Theft protection. - 8525, TyTN, MDA Vario II, JasJam General

Hmm, came accross a statistic that listed theft of PDA and laptops in the US. Europe shouldnt be far from this numbers, so I am looking for a decent theft protection software. I do have a lot of files on my HERMES and on the microSD card. Since my PIN is disabled and protection via device password entry is not save: How can I make sure that I can delete a) calendar & contacts b) SMS & eMail c) SD card files and d) lock the phone (probably even render the GSM useless with a few wrong PIN entries) from remote?
I tried Phone Security from evenbyte. It surely tells me SIM information of changed cards and can lock the phone. But it will render GPRS/UMTS connections useless after the first phone call. So a big no.
Now I am willing to try remote protect 1.5 from scpsoft. It is still beta. Does anyone know if this application does work?
Any other applications? Please no Net.CF2 ones, I do not want to install it.
Next subject: I already flashed a new splash screen on my device via Bootloader 1.01. It shows my picture and contact details. Just in case the device will be lost or stolen. This is quite effective against hard-resets. But not effective for the knowledged ones since they can flash a full new ROM on the device.
So, is there any address-range that is NOT used by the current ROMS? Just a few bytes would be enough. I would love to poke a few identification information in that area - e.g. via a small application and Bootloader 1.01. Just to make sure you can always identify this device. This application should be free and could be used to check against stolen devices. Could be a skript as well. Jsut has to be save enough for the average user

This best encryption setup I've seen is from Pointsec, but they don't seem to do individual licenses, just big contracts.
http://www.pointsec.com/products/smartphonepda/

Related

PhatNotes Pro - Encryption Good?

Hi Guys, I've been using phatnotes pro 4.7.2 full version, for as long as I remember now even when they were called something else... anyways they have a protect note option, which adds a password to the notes you make.
How STRONG is this password protection? Does it even add encryption or it's just a simple password block and anyone can override and view the notes using a hex editor or text editor???? is it safe to leave a few credit card numbers in there?
Noone knows, the developer uses 'security by obscurity' by refusing to disclose the algorithm used.
The most secure algoritms used (AES Rjindaal, Twofish/Blowfish etc) have been subject to years of public scrutiny. It's the implementation not the algorithm itself that makes the security. There is no security threat form disclosing the algorithm.
I'd recommend staying away from this until the algorithm is disclosed if you want to encrypt your data.
bydandie said:
Noone knows, the developer uses 'security by obscurity' by refusing to disclose the algorithm used.
The most secure algoritms used (AES Rjindaal, Twofish/Blowfish etc) have been subject to years of public scrutiny. It's the implementation not the algorithm itself that makes the security. There is no security threat form disclosing the algorithm.
I'd recommend staying away from this until the algorithm is disclosed if you want to encrypt your data.
Click to expand...
Click to collapse
So are you saying they DO using some form of encryption within their application when password protecting the notes or you don't know? I don't particularly care for what algorithm or encryption method they are using, my main concern is, are they even using encryption at all.
If my phone ever gets lost or stolen, most people who finds/steals it would just hard reset and wipe everything from the phone, so if there is even a slightest form of encryption, my data should be safe.
Depending on how often you use your 'secret' files. I have 1 particular note (in Notes) that I keep my personal stuff like passport number and others stuff that I may be using them, or not (very often, I don't). Hence I use the ccrryyppttoo (`crypto` with every letter doubled). I use this to encrypt that particular note. There is a certain advantages to it. (a) It still sync over outlook without 3rd party software plugin. (b) others still able to see the note, with non-sense short characters on it (eg, I have passport number a lot of other numbers there, which ended up only in 5 characters). There is also a desktop version available, if you wanted to have it tested (or incases where you have lost your phone and your file encrypted in your PC, you can use it to decrypt it).
hanmin said:
Depending on how often you use your 'secret' files. I have 1 particular note (in Notes) that I keep my personal stuff like passport number and others stuff that I may be using them, or not (very often, I don't). Hence I use the ccrryyppttoo (`crypto` with every letter doubled). I use this to encrypt that particular note. There is a certain advantages to it. (a) It still sync over outlook without 3rd party software plugin. (b) others still able to see the note, with non-sense short characters on it (eg, I have passport number a lot of other numbers there, which ended up only in 5 characters). There is also a desktop version available, if you wanted to have it tested (or incases where you have lost your phone and your file encrypted in your PC, you can use it to decrypt it).
Click to expand...
Click to collapse
1. I think your link doesn't work.
2. Thanks for the suggestion! But that means adding another program to my long list of programs, I rather just use phatnotes if they are somewhat secure.
3. That still doesn't answer my original question =(
4. Can you send me the program for me to try? I use my 'secret' note file on my pc and phone so phatnotes keeps them both sync, very convinient.
5. THANKS AGAIN!
The link does works at my end. Here is it again.
http://www.hfrmobile.com/app_CCrryyppttoo_T1/index.htm
Oops, forgot your original question. You can test the encryption yourself. I didn't try out Phatnotes myself, but you can try to locate the file of which Phatnote stores your notes (either 1 file for all notes, or 1 file per note). Password protect this file, send it over to your PC, open it with your Notepad. If it doesn't show what each and every word that you've typed for that note, it is 'encrypted'. Most amateur people will just use this method to get your secret stuff I guess, unless they know there are information on banking details with £10,000 in it
Hmmm great suggestion!! I just did what you said and the unprotected notes are readable by notepad and the protected notes are just garbled text of mostly "?" and "G" letters. So I guess they do have some form of encryption for those notes then. So how good is the encryption on crypto?
Well, I did a trip to search for the answer for your question of "how good is the encryption on crypto", and it seems that the author is using his way of encrypting the file, which I say ought to be safe enough for everyday usage, but good enough for business/military usage, I guess.
Anyway, while I was looking for the 'answer', I bang my head into this
http://tombo.sourceforge.jp/En/
As this is using the standard 128 blowfish algorithm, which has been proven to be strong and fast. It has both desktop and ppc version, which are interchangable (eg. desktop can decrypt the ppc encrypted file). And, it is free!
I found this too, limited-freeware though. http://www.freewareppc.com/docs/visnotes.shtml
Hmm.. freeware file encryption (AES algorithm): http://www.freewareppc.com/utilities/filebarricader2006mobile.shtml
[Update on Tombo]
I did a test drive on it. It is quite alright. It creates a txt file for each of the note you created and put them into structure folder that you made. There are option of making virtual folders as well. So, you can have your notes sync by syncing your My Documents folder, of which you set this Tombo to put all the notes. It encrypts files and have an added feature of scrambling the file name such that people are not able to guess what your file contents are.
However, there are two flaws that I've just found in a 1/2 hour testing
(a) its Unicode encoding is not working. Once you (really) close the application, it will give '?' for all the non-alpha-numeric characters. Weird consider the author is a Japanese.
(b) there isn't an option of wrapping texts without 'dissecting' them.

Security breach found on htc devices

The Vulnerability
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
But that's not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:
ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BATTERY_STATS Allows an application to collect battery statistics
DUMP Allows an application to retrieve state dump information from system services.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
READ_LOGS Allows an application to read the low-level system log files.
READ_SYNC_SETTINGS Allows applications to read the sync settings
READ_SYNC_STATS Allows applications to read the sync stats
Theoretically, it may be possible to clone a device using only a small subset of the information leaked here.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door. For a more technical explanation, see the section below.
Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?
Technical Details
In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
In fact, HtcLogger has a whole interface which accepts a variety of commands (such as the handy :help: that shows all available commands). Oh yeah - and no login/password are required to access said interface.
Furthermore, it's worth noting that HtcLogger tries to use root to dump even more data, such as WiMax state, and may attempt to run something called htcserviced - at least this code is present in the source:
/system/xbin/su 0 /data/data/com.htc.loggers/bin/htcserviced
HtcLoggers is only one of the services that is collecting data, and we haven't even gotten to the bottom of what else it can do, let alone what the other services are capable of doing. But hey - I think you'll agree that this is already more than enough.
Patching The Vulnerability
... is not possible without either root or an update from HTC. If you do root, we recommend immediate removal of Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don't download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
Affected Phones
Note: Only stock Sense firmware is affected - if you're running an AOSP-based ROM like CyanogenMod, you are safe.
EVO 4G
EVO 3D
Thunderbolt
EVO Shift 4G? (thanks, pm)
MyTouch 4G Slide? (thanks, Michael)
the upcoming Vigor? (thanks, bjn714)
some Sensations? (thanks, Nick)
View 4G? (thanks, Pat)
the upcoming Kingdom? (thanks, Pat)
most likely others - we haven't verified them yet, but you can help us by downloading the proof of concept above and running the APK
HTC's Response
After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public (as per RF full disclosure Policy). In my experience, lighting fire under someone's ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry. (This is where we come in.)
As far as we know, HTC is now looking into the issue, but no statement has been issued yet.
HTC, you got yourself into this mess, and it's now up to you to climb out of the hole as fast as possible, in your own interest.
The ball is in your court.
Credit
ANDROID POLICE
Huge thank you to Trevor Eckhart who found the vulnerability and Justin Case for working with us today digging deeper.
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
zzm5 said:
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
Click to expand...
Click to collapse
Is your device rooted?
I used root explorer and removed the HtcLoggers.apk and other than the forced close loop that removing it caused (requiring me to remove the battery), after rebooting all seems to be working fine.
EDIT: Actually I didn't just delete HtcLoggers.apk but moved it to a safe location on the SD Card in case there was a problem and it needed to be restored. I highly suggest you do this instead of just deleting it, or better yet, a nandroid backup.
there are a few good ROMS out there that have the ICQ loggers removed already.
Do we really need three threads on the front page about the same thing?

[BETA] - Caesura Remote Administration and Lost Device Finder

*****************************
Please note: this is the OLD VERSION THAT IS ATTACHED TO THIS POST. THE NEW VERSION IS AVAILABLE AT:
www.gundersoft.com/pages/downloads/caesura
******************************
***********************************************************
* Agreement:
***********************************************************
Firstly, I want to start out by saying that I have put a lot of hard work into making this app and I am trying to make it free so I would appreciate it if we can keep all criticism on this forum strictly constructive. At the moment, it is a BETA and probably has LOTS of bugs (but I am not aware of them). That is where YOU come in. Anybody who is interested may come download this app in BETA and give me feedback and test it and tell me what I can add/remove/fix. I will hopefully be releasing a final release version this month. Its all up to u how successful it is
I had a lot of free time this month so I have started building an app for android. What is Caesura exactly? Hard question to answer. Its a tool box for those who want to remotely control every aspect of their precious phone, even when out of 3G, or its a way for parents to protect unruly children from danger. So far it can be used for all of the following:
Remote Control Phone Via Text Message
Remotely Block Phone Numbers (for your kids phones)
Get Phone status (battery life, wifi, unread messages)
Remotely send text messages
Forward Texts
Find lost phones by turning volume ALL the way up and ringing, vibrating, and flashing the flash.
In the future I also plan to give it these features:
Ability to track lost phones via GPS and Cell towers
Remote Wipe data capability
Remote Lockout
Remote Password Change
Remote Play Sound (Fun for the occasional prank )
And for those with unruly children:
Sms Alerts anytime the phone leaves its current location
Sms Alerts anytime the owner of the phone exceeds a certain speed limit
What I really need are BETA testers. Anyone interested is welcome to download the APK which is attached to this post. Tell me what u think.
Instructions:
Download the APK from www.gundersoft.com/pages/downloads/caesura and install. Next, the first thing that you DEFINITELY want to do is open the APP and press the menu button, and select Settings. In the settings screen, Press the Set Password button and set a password. Also, insure that the "Require password" checkbox is checked.
Then, on the main screen, check the Enable Service checkbox.
Now, to remote control the phone, either install the APP on another phone and use the "Login to Another Phone" button on the main screen, or send the following Sms to the phone WITH CAESURA that you wish to control:
!login
The phone will then prompt you for a password. At this point, you may reply with a password. If you enter a correct password, you will be granted access.
At this point you can send any of the following commands and the phone will treat them as instruction for what to do:
Please note: any texts send while logged in will be sent as commands and will not reach the remote phone's inbox. Do not forget to run the exit command every time you finish.:
!login - first command to be sent. Logs you in.
password [new password] -sets the password for logging into Caesura.
exit - logs out of the service. ALWAYS do this. you cannot log in from another phone while that phone is still logged in.
toast [text to display] - shows a tiny toast window with some text in it for about 4 seconds
sendsms [number] [message] - remote control the phone to send text message to the specified number
torch - toggle system flashlight
panic - sets volume to high and flashes light and displays custom message on screen (BUGGY, causes app to crash if done repeatedly. Work in progress!)
help [command] - gives specific help for the specified command - (Not available for most commands yet)
status - tells the number of unread msgs, remaining battery life, and whether wifi is on or off
unlock - if the lockscreen of the phone is showing, hides it and unlocks the keys
block [number] - blocks the phone from getting texts from the specified number (WORKS!!)
unblock [number] - unblocks number
blocked - sends a list of numbers that you have blocked
forwardto [number] - sets the number to which all forwarded texts will be sent to
forward [number] - forward texts from a number
unforward [number] - stop forwarding texts from this number
forwarded - sends a list of numbers that you are forwarding
Console:
To remote control the device from within another copy of the APP itself, press the "Login to Another Phone" button on the main screen. This open a window that will ask you for a phone number. Type in the number and the phone will attempt to send a login text message to the phone in question. If successful, you will receive a message in return. To select a command, choose it from the drop down list. Click send. Wait a few, (it can be up to a few minutes if your carrier is slow but took only about 3-10 sec. on AT&T) and you will get a response.
ALWAYS SEND EXIT WHEN YOU ARE DONE OR YOU WILL NOT BE ABLE TO SEND TEXTS TO THAT PHONE THAT IS BEING CONTROLLED!!
License:
In the process of compiling a license...at the moment, just think to yourself, if it seems dishonest or sneaky, its probably going to be against the EULA
No reverse engineering
No reposting on other forums or threads. You are welcome to post a link here, but I wish to insure that all users get the NEWEST possible copy since Im constantly updating it
I release myself from all liability involving this software since it is provided as a free software and I do not offer any guarantees of any sort regarding its soundness, or even that it is fit for a particular purpose.
All abuses of this software are the sole responsibility of the End User.
And with no further ado... good luck and tell me what you think
*****************************
Please note: this is the OLD VERSION THAT IS ATTACHED TO THIS POST. THE NEW VERSION IS AVAILABLE AT:
www.gundersoft.com/pages/downloads/caesura
******************************
**Also, this list does NOT contain all of the commands added since the update.
Reserved
always good to save space for expansion
Looks interesting. I'll try it out.
Edit: Kind of forgot my service is turned off.
Sent from my LG Optimus V using Tapatalk
Sounds good so far, I'd suggest to produce a version that can be installed to system partition (for rooted devices) and stores its settings somewhere in a safe place (possibly system partition as well) so it gets factory reset proof. Also it should have a simchecker option so the owner of the device gets a notification if a new sim is inserted. This way it would always be possible to find and remote your device, even if a thief performs a fr and formats the sdcard.
Hope this is not too much to request, but i think this would make it the ultimate anti theft tool.
--------------------------
tapatalked from vizio vtab1008
Will be trying this as soon as I have time(which might be long,but just sayin').Sounds reaaaaally good.
And because I see potential in this,lemme give you an idea.
There are far too many tools with which you can control (Parts of or the whole of) your PC from your phone,but for the opposite there is nearly nothing.The only app I found that allows for remote control of the phone from a PC is Webkey which,while good in its essence,isn't exactly useful.And it does everything over wi-fi only(Not bad for most but anyway).
So,an app that allows remote control of the phone from a PC in a proper manner is more than welcome and I'm willing to pay for it.
*I know Caesura allows for texting remotely etc,but I'm referring to real remote control,where you can use the phone as if you held it with your hand or something*
No matter if you do it or not in the end,I want to congratulate you for the effort.
tolis626 said:
Will be trying this as soon as I have time(which might be long,but just sayin').Sounds reaaaaally good.
And because I see potential in this,lemme give you an idea.
There are far too many tools with which you can control (Parts of or the whole of) your PC from your phone,but for the opposite there is nearly nothing.The only app I found that allows for remote control of the phone from a PC is Webkey which,while good in its essence,isn't exactly useful.And it does everything over wi-fi only(Not bad for most but anyway).
So,an app that allows remote control of the phone from a PC in a proper manner is more than welcome and I'm willing to pay for it.
*I know Caesura allows for texting remotely etc,but I'm referring to real remote control,where you can use the phone as if you held it with your hand or something*
No matter if you do it or not in the end,I want to congratulate you for the effort.
Click to expand...
Click to collapse
There is Droid Explorer, it has a screencast option to do this, but you need to be connected to USB.
--------------------------
tapatalked from vizio vtab1008
I came across this by using the search for a remote app on lost devices. Will get myself a copy of the apk, you still need testers? ^^
I think this was abandoned... j use 'android lost' instead, has the same functionality...
----------------------------------------
tapatalked from GalaxyS
This has not been abandoned. You can download it from www.gundersoft.com/pages/downloads/caesura
I still need testers. It's not the same as the other app...it has quite a few more features.
Sent from my MB860 using XDA App
if i undersand it right caesuara will send you my numbers and give you the capability to connect to my phone is that right?
If yes why should i use it?
If i missunderstand i am sorry for asking stupid questions *grin
Sent from my HTC Desire HD using XDA App
It sends phone number only (for usage tracking by area code...this is a beta thing only). Also, if you set a login password, no one but you can connect.
The only command that can be run without password is factory lockout. Let's say user abuses software and I am contacted by law enforcement: I can disable caesura remotely. That is all.
I've never released this app publicly and I was scared to death it would be misused and I'd be liable. See, all of my beta testers locally have been teens, and they have a way of using this stuff immaturely. This my way to cover my butt just in case
Sent from my MB860 using XDA App
And no worries, if I really had any malicious intentions, I wouldn't have told you about the phone number thing would I?
Sent from my MB860 using XDA App

[Q] Possible to lock phone in case of theft?

My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Abrojo said:
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Click to expand...
Click to collapse
http://bit.ly/174zPh6
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
I use avast! free mobile security (https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity&hl=en),
the anti-theft module has option to block the phone if the sim card is changed
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
What a woeful answer. Try reading before you be a ****.
In answer, no there is nothing similar to a BIOS lock on Android phones, however like mist813 said, Avast is quite good. If you have root access you can install it as a system apk then even if the thief wipes your phone, it's still there.
You could also try lookout its free. Can do tracking, remote wipe and also takes a photo of anyone trying to unlock your phone.
I don't think there is anything that can prevent someone from just flashing a new firmware and wiping the phone completely.
Sent from my Nexus 10 using Tapatalk 2
I don't think there is an equivalent to BIOS lock in Android. I'm not sure if you tried Lookout or the native Samsung remote control under security settings. Both gives you the options to locate, lock, scream or wipe your data. I tried the locate and scream options and they work. Never tried lock or wipe, but they should also work! Now going to the fact of wether someone can bypass or overcome these security measures, then I personally think it's possible and whatever we do he can find a way to go around it depending on how smart and resourceful he is! If my phone is stolen, frankly speaking I won't waste my time trying to find it or just lock it. All what I'll care about is to wipe the data off, and hopefully these softwares will work if needed!
Sent from my SGS IV using Tapatalk 2
Abrojo said:
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
Click to expand...
Click to collapse
Okay lets not be a **** this time.
1) There's nothing equivalent to that bios thing
2) http://stackoverflow.com/questions/...-the-device-on-removal-of-sim-card-or-sd-card
There are also apps that just notify you if sim card is changed for example this https://play.google.com/store/apps/details?id=instigate.simCardChangeNotifier&hl=fi
And of course there are some apps that let you remotely control your phone for example http://forum.xda-developers.com/showthread.php?p=7567932
Abrojo,
You don't really need a third-party app for this.
Please check out the Samsung Dive service. (www.samsungdive.com)
You can track your phone, lock it with a custom password, sound an alarm, etc...
The problem is, the phone needs to have Internet access.
I am using the Cerberus app (https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en)
This is the best rated Anti-theft app you can find for your Android.
a license costs 3USD if I remember correctly. With one license you can secure up to five Android phones.
Featuers:
Track your phone
Remote lock
Remote wipe
And a lot more options...
A couple of things that I think are extremely useful:
When a wrong password or pattern is drawn to unlock your phone, a picture is taken with the front camera and emailed to you together with the location of the phone.
When the SIM is swapped, you can configure up to three phone numbers that will receive an SMS with the new SIM card number and the location of the phone.
You can hide the app from the App Drawer.
Check it out... very useful
i use also cerberusapp 4 years now. everything is perfect. when u install as system app u can do everything.
Sent from my ThL W8 using xda premium
Apparently there is also rumors of LoJack already being built into these phones, with the possibility to activate it some time in the near future. Don't remember all the details, but I just read an article about that. Not being patronizing when I say it, but Google Galaxy S4 LoJack and look into it.
Also, I am on Verizon, and am testing out their mobile security app that is preinstalled. It's $1 a month, but they allow you to remotely lock your phone, wipe it, and track it should you lose it. I don't believe it embedded at the hardware level, but it is something that gives me a little piece of mind.
Edit: I went to switch to the Norton Mobile Security app, since I use it for all of my other devices, and discovered that the Verizon Mobile Security App - once activated - cannot be uninstalled, force stopped, you cannot clear the data, and you cannot disable it. In order to do so, I first have to go into my Verizon account online, sign in, and unsubscribe from the service. After realizing that, I have chosen to keep the Verizon security app, because it has that extra layer of security. Are there ways of bypassing that, I'm sure there are. But assuming that my phone is stolen by some low level thief and not some crazy high level criminal circuit, I should have no problem retrieving it.
Samsung Dive down?
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Sm007hCriminal said:
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Click to expand...
Click to collapse
It's working with me.
Sent from my SGS IV using Tapatalk 2

ENCRYPTION and selling my phone.

Currently I have an S7 Edge, but my companies IT is supplying everyone with iPhones since it was too hard to juggle so many different phones. Well as much as I love Android, I don't want to carry 2 phones around everywhere lol, so I was thinking about selling it as it was mine to begin with and the company just paid my phone bill. IT at work just said factory reset it and you're good to sell, but idk they don't seem like the brightest bulbs.
My work involves a good deal of private information from my clients. So my phone is full of photos, texts, emails, pdfs, etc... of things that my clients would probably be extremely angry about if it got out.
Is there anyway to wipe this phone 100% clean with 0% chance of anything being recovered by anyone?
I saw this review article quote:
I asked Samsung if these new phones were encrypted, like the iPhone (most Android phones aren’t.) Referring to both models, the company said: "Default encryption is turned on for Galaxy S7. Samsung cannot decrypt the user’s encrypted phones. The encryption key is randomly generated for each user and the key is protected with the user’s password."
According to that, it sounds like Samsung themselves couldn't even get my data after I factory reset? Is this true? What exactly do I need to do to get to this point?
I'm not sure what this encryption key is and user password? Is user password just your lockscreen pin?
Reason why I'm worried is I remember people always saying if you delete something its gone! Well I remember 10 years ago my mom formatted her camera SD card on accident and all it took was me hooking it up and googling a free recovery program and BAM I had all the photos back. I imagine technology has advanced ten fold since then. I don't want someone rooting my phone and getting some super program and next thing I know my personal information is out there.
Thanks!
wipe the operating system.
reinstall new operating system with odin or if you have an sd card using stock recovery. make sure that you do not reinstall your gmail account to prevent auto recovery.
Cosmic Blue said:
wipe the operating system.
reinstall new operating system with odin or if you have an sd card using stock recovery. make sure that you do not reinstall your gmail account to prevent auto recovery.
Click to expand...
Click to collapse
I do have an SD card. But I'm not sure about anything you said. Is it possible for you to make a guide for me?
which model of do you have.
?
I will point out the correct rom to copy to your sd card and/or computer.
Do you know anything about flashing a phone at all ?
This is what i usually do.
a. delete all files in internal memory with myfiles/any file explorer
b. delete your google account via settings
c. factory reset your device.
that will do.
A factory reset wipes your pin / pattern / password so that in itself makes the encryption key useless even if you use the same pin / pattern / password. Without that key you can still recover files but it will take hundreds of years to break the encryption.
You may see stories like the FBI breaking encryption but thats not strictly true. They break the unlock system which gives them access to the encryption key which decrypts the data.
Safe to say a factory reset will do the job nicely and if you are in the UK, you will be okay under the Data Protection Act as youve done all YOU can to secure the data from recovery. Its up to your IT tech to make sure you are compliant, especially with Bring Your Own Devices policies so any fallback should be on them.
I would question why you havent mentioned Knox as thats like a safe within a safe and you IT tech should be employing it if they let you use BYOD!
Just note that your clients security is only as secure as your password as if anyone gets hold of that password then they have free rein to your files. You did mention a pin code which i hope you will update to a password asap!!
There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code.
Click to expand...
Click to collapse
36×36×36×36=1679616 distinct passwords of length 4
Click to expand...
Click to collapse
As you can see, a pin has much less combinations than a password and passwords can be even more secure the longer they are and if you include special characters like @ # * etc. Here is a site which you can use to test how easy it would be to crack your pin or password: https://password.kaspersky.com/
My pin would take 15 minutes to crack, my password would take 33 centuries
Sources:
https://password.kaspersky.com/
http://www.datagenetics.com/blog/september32012/
http://math.stackexchange.com/quest...-digits-0-9-how-many-combinations-are-possibl

Categories

Resources