HTC Mistreating Customers

This a somewhat controversial topic, don't like it then don't read it but if you care about internet freedom, please help spread this.

HTC/Samsung and possibly other companies are installing rootkits in Android phones, coded into the kernel and it hides in the memory. No this rootkit isn't "malicious", but it's installed [B]without your consent or knowledge[/B] and collects data on you.

One developer who goes by the name of TrevE over at XDA-Developers has blogged about this rootkit, and within the first 24hrs of his information being released, lawsuits are being filed on him by HTC that all his info and research has to be pulled down and must issue a public apology to HTC and has 24hrs to do it. HTC do this so he didn't have time to seek legal advice. Guess what? he got legal advice from EFF (Electronic Frontier Foundation), who came to his aid.

Congratulations HTC, you pissed off the Android community and now you will pay for it. Any dev is advised to dev the hell out of any HTC phone and find out what else HTC is upto.

Also, am I the only one wondering what will happen if this mistreatment continues? I'm sure we all remember what happened to Sony when our brothers from Anonymous stepped in? we wouldn't want the same to happen to HTC would we?

Just a quote from the video, but isn't this the same thing?

Hello Sony

It has come to our unfortunate attention that you have decided to interupt the free flow of information. As you well know from other acts performed by Anonymous, that we will not stand for this.
By sueing Geo Hot, and attempting to view the IP addresses of those who watched his videos, you have angered the hive.

I've bolded the parts that are relevant to this situation. Anyone agree?

http://www.xda-developers.com/android/carrier-iq-sues-treve/

Android Security - Pointless?

Thanks to a post from @Androidpolice on Twitter for posting this. The following posts contains quotes from Googles own open source project manager Chris DiBona (he's a complete douche bag btw).

Mobile Security is apparently pointless from what Chris says.

Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. If you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.

So, is Lookout Mobile Security useless and pointless? Hey Chris, it's 2011, wake up and smell the coffee. Security is becoming a bigger and bigger issue, malware is evolving. Yes what we have right now may not be 'big' per se but it's heading that way.

If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.

So Lookout are "scammers and charlatans". Hey Chris, I wonder what will happen if this was sent to Lookout Mobile Security, or Kaspersky Mobile Security, or BitDefender Mobile Security? OOOH SHIT wait I already sent it to Lookout. Oh well. Can anyone 'lawsuit'?

Also what makes me laugh:

So there you go. I'm sure people will now chime in about some worm or malware they downloaded from some app market or something, which will be moderately fun, then it will devolve into a discussion about something unrelated, then I'll cancel comments. :-)

This guy is quite obviously a troll who can't face the truth. Proposes a statement but can't back it up, and when people show him facts that he's wrong, he disables comments. Chris, PLEASE do EVERYONE a favour and kindly go kill yourself now. Thank you.

Suing Acer; More Trouble Than It's Worth?

Acer are being sued in CA for misrepresentation. You can grab a copy of the document file here [pdf] http://www.multiupload.com/1SMVYSVR6S

Acer sold some laptops that were supposed to come with OEM Recovery CD's and didn't. Obviously recovery CD's are very handy should something go wrong, and I'm guessing the person who filed this lawsuit isn't an advanced person when it comes to technology and computers. Yes Acer may have misrepresented it, but is going through (no doubt) months worth of court action, seeing lawyers, paying for lawyers, etc worth all this bother?

I see the point their making and it's a valid point, but it seems more trouble than it's worth.

I don't have any recovery discs for mine neither and yes my machine has died on me in the past and wouldn't boot no more, but seriously that's not the end of everything. I just boot Linux instead, open source, free to download the OS, free to burn to a CD, grab my data and format. Takes me what, 1hr maybe 2? that seems like less of a bother than going through months of court related stuff, having to pay for lawyers, etc

This costs me what? like £50 for a decent external 1TB HDD that hasn't failed on me in the past 3yrs, £10 for hundreds of blank CD's to put Linux on. £60 seems a good deal than bothering with courts if I'm honest. :\

I dunno, go figure.

Google Music: I Don't See The Point In It?

Okay so today Google released their new Google Music service, it was a decent conference, you'll probably find the recorded version for playback on the Android Youtube channel soon.

Now me personally, I don't want to come off like I'm all for piracy because I'm not, but I seriously do think this whole Google Music stuff will only lead to piracy.

Someone buys a song, shares it over Google+, so their friends can listen it to once. Now, it's not exactly hard to go download Audacity to record the song as it's played back. Now the problem is, whoever does that has a free copy of whatever song, this person brags about it to his friends and ends up passing it to them, they pass it to their friends, etc.

Somewhere along that line, the file is uploaded to the internet via file hosts/P2P/torrents, and eventually ends up on Youtube, now people across the globe can listen to it whenever they want. I have Internet Download Manager installed on my machine and IDM allows me to download songs (including video) in flv format for FREE.

Now lets recap. Songs people have to BUY eventually end up on the internet, anyone who's anybody can get a copy of them for FREE. Problem Google?

Also, I noticed I can't download Google Music to my SGS phone as it's only for US people. Oh wait someone leaked the APK and now I do have Google Music.

That is all.

Android Security: What Should We Worry About?

Last night I was crawling the net for the latest security news and found something of real interest. More Android malware? more Android vulnerabilities? Nope. Although I will say this. Android malware is optional, yes I said optional. What do I mean by that?

Android malware can be installed with your permission, and doesn't come free with the phone when you buy it. This security threat is NOT optional and is installed by your carrier. This threat has permissions even higher than super user and hides in your phones memory.

So what is it exactly? this rootkit is known as Carrier IQ (CIQ for short). What does it do you ask? normally CIQ is used to report back to the manufacturer when there is a problem with the phone, like if it crashes, etc. No big deal right? wrong.

The CIQ on Samsung/HTC phones is used as tracking system. It's tracking YOU. It's tracking your location via GSP even if you have it switched off, your calls, your text messages, what apps your running and when you use them, etc. Yes, this threat is keylogging you.

What makes this even worse is all that data is sent back to your carrier and is NOT anonymous. All that data has YOUR name on it. Apparently your privacy doesn't matter to HTC or Samsung, you don't have the option to opt-out of this program.

You can find both articles on XDA-Developers forum here and here.

Personally, I didn't even know about this invasion of my privacy until last night and this quote from XDA pretty much sums up how I feel about it.

Remember, we may not be the vast majority of your users/customers, but unfortunately for you, our communities are the ones who can make your sales efforts into a living nightmare. Consumers are the ultimate key holders and we suggest that you stop looking at us as dollar signs and more like people and customers. All in all, I am not for sale and my privacy is priceless.

Something tells me Samsung and HTC are about to be sued to hell, we shall see.

FBI Take Down DNSChanger Cybercrime Circle

Quick shoutout to the FBI, Team Cyru and everyone else who helped bring down the DNSChanger malware circle, 7 charged with internet fraud of $14m

We love you guys.

As always, you can find more news in my Twitter feed.

Charlie Miller Kicked Off iOS Dev Team

Recently news broke of security expert Charlie Miller who has helped find many holes in iOS, was kicked off the dev team for showing a proof of concept that allowed malicious apps to be planted into the iOS app store with a code-signing bug. Article by ComputerWorld here

I know many companies have a policy with security researchers - that they have to keep quiet until the hole is closed and not release details about it.

Miller never really released anything, I saw his video for the proof of concept he did, he didn't release the method of how he did it. Yes I can say fair enough, but I can't help but think Apple shot themselves in the foot as well. Losing a decent security researcher like Miller... we'll see how it effects Apple.