(Whoops, I fucked up a few http/https there. It should say that CM are only using HTTP, they aren't using ANY HTTPS at all. I had a misplaced sed there)
So much for a greater emphasis on security. How is this not one of the first things checked on? Providing encrypted messaging and permissions tuning on apps doesn't mean a whole lot if these sorts of bugs exist.
Yay! How do people make rookie mistakes like these? <i>Always</i> verify certificates, and, even better, hardcode the cert/CA fingerprint in your client (so it can't get replaced with a valid cert upstream).
CM's commitment to bringing support to legacy devices is admirable, but they bundle some very annoying, redundant and as OP says unsecured applications with their ROM packages.<p>CM Account, CM Updater, Movie Studio, File Manager and CM Wallpaper are all apps that I uninstall as soon as I flash a ROM to one of my devices.<p>Their CM File Manager for one is a totally redundant application that hasn't been updated in a long time, despite being broken (it doesn't work in Super User mode without done juggling about)<p>Their CM Account is one other thing that I find totally pointless.<p>CM would be better off bringing more innovative features to Android instead of just copying drivers from CAF and changing headers to say CM instead of CAF or AOSP.<p>The innovation in the Android ROM community has been coming from Paranoid Android, AOKP, Omni and Slim ROMs, and from the Xposed community.<p>They've been reduced to being a repo shepherd for certain devices, but most of their user base comes from people running "Unofficial" builds compiled by independent developers.<p>I think, as a start up, they'd be better off if they focused on features instead of just trying to market CM Phones that essentially run a Nexus like build of plain vanilla Android.
All I want is a fully open source phone from the radio firmware up. Android has been such a disappointment for me as a security conscious person, between googles questionable open source policies to the carrier hell it gets forced into and into the blackbox of radio protocols like GSM that far too often have DMA to the same segments of the CPU.<p>The whole point of FOSS is to be able to see what's going on, for freedom and control to the user. At this point I barely see Android as any better than IOS, aka, a very pretty jail for the user.
... So what youre saying is that my galaxy nexus' inability to list cm11 "M" releases (and forcing me to download them manually when they come out) is actually a security feature?
Another day, another block category.<p>> Content Blocked (content_filter_denied)
> Content Category: "Malicious Sources/Malnets"<p>Any idea why this site would be blocked at $BIGCORP?