UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    How safe are our phones?

    Scheduled Pinned Locked Moved General
    11 Posts 7 Posters 2.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • V Offline
        Vartojas @mihael
        last edited by

        @mihael And a second question is it possible to track your phones with UBPorts/UT-OS if lost or stolen?

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tonoxis
          last edited by

          @mihael @Vartojas I'll answer your questions to the best I can.

          @mihael: Technically, since we as consumers are using mass-produced hardware, there's absolutely no way to know if there are any hardware backdoors that can be used to breach the system. As for turning the Camera, Speaker or GPS, if we can do it as Ubuntu, then so any anyone else targetting Ubuntu. They would obviously need either physical access or a backdoor to do so however. As for code hidden in the android layer, once again, of course it could be, however the only things being done in Android IIRC are for bringing up the hardware and getting the hardware ready for libhybris to bridge the gap between APIs. Could there be malicious code hidden somewhere, of course, but you have access to the full source code to audit it if you so wish. I hope I answered your questions sufficiently, and remember I'm just another member of the community, so my word should be disregarded for official statements from the UBports team if they say I'm incorrect.

          @Vartojas If you have a script or application that preforms this function, such as Prey Anti-Theft for Linux, then yes, it should be possible. But not by the OS itself, no.

          1 Reply Last reply Reply Quote 0
          • V Offline
            vadrian89 @mihael
            last edited by

            @mihael
            I am not an Ubports official either but want to help clarify.
            Ubuntu touch is as safe as the users make it: installing software from safe sources and reading the permissions the application requires should, in theory, keep You safe.
            For example, a simple camera app should not require network permissions, neither voice a recording application, unless is an application which can upload them to a server.
            Another thing I know related to UT is that third party applications should not have permissions to run in background (someone tell me If I am wrong on this).

            1 Reply Last reply Reply Quote 0
            • mihaelM Offline
              mihael
              last edited by

              Thank you everybody for your input! In other words, the stories where someone can activate my phone's microphone while the phone is in my pocket or on my desk are just paranoiac fiction, correct? πŸ™‚

              1 Reply Last reply Reply Quote 0
              • G Offline
                guru
                last edited by

                At the end, the hardware is controlled by an Android kernel with blobs and other parts which are not Open Source. What kund of bugs and backdoors are there is not known.

                1 Reply Last reply Reply Quote 0
                • twinkybotT Offline
                  twinkybot
                  last edited by

                  That is why I also want again to propagate FSF or FSFE. And also this Librem Phone. If they succeed then we are again one step closer for getting Hardware which has open source drivers.
                  The same was / is valid I believe for FP 2. I think they also tried to select open hardware as much as possible.

                  Personally I do not know if the underlying Code from Google is Open Source or not. But as @Tonoxis said it also stringly depends sadly on the hardware drivers. And as we got to know e.g. for HP hardware driveres security investigators find bugs now and then. Most recently a "forgotten" "debug code" which which allows key logging.

                  G flohackF 2 Replies Last reply Reply Quote 0
                  • G Offline
                    guru @twinkybot
                    last edited by

                    @twinkybot That's why I spent the ~600 euro and bought one Librem device in the hope that they will make it.

                    twinkybotT 1 Reply Last reply Reply Quote 0
                    • twinkybotT Offline
                      twinkybot @guru
                      last edited by

                      @guru Same same πŸ˜‰

                      1 Reply Last reply Reply Quote 0
                      • twinkybotT Offline
                        twinkybot
                        last edited by

                        And this is why I push for OpenSource software in the OPENStore πŸ˜‰
                        I think that the Apache License is not good enough.

                        1 Reply Last reply Reply Quote 0
                        • flohackF Offline
                          flohack @twinkybot
                          last edited by

                          @twinkybot The story with HP and the Intel Management Engine? Its a problem of Intel, you can virtually control every server in the business segment remotely, and with smal mistakes in this firmware also exploit it. Why these featuresa re turned on by default, and cannot be turned off? And why do they produce batches for the US government that dont have them turned off? Guess πŸ˜‰

                          BR

                          My languages: πŸ‡¦πŸ‡Ή πŸ‡©πŸ‡ͺ πŸ‡¬πŸ‡§ πŸ‡ΊπŸ‡Έ

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post