security question
Mark Gobbin
markgobbin at gmail.com
Thu Sep 8 22:16:24 UTC 2011
thanks for the comprehensive answer, i will consider this and see how the
project goes.
it would be cool to be able to set global permissions for apps - like
blocking access to internet or gps for all but specific apps. like a
firewall.
it seems like the hardware is not really thought through properly - you'd
think a company with so much experience could anticipate these issues. but
... when phone security becomes a problem people will have to upgrade to a
newer model... which sells more phones...so i guess it cant hurt their
profits to do a careless job first
On 8 September 2011 18:59, PaulK <paulk at paulk.fr> wrote:
> Le jeudi 08 septembre 2011 à 09:16 +1000, Mark Gobbin a écrit :
> > hi im just wondering, how is the security of this phone?
>
> Hi. The Replicant project currently supports 3 mobile phones:
> * HTC Dream
> * HTC Magic
> * Nexus One
>
> All these have a Qualcomm SOC (System On a Chip), which is bad on the
> freedom and security side because of how the hardware is done. You can
> read more about this issue on this page:
> http://trac.osuosl.org/trac/replicant/wiki/NexusSTechnicalOverview
> (which explains what's the issue with Qualcomm SOC and why the nexus s
> doesn't have these issues)
>
> > i hear there are trojan or spyware apps on android now. But then i'm
> > thinking, maybe regardless of operating system it may depend on what
> > apps I install or grant privileges to?
>
> Well, indeed, there can be trojans on the applications you install, just
> as it's possible on a PC. If you chose to use non-free applications on
> your replicant-running phone, then you have no idea about what it really
> does, and it can indeed potentially be a trojan, or have any other
> malicious (anti-)feature. So if the system you use on your phone is 100%
> free (as Replicant), it will only depend on the apps you install on the
> top of it (unless there is a trojan in the Android free code, but it's
> very unlikely since a lot of people have read it).
>
> > is it possible to install android apps or will the apps be totally
> > different?
>
> If your question is "are android apps compatible with replicant", the
> question is of course yes. Replicant is based on CyanogenMod which is
> based on the Android Open Source Project (AOSP) code. Replicant just
> removes the non-free bits from CyanogenMod and replaces these with free
> code (when it's possible), so the applications are fully compatible.
>
> So if you install a non-free app that has malicious features, then your
> device will be compromised, even if you run replicant.
> Anyway, we have a free-software repository client (an alternative to the
> market with only free software) that comes pre-installed on Replicant
> and that is called FDroid. You can find more infos about it on
> http://fdroid.org/ and browse the available apps.
> Just like the whole system, it's unlikely that a free app will have
> malicious features because everyone is welcome to study the code of the
> app, so if such malicious code was in a free app, someone would have
> seen it.
>
> > im thinking of using this for the reasons of privacy and security
> > basically
>
> This is the reason why Replicant exists: to provide (android-derivated)
> software that the user has control over: free software. One consequence
> of this is that system won't cause privacy issues (but the hardware
> itself can, see the rationale).
>
> --
> Paul Kocialkowski
> * Site web : <http://www.paulk.fr/>
> * Blog : <http://blog.paulk.fr>
>
>
> _______________________________________________
> Replicant mailing list
> Replicant at lists.osuosl.org
> http://lists.osuosl.org/mailman/listinfo/replicant
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20110909/43e80615/attachment.html>
More information about the Replicant
mailing list