Verizon mandates pre-installed spyware for all its Android customers

Somewhat ironically, in the eleven years that I’ve spent most of my workdays at WB in Burbank, the studio lot is still one of Verizon’s few black holes of shitty coverage in the L.A. area. A bunch of complaining first-gen iPhone users eventually got an AT&T repeater or something on the lot, so AT&T coverage here is great now. But even though a non-wireless division of Verizon controls most of the lot’s IT infrastructure, there’s still no good Verizon Wireless signal on the lot.

2 Likes

I buy mine cheap straight from China. It’s entirely likely they’re feeding all my data to some Chinese TLA, but I think I’d rather they had it than Verizon…

3 Likes

The weird thing here is that you can get crazy good coverage down the beach, miles from anything, or even off in a boat miles off shore, with nearly any carrier. Clear sight lines to offshore cell towers or some such. But my house? Yeah Verizon and sometimes T-mobile. Mainstreet? Verizon or Sprint. Many smaller bits just Verizon. So if you’re only here sometimes. Like if you move away, but come back to visit. Or just have a vacation house. You’ll be fine with whatever carrier. But if you live here year round? The only reliable way to get coverage everywhere (except those places where there is no coverage at all) is Verizon.

1 Like

I almost went to straight to China for mine last time but I was enough weirded out by what China would bake into the firmware that I held back. There’s a reason the phones are that cheap.

Yeaaaah, i’m not keen on Chinese phones. There’s supposed to be some really great ones but it weirds me out so i’ve stuck with Samsung thus far.

1 Like

I can’t speak for every model Verizon sells, but as a rule they are pretty tough to root. Bootloaders always ship locked and aren’t ever eligible for vendor-provided unlocks. This means that any root that uses a custom recovery to make the appropriate changes, rather than a privilege escalation vulnerability, is off the table; as is flashing replacement firmware.

Aside from the exploit based rooters being a trifle skeezy and worrisome from a security perspective(you are, after all, executing something from some random guy on XDA that explicitly claims to contain a root exploit, and just might do more than advertised), they are vulnerable to being made obsolete by patches. Plus, when a given model is available from VZ or a less awful carrier, there is often very limited effort put into finding exploits or carefully fixing the vendor firmware, because everyone else can just use a recovery-based root and/or flash custom firmware.

I ran into this with an XT1029. The first gen Moto g is quite popular and well regarded; but essentially all the attention goes to variants with bootloader unlocks, leaving the 1029 scene largely a wasteland aside from occasional references to shady Chinese guys who will provide unlock codes of unknown provenance if paid through the right channels.

If you bring a device to Verizon, I don’t think that they(yet, no doubt this little gem is a wish list item for ‘e SIM’ and will get snuck in somehow) have many avenues to directly attack your OS or lock your bootloader; but anything provided by Verizon is poison.

Yeah the worry of rooting a phone and being left open to vulnerabilities, or having the phone update and mess up the phone are some of the worries why i have never seriously considered it. And while i use my phone a lot i don’t consider myself a power user, so going through the effort of properly rooting it and keeping it updated and working 100% is way more effort than i’m willing to give. I have friends that constantly mess with their phones and they love having it rooted, but that’s not really for me.

It isn’t clear that Chinese handsets in general are too much shadier(though they report back to sinister Oriental consumer surveillance and analytics weasels, not good, honest American ones, so they sometimes get more attention when somebody goes looking for trouble); but there are some genuine​ firmware atrocities out there(especially if the devices are based on chips from vendors who do ‘GPL compliance with Chinese characteristics’; and the combination of utter lack of support, wide variety, and constant churn does the availability of 3rd party firmware little good.

It’s sort of like the story of the various rPi competitors: All winner, Mediatek, and whoever else gets used by ODroid, Orange Pi, and such really are that much cheaper(or faster, for similar money) than Broadcom; but dear God is the software utterly atrocious, neither competently proprietary, nor cooperative with the upstream kernel, just a horrific abortion of a BSP.

1 Like

Roots can be very useful, and comparatively low risk(typically some sort of sudo-like interface is used to control access, so you are potentially vulnerable to social engineering or a flaw in that access control widget; but it’s not much different from how things work on a desktop OS.

It is getting root that can be sketchy. If the bootloader let’s you, using a custom recovery to modify the primary OS is pretty much just like using a liveCD to modify the on-disk OS; but if the bootloader refuses unsigned payloads, your only option is a privilege escalation exploit, which puts you in the rather perverse situation of wanting your phone’s software to ship with a very serious security issue that won’t get fixed until you have time to exploit it; and since it involves an exploit, rather than just some fairly basic Linux filesystem commands, you really need to know what you are doing in order to have any hope of assessing exactly what that handy autorooter package actually did.

Root built into a firmware, or produced by mounting and modifying one, isn’t so scary, but voluntarily running root exploits on your own system? Unless you know vastly more than average about assessing exactly what a program is up to, that’s a deeply alarming risk to take.

3 Likes

And that is exactly why I’d rather spend an extra hundred dollars.

I’m sure you can bring your own malware free phone.

Or better yet, avoid them all together.

1 Like

I’m on Google Fi, which has its own issues.

Yeah, I’m on FI as well and it’s working extremely well for me. Still, beta phone company does have weirdness.

I’ll be in Berlin next week. Ask me how my phone worked once I return!

1 Like

This week, Congress voted to allow carriers to collect and sell your network usage data without your permission, and banned the FCC from ever passing a rule that would limit these powers.

How exactly does the GOP get to ban such rules “for ever”? How come I never heard of such actions, until we had a GOP government. I mean Really? Can somebody do that? Because I think its time to ban the GOP from ever making laws and rules, like for ever.

2 Likes

The Congressional Review act of 1996 allows Congress to prevent enaction of regulations developed by the executive branch. If both houses pass it and the president signs it, not only is the executive action appealed but no substantially similar regulation can be enacted. This isn’t usually useful until the president changes, as a president is very likely to veto a measure that strikes down an executive order they passed (an executive order a previous president passed is an entirely different issue.) The “for ever” is a bit of an overstatement though. A later congress could pass a law allowing an order similar to one a previous congress barred, the president at the time could then create a new executive order.

1 Like

R2D2 is not an “android.” C3P0 is though.

3 Likes

catandgirl.com nailed it again. It’s nice to have someone who always listens, like a big brother.

2 Likes

To prevent this, the big carriers go to the hardware vendors and have them brand the mobile engine chips to their specification. For example, in a new line of Sierra engines, there is one that is meant to work only with Verizon, and one for AT&T. I haven’t got my hands on it yet to see if they actually kick you when you try to connect to another provider, but that is what I am told. They also might use different radio frequencies. All of that despite the fact that there are bloody 3GPP standards made for the very purpose that all hardware can work with all providers.

As an engineer, I can’t tell you how much I hate this. Besides planned obsolescence and feature locking, this is another strategy where companies pour massive amounts of resources not into improving, but into breaking a product, to extract more money from their hostages cough customers. Makes me wish I had chosen a decent line of work, like coffin salesman or fracking lobbyist.

1 Like