Last week on a business trip to Rome, my XDA got stolen..
Offcourse I had it blocked as soon as possible and have password protection on it, but resetting it would make it usable for anyone.
If anyone sees a secondhand XDA for sale from Italy (where they are not sold) please remember me....
IMEI: 350312010049224
S/N : HT220CC15367
P/N : 99HJ00007-00
So... when is this new model XDA comming on the market?!
We thought of a program to stick into ROM which would, after cold-boot, send one SMS to a pre-determined number. Could be a friend's number, or possibly even a web-service, where you can look up all the phone numbers of all SIMs ever in that phone at cold-boot. You could even wait a few days to see if the owner field was ever filled out...
Please go into that, as I will buy an XDA again but feel quite bad about this one stolen and would very much want something to have a little more protection/means of getting it back.
I saw an advertisement on www.thinkgeek.com about a software that would automatically send emails with IP adresses when a stolen laptop is connected to internet.
Something like that could possibly be an option in a theft-recovery program?
Thanks,
Lx
Great idea XDA developer Peter Poelman...you guys should definitly do that!!
XDA developer Peter Poelman, that is one of the best ideas I have heard of!! If there were a server you could register your XDA on, then install the 'tracking' software it would be very cool.
Would it even be possible to get a fix on the location by picking up the nodes that the XDA is near? Effectively your XDA would text you its location, name of the new owner and new number to server where you could pickup the info. Hay-presto, you can inform the provider and authorities and maybe even get it back. I bet you could even sell the software to the providers!!
Gil.
Hold on guys, if you developed such a ROM, it should be clearly stated that it is doing that. I can imagine, if people started offering ROMS, that made unsolicited calls to premium rate numbers, that would be a great, and illegal, business venture.
Anything, that works behind the scenes must be clearly highlighted if trust is to be maintained in a public community
Sounds good though. If i could find all the people that have stolen bits and pieces from me, revenge would be sweet!
I guess that watching out for ROMs that have spy-wearz or nasty apps in the background ARE possible, there could be something about now. Let’s face it the ROM tool is not that hard to understand. And if someone was really that nasty they could make a lot of money in a very short period. After all a premium rate text number has no price cap. But lets not get in to that right now.
The answer to this, like a lot of things in IT is A trust in the developer, B trust that is has not been hackled – as above and C you have noting to hide.
The provider can already see al the calls and text that the sent from your phone. So the only thing for them to see would be your ROM version.
If this was made a voluntary process and secure I can see it doing a lot more good than harm.
Also another though on the spy wear bit, it would be good to have an app that watches the activity on you device and allow you to see it.
Sorry for the rant, Gil.
Oh yeah, we've thought of nasty things one could do. Possibly more scary still: if you have this Action Engine framework, someone holding a private key somewhere can remotely update your ROM, without telling you.
perhaps thats how o2 intended to upgrade in the future?
is it easy to place the AE exe file back onto the xda? its just the one file right?
No, it's a whole bunch of files. They were installed from the operator section of the ROM, though AutoConfig.exe, into device RAM.
I'm not really into the programming stuff, but I was just thinking...
If such a thing was to be implemented, you would not want it to be active until your device actually got lost. So how do you tell your device (that probably has a different SIM card in it) that it should start to broadcast it's location and new SIM information? And where to?
I was thinking of a site where you should register, very securely and only upon activating the 'tracking' program from this secure site that a constantly updated log file of all nodes where the device is connected to a GSM/GPRS network would state the deveice's location.
With this list (and possibly the information of the new SIM card) it should definatly be possible to retrieve the device, with collaboration from the provider/authorities ofcourse.
Also I heard a provider can locate any GSM down to 5meters accuratly when the phone is being used, about 100 meters when the device is on stand-by. Don't know for shure if this is true though.
If things like these could be incorporated, this would be the best software/ROM update ever to be made in my opinion. If there is any way in wich I could be of any help I would gladly be of service!
Two complimentary options would be:
the XDA sends a message to a server whenever the SIM card is changed, unless you enter a particular password first.
Send a specifically crafted sms to the XDA that causes it to realize that it is stolen. This starts it sending location info to the server.
I think you could switch XDA in to stolen mode using a broadcast directly to the PIN on the phone. This is how P2P works in the US instead of SMS. This could be done from a web site and the user of the stolen phone would not know until it was too late.
But then again I may be wrong?
Gil.
this is all good and well, but there will be always someone out there that says this is a privacy thing and they do not want people knowing where they are using their XDA
What should be developed is a Rom that once the owner name has changed, the XDA will then send a message to a server(if the XDA is registered) informing of the new number of the inserted SIM, the IMEI number and all other numbers/contacts straight to your provider. they then contact the new provider for information on the new owner. send the bissies round and reclaim your XDA.
this would be big money to phone service providers as it would reduce the amount of insuance claims and hastle.
if it can be done, then I will be buying it (once i own the XDA !!)
cheets
Related
HI,
I used to have an XDA/Walaby but I lost it.
I posted a topic about making an option in the rom for the device to send it's network position for it to be retrievable.
Now that I've got a MDA II / Hymalaya I am wodnering if this is something that can be done for this devide.
I'm sorry but I'm no expert programmer, just a regular user with little in-depth knowledge, so please forgive me for my bad explenation and terms.
What I was thinking about having something built into the bootrom that would check a certain website everytime it connects with GPRS or WIFI to the internet.
Hidden and 'in stealth' ofcourse, without knowing of the 'new' owner.
On this website there would be a code, normally stating 'green' meaning the devide is in good hands.
When the device is lost or stolen, the original user change this code to 'red' by a password protected email, login/change setting or something like that.
When the devide connects to the site and finds it's code turned to 'red'it should send a log file with information on witch netwerk point it is connected, WiFi point, Current SIM (plus mobile number and owner-) information and so on.
Maybe it's even possible with just SMS messages so the devide doesn't even has to connect ot the internet but a normal GSM signal would do.
With all this information it should be possible to go to the authorities and get the device back, or atleast give prove of theft for insurance purposes.
And since this function should run from the bootrom, a normal update would not affect it's functionality.
Again, I am absolutely no programmer but I would really like to see if people find this an interesting feature. I would be more than happy to assist in anyway possible in developing.
Greetz,
Lx
Interesting idea
You may be interested in this also: http://wiki.xda-developers.com/wiki/IIWPO
Yeah, that was the thread that came after I wondered about retrieval options for my XDA.
I will be testing IIWPO asap.
Still I think a lot more information could/should be send, especially since insurance companies won't do anything unless you have 'prove'of theft.
Someone else's SIM info and wherabouts seem hard to dismiss in a theft-quiry.
Maybe someone could give some comment on this?
As a person who has had two phones stolen I can tell you one thing - there needs to be a password on the use of flashing. First I had a galaxy note, which has Samsung locate. But hardware reset saw to that. Second I had a CSL Spice, knowing about hardware reset, I set about finding an un resettable program. In comes avast (brilliant though it is).
Two criticisms, first is its method of retrieval. Sms. Yes, sms. The thief has thrown your sim card in a bush, but in order to remotely access your phone, avast smses your sim card. Classic. Try it, steal your own phone, or get a mate to, it's so tragic its funny. Go on, back up your apps, take out your sd card, and be your own thief. Second issue, obviously is flashing. Avast hides on the partition, but this is wiped and remade based upon your new OS. Bye bye avast.
So really there are two key solutions: password protection on the flashing access. Set by the user, changeable only by those the user gives it to (engineers/new owners). And the other is set a hardware code like IMEI on accessing not just a phone network, but also Google Play registration, and Samsung /other apps registration. That way the code can be flagged by the owner. Actually thirdly is an email address which appears upon failed flashing password attempts. To remind the thief that he can still take the brick of plastic and metal (and gps) back.
I'd like all new owners to be informed of what to do upon loosing their phone, codes to note down etc. As I feel this is not done enough. I'd love to start a push to get Samsung and other droid phones as well as Google Play to start this and maybe we can finally end phone theft.
Anyone think a petition is possible?
How were your phones stolen? I have never had one of the 40+ phones i or my immediate family have owned (knock on wood here as i probably just jinxed myself) stolen.
In my case it could be just locale, but i have worked in some pretty rough areas with high crime rates so i could just be lucky or plain diligent with what i do with my phone when not in use.
Not being disrespectful here, just seeking enlightenment on what behaviours/actions leads to them being stolen to see how it is different to my experience.
As to your proposal, not a bad idea. One thing i can think of is that like the locked bootloaders that were/are put on some phones, somebody will most likely find an exploit/hack to get around it. They almost always do. Could be talking out my arse on that as i am not knowledgeable with this but they always seem to find a way.
Sent from my SAMSUNG-SGH-I717 using xda premium
but this dexpends where you go and therefore stuff as such.....if i were to stay home alot im sure the 40+ phones ive had would hardly get stolen as well. saying this I've had to phones stolen as well and its not fun. i would sign
Sent from my SAMSUNG-SGH-I717 using xda premium
I do like the Imei idea. I've never had a phone stolen. I've worked in gyms, restaraunts, public schools, indoor reffing, etc
Sent from my SAMSUNG-SGH-I717 using xda premium
depends how tech savy the thief is.. if they perform an Odin flash then only thing preventing use of the phone on ATT is IMEI blacklisting. Couple of things come to mind that might help. If they pick up the phone and try to use it as-is without switching SIMS or factory reset Plan-B can help. If either of these is done then only thing that will help would be something such as a preconfigured Plan-B app in the CWM image to "phone home" after SIM change and factory reset.
Security would lay back and laugh at your problem.
Just being aware of your environment and using sensible precautions will go a long way towards preventing theft. Treat your phone like it's worth hundreds of dollars and you should be OK. For example, If you were at a social gathering where there were many people you didn't know would you leave six one hundred dollar bills sitting on a table in a secluded area while you went to the bathroom? Probably not, yet I commonly see people doing just that with their $600 phones at parties or while at the park with friends. They rely on strangers honesty and their friends vigilance to protect their property. The trouble is, cell phones have become so common place the friends would be as likely wonder why someone is picking up their beer as to why they are picking up your phone. Honest folks expect others to be just as honest as they are and why not? They are normal after all and aren't all normal people honest just like them? So, if someone sees another picking up a random ubiquitous phone and putting it to their ear while they walk out the door they will surely not think twice about it. The phone is obviously that person's, else why would they pick it up? Thief's who steal in public rely on people not noticing "normal" behavior. Just treat your phone like it's a hundred dollar bill and you should suffer no more losses due to theft, unless you are mugged of course.
Just get Cerberus. Problem solved.
TheMrRoxtar said:
but this dexpends where you go and therefore stuff as such.....if i were to stay home alot im sure the 40+ phones ive had would hardly get stolen as well. saying this I've had to phones stolen as well and its not fun. i would sign
Sent from my SAMSUNG-SGH-I717 using xda premium
Click to expand...
Click to collapse
I wish i could stay at home a lot. Not the case. Do lot of traveling and in a lot of different locales/ environments. Just don't put my property where there is an opportunity for some one else to make it theirs. That is why i asked what the circumstances were behind theirs being stolen. If it was stolen due to lack of diligence on their pArt or were they physically assaulted.
Sorry about your losses and i am sure it is not a pleasant experience. I know i would not be happy.
I personally think the idea is sound.
Sent from my SAMSUNG-SGH-I717 using xda premium
jpeg42 said:
Just get Cerberus. Problem solved.
Click to expand...
Click to collapse
what he said...
and, be more aware of where your phone is at ALL TIMES...
one time is understandable; two times is carelessness..
I love how western these answers are. Lol, left it in a cafe. My galaxy note was ripped out of my hands my a thief on a motorcycle in Malaysia while I was checking gps map, and my CSL Spice was pushed out of my pocket as I was being dry humped on a moped in Bali. That last one is classed as an accidental loss, which turned into a theft as the lucky buggers driving behind me probably found it. How is besides the point really. "you were stabbed? Oh, we're you in stab proof armour? Carrying a gun? Oh, silly girl!"
Cerberus is bandied around like avast anti theft, if it's flash proof, then I'll bite (as it were), but I'd like to see that claim.
Chiefly what we could do with is a hardware code that content providers request on account activation. Something a phone can't change. It needs a built in theft message/action not one remotely sent. And it needs a flash password.
Actually a readable hardware code would suffice if all content providers signed up.
Who would you speak to to suggest such a thing?
Already in chats with Samsung and Google Play customer services, but they aren't really the development team sadly.
In my city there are at least 4,000 phones for sale on Craigslist daily. Can you imagine how many customer service people at&t would need to manage the IEMI switching? It would be like the frakkin DMV for transfer of ownership. And managing blacklisted IEMI? Fuggetaboutit. I asked one about that idea and their response was "stolen phones are new customers".
the only way to prevent stuff from being stolen, is not to own it in the first place...IMHO
That being said, we all take the risk together when we pull out these fancy devices for the world to see. and lets face it, we all like to flaunt our wares as a status symbol on occasion.
the note is a big fancy eye catcher, and a prime target for crooks to swipe from unsuspecting folks not paying attention. ( sorry about the dry humping moped issue).
And since the odds are, your device will get stolen again, you should change your habits of usage if possible.
I agree that security of the device after theft is difficult, and I would support a petition to enhance the security measures, but I'm not gonna hold my breath on any carrier taking the task on. Like ranger said, a stolen phone is a new customer.....g
It wouldn't require any work, nor switching, just adding a field for IMEI. This is automatic for carriers right, but it needs to be the same for Google play and other app sites.
When a user looses his phone, he logs the IMEI as stolen, and the Google Team put that code on a watch list. Any Form designer could handle that. IMEI or serial number or whatever is hardware based.
Simple idea no?
Thats why I bought this app called gotya.
https://play.google.com/store/apps/details?id=com.myboyfriendisageek.gotya
-Once you go NOTE, you'd say 4 inches a Joke
NOTE user:
"take a deep breath, make sure to get a good look at it, relax and slowly take it in, the size is overwhelming at first but you will have a happy ending afterwards".
Woman:
:O
Veruvir said:
It wouldn't require any work, nor switching, just adding a field for IMEI. This is automatic for carriers right, but it needs to be the same for Google play and other app sites.
When a user looses his phone, he logs the IMEI as stolen, and the Google Team put that code on a watch list. Any Form designer could handle that. IMEI or serial number or whatever is hardware based.
Simple idea no?
Click to expand...
Click to collapse
And when the vindictive girlfriends and exwifes report out of spite?
rangercaptain said:
And when the vindictive girlfriends and exwifes report out of spite?
Click to expand...
Click to collapse
you'd think they'd just smash it on the floor or drop it in the toilet...
You probably live in a ****ty neighbourhood no offence.
Sent from my SGH-I717M using xda premium
Sarius24 said:
You probably live in a ****ty neighbourhood no offence.
Sent from my SGH-I717M using xda premium
Click to expand...
Click to collapse
Yeah, there's no criminals in "nice" neighborhoods.
I use Tasker for:
When I switch locations, a front/back pic + GPS, sent to google drive.
When not at a location that has is known, it sends the same info every time the screen comes on.
Tasker locks certain apps in unknown locations, so the main screen stays unlocked. I figure the longer they can play with the phone on the more likely I am to get it back.
Sms of course to trigger by minute pics and GPS.
rangercaptain said:
Yeah, there's no criminals in "nice" neighborhoods.
Click to expand...
Click to collapse
sure there is; thats where they go to steal stuff!
Hey XDA!! I came here because I know you're quick to deliver the help. I'm not sure if this should go in Q&A or the Development section, and you'll see why in a bit.
A friend of mine (we’ll call him M for ease) recently came to me with a concern. His coworker's ex-boyfriend has been hassling and harassing her using her Android phone. **BEFORE I go any further, YES I have suggested that the proper authorities get contacted.** At first he was allegedly sending texts to MY friend via the girl’s phone. He had some forwarding/spy type app (that’s all I could figure out from some research) on her phone that would allow him to text it, and then those messages would forward to M as if they came from his coworker. I have no idea how he could have done that, and I couldn’t find a lot of apps in the play store that seemed to have similar functions.
But now, he is apparently trying to get the poor girl to install a GPS tracker on her phone (unwittingly, I assume) so he can, well, know where she is. M can’t tell me the name of this app because he’s unsure.
So at this point I’m thinking that we not only have someone who’s being evil, but who is *maybe* making his own apps to stalk and get this girl, and my friend, in trouble at work.
I found a GPS spoofer on the play store https://play.google.com/store/apps/details?id=com.lexa.fakegps&hl=en I have offered to help root phones and install this and do whatever is necessary to get this guy off their backs. I can test it all day long since I have a rooted device—my question is, I don’t have a spy app to spoof, nor do I know what exactly I’m trying to spoof, so how do I know this will be helpful?
I’m also considering finding a custom ROM and helping this girl lock her phone down more. Or telling her to call her carrier and change her number. Beyond that, does XDA have any suggestions or advice? I’m not a coder, but I can follow directions to change things if you tell me exactly where to go and what to change (i have dabbled a teensy bit in android source code before breaking my phone >_>)
The girl has a Samsung Dart, I’m currently unsure of the version of Android it’s running, but should find out soon and will edit the post.
Thanks for all the help!
You can format the phone and see if that works. Plus there are many text blocker apps on market.
Hope i helped .
Sent from my GT-S5360 using xda app-developers app
Yes ,I patiently read the entire story! Wipe the phones data !
As far as the text problem you said I don't think there is anything like that which could receive an sms from a number and then forward it to another number. So there are two options either the girl sent the text or the guy semt the text with a spoof number!
And as far as the GPS is concerned, one doesn't need a GPS tracker to know where one is! Just Google maps is enough if the guy has the girls mail in his contacts. Ask her to change the mail id it should be enough!
Sent from my GT-P3100 using Tapatalk 2
Xiaomi Security issues. Xiaomi firmware has multiple backdoors So I've basically got myself in this sh*t because lack of care.. Until it pop'd and hit the highlights.
And now straight to the point. It doesn't f*ckin matters if you had a fw or not. As the backdoors are embedded in ROOT system processes.
And those where obviously white-listed as i didn't think of a nasty Chinese guy sitting in it calling back home. My friend who got the same phone found the article as i was having my vacation for a bit, so when i found out i did a bit a research of course on my device. After finding all this i e-mail'd him it and he posted it on the Xiaomi European forums. Guess what happened, it got deleted. So they know damn good what they're doing.
Quote:
When you purchase Xiaomi products or services, we’ll collect relevant personal information, including but not limited: delivery information, bank account, credit card information, bill address, credit check and other financial information, contact or communication records.
Quote:
Originally Posted by OP
Music app(?) connects to:
202.173.255.152
2012-12-01 lrc.aspxp.net
2012-12-01 lrc.feiyes.net
2012-12-01 w.w.w.616hk.com
2012-12-01 w.w.w.hk238.com
2012-12-01 w.w.w.lrc123.com
123.125.114.145
2013-11-27 tinglog.baidu.com
1/53 2014-07-02 12:51:01 hxxp://tinglog.baidu.com
Latest detected files that communicate with this IP address
Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment.
3/43 2014-07-08 07:39:24 facb146de47229b56bdc4481ce22fb5ec9e702dfbd7e70e82e 4e4316ac1e7cbd
47/51 2014-04-28 09:25:27 091457f59fc87f5ca230c6d955407303fb5f5ba364508401a7 564fb32d9a24fa
24/47 2014-01-08 08:19:43 3cf0a98570e522af692cb5f19b43085c706aa7d2f63d05469b 6ac8db5c20cdcd
21/48 2013-12-02 15:15:45 7e34cb88fc82b69322f7935157922cdb17cb6c69d868a88946 8e297257ee9072
19/48 2013-12-01 20:02:32 bce4bd44d3373b2670a7d68e058c7ce0fa510912275d452d36 3777f640aa4c70
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/53 2014-07-02 12:47:57 hxxp://dev.baidu.com/
Android-system ANT HAL Service(Framework_ext.apk/jar) connect to:
42.62.48.207
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2014-04-28 app.migc.wali.com
2014-07-12 app.migc.xiaomi.com
2014-05-30 gamevip.wali.com
2014-05-30 log.wlimg.cn
2014-04-21 mitunes.game.xiaomi.com
2014-04-30 oss.wali.com
2014-05-17 p.tongji.wali.com
2014-07-13 policy.app.xiaomi.com
Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/58 2014-08-13 07:10:49 hxxp://policy.app.xiaomi.com/cms/interface/v1/checkpackages.php
1/58 2014-08-10 00:46:35 hxxp://policy.app.xiaomi.com/
1/53 2014-07-02 12:49:59 hxxtp://oss.wali.com
Messages(Mms.apk) connect to (it literary calls back home)
54.179.146.166
2014-08-12 api.account.xiaomi.com
2014-07-26 w.w.w.asani.com.pk
What it does? It sends phone numbers you call to, send messages to, add etc to a Resin/4.0.13 java application running on a nginx webserver to collect data. Checkpackages, embedded system process/app posts all installed apps to a Tengine a/k/a nginx webserver cms.
URL: hxxtp://api.account.xiaomi.com:81/pass/v3
Server: sgpaws-ac-web01.mias
Software: Tengine/2.0.1 | Resin/4.0.13
URL: hxxp://policy.app.xiaomi.com:8080/cms/interface/v1/
Server: lg-g-com-ngx02.bj
Software: Tengine | Resin
Bottom line
They don't give a single damn about your data.. All sent in plain text.
For messages APK (Mms.apk)
I don't believe it needs those permissions for normal functionalities, this is only for the extra feature let's call it bug.
android.permission.SEND_SMS_NO_CONFIRMATION
android.permission.GET_ACCOUNTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.INTERNET
miui.permission.SHELL
android.permission.GET_TASKS
android.permission.CAMERA
Some code ... i also attached java classes and smali dalvik jvm bytecode..
Code:
RELATED
http://apkscan.nviso.be/report/show/...0b623da712918f
http://lists.clean-mx.com/pipermail/...14/072661.html
OTHER SOURCES
http://www.newmobilelife.com/2014/08...-china-server/
http://www.htcmania.com/showthread.php?p=14730859
Main post and more info. All credits go to the OP
http://forum.xda-developers.com/gene...oords-t2847069
zelendel said:
Xiaomi Security issues. [/URL]
Click to expand...
Click to collapse
dude that is sooo old cheese already. you really seem to have a personal problem with xiaomi?
go read a bit:
http://www.cnet.com/news/xiaomi-makes-cloud-messaging-opt-in-amid-privacy-concerns/
http://www.androidcentral.com/hugo-barra-responds-xiaomi-privacy-concerns
Xiaomi has added encryption to the communication in an updated firmware, and the cloud service is now opt-in.
while i will say that unencrypted transfer is uncool, most of the stuff transferred (or actually all) has to do with their cloud service.
Apple & Google are doing the same stuff, i bet you Samsung does also.
so what is the big deal here? that it was not encrypted? or that it sends something in the first place?
linr76 said:
dude that is sooo old cheese already. you really seem to have a personal problem with xiaomi?
go read a bit:
http://www.cnet.com/news/xiaomi-makes-cloud-messaging-opt-in-amid-privacy-concerns/
http://www.androidcentral.com/hugo-barra-responds-xiaomi-privacy-concerns
Xiaomi has added encryption to the communication in an updated firmware, and the cloud service is now opt-in.
while i will say that unencrypted transfer is uncool, most of the stuff transferred (or actually all) has to do with their cloud service.
Apple & Google are doing the same stuff, i bet you Samsung does also.
so what is the big deal here? that it was not encrypted? or that it sends something in the first place?
Click to expand...
Click to collapse
First off do I have issues with them? Sure most here do but that is a whole other matter.
This was brought to attention by another user. Had you read the post you would have known that.
The fact that they record your bank account info is cause for further investigation.
I just posted it here for users to know and look into. In the end it doesn't matter to me as Ill never use their device or OS.
Ok I get it. No discussion will come of this. Apple is doing the same and that's all right since they are 'mericans. Totally cool.
Sent from my MI 3W using Tapatalk
linr76 said:
Ok I get it. No discussion will come of this. Apple is doing the same and that's all right since they are 'mericans. Totally cool.
Sent from my MI 3W using Tapatalk
Click to expand...
Click to collapse
No it's not. If we were and iOS forum. Then we would be calling them out as well.
Same issue, blocked me in MiUi forum!
zelendel said:
No it's not. If we were and iOS forum. Then we would be calling them out as well.
Click to expand...
Click to collapse
I had noticed the same security issues and data leaks by Xiaomi device (note is not just MiUi but whole system) and showed them proofs, even wrote to Hugo but just after seeing my proofs they blocked me in their forum. I do use MI3 but miss the resources they have in forum. Anyway, I am just using the device without DATA or firewall app if need DATA. Hope they had played fairly with users.
Problem is deeper than this. The users instantly start screaming any one who says this mobile has security leaks (e.g me) ad asks for proofs, once I post the proofs they dont accept it and raise as whole but they get their own way to download resources from MiUi forum. I am alone but I wont surrender.
For sure they'll upload ur info. For purpose.
pkb_always4u said:
I had noticed the same security issues and data leaks by Xiaomi device (note is not just MiUi but whole system) and showed them proofs, even wrote to Hugo but just after seeing my proofs they blocked me in their forum. I do use MI3 but miss the resources they have in forum. Anyway, I am just using the device without DATA or firewall app if need DATA. Hope they had played fairly with users.
Problem is deeper than this. The users instantly start screaming any one who says this mobile has security leaks (e.g me) ad asks for proofs, once I post the proofs they dont accept it and raise as whole but they get their own way to download resources from MiUi forum. I am alone but I wont surrender.
Click to expand...
Click to collapse
I don't think the phone is released in Europe yet? So if you have problem with the software,flash with your own OS build or use another phone. The government tried to push everyone using true identity in case there is any cyber crime happens. Plus, did CIA,NSA or any government agency tell you when they search through your personal data? I doubt.
Sent from my HTC One using XDA Free mobile app
xiaohan said:
The government tried to push everyone using true identity in case there is any cyber crime happens.
Sent from my HTC One using XDA Free mobile app
Click to expand...
Click to collapse
And you believe that?
zelendel said:
And you believe that?
Click to expand...
Click to collapse
Hey,who case,I don't have porn on my phone ,nor any illegal stuff stored. If u don't have something don't want to be touched,keep it in physical format and never get connected.
Sent from my HTC One using XDA Free mobile app
xiaohan said:
I don't think the phone is released in Europe yet? So if you have problem with the software,flash with your own OS build or use another phone. The government tried to push everyone using true identity in case there is any cyber crime happens. Plus, did CIA,NSA or any government agency tell you when they search through your personal data? I doubt.
Sent from my HTC One using XDA Free mobile app
Click to expand...
Click to collapse
What? Brother I am from India. To clear my situation more My banker sends me a highly secured one time password through message each time I try to access their online services. Now this MI3 is leaking (have proofs) and redirecting SMS (with one access notification which is not clear enough) its a security breach and case of international cyber crime. But in India, politicians has nothing to do with such issues, officers have "more important" things to do and Banker said me to change my mobile. So such is the case when you are in not developed country. Here even if some gets killed then police comes after all has been settled down let alone a security breach. It just and just a very "minor" or not an issue at all.
pkb_always4u said:
What? Brother I am from India. To clear my situation more My banker sends me a highly secured one time password through message each time I try to access their online services. Now this MI3 is leaking (have proofs) and redirecting SMS (with one access notification which is not clear enough) its a security breach and case of international cyber crime. But in India, politicians has nothing to do with such issues, officers have "more important" things to do and Banker said me to change my mobile. So such is the case when you are in not developed country. Here even if some gets killed then police comes after all has been settled down let alone a security breach. It just and just a very "minor" or not an issue at all.
Click to expand...
Click to collapse
You know once you use a public service ,there is no privacy right? People can spy on you using your cellphone,not even a smart one and listend to whatever youare talking about next to your phone even it's off as long as the battery is not taken off. What does this mean to your bank's highly secured one off password for your online banking?
Just use another one if you are not happen with it. E.g. iPhone which slightly record your real time geo information since iOS7 update without telling the users and even theIR staff don't know anything about it.
Sent from my MI 3C using XDA Free mobile app
xiaohan said:
You know once you use a public service ,there is no privacy right? People can spy on you using your cellphone,not even a smart one and listend to whatever youare talking about next to your phone even it's off as long as the battery is not taken off. What does this mean to your bank's highly secured one off password for your online banking?
Just use another one if you are not happen with it. E.g. iPhone which slightly record your real time geo information since iOS7 update without telling the users and even theIR staff don't know anything about it.
Sent from my MI 3C using XDA Free mobile app
Click to expand...
Click to collapse
Have your heard of "boiling water and frog's" story? I already said we dont raise our voice against such crimes adjust ourselves saying "ohh very minor", "doesnt affect me much" or "others do it too". Just show me that Apple's product steals your SMS and I will agree with you, if you cant then either raise your voice with me or just get boiled like a frog in adjusting.
This is a technology forum, politics problem is not interested here I guess. Surely, sending sensitive data back to the server initially was suspicious,but the security issue has been patched,if you have a lot of security concern, don't use a smart phone.
Sent from my HTC One using XDA Free mobile app
I use a Mi3 in India
Well if you're online chunks of your data is always going places you don't know. AFAIK, India too has a PRISM like setup and your calls, call logs & SMS are stored. No idea how much data is shared by companies. Seems like people believe that only in US & Europe you're data is used without your knowledge.
The US based companies came public on data collection thanks to Mr.Snowden only.
Last week a US court ordered Microsoft to disclose data in their servers in Europe.
If you're concerned about privacy don't use smartphones. Or don't use a phone at all. Safest way keep your privates stuff private. Don't save those nude pics on phone or cloud or anything connected. Use long complex passwords, encrypt.
Sent from my MI 3W using XDA Free mobile app
ramanvemman said:
I use a Mi3 in India
Well if you're online chunks of your data is always going places you don't know. AFAIK, India too has a PRISM like setup and your calls, call logs & SMS are stored. No idea how much data is shared by companies. Seems like people believe that only in US & Europe you're data is used without your knowledge.
The US based companies came public on data collection thanks to Mr.Snowden only.
Last week a US court ordered Microsoft to disclose data in their servers in Europe.
If you're concerned about privacy don't use smartphones. Or don't use a phone at all. Safest way keep your privates stuff private. Don't save those nude pics on phone or cloud or anything connected. Use long complex passwords, encrypt.
Sent from my MI 3W using XDA Free mobile app
Click to expand...
Click to collapse
It is known all countries do this. This issue is what these country the info goes to.
Hey,if you have problem, don't use it. Not posting any xiaomi product forums, I guess you don't own all the models you posted in the forum to.
I believe people come to here are not idiot. You mentioned the OS has issue you have concerns is enough, people make their own judgement and decisions.
Sent from my HTC One using XDA Free mobile app
Been a national news for us android lovers here in Indonesia. Luckily enough, i never bought their products (quite popular here). OP, you sounds like you're really against Xiaomi, though. You ever been in something with them?
Xiaomi is an arrogant company. Until now they have not released the kernel for mi3 despite of Barra's commitment. All their forum threads so stupid like "give ideas and win bunny" "give suggestions and win a fcking phone". MIUI will never ever ever get stable. It follows iOS design principles. When I gave a negative feedback, I was banned from miui forum. Freakingly selfish mindset stupid copycat company.
Sent from my MI 3W using XDA Free mobile app
jothiprasad1984 said:
Xiaomi is an arrogant company. Until now they have not released the kernel for mi3 despite of Barra's commitment. All their forum threads so stupid like "give ideas and win bunny" "give suggestions and win a fcking phone". MIUI will never ever ever get stable. It follows iOS design principles. When I gave a negative feedback, I was banned from miui forum. Freakingly selfish mindset stupid copycat company.
Sent from my MI 3W using XDA Free mobile app
Click to expand...
Click to collapse
Kernel Source has been realeased today
https://github.com/mi3-dev/android_device_xiaomi_cancro
https://github.com/mi3-dev/android_device_xiaomi_msm8974-common
https://github.com/mi3-dev/proprietary_vendor_xiaomi
We have been through five phones -Samsung Galaxy, then Motorola, two internet providers two cell phone providers, made so many calls I have lost count. He uses Chromebook and a Motorola Droid phone. He has even hacked my old home phone, tv, you name it, he has tried to own it . Oh, I forgot-my home security and ring doorbells also. I can change an app permission and I can see him go right in and change it back. I am sure he lives close in the neighborhood How do I get rid of this horrible person?
He grays out permissions, default apps, etc., Which keeps me from being able to delete an app, or change someone being able to access in the background. He has confiscated our emails (Gmail), prevents us from sending or receiving ones he doesn't like. He uses email for email on the web, advertising, chat, and many other things. He listens to phone calls steals all photos, maps addresses to companies or people in contacts, uses maps for ?? Xxx an anyone help me, or at least tell me how to reverse graying out on apps? This has become unbearable! Thank you!
How do you know it's a he?
It's always the girl next door.
Lol! I cannot prove it, but the big gamers nextdoor moved in when this started happening. Their best friend is an experienced IT guy who only appears when I have gone in and changed things. In those days, new changes happen, such as Ring doorbells hacker, etc. Not blaming, but coincidence?
blackhawk said:
How do you know it's a he?
It's always the girl next door.
Click to expand...
Click to collapse
Sorry. See reply in post.
Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.
This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.
Moosetears said:
This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.
Click to expand...
Click to collapse
Definitely not fiction. It is a nightmare and could REALLY use some advice!
gunnshot81488 said:
Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.
Click to expand...
Click to collapse
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.
Scammed said:
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.
Click to expand...
Click to collapse
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.
V0latyle said:
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.
Click to expand...
Click to collapse
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.
Scammed said:
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.
Click to expand...
Click to collapse
Well, it can be hard to distinguish the difference between reasonable concern over privacy violations vs unwarranted paranoia, and you aren't the only one who's come to XDA with this type of story. Most of your assumptions are likely mistaken and can be simply explained by the nature of Android itself.
Remote intrusion of mobile devices is actually pretty rare. The most common ways bad actors get ahold of sensitive user information are: phishing, user-approved permissions on questionable apps such as TikTok, and "connected" social media accounts, where users allow websites and apps access to their social media profiles, or use their social media as a login.
Regardless, to the technical point of the matter, grayed out app permissions are not the result of hacking or surreptitious malfeasance, but rather the nature of the "rules" inherent to Android - you can't remove system apps or disable system-controlled permissions without root.
If you still think you have reasons for concern, this is my only suggestion:
Change your phone number
Immediately change all relevant passwords - minimum 10 characters, a mix of upper case, lower case, numbers, and special characters, do not reuse them
Enable 2 factor authentication on all accounts, ensuring your 2nd factor is something that you and only you have access to
Once done, sign out all devices signed into those accounts
Perform a factory reset on your device; even better, reflash factory firmware. Keep bootloader locked.
Do not use questionable apps