Play Services have a way to install applications in the background (http://stackoverflow.com/questions/23695170/how-to-install-a...) that does a signature check, and refuse to work if the request didn't come from a Google App. Maybe they found a way to call that from Chrome's v8?
What makes me think so is that they claim to have installed a "BMX Game" (which I guess is on the Play Store), and I don't see any claim of it being automatically launched after the installation (Android >2.3 should block that).
That would be much better for Android than the alternatives. As far as I can tell, applications can only install stuff in the background if they are system applications (live into some /system subfolder, which Chrome does when preinstalled/installed from a GAPPS package) AND declade the "INSTALL_PACKAGES" permission in their manifest (Chrome doesn't).
That should be the only way, apart from getting root (but I guess they would have just said "we got root" then).
EDIT: Obviously all of this is just a guess. I'm just happy that there is no Chrome on my phone :) (but the WebView on Android 5.1 is based on Chromium - so i wonder if that's exploitable as well?)
Wouldn't Chrome be able to auto login on the play store website and click the install button there? There have been XSS attacks on the play store website allowing this before.
Beside this, Firefox is not really welcomed (and a drop is planned eventually) on F-Droid because it's really complex to build, depends on some closed source libraries (Google Play Services, for example) and has lots of tracking in it (everything is at least opt-out as far as I can tell, but the guys behind F-Droid aren't really keen on any kind of tracking it seems).
It's possible to build it without those problems (see Fennec on F-Droid in fact), but it takes a lot of time for someone to create a recipe, and it's prone to break on every upgrade (and that's why the last version of Fennec on F-Droid is based on Firefox 40).
I don't know if/how many of those problems apply on Firefox OS (I guess at least the complex build environment applies), but that's likely why you'll not find it on F-Droid anytime soon. Unless someone decides to pour lots and lots of energy into this.
>It's possible to build it without those problems (see Fennec on F-Droid in fact)
Fennec is stuck on 40 because of difficulties with building it, and even when one person managed to build it, .apk didn't start on others developers phone. A few people tried upgrading it to 41 and all failed, I guess fennec is kill now. I talked about it a few times on their IRC with people responsible for fennec.
This is a fork of TextSecure/Signal which drops the dependency on GCM and uses WebSockets instead (it seems quite up-to-date with origin as well).
For anyone wanting a pre-build copy, there is a non-official F-Droid repository hosting both the "main" Signal and the WebSocket fork here: https://fdroid.eutopia.cz/
You might be interested in Racoon[1], which is a desktop client (Java) for downloading apps from the Play Store, or into BlankStore [2][3], which is an alternative mobile client.
Interesting, I've been wondering about this myself lately, as I've started to read on an e-book reader ~30 minutes before going to sleep as a part of my routine. Too bad they only used iPads for this study.
I wonder if it's better for my sleep to read a "normal" book with the lights on, or if it's better to read with an ereader with the minimum amount of brightness on. I think I receive less blue light with the second case, but maybe it's more direct into my eyes?
I also wonder if there is a difference between a "normal, backlit screen" and an "e-ink frontlit screen" at the same brightness.
And it's a bummer that no-one sells an ereader with a "flux" mode.
I've found this nice answer on StackOverlow that show the differences between Anycast, GeoDNS and using an http redirect: http://stackoverflow.com/a/25678199
Great thanks! It looks like the questioner ended up using AWS Route 53, which supports this kind of thing. I'm not using AWS, and there are other options, but that is the kind of thing I am happy to offload to AWS.
>- google scam site checker, phone-home component for every site you visit
I don't really like it either, but that's not how it works. Firefox downloads an updated list of "non-safe" sites from Google every 30 minutes or so, and check sites against the local copy. A site get sent to Google only if there is a match in the local copy, to check that it's still "blacklisted"
>- google services (the things responsible for ads no less) just so you can stream videos on android (can't even build firefox without including that SDK)
>- adobe binary blob for DRM on netflix. (who even uses netflix on the browser?)
I don't like it neither, but I think a small blob for DRM is better than a whole closed addon. It's awful that it got pushed to every installation tho, instead of displaying a "download" button on Netflix and similar sites.
As for your question, it seems that tons of people do so.
OK so they advertise some sites you visit to Google, not all as i said.
removing Google services: fdroid goes to great pains to do that. i was actually doing that myself before. have you ever tried? it's hours and hours wasted changing code and scripts that were originally made optional but for some reason they drippe dropped the checks (I'm still to have enough time to track the commits that did this)
drm:agree with you there, no excuse not to be a download.
Your name is right in your profile, so pdx could have easily got your gender from it. Maybe pdx even opened your site, where you have a photo clearly showing your gender.
It's also possible that English is not pdx mother tongue, maybe pdx tongue is one of those where the male pronoun is used to refer to people when the sex is unknown. Also, while it's usage as this has been fading, "he" is defined as "Used to refer to a person or animal of unspecified sex" in many dictionaries, and someone could have been tough that in school (I have been).
You can also disable the "install" script and have it install stuff without any prompts like the play store, just go into the settings, scroll to the bottom and enable "Expert" and "Install using system-permission".
While we love more people testing the system/priv-app and root support in FDroid, keep in mind it is very very beta and not ready for general use. We did just have the core functionality professionally audited, and have fixed the issues they found.
What makes me think so is that they claim to have installed a "BMX Game" (which I guess is on the Play Store), and I don't see any claim of it being automatically launched after the installation (Android >2.3 should block that).
That would be much better for Android than the alternatives. As far as I can tell, applications can only install stuff in the background if they are system applications (live into some /system subfolder, which Chrome does when preinstalled/installed from a GAPPS package) AND declade the "INSTALL_PACKAGES" permission in their manifest (Chrome doesn't).
That should be the only way, apart from getting root (but I guess they would have just said "we got root" then).
EDIT: Obviously all of this is just a guess. I'm just happy that there is no Chrome on my phone :) (but the WebView on Android 5.1 is based on Chromium - so i wonder if that's exploitable as well?)