Privacy and Security with modern smartphones

[dsef13]

Hello,


My first post here. Have been searching the answers to my questions for a couple of days with no luck.

Recently obtained a new smartphone and it required to check some check-boxes, giving my consent to their terms. Unless you agree you cannot proceed to turning on and using the device. When I read the User Agreement and Privacy Notice that I had to sign, I was astonished! Reading through this fairly long agreements, they have covered pretty much anything you can think of, I was getting the feeling that I had obtained a bomb and not a mobile device. A couple of things that shocked me most:

"(E) You grant to us a non-exclusive, worldwide, royalty-free, perpetual and irrevocable license to use and reproduce your User Generated Content to the extent necessary to provide the services associated with OPPO Phones and OPPO Software and any our other products and services."

"5.3 You acknowledge that we may, but have no obligation to, pre-screen, review, filter, modify, refuse, label, monitor or otherwise moderate any Third Party Content or User Generated Content or any part thereof, or to remove it from your OPPO Phone."

Am I reading it right? Is it a spy that I have obtained? It's not enough that they can monitor my own generated content on my own device, but they also want me to grant them the legal permission to moderate, alter and remove the content from my device?!

My questions:
1. Is it at all legal to do this? I guess that if you sign for it then it is supposed to be legal
2. How do they do it technically? Do they create backdoors in their devices to provide access?
3. How can we protect ourselves (yet using the device)? I had thought that a custom ROM (LineageOS or other) would do the job, but haven't found one for this device.

I hope that I am not the first one reading and paying attention to small letters.

Thanks

 

[Arealhooman]

1. It’s legal
2. They do not create any backdoors(we know of). They simply want to cover anything and everything in the terms.
3. nothign can exactly 100 percent protec you

 

[Arealhooman]

Except turning by off internet. Everything helps though.

 

[Arealhooman]

Rom root xprivacylua all help

 

[dsef13]

Thanks for the prompt response.

1. Thought so
2. I can see their point in trying to cover themselves from anything, but if they are clearly stating that they have the right to remove content from my device, doesn't it mean that they have the corresponding means for doing this?
3. I guess no one expects a 100% protection, but at least knowing that you're not 100% prone to external activity on your device...

 

[blackhawk]

The CCP comes embedded in all Chinese phones
Sounds like a raw deal to me. First thing to do is disable all manufacturer, app and carrier feedback. Then firewall lock it down. If an app doesn't intrinsically need (ie browser, cloud based etc) it doesn't need internet access.

That EULA is worse than the Samsung Bixby EULA, and that one is bad enough that I won't enable it. Wearables is pretty invasive too, I firewall blocked it after activated.

 

[dsef13]

The CCP comes embedded in all Chinese phones
Sounds like a raw deal to me. First thing to do is disable all manufacturer, app and carrier feedback. Then firewall lock it down. If an app doesn't intrinsically need (ie browser, cloud based etc) it doesn't need internet access.

That EULA is worse than the Samsung Bixby EULA, and that one is bad enough that I won't enable it. Wearables is pretty invasive too, I firewall blocked it after activated.

I don't think there is a way to explicitly disable each App's internet access in the stock ROM. Or did you mean using a firewall for that?

 

[blackhawk]

I don't think there is a way to explicitly disable each App's internet access in the stock ROM. Or did you mean using a firewall for that?

Yeah a firewall. Stops unwanted updates too.
Man's best friend.

 

[dsef13]

OK, thanks for that. Actually never used a firewall on mobile device, let alone mobile - all I have on my PC is the Windows Defender. Years ago used to have antivirus and firewall programs, till eventually got pissed of them being like a virus themselves

Anyway, sounds like a must have and my best bet on a smartphone.

Yet, will ask it again: if they are clearly stating that they have the right to remove content from my device, doesn't it mean that they have the corresponding means for doing this? By that I mean, don't they have some hardcoded means in their stock ROM of accessing the device and no matter you blocking all apps?

 

[blackhawk]

OK, thanks for that. Actually never used a firewall on mobile device, let alone mobile - all I have on my PC is the Windows Defender. Years ago used to have antivirus and firewall programs, till eventually got pissed of them being like a virus themselves

Anyway, sounds like a must have and my best bet on a smartphone.

Yet, will ask it again: if they are clearly stating that they have the right to remove content from my device, doesn't it mean that they have the corresponding means for doing this? By that I mean, don't they have some hardcoded means in their stock ROM of accessing the device and no matter you blocking all apps?

That's an insane EULA. It sounds more like Facebook's EULA

 

[dsef13]

So you think there is no way to get protected from their intruding my device if keep using their stock ROM?

 

[Arealhooman]

So you think there is no way to get protected from their intruding my device if keep using their stock ROM?

I believe they do not have any back doors.

 

[dsef13]

I believe they do not have any back doors.

Would love to believe this. Otherwise it's scary

 

[blackhawk]

So you think there is no way to get protected from their intruding my device if keep using their stock ROM?

Don't know. I have zero trust in any device from China with internet capability. China is the biggest and most unscrupulous data miner on the planet. That EULA only reinforces my distrust.

Backdoors; are just that and well designed embedded hardware ones are for all practical purposes undetectable until used. Can be designed into the SOC, who's going to find it? Any Chinese company has plenty of motive to do this if ordered to do so by the CCP.

 

[dsef13]

That's true for sure, they are indeed the biggest, obsessive data miner.

 

[dsef13]

Don't know. I have zero trust in any device from China with internet capability. China is the biggest and most unscrupulous data miner on the planet. That EULA only reinforces my distrust.

Backdoors; are just that and well designed embedded hardware ones are for all practical purposes undetectable until used. Can be designed into the SOC, who's going to find it? Any Chinese company has plenty of motive to do this if ordered to do so by the CCP.

Without too much understanding, I reckon that a custom ROM would render even a hardware embedded backdoor useless.

Out of curiosity, googled Apple's EULA - it is as simple as mere 548 pages! The Chinese EULA can at least be read. Who has the ability to read Apple's?! Anything could be in there and no one will find.

 

[blackhawk]

Without too much understanding, I reckon that a custom ROM would render even a hardware embedded backdoor useless.

Out of curiosity, googled Apple's EULA - it is as simple as mere 548 pages! The Chinese EULA can at least be read. Who has the ability to read Apple's?! Anything could be in there and no one will find.

Not necessarily. If present and undetected, no one would know it's trigger.
Lol, I loathe Apple. Their close ties to China makes them evil.

 

[dsef13]

Not necessarily. If present and undetected, no one would know it's trigger.
Lol, I loathe Apple. Their close ties to China makes them evil.

Even if present and undetected, if you wipe the software that should have sent it, then it couldn't work, I believe.

 

[blackhawk]

Even if present and undetected, if you wipe the software that should have sent it, then it couldn't work, I believe.

Since they are the ones designing the hardware they would choose a circuit path to use that could be triggered regardless of the firmware. Maybe in the modem section of the SOC.

 

[dsef13]

Since they are the ones designing the hardware they would choose a circuit path to use that could be triggered regardless of the firmware. Maybe in the modem section of the SOC.

Still being not an expert, I don't see how a piece of hardware could perform tasks without a firmware programmed specifically to tell it what to do. Even if the hardware is hardcoded to transmit specific folders or files, I believe that if you change firmware the folder names and paths could change which would confuse the "transmitter".