• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
UBports Robot Logo UBports Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

How safe are our phones?

Scheduled Pinned Locked Moved General
11 Posts 7 Posters 2.3k Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mihael
      last edited by 13 Dec 2017, 21:24

      I trust this community and that is why I am going to ask here this question and besides I don't know where else to ask this and get trustworthy answers and not just opinions. Forgive me if this is off topic. So here we go:

      How safe are our phones? Can anybody tap into them? Can the camera / speaker / gps be turned on without us knowing? Can there be any hidden code in the android layer of our phones that makes it that we cannot definitely know the answer to these questions?

      V V 2 Replies Last reply 13 Dec 2017, 22:24 Reply Quote 0
      • V Offline
        Vartojas @mihael
        last edited by 13 Dec 2017, 22:24

        @mihael And a second question is it possible to track your phones with UBPorts/UT-OS if lost or stolen?

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tonoxis
          last edited by 13 Dec 2017, 22:36

          @mihael @Vartojas I'll answer your questions to the best I can.

          @mihael: Technically, since we as consumers are using mass-produced hardware, there's absolutely no way to know if there are any hardware backdoors that can be used to breach the system. As for turning the Camera, Speaker or GPS, if we can do it as Ubuntu, then so any anyone else targetting Ubuntu. They would obviously need either physical access or a backdoor to do so however. As for code hidden in the android layer, once again, of course it could be, however the only things being done in Android IIRC are for bringing up the hardware and getting the hardware ready for libhybris to bridge the gap between APIs. Could there be malicious code hidden somewhere, of course, but you have access to the full source code to audit it if you so wish. I hope I answered your questions sufficiently, and remember I'm just another member of the community, so my word should be disregarded for official statements from the UBports team if they say I'm incorrect.

          @Vartojas If you have a script or application that preforms this function, such as Prey Anti-Theft for Linux, then yes, it should be possible. But not by the OS itself, no.

          1 Reply Last reply Reply Quote 0
          • V Offline
            vadrian89 @mihael
            last edited by 14 Dec 2017, 09:41

            @mihael
            I am not an Ubports official either but want to help clarify.
            Ubuntu touch is as safe as the users make it: installing software from safe sources and reading the permissions the application requires should, in theory, keep You safe.
            For example, a simple camera app should not require network permissions, neither voice a recording application, unless is an application which can upload them to a server.
            Another thing I know related to UT is that third party applications should not have permissions to run in background (someone tell me If I am wrong on this).

            1 Reply Last reply Reply Quote 0
            • M Offline
              mihael
              last edited by 14 Dec 2017, 09:45

              Thank you everybody for your input! In other words, the stories where someone can activate my phone's microphone while the phone is in my pocket or on my desk are just paranoiac fiction, correct? πŸ™‚

              1 Reply Last reply Reply Quote 0
              • G Offline
                guru
                last edited by 14 Dec 2017, 10:40

                At the end, the hardware is controlled by an Android kernel with blobs and other parts which are not Open Source. What kund of bugs and backdoors are there is not known.

                1 Reply Last reply Reply Quote 0
                • T Offline
                  twinkybot
                  last edited by 14 Dec 2017, 14:41

                  That is why I also want again to propagate FSF or FSFE. And also this Librem Phone. If they succeed then we are again one step closer for getting Hardware which has open source drivers.
                  The same was / is valid I believe for FP 2. I think they also tried to select open hardware as much as possible.

                  Personally I do not know if the underlying Code from Google is Open Source or not. But as @Tonoxis said it also stringly depends sadly on the hardware drivers. And as we got to know e.g. for HP hardware driveres security investigators find bugs now and then. Most recently a "forgotten" "debug code" which which allows key logging.

                  G F 2 Replies Last reply 14 Dec 2017, 14:57 Reply Quote 0
                  • G Offline
                    guru @twinkybot
                    last edited by 14 Dec 2017, 14:57

                    @twinkybot That's why I spent the ~600 euro and bought one Librem device in the hope that they will make it.

                    T 1 Reply Last reply 14 Dec 2017, 15:57 Reply Quote 0
                    • T Offline
                      twinkybot @guru
                      last edited by 14 Dec 2017, 15:57

                      @guru Same same πŸ˜‰

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        twinkybot
                        last edited by 14 Dec 2017, 16:02

                        And this is why I push for OpenSource software in the OPENStore πŸ˜‰
                        I think that the Apache License is not good enough.

                        1 Reply Last reply Reply Quote 0
                        • F Offline
                          flohack @twinkybot
                          last edited by 15 Dec 2017, 20:29

                          @twinkybot The story with HP and the Intel Management Engine? Its a problem of Intel, you can virtually control every server in the business segment remotely, and with smal mistakes in this firmware also exploit it. Why these featuresa re turned on by default, and cannot be turned off? And why do they produce batches for the US government that dont have them turned off? Guess πŸ˜‰

                          BR

                          My languages: πŸ‡¦πŸ‡Ή πŸ‡©πŸ‡ͺ πŸ‡¬πŸ‡§ πŸ‡ΊπŸ‡Έ

                          1 Reply Last reply Reply Quote 1
                          7 out of 11
                          • First post
                            7/11
                            Last post