Related
Hi All,
I'm fairly new to the Winmo scene having spent a lot of time using Palm. Back then I had little fear of my personal data falling into the wrong hands as I used many software solutions, most notably PDA Defense which not only locked and encrypted the Palm but also wiped it if fell into the wrong hands.
It's important for me that a thief can't access my data (calendar, emails, files on storage card etc.) - and a second goal would be to get the device back / know WHO took it. Even if this isn't the case for some of you; the majority of you may have spent shed-loads to get hold of this device (which I love by the way) and surely that alone makes it worth protecting your investment.
So, what I would like to know is what kind of security-strategy are you professional WM6 users following?
What do you do to maintain physical security (eg Ultimate Theft Alert) and what do you do for information security?
Lets ignore antivirus software for this thread - but I'd be grateful for not just what you use but also information about stability, performance and necessary changes in your workflow (like for backups, file recovery) etc.
Thanks in advance.
Mav.
WIMP - Where is my phone
By sending a text message with a password the program picks it up and sends you its coordinates using the GPS. Also sends you the number of the new sim card if it is changed.
Then you can use Google Maps to find it. It conceals itself really good and it'll take a hard reset to uninstall it and i doubt that lots of thieves out there can do it.
Sounds good I'll take a look at that. Thanks.
However, I assume that's not the only security measure you take is ir?
How do you protect your data (emails, files etc)?
wow some of these suggestions sound better than what I have been doing - locking it in the gun cabinet.
I use WIMP in case the phone is lost/stolen.
For file encryption I use Spb Pocket Plus, which has a file encryption option - tap and hold gives the option to encrypt a file with password and erase the original. Tap and hold the encrypted file gives the option to decrypt. It doesn't encrypt Contacts or Calendar, only individual files.
I got Sprite Terminator for $10 extra when I got the latest Sprite Backup for my HD, it's not bad it does the GPS thing over SMS and you can remotely lock the phone etc.
Well, remotely locking the phone is fine, but it works only as long as the thief doesn't remove the SIM card (or simply turn off the radio). What I would really appreciate is a PIN request for opening certain files and/or applications (like work mail account).
Philio25 said:
I got Sprite Terminator for $10 extra when I got the latest Sprite Backup for my HD, it's not bad it does the GPS thing over SMS and you can remotely lock the phone etc.
Click to expand...
Click to collapse
I really liked Sprite Terminator after using a few of them. The only problem I had with all of them was their ability to get the GPS signal. I'm therefore looking for not so much being able to locate where they are, but just the ability to wipe data, lock phone, get the details of the new sim card, and the telephone number of the thief's friends.
microsoft exchange - remote system wipe.
I pay for Sherweb hosted exchange, but if you dont want to pay or have no need for it, just sign up for free hosted exchange at mail2web, set up on your phone but disable what you dont need (eg email/calendar/contacts sync) and you should still be able to initiate remote system wipe whenever you want
Built-in options
WM 6 itself has two built-in features that can be used to address this - pass code request and encryption (SD). If your phone is lost unless the thief knows the PIN, he cannot access the phone. Even if he resets the phone (lost of internal data), he cannot access the content of the SD as it was encrypted. However, encrypting the whole SD may imply overhead to the system, affecting W/R performance.
Same question here.
I'm currently expirimenting with this app. http://www.mycnknow.com/Safelocken.htm
Very promising I must say.
Has anyone tried Pocket Secure or Sprite Terminator?
In my research I found another one.
MotionApps mSafe. Anyone tried it?
Mavrick said:
Has anyone tried Pocket Secure or Sprite Terminator?
Click to expand...
Click to collapse
I'm using sprite terminator with no issues. Installed with no problems and easy to set up. One slight drawback though is that there is no option to set the gps timeout. Even though the HD GPS is quite sensitive, it can take a while to get a sat lock indoors - especially if the phone is in another location /town since the last sat lock. Sprite terminator times out the gps after 1 - 2 mins.
Looking at sprites forum, this has been reported, and apparently they are looking at adding this option.
You might also wanna look at GuardMobile from Germany, similar to Sprite Terminator. Maybe you can let us know your evaluation of the two, I only use GuardMobile.
http://dontknowme.at/http://www.maspware.de/products/guardmobile/?langct=EN
You might also wanna look at GuardMobile from Germany, similar to Sprite Terminator. Maybe you can let us know your evaluation of the two, I only use GuardMobile.
http://dontknowme.at/http://www.maspware.de/products/guardmobile/?langct=EN
Insaneboy said:
WIMP - Where is my phone
By sending a text message with a password the program picks it up and sends you its coordinates using the GPS. Also sends you the number of the new sim card if it is changed.
Then you can use Google Maps to find it. It conceals itself really good and it'll take a hard reset to uninstall it and i doubt that lots of thieves out there can do it.
Click to expand...
Click to collapse
WIMP is not properly hidden on the phone. It still appears in the "remove programs" list so a thief can easily check if it is installed or not on the phone. Also it has no manual and there are some menu items that I dont get. I have written to the author but am now the wiser.
WIMP and others
I've been trying the different programs and during testing none of them are working. WIMP doesn't sent messages back when it receives the command. Is that because the GPS port settings? Com Port and Baud Rate? what are the default settings for a blackstone? I tried MASPware but again there didn't seem any way to veryify the program was working before I buy it. Same goes with UTA mobile. I just want a reliable program that if i misplace the device, i send a sms and it sends me back a location. suggestions?
OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Dude, never piss IT off...
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
f_v_man said:
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
Click to expand...
Click to collapse
Trust me...I know. Having worked IT for 20+ years...I know.
So my company uses:
https://mail.xxxx.com/owa
As far as I am aware that is is.
I am not following the rest of what you have written though.
What do you mean by a "proper SSL thing?"
Camusa said:
OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Click to expand...
Click to collapse
Even if you figure out the proper address and domain name, there is a good chance you will need a security cert Cab to run to allow you access which must come from your IT dept.
Why not just take this to your boss and tell them you want work email on your phone and have he or she force them to set you up? If your boss isn't down with you having work email on your phone, then IT isn't going to let you anyhow...
I appreciate all the responses.
A couple of points to address:
1. I got it to work no problem.
2. I erased the profile and am going to wait for them to give me the green light/red light.
I am second in command for my satellite office.
I am the assistant program director for a FQHC (Federally Qualified Healthcare Center). We are JCAHO accredited and long-standing.
We have to play by some very serious rules according to the feds and HIPAA is always looming large.
When I put a small applet on my computer to stop the screensaver from engaging (since they took away our privs to be able to just change the setting) someone ratted me out and I was told that it was "HIPAA" policy.
Having been a privacy officer myself I assured them it was not HIPAA policy.
They then noted that it was company policy.
Long and short of it...I am going to have to wade through the BS.
Supervisor is here!
Gotta go!
Is there any reason why I should have so many Trusted Certificates under the System tab in Credential Storage? I have probably close to 100 in there and most of them I don't recognize; they seem to have some gibberish with an expiration date of a few years in the future. To my knowledge these are baked into the ROM and are not installed by the user so I'm guessing most of them relate to a stock app of some kind (WatchOn, ChatOn, etc.) Because I haven't seen a lot of discussion about it, I am asking if these Certificates are safe( I know it's from android or Samsung blah blah)?
I'm in the tedious process of disabling them just to see what happens but can anyone else shed any light on the matter? Thank-yew...
http://support.google.com/android/bin/answer.py?hl=en&answer=1649774
I'd like to know about this as well.
Sent from my SAMSUNG-SGH-I337
These are all root certificates. The certificate authorities that issue cents to web sites have their root certificates loaded on the phone so the phone can verify that an sisal cert from a web site is legitimate.
This is a lucrative business so there are quite a few CAs around the world. And big banks have become CAs too.
Theoretically they are all legitimate as it is a huge process (or it used to be) to get your root cert included in an OS or browser by default.
Can you remove them? Yes, but be careful. If you only use USA websites then you can probably remove most non-USA CAs. But why do you care? Older versions of android didn't let you remove any, and the only time you need to is if a CA has been compromised.
If you do remove one you need, you will get SSL warnings about visiting an untrusted site, but you should be able to add the root cert back.
HTH
alphadog00, I realize your post is from 2013, but I've been searching for answers to this as well. Why do we need these certificates on our phones? I have 156 on mine, and some of them aren't even in English. Some have the country in the company name, like China, Turkey, and Germany. Some companies have more than one certificate. VeriSign, Inc. has 7, all with different issue dates going back to 1996 but all expiring between 2029 and 2036. A couple of them look sketchy to me, with 'certificate' spelled 'cirtificate', and 'global' spelled 'globel'. They remind me of emails that I get from my dear friend, the widow of a former bank president in Kenya, who needs my help getting her money out of the country. Why do I need 156 trusted credentials from half a dozen countries? How many do I really need? There is a grey item at the bottom of the security page that says “Clear Credentials,” but it’s un-clickable on my phone. Why would that be an option if these certificates are necessary? Would I be safe disabling all the ones from outside of the US and Canada? Are all these certificates taking up space on my phone? What is a ‘fingerprint’? Thanks in advance for any help and advice you can offer me.
27 July 2017. "Turned Off" all but two CAs. Result is could not access Play Store as well as several other sites. One screen stated "No internet connection. Make sure WIFI or cellular data is turned on, then try again." Needless to write, turning off all the CAs has repercussions.
I was helping a friend which I had no idea what was going on until I got there...it's a huge huge ring of I'm not sure what?? Now my phone, my parents phone, there desktop and laptop are all under attack! I downloaded over 20 antivirus apps and could not allow permissions, nor can I get any recovery codes to any email because it keeps changing the password. Plus I found strange apps just installed, settings changed that were not and all countries in the world chamber of commerce trusted certificates and so much more. I'm pretty sure we are under attack! I would GREATLY APPRECIATE and thoughts or ideas of what i should do to our info safe!!!!! Thank You!! p.s. I'm now living every second in fear like her and very scared!
Hello. I support a large medical agency and they have adopted Galaxy S 3's as their company phone. They have to change their Active Directory password every three months, which in turn means they have to update the password for their email on the phone. I was wondering if it's possible to make an app that would simply bring up a field where they can type their updated AD password in and it update the password withing the account settings. I hope this makes sense. Technologically speaking, most of these people are a generation from stone tools and smoke signals, so I'm basically looking for a way to eliminate as many steps as possible from the process. Thanks for any assistance.
I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
If you want to pay for it; use Nine mail application.
You can set a full device wipe or just application wipe.
So if your company decides to wipe it, only the mail gets wiped.
what kind of wipe? if your mean is factory reset or something like that. therefore yes. I mean factory reset wipe just own partition and won't touch of other partitions(I'm sorry for my bad English language. I hope you got what I mean) so, obviously you should sync your info between all roms yourself before wipe.
but if your mean is kind of wipe from recovery or flash with Windows P.C or something like that, don't count on multirom or anything else! ?
فرستاده شده از Nexus 6Pِ من با Tapatalk
Personally, if a company would remote wipe my phone if it gets lost or stolen because it contains company related info in it, I don't see the problem of letting them do so. I would even thank them for having my personal info wiped along with it. If I have issues with the company's terms regarding wiping data on MY phone (maybe like remote wiping without letting me know beforehand, even when my phone is not lost), I would use a secondary phone as a work phone.
The company should provide a work ? for you to use.
stankyou said:
I would use a secondary phone as a work phone.
Click to expand...
Click to collapse
I just realised the Samsung Galaxy S2 with its broken screen that my Nexus 6p will replace, will be perfect for this. No SIM card, just sync everything over Wi-Fi, done. Thanks for the creative thinking, all!
dratsablive said:
The company should provide a work for you to use.
Click to expand...
Click to collapse
I agree. If they want permission, they should provide the device.
Generally, companies that want your phone wiped any second are against rooting, unlocked bootloaders and custom roms. The best thing to do is to ask them about it first, so that you won't end up getting fired or sued.
Bluemail
PeterJP said:
I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
Click to expand...
Click to collapse
Ok, so to do this they need to install an MDM agent (Mobile Iron, AirWatch, etc.), a piece of software/application which is granted device administrator rights on your phone. These agents usually manage the security certificates and all the other things needed to authenticate the device with their systems and create a secure connection. If they configured their environment correctly, devices without this agent shouldn't be allowed to connect, which essentially makes the agent required. This is good as only secured and managed devices can connect.
However, as this is a personally owned device, you're allowing them a metric crap ton of access to your personal phone. As a device administrator, the agent can be used to:
* Browse / view / edit files on your phone
* View messages sent or received
* Use GPS to determine the device's location, or even map where the device goes 24/7.
* Change the lock code / pin for the device.
* Lock the device at will.
* Detect rooted devices and disallow service.
* All kinds of other Big Brother-ish type of things.
Your company should have some kind of mobile device policy. Ask to view it. This policy should define acceptable use of mobile devices for employees, and it should also define the acceptable use of the MDM solution for IT staff and management. It should define specifically what steps they will take if the device is lost/stolen, if you get terminated, or any other circumstance where they would want to wipe the device. If they don't have a mobile device policy, or if it does not clearly define these things, demand they provide you with a mobile device and do not grant them permission to use your personal devices. Why? If they don't have their **** together enough to have a policy protecting both them and you, it's just not worth giving them access to your phone.
Furthermore - They should have the ability to perform 2 types of wipes. An enterprise wipe, and a device wipe. The enterprise wipe will remove email, corporate data, corporate applications pushed through the MDM, and finally the MDM agent itself. It shouldn't remove any personal files or wipe the OS. It is often the practice to do an enterprise wipe for personally owned devices in a BYOD environment, but you should check.
So, is all of this MDM stuff bad? No. Your business has a right to protect their systems, networks, and information. MDMs allow them to do this. That being said, if they are making it a job requirement for you to access email 24/7 (or even for just a limited window of time which is outside of your normal shift hours) then the burden of providing you with the appropriate means of doing so rests with them as well. This often means they have to provide you with a mobile phone. If accessing email outside of your working hours is NOT a requirement - then don't! For goodness sake, take a break from the job man!
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
I know this didn't specifically address the OP, but I've had a fair bit of experience with this (both good and bad) and thought I'd chime in. I hope it helped.
how about the reverse, what can a person do to prevent them from wiping your phone?
Elnrik said:
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
Click to expand...
Click to collapse
Nice write-up!! I totally agree with you, 2 phones is the way to go.
https://play.google.com/store/apps/details?id=com.cloudmagic.mail
Access your exchange email without changing security settings on your phone.
ycats said:
how about the reverse, what can a person do to prevent them from wiping your phone?
Click to expand...
Click to collapse
Once their agent is installed and made a device administrator... Nothing.
Ergo - to prevent it, don't install the MDM agent.
---------- Post added at 07:00 AM ---------- Previous post was at 06:46 AM ----------
mikexda said:
Nice write-up!! I totally agree with you, 2 phones is the way to go.
Click to expand...
Click to collapse
Thanks.
I've had some companies tell me "hey, we will pay for your service" and what they wanted was to transfer my line into their business account. Great, I don't have to pay the bill anymore, but I just lost control over when I upgrade (or am eligible for upgrades, as business accounts are still largely based on 2 year contracts), what device I can upgrade to, what plan I get, etc. And here is the scary part of that scenario... Legally the phone number is theirs from that point on. They don't have to release it back to me if either one of use terminates employment. Damn slippery slope, that.
So, unless they are going to cut you a check for your service every month, and you are ensured to retain ownership of the account, best to avoid that altogether.
In fact, any company high on BYOD is doing it wrong IMO. It sounds good, but it can be a nightmare.
Do you actually have to have work email on your phone?
Firms usually offer a corporate device, you can have your email on that, should be a cheap month to month contract.
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. There's a short FAQ with details on how to connect to their Exchange server, but that's when my phone pops up that the server wants access to wipe the phone. I haven't written down the details of the message, though. It could be just the Exchange part, which would be ok. Last thing I want is another party to have any form of control over my personal phone after my assignment ends.
Bluemail looks cool, I'll try it out. I'm curious to see how it reacts to the demands of the Exchange server. In any case, I still have my old phone which will do to stay in the loop when off-site and access my calendar. I might want to have an app that actually copies the calendar to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
ycats said:
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Click to expand...
Click to collapse
Depends on your workplace. Some are more relaxed about it. Personally I avoid it and use a dedicated device.
---------- Post added at 04:49 PM ---------- Previous post was at 04:46 PM ----------
PeterJP said:
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
Click to expand...
Click to collapse
I know a firm who does exactly that, iphones. If it were me I'd avoid it and get out your s2. But that's me. Are you rooted? How does the MDM play with root? If reported would that provoke a wipe? Surely that can be blocked.
What about the exchange hack? Would that be of any use?
Touchdown in the store.
tech_head said:
Touchdown in the store.
Click to expand...
Click to collapse
Was just about to say it has its own secure app container so wiping only wipes company info. Used it for years.