How safe are our phones?

  • I trust this community and that is why I am going to ask here this question and besides I don't know where else to ask this and get trustworthy answers and not just opinions. Forgive me if this is off topic. So here we go:

    How safe are our phones? Can anybody tap into them? Can the camera / speaker / gps be turned on without us knowing? Can there be any hidden code in the android layer of our phones that makes it that we cannot definitely know the answer to these questions?

  • @mihael And a second question is it possible to track your phones with UBPorts/UT-OS if lost or stolen?

  • @mihael @Vartojas I'll answer your questions to the best I can.

    @mihael: Technically, since we as consumers are using mass-produced hardware, there's absolutely no way to know if there are any hardware backdoors that can be used to breach the system. As for turning the Camera, Speaker or GPS, if we can do it as Ubuntu, then so any anyone else targetting Ubuntu. They would obviously need either physical access or a backdoor to do so however. As for code hidden in the android layer, once again, of course it could be, however the only things being done in Android IIRC are for bringing up the hardware and getting the hardware ready for libhybris to bridge the gap between APIs. Could there be malicious code hidden somewhere, of course, but you have access to the full source code to audit it if you so wish. I hope I answered your questions sufficiently, and remember I'm just another member of the community, so my word should be disregarded for official statements from the UBports team if they say I'm incorrect.

    @Vartojas If you have a script or application that preforms this function, such as Prey Anti-Theft for Linux, then yes, it should be possible. But not by the OS itself, no.

  • @mihael
    I am not an Ubports official either but want to help clarify.
    Ubuntu touch is as safe as the users make it: installing software from safe sources and reading the permissions the application requires should, in theory, keep You safe.
    For example, a simple camera app should not require network permissions, neither voice a recording application, unless is an application which can upload them to a server.
    Another thing I know related to UT is that third party applications should not have permissions to run in background (someone tell me If I am wrong on this).

  • Thank you everybody for your input! In other words, the stories where someone can activate my phone's microphone while the phone is in my pocket or on my desk are just paranoiac fiction, correct? 🙂

  • At the end, the hardware is controlled by an Android kernel with blobs and other parts which are not Open Source. What kund of bugs and backdoors are there is not known.

  • That is why I also want again to propagate FSF or FSFE. And also this Librem Phone. If they succeed then we are again one step closer for getting Hardware which has open source drivers.
    The same was / is valid I believe for FP 2. I think they also tried to select open hardware as much as possible.

    Personally I do not know if the underlying Code from Google is Open Source or not. But as @Tonoxis said it also stringly depends sadly on the hardware drivers. And as we got to know e.g. for HP hardware driveres security investigators find bugs now and then. Most recently a "forgotten" "debug code" which which allows key logging.

  • @twinkybot That's why I spent the ~600 euro and bought one Librem device in the hope that they will make it.

  • @guru Same same 😉

  • And this is why I push for OpenSource software in the OPENStore 😉
    I think that the Apache License is not good enough.

  • @twinkybot The story with HP and the Intel Management Engine? Its a problem of Intel, you can virtually control every server in the business segment remotely, and with smal mistakes in this firmware also exploit it. Why these featuresa re turned on by default, and cannot be turned off? And why do they produce batches for the US government that dont have them turned off? Guess 😉


Log in to reply