|
Android ereaders are very well suited for being spy devices. Whether that's important or not in the eyes of the beholder is another topic.
All system apps are signed with the same key. A "benign" app without explicit permissions (other that what's fair for its duty) can use IPC through the binder and leak your data using another "bening" app.
Case in point: the mediaScanner, whose duty is to scan files from user directories might have not the internet permission and the OTA updater might have not access to your local files. Since both are signed with the same key the mediascanner might leak your files through the OTA updater masquerading them as a normal update checking.
OFC the same applies to all android devices, not just ereaders. But the phone/tablet market has a lot of users and eyes behind it and it is even possible to install a different android build from somebody you trust more.
TL;DR: It is a matter of trust. If you don't trust onyx don't buy. If you bought but still don't trust the company and you do care about what's leaked then airport mode/LAN firewall is your only hope.
A pi-hole can be bypassed by hardcoding the IPs in the program.
|