Zaroad 26 Posted ... Hi, I found this report of UC Browser https://citizenlab.org/2015/05/a-chatty-squirrel-privacy-and-security-issues-with-uc-browser/ and it seems it leaks any kind of information such as IMSI, IMEI and location (this last one, only on chinese version) in plain text! Have you ever used this browser on your Android/Xiaomi device 1 InactiveUser reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... No, I haven't. I only use applications from F-Droid -besides the FOSS requirement, applications are also vetted for tracking libraries, which either get removed or generate a warning ("This application tracks and reports your activity").Thanks for bringing up this topic. The behavior of apps like UC Browser really is despicable. Grabbing unnecessary information (a map application does not need IMEI/IMSI to function), not telling the user about it, and then even failing to secure the transmission.Somewhat related story:Samsung epicly fails to securely fetch software updates, putting 600 million phones at risk of total exploitation.People, use Free & Open Source software.If you aren't permitted to read an app's source code, the app will read you. Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
OpenSourcerer 1442 Posted ... My general rule is to avoid apps from Google Play. If unavoidable, I look up permissions, if it offers In-App purchases, and in which country the dev is living. Last one is a trust thing.Problem: There also are apps which are very good despite being closed source. Examples: Öffi, Titanium Backup, wetter.com. Why? First is one of the most complete and easy-to-use timetable info for buses and trains. In Germany, I feel there's every region available, and no matter where you are, you will always find a station in your vicinity and take a bus or train if you wanted. There is no alternative in the open source world. Titanium Backup is one of the most powerful backup and restore apps I ever used. This is a good example of how some closed source apps can be much better than open source ones. I know only one open source backup solution for Android, oandbackup, it misses 80% of the features. Third is an extremely precise weather service. The open source variant OpenWeatherMap can absolutely not compete with its forecast precision. People, use your mind to decide which apps are useful for you and which are not. Open Source is not everything. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
zhang888 1066 Posted ... Cyanogenmod+Privacy Guard should block all those leaky applications.No other Android rom offers that out of the box, supposedly Android M will have such feature as well. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
OpenSourcerer 1442 Posted ... Cyanogenmod+Privacy Guard should block all those leaky applications. Unfortunately, it doesn't. It does not prevent them from sending things. You can hide sensible info like contacts, but your IMEI for example cannot be hidden by that.. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
zhang888 1066 Posted ... Cyanogenmod+Privacy Guard should block all those leaky applications. Unfortunately, it doesn't. It does not prevent them from sending things. You can hide sensible info like contacts, but your IMEI for example cannot be hidden by that.. I thought that's what you intend to hide.For more advanced hiding you have XPrivacy then, but I wouldn't recommend it the less tech-savvy people, as it can easily break stuff. https://github.com/M66B/XPrivacy Phone return a fake own/in/outgoing/voicemail number return a fake subscriber ID (IMSI for a GSM phone) return a fake phone device ID (IMEI): 000000000000000 return a fake phone type: GSM (matching IMEI) return a fake network type: unknown return an empty ISIM/ISIM domain return an empty IMPI/IMPU return a fake MSISDN return fake mobile network info Country: XX Operator: 00101 (test network) Operator name: fake return fake SIM info Country: XX Operator: 00101 Operator name: fake Serial number (ICCID): fake Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
OpenSourcerer 1442 Posted ... Yes, in comparison to XPrivacy, Privacy Guard inside CM is somewhat inferior, but easier to use. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lsat 23 Posted ... People, use Free & Open Source software. It doesn't help if you install Chromium on Linux 1 InactiveUser reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... lsat, you make a great point there!To be pedantic: I wouldn't consider Chromium to be true FOSS. It's a FOSS wrapper to download proprietary Google blobs (Firefox is not much better in this regard.) EDIT: removed link to Chromium story - I missed that lsat already included it. Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
zhang888 1066 Posted ... Firefox started to behave bad as well... Shoved us that WebRTC thing by default, then started with all the DRM and EME.Later added some Telefonica call-home by default, some Cisco stuff I used to like Firefox, but recently completely dropped it in favor of IceCat. Forgot to mention, avoid downloading "Free software" from Sourceforge as well. That free software will come bundled with malware. 1 InactiveUser reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
OpenSourcerer 1442 Posted ... Forgot to mention, avoid downloading "Free software" from Sourceforge as well. That free software will come bundled with malware. Would be nice if you included some.. stories. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
zhang888 1066 Posted ... Sourceforge bundled malware in GIMP, NMAP, VLC, Filezilla. Finally Google flagged this malware hub that once used to host FOSS for us as untrusted a few days ago. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post