I'm finding a lot of threads about changing from pin/password to pattern unlock, but not having any luck in completely disabling the security feature BS...
Is it possible to completely eliminate the password lock required by my exchange server? I have tried lockpicker and no lock, neither of which worked.
I would like to keep syncing but am not going to deal with this unlocking all the time (they JUST started enforcing it)...any help would be appreciated.
BTW, running Calkulin's EViO 2 v 1.7 (sense, so HTC mail)
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Thanks...I figured it wouldn't be that easy but I had to ask.
Justin.G11 said:
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Click to expand...
Click to collapse
I get complaints all the time about policies. 99.999% of the time, the policies are created/approved by steering committees, the legal department or executive management. There is usually nothing IT can do about it as the policies are put into place for legal reasons or company security.
Additionally, if IT departments are not compliant in company policies there could be legal ramifications if the company has to comply with certain government guidelines.
And IT staff don't hate dealing with people...it sounds like your work environment is not like others.
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Khilbron said:
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Click to expand...
Click to collapse
Will look into that. Thank you very much!
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
awenthol said:
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
Click to expand...
Click to collapse
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Yes..this reply really isn't correct. There have been some sqlite modifications that can be made or using the mail.apk from this link (http://forum.xda-developers.com/showthread.php?t=775007) works perfect, even with the new CM7-RC2
Bypassing Exchange security
I had this same issue with my work email. My way of bypassing it and still using the stock Mail app is by installing widgetlocker. Unfortunately the newest version does not bypass your encryption, but the older version before the most recent update does. Also it allows you to fully customize your lockscreen and add widgets and what have you. All in all pretty cool app.
widgetlocker.teslacoilsw.com/general/widgetlocker-1-2-9/
(unfortunately because i have never posted before i cannot post links so pm if the link does not work)
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
ramiss said:
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
Click to expand...
Click to collapse
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
bkrodgers said:
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
Click to expand...
Click to collapse
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Sent from my "locked" device.
ramiss said:
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
Click to expand...
Click to collapse
Yes and no. There are approaches that are easier if you aren't securing the whole device, but that doesn't mean it can't still be hacked.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
Click to expand...
Click to collapse
Overall I agree with that, although I think at a company that offers mobile email, there's a sort of "peer pressure" to use it. Not to say that's a good reason. I'd imagine that it'd be hard for a company to actually require you to use mobile email on your personal device -- if your job truly requires it, I'd think they'd have to provide you a device if you don't have a compatible device or aren't willing to use it that way. So yes, you're probably right that you have the choice. It doesn't mean that we can't complain though.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Click to expand...
Click to collapse
If it's really lost forever, yes. But what if:
- The exchange admin sends the wipe command to the wrong phone. ("Hi, I'm John Smith and I've lost my phone.")
- The "wipe after X invalid passcode" policy is enabled. A friend or a kid picks up the phone and tries to play with it. Whoops.
- Something else goes wrong...bottom line is that the company should have no right to wipe anything other than their own data.
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
matt2053 said:
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=775007
awenthol said:
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
Click to expand...
Click to collapse
Your Exchange Admin (or you depending on the version of Exchange you're using) has the ability to remotely wipe your device in the event it gets stolen/lost.
Could anyone give a brief possible explanation of why I can connect to my exchange server easily using Touchdown, but not using the Android integrated Exchange Account Sync?
Sent from my PC36100 using XDA App
Just found this thread as I've encountered the same issue on a HTC Sensation, just setup Exchange ActiveSync, and bam, have to set up the PIN lock on the phone.
However I've noticed that once you've done it, you can then go into Settings, Security and change the timeout before it locks up to 1 hour (I think that is dependent on your company setting). Mine was defaulting to every time the screen locked, but changing it to 1 hour I find I hardly ever have to unlock the phone now apart from first thing in the morning as I tend to use it regularly through the day.
Related
Hey Everyone,
Wanted to tell all of you about a neat app we're developing, called Flexilis.
It's a mobile security suite for Windows Mobile devices, that keeps your device and data safe from loss, theft, hackers, viruses, malware, spam, and more.
We've currently opened signups for our private beta testing, if you're interested in checking it out, just hit up http://beta.flexilis.com and sign up, and feel free to chat about the product here
If anyone has questions or runs into trouble, just shoot us an email at [email protected] and we'll help you out!
-Chris
Community Director,
Flexilis Inc.
[email protected]
Also, if any of you request an invite and it hasnt gotten granted within a day or so, let me know and I'll take care of it.
If you weren't asking for so much personal information, you might actually get people to try your app...
we're actually working on revising that, the reason we ask for the phone number is because it's used to sms you your download link for the software later on in the process, we're in the process of moving that to later on in the process, as well as an explanation of why we ask for it.
Thanks for the feedback!
-Chris
NRGZ28 said:
If you weren't asking for so much personal information, you might actually get people to try your app...
Click to expand...
Click to collapse
Hey man,
nice thing with this soft, that we give the phone number is not so a big problem i think. could you post a little bit infos about the program? Cause on your side there a not many informations.
But i ithink i'll give it a try...
I just have one little question, on you privacy page you write:
When you use the Flexilis Services, our servers automatically record certain information about your usage. These logs may include information such as the IP address, mobile device identification number, phone number, operating system, version information, wireless carrier, web requests, browser type, browser language, referring pages, landing pages, pages viewed, or other usage information.
Click to expand...
Click to collapse
Why do record the pages we visit?
we're still working on a little bit of a tour/walkthrough area of the software on the front page, as we get closer to public beta, but for now there's nothing there yet. My first post in this thread gives a brief summary of it though. Feel free to shoot me an email at [email protected] with any questions!
-Chris
There's nothing in the software that tracks the pages you view or anything, what that refers to is on our end we track what pages users use on the flexilis website the most, much the same way other websites do, to track what pages and content on our site our most popular, etc.
JeckyllHavok said:
I just have one little question, on you privacy page you write:
Why do record the pages we visit?
Click to expand...
Click to collapse
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
No worries
1] once it's authorized the first time, it shouldnt have to authorize again, what kind of phone are you authorizing it on? we're making some fixes to the authorization process to make it even simpler that should roll out in the next release.
2] if you're outside of the US, you might need to add your country code and such if that's the case, let me know, or send me an email to [email protected] so we can look into it.
3] per all authorization questions, it'll try til its authorized, again we're fixing this.
4] per the it being hidden from task managers, we've given this some discussion, for right now it's a security feature to try to prevent theives from disabling the software, though we might fix that in the future to have the app visible in there somehow.
As far as being more indepth on all of the features, we are working on a tour of sorts to explain it all before the beta goes public.
Thanks for the feedback!
-Chris
mrcaze said:
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
Click to expand...
Click to collapse
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
fredcatsmommy: sorry it didnt work out for you. hopefully in the future when that's fixed (should be less than a week), we can lure you back, it does some amazing stuff, but we do run into bugs from time to time due to the vast number of windows mobile devices out there, and only having a small test bed of them to work with. Keep your eyes peeled, and we'll have that fixed soon!
fredcatsmommy said:
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
Click to expand...
Click to collapse
I think you need to tell us what the app actually does?
I have read this and your site and still don't know what it does?
Will hold off on trying it till I know.
How long is the initializing and activating supposed to take?
seriously, the authorizing bugs should have been worked out before releasing a beta here. we cant even tell if its running, authorizing, stealing information from our devices, etc.. I surely hope this is a legit app youre pushing, if so, FIX IT, so we can at least see what it does.
thx
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Advertising your application for beta purposes is usually not a problem. But, it seems you are here more for "recruiting" testers than anything else. Looks like you joined for this purpose only.
My suggestion to you, is to give a little more description on your develpoment. Seems there are too many questions going unanswered here.
jhw549 said:
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Click to expand...
Click to collapse
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Polargoat said:
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Click to expand...
Click to collapse
I have an HTC Mobul/Titan using default Rom/Radio with WinMo 6.1
To install it I just did what I would any other and installed it onto internal memory...
Correction: The application works just fine if you don't have push e-mail (aren't connected to a remote exchange server), I have been having problems all day with my push e-mail from mail2web which I use to forward my work e-mail to my phone. I have therefore decided to remove it as I can't afford to have it interfere with work.
Just a heads up, somehow someone compromised my account, and was able to deactivate my phone, and activate their own EVO on my account, change plans, and change all the security info, PIN security question, and security email. A bit of a wakeup call, running rooted phones, installing apps that give themselves unfettered access...
Yes, "its your own damn fault", but whatever, just keep your eyes constantly peeled, and make sure your sprint "myaccount" settings are secure...
What ROM where you using? Any idea what apps you had installed that might have been compromising your data?
Take some screenshots of all your installed apps. Couldn't hurt.
This is more of a Sprint thing. They have a problem with internal fraud
Was using CM6 at the time. According to the rep I spoke with (that actually helped me, the first guy was a turd), they had been calling in between the 28th and 30th, on the 30th they were able to remove my device and add theirs.
I don't think it was any of the apps I have installed. I'm thinking it was either an inside job, or someone else (ie, haxor) on Sprint's nodes during the last week sniffing packets. Reason I think that is that they seemed to have compromised the security by way of changing the e-mail address that security updates go to. I don't know, its just a crappy feeling overall. Kind of like when I was mugged many years ago...
hondoslack said:
Was using CM6 at the time. According to the rep I spoke with (that actually helped me, the first guy was a turd), they had been calling in between the 28th and 30th, on the 30th they were able to remove my device and add theirs.
I don't think it was any of the apps I have installed. I'm thinking it was either an inside job, or someone else (ie, haxor) on Sprint's nodes during the last week sniffing packets. Reason I think that is that they seemed to have compromised the security by way of changing the e-mail address that security updates go to. I don't know, its just a crappy feeling overall. Kind of like when I was mugged many years ago...
Click to expand...
Click to collapse
Sprint should should just clone that account, deactivate it, ban the new ESN.
I fail to see the benefit of account jacking (especially after account owner's phone gets deactivated)
jerryparid said:
Sprint should should just clone that account, deactivate it, ban the new ESN.
I fail to see the benefit of account jacking (especially after account owner's phone gets deactivated)
Click to expand...
Click to collapse
I like what happens (and it rarely happens,Ive heard stories of things that have happened way back,which are always good for a chuckle) where I work when someone does something illegal,or commits crimes using sensitive information at work. The US Marshals come,drag them out in handcuffs for everyone to see and then they get their room and board on the US Government for the next few years.
Every phone is legally required to have GPS that is available at all times and it sounds like they are committing identity theft. Have the police, or if they are in a different state possibly FBI, go get them.
This was an inside job and has nothing to do with your ROM or the fact that you rooted your phone. Threads like this could easily scare people away from rooting for no good reason.
I think you might have gave someone your info!!
dallashigh said:
This was an inside job and has nothing to do with your ROM or the fact that you rooted your phone. Threads like this could easily scare people away from rooting for no good reason.
Click to expand...
Click to collapse
This may not have had anything to do with his phone being rooted but it is possible that could have had something to do with it too. When you root your phone you are effectively bypassing just about every single security feature put on there.
You are lying to yourself if you think rooting your phone doesn't make your information much easier to steal.
jahnile said:
This is a strange story, def.ly a wake up call.
http://WWW.rootznculture.com
Click to expand...
Click to collapse
NVM wrong thread
xHausx said:
This may not have had anything to do with his phone being rooted but it is possible that could have had something to do with it too. When you root your phone you are effectively bypassing just about every single security feature put on there.
You are lying to yourself if you think rooting your phone doesn't make your information much easier to steal.
Click to expand...
Click to collapse
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
dallashigh said:
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
Click to expand...
Click to collapse
You say any app with root can do just about anything, you just confirmed what I said. If whatever terminal app you are using can give you root(superuser) access without a password than any app can do it.
A SSH shell is for communicating over a network, it has nothing to do with root access.
If you read recently at defcon someone showed a market app that could root your phone without your permission and take some private info. So without root your screwed to. So you can probably blame an app before root. Also all data is encrypted so I doubt it was a packet sniffer.
This is a Sprint issue. I've seen and heard of it happening way too many times for me to assume that it's Android related even in the slightest bit.
I don't really think it's fair to lump rooting and basic modification in with account theft. There are always multiple sides to any story.
dallashigh said:
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
Click to expand...
Click to collapse
Then what is this article referring to? http://phandroid.com/2010/07/31/hackers-release-data-stealing-program-to-push-google-to-plug-holes-at-security-conference/
xHausx said:
You say any app with root can do just about anything, you just confirmed what I said. If whatever terminal app you are using can give you root(superuser) access without a password than any app can do it.
Click to expand...
Click to collapse
Sure you don't have to enter a password, but the first time the app runs, you DO have to confirm that you want to give it root access. And again that would be the APP that is malicious and not the mere fact that your phone is rooted.
xHausx said:
A SSH shell is for communicating over a network, it has nothing to do with root access.
Click to expand...
Click to collapse
I know what SSH is. I'm not an idiot. An SSH server is something that would actually put your device at risk of being remotely accessed without your knowledge or permission.
redrazr7791 said:
Then what is this article referring to? http://phandroid.com/2010/07/31/hackers-release-data-stealing-program-to-push-google-to-plug-holes-at-security-conference/
Click to expand...
Click to collapse
They distributed a trojan that installed malware at the same time it rooted your phone.
After reading the article about TaintDroid (http://www.digitaltrends.com/comput...oid-apps-secretly-sharing-your-personal-data/), and how a significant portion of the apps were sending back data when not required to....I must admit, I am a bit concerned about security on my Nexus.
What are you all doing to be safe with your information on your phone? Is there a firewall that any of you are using to deny apps the ability to transmit data?
And please no responses like "don't log into anything or enter any passwords for anything on the phone" ...because then we might as well be rocking blackberries and not a phone like this with a capable browser.
"Name and shame" is the best way for an open system to eradicate this stuff
Damn alarmist journalism. Scare everybody into a corner, and then come out with a product that magically makes it all right.
Personally, I don't do anything different. I don't see why you should.
there's a firewall app that will let you block internet access to specific apps
i think it's called droidwall
Wallpapergate...
This whole issue is a joke, I agree something to monitor outgoing information would be great, I doubt however that someone who want to steal your info would sent it out unencrypted so catching this may not be easy at all..
As for this new episode of the WallPaperGate again, the info this application send is common on any platform, if you ever paid for an app on handhango or such site, the first thing they do is to ask your imei so that the app can be linked (ie DRM) to your phone… in this case the guy use imei as a cookie so that he can offer the correct screen resolution.
I would like to point out that one of the sponsor of this “studies” that target only android device is Intel who have interest into many thing including MeeGo and off course MeeGo is much safer than android…
My 2 cents…
Forgive me if this is in the wrong place.
As stated in the title, I'm willing to offer a $50 bounty to anyone who can create this app for me, the perfect thief catcher app. Here's how it works:
The app runs in the background constantly (possibly as a service to avoid task killers), so it must be as minimal as possible. Upon receipt of a specifically worded text message, the app will trigger the GPS and wait 5-10 minutes for full lock. After this time has passed, the app will text the GPS coordinates to a preconfigured email address and then disable the GPS.
Optional function: Activate the front facing cam (silently and invisibly if possible), take a picture, and attach to said text message to be sent to preconfigured email address.
The main focus of this app is to accurately capture the location of the device while being light on battery, so that optimal capture can take place in the event the device is stolen.
If something like this already exists, please let me know so that I can donate to that developer.
Specifics: I have an Evo with CM7, if it matters in coding the app at all.
Lookout has lost phone features similar to what you are asking for. I have Lookout on my phone, uses almost no battery.
They also have an app called Plan B that you can install after the phone is lost to get a GPS location on it.
Both are free.
I don't expect the bounty, but feel free to buy me a sandwich for helping.
Lookout causes too many problems from what I've seen. I'll check out the Plan B app.
Bounty is still up.
I'm not the "fastest" coder in the world, but I would hazard a guess of minimum 20 hours for development, testing, etc.
Great app idea but I'm not writing code for $2.50 an hour ...just sayn'
And Android OS prevents someone from NOT being able to stop a Service.
Try apps "Where's My Droid" or GPS Tracker. Both have remote activation capabilities.
________________________________
http://ron-droid.blogspot.com
rigman said:
Try apps "Where's My Droid" or GPS Tracker. Both have remote activation capabilities.
________________________________
http://ron-droid.blogspot.com
Click to expand...
Click to collapse
Did you read the entire OP? I realize WMD has a few of the features that I listed, but I want ALL of the features working like I stated.
I'm no coder, but I could quite easily make a Tasker profile to do this.
Sunsparc said:
Did you read the entire OP? I realize WMD has a few of the features that I listed, but I want ALL of the features working like I stated.
Click to expand...
Click to collapse
Yes I read the entire op and wasn't very impressed. Texting coordinates wouldn't be very reliable way to catch someone. There's a very good chance the person could be driving at the moment you send your activation text.
Same for turning on the camera. Highly unlikely they'd have the camera pointed at their face or anything recognizable. Or even if they did, probably couldn't make out much without the flash.
Just my opinion. But I'd much rather have an app that gave me continuous GPS coordinates as does the apps I suggested.
________________________________
http://ron-droid.blogspot.com
Look up Prey. it runs as a background service and has a lot of cool stuff. Google it, they have a whole web interface and everything, you can use the same service on your laptop under the same account. I think it would suit your needs.
Sent from my MIUI SCH-i500
The best lost/stolen app imo is Theft Aware. From the app's website:
Theft Aware runs (and this is worldwide UNIQUE) completely invisible in the background. That's right! Theft Aware is COMPLETELY INVISIBLE. You'll be able to remotely control your phone by SMS at any time. Theft Aware will reply to your commands by SMS as well. The sent or received SMS leave no trace on the mobile phone, no signal will alert the thief - who will feel safe!
Sure, as soon as the thief changes the SIM card of the phone, the phone number of it will change. NO PROBLEM. Theft Aware will detect the change and will inform your buddy automatically about the new phone number by SMS.
Click to expand...
Click to collapse
Best thing to do with lost or stolen phone?
-Call provider and they'll kill the phone.
-Buy new phone
Edit: Mainly a reply to an edited out part of a post but still applicable so I'll leave what I wrote
At 9.99 EUR, Theft Aware is far from free but I understand your point. It's good to watch for security and privacy issues. I would only caution that one could easily miss out on good/helpful apps if generalizations are made based on one bad app(le) or the possibility of one. But really this is what Android is all about...individual choice. To each their own.
I've been using Prey for a while now and I'm very happy with it.
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Sent from my Nexus One using XDA App
nutsnut said:
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Click to expand...
Click to collapse
Since you must not have read my first post...
If a thief changes the SIM card, Theft Aware will proactively send you the location and the new phone number of the thief to predefined friends of yours. Once you got the new number, you will again be able to locate your phone at any time.
Click to expand...
Click to collapse
So even if the SIM card is changed, the app will inform you the phone number associated with that new card by messaging both of the numbers you assigned when you set it up. Once you have that, you can message commands invisibly to that new number to control Theft Aware as well as now knowing the thief's phone number to hand over to police, your carrier, or to figure out the owner of that number on your own.
nutsnut said:
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
I think you mean if you have a gsm phone.. i have a CDMA, so I really don't need to worry about it. However, if i ever stole someones phone, the first thing I would do is take out the battery and let it sit on the shelf for a month or two until the previous owner has given up. And trust me, you will if it happens to you. It happened to me.
Sent from my HERO200 using XDA Premium App
Theft Aware
Theft Aware isn't sim card depending. If the sim gets changed a sms is sent to up to two notification numbers you define on installing theft aware.
it meets all requirements you specify (except that the location is sent via sms not email).
but that will soon be available via a webinterface where you can control your device.
I don't need the bounty either - try theft aware and buy a license. thats enough compensation as my company sells theft aware
Check out "watch droid"......
Every beginning thief knows that if you steal a smartphone you get out the body the battery and SIM card as first thing. Second thing is looking for hard reset instructions.
It should be something deeper than OS level.
Khisha said:
Every beginning thief knows that if you steal a smartphone you get out the body the battery and SIM card as first thing. Second thing is looking for hard reset instructions.
It should be something deeper than OS level.
Click to expand...
Click to collapse
It's been said a couple times that Theft Aware can detect a SIM card change and inform you of the new number so you can continue to control it through text messages. It will also survive a factory reset if you have rooted your phone and installed it appropriately. It won't survive a full data wipe like you would do when flashing a new ROM through recovery, but nothing can...that's the point of a full wipe. If you are waiting for or expecting something to come out that will persist through a full wipe, then you will never be satisfied.
For the Rezound,and other phones I guess, there is a modified Exchange server app that does away with the Administrator Rights requirement when connecting to some Exchange Servers.
Here is the issue. Mind you, this security policy only applies if the device supports it. Meaning one Android device or iPhone can connect without enabling Admin rights, while another one does.
But what happens, is that if the Exchange Server sees that the device supports it, it enforces this policy in order to set up and allow access to the email account. It gives the IT department COMPLETE control of your device. They can lock you out, format it, etc... Also, it forces you to set up a PIN, and it disables the camera and encrypts the storage of the device. So you can see how this an be an issue with a personal device. ANy pics you take, files you download, etc... are encrypted and can ONLY be accessed from the device. You cannot copy them to your PC and access them. Huge pain in the ass!
On the various ICS ROMs for the Rezound(the phone I have), there is a file that I can install, a modified Exchange.apk file, that lets me set up the account, and while it will force me to use a PIN, it ignores the rest and doesn't force me to disable the camera or encrypt the storage.
So, is there such an app for this device? Can I use the one for ICS that I use for the phone?
Any idears?
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
ekinnee said:
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
Click to expand...
Click to collapse
There is almost never a legal requirement, it is a corporate policy. I am using this type of modded Exchange.apk right now, have been for months.
The irony of the "security policy", is that if your phone does not support the feature, then the Exchange Server ignores it and lets the device right in with full access. It only affects certain devices. If I had a DroidX, no problem, Exchange lets me in. I upgrade to a Rezound, now I have to encrypt my entire device.
Don't use it if you don't want to, but many of us do, as this file is available for many phones. I just need to locate one for the N7.
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
I can't dig up the case at the moment, but for the record, there is absolutely president (at least in the U.S.) if a company requires you use a personal device for work, they have no legal recourse to require factory wipe access and may face steep penalties if they fire you as a result of you circumventing them.
Definitely an area where it's worthwhile to know both:
A. Your companies policies, in and out.
B. Your rights as a citizen of whichever country you reside in.
krelvinaz said:
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
Click to expand...
Click to collapse
Guys, I really don't need lectures on whether I should do it or not. I currently do it. I will continue to do it. I won't get in trouble at work, it is just how they set it up and they are not going to change it for me, but it is an inconvenience.
I just need to be able to do it on THIS device.
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
SquireSCA said:
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
Click to expand...
Click to collapse
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
mwalt2 said:
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Cool. I just got the thing a couple hours ago, so it is not unlocked or rooted yet, and you need that to install these.
The ones for the Rezound were made to install in the OS, not from Recovery, but once CM10 is out and stable, I will unlock and go to that and then I can use it. For now, my phone has it so I do have email on the go for work.
Thanks!