if tmobile releases a new rom for this phone. how are they going to be able to disable the lock on nand for the update to complete? sorry for the dumb question, just curious how they can do it without any access to the phone
I think this is a good question, I'd like to know too.
Updates are signed cryptographically. When the phone boots into recovery, it checks the signature against a public key before applying the update to the phone. We don't have HTC's private key, so there's no way to make signed updates of our own. The key is large enough that cracking it is almost certainly not going to happen in a reasonable period of time.
makes perfect since, same procedure when windows updates take place
Jamalia said:
Updates are signed cryptographically. When the phone boots into recovery, it checks the signature against a public key before applying the update to the phone. We don't have HTC's private key, so there's no way to make signed updates of our own. The key is large enough that cracking it is almost certainly not going to happen in a reasonable period of time.
Click to expand...
Click to collapse
you forgot that the update will talk to the eMMc and tell it to open up. Now i believe that the command for that will be in the bootload. kinda like a lock and key.
So when the signature is found to be correct in the bootloader, it sends the command to open up the eMMc for write.
So can't we use a ota and disassemble it and find the key in there? Or is the key made using a certain hash code and has to match up?
Sent from my T-Mobile G2 using XDA App
Yea that's if they give a damn enough to give us an update. I'm already not liking the way t-mobile is responding to this phones complaints and problems
Sent from my T-Mobile G2 using XDA App
Does the key come from Google or HTC or T-mo?
xdviper said:
So can't we use a ota and disassemble it and find the key in there? Or is the key made using a certain hash code and has to match up?
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
Depends what you're asking. If you mean HTC's private RSA key, no. It's not in the update at all. The phone has a copy of HTC's public key, and can use that to determine if the update was signed by HTC's private key. There's no way to determine RSA's private key without either tricking them into disclosing it (very unlikely) or cryptographically attacking it (very very unlikely).
If you mean the key (or command) used to disable write-protect on the eMMC in the bootloader, yes, it should be possible to find this. That's only one small piece of the rooting puzzle, though. When the eMMC powers on, it is temporarily write-protected. The bootloader can then disable write protection to write an update. When the phone boots normally, though, the eMMC is switched from temporary write-protect to power-on write-protect. Power-on write-protect can't be disabled by sending the eMMC any commands; the eMMC has to be powered off or hard-reset to disable power-on write-protect. Unfortunately, all attempts to power cycle or hard reset the eMMC have failed, so it looks like this attack vector might be a dead end as well.
asarousi said:
Does the key come from Google or HTC or T-mo?
Click to expand...
Click to collapse
HTC holds the private key for this phone. There's no way they're disclosing it. Unlikely it will ever be leaked.
Why is it that top secret military intel is leaking from the internet and HTC doesn't leak at all?
Depends who has access to the information. When top secret information is available to thousands of people at the front lines of a war, each under various levels of stress, odds are someone will eventually leak something. Likely, very few people at HTC have access to this key, and those that do have no compelling philosophical or personal reasons to release it.
There are still other avenues of attack. As clever as HTC has proven, I'm still confident that the G2 will eventually be permanently rooted. It just might take some time. There are a lot of brilliant and dedicated people working on it.
Related
I'm using Modaco latest r8 rom with froyo 2.2. I noticed 2 things:
1. wave secure will not download my account data automatically when I factory reset. I need to register again which make it vulnerable. >> Anyone can disable wave secure
2. I don't even need to factory reset and I can reset wave secure by clearing the data in settings!!!!
I have tried in original HTC ROM 2.09(rooted) and flash in /system/app. same situation.
And I've tried that if wavesecure hasn't been register, you can't lock it from wavesecure.com or sms
I don't know if this is due to the nature of froyo or it's been like this since 2.1
wave secure is practically useless right now on my phone!!
Anyone can confirm this?
called them and they said they disabled the function for temp as they are working on some fix, it will be up again in 3 weeks as what they said
Yep, saw this on MoDaCo. Will not be renewing my WaveSecure subscription.
Lets be honest, it was a waste of money to begin with right.
This whole thing makes me wonder...can an Android phone REALLY be protected by these kind of softwares? Even assuming there are no security issues with the app..I mean,a lot of Android phones are rooted by their owners and all are rootable (?) without booting into the OS, so even if said apps are installed as system apps (just like wavesecure can be) what's preventing a "smart/geek" thief from pulling the battery, changing the simcard,(rooting a non-rooted phone), booting into recovery, mounting system and wreaking havoc through adb, including removing the security app?? Am i going on a wild goose chase or is all this sound??
MacCarron said:
This whole thing makes me wonder...can an Android phone REALLY be protected by these kind of softwares? Even assuming there are no security issues with the app..I mean,a lot of Android phones are rooted by their owners and all are rootable (?) without booting into the OS, so even if said apps are installed as system apps (just like wavesecure can be) what's preventing a "smart/geek" thief from pulling the battery, changing the simcard,(rooting a non-rooted phone), booting into recovery, mounting system and wreaking havoc through adb, including removing the security app?? Am i going on a wild goose chase or is all this sound??
Click to expand...
Click to collapse
Yeah, but I don't think the average mugger/thief is that smart
Sent from my HTC Desire using Tapatalk
So can I cancel my current subscription then and get a refund?
If you install wavesecure to /system/app and make sure its only there and not in /data/app as well then you should not have this problem.
Also wavesecure have gone through a rough month, got brought by Mcafee who in turn just got brought by Intel. They need to adjust to the new owners. They are (were) only a small company and lets face it their app is the best around by a long long way.
If you have any problems or suggestions on how to improve they usually listen (it was one of TeamVillain and a xda mod who suggested they make a update.zip for /system/app and a number of other improvements and they did it straight away).
Don't just say "oh no its not working" no app can protect your phone from the right people, if someone who knows all about rooting etc gets your phone then your screwed anwyay. But the average joe thug who steals your phone will get it, put in a new sim the alarm will go crazy then they panic, drop the phone and run. You can then use the tracker to find it, or give details to police.
Just put the apk in your rom next time before you flash in system/app and flash the rom. Restore data from a backup (but not the app) and you still get your market link too.
Lennyuk said:
If you install wavesecure to /system/app and make sure its only there and not in /data/app as well then you should not have this problem.
Also wavesecure have gone through a rough month, got brought by Mcafee who in turn just got brought by Intel. They need to adjust to the new owners. They are (were) only a small company and lets face it their app is the best around by a long long way.
If you have any problems or suggestions on how to improve they usually listen (it was one of TeamVillain and a xda mod who suggested they make a update.zip for /system/app and a number of other improvements and they did it straight away).
Don't just say "oh no its not working" no app can protect your phone from the right people, if someone who knows all about rooting etc gets your phone then your screwed anwyay. But the average joe thug who steals your phone will get it, put in a new sim the alarm will go crazy then they panic, drop the phone and run. You can then use the tracker to find it, or give details to police.
Just put the apk in your rom next time before you flash in system/app and flash the rom. Restore data from a backup (but not the app) and you still get your market link too.
Click to expand...
Click to collapse
While i agree with you that a witch hunt isn't the proper response and that it is unlikely that the average thief will know his way around adb, i have personally tried to remove wavesecure from /system/app...it works...i did it without breaking a sweat. I intentionally triggered the lock by attempting to uninstall the uninstall-protection, pulled off the battery, booted in recovery and got rid of wavese cure with a single command. Reboot and presto! A free phone . So it is true that there is no full-proof way to be safeguarded, at least using this software, and in my humble opinion the guys over at wavesecure should clearly state so on their website. And they don't always listen..there is a long story of noisy silences concerning op's issue...omissions, censorship etc etc. I got a free lifetime subscription so i'm not particularly yelling at anyone, just making hypothetis, but wouldn't you be quite pissed off if someone stole your phone and rendered it's security software (for which you payed) impotent just because he knew "SU"?
MacCarron said:
While i agree with you that a witch hunt isn't the proper response and that it is unlikely that the average thief will know his way around adb, i have personally tried to remove wavesecure from /system/app...it works...i did it without breaking a sweat. I intentionally triggered the lock by attempting to uninstall the uninstall-protection, pulled off the battery, booted in recovery and got rid of wavese cure with a single command. Reboot and presto! A free phone . So it is true that there is no full-proof way to be safeguarded, at least using this software, and in my humble opinion the guys over at wavesecure should clearly state so on their website. And they don't always listen..there is a long story of noisy silences concerning op's issue...omissions, censorship etc etc. I got a free lifetime subscription so i'm not particularly yelling at anyone, just making hypothetis, but wouldn't you be quite pissed off if someone stole your phone and rendered it's security software (for which you payed) impotent just because he knew "SU"?
Click to expand...
Click to collapse
The thing is though, if they knew SU and other commands chances are they will get around any protection whatever it would be.
But Wavesecure offers you a way to track the phone, you can still contact your carrier and get them to IMEI blacklist it, then track the handset down via wavesecure.
hi - just check out secrep5265.blogspot.com - thats interesting information concerning your discussion.
Hi all,
Firstly, apologies if this has been covered before, I have had a search but not been able to find an answer yet.
Is there a way to temporarily disable the camera (photo + video) function of the Wildfire? The reason being that I am going to be temporarily working in an area where cameras are banned. I am trying to find an alternative to having the camera drilled at the security entrance.
Does anyone know if it is possible?
Cheers,
I dont think there is. Besides, its pointless if you look at it. You show the security the disabled camera, enter the premises, and activate it again. Ofcourse, this is if the security believes that the camera is disabled, which they wont.
However, I think you can root the phone, take a nandroid backup, and, enter /system and mess around with the camera files (camera.apk), due to which even if you start the camera app, it wont start. However, the question remains whether the security will accept this or not. (Because even they would know a software hack is undoable)
IMV, it would probably be better to get a cheap phone for work, if only phone calls and SMS'es are your need at work.
3xeno said:
I dont think there is. Besides, its pointless if you look at it. You show the security the disabled camera, enter the premises, and activate it again. Ofcourse, this is if the security believes that the camera is disabled, which they wont.
However, I think you can root the phone, take a nandroid backup, and, enter /system and mess around with the camera files (camera.apk), due to which even if you start the camera app, it wont start. However, the question remains whether the security will accept this or not. (Because even they would know a software hack is undoable)
IMV, it would probably be better to get a cheap phone for work, if only phone calls and SMS'es are your need at work.
Click to expand...
Click to collapse
Thanks for the advice.
Let me add, this isn't the only line of defence in satisfying the security people, but I would rather keep the discussion the the software part rather than the ins and outs of the policy and if it would satisfy. It is antiquated and largely pointless policy for the modern world. If someone wants to use a camera as a tool for espionage, there are much better & subtler things than using a smart-phone camera.
From reading round various internet forums, this question always seems to generate more discussion on the policy than the actual deactivation.
alongwor said:
It is antiquated and largely pointless policy for the modern world. If someone wants to use a camera as a tool for espionage, there are much better & subtler things than using a smart-phone camera.
From reading round various internet forums, this question always seems to generate more discussion on the policy than the actual deactivation.
Click to expand...
Click to collapse
True. Anyhow, not much you can do here, unfortunately. (Both in terms of policy and temp disabling the cam)
Sent from my HTC Wildfire using XDA App
Sort of gutting the phone (dont you will be responsible and will probibly brick the phone) you would be better off getting a cheap dumbphone
Sent from my GT-P1000 using XDA App
I'm finding a lot of threads about changing from pin/password to pattern unlock, but not having any luck in completely disabling the security feature BS...
Is it possible to completely eliminate the password lock required by my exchange server? I have tried lockpicker and no lock, neither of which worked.
I would like to keep syncing but am not going to deal with this unlocking all the time (they JUST started enforcing it)...any help would be appreciated.
BTW, running Calkulin's EViO 2 v 1.7 (sense, so HTC mail)
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Thanks...I figured it wouldn't be that easy but I had to ask.
Justin.G11 said:
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Click to expand...
Click to collapse
I get complaints all the time about policies. 99.999% of the time, the policies are created/approved by steering committees, the legal department or executive management. There is usually nothing IT can do about it as the policies are put into place for legal reasons or company security.
Additionally, if IT departments are not compliant in company policies there could be legal ramifications if the company has to comply with certain government guidelines.
And IT staff don't hate dealing with people...it sounds like your work environment is not like others.
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Khilbron said:
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Click to expand...
Click to collapse
Will look into that. Thank you very much!
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
awenthol said:
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
Click to expand...
Click to collapse
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Yes..this reply really isn't correct. There have been some sqlite modifications that can be made or using the mail.apk from this link (http://forum.xda-developers.com/showthread.php?t=775007) works perfect, even with the new CM7-RC2
Bypassing Exchange security
I had this same issue with my work email. My way of bypassing it and still using the stock Mail app is by installing widgetlocker. Unfortunately the newest version does not bypass your encryption, but the older version before the most recent update does. Also it allows you to fully customize your lockscreen and add widgets and what have you. All in all pretty cool app.
widgetlocker.teslacoilsw.com/general/widgetlocker-1-2-9/
(unfortunately because i have never posted before i cannot post links so pm if the link does not work)
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
ramiss said:
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
Click to expand...
Click to collapse
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
bkrodgers said:
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
Click to expand...
Click to collapse
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Sent from my "locked" device.
ramiss said:
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
Click to expand...
Click to collapse
Yes and no. There are approaches that are easier if you aren't securing the whole device, but that doesn't mean it can't still be hacked.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
Click to expand...
Click to collapse
Overall I agree with that, although I think at a company that offers mobile email, there's a sort of "peer pressure" to use it. Not to say that's a good reason. I'd imagine that it'd be hard for a company to actually require you to use mobile email on your personal device -- if your job truly requires it, I'd think they'd have to provide you a device if you don't have a compatible device or aren't willing to use it that way. So yes, you're probably right that you have the choice. It doesn't mean that we can't complain though.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Click to expand...
Click to collapse
If it's really lost forever, yes. But what if:
- The exchange admin sends the wipe command to the wrong phone. ("Hi, I'm John Smith and I've lost my phone.")
- The "wipe after X invalid passcode" policy is enabled. A friend or a kid picks up the phone and tries to play with it. Whoops.
- Something else goes wrong...bottom line is that the company should have no right to wipe anything other than their own data.
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
matt2053 said:
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=775007
awenthol said:
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
Click to expand...
Click to collapse
Your Exchange Admin (or you depending on the version of Exchange you're using) has the ability to remotely wipe your device in the event it gets stolen/lost.
Could anyone give a brief possible explanation of why I can connect to my exchange server easily using Touchdown, but not using the Android integrated Exchange Account Sync?
Sent from my PC36100 using XDA App
Just found this thread as I've encountered the same issue on a HTC Sensation, just setup Exchange ActiveSync, and bam, have to set up the PIN lock on the phone.
However I've noticed that once you've done it, you can then go into Settings, Security and change the timeout before it locks up to 1 hour (I think that is dependent on your company setting). Mine was defaulting to every time the screen locked, but changing it to 1 hour I find I hardly ever have to unlock the phone now apart from first thing in the morning as I tend to use it regularly through the day.
I just bought another Atrix for my wife from someone moving over to iPhone. In order to see if it works I had to log into motoblur before handing over the cash. Now I get errors on my phone because I logged onto the other phone. You can not use the stupid phone unless you log into motoblur to even see if it works and then it locks you out of your original phone. Now the folks at motorola tell me I have to reset my phone to stop the errors and lose all my data. Chat below:
AJabonete: Hi, my name is AJabonete. How may I help you?
xxxxxxxx: I need my motoblur account reset. I was testing out a new phone to buy for my wife and had to enter my motoblur account info to use the phone. Now I'm blocked out from my phone.
AJabonete: I apologize for the inconvenience, assuredly I will do my best to help you with this.
AJabonete: What is the model of your phone and who is your service provider?
xxxxxxxxx: Atrix AT&T
AJabonete: What can you see at the screen at the moment?
xxxxxxxxx: The is an error Motorola service account error. When I click it says:The account you are using is associated with another device. Please contact customer service to reset the device.
AJabonete: I'm sorry to hear that. We can reset the phone manually though but set expectation that it will erase everything from that phone.
xxxxxxxxx: You've got to be kidding me ..I log into another phone and I have to loose all my data to stop from having constant errors. This is so stupid!!!!
xxxxxxxxx: Why does motoblur exist and why is is maditory. I want it off my phone!!!
xxxxxxxxx: No other company does this crap!!!!
AJabonete: I'm sorry but it's a Motoblur phone and it backs up all the data as long as you will be logging back on it.\
AJabonete: If you have log in on a different phone it will give you that error as we can only use a Motoblur account per phone.
xxxxxxxx: What data? what if I own multiple phones? When do you warn people of this? And finally, again why is this crap required just to use a stupid phone. I want even test a phone without logging in to see if it works.
AJabonete: Data like your contact, social network accounts and email accounts. When you purchase it, the information should have been provided with the carrier to you already.
AJabonete: That is required as that is one program feature included for the security of the end users.
xxxxxxxx: These two phones are last two motorola phones I will ever buy and I plan to write all over the internet to warn people about this motoblur crap. No wonder everone hates motoblur.
xxxxxxxx: Again no other company (HTC, Samsung, LG) requires this crap. And thay all outsell you.
AJabonete: I sincerely apologize for the inconvenience. If you have 2 Atrix, should have a different accounts for it or as well as if both are Motoblur phones. Other phones does not have the security like this and, that is the difference. What if you loose the phone? Do you think other people can access your information with out logging in with Motoblur?
AJabonete: Are you still there? Are you ready for the reset instructions?
AJabonete: Are you still there? We have noticed that you have been "idle" for 2 minutes, if no response is sent within the next minute this chat session could be terminated.
xxxxxxxxxx: i'M STILL HERE
xxxxxxxxxx: Go ahead with instructions
AJabonete: To perform an External Manual Reset of your handset to restore to factory settings, read instructions below and then perform.
Power off the phone, press and hold volume down button, press power button.
Screen will come up with "Fastboot", press Vol down key to cycle through choices until you get "Android Recovery", then press Vol up key
Wait for the "triangle ! / Android" screen then go on to step 4
Tap on bottom right corner of the screen (may take a few times). a menu will come up
Tap on "wipe data/factory reset", and tap OK. Another Confirmation screen will come. Tap Yes and OK
After userdata is cleared, the "reboot system now" option will be highlighted by Default. Tap OK.
Phone will reboot to initial setup MOTOBLUR screen.
xxxxxxxx: OK, but if it's so great why did Motorola announce two days ago you are going to stop putting motoblur on phones because of all the complaints?
I'm sorry, as far as we know here; we did not make such announcement.
AJabonete: We are always gathering input from owners from calls, e-mails, the Web and other sources. I can't say for sure if this is known or common, but it will certainly be passed on. We do apologize for the inconvenience this has caused you and want to assure you that Motorola does value your feedback We open a record for all consumer contacts which are then routed to the proper department for any further research.
xxxxxxxx: Here is just one article from yesterday announcing the end of motoblur http://pocketnow.com/android/say-goodbye-to-motoblur
AJabonete: I'm sorry again but, that's not an official Motorola website and we can not make comments on that.
xxxxxxxx: Typical
AJabonete: We only verify and post proper information at http://www.motorola.com, sorry.
xxxxxxxx: So a press conference from you CEO Sanjay Jha does not count. WONDERFUL!!!
I just wanted to warn everyone about this crap. I'm so Pi$$ed I have to reset my phone to stop constant errors just because I tested a phone before buying it!!
I'm starting to give up on my Atrix. The forums are full of people complaining about stupid ****.... there is no type development going on =/
What data are you concerned of losing?
Sent from my MB860 using XDA Premium App
MOTOBLUR name phased out due to public feedback
It may take some time, but Motorola will eventually be rid of this bloated pig...
ccrows said:
MOTOBLUR name phased out due to public feedback
It may take some time, but Motorola will eventually be rid of this bloated pig...
Click to expand...
Click to collapse
Note.....the NAME will be phased out. Motoblur will just be called Used Tampax or something in the future!
CaelanT said:
Note.....the NAME will be phased out. Motoblur will just be called Used Tampax or something in the future!
Click to expand...
Click to collapse
It's funny because it's true.
lesonal said:
I'm starting to give up on my Atrix. The forums are full of people complaining about stupid ****.... there is no type development going on =/
Click to expand...
Click to collapse
Blame Motorola not the forum members.
By the way, there's a way to bypass the MotoBlur account setup so you can test the device. Search for it on the forums. (Sorry, don't have the link handy for me to share) but its in there.
Sent from my Atrix using Tapatalk
CaelanT said:
Note.....the NAME will be phased out. Motoblur will just be called Used Tampax or something in the future!
Click to expand...
Click to collapse
Oh believe me I know, I was talking about it in this thread.
It was kinda funny because I was mentioning that the new "Triumph" (yeah I know prepaid CDMA) was getting Vanilla Android, and I was wondering if this was a positive sign for things to come. Literally a few minutes later, Engaget reports the "renaming" article. Coincidence or not, I'll take it as a good sign.
Motorola knows that people don't like MB. They are making changes to it, (name and software) but it's still gonna remain unpopular.
Eventually they will realize that they will be better off with Vanilla, since they will sell more phones and not waste time/money on MB anymore...
One can only hope that the phasing out of the name of motoblur will lead to bigger changes in the near future. Maybe Motorola will finally understand that their best-selling phone was the OG Droid... vanilla...
Sent from my MB860 using XDA App
Yea I know you can bypass motoblur but I did not think to look it up before going to meet the seller in the parking lot of McDonald's (typical CL transaction). When testing the phone to make sure I was not getting a dud I was presented with the motoblur screen so I logged in. Once tested out I took it home factory reset it for good measure and had the wife create her own motoblur account. Then of course proceeded to root, upgrade to 1.83 and install Gingerblur.
Once I looked at my phone that's when I noticed the errors about account being associated with another phone. Had SIM in phone and logged in less than 2 minutes before removing and now I have to reset my phone to stop the notification errors.
Some asked what would I loose by resetting. I have to back up all my data with Titanium, then back that along with several gigs of downloaded data to my computer. Then after all that I may loose root and have to SBF back 1.26 reapply root, sideloading etc and upgrade to 1.57 then 1.83. Then I would have to reload the Titanium file along with the several gigs of downloaded data and then restore. That's an afternoon of more worth of BS work because of this motoblur crap!
The only positive I could see is I would now install Gingerblur and a theme which I did not do the first time.
you don't have to go back to 1.26 to root, iirc.
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Abrojo said:
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Click to expand...
Click to collapse
http://bit.ly/174zPh6
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
I use avast! free mobile security (https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity&hl=en),
the anti-theft module has option to block the phone if the sim card is changed
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
What a woeful answer. Try reading before you be a ****.
In answer, no there is nothing similar to a BIOS lock on Android phones, however like mist813 said, Avast is quite good. If you have root access you can install it as a system apk then even if the thief wipes your phone, it's still there.
You could also try lookout its free. Can do tracking, remote wipe and also takes a photo of anyone trying to unlock your phone.
I don't think there is anything that can prevent someone from just flashing a new firmware and wiping the phone completely.
Sent from my Nexus 10 using Tapatalk 2
I don't think there is an equivalent to BIOS lock in Android. I'm not sure if you tried Lookout or the native Samsung remote control under security settings. Both gives you the options to locate, lock, scream or wipe your data. I tried the locate and scream options and they work. Never tried lock or wipe, but they should also work! Now going to the fact of wether someone can bypass or overcome these security measures, then I personally think it's possible and whatever we do he can find a way to go around it depending on how smart and resourceful he is! If my phone is stolen, frankly speaking I won't waste my time trying to find it or just lock it. All what I'll care about is to wipe the data off, and hopefully these softwares will work if needed!
Sent from my SGS IV using Tapatalk 2
Abrojo said:
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
Click to expand...
Click to collapse
Okay lets not be a **** this time.
1) There's nothing equivalent to that bios thing
2) http://stackoverflow.com/questions/...-the-device-on-removal-of-sim-card-or-sd-card
There are also apps that just notify you if sim card is changed for example this https://play.google.com/store/apps/details?id=instigate.simCardChangeNotifier&hl=fi
And of course there are some apps that let you remotely control your phone for example http://forum.xda-developers.com/showthread.php?p=7567932
Abrojo,
You don't really need a third-party app for this.
Please check out the Samsung Dive service. (www.samsungdive.com)
You can track your phone, lock it with a custom password, sound an alarm, etc...
The problem is, the phone needs to have Internet access.
I am using the Cerberus app (https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en)
This is the best rated Anti-theft app you can find for your Android.
a license costs 3USD if I remember correctly. With one license you can secure up to five Android phones.
Featuers:
Track your phone
Remote lock
Remote wipe
And a lot more options...
A couple of things that I think are extremely useful:
When a wrong password or pattern is drawn to unlock your phone, a picture is taken with the front camera and emailed to you together with the location of the phone.
When the SIM is swapped, you can configure up to three phone numbers that will receive an SMS with the new SIM card number and the location of the phone.
You can hide the app from the App Drawer.
Check it out... very useful
i use also cerberusapp 4 years now. everything is perfect. when u install as system app u can do everything.
Sent from my ThL W8 using xda premium
Apparently there is also rumors of LoJack already being built into these phones, with the possibility to activate it some time in the near future. Don't remember all the details, but I just read an article about that. Not being patronizing when I say it, but Google Galaxy S4 LoJack and look into it.
Also, I am on Verizon, and am testing out their mobile security app that is preinstalled. It's $1 a month, but they allow you to remotely lock your phone, wipe it, and track it should you lose it. I don't believe it embedded at the hardware level, but it is something that gives me a little piece of mind.
Edit: I went to switch to the Norton Mobile Security app, since I use it for all of my other devices, and discovered that the Verizon Mobile Security App - once activated - cannot be uninstalled, force stopped, you cannot clear the data, and you cannot disable it. In order to do so, I first have to go into my Verizon account online, sign in, and unsubscribe from the service. After realizing that, I have chosen to keep the Verizon security app, because it has that extra layer of security. Are there ways of bypassing that, I'm sure there are. But assuming that my phone is stolen by some low level thief and not some crazy high level criminal circuit, I should have no problem retrieving it.
Samsung Dive down?
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Sm007hCriminal said:
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Click to expand...
Click to collapse
It's working with me.
Sent from my SGS IV using Tapatalk 2