樂天在 2018 也要進入日本行動電話的市場...

Twitter 上看到的:「第4の携帯電話会社 楽天が来年申請へ」。

IT大手の「楽天」は、NTTドコモ、KDDI、ソフトバンクのようにみずから基地局を備える携帯電話会社を近く設立し、来年、総務省に電波の割り当てを申請することが明らかになりました。認可を受ければ、国内に“第4の携帯電話会社”が誕生することになります。

丟出申請建立基地台的執照,現在是審核的狀態... 在台灣有點像是「第一類電信事業經營者」中行動相關的部份 (參考維基百科「臺灣電信業者列表」這邊的說明)。

這樣可以看看會端出什麼方案跟現有三家競爭... 對觀光客應該也有影響。

iPhone 的電池與效能

Hacker News 上看到 Reddit 上的這則說明:「PSA: iPhone slow? Try replacing your battery!」。

他提到他的 iPhone 6S 很慢,本來以為是 iOS 11 導致的,結果發現他弟弟 (或是哥哥?) 的 iPhone 6 也是跑 iOS 11,但是快很多... 所以他就試著研究,最後決定換電池:

My iPhone 6S has been very slow these past few weeks, and even after updating multiple times, it was still slow. Couldn’t figure out why, but just thought that iOS 11 was still awful to me. Then I used my brother’s iPhone 6 Plus and his was... faster than mine? This is when I knew something was wrong. So, I did some research, and decided to replace my battery.

結果發現換電池後速度就上來了,上面這張是換電池之前,下面那張是換電池之後:

所以是在電力不足的情況下會降速?

iOS 上測試的軟體是 Geekbench 4,而官方也有給參考值 (Geekbench 的),在 iOS Benchmarks - Geekbench Browser 可以參考。如果在吃滿電、重開機,沒有背景的情況下還是很慢的話,有機會是類似的問題?

南韓出手調查 Google 未經同意蒐集位置資訊的問題了

在「就算關掉 Google 的定位服務也還是會蒐集位置資訊...」這邊提到的蒐集問題,南韓出手調查了:「Regulators question Google over location data」。

Regulators in South Korea summoned Google (GOOGL, Tech30) representatives this week to question them about a report that claimed the company was collecting data from Android devices even when location services were disabled.

英國也在看情況:

U.K. data protection officials are also looking into the matter.

美國與歐盟其他國家反而還沒看到消息... (不過美國有可能是以訴訟的方式進行)

解鎖 iPhone 的 Diper ID...

Twitter 上看到 Diper ID 這個糟糕的東西:

查了資料,操作方式可以從這個影片看到:

這明顯有資安問題啊 XDDD

microG 的進展...

留在 tab 上的東西,忘記在哪看到的... microG 發佈了新的專案:「LineageOS for microG」。

microG 是 AndroidGoogle 服務 API 的重新實作 (所以 open source),不像 Open GApps 還是屬於 proprietary software。

這次的事情是 microG 的人 fork 了 LineageOS 專案,因為 LineageOS 專案拒絕 microG 的 signature spoofing patch:

Why do we need a custom build of LineageOS to have microG? Can't I install microG on the official LineageOS?

MicroG requires a patch called "signature spoofing", which allows the microG's apps to spoof themselves as Google Apps. LineageOS' developers refused (multiple times) to include the patch, forcing us to fork their project.

另外也提到了他們覺得拒絕的原因很鳥:

Wait, on their FAQ page I see that they don't want to include the patch for security reasons. Is this ROM unsafe?

No. LineageOS' developers hide behind the "security reasons" shield, but in reality they don't care enough about the freedom of their users to risk to upset Google by giving them an alternative to the Play Services.
The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission can't be obtained automatically by the apps.

Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.

於是就 fork 了新的專案... 就觀察看看吧。

HTTP/2 時代的 API 設計

在「Let’s Stop Building APIs Around a Network Hack」這邊提到了以前為了解決 HTTP/1.1 的問題而發展出來的 workaround,在 2015 年發展出來的 HTTP/2 從底層直接解了不少問題,加上很快被許多瀏覽器支援 (就算不支援 HTTP/2 也只是降到 HTTP/1.1 跑,比較慢而已):

Guess what else was released in May 2015? RFC 7540, otherwise known as HTTP/2. In retrospect this seems highly poetic, as HTTP/2 kinda makes the compound document aspect of JSON-API a little bit pointless, and compound documents to me go hand in hand with what JSON-API is as a standard.

2012 年在 MOPCON 第一屆講的「API Design Optimized for Mobile Platform」剛好就是這個主題:

有種懷念感... XD

美國的電信商提供 API,讓第三方透過 IP 就可以知道你的真實身份

前陣子的報料,美國的電信商提供 API 給第三方,讓第三方可以用 IP address 查出你的真實身份:「Want to see something crazy? Open this link on your phone with WiFi turned off.」,像是這樣:

These services are using your mobile phone’s IP address to look up your phone number, your billing information and possibly your phone’s current location as provided by cell phone towers (no GPS or phone location services required).

目前所有的網站都已經被下架了,但可以從當時的截圖看到有多少資訊。AT&T 的新聞稿在「AT&T Helps Businesses Improve Mobile Transaction Security with New Mobile Identity API Toolkit」,新聞稿沒被下掉我猜可能是因為上市公司受法令限制的關係?

這其實是一個警示,說明了美國的電信商開始把大家一直認為極為隱私的資料賣給第三方:

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

而且作者在 GitHub 上看到有程式碼針對韓國電信商提供的 API 呼叫,所以韓國也有類似服務:

I found what looks like a third-party API implementation for a Korean Danal API on GitHub. The author wrote the code for South Korean telcos, so there may be differences with US carriers. The query parameters in the HTTP requests are similar to what I remember seeing in the Danal demo. It’s unclear from my reading of the code whether or not this API requires operation inside of e.g. a Danal Inc. hosted-iframe for identity confirmation. The diagram on page 4 of this documentation describing the Korean “Danal Pay” service appears to show the client interacting with the customer’s servers only.

台灣呢,嘿嘿...

波多黎各的 Project Loon 啟動

先前在「Alphabet (Google) 的 Project Loon 拿到授權,支援波多黎各的救災計畫」提到 Project Loon 當時還在研究要跟誰一起合作,現在確認會跟 AT&T 合作提供服務了:「Turning on Project Loon in Puerto Rico」。

Thanks to their support, we are now collaborating with AT&T to deliver emergency internet service to the hardest hit parts of the island.

接下來應該還會有不少數字丟出來... (像是透過 Project Loon 傳輸了多少資料,或是多少分鐘的語音通話)

Amazon Device Farm 支援讓使用者直接連上去 debug 了...

Amazon Device Farm 推出這樣的功能又朝著設備租賃服務更進一步了:「Amazon Device Farm Launches Direct Device Access for Private Devices」。

Now, with direct device access, mobile applications developers can use individual devices in their private test set as if they were directly connected to their local machine via USB. Developers can now test against a wide array of devices just like they would as if the devices were sitting on their desk.

這樣就可以使用更底層的東西了...

OnePlus OxygenOS 內建的 Malware

看到「OnePlus OxygenOS built-in analytics」這篇,講作者在聽連線時看到 OnePlus OxygenOS 內建的 Malware:

維基百科上的說明好像不怎麼意外啊:

一加(全稱:深圳市萬普拉斯科技有限公司,英語:OnePlus)是中國一家行動通訊終端裝置研製與軟體開發的企業,於2013年12月7日成立,主要開拓國外市場。

作者一開始看到各種行為,像是 screen_offscreen_onunlockabnormal_reboot

{
    "ty": 3,
    "dl": [
        {
            "id": "258cfeb1",
            "en": "screen_off",
            "ts": 1484177517017,
            "oed": [],
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, {
            "id": "258cfeb1",
            "en": "screen_on",
            "ts": 1484177826984,
            "oed": [],
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, {
            "id": "258cfeb1",
            "en": "unlock",
            "ts": 1484177827961,
            "oed": [],
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, {
            "id": "258cfeb1",
            "en": "abnormal_reboot",
            "ts": 1484178427035,
            "oed": [],
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, ...
    ]
}

然後是各種機器資訊,包括 MAC address、IMEI 之類的:

{
    "ty": 1,
    "dl": [
        {
            "ac": "",
            "av": "6.0.1",
            "bl": 82,
            "br": "OnePlus",
            "bs": "CHARGING",
            "co": "GB",
            "ga": 11511,
            "gc": 234,
            "ge": 6759424,
            "gn": 30,
            "iac": 1,
            "id": "258cfeb1",
            "im": "123456789012345,987654321098765",
            "imei1": "123456789012345",
            "it": 0,
            "la": "en",
            "log": "",
            "ma": "aa:bb:cc:dd:ee:ff",
            "mdmv": "1.06.160427",
            "mn": "ONE A2003",
            "nci": "23430,",
            "ncn": ",",
            "noi": "23430,",
            "non": "EE,",
            "not": "LTE,",
            "npc": "gb,",
            "npn": "07123456789,07987654321",
            "nwa": "aa:bb:cc:dd:ee:ff",
            "nwb": "ff:ee:dd:cc:bb:aa",
            "nwh": false,
            "nwl": 0,
            "nws": ""CHRISDCMOORE"",
            "ov": "Oxygen ONE A2003_24_161227",
            "pcba": "",
            "rh": 1920,
            "ro": false,
            "romv": "3.5.6",
            "rw": 1080,
            "sov": "A.27",
            "ts": 1484487017633,
            "tz": "GMT+0000"
        }
    ]
}

然後是開了什麼 app XDDD

{
    "ty": 4,
    "dl": [{
            "id": "258cfeb1",
            "pn": "com.Slack20003701",
            "pvc": "20003701",
            "tk": [
                [1484079940460, 1484079952177],
                [1484081525486, 1484081603191],
                [1484081603424, 1484081619211],
                ...
            ],
            "it": 0
        }, {
            "id": "258cfeb1",
            "pn": "com.microsoft.office.outlook170",
            "pvc": "170",
            "tk": [
                [1484084321735, 1484084333336],
                [1484084682578, 1484084683668],
                [1484084685843, 1484084688985],
                ...
            ],
            "it": 0
        }, ...
    ]
}

以及在 app 裡面做了什麼 XDDD (像是 ChromeTabbedActivity startRecentsActivity stopWifiSettingsActivity startSettings start)

{
    "ty": 2,
    "dl": [{
            "id": "258cfeb1",
            "pi": 12795,
            "si": "127951484342058637",
            "ts": 1484342058637,
            "pn": "com.android.chrome",
            "pvn": "55.0.2883.91",
            "pvc": 288309101,
            "cn": "ChromeTabbedActivity",
            "en": "start",
            "aed": [],
            "sa": true,
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, ... {
            "id": "258cfeb1",
            "pi": 4143,
            "si": "41431484342115589",
            "ts": 1484342115589,
            "pn": "com.android.systemui",
            "pvn": "1.1.0",
            "pvc": 0,
            "cn": "RecentsActivity",
            "en": "stop",
            "aed": [],
            "sa": true,
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, {
            "id": "258cfeb1",
            "pi": 26449,
            "si": "264491484342115620",
            "ts": 1484342115620,
            "pn": "com.android.settings",
            "pvn": "6.0.1",
            "pvc": 23,
            "cn": "WifiSettingsActivity",
            "en": "start",
            "aed": [],
            "sa": true,
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, ... {
            "id": "258cfeb1",
            "pi": 2608,
            "si": "26081484346421908",
            "ts": 1484346421908,
            "pn": "com.android.settings",
            "pvn": "6.0.1",
            "pvc": 23,
            "cn": "Settings",
            "en": "start",
            "aed": [],
            "sa": true,
            "it": 0,
            "rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
        }, ...
    ]
}

有人提供了移除的方法:

但你可以不要買這個牌子啊 XDDD