Better Mobile App

Possible? True Security Protection?

Well I was just reading a thread about someone buying a Vibrant from someone who "found" it and this person was looking for a way to bypass WaveSecure.
We all know that with a little know how that it is possible with Recovery Mode.
The question I have is there a way to prevent even a Recovery Mode reflash? To absolutely stop someone from touching the ROM at all?
I know the Security Apps out right now can track you from GPS, wipe the phone remotely, etc... But can it stop someone from reflashing a ROM?
If there is a app out there like that please let me know, but if not, what would it take to create such a app.
What are YOUR thoughts??

What if this happens and then you brick for some reason need to reflash and it's locked. I would just bank on the fact that most people think that it's a "Droid" phone and don't know ****.

I was hoping for a question like that.
Either there is a security measure which at some point of using Recovery that it asks for a password or pin. Something that will allow you to access it securely and nobody else.
Yes, it is a droid, very true, but how many droids are out there now, are going to be out there, and with the new laws that allow you to unlock your device and pretty much do anything with it, more and more people are going to start playing around. Not only that, there is always somebody who knows someone, you know.
Personally myself, I would feel secure with having an implementation like this, everything else is pointless.
It's sort of like having a anti virus on your computer but not scanning for rootkits, only viruses.

The idea of that app sounds nice and all that but I seriously doubt that the average Android user would know about flashing ROMs and all that. But if it does get into the hands of somebody that does know how to do it then it can be a problem.

jzero88 said:
Yes, it is a droid, very true, but how many droids...
Click to expand...
Click to collapse
First of all these are android devices / android phones. I was mocking the people who call these phones "droid" phones.
Now on topic: All it takes to break this security is for one person to say, "I forgot my password on for the ==sUPERlOCKER== what do I do to get access?" Then all your worry is for nothing again.
What has been done can always be undone.

Sure, unlike me, I never forget my passwords. Especially for something this serious.
Second, of course something can be undo, but to what extent, after hearing your lack of concern makes me think you don't even have a lock on your phone
Again, would you rather have a password like "1234" that is easily guessed, or would you rather have something like "00LowJK54889$3%#". It's really a matter of personal security.
You sound like one of those people who would have Security Cameras, but never has the DVR on to record anything.

I'm saying your idea is bad. I have illustrated why. You have no counterpoint other than that I am 'relaxed' about my phone security.
How about this, keep your phone in your pocket or hand? 100% security.

This should be in general and not development
Sent from my Vibrant using xda app

This has been discussed a few times, you could compile your own recovery image and program in a password while at it, or you can accept that 90% of theives(or people who would find your phone) cannot get to recovery. If I found a phone then yeah I would go straight to recovery but I'm not your average user.
Sent from my T-Mobile myTouch 3G Slide using XDA App

I'm saying your idea is bad. I have illustrated why. You have no counterpoint other than that I am 'relaxed' about my phone security.
How about this, keep your phone in your pocket or hand? 100% security.
Click to expand...
Click to collapse
First, my idea is not bad, give it time, you will see.
Second, I do not have a counterpoint because my main point is stated in the first post. Read again.
Third, I don't care if you are relaxed about your security or not. This post obviously is not for you, another negative person who stunts development if they do not see a logical use for themselves.
I wish you the best and hope that you do not need to ever use such a tool or measure. Take it easy.

This has been discussed a few times, you could compile your own recovery image and program in a password while at it, or you can accept that 90% of theives(or people who would find your phone) cannot get to recovery. If I found a phone then yeah I would go straight to recovery but I'm not your average user.
Sent from my T-Mobile myTouch 3G Slide using XDA App
Click to expand...
Click to collapse
On the Vibrant forums? Haven't seen anything yet.
Also, I am not betting on a thief or someone who found the phone to be able to get to recovery, I'm worried about who these people might know. It's surprising to see how many people out here think that they are the only person in a 20 mile radius who knows how to do such mods... Maybe it's just the people I know but I know quite a few people who can easily google and find a way, easily.
I can bet that 90% of people here do not know anything except following directions, no pun intended to those who do. I definitely do not know half of what I should know, but again, is it really that hard?

Your own logic defeats what you are saying here. Don't you understand OP?
If there is a security measure, there will be a work around it? So why have more than ONE thing for the uneducated masses and stop there?
If the person who steals your phone knows someone who could get around WaveSecure, or any other security application. Then that same person can get around ANY AND ALL other types and forms of theft deterrent. If not, they will know someone, ask on forums, etc. UNTIL they gain access.

zaduma
Then why have any security on anything at all?
You my friend make no sense, good day!

jzero88 said:
Then why have any security on anything at all?
Click to expand...
Click to collapse
Ok, I will lay it out as simply as I can man. I do not want to argue, but you are missing why this is impossible to accomplish.
The existing security layers can be compromised by lets say... 10% of the population, seeing as most people who are thieves do not talk about it, most people dislike thieves.
So effectively 90% of people will be stopped dead in their tracks by having WaveSecure, etc.
The 10% who are not stopped however, can not be stopped by any means. None. They are the people who read these forums, have technical ability, etc.
Therefore having one layer of security means 90% of people are stopped from using your device. But it has ridiculously diminishing returns. With two layers, say stopping access to recovery, 10% are now stopped. Just boot into download mode and flash with odin. Stop download mode? First of all how? Second of all, there has to be a workaround for people who forget their passwords and stuff. And guess what, those 10% will know about that as well.
So please, address these issues and resolve them somehow, and your idea has merit. Without doing so you are wasting your time.
Also, much to your liking I will assume, I will no longer be posting in this thread due to your constant elevation of flaming.

Any security pro will tell you, if you have physical access to a computer, you can make it usable for you. The only real security you can hope for its to prevent access to your data by the thief. That's what full disk encryption and such is about. For our phones, we could achieve this much with a custom kernel perhaps, but how would you enter the password? No keyboard at that level.
The cellular providers can prevent the stolen phone from getting on their networks, and some do, but that's about as far as it goes.

Its like having a lock on your front door.. Its only going to keep out the honest people... Thats what they are made for, honest people, because dishonest people will just kick the door in.. And the good thieves can pick a dead bolt...
Sent from my SGH-T959 using XDA App

I'm starting to think this request/question is for the wrong crowd, truly it is...

If you build it they will hack it... Hands down... Look at the droid x, the unhackable phone, it took 5 weeks..
Sent from my SGH-T959 using XDA App

I agree, never did I not. This thread wasn't to debate whether a security measure could be hacked or not, the thread was created to see what we could do to implement such a measure.
I am totally aware of that. I know that if there is a will there is a way.
PERSONALLY, that is something I wouldn't mind having. Though some of you disagree and have a right to your own opinion, that is beyond the point. I am trying to see if a) is it possible. and b) what it would take to do so, and possibly c) if anyone was interested in trying or helping out.
So feel free to express your opinion. Mine is that you can never have enough protection cuz I would never bring a knife to a gun fight. But that's just me...
BTW, those who hacked the unhackable phone I would consider being part of the .01%.

jzero88 said:
I'm starting to think this request/question is for the wrong crowd, truly it is...
Click to expand...
Click to collapse
If you mean people that know how things work, I suppose. It's the same problem as drm. When you understand why that's not possible, you will understand this. Read up on jtag as well, you can't protect against that. 90% is about as good as it gets.

Reliable Write: The reason /system reverts back to stock

This is a quote from the Sprint forums. I happened to subscribe to the thread and got this through e-mail:
I have seen first hand the current level of protection HTC has built into the device, and it is impressive. Should some rogue software use an exploit to obtain root, and make changes to the /system partition, the system detects this, revokes the root priveledge from the process that obtained it, then reverses all changes to /system. The technology behind part of this is a feature of eMMC called reliable write. A write-up on a commercial adaptation of this is http://blog.datalight.com/doing-in-place-os-updates-for-embedded-devices here. This sounds ideal for ensuring that a failed OTA update won't break the phone, and protection against malware and the like, but it also makes it impossible to flash roms or make other customisations to the core of the phone.
Click to expand...
Click to collapse
-Posted by some guy named MS072467
Here is the link to the original discussion on Sprint.com:
http://community.sprint.com/baw/message/313016#313016

Wow is all i can say thatrs really involved thanks a lot HTC (eyes roll)

Sucks for root but makes the phone much safer from malware.

Seriously, it's a piece of brilliance as far as system security goes, and I hope we can continue to use it to our advantage once we've cracked the phone open, as it's a great idea. The problem is not that the system reverts writes, it's that we can't tell it what writes are good. We're locked out of our own devices, and the built-in security measures are being used against the owners. That's not good.

canteenboy said:
Sucks for root but makes the phone much safer from malware.
Click to expand...
Click to collapse
Malware is really that big of a problem to warrant a complete lock-down of the phone? Been using Android for over a year, downloading any app I felt like, and never once had a "virus" take over my phone.
Mike

mikeyxda said:
Malware is really that big of a problem to warrant a complete lock-down of the phone? Been using Android for over a year, downloading any app I felt like, and never once had a "virus" take over my phone.
Mike
Click to expand...
Click to collapse
Does that mean we ignore system security? Malware might not have been a serious problem before, but you throw something like this in, and it all but guarantees that it will continue to not be a problem for some time to come.
Again, the problem here is not that the phone is locked down, the problem is that the owners didn't get the key when they bought the property.

I honestly dont see this as a big saving grace. After all, most malware is likely to come in the form of rogue legit looking apps like a keyboard that could log our passwords without needing root.
IMO they weren't thinking of malware when they implemented this, they were thinking of xda!
Sent from my PG86100 using XDA Premium App

naw they were more thinking about how much $$$ they would save from being able to effectively push a software update correctly the first time...
if they were really that worried about keeping "xda" out of the phone they wouldnt be unlocking bootloaders. i cant even begin to tell you how much easier my job would be if i didnt have to replace one more device because they did an update and now their phone doesnt work.

sn0b0ard said:
This is a quote from the Sprint forums. I happened to subscribe to the thread and got this through e-mail:
-Posted by some guy named MS072467
Here is the link to the original discussion on Sprint.com:
http://community.sprint.com/baw/message/313016#313016
Click to expand...
Click to collapse
That would be me I started a similar thread on the subject here. It was moved to General from Dev some time ago.
Just to clarify, Reliable Write being the culprit was just an assumption, based on what we all see happening when /system reverts, and that it would be the most logical mechanism for performing the reversions, given that it is a feature of eMMC to begin with.
There was a dev who replied to the original thread that disagreed, and thought it may be a proprietary emulation of similar technology.
I contacted Micron to get permission to view the documentation of the technology but never received a reply.

sn0board - Many thanks for the helpful info.
The Shift uses eMMC and we had perm root after a fairly short time - lotta work (tip of the topper for the many who worked that) - but we got it.
http://forum.xda-developers.com/showthread.php?t=932153
I wonder if they'd implemented that feature for the Shift - visionary or z4root provide workable temp root without the difficulties here.

CyWhitfield said:
That would be me I started a similar thread on the subject here. It was moved to General from Dev some time ago.
Just to clarify, Reliable Write being the culprit was just an assumption, based on what we all see happening when /system reverts, and that it would be the most logical mechanism for performing the reversions, given that it is a feature of eMMC to begin with.
There was a dev who replied to the original thread that disagreed, and thought it may be a proprietary emulation of similar technology.
I contacted Micron to get permission to view the documentation of the technology but never received a reply.
Click to expand...
Click to collapse
Ahh makes sense now. The more information we can get on the protection mechanisms behind eMMC and the Evo 3D, the better.
It's odd that they keep moving these posts that talk about the protection of the eMMC. I mean, if we can't disable this write protection, then how are we going to develop ROMs for it in the first place?

sn0b0ard said:
Ahh makes sense now. The more information we can get on the protection mechanisms behind eMMC and the Evo 3D, the better.
It's odd that they keep moving these posts that talk about the protection of the eMMC. I mean, if we can't disable this write protection, then how are we going to develop ROMs for it in the first place?
Click to expand...
Click to collapse
Given that arguably the largest obstacle to loading the ENG bootloader is this eMMC protection, I don't understand how its considered irrelevant to development either.
In a way, I hope it is irrelevant. I hope its easier to break this thing than what I have read in the articles I posted would suggest.

eMMC JEDEC standard
I'm not sure who makes the eMMC chips in our phones even though I heard someone say Micron, but I would assume the support or use JEDEC standards which attempts to standardize environment, data handling and such. I am not sure what the current standard is even though I think it is 4.41. Here is an interesting pdf on mapped commands and bit setting used to handle the writing of data to eMMC. Standard in this PDF is 4.4.
http://rere.qmqm.pl/~mirq/JESD84-A44.pdf

Jason0071 said:
I'm not sure who makes the eMMC chips in our phones even though I heard someone say Micron, but I would assume the support or use JEDEC standards which attempts to standardize environment, data handling and such. I am not sure what the current standard is even though I think it is 4.41. Here is an interesting pdf on mapped commands and bit setting used to handle the writing of data to eMMC. Standard in this PDF is 4.4.
http://rere.qmqm.pl/~mirq/JESD84-A44.pdf
Click to expand...
Click to collapse
Interesting find

HTC clarifies how bootloaders will be unlocked.

Yeah, I'm not entering my name anywhere. Thanks anyway, HTC. Besides, AlphaRev and Unrevoked already did your job for you.
Since our last update, many of you have asked how the bootloader unlocking process will actually work, and in particular why HTC's most recently released devices still have a locked bootloader. Rest assured we're making progress toward our goal to roll out the first software updates in August to support unlocking for the global HTC Sensation, followed soon by the HTC Sensation 4G on T-Mobile and the HTC EVO 3D on Sprint. Because unlocking the bootloader provides extensive control over the device and modifications may cause operation, security and experience issues, new devices will continue to ship locked but will support user-initiated unlocking using a new Web-based tool.
So how will this work? The Web tool, which will launch this month, requires that you register an account with a valid e-mail address and accept legal disclaimers that unlocking may void all or parts of your warranty. Then plug in your phone to a computer with the Android SDK loaded to retrieve a device identifier token, which you can then enter into the Web tool to receive a unique unlock key via e-mail. Finally, apply the key to your device and unlocking will be initiated on your phone.
We're excited to bring bootloader unlocking to developers and enthusiasts, and we feel this new Web tool will meet your needs and continue to provide customers with the best experience. Thanks to the community for supporting these efforts!
Click to expand...
Click to collapse
https://www.facebook.com/note.php?saved&&note_id=10150305151453084&id=101063233083

I figured they would want a way to know exactly which phones were unlocked. i'll stick with alpha revs method.
From my mikmikoptimized shooter!

blackroseMD1 said:
Yeah, I'm not entering my name anywhere. Thanks anyway, HTC. Besides, AlphaRev and Unrevoked already did your job for you.
https://www.facebook.com/note.php?saved&&note_id=10150305151453084&id=101063233083
Click to expand...
Click to collapse
wow. some actual clarity on what they plan to do.

nice to see an update !
but for the evo3d is a bit late

Lmao,actually according to their explanation,their method sounds just like AlpharevX.It would be hilarious if alpharevX sold their method to HTC.

That blows. They couldn't just ship the damn thing unlocked.
Sent from my PG86100 using Tapatalk

ktulu909 said:
Lmao,actually according to their explanation,their method sounds just like AlpharevX.It would be hilarious if alpharevX sold their method to HTC.
Click to expand...
Click to collapse
Well, if he did I hope he didn't sell them the serial numbers of the ones already unlocked jk

I guess it all makes sense (har har).
If it makes the carriers happy, who cares if this is how they do it? I'm sure whenever they release a bootloader unlocker someone on XDA will take it and make it so you can do it without the email/key. We're gonna come out ahead either way.

Well i guess now they will know when we unlock our bootloader and warranty I don't care since I don't use the warranty anyways
If you don't have an Evo3d well you don't have an Evo3d

I'd be curious to know from Google, Sprint and Samsung how many problems they have from the NexusS4G being very easily unlockable...I doubt it's very many...and HTC should suck on that.

I don't know if that's as much of a fair comparison - with the Nexus being near stock I wouldn't expect them to be flashed/bricked nearly as much as with the Evo4G.
The OG Evo gained so much from flashing - features, kernels, whole new versions of sense. And it had so many updates over the life of the phone, making for different rooting methods and having people flash their phones many many times, making it one of if not the most developed phone we have seen.
I'm quite certain the brick count on those were some of the highest anyone's ever seen as well. That's after all the returns from dead pixels, bad charging ports, and what have you. You can understand a carrier/manufacturer's wishing to prevent all that.
By the same token, it feels like HTC benefits greatly from the development community, perhaps using a lot of what they see here in their own updates (maybe even waiting for people to fix their bugs). They definitely see value in unlocking phones, which I guess we should be happy about.

As long as HTC keeps their unlocked policy I will remain a loyal customer.

nhutpham said:
I don't know if that's as much of a fair comparison - with the Nexus being near stock I wouldn't expect them to be flashed/bricked nearly as much as with the Evo4G.
The OG Evo gained so much from flashing - features, kernels, whole new versions of sense. And it had so many updates over the life of the phone, making for different rooting methods and having people flash their phones many many times, making it one of if not the most developed phone we have seen.
I'm quite certain the brick count on those were some of the highest anyone's ever seen as well. That's after all the returns from dead pixels, bad charging ports, and what have you. You can understand a carrier/manufacturer's wishing to prevent all that.
By the same token, it feels like HTC benefits greatly from the development community, perhaps using a lot of what they see here in their own updates (maybe even waiting for people to fix their bugs). They definitely see value in unlocking phones, which I guess we should be happy about.
Click to expand...
Click to collapse
Were there that many bricked E4G's? I don't recall hearing about that many of them in my tenure on the forum...admittedly I barely spent any time in General that year as Development was bustling from before day 1.
...but, per capita I doubt the brick-count was that far off the average for any other popular phone worth rooting. God knows I did horrible things to mine and never even had to fix it via adb/fastboot.... it was a very popular phone even among the average joe.
I know that HTC benefits greatly from the dev community. Where do you think they got the FPS-unlock from? Among other things. That's how open source works and is designed to work. That's also why myself and others were so shocked with the whole 'locking' fiasco.
...now, aside from our own speculation about how high the brick rate may or may not have been why not speculate about something more productive: How LOW the brick rate could be if they utilized eMMC's secure-write technology to make a 'mega-recovery' partition that would be locked and even WE wouldn't want to unlock it....that could be used in a worst case scenario to fully restore a phone to stock...to enable the unlocking that WE want and reduce the (understandable) liability of allowing full control that they want. We get unlock, they get insulation from liability of allowing such a feature (that most people STILL wouldn't know about or care about)....why don't they do that? eMMC makes that trivial to implement (as we found out the hard way)...neglecting the fact that they could have utilized any number of simpler technologies to accomplish the same thing even before eMMC...why not?
That's a topic for further speculation (get your tinfoil hats ready), but, why don't they do that? Play both sides of the field. No voided warranties, no brick returns, no pissed off modders....win win win, right? The carrier doesn't want that? Cool, let us know, we'll flock to the carrier that allows it...something tells me Sprint would be that underdog...

ktulu909 said:
Lmao,actually according to their explanation,their method sounds just like AlpharevX.It would be hilarious if alpharevX sold their method to HTC.
Click to expand...
Click to collapse
Not at all like what AlphaRevX did. The only reason they had the serial number check was because it was in Beta so they could shut down their serial generator and stop people using their unlock if they found a problem with it.
This HTC method makes sense, and I think it's fair. Their tool only needs to hook up to your phone to get the device identifier token, the unlock actually happens on the phone itself. This way HTC gets a list of unlocked phones so when people go for support you can't lie to them that your phone was unlocked, but people can have day one unlocks on any phone from HTC going forward.

So now HTC wants to know who exactly is unlocking there phones??
Nice try you sneaky basterds

What's wrong with them knowing if you're unlocked? They have to do that... Otherwise insurance companies would get upset. This is legit and it if people screw their phones up due to user error while unlocked then they shouldn't be able to file a claim.
This also let's them see just how many people want to be unlocked so they don't try and take it away from us again
Sent from my PG86100 using XDA Premium App

Rippley05 said:
What's wrong with them knowing if you're unlocked? They have to do that... Otherwise insurance companies would get upset. This is legit and it if people screw their phones up due to user error while unlocked then they shouldn't be able to file a claim.
This also let's them see just how many people want to be unlocked so they don't try and take it away from us again
Sent from my PG86100 using XDA Premium App
Click to expand...
Click to collapse
yeah....I dunno. They could (relatively) easily make the phones nearly brick-proof (see my above post) yet they do not. Why? I'm almost irritated by all of the altruistic sentiment for 'doing the right thing'....not because of the altruism, I actually find that refreshing and endearing. It's more because they could take steps to nearly eliminate the potential for bricking (and in doing so insulate the insurance company from liability...making that a moot point), but that people are defending a position that needn't exist.

nhutpham said:
i guess it all makes sense (har har).
If it makes the carriers happy, who cares if this is how they do it? I'm sure whenever they release a bootloader unlocker someone on xda will take it and make it so you can do it without the email/key. We're gonna come out ahead either way.
Click to expand...
Click to collapse
+1000000000

Haha, sounds exactly how alpharev did it...hmm, maybe they tore it out of alpharevs hands, i dont know, sounds fishy.

daneurysm said:
yeah....I dunno. They could (relatively) easily make the phones nearly brick-proof (see my above post) yet they do not. Why? I'm almost irritated by all of the altruistic sentiment for 'doing the right thing'....not because of the altruism, I actually find that refreshing and endearing. It's more because they could take steps to nearly eliminate the potential for bricking (and in doing so insulate the insurance company from liability...making that a moot point), but that people are defending a position that needn't exist.
Click to expand...
Click to collapse
You don't know why they're doing it. Maybe they wanna track the people that abuse the crap out of wireless tether... Maybe it's for other reasons. Who cares, they are unlocking it for us and that's all that matters. I have nothing to hide when I root so I care less. If you're upset about it then there are other options.
People are getting exactly what they wanted and they still find a reason to cry... Get over it already
Sent from my PG86100 using XDA Premium App

Why won't google sell android pre-rooted?

I figure with apple it's a lost cause to begin with. I guess it's just how they want it. they want to limit the people to what they deem is good enough for iOS
but google and AOSP on the other hand...
it's an open enviroment with the source code publicly available.
why won't google allow the devices to come pre rooted?
it's like buying a windows PC, but you can't access the windows folder, or linux with no root access (no sudo)
It makes me think because of possible security breaches and possible lawsuits? but if that's the case, it would have happened with linux and windows machines that allow root access...
just got me curious...
what's the method to the madness here?

Its up to carriers and OEMs. Google has no say in the matter. On Nexus phones it is damn easy to root phones and the Nexus One practically was prerooted.
Google doesnt stop anyone from selling phones prerooted, in fact, I would assume they encourage it.

I've been wondering this for a while now actually.
I think I'd be tempted to punch the poor guy who sold me a windows computer with no admin access..
Why do we (as a culture) not get outraged we aren't suppose to have full access to our phones?
Being totally honest here.. the "you could mess something up" logic doesn't work for me..Try telling any computer user who has had to use admin access for *ANYTHING* that..

Agreed. Google really is a company for their consumers. As stated above I'd assume they'd have pre-rooted phones. Though, I wouldn't think it'd be up to the carrier, more so the manufacturer. The carrier usually has to do with their bloatware. HTC made a statement in May saying their new phones after said statment will have unlocked bootloaders (they haven't kept that by the way). Rooting is easy though, its just cracking though bootloaders that allows custom roms, now that's the issue, especially Motorola devices.
Sent from my LG-P925 using xda premium

perhaps when it's rooted, people will 'customize' it too much, causing too much warranty replacements, and the manuf doesn't wanna deal with it?
I assume they void this risk by making it so that it's hard and pita to root it, and causing void of warranty, so they aren't responsible when the phone is bricked.
but it's not like if I destroy my windows on my computer, dell will come and fix it. (they do provide the tech support though I think? I don't know)
problem is, we're a sue happy country. so... I think that has alot to do with it.

razorseal said:
perhaps when it's rooted, people will 'customize' it too much, causing too much warranty replacements, and the manuf doesn't wanna deal with it?
I assume they void this risk by making it so that it's hard and pita to root it, and causing void of warranty, so they aren't responsible when the phone is bricked.
but it's not like if I destroy my windows on my computer, dell will come and fix it. (they do provide the tech support though I think? I don't know)
problem is, we're a sue happy country. so... I think that has alot to do with it.
Click to expand...
Click to collapse
youve pretty much nailed it. almost.
99% of PHONE users do not mod and do not need/should have access to things that can prevent their phone from working anymore.
Imagine just being some dumb-ass, who 'pocket dials' deleting system apps, or the phone.apk... or is 'deleting the garbage' in download folder.. BUT its NOT the download folder... oops!
but you are no normal dumb-ass, you own a multi-million dollar company, and you cant receive or make time sensitive calls!!!?? because you accidentally deleted important stuff in your pocket... that IS a law suit.
remember this is a PHONE, not a computer.
tabets you have a case...

There should be a option when you first boot (or reflash) more or less like this:
Do you want to root your phone?
Root is used by advanced users and developers. If you don't know what this means, press 'No'.
Yes////// No
Sent using Mini CM7 Pro by Paul

.
Thread moved to Q&A due to it being a question. Would advise you to read forum rules and post in correct section.

The biggest issue lies with the carriers and manufacturers, not Google. The carriers don't want you to use wireless tethering without paying them for it. The manufacturers don't want to replace phones broken by some idiot that doesn't know how to read.
I agree that most users don't know what root is and have no business modifying system files. However, it would be nice if all phones were as easy to root as Nexus phones. Just OEM unlock and be done with it. Unfortunately folks would catch on and tethering would skyrocket. The carriers can't have that.
There's also the issue of malicious apps. On a non-rooted phone, an app can only access so much data and its permissions are laid out in plain text upon install. On a rooted phone, an app without any permissions can access the same data. People are used to always accepting when Windows prompts them for admin access, and they'd do the same when prompted for Superuser access. I wish all of the root methods released, specifically the automated ones, required you to pass a test before rooting. There are too many people rooting their phones and then getting into a jam because they were too lazy to read.
I feel like the number of uneducated root users would drop if carriers and manufacturers would do a few things. If carriers made tethering plans affordable, people wouldn't root just for that reason. If manufacturers made bloatware uninstallable - not stuff like phone.apk or systemui.apk, but the apps that can be downloaded from the market or aren't necessary for the phone to run - then less people would root for that reason. You'd also get less obnoxious reviews on the market saying "omfg like I can't uninstall it you suck I'd give it zero stars if I could" that lower the rating on well developed apps.
Okay, end rant.
Supersonic Evo 4G | MIUI | Tapatalk

plainjane said:
There's also the issue of malicious apps. On a non-rooted phone, an app can only access so much data and its permissions are laid out in plain text upon install. On a rooted phone, an app without any permissions can access the same data. People are used to always accepting when Windows prompts them for admin access, and they'd do the same when prompted for Superuser access.
Click to expand...
Click to collapse
Agreed, with a rooted phone you'll definitely have a less secure system if you don't know how to use it correctly. This point alone makes it not worth to give root access to normal users imo. I'm an app developer and I can say that I manage fine without a rooted phone and I have absolutely no need to root either, so far...
I can add that I don't live in US either so I don't know what kind of limitations you are bypassing there by rooting but that WiFi tethering is no problem for me without root access.

Would you hardware mod your NT? With other noobish bootloader conversation.

The thread that Adam and others are using for development level conversations about the unlocking of the bootloader is awesome, but it goes over the head of many of us enthusiastic noobs.
This thread is so that we can try and move our questions and confusion to here so as to un-clog the other thread.
It looks like the only way to bypass the bootloader we have seen so far, is to perform a hardware mod. After the hardware mod, we should be able to boot from SD or reinstall the ROM.
Discuss!

If i first get to have the chip from outside USA i surely will go for it, if its totally worthy.

Really, for me, it depends on just how involved the hardware mod is---whether it requires soldering and such.
Sent from my rooted Nook Tablet using Tapatalk 8)

I wouldn't mind doing it myself, no matter the level of difficulty. Also a send-in service by some 3rd party company (N2A comes to mind). We'll see what the success rate is, and what can be done.

I already opted for $50 more than the KF, then another $40 for a 32gb sd card... i cant see spending even mor eto buy the mod chip. At that point, i shouldve bought a better tablet.
I'll wait on a software bypass, it'll get here eventually.
Plus, i have no interest in linux. I doubt i even need ICS, but if it comes and its free... why not?

From what I have read so far the hardware mod would not be challenging or expensive. Two screws and 4 solder points. According to Adam the chip is only $3 USD, and I would assume that it could be programed with a printer port.
I already opted for $50 more than the KF, then another $40 for a 32gb sd card... i cant see spending even mor eto buy the mod chip. At that point, i shouldve bought a better tablet.
I'll wait on a software bypass, it'll get here eventually.
Plus, i have no interest in linux. I doubt i even need ICS, but if it comes and its free... why not?
Click to expand...
Click to collapse
I think the cost of the SD is irrelevant. You would have to do this with any tablet, and if your comparing to the KF then this one section of your argument is even more so invalid.
The mod chip also looks like it will be very inexpensive.
EDIT: I highly doubt ICS will be released for our tablets by B&N ever... So we will be waiting for someone like the CM team to get it working for us.

The hardware mod interests me even if solely as a way to learn a bit about embedded security. I do find it unsettling that I can't install linux on my linux computer.

I don't want to be dependent on having a boot sdcard installed at all times. A hardware modification is good ONLY if it leads to PERMANENTLY disabling the anti-hack mechanism so that the hardware modification doesn't have to be performed again every time the device is booted up.
I would accept precisely this;
Plug in some device,
Boot on sdcard,
Modify the secure boot process WITHIN DEVICE STORAGE (not within RAM),
Remove device,
Store on shelf until it is needed for another hacking project.
There are multiple options for modification of the secure boot process, in particular, replacing the signing keys stored on the device allowing us to use OUR OWN signing key to satisfy the secure boot process. Another option is to eliminate the signature check. I believe that the former will be simpler since it is just a DATA modification rather than reverse engineering.
I wonder if the hardware has an equivalent of "S-OFF" that HTC phones have? As I recall, on most HTC phones, there is a ONE BYTE EDIT that has to be made within one partition of the eMMC to TOTALLY disable all of the device's bootloader sig checks and hardware write protect. The issue was that the partition in question would be hardware write protected. Presumably, with the hardware modification for NT, a similar state *should* be achievable.

The_Joe said:
Would you hardware mod your NT?
Click to expand...
Click to collapse
Absolutely not!

I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Sent from my SGH-T989 using Tapatalk

Pete1612 said:
I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Click to expand...
Click to collapse
Whaaaaa???
Unlike you, most intelligent people will select jeweler's tools to open something like this rather than a crowbar and a sledgehammer.
Further, most people would actually perform the modification using a temperature controlled and grounded soldering iron, rather than an acetylene torch, thus no damage caused even internally.
As far as warranty goes, it is EASY to restore it to factory condition, unless you use the Neanderthal approach to hardware modification, in which case warranty provision is determined by YOUR HONESTY to only warranty it for something that YOU DID NOT CAUSE (in which case there is no morality issue to be worried over).

I also wouldn't because you never will get your in the same condition as it was before you opened it and everybody can see that you did something to the device. You also don't have warranty anymore after that process.
Click to expand...
Click to collapse
Soldering is not that big a deal once you have developed the touch. I am fairly certain that I could solder the four wires required for this chip and then later un-solder them and no one would be able to tell.

It's a great device regardless of installing a ROM. I just rooted it and installed the gapps and OTA block. I still have all the B&N stuff and everything work fine. I have all the apps loaded I want (that make sense without gps and 3g) and I WOULD hardware modify this puppy in a heartbeat to get back what I have if B&N happens to force an OTA through that took away root.
I have been having a lot of fun trying lots of different apps and schemes. The hardware mod is easy and I have already taken it apart and looked at where the soldering goes and it is back together without a hitch.
Big hand to the devs who are doing their thing so we can do ours.
Bill

Oh yes, I'm sure he had a rock and mallet in mind for the modification. How neanderthal of him to suggest that hardware modification is well out of his, and many other's, reach.
It's easy to unroot. I doubt physically messing around with the internals using any manner of ultra sophisticated museum art thief tools will leave behind changes that are unnoticeable.
Duely blundered from my thunderdolt

I would do it just to do it. I am one of those guys that just like to mod stuff for the hell of it. No, I'm not very good at creating any of the mods, but if it will make my experience better and it's not rocket surgery, I'm game.
As for the warranty issue and opening up the case, it really doesn't look like its that big of a deal. I am guessing that with a set of precision screwdrivers and a guitar pick it can be opened simply and be very nearly undetectable. Besides, if I am going to open it and solder it, I am not worried about the warranty anyway. If someone IS worried about it, then they shouldn't be doing anything that will void it.
JM2C