Comments For This Post

1. This sort of thing was to be expected I mean opensource is one thing but gaining complete access to the OS presents too much of a safety risk. And it's not really fair to compare it to apple this is something ALL companies would do. ROOT access is too vital and important to just let ANYONE have access to it. Plus theres all those idiots who'd download the app then try and jailbreak it screw up their phone then complain about it. It's better off and they still give devs more than enough access to the code to make some awesome apps    by Orokukarisawa
   
2. I'm glad google is on top of things... I hope they keep up the good work.    by King Machete
   
3. This is one update i can do without. If i get a notification am just going to decline it. If anything i can download the update myself and run it from my SD card if i ever need it. I know the future releases will have this patched so this only buys me a little extra time to play with my jailbroken phone...    by NismoG35
   
4. are you serious????
   
   i am not against google for pushing out OTA after OTA..
   But these are trivial things compared to the glaring problems the phone currently has.
   FIX the freaking issues, and make ur customers happy.
   
   3 OTA's have come out since the phone's debut, yet my battery life still sucks, i cannot close applications when i want, and the phone is severe memory leaks.    by trinybwoy
   
5. Considering the nature of this exploit, and the fact that it could, theoretically, be done remotely and without my knowledge giving an attacker complete control of my phone, I don't see why google patching it is a problem. This is a security issue which would be fixed in any linux distro - the obvious difference being that you actually have root access to other linux distros in the first place. Nevertheless, I do not want my phone to provide root access via telnet.    by cmaceachen
   
6. People need to realize that open source doesn't mean do whatever the hell you want with it. Moreso, Android's already open enough to be ported to another phone. Hell, there was a post this week about it running on OpenMoko's NeoFreerunner! Google's simply making sure that the platform they're pushing out remains consistent and secure. That doesn't mean you can't take the Android source they've released and use it as you desire within the limits of the licenses it's released under. However it also doesn't mean you can expect Google or T-Mobile to do just whatever the hell you want with their releases and contracts.    by neowolf
   
7. truthfully, I really don't care.
   Yes I would love to see great apps but I know how much I had to install the OS on my Iphone because of bad apps from hacked developers.
   Yes my iPhone was jailbroken.
   
   So I rather have a safe phone than a jailbroken phone. Unlike the iPhone, there is no limitations on Dev anyways so why are they looking to dev apps for jailbroken phones?    by shoo
   
8. It would be nice if I had even receieved RC29 OTA. I love my G1 but the crappy battery life and Belkin wireless issues are annoying    by Dash8310
   
9. Quote:

   Originally Posted by trinybwoy are you serious???? i am not against google for pushing out OTA after OTA.. But these are trivial things compared to the glaring problems the phone currently has. FIX the freaking issues, and make ur customers happy. 3 OTA's have come out since the phone's debut, yet my battery life still sucks, i cannot close applications when i want, and the phone is severe memory leaks.

   I agree. Fix the problems. A security hole is not going to hurt me.    by ayo991
   
10. Remember Android != T-Mobile G1.
    
    Android is already open source, the G1 on the other hand is a closed device which happens to run an open source operating system. If people want a open phone then they should buy a Freerunner and flash it with Android. I'm happy with my closed G1.    by benmcdonald
    
11. I would think it is still somewhat like apple. Yes the iphone has restrictions on devs, but its the same thing in having a jailbroken iphone and a jailbroken G1 and them restricting it.    by moooseman
    
12. "A security hole is not going to hurt me"?
    
    Wow, that's just ignorant.
    
    One way this could hurt you very much:: Any market application could use this hole to root your device, and brick it. (run telnetd, automate telnet back to the device) You'd be stuck with a bricked phone until you got a replacement, which you'd probably have to pay for. I think that'd hurt.    by benh57
    
13. how many threads do we need for this?
    
    mods: instead of worrying about people posting links to compeditors, why dont we regulate these multiple threads on the same topic?
    
    and furthermore, instead of bashing google saying its open source and they shouldnt close the hole. the hole is an exploit! its not an app designed to give root access, and google is disabling it. its a flaw!
    
    people are ignorant.
    
    go get an iphone.1    by K.Krstnsn
    
14. I never even got the first update.... wtf?    by 360Photographer
    
15. thought this was open source.....
    
    LIES!    by HTC-G1
    
16. Quote:

    Originally Posted by moooseman I would think it is still somewhat like apple. Yes the iphone has restrictions on devs, but its the same thing in having a jailbroken iphone and a jailbroken G1 and them restricting it.

    I'm sorry, I was unaware that Google was disallowing certain applications onto Android, either because they didn't provide a difference between stock Google apps or because they could violate agreements Google has with carriers.
    
    I was also unaware of the thriving application market for jailbroken Android devices, seeing as how Google makes it next to impossible to install applications from sources other than their own application store.
    
    Perhaps you can fill the rest of us in on both of these topics.    by ickyfehmleh
    
17. Quote:

    Originally Posted by HTC-G1 thought this was open source..... LIES!

    http://source.android.com/download
    
    Please inform the rest of us as to how Google releasing the source code for Android fails to make it "open source".    by ickyfehmleh
    
18. 3 ota's and ive only recieved one...ota's are cool but they need to get them out faster than they do now    by ayatollah
    
19. glad to see google can move on these issues so fast. the g1 is one of the most open phones ever but if people take advantage and start flooding TMobile and HTC with warranty claims for problems they caused by tinkering with root access, you'll never see another one..    by smoger
    
20. Any Linux distribution would have done that.. you cannot have a flaw in the OS to give the root access.. You cant even imagine what it can do.. i can write an application which can retrieve all your personal info from your phone sent to my mailbox with that flaw..
    and they are going to release the updated code that fixed the flaw.. its opensource but if you understand it.. its the code google released & is build by HTC and put onto our phones.. if you want unsecured code you can buy n OpenMoko or something and run it on.. you are free to do that. but for a consumer phone its so very nessasary to close these holes..    by My_Name_Is_Neo
    
21. I am happy that they are fixing this problem, that way I don't download something that could brick my phone or give some 1 access to my info/phone. Stop complaining u its still open source for crying out loud. However I do agree that people should have gotten at least 1 update espcially if they got the phone the day it came out.    by AndroidCaz
    
22. ickifemle why don't you inform us WTF it is your talking about, at least in my comment. Your sarcasm does not explain your point. Unless youthnk next to impossible in installing third party apps on the g1 is uncheckng a box in the option menu.    by moooseman
    
23. i love how they are "pumping out the updates" and i still haven't received one since i got the phone. RC19 for life?    by ProbablyZack
    
24. i like my rc29... everything works great for me    by ckolg1
    
25. speaking of when is someone gonna post their build number so we can get the url for the update?    by pathogen
    
26. Quote:

    Originally Posted by moooseman ickifemle why don't you inform us WTF it is your talking about, at least in my comment. Your sarcasm does not explain your point. Unless youthnk next to impossible in installing third party apps on the g1 is uncheckng a box in the option menu.

    That's my point exactly -- there's no reason to "jailbreak" the phone, and comparing the G1/Android "jailbreak" to the iPhone jailbreak is not appropriate due to the vast differences between Apple's stance (not allowing certain applications that aren't different enough; not allowing applications that may strain relationships with carriers) and Google's.
    
    If anything this "jailbreak" is a gaping security hole that should be closed ASAP.    by ickyfehmleh
    
27. Quote:

    Originally Posted by ProbablyZack i love how they are "pumping out the updates" and i still haven't received one since i got the phone. RC19 for life?

    since the updates are coming through tmo's network, im sure google has very little power in how they're distributed OTA.
    
    ..doesn't stop google from pumping them out...    by smoger
    
28. the update has been postponed due to some new issues that have come up according to the mod over on the t-mobile forums    by Frito
    
29. Quote:

    Originally Posted by ickyfehmleh That's my point exactly -- there's no reason to "jailbreak" the phone, and comparing the G1/Android "jailbreak" to the iPhone jailbreak is not appropriate due to the vast differences between Apple's stance (not allowing certain applications that aren't different enough; not allowing applications that may strain relationships with carriers) and Google's. If anything this "jailbreak" is a gaping security hole that should be closed ASAP.

    10-4 ickyfemleh, i see your point. Its good they fixed it then, go google!    by moooseman
    
30. I got the update. Did it sort of manually:
    
    1) use Any Cut to create a new Shortcut on your desktop
    2) pick Activity
    3) pick Device Info
    4) Tap on the new icon, scroll to the bottom and select Check for upgrade
    5) Phone will automatically download & install RC30
    6) Enjoy a safer phone    by ibano
    
31. Quote:

    Originally Posted by Frito the update has been postponed due to some new issues that have come up according to the mod over on the t-mobile forums

    and once again the forum mods over at t-mobile are wrong I just got the RC30 OTA on my phone lol    by Frito
    
32. Our two phones just got upgraded. One had the RC29 installed via SD, so it does confirm that upgrading on your own DOES NOT prevent the OTA upgrades from still coming.
    
    One upgraded earlier this evening, the second I AnyCut shortcut for "Device Info" and selected "Check for Upgrade" and it pushed it to the phone right away (you will see continuos data activity then the message to upgrade)
    
    The build is RC30 (116143)
    
    Also I don't see ANYTHING postponed.... They may have had a halt on OTA for a short time but it seems to be over.    by NPS_CA
    
33. Summary of the RC29/RC30 saga
    
    In short, while OTA update for RC29 was being pushed, someone found a security exploit that compromised data and operational security on the phone, so Google stopped pushing RC29 and instead worked on a fix, i.e. RC30, which is being pushed out as we speak.
    
    The only people who are therefore impacted by the security vulnerability are people who updated to RC29.    by ghoonk
    
34. try the uk - we have had NO updates and stuck on our odd RC7 version    by maclondon
    
35. I just want to be able to run my apps from sd card that all I care about at the moment.    by Knightairman
    
36. Just got the RC30 OTA update installed.    by Sun Diego
    
37. Quote:

    Originally Posted by ibano I got the update. Did it sort of manually: 1) use Any Cut to create a new Shortcut on your desktop 2) pick Activity 3) pick Device Info 4) Tap on the new icon, scroll to the bottom and select Check for upgrade 5) Phone will automatically download & install RC30 6) Enjoy a safer phone

    This is great info... I don't like waiting for an OTA... and I wished there was a way to get the update ASAP... Thanks... *two thumbs up*    by endmp25
    
38. Although having root access the way we do is a security flaw, I feel we NEED a way to access it. Whether its passworded with say your gmail passwork in the terminal emulator or somethingg, having root will make the phone even more customizable than it already is. For everyone that wants themes and skins, from my understanding root would be required to accesss those files. Same way with changing icons or even changing the structure of an aspect of the phone. Let's say someone doesn't want the threaded messaging, that portion of the os can be rewriten so it displays as the classic messaging style. That can't be done without root though. Unless devs figure out how to load custome roms.
    Typing this from my g1 so sorry for any errors or typos    by octoberriot
    
39. This is gettin' kinda off-topic, but...
    
    octoberriot wrote:
    
    Quote:

    For everyone that wants themes and skins, from my understanding root would be required to accesss those files. Same way with changing icons...

    At present yes, but there's no reason it would have to in the future. Skins, icons, etc. could easily be changed without root. Do you need root login to to such chores on a Linux desktop or in Windows? Naaahh...
    
    Quote:

    ...or even changing the structure of an aspect of the phone.

    Structure aspect??
    
    Quote:

    Let's say someone doesn't want the threaded messaging, that portion of the os can be rewriten so it displays as the classic messaging style.

    That's an application software matter not OS.    by Crashdamage
    
40. rynosaur wrote:
    
    Quote:

    ...I'd PAY MONEY to have a nice KDE or Gnome desktop.

    KDE? Gnome?? Oh, noooo....something much simpler/lighter/faster/better. I can't stand either KDE or Gnome anyway.
    
    But, WTH, why are we talking about this? I mean, I like Android. I think it's a kick-ass start for a killer Linux-based mobile OS. Let's work on that and not waste time and effort on stuff like Debian-on-G1.    by Crashdamage
    
41. Quote:

    Originally Posted by rynosaur I don't think many of us could have successfully pulled off the Debian jailbreak as it was written. Hell, i had a hard time doing a GUI install of Ubuntu with a dual-boot Vista install. ... Besides, if a DEVELOPER is SMART they'll write a Linux distro custom-compiled for the G1 that isn't risky for average dullards like me, and I'd PAY MONEY to have a nice KDE or Gnome desktop. HINT HINT!

    First you say that you had a hard time performing a GUI installation of Ubuntu, then you go on to say that you want a custom Linux distribution FOR YOUR CELL PHONE. Perhaps you yourself are in need if a 'hint hint': Google didn't pour money into the development of the Android APIs so people could wipe out all of their hard work and opt instead for a Linux installation. Yes, Google leveraged Linux's availability on such devices, but Android is much more than Just Another Linux Installation.    by ickyfehmleh
    
42. The AnyCut trick did not work on mine. Still stuck on RC19    by Oh.Diva
    
43. Quote:

    Originally Posted by oh.diva the anycut trick did not work on mine. Still stuck on rc19

    
    rc29!!! =)    by refused9150
    
44. hey all. I am really confused by some posts by a few members speaking about this as a "security hole".
    
    in order for this to become a security problem you would have to turn on telnetd and forget to turn it off.
    
    Because telnetd does not auto start a simple reboot would be enough for even a lazy person to "re-secure" their phone.
    
    Google wasted time stopping people from using their own device with no security gain.
    
    There is no gain from either the providers or Google by locking users out of the filesystem.    by soldair
    
45. Quote:

    Originally Posted by soldair hey all. I am really confused by some posts by a few members speaking about this as a "security hole". in order for this to become a security problem you would have to turn on telnetd and forget to turn it off. Because telnetd does not auto start a simple reboot would be enough for even a lazy person to "re-secure" their phone. Google wasted time stopping people from using their own device with no security gain. There is no gain from either the providers or Google by locking users out of the filesystem.

    ..except for the fact that *everything* you type goes through to the shell....    by smoger
    
46. hmm...well following a walkthrough i found somewhere on the "internet machine":
    
    • Yes i've taken my stock RC30 g1 and downgraded to RC29 taking advantage of the root shell bug to create a root shell just for meee
    • Yes i then upgraded to a modified RC30 which closed all the security holes in RC29, keeping of course root shell just for meeeeee
    • Yes i'm now using a custom theme and now use a custom boot screen for my g1 (pretty kool!)
    • Yes i have all my apps and app cache stored on my sdcard, and umm like over 50 apps with over 60 meg of system memory left on my phone
    • Yes imagine all of the possibilities my g1 can realize because of the BRILLIANT g1 Hax0rs out there (Special thanks to you sirs!!)
    • root access (IMO) to the G1 should only be for power users or those who have the ballz to take a chance (and risk bricking their $400 phone!) to accomplish something pretty rare and kool...period! not in the hands of an "average" lamer stupid r-tard; and to all you wussies who dont wanna root your phone, posting here and preaching the gospel to the rest of us about how it's not right to root your phone, remember your driving a le-mans, I'm driving a GTO baby Yeahhh, they look the same, but its wats under da hood dat counts, ya dig?? ROFL...
    • And remember if your G1 is NOT rooted, well then My g1 can kick your G1s a## any-day-of-the-week!
    Bye bye now!    by bugmenot1
    
47. Thank you for resurrecting a two-month old thread.    by ickyfehmleh