Looking for custom virtual ROM on HTC One with reward - One (M7) General

This is for all the developers out there. Let's see if anyone out there has the talent to get this done. I will pay money for something like this to a developer as well. Here is the goal:
To set up a platform on smartphones that basically comes with two separate partitions. Ideally what would be better would for manufacturers to manufacture a smartphone with two separate flash drives. Say a for a 32gb device they would use two 16gb flash drives and for a 64gb device they would use two 32 gb flash drives. The main objective here is security and privacy from all these invasion of privacy that all these applications on Google Play store require. Usually they require access to your call logs,pictures,files,memory card,SMS messages,contacts list/s,notes,calendars,videos,audio,etc...
What would be nice is for one to have an option to say download an application like Facebook which pretty much requires every permission you can think of to be downloaded on a separate flash drive to where it has pretty much access to nothing except for what you choose to install on that flash drive or that partition. Wechat recently pulled a dirty trick in one of its updates to where one can not completely uninstall the application after installing it on a HTC smartphone.
Would like to have a secure and safe partition or separate flash drive preferably that would allow one to input contacts,photos,SMS messages,notes,calendars,call logs,etc.. That no application could have access to for our own privacy and safety along with security. Something like how one can ru two separate systems on a MacBook computer to where Windows can also run using Paralles?
Any geniuses here no how to do this or get this done?

This doesn't require a genius... This requires resources lol! Nobody can do it other than a manufacturer at all.
1. For 2 seperate NAND chips we would need to recreate it's PCB board, reconnect the ICs and chipsets which can't be done by household tools or by human hands
2. That would require full customization of the filesystem of android which would probably then be blocked by google because it won't follow their convention. Ask Madame Dianne Hackborn regarding this

desiregeek said:
Something like how one can ru two separate systems on a MacBook computer to where Windows can also run using Paralles?
Click to expand...
Click to collapse
Yes but when you do that, any Windows app or Mac app can still access anything on both partitions. How is that more secure? You cannot tell android to give app permission to photos on Partition1 but not to Partition2.
I suppose you could have 3 partitions, one that boots and lets you choose which of the other 2 to mount. Who is going to reboot their phone every time they want to switch between E-Mail and FaceBook though? ...if that's what you want, you can just use CWM and restore whichever backup you like, though that will take about 4-min of shutdown/restore/reboot everytime you switch.

What if you use users like in many 4.2.2 Roms. If you want an APP installed with to many access switch to a guest user

retschy said:
What if you use users like in many 4.2.2 Roms. If you want an APP installed with to many access switch to a guest user
Click to expand...
Click to collapse
Yes this should be a great solution for dodgy apps. That way they won't have any access to the data located in another users account.

desiregeek said:
To set up a platform on smartphones that basically comes with two separate partitions. Ideally what would be better would for manufacturers to manufacture a smartphone with two separate flash drives. Say a for a 32gb device they would use two 16gb flash drives and for a 64gb device they would use two 32 gb flash drives. The main objective here is security and privacy from all these invasion of privacy that all these applications on Google Play store require. Usually they require access to your call logs,pictures,files,memory card,SMS messages,contacts list/s,notes,calendars,videos,audio,etc...
Click to expand...
Click to collapse
edit: nevermind I thought the OP meant dualboot but he means a virtual machine, though I think this has been done as well on android before

godutch said:
edit: nevermind I thought the OP meant dualboot but he means a virtual machine, though I think this has been done as well on android before
Click to expand...
Click to collapse
I guess it would basically be a virtual machine. There has to be a way to where one can separate things like two hard drives where in this case it would be on flash drives. Blackberry released something similar recently on their new OS.
Would be nice to be able to download all the basic applications which these days come with ridiculous permissions of which have access to everything on your smartphone. At times one does not wish to share their call log with Facebook or Whatsapp or Line Naver. One also may not to share their private SMS messages with those applications.
If we could choose where we want things installed it would be great.

rpmccormick said:
Yes but when you do that, any Windows app or Mac app can still access anything on both partitions. How is that more secure? You cannot tell android to give app permission to photos on Partition1 but not to Partition2.
I suppose you could have 3 partitions, one that boots and lets you choose which of the other 2 to mount. Who is going to reboot their phone every time they want to switch between E-Mail and FaceBook though? ...if that's what you want, you can just use CWM and restore whichever backup you like, though that will take about 4-min of shutdown/restore/reboot everytime you switch.
Click to expand...
Click to collapse
What if the smartphone came with Operating Systems then on each Flash to where each was separate but you could switch back and forth between each like you can on a Macbook running Paralles. Being on separate Flash drives insures that one can get info from the other.
Seems like these days there is no way of blocking permissions without the application failing to load or run.
I have an HTC One and have Wechat on there. The other day I tried uninstalling it but I was unable to uninstall it as Wechat removed the uninstall option and gave us a downgrade option which leaves Wechat running. You can disable it though. Not sure how Google Play allows for such applications to be put up on Google Play that does not allow the user the ability to uninstall completely if they wanted to uninstall. This is why it would be nice to have a safety or dummy flash drive to separate private info and public info on a smartphone.

Again, what does choosing where something is installed have anything to do with permissions? Even if you swapped SD-Cards, then apps on one couldn't access apps on the other, but both could access everything on the system partition. The only way storing things in 2 different locations adds security, is if you can fully unmount all other locations, which would always require a reboot. Even a virtual-machine running on my PC can still access my PC and all of my network, and my PC along with all of the network can access the VM.
I don't think what you are trying to do (have 2 isolated drives) has anything to do with the goal of security. I don't think the actual security solution (having 2 isolated operating systems and needing to reboot to switch with no cross-access) is anything most people would want to deal with.
I think your best solution is to buy 2 phones.

rpmccormick said:
Even a virtual-machine running on my PC can still access my PC and all of my network, and my PC along with all of the network can access the VM.
Click to expand...
Click to collapse
No it can't the virtual machine can only access virtual hardware or the hardware the vm makes available to the os running on the vm

godutch said:
No it can't the virtual machine can only access virtual hardware or the hardware the vm makes available to the os running on the vm
Click to expand...
Click to collapse
There has to be a way. Just takes some Einstein to get it done right.

Like this basically..
http://www.gottabemobile.com/2013/04...efore-you-buy/
http://www.samsung.com/global/busine...ung-knox#con02

Related

Android + encryption = no go?

Hi,
I own a HTC HD2 and since it has been possible to run Android on it I've started to love the device. Our companys policy does not allow Android phones to synchronize phones with the Exchange server, although it is possible and I have been doing it since I got Android. The reason that Android phones are not allowed to sync is that they do not support encryption. According to one of the persons in our IT staff the only mobile OS's that support are Windows Mobile and iPhone OS.
Is this correct and if so, will Android ever support encryption?
Our employees have a lot of sensitive information in their mailboxes..
I don't wanna go back to WinMo.
What kind of encryption do you mean? Encryption of data stored on a device? It's easy thing to do and it's a matter of software, not hardware, so actually any smartphone should be able to do that - including Android devices.
I mean hardware device encryption. If a person gets his phone stolen we want to make sure that the thief is unable to connect the phone to his computer and get access to all the data. Not just for the memory card but for the entire phone memory.
It is possible to open the phone and take out the storage and then connect it to a PC and collect data. But with hardware encryption that's way harder.
scanie said:
I mean hardware device encryption. If a person gets his phone stolen we want to make sure that the thief is unable to connect the phone to his computer and get access to all the data. Not just for the memory card but for the entire phone memory.
It is possible to open the phone and take out the storage and then connect it to a PC and collect data. But with hardware encryption that's way harder.
Click to expand...
Click to collapse
And does really iPhone and WM give you possibility to encrypt a whole partition using your passphrase, so you will have to enter it at boot time? If no, then it's not a true protection and Android can do that too.
My friend went thru the same prob on his hd2. Its more like so the IT staff can wipe your phone remotely/ change internet and emailing controls. Blackberry, Winmo, and iPhones do it.
U should use winmo at work then boot android on the way to the house. Best of both worlds.
Sent from my Androidized HTC HD2
WaveSecure anyone? It's the first application that came into my mind. I'm sure i've seen free solutions as well. If i remember well, Android 2.2 has this feature built-in.
Brut.all said:
And does really iPhone and WM give you possibility to encrypt a whole partition using your passphrase, so you will have to enter it at boot time? If no, then it's not a true protection and Android can do that too.
Click to expand...
Click to collapse
Yes they do. That's the whole point. My WM phone has an enforced policy and will not boot until the filesystem is unlocked by the passcode (that's not even to the WM splash screen).
The fact that no Android phones support hardware encryption means that whatever Google might say (and I've not seen it in their roadmap even now), their Exchange Provisioning support is substandard and therefore not suitable for secure enterprise use.
t1g3r3y3 said:
WaveSecure anyone? It's the first application that came into my mind. I'm sure i've seen free solutions as well. If i remember well, Android 2.2 has this feature built-in.
Click to expand...
Click to collapse
Wavesecure isn't actually encryption, it's just a solution for finding/wiping/backing up your phone.
Froyo does not have encryption built in.
Froyo permits device management by IT services, using Exchange. This allows remote wipe etc.
pulser_g2 said:
Froyo permits device management by IT services, using Exchange. This allows remote wipe etc.
Click to expand...
Click to collapse
But not device encryption, which is the whole point of this thread.
scanie said:
Hi,
I own a HTC HD2 and since it has been possible to run Android on it I've started to love the device. Our companys policy does not allow Android phones to synchronize phones with the Exchange server, although it is possible and I have been doing it since I got Android. The reason that Android phones are not allowed to sync is that they do not support encryption. According to one of the persons in our IT staff the only mobile OS's that support are Windows Mobile and iPhone OS.
Is this correct and if so, will Android ever support encryption?
Our employees have a lot of sensitive information in their mailboxes..
I don't wanna go back to WinMo.
Click to expand...
Click to collapse
Im not sure whom are you asking, Android its a open source OS, its up to those who make the devices to offer such features, ask HTC for instance if they plan to release such a "corp" devices, linux comes with such features so i doubt it would be very hard to make.
roalex said:
Im not sure whom are you asking, Android its a open source OS, its up to those who make the devices to offer such features, ask HTC for instance if they plan to release such a "corp" devices, linux comes with such features so i doubt it would be very hard to make.
Click to expand...
Click to collapse
Another post wide of the mark.
It's got nothing to do with the device makers or HTC. Android is Google's OS and the feature list of core releases (Froyo, Gingerbread etc.) is entirely under their control, as is the minimum hardware spec for each release. Device manufacturers like HTC are hardly going to go to the expense of building in device encryption if isn't supported by the OS provider or even on their roadmap.
Hence until Google decides otherwise Android will remain a leisure-orientated OS and just doesn't cut it for secure enterprise use.
without hardware support, like an extra encryption chip or a CPU, that has special functions, like AES-NI, full system encryption will be very, very slow.
xcreatir said:
without hardware support, like an extra encryption chip or a CPU, that has special functions, like AES-NI, full system encryption will be very, very slow.
Click to expand...
Click to collapse
Really? Doesn't seem to affect WM, Symbian and iOS devices which fully comply with Exchange security policies, nor those PC users protecting their hard disks with Bitlocker etc. No, this is just a case of Google dragging their feet because corporate users aren't high on their priority list.
Have you tried the encrypted certificate installer i think its a .psx doc. thats what let me into my server which still thinks it cant allow android phones.
vision
Interesting discussion. I know I can use up to 256bit AES encryption on Titanium Backup Pro...but thats it. I am guessing the software handles everything, only on backups and system data, but cant help but feel the phone has a say "of some kind" too.
Ineedtoys said:
Another post wide of the mark.
It's got nothing to do with the device makers or HTC. Android is Google's OS and the feature list of core releases (Froyo, Gingerbread etc.) is entirely under their control, as is the minimum hardware spec for each release. Device manufacturers like HTC are hardly going to go to the expense of building in device encryption if isn't supported by the OS provider or even on their roadmap.
Hence until Google decides otherwise Android will remain a leisure-orientated OS and just doesn't cut it for secure enterprise use.
Click to expand...
Click to collapse
But, HTC (or anyone else) can add and remove code to their build for the phone when adding/removing drivers or that [email protected] they load on your phone as someone said, it works under Linux who says I can't work for Android (anyway the kernel was made for modules)
As the hd2 roms are (mostly) pre-rooted who says you can't load the module to support filesystem encryption.
Sent from my Nexus One using XDA App
Edit: god I need to check what I am copying
Won't work. No network security manager in their right mind would make an exception for an unsupported hack. So until Google formally support all the Exchange policies (along with the responsibility should those implementations prove defective), many corporates will maintain a blanket ban on all Android connections.
foxwolfblood said:
But, HTC (or anyone else) can add and remove code to their build for the phone when adding/removing drivers or that [email protected] they load on your phone as someone said, it works under Linux who says I can't work for Android (anyway the kernel was made for modules)
As the hd2 roms are (mostly) pre-rooted who says you can't load the module to support filesystem encryption.
Sent from my Nexus One using XDA App
Edit: god I need to check what I am copying
Click to expand...
Click to collapse
This does nothing but further fragments Android as a platform. It's already suffering from Enterprise fragmentation due to Exchange client support: HTC's Exchange Client is notoriously the buggiest out of all the major Android Phone Manufacturers.
I would not want them developing that for Android.
My job banned Android phones after I had my first Vibrant stolen, because they were unable to Remote Wipe/Lock it or anything. Now, the server won't even let the phones connect to the Exchange server.
This is a serious issue. They actually banned everything but Windows Mobile phones for a while after that incident, but eventually let iOS and Nokia users connect after some "testing." Blackberries go through BES, so this were never a problem for them, since they don't use ActiveSync to access the Exchange server.
Android is still banned, and the fact that one manufacturer supports it when users can have phones from 5-10 different manufacturers who don't will not convince any IT department to allow them. Making these types of pointless exceptions does not help anyone.
http://www.nitrodesk.com/security.aspx

Cobwebs growing on Windows phone 8 blogs and forums

At least with windows 7.x you could switch ROMs and side load useful apps, with this safeboot thing and Microsoft's lame attitude to give us more of the features and apps that we want it's no wonder why Windows Phone 8 fourms and blogs are so boring. Way to go Microsoft.
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Nobody has been able to find an exploit yet , but I don't really mind lack of activity in forms though as long as cobwebs don't settle upon the entire ecosystem itself we'll be fine
DavidinCT said:
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Click to expand...
Click to collapse
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
sinister1 said:
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
Click to expand...
Click to collapse
Agreed, it's the same *****ing over there sometimes. Don't get me wrong, it's a good site if you want new and useful Windows Phone news. This site used to be a WM haven, just like PPCgeeks was. As that is all there was at the time, we had WM and BB...they were all mainly used by business people or hackers like ourselves.
WP7.x was pretty hackable after a while (with custom roms for most phones and interop unlock for about 90% of the models) so it was pretty active but, now with everyone moving to WP8 (ex WP7 users and converts) and No hacks yet, it's slowed down to almost nothing.
Android is mostly hackable and most phones have or NEED a custom rom, so this became a haven for Android users. And for now, as long as they are not going in this area and trolling, there is no issue with it or at least, I don't have an issue with it.
I do think it's a matter of time, they will find a exploit in WP8. I know why MS locked it down, once WP7 was hacked, it opened the doors for the pirates and some people took advantage if it. Sure there was some cool underground apps but, it just opened the system for the pirates. They wanted to lock down WP8 to make the higher end DEVs come and create the apps and games people want, to grow the system.
Nokia was paid pretty well to make a change to WP and over all they are doing very well with it...and their market is growing.
I'm stil deciding if I am going to pick up the Lumia 928 or stick with my HTC 8X(full price, Not giving up my unlimited data)....Hmmmmm... I just wish I could use Advanced Config to get my custom tile colors back
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Personally I like the very secure nature of my windows phone, I have rimmed more than my share of devices over the years, so its kind of refreshing to k ow this nuts hard to crack. Nokia did take a big risk but I think its been good for both companies. Nokia has done well with exclusive apps in a starved market and there devices are aimed well at a growing group of android overloaded users. With apps like tumble, netflix, Hulu and others coming over the devices are getting more main stream support and with time that will pay good dividends too. All in all I have found little reason to "root" this device other than for the hell of it. They come pretty lean on apps out of box. The biggest thing people seem to be trying to do is get tethering to work without paying out to a carrier for it. Personally if that's basically the reason your wanting to rom so bad, go back to android its far easier get going. I ramble now though, to sum up phone runs great unrommed, clean eco system and very secure setup makes for an all around pleasant device. I think special rimming is more or less unneeded for these devices. Been running unrommed windows mobile 7 and 8 now for about two years collectively. Have android tablets all rommed and a s3 rommed as a backup device.
Sent from my RM-878_nam_usa_100 using XDA Windows Phone 7 App
Meh... I considered WP7 without hacks to be nigh-unusable, even though I stuck with a stock ROM. No way to have apps open files automatically, for example (but I could manually add the registry entries, and could write apps that knew how to handle them). No way to access the filesystem (but I could sideload Kindle ebooks using homebrew file managers). No way back up app data or messages (except with homebrew). Minimal control of theming (as a class, this was one of the biggest homebrew categories). No real control over multitasking (I like that the default behavior is so conserving of battery life, but sometimes I don't *want* Puzzle Quest 2 or Fruit Ninja to have to go through its entire launch process just because I switched tasks or let the phone sleep for a bit!). Severe limit on sideloaded apps (I have over 30 of them, counting small utilities that that I developed, and not counting outdated versions, redundent apps, or anything else I removed). No listener sockets (though this didn't require a very fancy hack). No C++ code reuse (same as the server sockets). No way to tell how much space each app was using (but there's a homebrew for that).
WP8 fixes many of the worst problems. We can now register filetype handlers (though Kindle still doesn't register .MOBI or .PRC, so no more sideloading my ebooks for now...), use native code (with restrictions, but it's better than the default on WP7), and theme our phones (well, a litttttle bit more than before; still not enough). They added some much-requested features (SMS backup, variable text size, ability to control the browser app bar at least a bit, WiFi on while sleeping, Skype integration) and of course the change in OS brought many other improvements (multi-core, removable SD cards, higher resolutions, etc.). However, it still has some big problems of its own. True multitasking is still very limited. Data backup is still iffy. Still no filesystem access (or ability to do anything outside an app sandbox except the official Settings tools). Still very limited sideloading.
I promise you, though, people are working on it. I'm one of them, and several of the other names you know from WP7 hacking are as well.
People like GoodDayToDie & netham45 make the windows forums so much fun to follow
nikufellow said:
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Click to expand...
Click to collapse
Yea but, I am on Verizon....After a release of a model it will take 6 months for Verizon to get a phone that is almost outdated on release.
The 8X is so limited on space that it's driving me nuts, If I find app or game I want to try, I have to uninstall a Paid app to install it. It's getting too old. 8X on format is 11.5gb and the Lumia 928 is 23.5gb, a little over double the space might be worth it, depending on what I can get it for, of course.
The blogs are dead because places like XDA that centralize around modding your phone to improve performance isn't necessary when WP8 software already performs flawlessly. Go to blogs like WPCentral and the Windows Phone community is alive and well swapping out our black Lumia shells for yellow and talking about games and apps. Pretty much doing what we should be doing on a phone, not repairing phones that came broken.
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
I've been wanting to root/unlock my Lumia for one purpose only, sideloading my own developed apps. It's gruesome to try an app in the emulator all the time, but in a month that will be fixed with an AppHub account. And after that my real purpose for rooting/unlocking is gone.
Always fun to see what's possible on the unlocked device though, code-wise.
Sent from my Lumia 920 using Board Express
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
If there is one thing I do not understand about the new SDK APIs, is why on earth an app can not register itself to open file formats reserved by the system. IMO thats the most retarded idea ever implemented in the history of computing. And to make the retarded thing completely retarded, they made it so most common files are handled by system apps, so you can not override the file association.
I am really wondering what is microsoft going to do about these things. If they really want a marketplace full of games, facebook, youtube and instagram apps, then they should stick to their current plan. WP will never get useful in a broad sense.
I hope the update this fall brings new stuff, otherwise the platform will die soon.
GoodDayToDie said:
Flawlessly? ... You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
Although I don't agree with much of his bill-of-particulars, I have to agree with GDTD's sentiment.
Probably, modders need to correct deficiencies. I'm down with MS or anybody else who steps up. I'm in no hurry to crack my OS open right now, though.
I am especially offended at Microsoft's pitiful PDF reader attempt. And some of the apps in the store make me squint. I want to see the author "Google" emblazoned on my YouTube app, not a third party dev. I sure hope MS is putting these apps under a microscope.
The joy of homebrew (and of a developer forum, like this one) is, even if your goals are different from mine, it's possible for you to make your own changes to the device. It's yours; you control it. That's what security *means*, or at least what it's supposed to mean: you (the owner) are in control of what happens.
Ever since the iPhone, though, the trend has been twoards more and more lockdown, taking control away from the device owner and branding this as "security". I don't like it, so I aim to break it. Ideally, we break it in ways that only work with a local attack; I don't want somebody else able to control my device (that really would be the opposite of security)... but I do want to control it myself!
Part of the problem is that there have been no updates in recent months. Portico came out, Nokia dropped some new firmwares last month. But largely, nothing has changed in WP8 since launch. Personally, I find that boring. Maybe I should have an Android phone on the side to keep me entertained with updates, but I find Windows Phone much more usable day-to-day.
It has been more than 6 months since the WP8 launch, and GDR1 didn't really add much. Microsoft should have planned to have GDR2 out by now, even if it meant postponing some features for GDR3. I think most of us would rather have small quarterly updates to WP8, rather than a massive upgrade once a year. It's starting to feel like WP7 and the Mango anticipation all over again, now that it sounds like WP8.1 might be delayed into 2014. Hopefully they come through with their vaporware enthusiast program to keep our attention in the meantime.
I agree with the OP. Cobwebs on this side of the section totally. A thread in a week may be? But there is something I often read on many forums. People who are happy (I know it's a very wide term) with their devices, I.e don't run into problems with their devices, see no need to lurk around. So actually, it is a good sign. It shows how well-thought after a WP device is.
And GoodDayToDie, even though I agree with everything u've noted down, I don't quite believe WP needs all of that.
Still no app data backup machanism. - Umm...Data Sense?
Still no custom themes. - Fair Enough, but again, WP IS NOT meant to be themed to the T
Still no way to sideload XAP files (unless they are "company apps") without a PC. - I believe this is for security reasons.
Still no filesystem access. - Why do you even want that when the system is running flawless, (yes the same word u scorned at.)
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?) - LOL! You gotta be kidding me right?
Android has the worst permission management I have ever seen in my adult life. Android gives wayyyyyyyyyyyyyy more information out than any OS out there.
Still no way remove "Settings" apps. Umm..u sure u want that?
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking). Multi-tasking is really good with WP8.
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it). - Fair enough, but not a deal breaker either.
Still no way to change the default browser or email client or dialer. - I believe you are again entering the territory of themeing, already replied above. Every OS comes with it's own email client. I don't see the point here.
Still no way to install apps to the SD card. - Fair enough. By far the best point in your list.
Still have only limited access to Bluetooth. - In what way?
Still no way to browse, much less edit, the registry. - Again, WHY? WHy mend it when it's not broken.
Still no way to sideload large numbers of (non-"company") apps - U can download the app(paid or otherwise) from the App store on your computer, put it on the SD card and say install from the Store App on the phone. Simple?
DataSense has nothing even remotely to do with backing up (and restoring) app data; where'd you get that idea? Vital feature that homebrew eventually made avaialble in WP7 but is missing in WP8.
"IS NOT meant" nothing! Somewhere under all that sandboxing and locked-down UI is a general-purpose OS running on top of highly capable hardware. It's "meant" to be whatever the owner fo the device *wants* it to be, including (in the case of many, many people if the popularity of WP7 homebrew apps is any sign) theming. Stop being an apologist for Microsoft; it's one thing to say "extensive theming wasn't implemented because other features were higher priority" but when you start trying to tell me that I'm not supposed to theme it, you seriously need to put down the Kool-Ade. Besides, the very claim is ludicrous to the point of disingenious; have you *seen* the WP8 ads? They all stress the customizability of the Start screen. To the point of suggesting you can "meet" a person simply through how they have their phone set up... those ads freaking scream "customize me!" Then you discover there's only a handful of pre-set colors, two background styles, and the ability to mess with the tiles; nothing else.
No, it is quite absolutely *not* for "security" reasons. Security means the owner of the device controlling the device's behavior. If somebody else (like, for example, the manufacturer of the device) is controlling its behavior, that is not security; it's lockdown. The sideloading restriction can only be called security if it's not your device but actually belongs to Microsft. Screw that. Besides, that argument makes no sense anyhow; if I can pay my $99 and sideload with a PC, why can't I sideload without one (or without paying)? The marketplace has DRM to mitigate piracy and that's a darn weak excuse to cripple a device anyhow.
When I can load my Puzzle Quest 2 savegames and other game progress and high scores, copy my PGP keychain, sideload my Kindle ebooks into the Kindle app (yes, this is possible on WP7), extract or replace the built-in audio files, and delete the junk which accumulates in the OS and uses up storage space (without hard resetting the device), then I will stop considering the level of filesystem access a problem. Until then, "running flawless" is quite worthy of scorn indeed.
Wow, I seriously question your reading comprehension. I never mentioned Android in this point, or anywhere else (except to point out that it has a lot of homebrew). But, for your information, the default permissions / capabilities handling in Android is just as broken as in WP8. The difference is that with Android, it is possible (CyanogenMOD did this, for example) to install apps without actually granting them all the permissions they ask for. On WP7, this wasn't properly possible yet, but I was working on a system to do it that hooked the app install process and allowed people to uncheck app capabilities they didn't want to permit.
Um yes, I'd like to remove the non-functioning Samsung apps (until they are fixed) that are taking up space on my phone's storage and making the Settings list longer. I can always re-install them if needed. Every other carrier or OEM app is removable; why should these get special treatment just because they have a field in their app manifest that says "install me in the Settings hub"?
Multitasking - true multitasking, where multiple apps can run at once - is nigh-nonexistent on WP8. Aside from things like audio background agents and once-every-30-minutes-you-get-a-few-seconds-of-CPU-time scheduled tasks, there basically isn't any multitasking (of third-party apps) at all. Fast app switching is *not* multitasking; every app aside from the main one is suspended, unable to do amything until brought into the foreground.
Changing file associations obviusly isn't a deal-breaker, or I wouldn't be using the phone... but definitely a problem. Windows has offered the ability to control file associations since at least Win95, and I think it was possible in 3.1 as well...
Changing the default browser and email client and calendar and dialer aren't "theming" by any conventional definition, but the point made above about theming stands anyhow: it's a matter of personalization. It can also be a matter of functionality (for example, the built-in email client can't handle S/MIME encrypted email at all and has no PGP integration). Or a matter of usability (I use folders a lot; it's a pain needing to expand a menu to get to them)! Or something else... the important point is that it should be possible. Every OS comes with an email client, but every OS except iOS (and WP) allows you to change the default email client, too. This isn't even hard to implement (the relevant registry keys were present on WP7, at least; carrying over the API to control them wouldn't have been hard at all); it's once again a case of Microsoft intentionally restricting what you can do with your phone. If I wanted a mobile OS designed by a control freak, I'd buy an iPhone...
Nothing more really needs to be said here, except that with filesystem access (create a symlink or junction in the apps folder, for example) this would be possible...
Many BT profiles, such as HID devices (for mice and keyboards), are missing from WP8. So far as I know, apps can't use the Headset profile either; the pseudo-turn-by-turn navigation on WP7 would give its instructions via the car's BT if possible, but Nokia/Here Drive must use the phone's speakerphone speaker instead.
When I can change default browser and text editor, create my own themes, enable features that a ROM shipped disabled (have you seen the thread by the guy who can't get visual voicemail?), sideload high-privilege apps (without paying for the privilege), and remove root certificates of CAs that I don't trust (in WP7, these were stored in the registry), then I will stop considering the level of registry access to be a problem.
If they're from the store, they aren't really sideloaded, just downloaded on a different machine. I'm talking homebrew, stuff that the isn't yet, or never will be, or *can't* be (because it breaks some policy of Microsoft's, or requires high privileges to work) put in the store. Besides, many of the most popular WP8 models don't have an SD card slot at all.
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
The only thing I can agree with you on is the file system, bluetooth, and not being able to override the default apps associations (seriously, the default apps is the most retarded idea ever).

Removing/disabling features of GS4 without rooting/flashing ROM

Hi all,
I am part of an IT Client team and we are trying to prep for the deployment of the GS4. The S3 is our current standard and was received pretty well, but some of the features are overwhelming to our sales force. Is there any way that we can disable some of these features perhaps even automatically via ADB and a USB cable?
Also, we are wanting to have our company app preinstalled. Currently it resides in the marketplace but apparently some of our sales force don't understand the Play Store and that they actually have to go find the app and install it. Is there a way to automatically sideload our app? We were also discussing a launcher like launcherpro with an xml file included that contains default locations for icons, data, etc.
Has anyone tried this before? Please advise with ideas/suggestions. We don't want to flash a ROM generated by our company because that would require too much overhead on our part to manage because thousands of phones need to me maintained. We also don't want to root the NatureUI/Touchwiz stock rom that comes with the S4.
metroidnemesis13 said:
Hi all,
I am part of an IT Client team and we are trying to prep for the deployment of the GS4. The S3 is our current standard and was received pretty well, but some of the features are overwhelming to our sales force. Is there any way that we can disable some of these features perhaps even automatically via ADB and a USB cable?
Also, we are wanting to have our company app preinstalled. Currently it resides in the marketplace but apparently some of our sales force don't understand the Play Store and that they actually have to go find the app and install it. Is there a way to automatically sideload our app? We were also discussing a launcher like launcherpro with an xml file included that contains default locations for icons, data, etc.
Has anyone tried this before? Please advise with ideas/suggestions. We don't want to flash a ROM generated by our company because that would require too much overhead on our part to manage because thousands of phones need to me maintained. We also don't want to root the NatureUI/Touchwiz stock rom that comes with the S4.
Click to expand...
Click to collapse
I'm not quite sure about disabling features on the stock ROM. I know there's an Easy mode that can be used for first time smartphone owners. As far as preloading your company app, you can write a script to do so. However, that requires you to manually enable developer mode and USB debugging on every single phone. I'm not sure how practical this is, considering you have so many phones. A better way might be to send a mass text message or email to each of the phones with the play store link to the app. Once again, considering the employees might be unfamiliar with the phone, a text would probably be the simple way to go. I would use side-loading as a way of installing your app in the event that someone had an issue with the text. I believe you'd run into the same issues with preinstalling LauncherPro and associated xml files. It doesn't seem there's a way you can properly deploy what you need to w/o going hands on on all units.
Please read forum rules before posting
Questions and help issues go in Q&A and Help section
Thread moved
Thank you for your cooperation
Friendly Neighborhood Moderator
Depending on what functionality you would like to disable, you can go to the App Manager heading in the Settings menu, and disable system apps you don't use. In terms of disabling parts of functionality in certain system apps, that probably wouldn't be possible on stock unrooted devices.
metroidnemesis13 said:
apparently some of our sales force don't understand the Play Store
Click to expand...
Click to collapse
...
I'm not sure how to solve your problem. I was going to say once you are willing to ADB and USB debug you might as well cook up the ROM the way you want it and blast it on with Odin.
However, one thing to be concerned about is the OTA software updates that you probably want your users to be able to receive. If you mod the stock software (either with ADB or a modded ROM) in such a way to make the phone status 'Custom' your users won't be able to get updates and bug fixes from Samsung.
I would just try to hold their hand through getting the app installed (ie. email them a link to it when they get a phone so all they have to do is tap the link and hit install) and leave the rest of the phone alone.

Android Security Concerns

I'm hoping someone can point me in the right direction after spending a day reading about mobile phone security. I'm still confused as to what an app can do and how I can limit access. Some answers or a point in the right direction for more information would be helpful.
Apps that are granted permission "Modify/Delete SD Card" can pretty much read/write anything on my device? Could an app go through my sd card and see files, for example, music, movies, other data from different apps; file names/content? I have about 35 apps running on my phone with this access. I'd rather not leave it to "how much I trust the developer" and have some means to limit access to data.
I don't keep national security secrets on my nexus but there is work and personal information that is sensitive and I wouldn't want shared. It looks like if I use android to encrypt my data it only encrypts the /data folder and there doesn't seem to be much in there.
What about securing contact and calendar data? Is this possible? Not as critical as guarding my file data, but still important to me. Thanks.
Yes, files on the external sdcard are not protected, I.e. all apps which have the right to read/write sdcard can read/write everything there. One reason is just the filesystem type: on FAT you don't have access rights. On internal /sdcard it's a bit different, because it's using ext4 as a filesystem, so principally not all apps can read everything, but also here you have the problem that for example the camera, the gallery app, ... need access to the same files and directories. So at the moment you need to trust the apps in a certain way or not to install it at all.
Sent from my Nexus 7 using xda app-developers app
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. The best bet is as you already suggested, that is to be smart about where you browse the net, and only install trusted apps. Always think twice and review permissions carefully for any app even if it's from the Play Store.
And don't forget encryption only works similar to a house door. It's only good if you keep it locked. But if you let the bad guys into your house (i.e., installing a naughty app), it doesn't protect you much. It only keeps them out so long as you don't let them in (physical access). P.S. I'm assuming you're talking about the stock android encryption not actually having individual encrypted files on your device if not then ignore this paragraph (although I'm sure some will disagree that even having SHA-512 AES encrypted files with a extremely complex and long passwords is still not enough to protect data once a malicious user gets their hands on that file.)
Even on the internal SD card, it looks like once I give an app access to "modify/delete" the entire sd card is exposed; did I understand that correctly? It looks like grant access to everything or nothing.
After reading this:
http://appanalysis.org/
It seems that even trusted developers can't be trusted. I don't consider myself a novice user but I'm really surprised at how exposed the data is on phones and tablets. Its like leaving money on your front porch and hoping it isn't too tempting for someone to walk though a broken gate and grab.
Any idea what WP, iOS or BB10 offer in the way of data protection?
TheAltruistic said:
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. /QUOTE]
XPrivacy looks good, might be worth rooting for that app.
I'm not as concerned with an app downloading files and using a high level attack on my data. I am concerned about an app where the developer decides to go through my contacts, photos, and files which are unlocked and easily viewed. Then sell the data to whomever that can do whatever. No effort required, no ability to know the data was even accessed and no ability to lock the data. I think like most things, if there is more than a slight effort needed to access the data, they'll move on to something else.
I see Google offers encryption but I can't find information on exactly what is encrypted and if I install an app with say permission to contacts does that give them encrypted access to all contacts? For example, a program that can add a contact via sms I don't want to allow it to read all my contacts, just add a new one.
Maybe Android isn't the right platform for me.
Click to expand...
Click to collapse
mgerbasio said:
TheAltruistic said:
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. /QUOTE]
XPrivacy looks good, might be worth rooting for that app.
I'm not as concerned with an app downloading files and using a high level attack on my data. I am concerned about an app where the developer decides to go through my contacts, photos, and files which are unlocked and easily viewed. Then sell the data to whomever that can do whatever. No effort required, no ability to know the data was even accessed and no ability to lock the data. I think like most things, if there is more than a slight effort needed to access the data, they'll move on to something else.
I see Google offers encryption but I can't find information on exactly what is encrypted and if I install an app with say permission to contacts does that give them encrypted access to all contacts? For example, a program that can add a contact via sms I don't want to allow it to read all my contacts, just add a new one.
Maybe Android isn't the right platform for me.
Click to expand...
Click to collapse
Heh don't give up. To be honest at least android tells you when it grants a program certain permissions unlike some other OSes where you're in the dark in terms of security.
As far as I know, and I'm assuming we're talking about the same thing, the type of encryption Android offers only prevents people from gaining unauthorized access to your data if your device is mounted or accessed when your lock screen is up. (I'm sure someone will correct me if I'm wrong--please do). But if your device is not password protected (e.g., you set lock password to lock every hour and they get it when it's unlocked) then your data can potentially be compromised.
This encryption does not, however, protect your data as you're browsing the internet, or running apps like facebook.
If you're looking for something to protect your data from say facebook finding your GPS location without your permission, or accessing your contacts and doing God knows what with it, then XPrivacy and PDroid (links above) is your answer, and I'd say that's awesome.
I may not play around with an iPhone / iOS enough, but I'm confident enough to say that they don't offer the same privacy protection even from Cydia that you can get from communities like here on XDA. Perhaps for iOS users, ignorance is bliss?
Click to expand...
Click to collapse
TheAltruistic said:
mgerbasio said:
Heh don't give up. To be honest at least android tells you when it grants a program certain permissions unlike some other OSes where you're in the dark in terms of security.
Click to expand...
Click to collapse
Thanks again. I appreciate the comments.
All I'm really looking to do is prevent an app downloading all my contacts, photos, movies, files, etc. I have some work data on my tablet that isn't confidential but it is what I would call sensitive. Actually, I rarely use external memory, mostly just use in internal sd card.
It seems all the "good apps" grab more permissions than they need or, the permission they do need to operate gives them way more access than I'd like. I'm not so concerned that I'd start using Tor or duckduckgo, but just trusting a developer with an open door to data is more than I can to leave to chance.
From what I've been reading the sandboxing in iOS and WP provide good security and in BB you can remove permissions from apps; BB10 is still the most secure if you can believe the internet articles. I'd like to see Google make it more clear as to what encryption actually allows and prevents.
There seems to be apps that button up a lot of holes, like photos, but there still are gaping holes.
Click to expand...
Click to collapse
Hi guys,
Any progress? I use PDroid on my smartphone and find it unnerving to see how much and how often data is accessed not only by third party apps but by Google itself. With PDroid you can restrict permissions without bricking the app because it can provide fake data rather than none. I have to say that I am not entirely happy with it though. I hope that Firefox OS will have success in stopping the appification of our devices. Data wise, it is much safer to use web-based services than app-based services.
I think Google's Android is so successful with developers (also) because they can gather so much data. Our smartphones are unfortunately "data gold mines" for the ICT industry.
If you have any progress in improving privacy, safety and security of the Nexus 7 than I'd be happy to read about it.

[Q] Corporate Android Usage

Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
AccEss-dEniEd said:
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Click to expand...
Click to collapse
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Assuming you have Exchange, does this not provide the management part?
AccEss-dEniEd said:
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
Click to expand...
Click to collapse
I currently work in the infrastructure of a good sized corporation. We're using IOS with a mixture of android hardware and there's some good news and bad news for what you want to do.
Good news is, like Jpcurrie said, exchange will handle remote wiping and locking the phone down. you can require the phone to use a PIN, remote wipe and and a bit more. As for locating the phone, Google actually has finally built in remote locating of your device and remote wipe as well. There's a couple good apps out there (lookout) will turn on your GPS and allow you to locate the phone and they're free. If you happen to have a virtualized environment with VMware, you could also use VMware View Horizons which builds in a secure sector on the phone and you can remotely manage which apps and files the user can use. the best part of View is you can use a BYOD model and keep corporate data secure. The biggest issue is if you don't happen to already use a VMware architecture it gets pricey quickly.
Here's the rub now. you want to install your own logos on the bootup which you could do by installing a custom ROM. This will void your warranty on the hardware and as it isn't 100% stable you'll be spending a LOT of time trying to keep a consistent environment.
Like netsyd said, talk to management about an MDM, and the branding of the devices, maybe even talk to them about using a BYOD to reduce costs of hardware and administration of that hardware.
Isn´t Knox supposed to allow administrators to only delete the data that belongs to the Corporate account (emails, calendars, tasks, etc.), or an administrator can still force a full device wipe? Sorry if the questions is too basic, I've tried searching around for info on Knox but couldn't find anything besides press releases.
I'm not a network administrator, I'm just a user and my school secure wifi installs a device administrator.
I'm sorry to deviate the topic a little bit from the original.
At Delta we use Air Watch but it's far from free. You can however manage devices and remote wipe. You can also view installed apps and remove what should not be there. Options for device profiles also. I help maintain these devices everyday. Not Free but an MDM is your best bet.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
long time - no see
Hiya,
sorry I didn t answer - kinda was overwhelmed with this Task.
Wanted still to thank you: I did what you suggestet and wanted to let you know where I am now.
1. Meraki = implemented - now runnning 160+ devices. (at no costs)
2. CM12.1 implemented (without GAPPS/no SU)
3. Standard Image/w Apps defined. (Mostly Offline capable Tools like "here" etc.(which actually reduced costs))
4. Since Android has limited capability to be administered in a "real" professional Fashion we mitigated this issue by creating a policy to forbid the user to temper with the device (e.g. Installation of Software/SU etc) yet to allow the Installation of Software manually by us via creating a ticket. We check the Software mainly for "sanity" and malware and install it if ok.
This has been working so far like a charm for us. None of the user were happy to loose the Gapps obviously - but once they had their Software and settled in, all was ok. For the Administering part: Meraki can tell me if Software is beeing installed without our Knowledge, also we see if SM doesnt speak with us anymore. So, for now, we got the most out of the System and I am happy to say: I got minimal Control in a Quality sense. No no more "KO Critera" - and we have implemented Android. Tracking etc. is forbidden in Germany anyway - so we use Meraki mainly to wipe if lost and to check if someone goes against policy.
What is still open:
- I am still working on a way to have the user enter his credentials and automatically enter These in all respective config files. (haven't had much luck - with the absense of SU obviously.
- a Little cosmetics still open (I am still trying to figure out how the theming really works ... I usually f**k up the Pictures and sounds.... but so far making Progress
- with less and less good Android devices coming out (now, I am probably beeing flamed now ) that suits our needs (open bootloader, known/supported CPUs, removable battery, SD Card Slot) - I think we might Switch by Q4/2016.
netsyd said:
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Click to expand...
Click to collapse

Categories

Resources