Disregard, for business class users.
Really don't know what this is for, or why it is in the services.jar. Rom developers might want to remove it. Don't freak out about this, I doubt it is a big conspiracy etc.
This is a remote wipe using google's cloud to device messaging, and only works when sent from google.
Might be worthwhile to remove/null it from roms, or it might now who knows. If rom devs need help doing it let me know.
Code:
package com.android.server;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.RecoverySystem;
import android.util.Log;
import android.util.Slog;
import java.io.IOException;
public class MasterClearReceiver extends BroadcastReceiver
{
private static final String TAG = "MasterClear";
public void onReceive(Context paramContext, Intent paramIntent)
{
if (paramIntent.getAction().equals("com.google.android.c2dm.intent.RECEIVE"))
{
String str = paramIntent.getStringExtra("from");
if (!"google.com".equals(str))
int i = Slog.w("MasterClear", "Ignoring master clear request -- not from trusted server.");
}
while (true)
{
return;
try
{
int j = Slog.w("MasterClear", "!!! FACTORY RESET !!!");
RecoverySystem.rebootWipeUserData(paramContext);
int k = Log.wtf("MasterClear", "Still running after master clear?!");
}
catch (IOException localIOException)
{
int m = Slog.e("MasterClear", "Can't perform master clear/factory reset", localIOException);
}
}
}
}
Wow that fuc*ed up. Lol
Sent from my ADR6400L using XDA App
Kind of crazy, but not shocking either knowing Google.
Saw your Tweet and PasteBin earlier today. Interesting stuff. Hopefully people do not go crazy over this and turn it into something more than it is.
Does anyone know if this is even functional? Has Google ever enforced this? I know it is worrying to have this functionality sitting idle on your device... but maybe it was for a larger plan where users can remotely manage their device and, in the case of it being lost or stolen, wipe personal data.
Could this be part of Google's ability to remote wipe apps that it deems as malicious?
bmcclure937 said:
maybe it was for a larger plan where users can remotely manage their device and, in the case of it being lost or stolen, wipe personal data.
Click to expand...
Click to collapse
That was my guess. It's probably for businesses that use Gmail. Google actually mentions this on their Gmail for Business site:
"Administrators can manage their users' Android devices with a set of mobile device management policies designed to let users access their data while keeping organizational information secure. These policies include the ability remotely wipe data from lost or stolen devices, require a device password, set password strength requirements, and more.
Would this affect third party app's ability to wipe remotely? For example, apps that can wipe if you lose the phone. Or do they not use this code and use their own formatting?
Jacquestrapp said:
That was my guess. It's probably for businesses that use Gmail. Google actually mentions this on their Gmail for Business site:
"Administrators can manage their users' Android devices with a set of mobile device management policies designed to let users access their data while keeping organizational information secure. These policies include the ability remotely wipe data from lost or stolen devices, require a device password, set password strength requirements, and more.
Click to expand...
Click to collapse
That sounds like the logical thing...
I thought it might be for htcsense.com there remote wipe service.
Sent from my ADR6400L using XDA App
Logical explanation, hold on.
Fore business class users, will explain when i have time
Been a couple years since I messed with java so my memory may be a little foggy but wouldn't that return statement kick you out of the while loop causing the rest of the code not to execute?
Russ36363 said:
Would this affect third party app's ability to wipe remotely? For example, apps that can wipe if you lose the phone. Or do they not use this code and use their own formatting?
Click to expand...
Click to collapse
+1 I use htcsense.com, would this effect this capability?
Bern612 said:
I thought it might be for htcsense.com there remote wipe service.
Click to expand...
Click to collapse
Enterprise administrators need a certain amount of control over their devices and device manufacturers need to incorporate these certain low level functions into the devices to entice enterprise users. As an administrator of a Blackberry BES system I can tell you first hand the importance of the ability to remotely wipe and lock a lost device.
The reason I say google having this ability makes sense is that the ability to remotely lock and wipe a handset needs to come from a central authority. With Blackberries this ability is tied to the BES that the device is attached to. With Exchange the ability to set security policies and enforce remote lockdown and wipe is controlled through Activesync (you will find Activesync has this ability on both Android and iOS devices).
Now for enterprises that use Google services for communication (which if you run an exchange server in your organization I recommend you look into. It's not for everyone, but there is a lot to be said for running what amounts to a private gmail server, anyhow) they still want that level of control over their users devices so it makes a hell of a lot of sense for Google to bake that ability into the device to allow their own enterprise customers the level of control they demand. I know some fellow enterprises admins that use Google for their communication services and there are some issues with iOS devices because of the lack of control integration since gmail does not use activesync. (That is not to say that this ability is not baked into iOS (think Mobile Device Management), it is just not as tightly integrated for people not using Activesync).
Nusince said:
Enterprise administrators need a certain amount of control over their devices and device manufacturers need to incorporate these certain low level functions into the devices to entice enterprise users. As an administrator of a Blackberry BES system I can tell you first hand the importance of the ability to remotely wipe and lock a lost device.
The reason I say google having this ability makes sense is that the ability to remotely lock and wipe a handset needs to come from a central authority. With Blackberries this ability is tied to the BES that the device is attached to. With Exchange the ability to set security policies and enforce remote lockdown and wipe is controlled through Activesync (you will find Activesync has this ability on both Android and iOS devices).
Now for enterprises that use Google services for communication (which if you run an exchange server in your organization I recommend you look into. It's not for everyone, but there is a lot to be said for running what amounts to a private gmail server, anyhow) they still want that level of control over their users devices so it makes a hell of a lot of sense for Google to bake that ability into the device to allow their own enterprise customers the level of control they demand. I know some fellow enterprises admins that use Google for their communication services and there are some issues with iOS devices because of the lack of control integration since gmail does not use activesync. (That is not to say that this ability is not baked into iOS (think Mobile Device Management), it is just not as tightly integrated for people not using Activesync).
Click to expand...
Click to collapse
Yep, personally I would remove it if my device was at risk of employer remote wipe, but probably best to leave it.
jcase
I would like to remove this hope some one make a app or something to remove it.
Sent from my ADR6400L using XDA Premium App
One word...derp
magneticzero said:
One word...derp
Click to expand...
Click to collapse
One word... herp
Good find jcase. Can you make a zip to remove it?
Sent from my ADR6400L using XDA App
jmiller98 said:
Good find jcase. Can you make a zip to remove it?
Sent from my ADR6400L using XDA App
Click to expand...
Click to collapse
No, its a meaningless find. I'm not touching it, needed for corp class users.
agreed. any rom dev that removes it shout include a zip to put it back in... i know from Ms exchange you can allow or deny the use of this functionality per device... i assume many of us are it at our jobs... just add your name to the safe list
also if your company forces this, it will require a password to unlock your device... just a little extra info...
Sent from my ADR6400L using XDA App
Related
I'm finding a lot of threads about changing from pin/password to pattern unlock, but not having any luck in completely disabling the security feature BS...
Is it possible to completely eliminate the password lock required by my exchange server? I have tried lockpicker and no lock, neither of which worked.
I would like to keep syncing but am not going to deal with this unlocking all the time (they JUST started enforcing it)...any help would be appreciated.
BTW, running Calkulin's EViO 2 v 1.7 (sense, so HTC mail)
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Thanks...I figured it wouldn't be that easy but I had to ask.
Justin.G11 said:
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Click to expand...
Click to collapse
I get complaints all the time about policies. 99.999% of the time, the policies are created/approved by steering committees, the legal department or executive management. There is usually nothing IT can do about it as the policies are put into place for legal reasons or company security.
Additionally, if IT departments are not compliant in company policies there could be legal ramifications if the company has to comply with certain government guidelines.
And IT staff don't hate dealing with people...it sounds like your work environment is not like others.
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Khilbron said:
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Click to expand...
Click to collapse
Will look into that. Thank you very much!
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
awenthol said:
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
Click to expand...
Click to collapse
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Yes..this reply really isn't correct. There have been some sqlite modifications that can be made or using the mail.apk from this link (http://forum.xda-developers.com/showthread.php?t=775007) works perfect, even with the new CM7-RC2
Bypassing Exchange security
I had this same issue with my work email. My way of bypassing it and still using the stock Mail app is by installing widgetlocker. Unfortunately the newest version does not bypass your encryption, but the older version before the most recent update does. Also it allows you to fully customize your lockscreen and add widgets and what have you. All in all pretty cool app.
widgetlocker.teslacoilsw.com/general/widgetlocker-1-2-9/
(unfortunately because i have never posted before i cannot post links so pm if the link does not work)
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
ramiss said:
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
Click to expand...
Click to collapse
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
bkrodgers said:
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
Click to expand...
Click to collapse
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Sent from my "locked" device.
ramiss said:
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
Click to expand...
Click to collapse
Yes and no. There are approaches that are easier if you aren't securing the whole device, but that doesn't mean it can't still be hacked.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
Click to expand...
Click to collapse
Overall I agree with that, although I think at a company that offers mobile email, there's a sort of "peer pressure" to use it. Not to say that's a good reason. I'd imagine that it'd be hard for a company to actually require you to use mobile email on your personal device -- if your job truly requires it, I'd think they'd have to provide you a device if you don't have a compatible device or aren't willing to use it that way. So yes, you're probably right that you have the choice. It doesn't mean that we can't complain though.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Click to expand...
Click to collapse
If it's really lost forever, yes. But what if:
- The exchange admin sends the wipe command to the wrong phone. ("Hi, I'm John Smith and I've lost my phone.")
- The "wipe after X invalid passcode" policy is enabled. A friend or a kid picks up the phone and tries to play with it. Whoops.
- Something else goes wrong...bottom line is that the company should have no right to wipe anything other than their own data.
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
matt2053 said:
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=775007
awenthol said:
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
Click to expand...
Click to collapse
Your Exchange Admin (or you depending on the version of Exchange you're using) has the ability to remotely wipe your device in the event it gets stolen/lost.
Could anyone give a brief possible explanation of why I can connect to my exchange server easily using Touchdown, but not using the Android integrated Exchange Account Sync?
Sent from my PC36100 using XDA App
Just found this thread as I've encountered the same issue on a HTC Sensation, just setup Exchange ActiveSync, and bam, have to set up the PIN lock on the phone.
However I've noticed that once you've done it, you can then go into Settings, Security and change the timeout before it locks up to 1 hour (I think that is dependent on your company setting). Mine was defaulting to every time the screen locked, but changing it to 1 hour I find I hardly ever have to unlock the phone now apart from first thing in the morning as I tend to use it regularly through the day.
For the Rezound,and other phones I guess, there is a modified Exchange server app that does away with the Administrator Rights requirement when connecting to some Exchange Servers.
Here is the issue. Mind you, this security policy only applies if the device supports it. Meaning one Android device or iPhone can connect without enabling Admin rights, while another one does.
But what happens, is that if the Exchange Server sees that the device supports it, it enforces this policy in order to set up and allow access to the email account. It gives the IT department COMPLETE control of your device. They can lock you out, format it, etc... Also, it forces you to set up a PIN, and it disables the camera and encrypts the storage of the device. So you can see how this an be an issue with a personal device. ANy pics you take, files you download, etc... are encrypted and can ONLY be accessed from the device. You cannot copy them to your PC and access them. Huge pain in the ass!
On the various ICS ROMs for the Rezound(the phone I have), there is a file that I can install, a modified Exchange.apk file, that lets me set up the account, and while it will force me to use a PIN, it ignores the rest and doesn't force me to disable the camera or encrypt the storage.
So, is there such an app for this device? Can I use the one for ICS that I use for the phone?
Any idears?
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
ekinnee said:
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
Click to expand...
Click to collapse
There is almost never a legal requirement, it is a corporate policy. I am using this type of modded Exchange.apk right now, have been for months.
The irony of the "security policy", is that if your phone does not support the feature, then the Exchange Server ignores it and lets the device right in with full access. It only affects certain devices. If I had a DroidX, no problem, Exchange lets me in. I upgrade to a Rezound, now I have to encrypt my entire device.
Don't use it if you don't want to, but many of us do, as this file is available for many phones. I just need to locate one for the N7.
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
I can't dig up the case at the moment, but for the record, there is absolutely president (at least in the U.S.) if a company requires you use a personal device for work, they have no legal recourse to require factory wipe access and may face steep penalties if they fire you as a result of you circumventing them.
Definitely an area where it's worthwhile to know both:
A. Your companies policies, in and out.
B. Your rights as a citizen of whichever country you reside in.
krelvinaz said:
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
Click to expand...
Click to collapse
Guys, I really don't need lectures on whether I should do it or not. I currently do it. I will continue to do it. I won't get in trouble at work, it is just how they set it up and they are not going to change it for me, but it is an inconvenience.
I just need to be able to do it on THIS device.
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
SquireSCA said:
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
Click to expand...
Click to collapse
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
mwalt2 said:
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Cool. I just got the thing a couple hours ago, so it is not unlocked or rooted yet, and you need that to install these.
The ones for the Rezound were made to install in the OS, not from Recovery, but once CM10 is out and stable, I will unlock and go to that and then I can use it. For now, my phone has it so I do have email on the go for work.
Thanks!
Windows Phone 8 technically only allows apps to be installed from the marketplace.
However, Microsoft pretty much has left us with an avenue that would allow us to easily create our own custom 3rd party marketplaces.
With Windows Phone 8, Microsoft has introduced the "company app store" concept. This is originally intended to allow companies to easily distribute LOB applications to its employees.
http://www.windowsphone.com/en-US/business/custom-hub?wa=wsignin1.0
Note how the whole system pretty much relies on a certificate. Anyone with the certificate can sideload applications signed with said certificate.
Now this gives me the idea, why can't the homebrew community purchase their own certificate, and use it to create a 3rd party homebrew marketplace?
the_tyrant said:
Windows Phone 8 technically only allows apps to be installed from the marketplace.
However, Microsoft pretty much has left us with an avenue that would allow us to easily create our own custom 3rd party marketplaces.
With Windows Phone 8, Microsoft has introduced the "company app store" concept. This is originally intended to allow companies to easily distribute LOB applications to its employees.
http://www.windowsphone.com/en-US/business/custom-hub?wa=wsignin1.0
Note how the whole system pretty much relies on a certificate. Anyone with the certificate can sideload applications signed with said certificate.
Now this gives me the idea, why can't the homebrew community purchase their own certificate, and use it to create a 3rd party homebrew marketplace?
Click to expand...
Click to collapse
Let's bump this up, shall we? (Since I'm not going to bother making my own thread, if nobody is going to reply to it)
Here's what I've learned through my evaluation of the company app system. The requirements are simple:
-Company Dev Center account
--Requires that you have a legally registered company (e.g. an LLC), which is verified by Symantec
--$99 plus whatever fees are associated with the LLC
-Symantec Signing certificate
--Requires the company dev center account
--$299
This is actually much less than I thought, as I was expecting this to be limited to the enterprise. Rather, anyone with chump change and some legal papers can get a certificate that allows anyone to sideload apps.
The legal papers is where it gets complicated, unfortunately. If it were just the money, I'd honestly consider a fundraiser to start a homebrew store. The certificate simply needs to be used to sign the enrollment tokens (which are just provxml documents with the cert in them), the enrollment token needs to be distributed to the masses, and then the cert is used to sign all the 'brew. It could be setup pretty easily with an online system for registering devs, uploading xaps, and having them signed, for example.
But the requirement that I have an actual company makes things really complicated; I'm not sure how much verification Symantec does, but I'm under the impression a security firm like expects legal registration, which is not something I personally have, nor something I particularly want (LLC taxes are pretty steep these days)
So, here's the question. Does anyone out there have a "company" dev center account, or has played with "company apps", and is willing to experiment to see if this system would be at all useful for homebrew?
Curious to see if there's any interest. In theory, a WP8 Cydia-like app could be developed very easily
this sounds very interesting, though I do not have a company...yet. Does it have to be an LLC? I am thinking of starting an IT/computer repair company here in my town as a side business, not 100% sure yet, but considering it.
Jaxbot, you sly fox .
That's a great idea.
A couple issues to consider...
Might want to read through the WP Store T&C carefully. While those may very well be the only requirements to get a company account, I wouldn't be surprised if there are much more in the terms to keep one. In other words, distributing your app to non-employees could get your company account banned/disabled/revoked. I haven't done the leg work on this so not sure.
The VeriSign cert you get will likely have requirements to be maintained by a single person or group. Publishing the private key would almost certainly (and quickly) get this revoked. So you would either need to someone to manually sign/publish all the apps or figure out an automated process. That should be possible but would likely take a good bit of work to get going.
My $.02.
Jaxbot, did you get a WP8 device and if so, what model did you get ? I know you were trying to get one.
What would be interesting is to see what type of apps you can deploy with this. Could something like this open a full unlock or Interop unlock becase the corporate account could get those type of pemissions to their devices ?
Is this tyed to the Active Directory in anyway, knowing Microsoft each user might need an account in the Active Directory to be able to use the "Company Dev center"? There could be a lot of limits depending how you can connect to the server that runs it.
Do they have a test version ? Maybe that can be used in this case, just to see if it works and could use a deeper investment to get this working. If you could get me a full unlock from this, I surely would pay up a little for it.
DavidinCT said:
What would be interesting is to see what type of apps you can deploy with this. Could something like this open a full unlock or Interop unlock becase the corporate account could get those type of pemissions to their devices ?
Is this tyed to the Active Directory in anyway, knowing Microsoft each user might need an account in the Active Directory to be able to use the "Company Dev center"? There could be a lot of limits depending how you can connect to the server that runs it.
Do they have a test version ? Maybe that can be used in this case, just to see if it works and could use a deeper investment to get this working. If you could get me a full unlock from this, I surely would pay up a little for it.
Click to expand...
Click to collapse
I believe there are a few things you can do with corp apps that can't be done with regular ones but there's not much. Definitely not full interop unlock (at least not directly).
No. It's not tied to AD at all.
I don't think there's a "test" version. The $400 it would cost is chump change for any legit company. Microsoft could waive the $99 fee for someone they're working with but you'll still need the $299 cert and Symantec/VeriSign isn't gonna give that to you for free.
I'm just an end-user, but YEAH! Dev-unlock: $99. Full unlock: priceless. Definitely would pay a bit.
piaqt said:
I'm just an end-user, but YEAH! Dev-unlock: $99. Full unlock: priceless. Definitely would pay a bit.
Click to expand...
Click to collapse
This wouldn't be a full unlock. It would just allow devs to publish apps to an alternate marketplace and users that are not dev unlocked could easily download them.
RustyGrom said:
A couple issues to consider...
Might want to read through the WP Store T&C carefully. While those may very well be the only requirements to get a company account, I wouldn't be surprised if there are much more in the terms to keep one. In other words, distributing your app to non-employees could get your company account banned/disabled/revoked. I haven't done the leg work on this so not sure.
The VeriSign cert you get will likely have requirements to be maintained by a single person or group. Publishing the private key would almost certainly (and quickly) get this revoked. So you would either need to someone to manually sign/publish all the apps or figure out an automated process. That should be possible but would likely take a good bit of work to get going.
My $.02.
Click to expand...
Click to collapse
Correct. The ToS needs to be really well understood. Some people seem to imply that users outside the company are okay to enroll, but I'm not sure. However, I'm not really sure if the enrollment even touches MSFT's servers at all, and if T&C violations would cause a problem. Something that needs to be looked into. If it's a definite breach of T&C, I say it's not worth it. My $0.02
DavidinCT said:
Jaxbot, did you get a WP8 device and if so, what model did you get ? I know you were trying to get one.
Click to expand...
Click to collapse
Unfortunately no, all my research has been on the emulator. All my attempts to get my hands on a WP8 have proven fruitless so far.
What would be interesting is to see what type of apps you can deploy with this. Could something like this open a full unlock or Interop unlock becase the corporate account could get those type of pemissions to their devices ?
Click to expand...
Click to collapse
No, definitely not full unlock. Interop, I'm not sure. The apps are signed and installed, so I have no idea if ID_CAPs are limited. An app like Folders could definitely be deployed, though, with the new WP8 apis.
Is this tyed to the Active Directory in anyway, knowing Microsoft each user might need an account in the Active Directory to be able to use the "Company Dev center"? There could be a lot of limits depending how you can connect to the server that runs it.
Click to expand...
Click to collapse
No, you can enroll within active directory, it says that in the instructions.
Do they have a test version ? Maybe that can be used in this case, just to see if it works and could use a deeper investment to get this working. If you could get me a full unlock from this, I surely would pay up a little for it.
Click to expand...
Click to collapse
RustyGrom said:
This wouldn't be a full unlock. It would just allow devs to publish apps to an alternate marketplace and users that are not dev unlocked could easily download them.
Click to expand...
Click to collapse
What he said. Basically, it would give us homebrew apps that fit into the limitations of the SDK, but not necessarily the limitations of the certification requirements. Folders, Themes, etc. could likely be built. Apps such as CacheClearer and Tweaks, probably not, but again, I have no experimental research on this yet.
This presentation from BUILD (http://channel9.msdn.com/Events/Build/2012/2-014) should answer most of your questions. The phone does 'phone home' to Microsoft to check the publishers and apps installed. Also, capabilities are limited to "same as standard marketplace apps" however the 'company store' app can install apps and manage apps that have been published through it.
RustyGrom said:
This presentation from BUILD (http://channel9.msdn.com/Events/Build/2012/2-014) should answer most of your questions. The phone does 'phone home' to Microsoft to check the publishers and apps installed. Also, capabilities are limited to "same as standard marketplace apps" however the 'company store' app can install apps and manage apps that have been published through it.
Click to expand...
Click to collapse
55 minutes, exciting Thanks for that, though, clarifies a lot. In that case, then, it sounds like the company store app won't really have much useful information for us, as it sounds almost more restricted than I had originally hoped. In that case, then, "company apps" is probably not a worthwhile route to peruse. My 2 cents.
Terms and conditions for a company account
a. Internal Distribution. Subject to the terms of this Addendum and the Application Provider Agreement,
you may make Enterprise Applications internally available to your Employees. Enterprise Applications
may not be made available to consumers, other companies or the general public, except for vendors or
companies that are under contract with you to develop or test any Enterprise Applications. You are
responsible for any unauthorized distribution of the Certificate Software and Enterprise Applications
outside of the terms and conditions of this Addendum.
b. No Alternative Marketplace. You will not use the Certificate Software to: (i) make paid Applications that
are offered in the general Windows Phone Store available to your Employees; and (ii) make available
Enterprise Applications in a manner that harms the Windows Phone Store as determined by Microsoft
Yeah, MSFT thought about that idea WAY ahead already.
Termination. If you breach the terms of this Addendum and/or the Application Provider Agreement, Microsoft
may (a) revoke the certificates provided by Certificate Software; and/or (b) terminate your Enterprise Account immediately.
If that happens, every app installed will fail to work a day later.
Well it was a good thought guys. A damn good thought..
Since WP8 supports MMC, can we side load any temporary OS to read or execute from anything from it!?
nitin88g said:
Since WP8 supports MMC, can we side load any temporary OS to read or execute from anything from it!?
Click to expand...
Click to collapse
MMC? And seriously, go start another thread! Do NOT thread hijack! I can't stand it, seriously
MMC - Multimedia Card.
I am a MCSE, I wounder if there is a verson to learn how use it. Maybe they have a traning version so I could learn how to get it working on domain. This would be nice if I can try this and get a interop unlock by setting it up on my own domain..
DavidinCT said:
I am a MCSE, I wounder if there is a verson to learn how use it. Maybe they have a traning version so I could learn how to get it working on domain. This would be nice if I can try this and get a interop unlock by setting it up on my own domain..
Click to expand...
Click to collapse
Not possible. The apps you deploy will not get interop privileges.
I am in the process of configuring a number of Note 4 (910F) with Android 4.4.4 for issue to employees within my department. To prevent people from using a corporate handset for their unauthorised purposes, the devices have to be as clean as possible, with access to base functions such as phone, contact, sms, camera and business applications, but remove access to unnecessary applications that are all part of the bloatware installed on them by the network operator.
For device management, we are using SOTI Mobicontrol. SOTI allows me to blacklist applications to prevent them from launching. For security and warranty reasons, rooting the devices to remove unwanted applications is not an option. Therefore the only option is to use the SOTI blacklist to remove access to the application icon for launch.
SOTI requires that I input the application path eg com.sec.android.samsung.samsungapps to add an application to the blacklist. For the majority of mainstream applications such as Amazon, Evernote etc these are readily available. I'm having difficulty in finding the details for things like S Voice, and other bloatware that has been installed as part of the ROM.
I have one device that I can use for testing, so can install applications onto that. Is there any application readily available which will be able to capture the application launch path for an app that doesn't require me to root the device? I've found a few lists on the forum that related to the same apps on different devices which has given me a starting point. Just thought there may be an easier way to find the information out from the device.
Any help gratefully accepted.
IP
Work smarter, not harder. 'Dilbert'
In my opinion, these forums are for helping others to be able to get the most out of their devices, to improve and to make them more enjoyable, that is not your case, here we come as enthusiasts, fans, you better hire a pro in order to accomplish your corporative goals
winol said:
In my opinion, these forums are for helping others to be able to get the most out of their devices, to improve and to make them more enjoyable, that is not your case, here we come as enthusiasts, fans, you better hire a pro in order to accomplish your corporative goals
Click to expand...
Click to collapse
Thanks for the reply. I am an enthusiast, both Android, HTC and Samsung. Where I've been happy to read through the forums and customise my own devices over the years, my 'enthusiast' status has now put me in a position at work where a little bit of advice would go a long way to helping me out.
It's all fine and well paying someone else to do something, but the advice I was looking for was to help me as learning a new skill or how to use a new tool or app is always useful and helps keep me in a job and putting food in the mouths of my children!
I could have easily not included anything about this being needed to help me out for a situation at work and got an entirely different response, but I'm an honest guy just looking for a little advice.
indigo_prime said:
I am in the process of configuring a number of Note 4 (910F) with Android 4.4.4 for issue to employees within my department. To prevent people from using a corporate handset for their unauthorised purposes, the devices have to be as clean as possible, with access to base functions such as phone, contact, sms, camera and business applications, but remove access to unnecessary applications that are all part of the bloatware installed on them by the network operator.
For device management, we are using SOTI Mobicontrol. SOTI allows me to blacklist applications to prevent them from launching. For security and warranty reasons, rooting the devices to remove unwanted applications is not an option. Therefore the only option is to use the SOTI blacklist to remove access to the application icon for launch.
SOTI requires that I input the application path eg com.sec.android.samsung.samsungapps to add an application to the blacklist. For the majority of mainstream applications such as Amazon, Evernote etc these are readily available. I'm having difficulty in finding the details for things like S Voice, and other bloatware that has been installed as part of the ROM.
I have one device that I can use for testing, so can install applications onto that. Is there any application readily available which will be able to capture the application launch path for an app that doesn't require me to root the device? I've found a few lists on the forum that related to the same apps on different devices which has given me a starting point. Just thought there may be an easier way to find the information out from the device.
Any help gratefully accepted.
IP
Work smarter, not harder. 'Dilbert'
Click to expand...
Click to collapse
Why you're not using knox? Which gives you & your team clean,safe & high security in a partition where your enterprise data & emails are there, also it's allows your team to enjoy device as it's.
I believe knox has been designed for this purpose only.
jdomadia said:
Why you're not using knox? Which gives you & your team clean,safe & high security in a partition where your enterprise data & emails are there, also it's allows your team to enjoy device as it's.
I believe knox has been designed for this purpose only.
Click to expand...
Click to collapse
Knox is an additional license for the SOTI software we are using for device management and my suggestion to include it as part of the project were ignored. Work want to 'see how it goes' without spending any more money!
If you want a better Corporate security:
KNOX
ROOT
Choose EITHER ONE or you are out of options.
KNOX is a corporate solution for most big enterprises provided by Samsung & it's a good investment.
ROOT gives you FULL control over any LINUX based OS (Android is a LINUX fork) & it's cheaper as it's FREE.
By using ROOT access, you can create secondary user that is very limited & password protected, even encrypted; in a way that it differs from Android guest mode.
Using ROOT access, you can even remove the BLOAT/Unnecessary apps entirely from your devices, therefore eliminates unwanted possible BUGs that may compromise your company securities.
Linux & Android security knowledge is highly required.
IMHO, for warranty issue, you can replace warranty with insurance.
...And from my knowledge, I've read that many people claim their warranty with KNOX counter tripped without problem from Samsung (But of course they un-ROOT it before claiming).
But remember, as long as your employee can access Download Mode, all of it is useless.
A little intro:I spent a lot of time with malware on windows and which apps/settings can actually protect you. By working with malware you also get a lot of background info on how people / companies / governments can steal your privacy from you and how to protect yourself against it. When I decided to care about all that, I noticed that a lot of "security forum experts for PCs" have no clue about Android and its risks although probably the same if not more data is stored on our phones than on our PCs. So I decided to do some background research, worked with Android malware and played around with the different ways and options that can protect your security & privacy.
When I am looking for a security setup then I want one that is reliable & easy-to-work-with but also lightweight on the system. I don't want my security setup to cripple down my system.
I have done similar guides for Windows and as I haven't seen anything likewise for Android I thought I would give it a go.
What can you do to protect your security & privacy:Security - Firewall: To block incoming / outcoming traffic per app or per IP/DNS/Port. Can drain the battery and be a pain to configure on Android.
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Security - SuperSU: To actively manage which apps will get "unlimited" root access.
Security - Password manager: Use a password manager for all your passwords. Built in password managers (e.g. browser, ftp, mail ,etc) aren't really a save solution (even with the so called "master password"). Apps like KeePass offer a lot more than just having all your passwords stored safely. It lets me open apps + automatic login with just 2 clicks (e.g. FTP, SSH, Mail, Browser,...). It let's me create unique password so that I won't be using the same password on all websites. And there is still a lot more.
Security & Privacy - DNS: Change the DNS-Server you use to something like NortonDNS which will protect you from malware/phishing sites as well as semi-bypass the tracking of browsing behavior by your phone/internet provider. The DNS provider/resolver that you use (usually your phone/internet provider) will transform the domain you want to access into the IP adress of the desired server (the one which hosts the website you want to visit). This means that what ever domain you are going to browse will be transmitted to your DNS provider... so choose one carefully ! Also the better the connection to your DNS provider is (and the better the providers connection to the world-wide-web is) the faster your domain requests will be processed.
Security & Privacy - VPN: An easy way for attackers in your network (especially open & free wifi's) to steal data from you are MITM (Man In The Middle) attacks. They can modify SSL certificates which means even using HTTPS might not always be safe or simply read your network activity (such as logins which includes accounts + password). By using a VPN all the traffic that leaves your device will be encrypted and routed directly to a safe receiver which means no one can interrupt your traffic and sniffs (read) it.
Security & Privacy - SSH-Tunnel: Using an SSH-Tunnel has pretty much the same effect as using a VPN but the difference is you have to configure each app that you want to use the SSH-Tunnel. I prefer this method on Windows as I can encrypt only the traffic of my browser/mail/communicator while playing games or other apps will use the non-encrypted (and often faster) internet connection. Sadly there is no app on Android that in my opinion works flawlessly as SSH-Tunnel client.
Security & Privacy - Adblockers: We all know adblockers. They block ads and trackers to protect your privacy and some of them (e.g. mdl-malwaredomainlist) also protect you from malware & phishing websites.
Privacy - App Ops: App Ops or similar apps let you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
Privacy - Android 5.x disable allowed certificates: Every website and every (good) app will have a certificate that Android and also AV's check online to see if the website/app is trustworthy. Out-of-the-box Android allows many questionable certificates from governments and companies that might sell their certificates to websites/app that are not so trustworthy. Since Android 5.x you can remove/add certificates to disallow governments or companies that sell their certificates to questionable websites/apps.
Privacy - Encrypt your phone: By encrypting your phone you ensure that no one who finds your phone will be easily able to read anything saved on your phone. Not even by entering the recovery mode. It may slow down the performance a bit and increase battery drain slightly, but for me (Nexus 6) I had no troubles so far.
You can make that list longer by using only secure apps for communication (e.g. encrypted chats with Telegram or using Firefox and add-ons such as HTTPS-Everywhere) but I think that is more advanced and takes away the freedom and choice of readers/users. So I will stop here as I think I have covered the basics and most important things.
Which setup should you choose?Well first of all I recommend using only apps/services of companies that you can trust. E.g. companies that exist for a long time but haven’t done any questionable actions in the past. I have been a long-time-user of Comodo but looking at what Comodo has allowed itself in the past made me choose something different. On Android a good example are sms/call blockers. There are many options to choose from for example one is produced by a company named "NQ Security". Now do your google work and you will find some details that either makes you think of this company as trustworthy or not. Or maybe there are other companies with the same product which you would rather trust?
One thing to notice is that in the end your setup should cover most if not all aspects that I have mentioned above. Now you can either choose to use many different products (e.g. if they are free) or use on paid solution that covers everything at once. In any case, don't forget about stuff that might get installed but be useless to you. E.g. at some point I found my setup to have 3 different call blockers and 4 different sms blocker installed.
I have made a list of a few picks that I would recommend:
Must-HaveSuperSU / Rooted device (Click for Google play): 99% of all apps & configurations listed here will need your device to be rooted. Also SuperSU gives you a good overview about which apps have root access and is a good tool to configure those apps.
Override DNS (Click for Google play): It automatically changes the used DNS Server for 2G/3G/4G/WIFI to whatever you want (e.g. NortonDNS which has malware & phishing protection but also is one of the fastest DNS providers available world wide). Currently it is the only app that works with Android 5.x.
AdAway (Click for download link): Lets you block ads, tracking, malware and phishing sites. I recommend the standard sources + www.malwaredomainlist.com/hostslist/hosts.txt
App Ops (Click for Google play): App Ops lets you block permissions per app which means whatever app is installed / running can be forced to not use specific permissions. E.g. you can block Facebook from using your GPS and tracking your location.
KeePass2Android online/offline (Click for Google play): KeePass2Android comes as two different apps that you can choose from in the GooglePlayStore. One supports online syncing via various services so that you can sync your password database on all your devices (Android, Windows, OSX, Linux, iOS,... ). The other option is called "KeePass2Android offline" which completely removes all features that would require an internet connection. The App doesn't even have permissions for internet connections ! If you don't know KeePass, it is one of the oldest password managers around. It is opensource, has a lot of plugins and the leightweight but feature rich app supports nearly every device & operating system. On Android you can even log into websites from the browser via KeePass2Android by clicking -> Share -> KeePass2Android -> Log into your database -> it will automatically get the right login data for the website you are currently browsing and pastes it into the login fields. My personal setup: KeePass2Android offline with another syncing/backup app that will sync my passwords via my own server. On my laptop I use KeePass with a plugin which replaces my browsers built-in password manager with KeePass.
GSP - Good Security Practice (Recommendations)Disable untrusted certificates (Android 5.x) (Mozilla Firefox list of allowed certificates): Use a source you trust and check what certificates they usually allow in their software (e.g. Mozilla Firefox). Then check that with what is enabled in your Android's security settings and disable whatever Android has enabled but e.g. Mozilla Firefox doesn't.
A very recommended app is "Trust Manager (Click for Google play)" by Bluebox. It lists all certificates on the phone and sorts them by categories which makes it easy to disable all untrusted certificates within two clicks.
Encrypt your phone: Enable encryption of your Android device.
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
VPN if you use public WIFI: I also recommend the use of a VPN from a trustworthy VPN provider. They don't cost too much and improve your security & privacy on public wifi a lot. Avast offers a great VPN service. Actually their app makes their services superior to me comlared to other VPN providers and apps. You might want to try the Avast VPN 14-day-trial.
Firefox (HTTPS-Everywhere + Adblock Edge) > Chrome: Firefox seems to be the winner in terms of privacy and security. But on my system Chrome is a lot faster than Firefox.
TextSecure > Telegram > WhatsApp > Facebook: Telegram was my favorite choice until @muppetmania and @bmstrong informed me about flaws and trust issues with Telegram. Instead it is highly recommended to use TextSecure. It is available on iOS and Android. Feature wise it might not be as good as Telegram (e.g. missing desktop client for windows/osx/linux) but I believe that this is a fair trade for privacy.
The bottom line
I tried to give a little overview of what kind of protection is available and what it does. I also added my choice of tools which will provide you with protection. It is up to you to decide whether it is useful in your case (based on your phone-behavior) and if you are willing to pay money for it or rather use free services. I will gladly help you with any questions or configuration/setup related things. Please let me know if you have any suggestion or corrections so that I can improve this thread !
Useful resources / links
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
https://youtu.be/seNHe5oMquw
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/
https://securityinabox.org/en
http://www.infoworld.com/article/29...managers-for-pcs-macs-and-mobile-devices.html
https://www.reddit.com/r/trackers/comments/30xtk9/trackers_security_and_you/
AV tests & comparisons:
http://www.av-test.org/en/antivirus/mobile-devices/
http://www.av-comparatives.org/mobile-security/
Thanks to:
Yuki2718 @wilderssecurity.com for teaching me a few things
@bmstrong for useful links and suggestions
@muppetmania for pointing out flaws and trust issues with Telegram !
Changelog:
01.08.2015 - Removed Telegram and replaced it with TextSecure
28.06.2015 - Updated useful resources & links
08.06.2015 - Updated useful resources & links
06.06.15 - Added "Trust Manager" by Bluebox to quickly and easily disable a punch of root certificates. Also added Avast VPN app
22.05.15 - Added a good link/explenation on non-trustworthy certificates that are installed on mobile devices out of the box ( https://bluebox.com/technical/quest...into-the-root-certificates-on-mobile-devices/ )
18.04.15 - Added ressources for AV tests and comparisons
07.04.15 - Added more useful resources & links
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
10.03.15 - Added useful resources & links
06.03.15 - Added "password managers" and "KeePass2Android online/offline" as recommended password manager
01.03.15 - Added a more detailed description of DNS and why you should care about it
28.01.15 - Fixed typos and grammar
zakazak said:
Changelog:
28.01.15 - Fixed typos and grammar
Click to expand...
Click to collapse
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
bmstrong said:
Interesting. Would like to see sections on GPG, U2F, 2FA applications, Android with Yubikey, etc.
Click to expand...
Click to collapse
Thanks, I might add those later but I wanted to keep this guide as "easy" as possible so that every "normal" android user could increase his security and privacy with simple tools in a short time. E.g. yubikey is awesome and a very interesting topic but not very handy for the average guy?
01.03.15 - Added a more detailed description of DNS and why you should care about it.
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Good suggestion, I have a few more and will add both (your link) and my stuff to the thread
KeePass2Android offline + KeePass on desktop + syncing via own server = win !
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
Aaaaand it's done ! Added password managers to the OP.
zakazak said:
Aaaaand it's done ! Added password managers to the OP.
Click to expand...
Click to collapse
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
bmstrong said:
http://crashoverridenetwork.tumblr.com/post/109948061867/account-security-101-passwords-multifactor
Really decent overview of general security.
Click to expand...
Click to collapse
bmstrong said:
http://dimitritholen.nl/how-to-reclaim-your-privacy-on-the-internet/
Another very good privacy and security article.
Click to expand...
Click to collapse
bmstrong said:
Cool. You might want to touch on the open source vs. proprietary philosophy. Just being open source isn't necessarily better but I feel transparency is important part of security.
http://droid-break.info/
https://prism-break.org/en/categories/android/
https://guardianproject.info/apps/
https://people.torproject.org/~ioerror/skunkworks/moto_e/
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd
Click to expand...
Click to collapse
Thanks ! I added all the links to the OP and mentioned you for giving such great feedback and suggestions
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
bmstrong said:
http://www.alternet.org/print/news-...ng-encryption-isnt-enough-protect-our-privacy
Interesting take on security in general.
Click to expand...
Click to collapse
14.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
zakazak said:
10.03.15 - Added more useful resources & links; also changed the thread title to give an easier view for new updates
Added your link... I will soon add a few of my links that I saved in my bookmarks. I will then split the "link category" in something like "good to know and what to do" and "privacy theory articles"... if you know what I mean
Click to expand...
Click to collapse
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
bmstrong said:
Cool. Schneier has another book out now. Data and Goliath. This talk is worth the listen.
https://youtu.be/seNHe5oMquw
Click to expand...
Click to collapse
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Utini said:
21.03.15 - Added more useful resources & links; fixed a typo in the changelog
Thanks, took me some time to add the link, at the moment I don't have much time to improve the guide.
Click to expand...
Click to collapse
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Cyclu said:
As I'm concerned about privacy and security thanks for your thread but you forgot XPrivacy the best privacy manager I know it's not completely ready for Lollipop but works perfectly on Kitkat it's not about that fault it's Xposed it has a bug which I hope will be resolved soon.
Good luck! Regards.
Click to expand...
Click to collapse
You are right, XPrivacy seems to be a really nice tool but I haven't been able to try it myself (as it is not compatible with Android 5.x) which is the reason why I haven't added it to the list yet
I might give it a try on my Nexus 4 with Android KitKat !
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
bmstrong said:
https://pack.resetthenet.org/
https://jrruethe.github.io/blog/2015/03/29/protect-yourself-online/
http://www.privacytools.io/
https://tacticaltech.org/projects/security-box
Click to expand...
Click to collapse
Once again thanks for your input. I added them to the OP but I am still really busy with my job/reallife. I hope I can improve the OP soon.
Question about choices
Utini said:
Security - Antivirus: To scan files after they have been downloaded or to scan files after they have been installed. Due to the way how Android is coded it is not possible to scan in real-time (while downloading, while installing) which means you can't detect malware based on their behavior. AV's on Android can only detect malware by their signature which is easy to bypass. However is still better than nothing and a one-time scan of downloaded files or an on-demand scan while your phone is charging won't hurt your battery or slow down the device. A lot of AV-Products come with multiple features built in. Some of them are often useless (e.g. maybe anti-theft), others are worth the usage (e.g. security audits for non-fixed exploit vulnerabilities or bad system settings e.g. USB-Debugging enabled).
Antivirus: You can check AV-Test.org for monthly security reviews on mobile security products and choose from there. But I recommend either "Bitdefender Free" for a simple file-scanner of downloaded files and installed apps as well as on-demand scanner or "ESET Free/Premium" which includes file-scanner, security audit, sms & call blocker as well as phishing protection and even anti-theft if needed. Both companies are in my option very trustworthy and provided good results over the past month/years (not only on the mobile market but also the PC market). Avast is a free option with lots of features from another trustworthy company but I found it to be heavier on my system than Bitdefender or ESET.
Click to expand...
Click to collapse
Hi, I've been juggling this question for a few days now and I'm hoping you will have an answer to assist me. First, I have read your post and this is absolutely what I have been looking for for the past few weeks. Thanks has been given and I hope you keep this up. Second, I read the wildersecurity link but still do not have an answer to this question.
Why choose ESET Premium over BitDefender. Can you tell me what one offers that the other doesn't? I've been leaning to BitDefender only because I have and use an Android Wear device. Again, thank you for any assistance or time.