GPS test 1.24 — prior to nagware “upgrade”

 

[insert uuencode]

 

.

Versions after 1.29 are also nagware but also show GNSS birds in bargraph and not merely in skyview

android security focused Quasar IV two weeks remaining a mere $3.15 million shy security through obscurity to descend into same obscurity

encrypt locally before cloud storage it’s most attractive feature Quasar IV seeks funding

http://indiegogo.com/projects/qsalpha-quasar-iv

Unfortunately the QSalpha folks plan to replace one walled garden with their own QuaWorks walled garden further employing untested special encryption.

QSalpha hasn’t read about the woes of Alice.

QSalpha design is trustyworthy because QSalpha claims it’s trustworthy

.

Quasar IV special crypto blend:

.

QSalpha would like you to ignore the man in green

.

This all assumes our nation reclaims the liberties stolen by the obamanation through feckless indifference

.

.

$0 encrypted SIP calls can be had on android now with OSTN, https://ostel.co

non boot leaky XPosed framework for android+ XPrivacy

http://forum.xda-developers.com/showthread.php?t=2320783

..is the least horrible stop gap for now for those who have disabled- or removed privacy raping google framework

 

flesmihsuoicagas

 

PDroid, adds awesome spoofing POWER to android privacy permissions management

edit 2014:  still good XPrivacy Pro [license supports crowdsourced knowledge], but also evolving quickly from the developer of PDroid 2.0 (not svyat) is DonkeyGuard (CollegeDev | github).  DO absolutely combine  AFwall+ firewall  [in whitelist mode] with LightningWall, and UnbelovedHosts, AND BootManager.  To that end do also donate to defim for the combo license: DefimDonator  [$14 is well worth it] — important: make a note of the name in which you want the license issued. LightningWall does not appear to have a whitelist mode starting from everything blocked, but can function independent of your iptables manager (AFwall+).

 

(DonkeyGuard requires CydiaFramework… seems to be abandoning XposedFramework in favor, but uses both now)

DonkeyGuard has a better UI style than XPrivacy Pro

vs XPrivacy Pro

 

 

edit 2013:  better is XPrivacy extension of XPosed framework for android.  zero malware market access needed; download only via XDA forums or soon *hub for free OpenSource possibly F-droid.org “You can use an XPrivacy Pro license for all the devices you personally own.”

http://forum.xda-developers.com/showthread.php?t=2320783

XPrivacy FAQ#50 also recommends Xmpp Texting [Xabber]

.

original post:

http://forum.xda-developers.com/showthread.php?t=1357056

picks up where LBE Privacy Guard leaves off… they play well together.  However PDroid claims no need of background service.. still requires root. It requires root to boot into CWM to apply the patch, but does not require root to run the management app.

.

PDroid allows blocking access for any installed application to the following data separately:

• Device ID (IMEI/MEID/ESN)
• Subscriber ID (IMSI)
• SIM serial (ICCID)
• Phone and mailbox number
• Incoming call number
• Outgoing call number
• GPS location
• Network location
• List of accounts (including your google e-mail address)
• Account auth tokens
• Contacts
• Call logs
• Calendar
• SMS
• MMS
• Browser bookmarks and history
• System logs
• SIM info (operator, country)
• Network info (operator, country)

For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.

.

easy access to APKs from memorable url: http://tinyurl.com/PrivacyDroid

PDroid 2.3.4 source; patches build, frameworks and libcore

cites interesting article on blockery leakiness.

[ Himself.wordpress.com ]

English LBE Security Master for android now available (outside market) formerly LBE Privacy Guard

edit 2014:  XPrivacy Pro is still the most mature solution.  Another XPosed Framework plug-in is worth observing in development: DonkeyGuard — as it will allow user choice spoofing of requested data.  Also consider installing:  UnbelovedHosts and many other defim plug-ins, LuckyPatcher (remove adware only), Llama (or Tasker), LightFlow (or Xposed led options).  [I do neither encourage- nor condone piracy].   “But my android device… selinux|bootloader”… yeah it’s time to consider buying out of contract, too, for user-liberty (oppo [no cdma]).

 

edit 2013: better yet:  XPrivacy extension of XPosed framework for android

 

edit: a MUCH better, more elegant solution is the PDroid patch

.

http://forum.xda-developers.com/showthread.php?t=1357056

Ask your ROM builder to bake-in PDroid.  There are PDroid aditions and versions for ICS.  It will likely be ported to EVERY subsequent versison of android.

 

MY hardware, MY data: MY terms.

 

…

If you had been in contact with LBE developers prior to this release you should have received notification directly from LBE. 😉

English LBE Privacy Guard has received MUCH much more than a face lift.

Download English LBE Security Master [lite]

Version mismatch?  English LBE Security Master lite is version 2.0.x whereas Chinese LBE Security Master is version 2.1.x

Hopefully LBE has the wisdom to sell the full version outside the market, also.  Secure information shared with google [stored on google] is NOT secure.

.

There is an rom alternative to LBE Security Master [lite] by WhisperCore:

http://whispersys.com/permissions.html

WhisperCore provides selective persmissions in a way that doesn’t take apps by surprise. Instead of denying access to resources, each permission revoked by a user creates a “private resource” for that application. So if an application requests the phone’s unique identifier, it will still get an identifier, but it will be a privacy-protected identifier generated specifically for that application. A different application with the same revoked permission would get a separate identifier, and an application without the revoked permission would get the real phone identifier.

Unfortunately WhisperSystem’s WhisperCore  does not support ALL android phones like LBE.

.

Another alternative to LBE Security Master LITE is pffmod

http://code.google.com/p/pffmod/

.

Ultimate permissions management, spoof ID / fake data, is possible with cyanogenmod

http://review.cyanogenmod.com/#change,5677

Apply a little peer pressure to effect a change in favor of the hardware/data owners!

.

[ Himself.wordpress.com | SagaciousHimself.stumbleupon.com ]

new English version of LBE Privacy Guard available Halloween? Renamed to LBE Security Master

edit 2014:  better alternatives to LBE

edit: a MUCH better, more elegant solution is the PDroid patch

http://forum.xda-developers.com/showthread.php?t=1357056

Ask your ROM builder to bake-in PDroid.  There are PDroid aditions and versions for ICS.  It will likely be ported to EVERY subsequent versison of android.  MY hardware, MY data: MY terms.

…

English LBE Security Master lite from LBE now available

————————————

I have been using the new LBE Security Master in Chinese.  With the exception of a few features all the functionality can be intuited based on prior app experience.

[insert: LBE PG backgrounder]

New to this version is a name change.  This better than fantastic app has been dubbed LBE Security Master.  The Guard icon is a dial whereas the Master icon is a shield.  Go figure.

While denial of permissions is an option I much prefer playing integrity challenged applications at their own game: data poisoning.

I had been working on a screen shot based tutorial but it seems that will be of little value for the Chinese-only upgrade as the English version of LBE Security Master (version 2.1.x) will be available Halloween or possibly All Souls Day.  Chinese APK.

I am hoping in addition to unique id spoofing [UDID] LBE Privacy Guard data services will also be able to spoof MAC addresses and spoof non-radio IMEI/MEID.

New must-have features include:

• new permissions visualization,
• bandwidth monitoring per app (a starred feature req of DroidWall)
• battery preservation,
• communication filtering [some twits label this sms firewall]
• fractional functionality for non-root users

Missing is finer grained control of permissions.   Some permissions such as send SMS, receive SMS are grouped into one tickbox.  GPS location and network location are deemed one permission.   ‘Get TASKS’, a permission abused by google maps, seems to be MIA as well.

The new Chinese version of LBE Privacy Guard is fully functional under Cyanogenmod 7: good news for users of non-stable releases of CM7 who are unable to use the current English version. While garbage collection frequency has been a blight for some using cm4dx the dev cm4dx-gb has almost entirely addressed the problem; LBE Security Master can increase garbage collection frequency at user request.

Keep an eye on the LBE Security Master change log and LBE dev blog for more speculation fodder.  Though big fans of QQ they are not big on XMPP.

.

[ Himself.wordpress.com | SagaciousHimself.stumbleupon.com ]

NEVER post photos from camera phone to internet: exif — FIRST SANITIZE to PNG

Sure, not a novel concept but certainly worth repeating.. again and again until change is effected

Examing image URLs for exif leakiness:

http://regex.info/exif.cgi

ALWAYS convert camera phone images to PNG to sanitize exif and other metadata sneakiness!  Or leave a delightful trail for others to follow.

.

firefox 5 “upgrade” sucking up ram.. great GC asa!  Now we need an extension to iteratively restart firefox to inflict GC.  the “upgrade” on android is even more joy!  Thanks to Tasker ($5) we can be alerted how sucky firefox mobile performance is!

[ Himself.wordpress.com | SagaciousHimself.stumbleupon.com ]

verizon wireless issuing private ip addresses to 3g customer, NAT joy, MIA packets and gross ineptitude … fraudulent enticement

“fraudulent enticement” : is the phrase for those pitching class action suits to such law firms.

.

Part 2, draft 1

verizon staff, even senior tech staff [not network], cannot seem to understand that “private:public” is ONE distinction of ip addresses and that “dynamic:static” is another distinction.  Several people now have approached verizon wireless with the problem that their handset, the phone itself, is receiving a private ip address instead as before a public ip address (internet ip address, or public routable, or insert colloquialism here) on the 3g ppp0 interface.  The joy for “smart” phone users is Port Restricted Cone NAT.  It is a great way to break voip and vpn functionality of the device.  NAT per se is not the issue; user non-configurable “feature” is the problem.  Additional complexity is introduced by VZW denying addressing scheme.

10.0.0.0/8 (255.0.0.0)

Not sure you and your mobile station are in this private address space wan facing boat?  IF android: Grab “STUN client” application, pick any functional STUN server from the drop down, and perform the test.  At the bottom of the results will be the name of your 3g interface, in my case ppp0, and the associated ip address, in my case 10.n.155.n

STUN client: appbrain: http://www.appbrain.com/app/stun-client/com.kodholken.stunclient  I can provide the apk if you have opted to disable google “features” by not adding a gmail address to your handset.

The comical troubleshooting one must initially endure is the assertion that if the web browser is working the data network is working perfectly.  Out of order packets don’t noticeably affect web browsers; out of order packets are very bad for voip.  Lost packets aren’t bad for TCP web browsers; Lost packets are very bad for UDP voip conversations.

“The [3g] ip address on the phone is ONLY for talking to our towers”

Oh really? **  Wait it gets better:

“[3g ip addresses are] not for talking to third party services on the internet”

yes, verizon really made that delightful claim.

“are you saying I’m stupid?” No, based on the call recording I heard this guy is clearly grossly ignorant and not suited to a network support department.

“If the data isn’t working it’s the third party software you’re using”

great!
‘software can control your side of the network? please walk me through how I access that manually’

…

‘if web pages are timing out is it the fault of the web browser?’  .. “no” .. distinction failure continues

Various analogies are drawn to soho nat…

“you have to understand your ip address is dynamic” ..

uh huh. what’s that to do with it now being private address space and the evil of network address translation whereas recently the 3g interface was _dynamically_ issued from a public address space?

Let’s compare the dhcp class of this handset with the dhcp class of another handset.  Awkward silence.  Even their unassailable network people don’t have access to this information.  Scary.

“you might need to create a new rule in your corporate firewall”

How does that effect my phone?  There is nothing I control between my handset and the tower.  I’m not even using a rooted phone with a software firewall with this issue.

We all commiserate there is little point pushing this issue up the food chain by voice with non-business class accounts… especially with the appalling terminology dearth and concept fail.

Stuck with a private ip address?  Too bad.  Suffer but please continue to pay us.

All silly suggestions to contact the manufacturer of the phone, or the developer of VoIP product x or y ought be ignored.  The manufacturer of a handset that speaks CDMA (or lte), for verizon wireless, will direct all questions pertaining to the network back to verizon.  The software is not relevant to this issue — it merely MANIFESTS (or indicates) that there is an issue, and if you are voip familiar you recognize quickly the flavor of NAT involved.

“Perhaps you should contact google”

Yeah, that’ll work out so well.  Sadly no longer employed by a multinational, multibillion dollar venture group I don’t wield that kind of power any more, so no thanks I’ll try bashing your head against the wall instead.  It’s nice to have memories of seeing microsoft, [phone co], and intel dance to make me happy.. I mean work to find a solution to a problem with stuff.

Expect VoIP to FAIL and FAIL BADLY.  There’s a reasonable chance of VPN pain in your near future.  But at least your browser works, right?

It may be a secret top down plan to sell static ip addresses as that has been repeatedly suggested as a ‘solution’.

Please share your verizon wireless fun [pain].  I have several phone conversations from several people in my allegedly small boat in WAV — VoIP allows call recording for claim consistency purposes.  Consider capturing all your CS phone calls; it’s easy with viatalk (roll your own asterisk people have a few buttons to mash).

.

See post on “google port-OUT .. revisionist history” for voip/itsp recommendations.  Also consider PIAF vitelity endorsement.  Additionally try TLS nightlies of CSIPsimple.  Howardforums has luminaries worth consulting.

.

Verizon.Wireless.Private.Network_whitepaper_static.ip.address

* VoIP : udp sip
** Although it could be an unqualified  reference to pg 5 of VZW document b2b.vzw.com/assets/files/PrivateNetwork_WP.pdf [Verizon Wireless Private Network whitepaper] — section 3.1 grasps the public:private and dynamic:static distinctions. A static IP address is available without having a business account. Section 3.8: “static IP — verizon wireless hosted” as opposed to “static IP — verizon business hosted” makes further distinctions. Dynamic Mobile Network Routing exchanges tower-calls for voip calls.  Any claim by Verizon Wireless that a static IP address [on non-business account] would cost $500 reveals gross ineptitude by the agent.  It is obvious that the agent is phrase searching and landed on section 3.8 “verizon wireless private network setup fee”.  There are a number of circumventions to verizon wireless [tortial interference] ranging from irksome to vexatious.. but VZW provoked Proof of Concept circumvention necessity.
*** upselling:  CradlePoint CBA250, CadlePont CTR500, CadlePont PHS300 : opennetwork.verizonwireless.com/devicesShowcase.aspx

EDIT: 110701

addendum: verizon 5+ gb throttling easily circumvented without modifying system files.. hahaha delightfully simple change to system!  (requires SuperUser)

edit 2:

learn to speak verizonese:  CGN

[ Himself.wordpress.com ]

malware-foss contradiction reedemed by fdroid community .. as drm fosters piracy.. or re-engineering.. so does malware-foss foster fixing

Sick of the malware dominated “freeware” section of android market?  Irked by “malware-foss” contradiction?  F-droid to the rescue.  A fine group of programmatically inclined heros edit away malware infecting f/OSS and compile actual-freeware for the educated. Kudos to CiaranG and those who want no spotlight.

Sadly the vast majority of android market users in their gross ignorance WRONGLY tolerate malware.

Sure ads can be easily blocked (root et al) but why trust an intellectually dishonest developer?  What other evil lurks in that black heart?  What other nefarious ends await the use of the malware?  Yes, malware: undesired code that harms the user or abuses his resources [for profit].

.

“But programmers gotta eat”

Yes, they do.  But if eating is unlikely daily perhaps said programmer should ply skills commercially and not futter away hours on a f/OSS project.  You can’t eat a cake you don’t have.  People don’t owe you cake.. nor do you have the right to another’s food. When you have enough food THEN worry about baking a cake.  Let them eat your cake or sell it!  You ought not pillage food from gift recipients.

When you give your cake away it’s irrational to whine that no one bought it.

Beware of cake indian givers!

.

.

* http://F-droid.org

[ Himself.wordpress.com ]

PhantomAlert.com farce: pay to work for phantom alert, bait and switch marketing language, oh my another “smart” phone scam? (phantomalert review: avoid)

You want me to add to- and verify your database AND charge me? no.

http://www.phantomalert.com/Free-Download-Page/Download-Page.html

Pay $10/month at least for the privilege of contributing to the accuracy of the phantomalert database is a privilege I need not.  Better model for me is a PGP signed trust model: the better the contributor the more time-accurate the database one may download freely.

.

If I am to subscribe to a payment model I expect FAR better than casual community contributions to a nebulous database with VERY little intelligence applied to design.

.

How the phantomalert marketing scam works:

“drivers and spotters report speed traps..on our website.  Then drivers simply download our .. database in to [sic] their GPS” …

.

What?  No mention of paying to work for phantomalert?

.

.

“you could be making singles of dollars [scamming friends with craig’s list and ebay]” — review

.

All the while RadarDroid Pro becoming less and less appealing.

waze, social gps navigation, actual-freeware, integrates speed trap reporting with self expiration.  PhantomAlert database continues to stagnate.   http://m.waze.com  to download latest client without [android] market.

(As android market continues to decay from MALWARE speciously claiming to be freeware the iphone platform becomes more appealing. )

.

[ Himself.wordpress.com ]

must have android application for hold sanity

Sure, mid conversation one could mash the speaker button and switch the call to speakerphone while on hold

…. but there is a f/OSS application [on google code] that uses the proximity sensor to do this automatically for you.  What’s more is has a toggle switch to engage only when phone is set upon a mostly horizontal surface:

Take phone from face, set on table… voila speakerphone on hold

SpeakerProximity

http://code.google.com/p/speakerproximity/

.

there be one gui bug: speaker button does not illuminate when the application toggles speakerphone on by proximity sensor

Plays well with IMSdroid

http://code.google.com/p/imsdroid/

.

[ Himself.wordpress.com ]

dead reckoning android GPS

Why is dead reckoning not enabled in ANY android GPS navigation applications??

dead reckoning should at least be a feature in GPS car location applications… for those parking structures or underground parking.

pshaw! lame!

GPS navigation ought not rely entirely on google maps (google navigate)

Also try:

* Waze

* Mapquest

.

XDA to the rescue?

http://forum.xda-developers.com/showthread.php?t=409261
http://forum.xda-developers.com/showthread.php?t=422662

.

[ Himself.wordpress.com ]

App Inventor for Android promises to flood google market with more poor code and malware. yay?

gee thanks

I’ll stick with http://F-droid.org :: actual-freeware, verified submissions, absolutely no malware (adware) allowed.

.

One’s app inventor product will exist at the pleasure of google : much as with their privacy policy (private until deemed otherwise).  Grreat!

[SagaciousHimself]