doubts more than problems
-
more than a problem is a doubt.
I would like to know if there is a way to make a package of the rom in which the gps is disabled.
Also know, if from settings I remove the gps, if there is a way for any application or permission to bypass that restriction and reactivate the gps.
My example is that I deactivate it for privacy, and if they attack my mobile
, if an external attacker, either through other methods or through an app, can connect the GPS and obtain the location.(This is extrapolated to other device sensors such as camera, gyroscope, sim...)
-
@ebsigma Generally no. An app has to advertise that it will be using the GPS (or other sensors as the case may be) All apps in the Open Store advertise what permissions they expect to have. And even then, the first time the app explicitly wants to use the GPS (or other sensor) a prompt is displayed alerting the user and asking them to grant permission.
Afterwards, if the user wishes to reverse their decision, the permissions can be rescinded in the settings.Also there is the fact that apps are confined, and blocked from doing more than they advertise they will do, or unconfined, in which case they have to be Open Source and the source code is actively reviewed every time before publishing a new version.
If you are so concerned about these things, it would be a good idea to learn to read source code, so you can audit the code of the apps running on your device to your own satisfaction.
-
@arubislander said in doubts more than problems:
If you are so concerned about these things, it would be a good idea to learn to read source code, so you can audit the code of the apps running on your device to your own satisfaction.
In general I thought your response was great, but I find this part a little dismissive. I wholly agree it is a "nice idea" to be able to inspect source code, but it is far easier said than done. It takes years to become semi-proficient in a single language, and I don't know anyone who learnt a programming language by reading it alone, and not actually writing with it. It would be far simpler to just know the hardware was disabled, than expect the user (any user) to read and understand the code of every single application that could possibly want to use that hardware, in any language it may be written in.
-
@prophanetes I did not mean it to be dismissive. And it is not advice that I would give to everyone in every situation. In this case it seemed relevant. The only way you could be sure that the hardware is disabled is to have hardware switches. Unfortunately most devices UT runs well on do not have these. So in that case the user would either need to trust the word of others, like mine, or learn to audit the software themselves. I honestly don't see any other way around it.
π¦πΌ π³π± πΊπΈ πͺπΈ
Happily running Ubuntu Touch
Google Pixel 3a (20.04 DEV)
JingPad (20.04 DEV)
Meizu Pro 5 (16.04 DEV) -
@prophanetes Also it would not be necessary to read and understand every application, it would be sufficient to read and understand the safeguards implemented in the OS to stop applications from having unauthorized access to the hardware.
-
@arubislander All fair points.
But from my experience switching from Xenial to Focal, adding hardware support to a ROM is slow and difficult. Removing or disabling hardware support at that level should be very easy. With all the hardware options, it would be messy to provide ROMs with every possible combination, but it should be relatively easy to ship a ROM with minimalist features by design. If I we offered a no-GPS version, I'm sure it would be popular.
Testing the feature is actually disabled would not to be too difficult for the user. Open Source apps which are designed to use that hardware, e.g. GPS, will honestly report it is not working, and it could be verified by testing multiple apps by different authors. They can't ALL be in collusion with the device porter to deceive users about telemetry...
-
@prophanetes said in doubts more than problems:
But from my experience switching from Xenial to Focal, adding hardware support to a ROM is slow and difficult. Removing or disabling hardware support at that level should be very easy.
Agreed, it is easier to make stuff not-work than to make stuff work. Though even disabling stuff would come with an added test burden as care would need to be taken that not too much is disabled, and that disabling sensor A at such a low level does not have unintended consequences elsewhere.
With all the hardware options, it would be messy to provide ROMs with every possible combination, but it should be relatively easy to ship a ROM with minimalist features by design. If I we offered a no-GPS version, I'm sure it would be popular.
I don't have any info to contest your claim, and personally I hardly ever use GPS, so I would not miss it's absence. But I have to wonder if it would be so popular as to justify doubling the number of device images that are built and stored.
And since this would in effect also be a case of disabling the feature in software, see below ...Testing the feature is actually disabled would not to be too difficult for the user. Open Source apps which are designed to use that hardware, e.g. GPS, will honestly report it is not working, and it could be verified by testing multiple apps by different authors. They can't ALL be in collusion with the device porter to deceive users about telemetry...
The same tests could be done against the situation when the sensor is switched off in the settings, with an equivalent amount of confidence in the result.
-
Hello everyone, thanks for your answers.
It is interesting to see the applications and the code (even if it is to see how they access parts of the device for security reasons) but the problem I am having is creating a custom rom for the company and making sure that if I remove the gps option (I put that example because I think it is the clearest) if I remove gps from the options,
that no app (legitimate or by hacker) can turn on the gps on their own... -
@ebsigma The Pinephone and the Librem 5 phones have hardware switches to turn off GPS, wifi antenna, cell phone antenna, and so on. Unfortunately UT is still not very operative on those devices.
-
@ebsigma Right, so in effect you are talking about a fork of the project where you've disabled GPS. If you do it at a low enough level, it will not be possible for any app to enable it themselves.
-
@arubislander ok, That's what I meant, that if the device deactivation settings (in OS settings) did reach the deepest layer...
to be able to manually see and manipulate those factors, how can I see the OS code and manipulate it, compile it and so on... Is there a tutorial or guide or something where I can start to investigate? thank you so much.
-
@ebsigma I don't think there is a tutorial or guide available.
The source code is distributed over a host of repositories on GitLab (and maybe some on GitHub still). What you seek should be found under https://gitlab.com/ubports/development/core, maybe more specifically https://gitlab.com/ubports/development/core/location-service.
-
@arubislander thanks for the information, I'll review the information to see if it helps me or I can start somewhere... thanks.
-
@ebsigma
I don't know wich is your device, but on mines, it is easy to unplug the GPS antenna.
Since UT can't do A-GPS, no way to be localised i guess.
Don't know if it can fit your needs though. -
@ebsigma There is no p0int in disconnecting GPS for privacy. If you are using it as a cell phone you will leave an IMEI footprint at every tower you connect to. This info is readily available to any authority and probably to Google, Apple and others for "research". If you want privacy, don't have any wireless transmitter or receiver, anything that goes through a server or telephone exchange, wear a hoody when going out, don't drive a car and avoid public transport. ALL is monitored in some form or other.
-
@MrT10001 You forgot to say, "You might as well stop using UT and install Android." Keep in mind that not everyone who locks their house when they leave, sets a pincode/passphrase on their device, or adds UBlockOrigin to Firefox is wearing a tinfoil hat. Most people freely give away the digital footprints of their physical life, but it doesn't mean we all should give up and join in.
-
@prophanetes No what I would say, if you don't want to be tracked, don't use a mobile device, don't use a PC, don't use a motor vehicle, don't use public transport and use cash only. Switching off GPS or location services will not stop you being tracked. Contrary to popular belief, even burner phones can be tracked. If authorities, or persons in the know want to know what you as an individual are up to, they can and will track you.
Xiaomi Redmi Note 7.... And more...
I have too many devices... -
@MrT10001
Also, if a governement really want to know everything about you throug your smartphone, i'd add a simple word : pegasus... -
@MrT10001 I don't disagree, it may be impossible to live in modern society without being seen by Fourteen Eyes. It doesn't mean we can't or shouldn't try to keep ourselves under the radar of individuals and other organisations who have something to gain from people who are lax with their privacy.
Reply with your full name, residential address and credit card details, you will see what I mean. (There's no point trying to hide these details from anyone, your bank already has them.)
-
well my intention of the questions is not "to be invisible" but to know on which layers are the security and the visible options, that is, to know that if I disconnect the gps from settings, that an app cannot turn it on. I have to document myself before making any app,
I understand that it is something normal being an "open" system compared to android or ios.
