<div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Apr 22, 2012 at 5:43 PM, Charles Shapiro <span dir="ltr"><<a href="mailto:hooterpincher@gmail.com" target="_blank">hooterpincher@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
If you don't want Google to know all your secrets, you don't have to<br>
install the Google application suite. I would be Astonished if Google<br>
had magic hooks into Android itself. Since the source is open, anyone<br>
who found such a thing could (a) Blab it all over the blogosphere to<br>
great personal glory and (b) Remove it from his or her build. I see<br>
motive, means, and opportunity here.<br clear="all"><br></blockquote><div>So how does one tell if the released source is the same one used to build the installed binary?<br><br>Not to sound too fond of my tin foil beanie, but code on a web site is not by default the exact same code released and installed. It would be a terribly bad day for Google if that were the case.<br>
<br></div></div>Is it possible to take the released source code and compile it and then do a bitwise comparison or SHA256 sum of the binary on my phone to the compiled version to look for a match?<br>-- <br>-- <br>James P. Kinney III<br>
<br>As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as
they please, and those who survive will be left to contemplate the
outcome.<br>- <i><i><i><i>2011 Noam Chomsky<br><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i><br>
</div>