Hi,
Anybody seen any actual implementations of a more secure permissions model for Android? That is, patched and compiled a kernel, used it in a custom ROM or anything like that?
A little background information:
The very first time, I tried to install an app from the Market, I was stunned to find the lack of options, in regard to which permissions I wanted to grant a certain app, when installed. It is all or nothing - "That can't be true?!", I said to myself, so I went looking for a way to control, which permissions were granted to an app, only to find out, that it's simply not possible (yes, I know you can hack the .apk, but that's besides the point here, and not very user friendly).
The solution (to be?):
While searching the net on this issue, I came across a paper written by a couple of Software Engineers, which seems quite interesting, and just about the perfect solution for my problem. However, I can't find any actual implementations on this - whether the authors didn't make any, or just didn't release it, I cannot say.
The paper I'm referring to, can be found here:
http://recluze.files.wordpress.com/2007/06/and-usage-nauman10.pdf
And another paper here:
http://www.list.gmu.edu/zhang/pub/asiaccs10-apex.pdf
After reading the papers, I went "OMG, that's freaking awesome! Where can I get that?" - So does anyone know something about this? Anything? Work-in-progress perhaps?
I'm very attracted to Android, being the number one open source mobile operating system, but the lack of security features is holding me back somewhat.
There's already posted an issue about this on Google Code - I urge everyone to go and put up a vote for this issue (login, and scroll to the bottom), in order to put some focus on it.
http://code.google.com/p/android/issues/detail?id=6266
In the meantime - anybody know of any patches?
Best regards,
Michael
Related
Hi all...
I was wondering if and how could be possible to port apks built for one tablet to another of different brand, i.e. I liked a lot the email client of the Samsung Galaxy 10.1 (with multiple email selector and recycle bin emptying feature), but many others are worth a try...
When I try simply to push the email.apk to my Iconia, it won't work (the icon diasppears from apps), if I try to install it I obtain an error (app not installed) probably due to a signing mismatch... I'd like really to learn how to do this, if possible. This knowledge will complete and accomplish any further request about personalization of our tablets, could be a great improvement being capable to get out the "system" you really want...
I tried to figure out how to use apk manager, but it's quite really difficult without some good suggestion, the thread is more than 200 pages long, and I got stoned before simply find out any usefull info about "system apks"...
TIA
I would like to know also. I want the Facebook account integration from the Galaxy.
Some apps are license by that manufacurer and would be considered wares.its a gray area please be careful. And make sure the Dec of all apps you use get paid
simple answer
couple of APK for galaxy are using CORE framework of the galaxy tabs firmware itself
that will not be possible to just install those apk.
such as
touchwizUI
status bar overlay (I mean the minimode menu with quick access), the quick access settings...
Email and Social things
It's their "Marketing Strenght" so they didn't make it easy to be "stolen" by other brands
I run just the dual clock, the memo, and eReader from samsung but I am running a custom firmware so that change many things
At this moment only 1 custom firmware does use Samsung as base, Virtuous Galaxy... but I have to warn that using custom firmware without following backup steps strictly or knowing the consequence is to AVOID.
sanaell said:
...
At this moment only 1 custom firmware does use Samsung as base, Virtuous Galaxy... but I have to warn that using custom firmware without following backup steps strictly or knowing the consequence is to AVOID.
Click to expand...
Click to collapse
first of all, thanks for your answer, and your warn...
I'd like to go deep in the question, as you correctly affirmed, virtuous galaxy's based upon Unity v5 kernel, but virtuous picasso also lays on the same structure, doesn't it?
right now I'm running m-dj's picasso 1.1.0 rom, wouldn't be possible, with any required modification, to run elsewhere coming apks?
I mean, think about having two different pcs, both with the same hardware and the same linux distro and kernel, wouldn't seem wierd that on one pc you could run an application that won't run on the other?
I'm thinking, if they wanted to protect their components why they didn't simply wrote hardware oriented kernels? Therefore, its a fact that on my iconia I can run either a Samsung or an Asus based rom, according to this, where is the cross-platform limit? I mean, is there some sort of documentation defining which part of these Android system is "really" open, under GPL, GNU or whatever structured property info list? I can't find any browsing the net... or maybe I've found too much, its almost impossible to understand what you can and what you can't...
I do not know the whole answer to this question.but I do know this much.if you have any.apk application that is for sale on the market or was installed for free on any device that it was not pre installed on. I would thing it would be considered pirated. As you did not buy it.nor did the developer give permission to run the API on your device.thou some apostle you buy can be installed across the devices you have registered with Googler
if im wrong people please correct me.I just think that developers that fallow rules and write great software MUST BE PAID.
erica_renee said:
I do not know the whole answer to this question.but I do know this much.if you have any.apk application that is for sale on the market or was installed for free on any device that it was not pre installed on. I would thing it would be considered pirated. As you did not buy it.nor did the developer give permission to run the API on your device.thou some apostle you buy can be installed across the devices you have registered with Googler
if im wrong people please correct me.I just think that developers that fallow rules and write great software MUST BE PAID.
Click to expand...
Click to collapse
Right and Wrong
if the application is a paid application and wasn't preinstalled on your tablet it is not really legal
if the application is free but cannot be installed from the market and you install it from other sources it's ok
if the application is from another tablet, and exclusively on this tablet do not expect run it on the stock firmware of your tablet, you have great chance to cannot run it simply, or get some random FC (such as from GALAXY because they use another structure on the file directory... so some application try to get the path and it's return an error, Or they are implemented and integrated with the kernel and that... you can't pass throught)
On my tablet I do run
ASUS widget
Galaxy widget (dual clock)
and some other application not from ACER.
now to get back to the OP
. you are on a virtuous... why not go on the virtuous Galaxy !!! if you want galaxy application... I don't get it...
sanaell said:
now to get back to the OP
. you are on a virtuous... why not go on the virtuous Galaxy !!! if you want galaxy application... I don't get it...
Click to expand...
Click to collapse
I agree to this explanation of yours, when I flash a rom different from the original, aware that's coming from a different brand, I'm more or less conscious that I'm doing something wrong. mmmf... that's philosophy... won't lose your time
The point is, I've tried the Galaxy rom, I don't like the interface, I don't like the extra bar functionalities, in short I mostly appreciated the Email.apk, most of all because it has a convenient "select all" function, even in the recycler bin (I can't stand with an email client stupid like the one embedded in the Acer version). In any case, given the impossibility to get the Galaxy Email, I'll buy a new one on the market...
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
AccEss-dEniEd said:
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Click to expand...
Click to collapse
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Assuming you have Exchange, does this not provide the management part?
AccEss-dEniEd said:
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
Click to expand...
Click to collapse
I currently work in the infrastructure of a good sized corporation. We're using IOS with a mixture of android hardware and there's some good news and bad news for what you want to do.
Good news is, like Jpcurrie said, exchange will handle remote wiping and locking the phone down. you can require the phone to use a PIN, remote wipe and and a bit more. As for locating the phone, Google actually has finally built in remote locating of your device and remote wipe as well. There's a couple good apps out there (lookout) will turn on your GPS and allow you to locate the phone and they're free. If you happen to have a virtualized environment with VMware, you could also use VMware View Horizons which builds in a secure sector on the phone and you can remotely manage which apps and files the user can use. the best part of View is you can use a BYOD model and keep corporate data secure. The biggest issue is if you don't happen to already use a VMware architecture it gets pricey quickly.
Here's the rub now. you want to install your own logos on the bootup which you could do by installing a custom ROM. This will void your warranty on the hardware and as it isn't 100% stable you'll be spending a LOT of time trying to keep a consistent environment.
Like netsyd said, talk to management about an MDM, and the branding of the devices, maybe even talk to them about using a BYOD to reduce costs of hardware and administration of that hardware.
Isn´t Knox supposed to allow administrators to only delete the data that belongs to the Corporate account (emails, calendars, tasks, etc.), or an administrator can still force a full device wipe? Sorry if the questions is too basic, I've tried searching around for info on Knox but couldn't find anything besides press releases.
I'm not a network administrator, I'm just a user and my school secure wifi installs a device administrator.
I'm sorry to deviate the topic a little bit from the original.
At Delta we use Air Watch but it's far from free. You can however manage devices and remote wipe. You can also view installed apps and remove what should not be there. Options for device profiles also. I help maintain these devices everyday. Not Free but an MDM is your best bet.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
long time - no see
Hiya,
sorry I didn t answer - kinda was overwhelmed with this Task.
Wanted still to thank you: I did what you suggestet and wanted to let you know where I am now.
1. Meraki = implemented - now runnning 160+ devices. (at no costs)
2. CM12.1 implemented (without GAPPS/no SU)
3. Standard Image/w Apps defined. (Mostly Offline capable Tools like "here" etc.(which actually reduced costs))
4. Since Android has limited capability to be administered in a "real" professional Fashion we mitigated this issue by creating a policy to forbid the user to temper with the device (e.g. Installation of Software/SU etc) yet to allow the Installation of Software manually by us via creating a ticket. We check the Software mainly for "sanity" and malware and install it if ok.
This has been working so far like a charm for us. None of the user were happy to loose the Gapps obviously - but once they had their Software and settled in, all was ok. For the Administering part: Meraki can tell me if Software is beeing installed without our Knowledge, also we see if SM doesnt speak with us anymore. So, for now, we got the most out of the System and I am happy to say: I got minimal Control in a Quality sense. No no more "KO Critera" - and we have implemented Android. Tracking etc. is forbidden in Germany anyway - so we use Meraki mainly to wipe if lost and to check if someone goes against policy.
What is still open:
- I am still working on a way to have the user enter his credentials and automatically enter These in all respective config files. (haven't had much luck - with the absense of SU obviously.
- a Little cosmetics still open (I am still trying to figure out how the theming really works ... I usually f**k up the Pictures and sounds.... but so far making Progress
- with less and less good Android devices coming out (now, I am probably beeing flamed now ) that suits our needs (open bootloader, known/supported CPUs, removable battery, SD Card Slot) - I think we might Switch by Q4/2016.
netsyd said:
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Click to expand...
Click to collapse
First of all, forgive me if this is not the right forum to ask this question, because I'm not sure what is.
Hi everyone,
So the company that provides the TV channels in my country (like the cable companies in the US) has a streaming service that streams most of these channels online to phones, tablets, computers.
The problem is that their app is, according to them "not supported on hacked devices". Just so we're clear, we're talking about Android here, and hacked = root/custom rom, which this stupid company considers illegal. In some devices, they check both root and custom rom, in some only one of them, and in some the app will work even if you have both. For example, on my Nexus 4 the app worked with stock rom that was rooted. Now that I am running a custom rom, trying to hide root using various apps does not work. So obviously the problem, with my device at least, is running the custom rom.
I'm currently learning Java & Android development and have decided to use the little knowledge that I have to try to find the lines of code responsible for this idiotic check.
I looked up many tools for decompiling apps and have finally found a good one, called JadX.
http://androidcracking.blogspot.co.i...ler.html#links
This decompiler is excellent, but gives me a scary amount of code files to look. Even so, trying to search all of them (JadX has that functionality) for the code that checks for root/custom rom has turned up nothing. I have also tried to search for the message they give me when I open the app (about hacked devices not working) but I found nothing, again.
One more thing - a developer that also tried to solve this problem said he traced the problem back to DxDrmDlcCore. I searched it, found it a some class, but not sure what to do now (delete the entire class and recompile?)
Can someone here direct me towards what I need to be looking for?
OR
Is the solution really simple, such as editing my build.prop? Someone suggested it once, but did not know what lines to edit.
If someone is ready to step up to the challenge, I can upload the apk.
Thank you!
So just got my hands on one of these. One thing I noticed/realized that would be a big deal for my intended usage is being able to enable multi-user functionality so each person that uses it can log in to their own profile.
So far on researching I have seen very little discussion on this matter. At best I see no option in the stock rom and no mentions in third party roms. If this is indeed available in third party roms I would not be averse to giving them a shot. I have also seen build.prop edits to enable that and they seem to be the same edit across devices so I'm assuming it is a standard android thing. I haven't had a chance yet to root my Player but is there a chance adding these build.prop options could also work on the stock rom?
Thoughts? Btw, I have already updated to Marshmallow however I did find a post around here that seems to indicate it is still relatively easy to root so once I get time today I am going to go down that route regardless.
I've seen a workaround that has you side-load gmail apk onto the nexus player, which in turn lets you add an account. Then, there are some apps that check for multiple accounts. Haven't tried yet, I think it might no longer work with YouTube like it used to.
Let's get this escalated to google - star this issue to get it some attention.
https://code.google.com/p/android/issues/detail?id=170121
I would really like some info on this! cr08 if you are going to mention builprop edits please at least consider linking the info you refer to haha thanks!
Ok, so I got an old Nook Simple Touch. In part because they can be had for such a cheap price on eBay these days and in part because they're among the few eInk based devices that run on Android and can actually be unlocked and more done with them than the manufacturers intended (I've used an old Kindle and man I hate how locked down and generally useless they are.) Actually, I was hoping I could do some neat stuff like setup daydream with weather info and a clock and all on it while the screen was "off" but I guess I forgot that this is a relatively new thing and it looks like it's based on a really really old Android version? Either way, I'm so used to CyanogenMod and its relatively near to AOSP nature that this thing is feeling horribly limiting and unpleasant to use for me.
Anyway, I've been searching around for various guides and such. I've found tools for rooting and putting the Google Market (yeesh, I forgot they used to call it "Market" ages ago.) It seems I needed to update the system to 1.1 for this (I had bootloops until I did, so clearly you have to have the right system version.) It seems there is a newer version or two beyond this though, but I didn't see root tools (I'm still hoping I can do more with this that might require root access to actually do.) Should I be updating beyond that? Namely, are there tools to actually root and all if I do?
Also, in the meantime, I'm running into troubles with the plain and simple fact that neither Google Market nor Amazon's app store installed by these tools work which may not be fixable. The thread on here says to add an account through Youtube first, then go to gmail and manually refresh over and over until it eventually crashes. After probably 15 minutes of this my hands were too tired to continue though. I just don't think it's supposed to take 15 minutes though. When I start the market it doesn't crash like that guide mentions either. Is there any other way to fix this? Is there any point? Obviously the market app is quite old, so perhaps it's simply never going to work? Is there some alternative way to find stuff that actually works on the NST? I thought to do F-Droid, but even it requires a newer SDK version apparently (I'm getting kind of curious what version of Android its base corresponds to. Does it predate 2.2? If so I may be in trouble since I don't think any of the stuff I was hoping I could put on there will go lower than 2.2.)
For this matter, is there a better way I can do stuff like loading apps? I was hoping to at least have a file manager to be able to use do stuff, but they didn't include one. I'll probably have to track down an apk. For now I'm having to actually use the network adb (I installed the version of the tools that was supposed to do adb over USB, but it doesn't even show up as an adb device at all for me to even so much as install a driver, so I guess it's not doing adb over USB as it should. The network method seems to work, though I'm not a big fan of leaving it wide open like that on principle really, yet remembering to manually change it on and off is a pain too.)
I realize this is a really old device and probably it is very limited what I can really do with it, but I was hoping I could at least squeeze a bit of use out of it. In particular, I'm going to need a much better reading app even if I use it for its intended purpose only. When I looked it up I had thought it was a close enough to stock Android that I'd be able to load up most apps I guess and I didn't think it would be so hard to even get anything on it.
Whew!
OK, let's start with basics. You didn't say how you rooted it but if you're working from 1.1 you probably are not getting the best out of the device. 1.21 is the final stock version. If you can get your NST back to stock, I would recommend doing so. Considering what you seem to have done already probably the easiest way to go is to use the NookManager route. Go here. Follow the instructions. There is info there for adding a Gapps package after rooting. But first get yourself back to 1.21 stock. Once that's done you can either use the Search Market tool from the Gapps package, or find apps on your computer and have them show up on the NST via the PlayStore, or side-load apps from the SD card or via ADB (default on that is WiFi with NookManager--you can install the ADB Konnect app and it works fine). There are plenty of alternate readers that run on the NST. I happen to like the stock reader very much, but to each his/her own.
When all that's done, everything depends on what your expectations are and what you want from your NST. There are a variety of kernals out there as well as USB host/audio mods. Although the Android system is old and the display limits what you can do, there are many apps that run well on the device and I personally get a lot of use out of mine, even more now that I have audio. Check out what I've done (second post) and look at what others have done (in the same thread).
There's a lot of good info in this forum on modifications, apps that run well (and don't) and many tips and tricks.
I think I have most of what I need with that actually, yes. I didn't realize from the guides I initially found that you could root or install third party components with a > 1.1 system version. With that stuff I do have a semi-working Google Market now and can actually install a lot more stuff than I thought. I see also my favorite reader app not only works, but apparently knows I'm running it on a device with an eInk screen and defaults to having eInk adaptations turned on.
Is there any way it can do anything like what I had sort of envisioned before btw? Eg on the screen "off" mode have some sort of thing that shows weather or news or something that updates every so often? (Nevermind the clock thing, that's probably a bad idea. I was just wondering about dedicating it to being sort of something like a clock with it plugged in all the time. Now I think maybe I can stop using my tablet for reading and use this instead.)
Nazo said:
Is there any way it can do anything like what I had sort of envisioned before btw? Eg on the screen "off" mode have some sort of thing that shows weather or news or something that updates every so often? (Nevermind the clock thing, that's probably a bad idea. I was just wondering about dedicating it to being sort of something like a clock with it plugged in all the time. Now I think maybe I can stop using my tablet for reading and use this instead.)
Click to expand...
Click to collapse
Sounds like you are having CM lockscreen widget withdrawal
Actually that seems like a job for Tasker. But it would be potentially messy. You'd need to:
1. Clear image in custom screensaver folder
2. Turn on wi-fi
3. Open weather/whatever app to update info
4. Take screenshot and save to custom screensaver folder
5. Close app
6. Turn off wi-fi
At that point when the Nook goes to sleep the info will be displayed on the lock screen. The question is whether Tasker can wake up the Nook and repeat this at desired intervals when you're not using it.
Also, have a look here for something along the same lines. Maybe you'll get an idea.
Ironically on my phone and tablet I keep it really simple. It's just that the eInk screen of the Nook can essentially be "always on" so to speak without draining the battery like mad (since it would only actually need to wake up every half hour or so for a frequent update schedule.)
But, all that said, it just doesn't sound like this is really worth all the effort. I guess I'm actually more used to newer versions of Android mostly rather than CyanogenMod specifically as they just have more power in what these things can do. With the Nook -- even unlocked and opened up -- it really sounds like the amount of time and effort required to even remotely approach such a thing is orders of magnitude higher. Well, that's fine. I had initially thought that I might maybe just use it as some sort of really neat "smart clock" type thing (at $35-ish on eBay you won't find many clocks that could come close to doing what an Android device could theoretically do) but in the end I don't think this is really all that realistic and definitely not worth the effort. On the other hand, now that I'm able to get more stuff actually running on it and open up its capabilities more I'm thinking I could maybe use this thing for something more akin to its original intended purpose: reading. From time to time I want my tablet to be able to do a bit more and I think this can do pretty well everything I care about beyond the basic reading stuff, so maybe I can stop carrying my tablet around all the time. (And for stuff like music I have a dedicated multimedia phone courtesy of eBay that's much better off really.)