More and more Linux based operating systems such as Android Kitkat (4.4) have now SE enforced mode. SE stands for Security Enhanced. It has been introduced at 4.3 already (passive mode) http://www.xda-developers.com/android/android-4-4-security-enhancements/ Actually it is a good thing to enhance security, but do you really know what it is and furthermore who has developed it? It is developed by the NSA! Whose slogan is: "Defending our Nation. Securing our future." That is ridiculous. Defending assumes current attack!!! Who attacts the US, except their own illusions? Defending from what? From 'Taliban’s'?? This is paranoid! Securing the future? Whose future? No honestly how paranoid one can be? It seems they have alienated their world, everywhere can be the enemy. It seems there can be no free world without those paranoid US American institutions. Cooperation with M$, Google and finally Apple. My personal dream is over. I thought with Android I'd have a free OS, but nothing. Since 4.4 the NSA is on board...... What do you think about? Would you trust a thief saying your jewels would be safe in their hands?! So why should I assume 'good' intentions of the NSA after the uncovering of Snowden? http://www.nsa.gov/research/selinux/
Yah, it sounds weird! We even need to have SELinux compatible kernel source to port KitKat for legacy devices. I have lost faith from Samsung after KNOX.
AFAIK KNOX is made to record changes of the OS also for warranty aspects...at least no US American paranoids. Wanted actually to buy the Galaxy Note 10.1 tab 2014...
Well, Samsung is gradually turned from developer-friendly OEM to a devil. I starts from introducing flash counter, then yellow triangle & then KNOX. I like watching the game between Samsung & Chainfire but the point is how are you treating the devs when you are delivering them kernel sources but also preventing them to work with it?? Sorry, if I divert the original discussion.
I sometimes think about getting rid of my smartphone and instead using a really old phone with barely any internet connection like Nokia 3210 or so - would be really "old school" at least But on the other hand, I really like it, I added some "security" or at least the feeling of it by getting rid of Facebook, WhatsApp and establishing a firewall that prevents any crap app from internet access. Using Threema only is maybe a step towards the right direction, but to get rid of everything you'd practically have to do much more effort.
I have to say this makes disappointing reading. The Android ethos is being chipped away at...... whatever next
Cody, you are right. It actually doesn't matter if Google or the NSA. But I don't know about the device manufacturer. Sure Samsung (the OEMS) has also closed source parts. What me concerns most is that all those come from one country and all cooperate together with the NSA. The accumulation of data by one institution. The huge potential of stored private data.... and all the lies. The more something becomes an important part on the market the higher is the probability that capitalistic interests are destroying an original idea. The OS gets adware, bloatware and finally a hidden backdoor?! What is left from Linux? Google and the NSA are arguing with security. They say the more people are using a particular platform the higher is the demand for security. So they introduce encryptions, security modules. Why? To protect YOU? To do something good for you? No! If I would need more security I want to have a open market with different solutions, with competition. I want to make my own decision WHO protects 'ME' Why has the NSA interest to develop Security Enhanced Linux? I mean really? The NSA thinks that they are doing the security stuff BEFORE the others are offering solutions which cannot be easily circumvented by them. And they sell that as good work as their job for the nation... Yes, open source does never mean more privacy. It also does not mean that it is 'free' then. There is a private community all over the world who has access to the source code, the community of developers is more or less 'free' and creative at least there is one besides of a monopolistic US company.
I have ordered it anyway. The Galaxy note tab. 10.1 (2014) LTE version. (SM-P605). Comes with Android 4.3, means SELinux is in passive mode. It also comes with KNOX bootloader. https://www.samsungknox.com/en/solutions/knox/technical The issue I have with it is: It is cleverly abused as all the security stuff that comes from those who want to sell...it is stated that it can never be safe anymore again if it has been once modified. And it makes them possible to enforce their bloatware. So they set the void flag! They claim that a custom kernel / ROM is automatically unsafe, because it has no security concept and comes from an untrusted source, but do I trust Google??? So Samsung made in addition to SELinux their KNOX environment, so to say they sign their system and say it is safe!!! THAT is the problem. Safe to enforce their interests together with google. Also they destroy the open source idea.... All I want to do first is to remove bloatware, therefore I'd need root. And Samsung says if you modify 'my' concept it cannot be safe anymore. If you'd lose warranty or not, is not the main aspect to me. In the EU in the first year of warranty (one has usually 2 years of warranty), the manufacturer has to prove that the customer has caused the damage which one wants to have removed. Only then the seller / manufacturer can refuse. And modifying the system does not causally lead to a hardware defect.
A shame then that although you pay for the hardware one never truly owns it from what you have posted. On the plus side, my wife had the Note 2 10.1 and I have to say it is very good.
have you guys heard of pdroid Code: https://play.google.com/store/apps/details?id=com.privacy.pdroid atleast we should protect our data from random app devs,
The tablet itself is top-notch, has a 4k display, that's the reason why I have ordered it. KNOX itself is also not the problem. The prob is: The flag is set irreversibly The flag is abused to deny warranty. If Samsung would just set the flag to tag it out of KNOX specifications (insecure) and would PROVIDE a method for any consumer to re-sign the system (download verified firmware / flash / verify /sign) it would be a fine concept. BTW: China mobiles for Android or even Firefox OS / phones will become / are an alternative.
Paranoid Android is the answer, in terms of any snoopers and whatnot by the "business" etc. being cleansed from the OS. On top, you may not install Google apps, if you so choose! But "they" would - if you were that "hot" to "them" - simply triangulate your position... Not necessarily try to hack into anything... So, only if you do not have it (any device) are you free... But then you must not use any credit cards, also..... In short, for a long time "they" (if really interested) can follow huge numbers of people if... But why would "they"?!? Whatever for would you be of interest...??? Just how "interesting" are you (to "them")?!? I mean, let's get "real"...
It's not about how interesting one is for any company or agency, it's just that many things are simply not their business. Life sure is great in a totalitarian state if you have nothing to hide. I'm quite aware it's easy to track a person with the right technical means... I just don't think it's necessary for big companies to know so many things about me - without me knowing what they exactly have about me, because just about every app has full access to anything on my mobile phone. Why does an app like a flashlight need full access to all my contacts and to positioning data? And I'm speaking of companies like Google or Facebook. So please stop the crap with "they", it's not about bats**t insane conspiracy theorists, thinking grey aliens reading their every single thought. I just want to be aware and to be able to control who stores what data of me. I also know it's impossible to fully achieve that if I want to live even near civilisation. Being aware, not being paranoid.
I guess there's a little confusion, Gorski is referring to the Paranoid Android Project (not to BE paranoid). It is an alternative just as Cyanogen...but the issue is that Android sources themselves are issued by Google. Nobody programs Android from scratch. Developers are relying on their sources, they have to, to remain compatible (using / providing defined APIs)..I mean an app can only run on Android when there are defined standards so to say that what makes android to be android. SELinux is a 'security' part made by the NSA and cannot be removed from the latest OS (kernel). Also KNOX is made by Samsung and is invalidated as soon as somebody tries to root the system / to flash an custom ROM. Alternatives just as paranoid Android or Cyanogen make you possible to get rid of their preinstalled bloatware, you can flash anytime an alternative, but be aware, you actually cannot fully get rid of google, better said their intentions.. So it is actually not much difference. To stay with stock firmware, to root it and to get rid of / to delete their bloatware, or to install an alternative which does not include their bloatware, at all. To minimize 'harm' such alternatives to install are best, though. And not to forget all the apps and their rights they demand when installed. Capitalistic interest cannot be deleted since capitalism is a major illusion of humankind. The more one gains the more one is...until he dies and has to painfully realize that there are no pockets in a shroud.
BTW: KNOX has been re-set successfully (to 0x0) at Samsug Note 3 Exnyos. http://sxtpdevelopers.com/samsung-note-3-knox-fix-qualcomm/ Also downgrade works: http://forum.xda-developers.com/showthread.php?t=2642207&page=9 Edit: It seems to me the warranty bit simply has been removed with this method. And some Samsung S4 security boot exploitation (for my referrence)... http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
Thanx for the help, Yen! However, having talked to the (PA for HTC Desire) developer (in private, too), I beg to differ. They tell me that the 'snoopers' etc. put in 'Droid by the corporation have been removed from PA and if you do not install the corp's package, then you have full control of what alternatives to Corp's apps can do, via the built-in and special apps features that are available to such (rooted) devices (without Corp's bundle)... Otherwise, like you do, so do I: firewall is also deployed to a rooted device and it's not allowing traffic without my say-so... Moreover, no money transactions via mobile devices, if I can help it... That is all done out of principle, not any genuine worry, 'course! There is no one alive who's more against terrorism than me (state terror included, US, Russia, China or anyone else!!!)! So, I have nothing to fear from that point of view - but still, it's the principle that ought to be taken care of, in anything we do!!! Realistically, though, there are people who do not give it a second thought about us, if our deaths and suffering helps their cause, so security forces have to have the tools to get the grip over this one. Of course, I would prefer if judges were authorising it, Parliaments overseeing it properly and investigative journalist and independent academics kept tabs on all of them, even if we forget the general public like ourselves... Be that as it may, the "balancing" here keeps changing as extremes (of power and its opposition) give succour and even raison d'etre to one another, feed off of each other and keep the rest of us in fear and most "in need of their guidance/protection"... Read Hobbes and weep... "Protego ergo obligo", as a principle, that rests on the belief of "Homo homini lupus" (or Homeini, if you prefer ) - just see his "Leviathan"...
"There is no one alive who's more against terrorism than me" One's anti-terrorism is the other's terror, thoughts / ideas are suffering from duality. To fight against something will never be successful.....only own self-awareness is. The individual has to wake up. To fight against makes 'it' even stronger...I mean people should become aware of what they actually try to protect...things and ideas with which they are identified...idem = the same, the major illusion, as long it persists conflicts are unavoidable. But what is up with 'the one' who has those ideas? (You know me, I am one of the proponents of the 'inner' revolution..and 'goal' can be only self-awareness. Nobody can be convinced of it, it cannot be enforced from 'outside'..... ) SELinux (made with the 'help' of the NSA) is a part of Android and cannot be removed. AFAIK devs can set it back to passive mode, that's all....the driving force that there is something essential to be protected will keep this all alive..communication and competition retard the things...but does not stop this illusion...conflicts persist because the idea of what is essential is just one's own idea and there is never agreement with everyone....hence we say 'own' interests... Can one / somebody protect 'oneself' at all? Or only all those ideas / things with which one is identified? And what are their real meanings to 'me'? Do I behave like I do protect 'myself' or are it just the things I have. I think this awareness would remove the need to defend 'one self', yes even life...life and the things I seemingly have are not the same, but illusionary 'idem', and there would be no place for dictatorship and fanaticism and terror. This actually applies to 'both' sides. NSA and terrorists. Oh..well, I don't want to go too far off topic here it's actually about SELinux and not about the 'core' of the issue. Just wanted to mention a solution needs a 'radical' change in 'awareness'... until that doesn't happen things will repeat...