Closed msdos closed 8 years ago
Well, I think most should be obvious:
Other binaries would be BusyBox and of course the native binaries of the framework itself, all of which can be found in the GitHub repositories under my name. With some technical background, a proper Linux installation and some time, I think it's not too hard to compile all of them using the scripts in this repository.
Does that answer your questions?
...sorry if the way I'm asking seems a little bit rude since everything of your project has always been open, specially because english is not my first language.
zips (like Xposed-Installer-Recovery.zip) have a bash script that installs app_process - that needs to be compiled like is said in https://github.com/rovo89/XposedTools/blob/beed70570e2e815802d8d67726c7936e3ad8209d/README.md and is available in your repositories like you said.
I think I need to do my homework first instead of pointing fingers of doubt upon others. :) You can close the issue and I will be passing by again if I have more doubts.
Thanks for answering.
It's OK 😉 Glad that I could clear up the doubts.
I've become aware of Xposed Framework mainly because it's a dependency of XPrivacy. Everything seems to good to be true, and quoting yourself @rovo89, "with great power comes great risk".
That's why, for such a powerful framework, I'm planning to compile it myself all source code. I know this doesn't mean it's completely safe from a security perspective (Heartbleed was here in the past to show us that being open source doesn't mean it's secure), I know I can't audit all source code, but I'm trying to remove all the odds and minimize the risks.
For example, SuperSU was already closed source, but, somehow, people trusted chainfire: I wouldn't trust it before and much less now that it's sold to a strange company. How can I trust a binary that has root access if it's source it's not available?
Don't get me wrong, I'm not saying you're creating malicious apks, we can even decompile the apks, the source is not that obfuscated, but, in theory, you could. That's ihnerent to how binaries work specially when I'm giving it root access. We have the same issue when using binayy blobs in official firmwares specially in a NSA era, but it's different from using something from an official vendor that you can even take it to court and your framework that is taken as is.
Superficially reading the source code, specially from XposedInstaller, we can see some jars
That I know I can decompile them in a worst case scenario, but I would like to know:
I believe more people may have the same doubts as me, so I thank you in advance if you can enlighten us in this matter. Anyways, congrats in having a module that has 8 million downloads in it's last version and couting.
I was inspired by this post that someone posted in xda forums. I even copied the jars example from there. Thanks. :)