UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    How safe are our phones?

    Scheduled Pinned Locked Moved General
    11 Posts 7 Posters 2.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • mihaelM Offline
        mihael
        last edited by

        I trust this community and that is why I am going to ask here this question and besides I don't know where else to ask this and get trustworthy answers and not just opinions. Forgive me if this is off topic. So here we go:

        How safe are our phones? Can anybody tap into them? Can the camera / speaker / gps be turned on without us knowing? Can there be any hidden code in the android layer of our phones that makes it that we cannot definitely know the answer to these questions?

        V V 2 Replies Last reply Reply Quote 0
        • V Offline
          Vartojas @mihael
          last edited by

          @mihael And a second question is it possible to track your phones with UBPorts/UT-OS if lost or stolen?

          1 Reply Last reply Reply Quote 0
          • T Offline
            Tonoxis
            last edited by

            @mihael @Vartojas I'll answer your questions to the best I can.

            @mihael: Technically, since we as consumers are using mass-produced hardware, there's absolutely no way to know if there are any hardware backdoors that can be used to breach the system. As for turning the Camera, Speaker or GPS, if we can do it as Ubuntu, then so any anyone else targetting Ubuntu. They would obviously need either physical access or a backdoor to do so however. As for code hidden in the android layer, once again, of course it could be, however the only things being done in Android IIRC are for bringing up the hardware and getting the hardware ready for libhybris to bridge the gap between APIs. Could there be malicious code hidden somewhere, of course, but you have access to the full source code to audit it if you so wish. I hope I answered your questions sufficiently, and remember I'm just another member of the community, so my word should be disregarded for official statements from the UBports team if they say I'm incorrect.

            @Vartojas If you have a script or application that preforms this function, such as Prey Anti-Theft for Linux, then yes, it should be possible. But not by the OS itself, no.

            1 Reply Last reply Reply Quote 0
            • V Offline
              vadrian89 @mihael
              last edited by

              @mihael
              I am not an Ubports official either but want to help clarify.
              Ubuntu touch is as safe as the users make it: installing software from safe sources and reading the permissions the application requires should, in theory, keep You safe.
              For example, a simple camera app should not require network permissions, neither voice a recording application, unless is an application which can upload them to a server.
              Another thing I know related to UT is that third party applications should not have permissions to run in background (someone tell me If I am wrong on this).

              1 Reply Last reply Reply Quote 0
              • mihaelM Offline
                mihael
                last edited by

                Thank you everybody for your input! In other words, the stories where someone can activate my phone's microphone while the phone is in my pocket or on my desk are just paranoiac fiction, correct? πŸ™‚

                1 Reply Last reply Reply Quote 0
                • G Offline
                  guru
                  last edited by

                  At the end, the hardware is controlled by an Android kernel with blobs and other parts which are not Open Source. What kund of bugs and backdoors are there is not known.

                  1 Reply Last reply Reply Quote 0
                  • twinkybotT Offline
                    twinkybot
                    last edited by

                    That is why I also want again to propagate FSF or FSFE. And also this Librem Phone. If they succeed then we are again one step closer for getting Hardware which has open source drivers.
                    The same was / is valid I believe for FP 2. I think they also tried to select open hardware as much as possible.

                    Personally I do not know if the underlying Code from Google is Open Source or not. But as @Tonoxis said it also stringly depends sadly on the hardware drivers. And as we got to know e.g. for HP hardware driveres security investigators find bugs now and then. Most recently a "forgotten" "debug code" which which allows key logging.

                    G flohackF 2 Replies Last reply Reply Quote 0
                    • G Offline
                      guru @twinkybot
                      last edited by

                      @twinkybot That's why I spent the ~600 euro and bought one Librem device in the hope that they will make it.

                      twinkybotT 1 Reply Last reply Reply Quote 0
                      • twinkybotT Offline
                        twinkybot @guru
                        last edited by

                        @guru Same same πŸ˜‰

                        1 Reply Last reply Reply Quote 0
                        • twinkybotT Offline
                          twinkybot
                          last edited by

                          And this is why I push for OpenSource software in the OPENStore πŸ˜‰
                          I think that the Apache License is not good enough.

                          1 Reply Last reply Reply Quote 0
                          • flohackF Offline
                            flohack @twinkybot
                            last edited by

                            @twinkybot The story with HP and the Intel Management Engine? Its a problem of Intel, you can virtually control every server in the business segment remotely, and with smal mistakes in this firmware also exploit it. Why these featuresa re turned on by default, and cannot be turned off? And why do they produce batches for the US government that dont have them turned off? Guess πŸ˜‰

                            BR

                            My languages: πŸ‡¦πŸ‡Ή πŸ‡©πŸ‡ͺ πŸ‡¬πŸ‡§ πŸ‡ΊπŸ‡Έ

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post