~kdsch/android-bulletin

cee092d39f2c23478ccb7f3f5bb72005577311b3 — Karl Schultheisz 3 years ago ac34626
README.md: improve
2 files changed, 18 insertions(+), 33 deletions(-)

D README
A README.md
D README => README +0 -33
@@ 1,33 0,0 @@
Suppose you have an Android device and you want load it with a
different operating system---like postmarketOS. Most Android
devices come with locked bootloaders, some of which are harder
to unlock than others. Many were never meant to be unlocked by
users. The reason is often that smartphones are sold at a
loss which is hoped to be regained through data-collecting
services that infringe on user privacy and promote consumption
through targeted advertising. Big tech has to remain in control
of these devices if it is going to recoup its lost revenue.

The movement for user freedom has two ways to cope with this situation.
First is to petition the government to regulate companies to treat
consumers better. Good luck; big tech has a powerful political lobby.
Second is to organize a community around exploiting vulnerabilities in
Android devices to liberate their users from corporate control.

When in possession of a particular Android device, it is critical to
get as much information about it as possible so that its vulnerabilities
can be understood. That is the rationale for compiling a database of
CVEs.


Android security bulletins are published only as HTML. To make them
more useful, we need to convert them into a database over which we can
run queries.

One way to do this is by developing a data model of the bulletins,
downloading the bulletin pages, analyzing them, and writing the data to
a file. Data modeling and analysis are tricky, because the data isn't
in a consistent format.

For file formats, nosql, sqlite, and csv were considered. CSV was chosen
because of simplicity and accessibility to a wide range of users.

A README.md => README.md +18 -0
@@ 0,0 1,18 @@
# android-bulletin

Android security bulletins are published only as HTML. `android-bulletin`
aims to make them more useful by compiling them into a clean and
consistent table.

The tool works on HTML files; it does not use the network. This makes
it flexible, as it can be used with other programs that are good at
downloading files.

To convert a bulletin list into a newline-delimited list of urls, use

	./android-bulletin urls <bulletin-list.html >urls.txt

To convert a set of HTML files into a CSV file, use

	./android-bulletin csv bulletin/*.html >vulns.csv