[Q] Opensource

Search This thread

Jack Phoenix

Member
May 24, 2014
42
9
Sony Xperia Z1 Compact
Nokia X
Would you be willing to make this project opensource for further development?


OK, are you willing to share the source with others?

@alephzain: Framaroot is, as I'm sure you're aware, a great, handy, easy-to-use app. I was able to root my Nokia X with it, and I'm truly grateful for you for creating the app. Yet at the same time I'm quite dumbfounded by this.

The Framaroot forum section is listed under "XDA Community Apps", although I don't understand how an app can be a "community app" if the community can't do as much with it as they should be able to. I'd have understood the decision to keep the source closed if this were a paid app, but it's not, and you already have a donation app on Google Play Store which enables people to donate to you as a way of saying "thank you for all your hard work and effort for putting this app together!".

Closed source is counterproductive and I'm sure that I'm not the only person out there who is always somewhat suspicious of closed-source tools; yes, you're a trusted developer and you're probably not going to steal my data/brick my device/burn down my house, but I can't be 100% sure if I'm not able to review the source and maybe even compile it myself.

You seem like a sensible person, so I'd request you reconsider this decision and weigh the positive and negative aspects of it.
 

Jack Phoenix

Member
May 24, 2014
42
9
Sony Xperia Z1 Compact
Nokia X
If this was OpenSourced i'm sure the (exploits) would be patched by OEM's .

Then no root for you.

There are things that its better to keep closed source.. ( very few)
Root exploit methods are one of those things.


Regards

You give the OEMs too much credit. Sure, they might be interested in fixing flaws in their recent high-end/flagship devices, but older and/or discontinued devices -- such as the Nokia X, which I own and which is vulnerable to CVE-2013-2595* -- are extremely unlikely to receive such patches which'd have an impact on the rootability of the device.

Koushik Dutta wrote a free and open source Superuser management app. The app's README file answers the question, "Why another Superuser?" with multiple points, of which the first and most important is: "Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security". The same goes for unofficial ways to gain root access in my view.

* There is a GPLv3-licensed implementation of CVE-2013-2595 for several devices running a Qualcomm SoC, and it's been there for almost a year, so no matter how closed Framaroot stays (which I hope it won't), OEMs have been an opportunity to "fix" this "issue", but I'm not sure how many chose to fix it. In any case, the Nokia X -- which is what I care the most about, given that it's my Android device of choice for the time being -- is vulnerable to it and as such, I'd like a FOSS rooting tool built around this exploit. Framaroot is capable of rooting the Nokia X, but Framaroot is not FOSS (yet) and I unfortunately lack the relevant Android NDK experience, so I'm not able to build a "clone" on my own, and I haven't found anyone willing to build such a tool.

Security through obscurity isn't security, no matter how hard you try to tell yourself that it is.