I'm working on implementing this for the company, and the annoying limitations on iOS is that you can't clone apps. If you want Gmail (as an example) as managed app, you can't have another Gmail as unmanaged app. While the company can't see inside the Gmail managed app (without the app itself explicitly providing that feature), the company can remove Gmail (and any local data inside the app) at any time.
Fun fact from the MDM implementation - the most private way (at least to the company policies) to have a company-connected device is to buy a separate phone and install company's MDM on it. On company provided devices, the company may locate company's assets at any time but doing so on a personal device is a privacy breach.
Yes, Apple hates the idea of work-badged apps that Android has. I have to admit, a lot of our users don't grok it either at first. However once they realise the benefits (the company has much less visibility, AND they can turn off the work section completely with the touch of a button) they usually come around pretty quickly.
The bad part of this is that apps have to specifically support the multiple profiles option, otherwise they can't be used for this.
And yes, I agree, that is the best way. We have the same restrictions for personal devices. Though I as an admin know we never use the locate functionality (and I know every person who has access to it).
Donyou know if account driven enrolment requires different phone numbers for the MDM managed apps and the personal ones? Specifically for the diaper app for example.
I don't believe they do, no. The numbers aren't all that important in terms of MDM. We don't even see the number if someone inserts a second private SIM in their company phone. We consider that personal information we shouldn't even know.
If it's a security issue fix, they should release it in one of the monthly security patch.
I also think that private space do not fix the underlying issue. If you have four apps and you don't want them to know about each other you can put one of them in main profile, work profile, app locker and you run out of profile for the last one. The way app locker work doesn't scale to tens of sandbox.
I know you didn't ask for this sort of answer, but you could use user profiles for this.
You can have more users on the "standard" AOSP Android as well, but with a certain AOSP-derived you can also have notifications forwarding.
Until they add Application List Scopes (I believe it's on the road map), in the exactly the same way users can now lie to apps they have only specific contacts in their contact list and only one or two specific folders in the Storage.
From what I understand Hyperlight's boot process is more similar to a microcontroller than a PC (although it use your CPU architecture) - the VM directly boot into your code. Unlike Firecracker, Hyperlight VM doesn't have any hardware while Firecracker do have VirtIO devices, serial console and keyboard so that traditional operating systems can be adapted to Firecracker. Host-Guest communication is done with shared memory.
I ordered my Pebble Time during February 2015 Kickstarter for $169. Today the Core Time 2 is $225 which is the exact same price adjusted for inflation.
The DHL shipping though I remembered it was $25 and it is still $25 today
That "price rise" indicates an inflation rate of 2.9%. The average inflation rate for the last 50 years is more like 3.5%. So it totally depends on your perspective. If you've only lived through low-inflation times, then yeah 2.9% seems high.
I'm in my 50's and my reaction to the same information was "yeah, seems about right".
Shizuku's license disallow 3rd party recompilation of the APK, fork or not. Presumably this is done to provide an option to legally takedown fake Shizuku which could contains backdoor. (The original APK is redistributable) Hence Shizuku is not on F-Droid.
F-Droid, however, allow the developer's binary to be reproduced if they have tested that the APK is reproducible when replacing the APK's signature with the original APK.
It allows recompilation, just not using the official logo. Similar to Firefox in Debian kind of issue.
Reproducible builds would allow distributing Shizuku in F-Droid, that’s correct. (If Shizuku banned third party builds by the means of code license, it would not be FOSS and thus wouldn’t be eligible for inclusion in F-Droid altogether.)
Kagi used to have limits on all plans, and I feel like associating cost to typos is a bad experience that you'd never have on ads-supported engines. Even now on starter plan (300/month) a mistyped query would cost you $0.0166 each.
Now I use the unlimited plan and so I search first, spellcheck later. Or sometimes it corrects it for me.
I wear a Garmin and I still miss my Pebble Time that died to swelling battery.
- Always on. Garmin has option to do that as well but it reduce the battery life to like 3 days. In outdoor my Pebble Time is very bright with zero backlight.
- 5 days battery. I went on a trip to Japan without its proprietary charger, by the time I board my flight back it was on power save mode and it died the moment the plane landed. Garmin could do this if you set it to power saving mode, but the Pebble is in standard mode. One could argue that the Garmin do have more stuff like health monitoring that Pebble didn't.
- Cheap and no frills. I want a second screen for my phone, not a health tracker. Originally my Pebble Time shipped with zero fitness features, and it later added a step counter once it's clear that the market direction go that way.
- Garmin is quite thick, Pebble Time is thinner
- The UI is simple - press up for past event, down for future event (calendar). Press the middle button for menu. Hold are configurable. Garmin has 4 main menus which are very confusing (fitness menu, shortcut menu, apps menu, system menu).
- Lots of free apps and watch faces which I actually used (like a music app that show album art). I don't see any apps I would want to use on the Garmin, and they're mostly paid. The "hide in a hole while ceiling crush the map" game on Pebble was really well done. Now my Garmin use the simple time in Verdana watch face because I cba to find a decent one.
- Even with low framerates, Pebble managed to deliver cute little animations. Replying to message show a flying paper plane, screen transitions have suitable animations (not generic ones like Android), and the best one is muting an apps show a Ostrich putting its head under the ground. The animation also hides how slow the hardware actually is, with later OS versions stalling over a second or two after a second long animation.
- I think the phone app UI is not as good as say, Apple Watch, but it focus on apps and the store without the fitness features. Garmin's app is entirely about fitness and they hide smartwatch stuff in a menu plus another separate Connect IQ app.
Overall the PebbleOS feel like a really solid and polished product than any smartwatch today. It do fewer things than most smartwatches, but that's all I care about and everything it does is very polished.
I believe the root detection is a form of security-by-obscurity. Bank applications are required to be obfuscated, so you can't simply statically decompile them. The other way to do that is to run the app and set runtime breakpoints, which you can't do on production firmware.
Once the application is decompiled the attacker then can proceed to pentest the bank backend, or find any frontend-only security measures to bypass. One attack I heard in local news is not even a hack at all - they simply make script that use the mobile application API to automatically move money between sock puppet bank accounts. Once a victim get scammed, the money move around quickly. For privacy banks do not provide information about unrelated cross-bank transfers so even cops can't easily trace the multiple hops. That specific bank got in the news for that "weak security"
Security of banking shouldn't depend on the client software, it should be enforced at the interface the clients use to talk to the bank. It shouldn't matter whether the banking app can be disassembled or not. As much as I detest browser-based authentication in general online banking websites got it right: you just use a browser (and it's in your best interest to use a trusted browser -- one trusted by you) but all the bank cares about is that the user has the necessary pieces for authentication, be it numerical codes, passwords, and 2FA tokens. The browser doesn't have to be a bank-signed edition of MS Edge, it can be Firefox or even a browser you wrote yourself. But a banking app is basically a black box that you would have to allow to run in your system in order for the bank to talk with the software the bank itself trusts.
In the back of the device there's a sticker over a screwhole. You'll need to poke a screwdriver in there, but inside is not a screw. It's an electrical contact to make the ROM read-write which your screwdriver needs to bridge, and stay bridged while the firmware is flashing (It is harmless if the contact is loss in the process, but I don't know if it would be safe to abort at that point) Pretty hard to convince someone to do that process, yet doable by anyone with a flathead screwdriver.
I guess nowadays it become Samsung's e-fuse where if you flash it blow an e-fuse and the status of the fuse is now detectable with software. Then apps can refuse to service people just because the custom firmware fuse was blown.
I use it for Thai result (and sometimes English result relevant to the Thailand region). I found the experience similar to Google. Not once that I need to !g, and the times I do wanted to check Google were producing similar garbage. It still doesn't filter blogspams (where a business website would produce low quality content to appears in keywords) nor pushing small websites - forums and personal blogs are almost non-existent in both result pages, even though it might have been popular result when searching for pre-social media era content.
The deranking & blocking feature doesn't help much as it only sort the result. There are multiple "web portal" that may be useful in one category (eg. entertainment news, travel content) but producing clickbaits in other category (eg. local news) so domain-wide blocking isn't exactly usable here.
Fun fact from the MDM implementation - the most private way (at least to the company policies) to have a company-connected device is to buy a separate phone and install company's MDM on it. On company provided devices, the company may locate company's assets at any time but doing so on a personal device is a privacy breach.
reply