This is a long shot, but I since the demise of Google Reader (which this app supported) the developer has decided to no longer continue the development of this app. A tragedy; I think we as a community should try and sway him to continue it instead, adding new back ends, both Feedly and TOR (TheOldReader) support would be great. I would love to continue using this app, as it is probably the best RSS reader I have encountered on Android. It is my hope that we can either convince him to continue the project or allow someone else to (any volunteers ?).
Flow Reader gives you an easy way to be on par with your RSS/Google Reader feeds on the go. It was built to provide a minimalist and seamless experience for offline browsing, while delivering additional features not found in similar apps.
Some of the main features include:
- A sleek and fast user interface;
- Offline item content and state caching;
- Multiple simultaneous downloads for fast content synchronization;
- Content filters that automatically mark as read the items you're not interested in;
- Sort items by state (latest/unread/starred) or author;
- Smart algorithms that remove ads and other undesirable content from items;
- No ads.
Click to expand...
Click to collapse
The Developer posted this statement in the most recent app update:
As you sure know by now, Google has discontinued the Reader service, so this app is no longer functional.
Although I am very happy with the (unexpected) success of this app, I've decided to no longer update Flow Reader. This is due to several reasons: a) I built this app "for fun" and to my very specific RSS reading needs. Although I very happy to see that a lot of other people enjoyed it, I was in no way ready for attention it received (due to multiple technical and logistic reasons); b)This app was essentially just a prototype turned into a final product. The Code is very messy right now and it's becoming harder and harder to make any further changes, let alone any major ones (like background updates). c) The app is *very* tied to Google Reader backend, which means that giving proper support to another service would require a very significant amount of effort.
I am very thankful to all my users (especially the ones who donated and gave feedback!), but I hope you can understand the reasons behind this decision - continuing to work on this app would require a major rewrite and too much time trying to (once again) and make the pieces all fit with "spit and glue".
If you are interested in any future app I might develop, you can be notified about it by sending me an e-mail using the button below. You will know beforehand of any project I might be working on (and maybe even receive an alpha/beta version of it?).
Thank you again - and hopefully this won't be the end
The Developer
Click to expand...
Click to collapse
Those who have used the app please voice your support to continue the project as I have emailed the developer the link to this thread.
(Flow Reader dev here)
Right, here's what's going on:
Personally, I'm not very happy with any of the current readers on the Play Store, so the idea of building the next iteration of Flow Reader is one that I really enjoy. Unfortunately, I simply don't have the time that I would need to keep developing it any further. I now have a full time job and not much patience to keep working on the app on my spare time.
The thing is, I have several unique ideas that I believe would greatly improve the experience of Flow Reader. Actually, some of these already graduated from just ideas, as some prototyping is already done and working. I also think there is a decent amount of money that could be made from them, so I'm not very willing to just leave them out in the open.
The fact is, though, it is very unlikely that I'll ever finish this new version of the app that I'm building. I can see two options right now:
OPTION 1 - The cooperation route:
- I will pair with another developer (or a small group of developers). Bear in mind that the code is reasonably complex, so i'd rather work with someone that feels confortable around code.
- The code of Flow Reader will remain closed, but shared with the people that want to be part of this project;
- I will take care of the things that I believe to be my greatest strength: UIX and prototyping. But I will always be open to suggestions on these areas.
- The profit of the app will be split 25% (for me) and 75% (for the other developer(s)).
OPTION 2 - The free route:
- I open up the code of Flow Reader under the condition that it will forever remain open-source and free (under an attribution, no derivatives and no commercial use licence).
- I will no longer will have any direct input or cooperation on the app.
Also, I honestly think it would be better to start the app from scratch. The code is a complete mess right now so trying to build more features upon it would just be less efficient. Still, some techniques and code used in Flow Reader could be reused to save some time.
Choices
I have been a user of Flow Reader for some time and was really sad when it stopped working and that the dev stated that there was no longer going to be updates to continue after the demise of Google Reader.
That said, I totally agree that it should be continued into the post-Google Reader era of RSS news. I originally created a post on Reddit in which I stated that for the continuality of Flow one idea would be to open source the code on a git site to allow others to progress his work further.
Understandably this poses the risk of Flow Reader loosing it's (work)Flow. All that time and effort the dev put in to creating a stunning, and above all easily functional, UIX could well be lost. On the other hand the simplicity of this RSS reader coupled with its parallel article downloading feature would live on and enrich many an Android RSS fans.
So here I am on XDA, stating my opinions for the two options presented.
For the Closed Sourced Approach:
The idea of sharing the workload will mean that whoever is chosen to work on Flow Reader will most likely have a great deal of knowledge to input in to this project. It also means that the UIX will not change without considerable thought first. This I applaud.
The fact that the developer says that the proceeds of the app will be divvied up indicates to a paid app, further indicating to (hopefully) a group of developers with the incentive to push great work "out the door".
For the Open Sourced Approach:
The hands of many a developer could make this app into something even better than it already is....
...or it could ruin it with out the guidance of the one who had the vision in the beginning.
Usually in the open source community when there is a bug and/or a missing feature, if someone with the appropriate know how can fix it, it shall be done.
A question, then, to WildMoves. Would those who have donated need to pay again once it arrives back on the play store? That is if you are going to make it a paid for only app?
Either way, with the way that Flow Reader handles feeds I honestly have never, and believe never shall, discover one better. To which I would like to say that no matter which direction the dev goes, I will support and give as much feedback as I can.
Again, great work mate and keep on coding,
Skinna a.k.a Skinnx86
Skinna said:
I originally created a post on Reddit in which I stated that for the continuality of Flow one idea would be to open source the code on a git site to allow others to progress his work further.
Click to expand...
Click to collapse
Yes, when I posted my answer I was still trying to develop the next iteration of Flow Reader. I built a prototype to test several ideas before I came to the realization that I couldn't build the full app the way I wanted to in a feasible amount of time and still... well... live. :\ So I am now receptive to offset most of the workload to a developer or group of developers (hence the 25/75 profit split).
Skinna said:
A question, then, to WildMoves. Would those who have donated need to pay again once it arrives back on the play store? That is if you are going to make it a paid for only app?
Click to expand...
Click to collapse
I have the email addresses of everyone who donated, so I could probably create a mailing list to deliver full versions of the (paid) app outside the Play Store. Assuming that I would have the approval from the other developers, it would be a good sign of gratitude to those who donated, IMO.
Reasonable Thoughts
Well a man has to live. To spend your free time developing and building something you would expect some payback of some sort. But thank you for remembering us early adaptors. I know I for one will be thankful, I can but imagine others will be too.
As much as I was appreciative of the beta's being sent to us, but in case you did not hear, Facebook updated some peoples app out side of the play store. Now Google have banned out-of-market beta testing. I believe that sending an apk to install initially will work and should update through the play store correctly.
Hi again,
Bit of another weird question but i'm looking up applications that have issues such as memory leaks, Power drain Issues and a like. TBH, any application there is out there from sat nav to gaming, From simple notepads to full office suites. Everything and anything basically. Wanting to make a comprehensive list so that when we get our 'reports' sent to us it will flag up the particular application the customer is using that may be a issue. Even ones that have issues with certain versions of android.
Again, Thanks for any help
Ok then, Let me rephrase the question,
What applicatiuons do people know about that cause issues. From malware like GluMobi to Memory leaks of mGlow or Resource Hogs like hotmail to network hogs like netflix. Security issues like the one in apache cordova 3.5 and below to simple storage eaters like The SIms Freeplay.
ANY issue, not matter how big or small basically that can cause ANY potential problem. Technically, Its going be a HUGE list
Bugs, Battery Drain, Issues with certain versions of Android, battery drain, LITERALLY anything, No matter how big or small.
Thanks again
It's flat-out impossible to maintain an accurate list of what you're asking for. Most issues reported in most cases would be fixed within a few days as the apps get updated. Simply asking people to report these things is also a dangerous precedence and an ineffective way of doing it as there will be prejudice left and right, users reporting subjective information that isn't technically true and/or applicable to their specific phones and/or ROMs only. And how would you make comparison? How slow, leaky, disruptive etc does an app need to be to make it on the list? What if an app gets added that had real issues, gets fixed the day after, and then remains on your list for several more months because no new reports are coming in? It would be rather unfair to the developer(s).
Any truly disruptive apps are eventually removed and banned from ALL app repositories as the app host gets complaints about it (like Google bans apps from Play Store), so there's no reason to make a list of them here.
If i misunderstand your intentions with this list, i'm sorry. But you have more explaining to do before this idea makes any sense.
RobbyRobbb said:
It's flat-out impossible to maintain an accurate list of what you're asking for. Most issues reported in most cases would be fixed within a few days as the apps get updated. Simply asking people to report these things is also a dangerous precedence and an ineffective way of doing it as there will be prejudice left and right, users reporting subjective information that isn't technically true and/or applicable to their specific phones and/or ROMs only. And how would you make comparison? How slow, leaky, disruptive etc does an app need to be to make it on the list? What if an app gets added that had real issues, gets fixed the day after, and then remains on your list for several more months because no new reports are coming in? It would be rather unfair to the developer(s).
Any truly disruptive apps are eventually removed and banned from ALL app repositories as the app host gets complaints about it (like Google bans apps from Play Store), so there's no reason to make a list of them here.
If i misunderstand your intentions with this list, i'm sorry. But you have more explaining to do before this idea makes any sense.
Click to expand...
Click to collapse
Im in total agreement with what you say and this is just an extra feature that we are adding to what we already have. I work for a company in the UK and our intentions with this is we already have a system that checks clients hardware/software for what it has as we do a lot of work for many other big companies in the uk (all of them basically) as we have some very good engineers here. THe idea behind this database is just to flag certain things that may be causing issues and its more for internally than anything external although that as come up in meetings about adding this feature to the program we plan to release in the near future where 'certain' clients will be able to access our databases with our app we provide them. This is all preliminary at the moment and as i say, For our internal use only. This is why im looking for such a vast catalogue of problems, whether rumour or not
is not an issue at present. I'm just building the bare bone of this to test out how it works against our other databases and how easy/effective it will be working with what we already have.
Thanks for your answer and that's the conclusion we were at also. The fact that pre bundled software as total access to all information is kind of worring which we have dug up. This allows other programs that can get access to any of that information if it can pull a request from said bundled software. Example would be a program that requests use from the bundled program to read a PDF file (with the bundled software been a PDF reader). This is given access and then allows all the privileges of the bundled software. This is very very dangerous and a concern as most phone companies chuck plenty of bundled software (often not wanted by the consumer) on to there phones.
I was working on the 2G,3G,4G radios on all major phones the other week so im accustomed to A LOT of data entry
Thanks for your help my friend, Its good to know what we thought would be true but we have dug up a few other issues by doing this, So its not all a loss
EDIT: A piece of software still available and apparently malware/spyware is droiddream (bicchali.harish.droiddream) from what i can find on it. Also, Livelocker (net.livelocker) looks as if its got malware/spyware. As you say, What defines spyware is different in different peoples opinions but me personally am dubious about everything, As i think everyone should be but they are not. People just don't care as long as they have their facebook and crap lol. Point of interest about facebook, Funded to the tune of 12.8 Million by In-Q-Tel to get going, WHich was formed by the CIA. Just a little nugget there
I'm surprised no one as ANYTHING to say on the matter, Even if it's just on a whim that they hate app for x, y,& z. I have plenty personally lol
The single most important, most debated subject of being online - privacy and security.
While security is undisputed, privacy aspect is.
So what exactly is the concern? As normal people in normal professions (which is easily more than 90% of the population), is there a need for worry?
For a long time since I started using smartphones, I had a natural inclination towards remaining anonymous and private online. I would always use incognito browsing for everything I do online, never create an account with a service as much as possible (e.g. I would watch YouTube videos without signing in), etc.
With time, I began realizing that I am actually missing out on so many interesting things that matter to me, and much of the content that would interest me would be made available to me without much effort using machine learning and artificial intelligence, an area where huge investments are being made.
So slowly I started accessing content and using services with my Google account. Over time, everything from Google feed to YouTube videos were showing me content that I am interested in, and sometimes they were so intelligent that I have been amazed with the whole technology that is at works. Surely, you cannot expect a doctor to give you the right prescription without giving him complete details about your problems. You can't talk privacy there. So unless the system learns what you like and what you don't, there is no way it will present stuff (including ads) that will be interesting to you.
With that said, why are are we overemphasizing this aspect of our lives? Is the privacy lobby inflating the privacy problem more than is necessary? Especially since much of what Google learns (according to them) about you is private, and only you can access/ control it, and also because the open-source alternatives are overrated. I say overrated because there are no audit reports (from trustworthy audit entities) available. Their codes may be available for audit, but is there a trustworthy source that is actually auditing them? Are the platforms where they are available being audited? So the issue of privacy and security applies to these platforms too, and more so because they aren't scrutinized as heavily as Google products and services.
As far as more personal info is concerned, like location, age, gender, searches I perform, accounts, mobile number, etc - Google already has all those because I provided them with much of that info when I created my account. Sure, one can always provide fake info for some of them. But if you use 'Find my Device', you are pretty much giving away your location to Google REAL-TIME. While this can potentially be misused, how else is Google supposed to help you if you were to lose your device? Mobile numbers and email addresses are necessarily required to be correct because they are needed when you are locked out of your account. They are the only means to get your account back.
While I am a strong proponent of privacy, I also feel that too much is made out about a lot of stuff that aren't really something to worry about. Those stuff are essential to get the service we expect in return, in other words, putting technology to use.
That said, it is still important not to give anyone a free hand over data, and there has to be several layers of checks and balances, and accountability for safeguarding and using them.
All that said, my current position is this. Make best use of the technology at hand, because if you don't provide the necessary inputs, there cannot be a proper output.
As with some things that we do online which we might want to keep completely private, use a non-google browser (like Firefox Focus or Duck Duck Go) in incognito mode with Duck Duck Go search engine.
For everything else, use GOOGLE (assuming there is accountability and severe penalties for violations).
Reserved for additional info.
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Sridhar Ananthanarayanan said:
@Ultramanoid
We may continue the discussion here.
I have a few specific questions for which I haven't found answers. May be you or others could answer them. I'll compile them and post these later.
Click to expand...
Click to collapse
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Ultramanoid said:
I have a hard time understanding how you can say you're a strong proponent of privacy, while at the same time justifying how you exchange yours for convenient services.
I can't justify that exchange, and yet use, work in, and develop in an IT field. No Google account here. So it'd be difficult to discuss the issue when our basic premises and understanding of the situation are completely opposed.
I want a good mail service, so I PAY for it, with MONEY, and I assure you it beats all the tech prowess and illusions of magic that GMail and its indecent, immoral, and insulting data mining and tracking provide. Same for everything else.
The aberration that is 'service' ( lower quality feature set, no support, security issues, client is the product ) for information, which, as mentioned in MiX's thread, also has the tremendously damaging side effect of reducing to zero the value of good honest developer work. 'Google gives it for free' -- No, it doesn't, and no, it's not free.
Edit : And by the way, giving your data away not only puts you at risk, it puts others at risk as well. Unacceptable.
Click to expand...
Click to collapse
You spoke of making 'reasonable compromises' on the MiX thread.
I have only elaborated the same. How does it matter if Google learns what I like to search on the internet? I am willing to give them that information so that they can provide me with content I am interested in, so that my news feed is mostly content I like to read/ watch, and little garbage. In the process, if they are showing me ads relevant to me, what is wrong with it?
My view is based only on this premise that this is how my data is being used. I have never had a financial security issue (like money being stolen from my account) because of what Google learns about my internet activity.
Also, I am assuming that Google won't learn anything about the searches I may do in incognito mode. They are supposed to respect the privacy. I'm aware they have been sued for not adhering to it strictly.
So assuming that they stick with usage of data as per their declared privacy policies and in accordance with laws, what is the problem?
Sridhar Ananthanarayanan said:
You spoke of making 'reasonable compromises' on the MiX thread.
Click to expand...
Click to collapse
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Ultramanoid said:
As to security. As long as you rely on someone else's software, some company's cables and infrastructure, there's no other way.
No reasonable compromise on privacy in the "service x information" business model. It needs to die.
Edit : Have a look at this; https://privacytools.io ( "Privacy? I don't have anything to hide." )
Click to expand...
Click to collapse
I think the moment you are online, you are presenting yourself to be tracked. No matter what tools you use to safeguard your privacy, a country's intelligence has an upper hand because they have the resources and much more advanced technology that is not commercially available.
They can also set up something like the link you shared as just another means to track you (by misleading you into believing that you are remaining private and anonymous).
I think one can truly stay private only by staying away from technology. Otherwise, you are just opening yourself up for tracking.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
indestructible master said:
nope, check here
XDAevDB Information
[ROM][UNOFFICIAL][10.0.0][raphael] LineageOS 17.1, ROM for the Redmi K20 Pro
Source Code: http://bigota.d.miui.com/V11.0.1.0....NGlobal_V11.0.1.0.QFKINXM_5e75bba584_10.0.zip
this is source code for ROM, they are always released somewhere, github, dont matter, but they are released, you just need to look it up
Click to expand...
Click to collapse
This is not a source code ... Just because it says source code, it doesn't mean it's a source code. That's a zip file containing the OEM firmware from Xiaomi.
indestructible master said:
my view on this is:
i agree, you should protect privacy as much you're able to, but if you need some services and you need "to give up privacy" for acquiring that service you need, then for me it's legit.
i wouldnt go all crazy on privacy as many go (to completely ditch google, windows, and become open source - privacy - government consipiracy evangelist), but i wouldnt rely on them for my whole life.
yes, i use google calendar and notes and all my data is on google, and if google go down or misuse my data, maybe i will lose that data but still i can easily use on another platform one stop working or is not trustworthy (publicly misuses data)
i love to use custom ROMs not to ditch google or become privacy conscious (using f-droid and living under rock without google services) but to ditch stock ROM from manufacturer as i dont like any manufacturer stock ROM, i want just their hardware, and software i want to be my choise.
for normal people storing something on google, microsoft, apple is not at all bad idea, when you store not that important or sensitive data on google. but i would never upload any top secret, sensitive data on any those services, as they WILL allow governemnt to exctract data (like edward snowden said ), so anyone from governemnt can access it or even misuse it, but if you dont store top secret sensitive info on those services you are fine.
if you want to store top secret sensitive data you would make it and encrypt it and store local copies.
and for google search, same applies, you will be fine with normal use, use firefox and duckgo , and also ingonito dont respect any privacy, it just make to browser not to store history, everything else is visible to them, unless you use firefox and duckgo.
and also many say vpn secure you (ones you buy) , but i wouldnt trust not even them (even if you pay), if you want to have encrypted connection you better MAKE your own VPN server (you can buy remote linux server online and make it as VPN), carrier to whom you pay for server dont care what you store on server (because you pay for it) and if governement comes to there he wont be able to provide anything.
but still even with all said, i dont advocate on trusting government as they dont care about freedom or rights, they care just about power, so protect privacy as much you are able to, but dont go all crazy on it, because best way to be secure on internet is not to use it at all, as at the end of the day dont forget that all intel, arm, amd chips (hardware) are hackable and exploitable to survevilance if they want to
EDIT: and also always remmeber, if you are censored for your rights, you have full right to protect your right, but i didnt got censored for searching for something on google. maybe google censored it to control media, but everyone do it, even media is manipulating you with fake news.
like if i am in china and i cant open news that reveal china government because china censorshiped that source "for greated good", i would use linux, tor and vpn so i can bypass censorship to know what's right. as long you dont face censorship for your rights it still okay to use those services, but if someone censorship for your rights, then its time to act and stand up for yourself, and not accept anyone's "censorship for greater good".
Click to expand...
Click to collapse
As I said, we are overemphasizing on many of the things and linking them to privacy. Much of the seemingly private things have no bearing in real life, even when made public. Because, no matter where you are, you have to adhere to the local laws and your internet activity isn't important (unless one is into prohibited activities).
It is a very niche segment of people (like those working for intelligence, journalists, etc.) that must pay special attention. For most others, there isn't too much to worry about, as long as the companies providing services adhere to data regulations and act with responsibility.
atttoush said:
You know what's funny, people talking about privacy (intrinsically security also), yet many (and by many I mean the majority) of ROMs released on XDA are released without source code. Devs link to some other sources other than the source to be able to build the project. Here is an example. So while privacy is important, security is highly problematic with this modding model we all follow. Not to mention flashing different unchecked magiks modules.
Click to expand...
Click to collapse
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
It's not the case with few established ROMs. Lineage OS comes to mind. As they encourage people to build ROMs from source. But device support is problematic. That's why I turn to custom ROMs. It's a great idea, but I thought XDA ROMs guaranteed security with the GPL and Open source philosophy. But it's being violated all over the place.
Sridhar Ananthanarayanan said:
Few months back, I made a decision to stop using custom ROMs. This decision is made easier by OEMs promising 3 to 4 years of software/ security updates.
OEM ROMs are largely scrutinized. Custom ROMs are not. You never know what they bake into their codes. There is absolutely no assurance on them respecting your privacy or security.
Click to expand...
Click to collapse
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Ultramanoid said:
Which OEMs are these ? Please mention one and point to where and how their code can be reviewed. Almost none provide support for a device after 2 or 3 years. Almost none are scrutinized because their additions to Android are proprietary and closed source, they barely release kernel changes and those only because they are legally obliged, sometimes even after the device which uses that kernel is not even on sale anymore.
Partial exception for SONY, that provides repositories for AOSP support for many of their devices, and sometimes have released blobs ( not code ) for their drivers and cameras. This is the rare exception, not the rule.
Almost no OEMs provide timely security updates incorporating Google's monthly patches for critical vulnerabilities. Some pile them up in batches, leaving devices vulnerable for months and even years. Stagefright, bluetooth, Qualcomm ... They don't give a crap.
Get the facts straight.
Lineage, in contrast, is developed in plain sight by hundreds of developers revising the code every single day, include Google's vulnerability patches religiously every month and have provided fixes time and again for things Google and OEMs don't bother to fix. They also support devices securely years after OEMs have completely abandoned them.
LineageOS
A free and open-source operating system for various devices, based on the Android mobile platform. This is a mirror of https://review.lineageos.org/ - LineageOS
github.com
Edit : Remember that this is a developers' forum, by developers for developers. Checking and editing code daily is what we do.
Edit 2 : Can't comment as to other 'custom ROMs', from which it may very well be better to stay away.
Click to expand...
Click to collapse
I didn't say that OEMs make their source codes available. I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition. There is lot of benefits by doing so because OEMs can use this as an opportunity to push sales of their own devices. Example is the clipboard scandal of OnePlus, as well as others.
Compare that to custom ROMs. There are so many custom ROMs available for popular devices. Official builds, unofficial builds, nightlies, etc. etc. The ROMs are available for free. Who cares to audit/ scrutinize these? No one cares because there is nothing to gain. This is also because a very minute % of Android users actually install custom ROMs. So no one cares.
Just like root, the need for custom ROMs is decreasing by the day. OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices. And now the Google-Qualcomm partnership that is making these upgrades easier and faster. Unlike in the past, OEMs are much faster in releasing security updates today.
Lineage official builds, in my experience, isn't feature rich like some other custom ROMs or unofficial forks of Lineage. People may opt for Lineage official builds primarily for two reasons:
1. Debloat their OEM software like those from Xiaomi, Huawei, even Samsung.
2. OEM has stopped providing official support (this is now changing because 3 to 4 years of official support is synonymous to life of the device because a large % of people usually buy a new device every 3 or 4 years).
Some of the developers of custom ROMs are arrogant arses. That's another reason to tell them to eff-off.
Sridhar Ananthanarayanan said:
I said they are scrutinized. Scrutinized by security researchers around the world, who may or may not be funded by competition.
OEMs are now promising upto 3 years of Android upgrades and 4 years of security updates, atleast for their flagship devices.
Click to expand...
Click to collapse
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
One thing is to express an opinion, another to give facts.
Ultramanoid said:
1. Which security experts ? We have some in XDA whose daily job is precisely that, have you spoken to them ? I don't know of a single audit of any OEM's version of Android. Please mention or link at least one if you think they exist.
2. Which OEMs ? I don't know of a single OEM providing support of any kind for any of their devices ( maybe OnePlus barely reaches 3 for some of theirs, again, a very rare exception ) beyond 3 years, much less 4.
Provide real data points or stop speculating on vague promises and supposed security experts somewhere. When I say LineageOS is available, you can see it is. You can also build SONY's AOSP from their code. ( Edit : https://developer.sony.com/develop/open-devices/ )
Click to expand...
Click to collapse
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Ultramanoid said:
One thing is to express an opinion, another to give facts.
Click to expand...
Click to collapse
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Sridhar Ananthanarayanan said:
Fact 1: OnePlus is collecting your private data without permission
Fact 2: Engineer Mode
Fact 3: Clipboard Scandal
Fact 4: Shot on OnePlus
Fact 5: MiUI stealthily sending user data back to China
Fact 6: Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
...
Thats just some of them. If you search, you will find more.
In most of these cases, it is some security researcher somewhere in the world who found a questionable activity that goes against acceptable privacy and security standards. In other cases, it was some random user who found a vulnerability or some unacceptable practice.
The point? Number of users of stock ROMs are way way higher than those that use custom ROMs, and as a result someone somewhere might find something either accidentally, or as part of security research work (paid by competition or otherwise).
OEMs will be careful when they make their ROMs. They are not only under scrutiny, but also need to ensure they stick with doing the right things because they have a business to run. The same isn't true for custom ROMs that some nobody will make and act like trash when questioned. Thats also because the product is free (or may not be depending on what is baked into the codes) and so the developer may think he isn't answerable.
Now you may point out the opinions. All the above are actually facts, that support my previous comment.
Click to expand...
Click to collapse
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Ultramanoid said:
What all that proves is that OEMs are pure solid garbage, thank you for agreeing. Rest the case already. ^_^
Sorry to hear you still prefer to stand by out of date systems, unsecured protocols, and shady immoral companies. It is useless to discuss when you keep insisting on sustaining your biased opinion against hard evidence -- that YOU yourself provided.
Cheers !
Click to expand...
Click to collapse
You are simply exaggerating it.
Like the saying goes, better to trust the known devil than the unknown angel.
Cheers!