Ini bukannya serupa kayak kasus treve vs ciq dulu ya?
ada yang udah pernah liat/baca artikel ini?Content preview :--In June of 2013, I made an interesting discovery about the Android phone (a Motorola Droid X2) which I was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.
If you're in a hurry, you can skip straight to the Analysis - email, ActiveSync, and social networking section - that's where the most sensitive information (e.g. email/social network account passwords) is discussed.
Update 2 (2013-07-02 @ 08:03) - potential device security concern
I realized this morning that there may be a more significant problem. See Potential (untested) device security concern, below.
Update 1 (2013-07-02 @ 05:30) - Android, the Droid X2, and Blur
This article has gotten a lot more attention than I expected.
A clarification I'd like to make (because there seems to be a lot of confusion about this) is that the Droid X2 does not use Motorola's "Blur"/"MotoBlur" user interface. That's one of the reasons I picked that model specifically back in 2011 - it seemed to be running something very close to the stock version of Android.
The email client, web browser, text-messaging app, and so on look like the ones that were included on the G1 I had previously, which is about as close to "stock Android" as you can get with a carrier-installed OS. Based on my research, it seems that they've all been modified to silently send data to and/or through the Blur web-service back-end, but there's no indication to the user that this is the case unless they do the sort of network capture that I did. There is no prompt to create or use a Blur user ID - the phone uses a randomly-generated Blur account for all of the behind-the-scenes activity described below.
I would be very interested in trying this same test with more recent Motorola phones, because there's definitely the perception out there that Blur has been phased out, and I think it's much more likely that it's just the UI on their phones that's been changed, as opposed to removing the underlying Blur functionality.
If you're still unsure why I think this is a problem, ask yourself this: if you bought a desktop PC running Windows, then discovered two years later that the hardware manufacturer had installed modified versions of standard Windows software like Outlook Express and Internet Explorer which - without any indication to the user - sent your passwords to, and routed other traffic through servers owned by the PC manufacturer instead of connecting directly to the actual websites and mail servers, would you be OK with it? If not, then why are you when it's a phone instead of a desktop PC?.................................
Serius bikin penasaran klo bener iya apa ada hubungannya sama program us yang ngemoniting semua traffic internet ato emang datanya cuma buat motorola pribadi? yang bikin tambah penasaran jadi pengen ngecek apakah touchwiz or sense ada beginiannya juga ato gak ;p.
==========
INDOSAT SUPER 3G plus
http://www.indosat.com/Personal/Internet/INDOSAT_SUPER_3G_plus
---------------------
ID-Android on YouTube
https://www.youtube.com/watch?v=0u81L8Qpy5A
--------------------
Web Hosting, Zimbra Mail Server, VPS gratis Raspberry Pi : http://www.hostune.com
--------------------
Aturan Umum ID-Android: http://goo.gl/MpVq8
Join Forum ID-ANDROID: http://forum.android.or.id
==========
---
Anda menerima pesan ini karena Anda berlangganan grup "[id-android] Indonesian Android Community " dari Grup Google.
Untuk berhenti berlangganan dan berhenti menerima email dari grup ini, kirim email ke id-android+berhenti berlangganan@googlegroups.com .
==========
INDOSAT SUPER 3G plus
http://www.indosat.com/Personal/Internet/INDOSAT_SUPER_3G_plus
---------------------
ID-Android on YouTube
https://www.youtube.com/watch?v=0u81L8Qpy5A
--------------------
Web Hosting, Zimbra Mail Server, VPS gratis Raspberry Pi : http://www.hostune.com
--------------------
Aturan Umum ID-Android: http://goo.gl/MpVq8
Join Forum ID-ANDROID: http://forum.android.or.id
==========
---
Anda menerima pesan ini karena Anda berlangganan grup "[id-android] Indonesian Android Community " dari Grup Google.
Untuk berhenti berlangganan dan berhenti menerima email dari grup ini, kirim email ke id-android+berhenti berlangganan@googlegroups.com .
No comments:
Post a Comment