not acceptable to the end user. We're sorry that we don't all have delusions of big brother breathing down our necks as we try to text about the latest episode of Survivor. Most of us are sane enough to know that the security available in the average Android device keeps out 99.998% of real threats and that if the government really wanted to send their secret ninja assassins after us we'd be as good as dead.
I find this type of argument just as fallacious as "if you have nothing to hide...".
I wasn't implying that. More like "if you have nothing super important to hide from people who are unlikely to be a threat against you..."
I'm a good proponent of encryption and privacy, but honestly you hit the point of diminishing returns very quickly with security. Pin code is good enough for most use cases, though I would have to say if you travel to Russia frequently and have something to hide a little physical security sense would be wise. I haven't experienced Russia yet but before I went to China I did clear my phone of any personal / non-encrypted material for the very reason that the odds of an attempted breach increased by me travelling there.
Here back home? I'm pissed off enough that work enforces that I need a 6 digit pin on my phone. Pattern unlock would be far more convenient.
Aes 256 isnt practically more secure than 128. In fact it has a flaw that reduces the effective keyspace.
I'm a good proponent of encryption and privacy, but honestly you hit the point of diminishing returns very quickly with security.
True enough. But I think despite this it should be an option for those who want it or need it as it's rather easy to implement such features.
Here back home? I'm pissed off enough that work enforces that I need a 6 digit pin on my phone. Pattern unlock would be far more convenient.
From what I have come to understand, PIN and pattern lock can offer comparable protection if configured properly so there really should not be any significant difference in the level of security you get with either choice. The phone should simply refuse any further attempts after the PIN or pattern has been entered incorrectly X times (and if the device has been encrypted, it should then unmount the encrypted partition). I myself also prefer the pattern lock over PIN as it's easier to enter when you hold the phone in one hand.
-SR
if the government really wanted to send their secret ninja assassins after us we'd be as good as dead.
You mean I bought the Secret Ninja Assassin Defense System in vain?! Makes me look rather silly now doesn't it.
-SR
True enough. But I think despite this it should be an option for those who want it or need it as it's rather easy to implement such features.
I believe several vendors offer enhancements beyond stock Android, but the problem with Android itself is that it was supposed to be somewhat hardware agnostic. If you're looking for Apple style security then you're going to have to beg Samsung for it not Google. On the side note Samsung did try something along the lines with Samsung Knox but from what I can see the implementation is half arsed (security info stored in plain text) which doesn't surprise me given some of the, excuse my French, FUCKING STUPID coding efforts they've made on their behalf in the past.
From what I have come to understand, PIN and pattern lock can offer comparable protection if configured properly so there really should not be any significant difference in the level of security you get with either choice.
I agree I hate PIN. But I can understand the security limitations. Aside from a classical statistic guessing game that can get most 4 digit PIN number guessed in under 200 tries, there's less combinations with pattern unlock and due to the complexity increase required to get at some of the combinations you can typically guess a pattern unlock in very few attempts. e.g. the Z pattern is the 0000 of pattern unlock. So I can understand why some people would restrict it.