Related
After reading about the new knox security features do you all think it will be harder to obtain root? It sounds like this feature locks the bootloader. Any insight on this?
Sent from my SPH-L900 using xda premium
I am also curious about this..
Sent from my Desire HD using xda premium
musclehead84 said:
After reading about the new knox security features do you all think it will be harder to obtain root? It sounds like this feature locks the bootloader. Any insight on this?
Click to expand...
Click to collapse
Knox is B2B only which means it only applies to devices companies purchase and provide to their employees. And there's a remote companion component necessary for it to be implemented. I'd expect it to be locked down tighter than Fort Knox (get it? ) with little or nothing an end user can do to a Knox device except play with their partition. I know for sure they can't add/modify/delete any apps or settings on the Knox side. It's probably overkill for most of the Fortune 500, and there are other less rigid ways of controlling remote devices, but it will have great appeal for government use and for companies that require security clearances and handle sensitive data.
Exactly! Knox for B2B only.
Sent from my GT-N7100
Samsung trying to snatch the BlackBerry crown and win lots of government contracts I reckon
Thanks for the explanation on it. Just had me kinda worried about that feature.
Sent from my SPH-L900 using xda premium
BarryH_GEG said:
Knox is B2B only which means it only applies to devices companies purchase and provide to their employees. And there's a remote companion component necessary for it to be implemented. I'd expect it to be locked down tighter than Fort Knox (get it? ) with little or nothing an end user can do to a Knox device except play with their partition. I know for sure they can't add/modify/delete any apps or settings on the Knox side. It's probably overkill for most of the Fortune 500, and there are other less rigid ways of controlling remote devices, but it will have great appeal for government use and for companies that require security clearances and handle sensitive data.
Click to expand...
Click to collapse
I don't think so its necessarily B2B My AT&T Galaxy S4 has a Knox apk on it and according to the Knox web page the chain of trust can be changed after a device is bought. So Someone can Buy their own device then place on the business network and due to corporate rules get their device locked down.
Since My Bootloader is locked and Knox can lock the bootloader I can only assume until I know otherwise that AT&T is using the same Knox methods to lock my consumer device.
Samsung has Rollout Firmware Updates to the S4 I9505 where KNOX is fully activated, Bootloader changed and SEAndoird is enforced.
So this is a mess for rooting.
But it seems that chainfire has hacked this again in CF-AutoRoot and SuperSU (1.60)
Regards
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Faluzure said:
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Click to expand...
Click to collapse
Android 4.2 introduces multi-user support. S4 does come with Android 4.2.2 and as such, they made it possible to separate the, say, work/personal accounts. The presentation was talking about a case where (in a corporate environment) the IT department would be able to setup your "Work" account as per their needs/requirements/restrictions while leaving the "Personal" user account untouched - actually not even having access to it.
Hope this answers your question.
That would be Samsung's Knox product, not multi-user from android. It has been delayed from release, but has been approved by DoD for use in government.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Faluzure said:
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Click to expand...
Click to collapse
nacos said:
Android 4.2 introduces multi-user support. S4 does come with Android 4.2.2 and as such, they made it possible to separate the, say, work/personal accounts. The presentation was talking about a case where (in a corporate environment) the IT department would be able to setup your "Work" account as per their needs/requirements/restrictions while leaving the "Personal" user account untouched - actually not even having access to it.
Hope this answers your question.
Click to expand...
Click to collapse
bigworm50 said:
That would be Samsung's Knox product, not multi-user from android.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Click to expand...
Click to collapse
Thanks. It does. is this not available yet?
bigworm50 said:
That would be Samsung's Knox product, not multi-user from android. It has been delayed from release, but has been approved by DoD for use in government.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Click to expand...
Click to collapse
Knox is Samsung's own security implementation but the multi-user support (Work/Personal accounts) used by Knox is actually built/based on Android 4.2 multi-user feature. Knox cannot be implemented on earlier versions of Android exactly due to Android's lack of multi-user support.
The multi-user support is present in all Android 4.2 versions regardless of hardware as well as Cyanogenmod 10 and up - without actually having anything to do with Samsung's Knox.
Knox was built from the ground up as platform/application security and device management. The multi-user feature is similar to android's built in feature in name only. Knox reaches all the way down to the bootloader.
Knox comes out in the summer in a future update. It seems nice but my work place doesn't use work phones.
bigworm50 said:
Knox was built from the ground up as platform/application security and device management. The multi-user feature is similar to android's built in feature in name only. Knox reaches all the way down to the bootloader.
Click to expand...
Click to collapse
This could get interesting. I would assume a Knox enabled device would have a perma locked bootloader. If Samsung were to push an update including Knox, they could theoretically lock the phone down tight like Motorola did to the Atrix line, no?
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
According to the article it appears samsung is throwing the towel on Knox. It does make sense given Google's direction and lack of adoption.
http://www.forbes.com/sites/bobegan...ixs-knox-the-android-security-saga-continues/
pitchdarkice said:
According to the article it appears samsung is throwing the towel on Knox. It does make sense given Google's direction and lack of adoption.
http://www.forbes.com/sites/bobegan...ixs-knox-the-android-security-saga-continues/
Click to expand...
Click to collapse
Getting tech news from Fortune is like getting sports news from Better Homes & Gardens. Samsung and Google's cross-licensing deal probably plays in to the following. Just like the death of Samsung Hub and the neutering of M-UX.
Pichai (Google's Head of Android Development) specifically noted that the future Android 5.0's security layer involves Samsung's "contribution" of Knox, a feature that company unveiled last spring as part of its "SAFE" (Samsung for Enterprise) initiative.
Knox principally erects a "container" or sandbox around corporate apps and data to prevent any unauthorized mingling with a users' private, unsecured email, apps and other personal data.http://appleinsider.com/articles/14...erprise-with-android-l-featuring-samsung-knox
BarryH_GEG said:
Getting tech news from Fortune is like getting sports news from Better Homes & Gardens. Samsung and Google's cross-licensing deal probably plays in to the following. Just like the death of Samsung Hub and the neutering of M-UX.
Pichai (Google's Head of Android Development) specifically noted that the future Android 5.0's security layer involves Samsung's "contribution" of Knox, a feature that company unveiled last spring as part of its "SAFE" (Samsung for Enterprise) initiative.
Knox principally erects a "container" or sandbox around corporate apps and data to prevent any unauthorized mingling with a users' private, unsecured email, apps and other personal data.http://appleinsider.com/articles/14...erprise-with-android-l-featuring-samsung-knox
Click to expand...
Click to collapse
Based on the link you provided, it looks like the KNOX-like security feature will come baked in Android OS? That sucks if it is true.. harder for us to root without tripping something else that warrants (no pun intended) manufacturer to deny warranty work.
This will be good, if Google makes some "rules" for this security feature.
For example if KNOX or "Googlebit" is triggered it could be reset if you are back to locked bootloader and doing a factory reset. That way you can tell that your device is secure again.
valexi said:
This will be good, if Google makes some "rules" for this security feature.
For example if KNOX or "Googlebit" is triggered it could be reset if you are back to locked bootloader and doing a factory reset. That way you can tell that your device is secure again.
Click to expand...
Click to collapse
I think you are right. Having the Knox container and security will probably be useful in the future given the rate and sophistication of hacking nowadays.
Knox reset
I feel I should be able to restore stock firmware to subsequently reset Knox to then do a hardware fault warranty claim. Whilst I've taken the risk triggering Knox when installing Cyanogenmod, the tablet had usability problems on stock, which is why I did this in the first place...
ie: On Cyanogenmod my WiFi is stable, video plays smoothly, no weird jitter in Google Chrome address bar and I have an Exchange email client (KitKat) which doesn't hide some of my folders.
I've just come across Phoenix OS and tried it out. While it works great for my purposes, I began to wonder about something. You know how there are stories in the news all the time about foreign countries, particularly China, Russia and North Korea are always finding ways of hacking into US secured sites and what not? How do we know that Phoenix isn't sharing all of our private info with hackers or something? I know it sounds paranoid, but we live in that sort of world now. Any thoughts? (Other than I'm crazy delusional, paranoid and don't use it.) Thanks.
netizenmt said:
I've just come across Phoenix OS and tried it out. While it works great for my purposes, I began to wonder about something. You know how there are stories in the news all the time about foreign countries, particularly China, Russia and North Korea are always finding ways of hacking into US secured sites and what not? How do we know that Phoenix isn't sharing all of our private info with hackers or something? I know it sounds paranoid, but we live in that sort of world now. Any thoughts? (Other than I'm crazy delusional, paranoid and don't use it.) Thanks.
Click to expand...
Click to collapse
Dude, after Snowden, the NSA leaks, and homeland security policy, you've honestly have a hell of a lot more to worry about domestically from your own country to be worried about any foreign nation trying to hack your system. The fact this app is made in a foreign land isn't something that should elevate concern, it's whether or not it connects to the internet and you happen to use it to do anything. That's the threat vector you should be worried about always. The fact you even posed this question implies you're somehow more secure on Windows 10 or Android in general just because they're not developed in China. I honestly trust these guys more than I ever would Microsoft or any other company Snowden's leaks long identified as part of Prism. Think Windows 10 forces updates only for our well being? They upload and download files constantly. My laptop has never been as quiet as when I'm on PhoenixOS. It's serene how at ease it is compared to the constant activity I see on Windows machines. Only one on your side here is you and what you do with the data under your domain, once you go online you're at risk. Once you lose your control or possession of your system, you're at risk. Whether in San Antonio or Shanghai.
it isnt 100% safe i dont recommend it can harm your system i dont know but safely is u use a memu ,andy or bluestack my favorite is memu
Use phoenix os it's not a problem for your datas, NSA already owns them, in the moment you begin using anything developed from US companies like microsoft apple or google you give your private life to them.
The real problem for the security is the usa not china,russia or any other country. If you are so paranoid you can use android x86 without google apps, avoid to use android emulator because they are closed source and you can't verify if there are backdoors.
Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).