maemo.org - Talk - Security (NSA, Android app, any app, OS...)

maemo.org - Talk (https://talk.maemo.org/index.php)

- Brainstorm (https://talk.maemo.org/forumdisplay.php?f=47)

- - Security (NSA, Android app, any app, OS...) (https://talk.maemo.org/showthread.php?t=92021)

Re: Security (NSA, Android app, any app, OS...)

Quote:

Originally Posted by eldiablo (Post 1398964)

Android is not open source, it is more likely to have backdoors in it for the NSA, just as Windows or Apple products do.

Do you have proof of this, or can point to someone that has reverse engineered these operating systems and found actual backdoors? I don't mean vulnerabilities in the code, these are not proof of NSA pressure on the companies to create "backdoors", just mistakes made in coding and/or quality control.

I'd be very surprised if the NSA pressured either company into putting backdoors into their products, especially when those products can easily be reverse engineered and those backdoors can be found and exploited by almost anyone.

The NSA can, and most likely did force companies like Google and Microsoft to provide them with their SSL private keys so that the NSA can spy on all your encrypted traffic to Gmail and Hotmail. That could be done quite easily and wouldn't be likely to cause any collateral damage.

Re: Security (NSA, Android app, any app, OS...)

Quote:

Originally Posted by shawnjefferson (Post 1400086)

, just mistakes made in coding and/or quality control.

Your logic makes sense, yet these instances grow bolder as well. Torture in Irak. The work of a few evil grunts on the loose.
Google collecting Wifi payload in streets all accross Europe? A programming mistake.
Countless examples where one low level rotten apple is to be held responsible whenever caught red handed.
This communication strategy works so well that it is becoming the standard answer whenever a totally wrong political or corporate policy is being exposed for what it truly is.

So the question remains, who is going to reverse engineer the millions of lines of codes to discover the backdoor?
Probably nobody.
But suppose a backdoor is found, it will be the work of a single individual coder with low moral standards and he / she might get fired. That is certain.

Re: Security (NSA, Android app, any app, OS...)

I can't see why a phone running an open source custom after market Android ROM/distro such as CyanogenMod together with an OTR XMPP client such as Jitsi and the F-droid repo of nearly a thousand free software apps would be any worse from a privacy standpoint than the pseudo-open Linux solutions that Nokia released.

I love MeeGo and the N9 but it is not and never was a fully open source experience.

Re: Security (NSA, Android app, any app, OS...)

Kindly vote for cleaning the Android VM from hard coded Google DNS servers.

https://together.jolla.com/question/...different-dns/

Re: Security (NSA, Android app, any app, OS...)

Quote:

Originally Posted by shawnjefferson (Post 1400086)

One of the NSA documents leaked by Eric Snowden was a confidential 41 slide powerpoint presentation stating they had 'direct access' to the 'systems' and 'collection directly from the servers' of US multinationals including Apple, Google, Microsoft, FaceBook, Yahoo, YouTube, Skype, AOL and PalTalk. The presentation also states the program (called Prism) is run with the assistance of the companies.

Re: Security (NSA, Android app, any app, OS...)

Every mobile has a second operating system that you have no control over.

http://www.osnews.com/story/27416/Th...y_mobile_phone

I'm the biggest supporter of the Free Software Foundation that I personally know, but even I'm beginning to feel like "What's the point of even trying anymore?". :(

Re: Security (NSA, Android app, any app, OS...)

Quote:

Originally Posted by drcouzelis (Post 1403140)

Every mobile has a second operating system that you have no control over.

[url]http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile _phone[/url

Which is why Sammy are our best hope, because they can build the whole kit and caboodle.

Re: Security (NSA, Android app, any app, OS...)

Quote:

Originally Posted by minimos (Post 1396314)

I don't think there is a practical way to proof that the device is totally safe, unless you're able to make it live all the time 'sandboxed' into your own tapping monitoring: your own (portable) BTS to bridge GSM communications and similarly for WLAN.
As, what if the Qualcomm firmware every second full moon and x MB of traffic decides to 'fart out' to somewhere a concise summary of your last communications? It would be a needle in a haystack that not even the sailors who signed NDAs with their providers would know its existance.

Is it possible to catch all radio emissions from a device? Idea would be to buy a fresh Jolla and a starter/pay as you go sim card. Stand at the entrance to the Ecuadorian embassy in London and insert it. If one could catch unexpected radio chatter, would prove Qualcomm drivers are iffy, no? (probably everybody is aware of US equipment they planted there that was misconfigured and welcomed everybody to Uganda, we can expect attack or maybe just a wakeup call there)

Edit: to elaborate, I believe NSA(GCHQ) have a weakness, we know who they target. If you do such test with nexus/galaxy/iphone/lumia we could at least dismiss the notion of backdoor (if they have all UK carriers providing them with full access this won't help a lot, but next to a red-hot target I would assume they will try to backdoor, then again it might be in do-not's of spying, Uganda would suggest they follow flaky procedures though)

Re: Security (NSA, Android app, any app, OS...)

How secure Sailfish Os is?