Safety of Xiaomi Redmi 7 (onclite) Port
-
I'm not a developer (but learning). Does anyone who's looked at the code have an opinion? Does anyone think it's safe to assume that the code has been vetted since it's been up for a while?
-
@JGSvz9Wkgxka4UfH Opinion about what? You're asking the code creators what's their opinion about what they have written? The code cannot be changed without anyone noticing. The only thing that can be changed is when you download the UT image. Someone could alter the code of that image (this can happen if you download stuff from unknown sources), but even then is the checksum image check that consist in some keys that need to match (Not sure how that works in UT).
-
@JGSvz9Wkgxka4UfH Just to ease your doubt: think it logically, if the lead developers trust the code and use UT, why are you so afraid? How do you know that the phone manufacturer didn't hide a part of the CPU that secretly communicate with the Chinese Government?
-
@C0n57an71n said in Safety of Xiaomi Redmi 7 (onclite) Port:
@JGSvz9Wkgxka4UfH Opinion about what? You're asking the code creators what's their opinion about what they have written?
I was asking for the opinions of persons who didn't create this specific port. I trust UT, but I wasn't sure about this specific port.
@C0n57an71n said in Safety of Xiaomi Redmi 7 (onclite) Port:
@JGSvz9Wkgxka4UfH How do you know that the phone manufacturer didn't hide a part of the CPU that secretly communicate with the Chinese Government?
This is actually a concern.
-
@JGSvz9Wkgxka4UfH Take it easy mate. I don't say this in a disrespectful manner.
How do you trust if the tap water is clean and safe to drink, how do you trust car, plane, train manufacturer, how do you trust the pilots? How do you know the Earth is round?
See where am I going?
There are more persons that deal with code reviewing, plus, there is the option to check the code and the security features by third parties (entities that have nothing to do with UT).
Still not convinced?
Do you want to speak with the manager? -
@JGSvz9Wkgxka4UfH Do you want to know the UT weakest point from the security point of view?
-
@C0n57an71n said in Safety of Xiaomi Redmi 7 (onclite) Port:
@JGSvz9Wkgxka4UfH Do you want to know the UT weakest point from the security point of view?
Sure.
-
@JGSvz9Wkgxka4UfH Look in the mirror. Most of the times is the user's fault for security breaches (except when you are a passenger on a Boeing 737 Max that is hurdling towards ground , then no, is not your fault ).
Developers are checking and re-checking stuff to make sure everything is nice and safe, your duty as a user is to use your common sense and not leave sensitive private info all over the place.
Apps in UT run in a "container", that means that they cannot access other parts of the system that they should't do. -
@JGSvz9Wkgxka4UfH See the latest Twitter accounts breach which was a human error.
-
All right, thanks for your help.
-
@JGSvz9Wkgxka4UfH For nothing! Could you please mark your thread as a "question" please? That is in the first post, where the Reply is, to the right: Topic(Thread?) Tools. Thanks!
-
@JGSvz9Wkgxka4UfH
As @C0n57an71n said everything rely on relative trust.As for UT, there is not 100% safety, because the bootloader is unlocked, because the android ports rely on closed source firmwares.
But the upper layers produced by the community are trusted because there are code reviews and that it is mostly open source (some apps might be closed if the developer wants).So basically when you send a SMS the user has to trust the firmware, the carrier and the recepient with sensitive personnal data (phone numbers and message).
What UT does is limiting the exposure. You can choose to send evy pictures on your phone to Facebook with geotags. But in order to do so the user has to explicitly select and send those pictures (or contacts or whatever). -
@JGSvz9Wkgxka4UfH Could you set the thread to "question" please as it isn't a bug or a problem that needs to be solved and not to create confusion Thanks!
-
I think I did?
-
@JGSvz9Wkgxka4UfH , @C0n57an71n
I think in this case it should be marked as normal thread actually.
And I think that's what @C0n57an71n wanted.
I fixed that. -
@JGSvz9Wkgxka4UfH Since you are so safety-focused person, just a foot note: do not leave your phone in hands of unknown persons. UT doesn't suport drive encryption yet, that means that any person with a little technical know-how could access your information, but as I said: they need phisical access to your phone. Stay safe!