is cyanogenmod the same as android without spy features?

okppko

Distinguished
Nov 6, 2009
66
0
18,580
http://www.cyanogenmod.org/ is it the same as android, but does not send userdata, geo location, addresses, contacts, whatever, from the phone to google or anyone else? So if you use cyanogenmod and you are aware of what apps you install, then you get a reasonable degree of privacy on your phone? Thanks.
 
Solution
The consensus in this post is wrong. Cyanogenmod offers a lot more privacy. It doesn't send anything at all unless you opt in for usage statistics and/or network based location and/or you install an extra app which does send your data to its remote servers. On the contrary, the default Android has numerous Google services running constantly in the background, and, assuming the worst case scenario, Google will collect a LOT: https://myshadow.org/google-collection

It should be noted that if you choose to install Google software on your CyanogenMod, the privacy benefits will be gone or at least reduced. I personally have APK's which I gathered from several sources on the net, and I install my apps from my own APK's without ever...

dalmvern

Distinguished
Jun 15, 2011
46
0
18,590
The short answer is no. All Cyanogen does is it mods the user interface slighty, opens it up and makes it more customizable, and has some optimizations to the kernel to make it run faster, smoother, and conserve power. They do remove some bloatware that comes stock with android and your wireless carrier, so I suppose that makes it a bit better with privacy, but its not really that significant.

That being said, I have Cyanogen 10 on my phone and love it.
 
Any phone you can turn off location services, and don't sync your google and nothing will get sent to them. Of course, loose your phone or it gets stuck and needs to be reformated and you'll loose all that info. You don't have to send anything really to google to use your phone but it's nice. I just installed a new ROM on my phone and signed it, it installed all my apps again automatically, my contacts, everything in about 10 mins, I didn't have to do anything. If you want to install 50 apps and renter 100 contacts again because you are paranoid about some conspiracy threat you probably read online, then go ahead.
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580

Thank you. Cyanogenmod is not standing by itself.
 

Apanzee

Honorable
Moderator
Dec 17, 2012
789
0
11,260
The current stable release of CyanogenMod for my device is 7.1, but I love it.

Rooted, unlocked, and overclocked HTC Desire Z.

Cyanogen is just a custom ROM. If you're interested in flashing, I'd recommend either Cyanogen or MIUI. Both are great choices. But neither protect your privacy anymore than stock Android. You can as mentioned above, simply turn off the location services and disable syncing however.

Custom ROMs are more for, well, customization.
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580

Your answer is somehow off topic, and my answer probably a waste of energy. I am in favor of digital rights. Limit third parties access to info, and do not make a trade of for convenience or know what trade of you make. If you know exactly what info these companies store about you, how they use them, and you decide to sign for their services, fine with me. If android has optional settings, and respects them, that make it not send user data to android, android is ok. But is it that the case, and is android open source, so you can verify it? People who do not want to send their user data to these services are not paranoid or into conspiracies. They just do not want to hand over their user data, like you have made a stand, that you do not mind. Cyanogenmod is no different. Maybe ubuntu phone if it stays open and firefox os will have the privacy settings, and being open source qualified coders can check the privacy settings.
 


turn off location services, don't create a gmail account and don't sync it and it won't be sent. If you think ubuntu won't do the same thing, you're mistaken. ubuntu has been underfire lately for all kinds of privacy and advertising problems.

Android source as well as cyogenmods source is out there, so go look for yourself if you're that concerned. If privacy bothers you that much, stay of the internet period, because "they" collect information from every search, every browser, every OS.
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580
About ubuntu and their scopes or lenses, or what they call them.
That was a big disappointment, but they came into ubuntu in order to make money. Like gmail offers no service for you, but for money. To my knowledge ubuntu scopes lenses are only built into unity, not the rest of desktops. In unity you can disable or remove the scopes lenses software. Ubuntu's mistake was that they made the scopes lenses default, and didn't warn about them.
If ubuntu phone stays open source, it is likely a coder will find out, if there are spy features, and you can make your decision based on that.

//stay of the internet period, because "they" collect information from every search, every browser, every OSBut there are alternatives. duckduckgo, lxquick, startpage, none of them as good as google. Tor, hushmail, jitsi, ubuntu, truecrypt, spideroak, cryptocat. You do not have to be an entirely yesman or ignorant to use the internet.And as I wrote, but you did not read, you should not make a privacy trade off of convenience, and if you make a trade of, then you should know the content of the trade off. I do not use gmail etc because they scan and record a copy. There are alternatives which do not. I use google earth, that is one of my trade offs.

Is android and cyanogenmode open source? Again if user data transfers can be disabled in android, and you can trust that, then it is ok to use android also if you are demanding privacy.
 
Is android open source? lol. Yes, fully, as is cyanogen. The ROM on your phone probably isn't because the company makes the ROM's with their own stuff added and doesn't usually give it out although places like Samsung give code for most of the non-proprietary stuff.

You just seem to be paranoid about "they" what they are monitoring on your phone when you don't even know what's being monitored, so why are you paranoid if you don't even understand or know what there is to be paranoid about.

Don't sign into a google account, don't download any apps, is about the best you are going to get. Apple is 10x worse in what they keep and track about you, and doesn't give out source code.

Anyways have fun worried about "them" having your data when you don't even know what's sent or what's going on with your phone.

/out
 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
The consensus in this post is wrong. Cyanogenmod offers a lot more privacy. It doesn't send anything at all unless you opt in for usage statistics and/or network based location and/or you install an extra app which does send your data to its remote servers. On the contrary, the default Android has numerous Google services running constantly in the background, and, assuming the worst case scenario, Google will collect a LOT: https://myshadow.org/google-collection

It should be noted that if you choose to install Google software on your CyanogenMod, the privacy benefits will be gone or at least reduced. I personally have APK's which I gathered from several sources on the net, and I install my apps from my own APK's without ever needing Google Play Store or any other Google product. This means I am 100% Google free and I gain all the privacy benefits of Cyanogenmod. The drawback is not having Playstore, but for me it's worth it.

My Google apps replacements:
Google Maps > Osmand
Google Talk > Xabber
Mail > Cyanogenmod 7's stock IMAP client

An interesting related read: http://forum.cyanogenmod.com/topic/28109-cyanogenmod-from-a-privacy-point-of-view/

"Is Cyanogen talking back to any mothership? I think not, but I would like to be sure."

ciwrl@cyanogenmod.com (admin)
Simply: No.

Less Simply: All source is available on our github, peered reviewed and tested.
 
Solution

Zasmatic

Honorable
Dec 14, 2013
26
0
10,590
Simply. Since you are almost forces to use the play store you are forced to be part of their statistics, where your from what your looking at etc. Yes cyangenmod does offer a bit of extra privacy. However unless you are constantly using a good permission manager and a different app store then you would be able to have complete privacy. However even if you choose to opt out of statistics but then use chrome or the play store then it is highly likely youll be part of statistics.

However in the end we have already sold our soal too google so our opinions are definatly bias.
 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
Update guys! I found a great alternative for Playstore (Please read my first post first)
https://f-droid.org/

It has only open source software. Not using Google Play has never been easier.
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580
I do not consider getochkn a troll, but it is obvious he does not have the technical skills to answer. I do not either. Likely very few have the knowledge required. Facing that, some people then chooses to shift their posts from the matter.
Google are for sure not going to tell everything they do, and how, in terms of user surveillance. And if not all code is open source, who knows what the code is doing.
All android code is not free software or open source. I read an article about how google does it. If a phone manufacturer wants to ship his phones with android, he may do so. But if he wants the google services, that are in high demand, fx google email, google play and the likes, I do not know them, on his phones, he will have to sign a contract with google. And google sets the terms. Pieces of code of these apps are closed software. No one can audit, what the code does. And it can not be altered. If google says about the code, it does not send user info to google without permission, then maybe it is correct, maybe not. Taking recent events in consideration, I do not trust them. Another discourse is, does it matter that google collects the user info? For many it does not. To me it does. I guess getochkn has a fb account, and is fine with it. I do not think he is able to comprehend the magnitude of the info gathering, and how skilled fb is in analyzing and using it. Who is?

Asogzx, thank you for your answer. Your approach is, that if you use cyanogen and only install open source apps that does not collect user info, settings may apply, then you have some amount of privacy? Or as a minimum, make user surveillance more difficult?

I have read about Stallman and Applebaum, watched some videos, on youtube, another trade off. That has made me investigate about the tpm, closed hardware drivers, microcode. To understand the scale of the problem, is a task in itself. The phone's microcode may circumvent any effort to improve privacy by installing open source software, that is chosen because it is believed to not survey its user. The same may apply to pc computers.
Stallman has only approved one x86 computer being consistent to his standards. In a video I heard Stallman support replicant. I do not know his stand on cyanogen. Fact is, there is not a single phone, where replicant can show full hardware support.

If I should want to use cyanogen, which phones would you recommend?
 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
Google are for sure not going to tell everything they do, and how, in terms of user surveillance. And if not all code is open source, who knows what the code is doing.

Google's Privacy Policy is pretty explicit, they say “we track you and spy on you” although the words are a bit spiced up and the privacy policy is long on purpose so that most people won't bother reading it. Here's a spiced-up version of "we scan your mails"

With features like Priority Inbox, we work hard to help you sort through the unimportant messages that get in your way. We use a similar approach with ads. For example, if you’ve recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting.
Source: https://support.google.com/mail/answer/6603?hl=en

All android code is not free software or open source.
There's some wrong terminology here, all Android code IS free and open source. However, the apps you describe (Gmail, Play store, etc), are not an integral part of Android, they are part of the “Google apps” and “Google Play services”. To sum it up, Android is open source, Google Apps and Google Play services are not.

However the Google Apps are bundled with most phones, along with some carrier specific (also closed source) apps. The phones running "pure" Android are a minority, and Cyanogenmod is one such "pure FOSS Android".

As you mentioned, Google has a business model around Android intended for profit, their main income is through "data mining", which they use to profile users and provide extremely relevant ads. even though that profit is not directly gained from Android, android is the platform. Therefore, Android is not “FOSS”, or, as Richard Stallman would have said: “Android is free as in free beer, not free as in freedom”.

Asogzx, thank you for your answer. Your approach is, that if you use cyanogen and only install open source apps that does not collect user info, settings may apply, then you have some amount of privacy? Or as a minimum, make user surveillance more difficult?

Phone-specific surveillance becomes nonexistent. You'll sleep in peace knowing that the little thing in your pocket is not transmitting your location to an ad network.

Packet sniffing and other problems inherent in the Internet itself and the Web will still be an issue (But those can also be solved using Tor, https, etc, Adblock, disabling 3rd party cookies, etc... however that's a different topic.)

I have read about Stallman and Applebaum, watched some videos, on youtube, another trade off. That has made me investigate about the tpm, closed hardware drivers, microcode. To understand the scale of the problem, is a task in itself. The phone's microcode may circumvent any effort to improve privacy by installing open source software, that is chosen because it is believed to not survey its user. The same may apply to pc computers.

Spying on you illegally through hardware backdoors is illegal. while the NSA might have done this on targeted attacks, a large company is very unlikely to do so on a large scale, because a discovery of that backdoor is possible and it would destroy the company. And because 99% of the users are being tracked legally anyways. Spying on you with your consent through Android is not illegal (because people agree to it while clicking “next” without reading the privacy policy).

Most companies probably won't take the risk.

Assuming there are no "silicon backdoors" (Which is a likely assumption), Cyanogenmod offers you extreme privacy because it's an entire replacement of the software and it never talks to any central server.

The most paranoiac way to look at it is this: 1. There are certainly software trackers in Android (the companies explicitly mention it in their privacy policies). 2. There is a slim chance of hardware trackers.
Conclusion:

if I use Android, software will track me for sure, hardware might track me, chance of being tracked: 100%

If I use Cyanogenmod, software will not track me, hardware might track me, but hardware tracking probably doesn't exist, chance of being tracked is much lower.

If there are indeed hardware backdoors, there isn't much we can do until someone invents an open-hardware phone.
(Firefox OS-based phones perhaps?)


As I said earlier, Google's spying is no secret, it's there in their privacy policy.

*Big note: I used "hardware tracking" as an umbrella term meaning "Anything that tracks you that isn't related to the OS and that cyanogenmod doesn't wipe out".

If I should want to use cyanogen, which phones would you recommend?

If you do find a good Open-Hardware phone, you should definitely go with that (and notify me about it!).

Otherwise, your first requirement is that the phone should be on Cyanogenmod's supported list:
http://wiki.cyanogenmod.org/w/Devices
Regarding hardware backdoors, if you're in a paranoia, your second filter would be choosing the company which was least affiliated with the NSA.

As a side note, if you really want to stay away from Google you might want to check out the upcoming Firefox OS. The Mozilla Foundation behind it is non-profit. If you want an Android but don't want a Google lens looking at you, go with Cyanogenmod :)
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580
Thank you for answering.

If software made for android by google and is installed on android is not android, then android is free and open source software.

I do not use android, or any closed phone system. I do not know how many errors users have to keep up with. What I read about firefox os is, that it is rather limited usable. Errors are common. If there was a well running firefox os phone, I would get one.

American agencies can spy outside usa as much as they are told to, and able to. Should their orders from the government be illegal, I do not believe they would refuse. You may trust american intelligence agencies to rule strictly legal about american citizens. I do not. And part of what they can do legally, I want to make difficult for them to do.

About private corporations, your conclusion is they will not build illegal surveillance tools into hardware, because it may come out, which would be damaging for business. I agree, that profit is their only consideration. If a corporation believes, it will profit more from friendly relations to a government or close better deals with a government, even if that includes building illegal surveillance tools into hardware, like phones, it will do it. The corporation will accept some degree of possibility, that the illegal tools for some reason become public. There is software, that is closed in a way, that it is highly unlikely, that anyone can make it readable. That is what I have read. Applebaum has said about the tpm, we do not know if it spies on the user? And if it does not, if it remotely can be programmed to start spying on the user? The point is, we do not have access to the code. Do you know anybody, who can read the tpm code beside those who make it?

Is there a list of cyanogen phones, which have full hardware support?

Do you know about the neo900?



 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
I may have been a bit unclear regarding cooperations. Yes, a cooperation may and does spy on you illegaly and the NSA revelations have proven so beyond doubt. What I'm saying is that planting a HARDWARE backdoor is rather pointless for a company because 99.9% of the people are being spied on easily using SOFTWARE. Hence, Cyanogenmod will almost surely rid you of spying because it's a software replacement.

There is software, that is closed in a way, that it is highly unlikely, that anyone can make it readable.
A small correction: ANY software is unreadable after the source code is translated into machine code. If I make a simple program and never publish the code, reverse engineering the code is extremely unlikely. No one can read the code besides those who make it unless the makers publish the code (that's what open source is).

Is there a list of cyanogen phones, which have full hardware support?
The list I've given above should tell you which devices are fully supported and which are partial. Here's it again:
http://wiki.cyanogenmod.org/w/Devices
 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
I do not use android, or any closed phone system. I do not know how many errors users have to keep up with. What I read about firefox os is, that it is rather limited usable. Errors are common. If there was a well running firefox os phone, I would get one.
Yes, Firefox is a work in progress. Android is very mature and stable.
 

okppko

Distinguished
Nov 6, 2009
66
0
18,580
Thanks again.

Then it is like this?
Machine code on hardware is practically not possible to reverse engineer?
That is why replicant cannot get to full hardware support?
That sounds as a fine argument for building in hardware backdoors.
In a video Stallman encouraged hardware programmers or engineers to become whistleblowers.

Closed hardware software may be reversed engineered, if skilled techpersons are on it?
That is what they are doing about the novena board graphic drivers?

About open, free hardware software, the sourcecode can be compiled by anyone skilled?

I have found samsung ace and samsung galaxy mini as options for testing cyanogen. Both should have full hardware support, and are low priced.
 

asogzx

Honorable
Dec 23, 2013
8
0
10,520
"Machine code" is compiled software. There's a "box" called a compiler, which consumes human-readable code and spits out "Machine readable code" called "machine code" which humans can't read easily. Reversing the process is not practical. Machine code is not hardware.


Machine code is software like I said earlier, and yes, it's practically not possible to turn it back into human-readable code (e.g. c++, Javascript, etc).


I am a software guy so I cannot tell for sure, replicants can just "copy-paste" everything without actually reverse engineering it.



Software -Machine code - can't be reverse engineered.

Regarding hardware, that's exactly what I don't know. I am a programmer, so I have no knowledge in how hard it is to reverse-engineer the hardware itself.

I assume it's not easy. In general, any system made up of billions of simple yet interconnected pieces is hard to reverse-engineer. This includes software, hardware, the neurons in our brain, and our DNA. Whether hardware experts have the ability to do so or not, I don't know.


Yes, you don't even have to be very skilled.
Allow me to demonstrate the idea:
Writing software involves writing human-readable code using a programming language, then compiling it.

Readable Code > Compiler > Machine Code

A commercial developer like Microsoft only publishes the machine code and keep the readable code private, you can't scan that for backdoors, etc.

An open source project publishes both. If you don't trust their machine code, you can review the readable code and compile your own machine code. That's the beauty, you don't need to trust them.



I personally use the Galaxy Ace, but please install Cyanogenmod 7 if you want stability, it is equivalent to Android 2.3.x and that's Ace's natural OS. Installing newer Cyanogenmods was very unstable for me. Also there are two flavors of the Ace, each have their own Cyanogenmod flavor, make sure to get the right one.