My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
I think this has been discussed before, but maybe on a different phone (HeroC maybe) But essentially no there isn't away - to access the server the phone goes through a series of checks, one of the checks being that an appropraite pin was entered to unlock the phone. if that check fails, authentication to the server is denied. Someone *might* be able to spoof the check in the email app, but I am fairly sure its actually OS deep, not just within the mail client.
So it would be a large undertaking and potentially could cause you to loose your job by by passing security measures. I know I wouldn't think twice about firing someone who did it on my network.
No way that I know of, and is something that is on pretty much everyphone. Blackberrys the security policies can even block installation of 3rd party applications.
What's even more fun for you, is the ability of your it staff to lock you out of your phone or even remotely wipe your phone.
Sent from my SPH-D700 using XDA Premium App
Restola said:
My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
Click to expand...
Click to collapse
I think you are stuck. Do you have the option of getting a company-supplied phone to access the company email, and keep your personal Android separate?
There is a thread in Q&A talking about an app that does this.
Do you BONSAI?
Actually there is a way I had to do it to my coworkers phone for her pattern lock
What u need: locked phone phones #, wifi or u can use wifi tether if u have another phone
1. Call the persons phone #
2. Leave phone call connected on both sides
3. Connect to wifi if u havnt already
4. Goto settings/accounts manager setting or what ever and log into a diff google account then it should require u to change the password to by pass it
Should work hopefully I read this thread correctly and answered appropietly
Edit sorry read it wrong and u don't think there is a way
My way is how u get around it
Sent from my Epic 4.1g bonsai plant
Here's the link to the thread that may help:
http://forum.xda-developers.com/showthread.php?t=1033017
I thought it was just being big brother, turns out its a regulatory requirement since we were bought by a publicly traded company. I guess I'll deal with it. If it pisses me off too much I'll just get rid of my exchange account on my phone and stop responding to emails when I'm not at my desk.
A possible workaround would be to try touhdwn for your exchange mail instead of the default mail client. Its a paid app but there should be a demo version in the market. I have a dp2 for work and they pay for touchdown for us. When using touhdown it pin locks just the app instead of whole phone. On my Droid at least moto customized the screen timeout and lock to be different timers so I found the pin to be less annoying than the interface of touchdown.
With the epics slightly bigger screen to make the TD interface a litte less annoying(lots of small buttons instead of utilizing menu button) and since epics lock is all or nothing I think I might actually use TD on my epic if I were getting my corp email there.
While not a complete removal of the pin maybe it would at least make it less annoying for you. Plus I'd guess if work catches you wihout a pin it might not go over well. TD solution lets you protect the email if you lose your phone, and does have a remote wipe for the same scenario.
Related
I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
tucka20 said:
I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
Click to expand...
Click to collapse
You can wipe your phone and create a new account. Then in the mean time just email google and see what they can do for you.
yep, thats an option. however I have purchased numerous apps (copilot being the most expensive) that are linked to the account and that I will lose.
Also, I emailed them and they said I didn't provide enough information on my account to get it back. How the hell am I supposed to know the dates I started using 1. the account 2. youtube 3. Google calendar?
Why not just provide me with a security question?
tucka20 said:
Why not just provide me with a security question?
Click to expand...
Click to collapse
I'm wondering if you are interacting with a real Google password recovery page. From my account page the only password recovery options are:
- Secondary email (optional)
- SMS (optional)
- Security question
At no point does it ever indicate it would recover my password using something as arcane as the date I first started using Google services. By the way, I highly recommend the "Write my own question" option for the security question. Choose a question that describes a very particular characteristic of one of your heirloom or keepsake possessions.
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
tucka20 said:
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
Click to expand...
Click to collapse
Any reason why you couldn't recover using the regular account recovery screen? It should use your security question.
I'm not sure why you're angry at Google, when your own computing practices are what probably caused your account to be exploited (probably weak password or trojan installed a keylogger)? Regardless, Google is just practicing normal due diligence for account recovery. Account recovery has to use information that only you know (and which you possibly might not even know yourself).
If you're concerned about your eBay sales, go into your eBay preferences and change your registered email.
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
Click to expand...
Click to collapse
Looks like your stuck getting another email address and trying to work up the Cust. Serv. chain at google...
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
Click to expand...
Click to collapse
That does sound like a pretty secure setup.
Well I guess the best you can do is just try filling out that password recovery form. It doesn't appear that dates for the times you first started using specific Google services is necessary. Worst case scenario you could just guess. Since you already don't have any access now, I reckon you have nothing to lose. Good luck!
I read posts concerning screen lock and I'm having a similar problem, but it is compounded by an Enterprise email that forces password protect. Now, not only does the screen lock while on a call, but also requires the entry of a password to re-access the phone. I must have the account set up for work.
Also, I cannot seem to find a setting where I can even change the password that was chosen when setting up the email account. I would have made it a little simpler if I'd known the issues I would be experiencing.
If anyone has any ideas, I'd love to hear them. My phone is still un-rooted.
If you want serious corporate email capabilities, look no further than Touchdown. It's $20 on the Market, but well worth it. The built-in email/calendar functionality is a joke in comparison. Some will say its interface leaves something to be desired, but I personally have zero issues with it.
Sent from my SCH-I500 using XDA App
Thanks for the response
I'll check out Touchdown.
I did make a bit of progress. I reloaded my corporate email and despite being told I needed a 8 digit password, I entered one letter and it still worked. That makes unlocking the phone a lot easier. I will try it again later leaving it blank and see what happens.
I spoke with the IT guy at work and I thought it was a requirement placed on their end, but it is not... according to him.
Thanks again for the response.
I would like to stop putting in a password every time the phone restarts, or isn't used for more than 10 minutes or so. It's a result of my exchange account at work.
I noticed people had found solutions for other phones, but how would we accomplish this for our Fascinates?
I run an exchange server, and as long as there is not a policy with a timeout, it will never ask you for your password, even after reboot.
After all, your phone itself should be passworded already.
With a timeout policy in place, I don't see a means of subverting it without removing the policy
Sent from my SCH-I500
This sucks. I can either have work email on my phone, and be the go to guy if something goes wrong, and have to enter a password every 20 minutes, OR, not.
hrmmmm
thanks for the info
The lockout requirement is dictated by policies on your Exchange server. You cannot override them, at least not easily, and I would not recommend doing so, as there's a reason those policies exist. If you want an alternative solution, buy the Touchdown email application. The security PIN will then be enforced when opening that app, as opposed to unlocking the phone itself. It is also far superior to any stock Android email app in both features and compatibility.
Posted from my EB01 SuperClean Fascinate with Voodoo
First off I take no credit for this at all. All credit goes to Rsotbiemrptson who is a Jedi master for creating this after many have tried and failed.
What you have here is a flashable crack to the HTC Mail.apk that will bypass any and all security administrators that may be otherwise forced onto your device when syncing to an exchange server.
To install:
1. You must remove all mail accounts that you have set up in the Mail app.
2. If you have any existing security administrators present from a previous exchange sync deactivate them.
3. Set your lock time out to none under security settings.
4. Reboot into recovery and wipe Dalvik Cache
5. Flash the attached file.
As with all mods or changes to ROMS do a complete backup in recovery.
If you find this useful please send all thanks to Rsotbiemrptson for cracking this bad boy.
Has anyone tried this?
sdorn77 said:
Has anyone tried this?
Click to expand...
Click to collapse
I don't really understand the point of it. Is there something wrong with Exchange on the Tbolt? Mine works fine.
Shiftyshadee said:
I don't really understand the point of it. Is there something wrong with Exchange on the Tbolt? Mine works fine.
Click to expand...
Click to collapse
This is for people who want to use their Exchange account on their Tbolt, but DON'T want to give their Exchange admin the ability to enforce security policies on their phone (like having to enter a PIN every time you unlock the screen). Sounds like your Exchange admin doesn't implement any of those policies, so you don't need this.
Is this something that was implemented in newer versions of Exchange? I think my company uses 2007 still. Might be why I haven't seen this.
i managed to get my gmail, hotmail an windjammercable mail setup though exchange on my thunderbolt, but i kept getting sync errors where it would try to sync all three emails like every 5 seconds when the phone was operating in peak time. My battery went from like 100 to like 75 in less than 20 minutes So i had to just delete all the email setting i changed an go back to what i had before.
Now, if install your mail akp will this stop the sync errors?
Shiftyshadee said:
Is this something that was implemented in newer versions of Exchange? I think my company uses 2007 still. Might be why I haven't seen this.
Click to expand...
Click to collapse
It's been around since at least the 2003 version but it's all optional settings, your admin may just not have them enabled. Mine doesn't.
Jacquestrapp said:
It's been around since at least the 2003 version but it's all optional settings, your admin may just not have them enabled. Mine doesn't.
Click to expand...
Click to collapse
Gotcha. Thanks for clearing that up for me
This absolutely works on all DAS BAMF roms but should work on any ROM including stock. You only need this if you have exchange policies pushed to your phone by your company. If you don't know what this is you prob don't need it.
I do not know if it will fix the afore mentioned sync errors but I would doubt it.
Here's a new question. When I had CM7 on my Incredible, Exchange wanted to setup device admin rights. Now on my Tbolt with Sense I don't get asked. Any idea why?
madroix said:
This absolutely works on all DAS BAMF roms but should work on any ROM including stock. You only need this if you have exchange policies pushed to your phone by your company. If you don't know what this is you prob don't need it.
I do not know if it will fix the afore mentioned sync errors but I would doubt it.
Click to expand...
Click to collapse
I have installed this on DAS BAMF remix v1.4 and it does work so far. I was able to remove the PIN lock and use a pattern lock, which was not permitted before. Also, I didn't get the exchange security policy notice when I added my exchange account. Syncing appears to be working properly as well so far.
The mod is quite honestly ridiculous. Whats the point of trying to have security setup and protect possible sensitive information, when you don't want an Admin to enforce security rights.
This 100% defeats the purpose that was set in place by Exchange for good reason's. I sure hope everyone understands the SERIOUS consequences of what could happen by flashing this and possibly leak sensitive data into the wrong hands.
^^ it's a very good point. One of the problems with AS and lock screens is that with the default client and iPhones you have to pin to unlock even the phone. Nothing to do with email, just the darn phone. So everyone hates it. I use Touchdown which only requires a pin if you go to check email. But it's $20. Anyway, be careful with hacks that bypass security in a workplace. It could be cause for termination.
I love my phone, I've loved ALL my devices... Yes, I use it for work with MS Exchange email (MS Consultant), and yes the pin/password policies are annoying.
But I'm not about to risk my job over some "hassle" of 3 seconds to enter a pin. Aren't our email Administrators able to see we bypassed this or no?
oc3rulz said:
The mod is quite honestly ridiculous. Whats the point of trying to have security setup and protect possible sensitive information, when you don't want an Admin to enforce security rights.
This 100% defeats the purpose that was set in place by Exchange for good reason's. I sure hope everyone understands the SERIOUS consequences of what could happen by flashing this and possibly leak sensitive data into the wrong hands.
Click to expand...
Click to collapse
To be honest, if someone wanted my data or emails a stupid 4 digit pin is not going to stop them. There are many ways in getting a persons email off of there phone without even unlocking it. This seems like it is for those small companies who's admins are security freaks and its really not needed. Granted, I am sure apple would not be happy if an employee used this app or an android phone lol
Sent from my ADR6400L using XDA Premium App
It is important to keep sensitive data secure. I think a properly set up pattern lock is as good as a 4 digit PIN. I use lookout to be able to remotely wipe if needed.
THANK YOU SO MUCH! Hats off to the dev.
Do I have to remove gmail accounts too, or just the active sync exchange accounts?
Sent from my ADR6400L using XDA App
chriskader said:
To be honest, if someone wanted my data or emails a stupid 4 digit pin is not going to stop them. There are many ways in getting a persons email off of there phone without even unlocking it. This seems like it is for those small companies who's admins are security freaks and its really not needed. Granted, I am sure apple would not be happy if an employee used this app or an android phone lol
Sent from my ADR6400L using XDA Premium App
Click to expand...
Click to collapse
Let them get in hacking your password/pin, you won't be held responsible. However if you have the phone pin/password disabled and they realize this you will be terminated. They will be able to see that you are bypassing security measures, and you could have lawsuit on your hands as well.
Please dont think that I am bashing the dev, I'm simply trying to let people know that they very well could and most likely lose their job and have possible legal action taken against them for using this. Cellphones are such a volatile thing anyhow, but giving them an easier way in is not a good idea, especially not while breaking company policy.
oc3rulz said:
Let them get in hacking your password/pin, you won't be held responsible. However if you have the phone pin/password disabled and they realize this you will be terminated. They will be able to see that you are bypassing security measures, and you could have lawsuit on your hands as well.
Please dont think that I am bashing the dev, I'm simply trying to let people know that they very well could and most likely lose their job and have possible legal action taken against them for using this. Cellphones are such a volatile thing anyhow, but giving them an easier way in is not a good idea, especially not while breaking company policy.
Click to expand...
Click to collapse
Like I said, they don't even Ned to unlock your phone e to read the emails on of. Google it.
Sent from my ADR6400L using XDA Premium App
I work for a medical practice. We need to keep strict EAS policies such as force PIN or password, force Encryption, allow remote wipe, timeouts, etc. No exceptions if you want to have corporate e-mail on your mobile... and I simply can't live without it.
Anyways... I'm here to talk about biometrics. I think on Exchange 2013 they just patched in the ability to allow BM separately... but what about the rest of us who will be on 2010 for a good while longer? The iPhone totally has us beat in this category. We did some testing yesterday... and the iPhone 5S is actually "smart" enough to just push your set PIN into the phone on unlock and allows the continued use of BM. With my GS5, since BM is a completely different (unlinked) feature, it is greyed out. No BM for me. :crying:
I'm just curious if anyone else has dug into this? I have been taking a lot of flak from all my IT cohorts that I still need to use a PIN.
sipple31 said:
I work for a medical practice. We need to keep strict EAS policies such as force PIN or password, force Encryption, allow remote wipe, timeouts, etc. No exceptions if you want to have corporate e-mail on your mobile... and I simply can't live without it.
Anyways... I'm here to talk about biometrics. I think on Exchange 2013 they just patched in the ability to allow BM separately... but what about the rest of us who will be on 2010 for a good while longer? The iPhone totally has us beat in this category. We did some testing yesterday... and the iPhone 5S is actually "smart" enough to just push your set PIN into the phone on unlock and allows the continued use of BM. With my GS5, since BM is a completely different (unlinked) feature, it is greyed out. No BM for me. :crying:
I'm just curious if anyone else has dug into this? I have been taking a lot of flak from all my IT cohorts that I still need to use a PIN.
Click to expand...
Click to collapse
If you want to use the Finger Print reader to unlock on your phone and a pin just for your email, you can use email apps like Touchdown instead of the default email application. So the only time you would have to enter a pin is when you open touchdown app, not to unlock your phone.