[Q] About forgot password (strange) - Nexus 10 Q&A, Help & Troubleshooting

(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot

EX_RIVER said:
(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot
Click to expand...
Click to collapse
If you have TWRP (not sure about Clockworkmod), "Factory Reset" will leave personal files on while clearing settings, custom apps, etc. FORTUNATELY, there is no way to bypass, other than resetting the device, the password for security reasons

dibblebill said:
If you have TWRP (not sure about Clockworkmod), "Factory Reset" will leave personal files on while clearing settings, custom apps, etc. FORTUNATELY, there is no way to bypass, other than resetting the device, the password for security reasons
Click to expand...
Click to collapse
Pretty sure that's not true, strictly speaking. Unless OP is talking about encryption, flashing a new ROM over top will preserve most user data saved on /sdcard (much to my annoyance).

Rirere said:
Pretty sure that's not true, strictly speaking. Unless OP is talking about encryption, flashing a new ROM over top will preserve most user data saved on /sdcard (much to my annoyance).
Click to expand...
Click to collapse
You are correct. I forgot that circumstance. TWRP specifically excludes the data/media area
Sent from my Samsung Galaxy Victory via XDA Developers App

dibblebill said:
You are correct. I forgot that circumstance. TWRP specifically excludes the data/media area
Sent from my Samsung Galaxy Victory via XDA Developers App
Click to expand...
Click to collapse
I mean, it's useful because if you flub a flash you can use a backup, but these recoveries are not secure and aren't designed to be.

EX_RIVER said:
(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot
Click to expand...
Click to collapse
USB debugging isn't required for ~all~ USB stuff, so you should try it anyways.
Then, as long as you still know your Google password you can install this to your Nexus, via the web (no log on to device actually needed):
http://www.androidlost.com/
I haven't actually tried or used that program, so cant say 100% it will work on N10 - but "in general" it seems like it should!
:good:

bigmatty said:
USB debugging isn't required for ~all~ USB stuff, so you should try it anyways.
Then, as long as you still know your Google password you can install this to your Nexus, via the web (no log on to device actually needed):
http://www.androidlost.com/
I haven't actually tried or used that program, so cant say 100% it will work on N10 - but "in general" it seems like it should!
:good:
Click to expand...
Click to collapse
I don't know if AndroidLost can unlock a device, and he doesn't seem to have lost it either. Unless an app had root/device admin access, I can't imagine that it would have the privileges necessary to remove authentication from a device (since that seems to be the pinnacle of bad security). Secure Settings + Tasker can do it, but you need to set that up beforehand.

Rirere said:
I don't know if AndroidLost can unlock a device, and he doesn't seem to have lost it either. Unless an app had root/device admin access, I can't imagine that it would have the privileges necessary to remove authentication from a device (since that seems to be the pinnacle of bad security). Secure Settings + Tasker can do it, but you need to set that up beforehand.
Click to expand...
Click to collapse
It says it can:
Lock the phone
You can lock and unlock the phone from the web. If you forget your pincode you can simply overwrite it or remove it from the web

bigmatty said:
It says it can:
Lock the phone
You can lock and unlock the phone from the web. If you forget your pincode you can simply overwrite it or remove it from the web
Click to expand...
Click to collapse
I don't think this means what you think it means (and I could be wrong). Many security apps like avast! offer a similar "locking" functionality, where the normal lockscreen (whatever security it is) is covered by a second lockscreen, superimposed over all system UI elements to prevent access. This lockscreen is controlled by the app, but it will not affect any underlying security (basically, think of it as a replacement lockscreen for security reasons, not much unlike HoloLocker or Go Launcher's lockscreen).

Rirere said:
I don't think this means what you think it means (and I could be wrong). Many security apps like avast! offer a similar "locking" functionality, where the normal lockscreen (whatever security it is) is covered by a second lockscreen, superimposed over all system UI elements to prevent access. This lockscreen is controlled by the app, but it will not affect any underlying security (basically, think of it as a replacement lockscreen for security reasons, not much unlike HoloLocker or Go Launcher's lockscreen).
Click to expand...
Click to collapse
I don't know man, and like I said I've never tried it. But its a super popular app, and has been featured in write ups. On their main page it states that text, as the fifth "main feature" which seems pretty straight forward to mean "the main lock screen"...

bigmatty said:
I don't know man, and like I said I've never tried it. But its a super popular app, and has been featured in write ups. On their main page it states that text, as the fifth "main feature" which seems pretty straight forward to mean "the main lock screen"...
Click to expand...
Click to collapse
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.

Rirere said:
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.
Click to expand...
Click to collapse
Nice on the testing! Too bad about the unlock. Perhaps he can still use it to offload his content though.
Did you try to "push" it to your device w/out installing it direct? I have wondered if I should pre-load this app on my devices, but "they" tout its remote-install-ablity, so I somewhat feel like I would not have to pre-install. (But then again, Im always apprehensive of claims that make things seem super easy.)
EDIT: Hmmm.... I see it requires "SMS" to install this on a device via Push - so I guess it NEEDS to be pre-loaded on a N10 if one wishes to use it to retrieve a lost N10, or even use it in this context! Now to decide if I install this or not...

bigmatty said:
Nice on the testing! Too bad about the unlock. Perhaps he can still use it to offload his content though.
Did you try to "push" it to your device w/out installing it direct? I have wondered if I should pre-load this app on my devices, but "they" tout its remote-install-ablity, so I somewhat feel like I would not have to pre-install. (But then again, Im always apprehensive of claims that make things seem super easy.)
Click to expand...
Click to collapse
I installed direct. I use Cerberus (and before that, avast! Anti-Theft) to help secure my devices, but these things are all a game of chance. My advice: completely disregard remote-install abilities. If you're going to use this kind of service, it really doesn't make any sense not to install it yourself, where you can change your preferences (such as install to /system or rename the application) to work for you.
The bigger problem is that, obviously, six hundred million things could go wrong. I noticed that AndroidLost noted that they were using Google to push messages, which indicates that they're using C2DM (unlikely, it's deprecated) or GCM push services, which require your phone being connected to a network (itself a big assumption) that will allow Google's ports to send traffic. This excludes no small number of places, particularly corporate networks (and many schools as well). It also looks like one of the wakeup methods if SMS, which is not only noticeable (to a thief), but potentially may be intercepted by other apps on the phone (such as an alternative SMS app).
The idea is that these apps intercept and delete any command SMS before any other app, but in practice this doesn't always happen. So test your setup before something happens!

Rirere said:
I installed direct. I use Cerberus (and before that, avast! Anti-Theft) to help secure my devices, but these things are all a game of chance. My advice: completely disregard remote-install abilities. If you're going to use this kind of service, it really doesn't make any sense not to install it yourself, where you can change your preferences (such as install to /system or rename the application) to work for you.
The bigger problem is that, obviously, six hundred million things could go wrong. I noticed that AndroidLost noted that they were using Google to push messages, which indicates that they're using C2DM (unlikely, it's deprecated) or GCM push services, which require your phone being connected to a network (itself a big assumption) that will allow Google's ports to send traffic. This excludes no small number of places, particularly corporate networks (and many schools as well). It also looks like one of the wakeup methods if SMS, which is not only noticeable (to a thief), but potentially may be intercepted by other apps on the phone (such as an alternative SMS app).
The idea is that these apps intercept and delete any command SMS before any other app, but in practice this doesn't always happen. So test your setup before something happens!
Click to expand...
Click to collapse
Thanks for the info, I will look into Cerberus. I am assuming you would recommend that as you are currently using it? Do you think its better than AndroidLost, even though you haven't spent as much time w/ AndroidLost?

bigmatty said:
Thanks for the info, I will look into Cerberus. I am assuming you would recommend that as you are currently using it? Do you think its better than AndroidLost, even though you haven't spent as much time w/ AndroidLost?
Click to expand...
Click to collapse
I like it a lot more, but I will admit I personally liked avast! better. Its uncertain future (plus a nice promotion) led me to jump ship to Cerberus. I'd have to play around with it a bit more to be sure though.

Rirere said:
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.
Click to expand...
Click to collapse
Yep, you're right I can't get root under this situation, thanks a lot I'm trying to figure out how to save my data mow

EX_RIVER said:
Yep, you're right I can't get root under this situation, thanks a lot I'm trying to figure out how to save my data mow
Click to expand...
Click to collapse
It's not root you need per se, it's device admin. But root isn't an easy option for you either, because unlocking your bootloader will hose your data. I also think most of the locked-bootloader exploits require the device to be on and unlocked. If you're signed into your Google account, you should have a fair degree of stuff backed up already-- what sorts of data are you trying to save?

Rirere said:
It's not root you need per se, it's device admin. But root isn't an easy option for you either, because unlocking your bootloader will hose your data. I also think most of the locked-bootloader exploits require the device to be on and unlocked. If you're signed into your Google account, you should have a fair degree of stuff backed up already-- what sorts of data are you trying to save?
Click to expand...
Click to collapse
Mostly..........Photos and videos

EX_RIVER said:
Mostly..........Photos and videos
Click to expand...
Click to collapse
...do you have a Google+ account? Slash have you ever opened the app? If so, you might actually be in luck and your data should have been backed up to your Google+ (or PicasaWeb if you prefer).

Related

Someone jacked my Sprint account

Just a heads up, somehow someone compromised my account, and was able to deactivate my phone, and activate their own EVO on my account, change plans, and change all the security info, PIN security question, and security email. A bit of a wakeup call, running rooted phones, installing apps that give themselves unfettered access...
Yes, "its your own damn fault", but whatever, just keep your eyes constantly peeled, and make sure your sprint "myaccount" settings are secure...
What ROM where you using? Any idea what apps you had installed that might have been compromising your data?
Take some screenshots of all your installed apps. Couldn't hurt.
This is more of a Sprint thing. They have a problem with internal fraud
Was using CM6 at the time. According to the rep I spoke with (that actually helped me, the first guy was a turd), they had been calling in between the 28th and 30th, on the 30th they were able to remove my device and add theirs.
I don't think it was any of the apps I have installed. I'm thinking it was either an inside job, or someone else (ie, haxor) on Sprint's nodes during the last week sniffing packets. Reason I think that is that they seemed to have compromised the security by way of changing the e-mail address that security updates go to. I don't know, its just a crappy feeling overall. Kind of like when I was mugged many years ago...
hondoslack said:
Was using CM6 at the time. According to the rep I spoke with (that actually helped me, the first guy was a turd), they had been calling in between the 28th and 30th, on the 30th they were able to remove my device and add theirs.
I don't think it was any of the apps I have installed. I'm thinking it was either an inside job, or someone else (ie, haxor) on Sprint's nodes during the last week sniffing packets. Reason I think that is that they seemed to have compromised the security by way of changing the e-mail address that security updates go to. I don't know, its just a crappy feeling overall. Kind of like when I was mugged many years ago...
Click to expand...
Click to collapse
Sprint should should just clone that account, deactivate it, ban the new ESN.
I fail to see the benefit of account jacking (especially after account owner's phone gets deactivated)
jerryparid said:
Sprint should should just clone that account, deactivate it, ban the new ESN.
I fail to see the benefit of account jacking (especially after account owner's phone gets deactivated)
Click to expand...
Click to collapse
I like what happens (and it rarely happens,Ive heard stories of things that have happened way back,which are always good for a chuckle) where I work when someone does something illegal,or commits crimes using sensitive information at work. The US Marshals come,drag them out in handcuffs for everyone to see and then they get their room and board on the US Government for the next few years.
Every phone is legally required to have GPS that is available at all times and it sounds like they are committing identity theft. Have the police, or if they are in a different state possibly FBI, go get them.
This was an inside job and has nothing to do with your ROM or the fact that you rooted your phone. Threads like this could easily scare people away from rooting for no good reason.
I think you might have gave someone your info!!
dallashigh said:
This was an inside job and has nothing to do with your ROM or the fact that you rooted your phone. Threads like this could easily scare people away from rooting for no good reason.
Click to expand...
Click to collapse
This may not have had anything to do with his phone being rooted but it is possible that could have had something to do with it too. When you root your phone you are effectively bypassing just about every single security feature put on there.
You are lying to yourself if you think rooting your phone doesn't make your information much easier to steal.
jahnile said:
This is a strange story, def.ly a wake up call.
http://WWW.rootznculture.com
Click to expand...
Click to collapse
NVM wrong thread
xHausx said:
This may not have had anything to do with his phone being rooted but it is possible that could have had something to do with it too. When you root your phone you are effectively bypassing just about every single security feature put on there.
You are lying to yourself if you think rooting your phone doesn't make your information much easier to steal.
Click to expand...
Click to collapse
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
dallashigh said:
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
Click to expand...
Click to collapse
You say any app with root can do just about anything, you just confirmed what I said. If whatever terminal app you are using can give you root(superuser) access without a password than any app can do it.
A SSH shell is for communicating over a network, it has nothing to do with root access.
If you read recently at defcon someone showed a market app that could root your phone without your permission and take some private info. So without root your screwed to. So you can probably blame an app before root. Also all data is encrypted so I doubt it was a packet sniffer.
This is a Sprint issue. I've seen and heard of it happening way too many times for me to assume that it's Android related even in the slightest bit.
I don't really think it's fair to lump rooting and basic modification in with account theft. There are always multiple sides to any story.
dallashigh said:
That is patently false. If you install a custom ROM then you are trusting the ROM developer not to put anything sneaky in there. Considering CM6 is open-source and used by thousands of people, it's unlikely to be the ROM's fault.
An app with root can do just about anything. That is why the Superuser app is there to make sure only apps that need it can get root access.
Installing apps from non-Market sources is much riskier than rooting your phone. Installing an SSH daemon would make it possible to access your system remotely. That would also be a security risk.
Enabling USB debugging will make it easier for someone with physical access to your device to access your information. That much is true.
There is absolutely nothing about the act of rooting that puts your information in jeopardy.
Click to expand...
Click to collapse
Then what is this article referring to? http://phandroid.com/2010/07/31/hackers-release-data-stealing-program-to-push-google-to-plug-holes-at-security-conference/
xHausx said:
You say any app with root can do just about anything, you just confirmed what I said. If whatever terminal app you are using can give you root(superuser) access without a password than any app can do it.
Click to expand...
Click to collapse
Sure you don't have to enter a password, but the first time the app runs, you DO have to confirm that you want to give it root access. And again that would be the APP that is malicious and not the mere fact that your phone is rooted.
xHausx said:
A SSH shell is for communicating over a network, it has nothing to do with root access.
Click to expand...
Click to collapse
I know what SSH is. I'm not an idiot. An SSH server is something that would actually put your device at risk of being remotely accessed without your knowledge or permission.
redrazr7791 said:
Then what is this article referring to? http://phandroid.com/2010/07/31/hackers-release-data-stealing-program-to-push-google-to-plug-holes-at-security-conference/
Click to expand...
Click to collapse
They distributed a trojan that installed malware at the same time it rooted your phone.

Modded Exchange Server APK?

For the Rezound,and other phones I guess, there is a modified Exchange server app that does away with the Administrator Rights requirement when connecting to some Exchange Servers.
Here is the issue. Mind you, this security policy only applies if the device supports it. Meaning one Android device or iPhone can connect without enabling Admin rights, while another one does.
But what happens, is that if the Exchange Server sees that the device supports it, it enforces this policy in order to set up and allow access to the email account. It gives the IT department COMPLETE control of your device. They can lock you out, format it, etc... Also, it forces you to set up a PIN, and it disables the camera and encrypts the storage of the device. So you can see how this an be an issue with a personal device. ANy pics you take, files you download, etc... are encrypted and can ONLY be accessed from the device. You cannot copy them to your PC and access them. Huge pain in the ass!
On the various ICS ROMs for the Rezound(the phone I have), there is a file that I can install, a modified Exchange.apk file, that lets me set up the account, and while it will force me to use a PIN, it ignores the rest and doesn't force me to disable the camera or encrypt the storage.
So, is there such an app for this device? Can I use the one for ICS that I use for the phone?
Any idears?
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
ekinnee said:
Please don't do that. Many times there is a legal requirement for that policy. Feel lucky that you can use a personal device for work. Many people have to deal with the policy and carry a dedicated work phone.
Click to expand...
Click to collapse
There is almost never a legal requirement, it is a corporate policy. I am using this type of modded Exchange.apk right now, have been for months.
The irony of the "security policy", is that if your phone does not support the feature, then the Exchange Server ignores it and lets the device right in with full access. It only affects certain devices. If I had a DroidX, no problem, Exchange lets me in. I upgrade to a Rezound, now I have to encrypt my entire device.
Don't use it if you don't want to, but many of us do, as this file is available for many phones. I just need to locate one for the N7.
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
I can't dig up the case at the moment, but for the record, there is absolutely president (at least in the U.S.) if a company requires you use a personal device for work, they have no legal recourse to require factory wipe access and may face steep penalties if they fire you as a result of you circumventing them.
Definitely an area where it's worthwhile to know both:
A. Your companies policies, in and out.
B. Your rights as a citizen of whichever country you reside in.
krelvinaz said:
You can try it. At where I work it is not worth it since doing so will get you fired for violating company policy which every employee signs.
The policy they use however doesn't affect the use of the camera and most employee's have a company phone so it's not theirs to begin with. Those that need email and also want privacy, have two phones.
You might want to talk to the admins to see if they can remove the camera block as that may be something they turned on without thinking.
Click to expand...
Click to collapse
Guys, I really don't need lectures on whether I should do it or not. I currently do it. I will continue to do it. I won't get in trouble at work, it is just how they set it up and they are not going to change it for me, but it is an inconvenience.
I just need to be able to do it on THIS device.
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
SquireSCA said:
Tried that before, hated Touchdown.
The modded one on the Rezound is the stock app, just that part taken out and it works perfectly, That's what I am after here.
Click to expand...
Click to collapse
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
DanielNTX said:
There was an offshoot of a modified APK and then it turned into Enhanced Email, and since then I've switched to Touchdown. Instead of forcing encryption and standards on your personal device, it handles it's own secure space. Also it handles High Importance messages with recurring alerts.
Click to expand...
Click to collapse
mwalt2 said:
I think any mod made for jelly bean would work for you since it's all based off of aosp. I'd try the one linked below (and making a backup beforehand).
http://forum.xda-developers.com/showpost.php?p=28246860&postcount=1
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Cool. I just got the thing a couple hours ago, so it is not unlocked or rooted yet, and you need that to install these.
The ones for the Rezound were made to install in the OS, not from Recovery, but once CM10 is out and stable, I will unlock and go to that and then I can use it. For now, my phone has it so I do have email on the go for work.
Thanks!

[Q] Possible to lock phone in case of theft?

My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Abrojo said:
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Click to expand...
Click to collapse
http://bit.ly/174zPh6
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
I use avast! free mobile security (https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity&hl=en),
the anti-theft module has option to block the phone if the sim card is changed
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
What a woeful answer. Try reading before you be a ****.
In answer, no there is nothing similar to a BIOS lock on Android phones, however like mist813 said, Avast is quite good. If you have root access you can install it as a system apk then even if the thief wipes your phone, it's still there.
You could also try lookout its free. Can do tracking, remote wipe and also takes a photo of anyone trying to unlock your phone.
I don't think there is anything that can prevent someone from just flashing a new firmware and wiping the phone completely.
Sent from my Nexus 10 using Tapatalk 2
I don't think there is an equivalent to BIOS lock in Android. I'm not sure if you tried Lookout or the native Samsung remote control under security settings. Both gives you the options to locate, lock, scream or wipe your data. I tried the locate and scream options and they work. Never tried lock or wipe, but they should also work! Now going to the fact of wether someone can bypass or overcome these security measures, then I personally think it's possible and whatever we do he can find a way to go around it depending on how smart and resourceful he is! If my phone is stolen, frankly speaking I won't waste my time trying to find it or just lock it. All what I'll care about is to wipe the data off, and hopefully these softwares will work if needed!
Sent from my SGS IV using Tapatalk 2
Abrojo said:
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
Click to expand...
Click to collapse
Okay lets not be a **** this time.
1) There's nothing equivalent to that bios thing
2) http://stackoverflow.com/questions/...-the-device-on-removal-of-sim-card-or-sd-card
There are also apps that just notify you if sim card is changed for example this https://play.google.com/store/apps/details?id=instigate.simCardChangeNotifier&hl=fi
And of course there are some apps that let you remotely control your phone for example http://forum.xda-developers.com/showthread.php?p=7567932
Abrojo,
You don't really need a third-party app for this.
Please check out the Samsung Dive service. (www.samsungdive.com)
You can track your phone, lock it with a custom password, sound an alarm, etc...
The problem is, the phone needs to have Internet access.
I am using the Cerberus app (https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en)
This is the best rated Anti-theft app you can find for your Android.
a license costs 3USD if I remember correctly. With one license you can secure up to five Android phones.
Featuers:
Track your phone
Remote lock
Remote wipe
And a lot more options...
A couple of things that I think are extremely useful:
When a wrong password or pattern is drawn to unlock your phone, a picture is taken with the front camera and emailed to you together with the location of the phone.
When the SIM is swapped, you can configure up to three phone numbers that will receive an SMS with the new SIM card number and the location of the phone.
You can hide the app from the App Drawer.
Check it out... very useful
i use also cerberusapp 4 years now. everything is perfect. when u install as system app u can do everything.
Sent from my ThL W8 using xda premium
Apparently there is also rumors of LoJack already being built into these phones, with the possibility to activate it some time in the near future. Don't remember all the details, but I just read an article about that. Not being patronizing when I say it, but Google Galaxy S4 LoJack and look into it.
Also, I am on Verizon, and am testing out their mobile security app that is preinstalled. It's $1 a month, but they allow you to remotely lock your phone, wipe it, and track it should you lose it. I don't believe it embedded at the hardware level, but it is something that gives me a little piece of mind.
Edit: I went to switch to the Norton Mobile Security app, since I use it for all of my other devices, and discovered that the Verizon Mobile Security App - once activated - cannot be uninstalled, force stopped, you cannot clear the data, and you cannot disable it. In order to do so, I first have to go into my Verizon account online, sign in, and unsubscribe from the service. After realizing that, I have chosen to keep the Verizon security app, because it has that extra layer of security. Are there ways of bypassing that, I'm sure there are. But assuming that my phone is stolen by some low level thief and not some crazy high level criminal circuit, I should have no problem retrieving it.
Samsung Dive down?
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Sm007hCriminal said:
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Click to expand...
Click to collapse
It's working with me.
Sent from my SGS IV using Tapatalk 2

Android Security Concerns

I'm hoping someone can point me in the right direction after spending a day reading about mobile phone security. I'm still confused as to what an app can do and how I can limit access. Some answers or a point in the right direction for more information would be helpful.
Apps that are granted permission "Modify/Delete SD Card" can pretty much read/write anything on my device? Could an app go through my sd card and see files, for example, music, movies, other data from different apps; file names/content? I have about 35 apps running on my phone with this access. I'd rather not leave it to "how much I trust the developer" and have some means to limit access to data.
I don't keep national security secrets on my nexus but there is work and personal information that is sensitive and I wouldn't want shared. It looks like if I use android to encrypt my data it only encrypts the /data folder and there doesn't seem to be much in there.
What about securing contact and calendar data? Is this possible? Not as critical as guarding my file data, but still important to me. Thanks.
Yes, files on the external sdcard are not protected, I.e. all apps which have the right to read/write sdcard can read/write everything there. One reason is just the filesystem type: on FAT you don't have access rights. On internal /sdcard it's a bit different, because it's using ext4 as a filesystem, so principally not all apps can read everything, but also here you have the problem that for example the camera, the gallery app, ... need access to the same files and directories. So at the moment you need to trust the apps in a certain way or not to install it at all.
Sent from my Nexus 7 using xda app-developers app
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. The best bet is as you already suggested, that is to be smart about where you browse the net, and only install trusted apps. Always think twice and review permissions carefully for any app even if it's from the Play Store.
And don't forget encryption only works similar to a house door. It's only good if you keep it locked. But if you let the bad guys into your house (i.e., installing a naughty app), it doesn't protect you much. It only keeps them out so long as you don't let them in (physical access). P.S. I'm assuming you're talking about the stock android encryption not actually having individual encrypted files on your device if not then ignore this paragraph (although I'm sure some will disagree that even having SHA-512 AES encrypted files with a extremely complex and long passwords is still not enough to protect data once a malicious user gets their hands on that file.)
Even on the internal SD card, it looks like once I give an app access to "modify/delete" the entire sd card is exposed; did I understand that correctly? It looks like grant access to everything or nothing.
After reading this:
http://appanalysis.org/
It seems that even trusted developers can't be trusted. I don't consider myself a novice user but I'm really surprised at how exposed the data is on phones and tablets. Its like leaving money on your front porch and hoping it isn't too tempting for someone to walk though a broken gate and grab.
Any idea what WP, iOS or BB10 offer in the way of data protection?
TheAltruistic said:
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. /QUOTE]
XPrivacy looks good, might be worth rooting for that app.
I'm not as concerned with an app downloading files and using a high level attack on my data. I am concerned about an app where the developer decides to go through my contacts, photos, and files which are unlocked and easily viewed. Then sell the data to whomever that can do whatever. No effort required, no ability to know the data was even accessed and no ability to lock the data. I think like most things, if there is more than a slight effort needed to access the data, they'll move on to something else.
I see Google offers encryption but I can't find information on exactly what is encrypted and if I install an app with say permission to contacts does that give them encrypted access to all contacts? For example, a program that can add a contact via sms I don't want to allow it to read all my contacts, just add a new one.
Maybe Android isn't the right platform for me.
Click to expand...
Click to collapse
mgerbasio said:
TheAltruistic said:
While it is difficult for someone with limited tech experience, it is plausible to protect your data with measures like XPrivacy or PDroid.
However, if you're looking for an answer without jumping through a few technical hoops, there aren't many good ones unfortunately. /QUOTE]
XPrivacy looks good, might be worth rooting for that app.
I'm not as concerned with an app downloading files and using a high level attack on my data. I am concerned about an app where the developer decides to go through my contacts, photos, and files which are unlocked and easily viewed. Then sell the data to whomever that can do whatever. No effort required, no ability to know the data was even accessed and no ability to lock the data. I think like most things, if there is more than a slight effort needed to access the data, they'll move on to something else.
I see Google offers encryption but I can't find information on exactly what is encrypted and if I install an app with say permission to contacts does that give them encrypted access to all contacts? For example, a program that can add a contact via sms I don't want to allow it to read all my contacts, just add a new one.
Maybe Android isn't the right platform for me.
Click to expand...
Click to collapse
Heh don't give up. To be honest at least android tells you when it grants a program certain permissions unlike some other OSes where you're in the dark in terms of security.
As far as I know, and I'm assuming we're talking about the same thing, the type of encryption Android offers only prevents people from gaining unauthorized access to your data if your device is mounted or accessed when your lock screen is up. (I'm sure someone will correct me if I'm wrong--please do). But if your device is not password protected (e.g., you set lock password to lock every hour and they get it when it's unlocked) then your data can potentially be compromised.
This encryption does not, however, protect your data as you're browsing the internet, or running apps like facebook.
If you're looking for something to protect your data from say facebook finding your GPS location without your permission, or accessing your contacts and doing God knows what with it, then XPrivacy and PDroid (links above) is your answer, and I'd say that's awesome.
I may not play around with an iPhone / iOS enough, but I'm confident enough to say that they don't offer the same privacy protection even from Cydia that you can get from communities like here on XDA. Perhaps for iOS users, ignorance is bliss?
Click to expand...
Click to collapse
TheAltruistic said:
mgerbasio said:
Heh don't give up. To be honest at least android tells you when it grants a program certain permissions unlike some other OSes where you're in the dark in terms of security.
Click to expand...
Click to collapse
Thanks again. I appreciate the comments.
All I'm really looking to do is prevent an app downloading all my contacts, photos, movies, files, etc. I have some work data on my tablet that isn't confidential but it is what I would call sensitive. Actually, I rarely use external memory, mostly just use in internal sd card.
It seems all the "good apps" grab more permissions than they need or, the permission they do need to operate gives them way more access than I'd like. I'm not so concerned that I'd start using Tor or duckduckgo, but just trusting a developer with an open door to data is more than I can to leave to chance.
From what I've been reading the sandboxing in iOS and WP provide good security and in BB you can remove permissions from apps; BB10 is still the most secure if you can believe the internet articles. I'd like to see Google make it more clear as to what encryption actually allows and prevents.
There seems to be apps that button up a lot of holes, like photos, but there still are gaping holes.
Click to expand...
Click to collapse
Hi guys,
Any progress? I use PDroid on my smartphone and find it unnerving to see how much and how often data is accessed not only by third party apps but by Google itself. With PDroid you can restrict permissions without bricking the app because it can provide fake data rather than none. I have to say that I am not entirely happy with it though. I hope that Firefox OS will have success in stopping the appification of our devices. Data wise, it is much safer to use web-based services than app-based services.
I think Google's Android is so successful with developers (also) because they can gather so much data. Our smartphones are unfortunately "data gold mines" for the ICT industry.
If you have any progress in improving privacy, safety and security of the Nexus 7 than I'd be happy to read about it.

Bloatware blocking tool

Hopefully I'm posting in the correct section. Found this and wanted to share it. A simple tool to block bloatware of many phones, with and without root. Check out the following forum :
http://forum.xda-developers.com/and...er-remove-carrier-bloat-t2998294#post58069093
Just a note for anyone who doesn't want to use a tool for this (or is on a non-Windows platform). Everything that tool does can be accomplished without root via the ADB command interface described in this topic in our own forum
Nice cross link nonetheless, have a thanks
Ironically, I used the method that you're talking about on my z3c.
I thought this tool makes the process simpler as a frontend with some descriptions too.
It works works on my z3c without root because of kitkat. Other roms do require root.
And you're right, windows only application, good call
Essentially it just freezes the app, which without root is a very good thing, should you need to enable it again.
Thanks, though does anyone know how to block the Enterprise Service? It unblocks itself as soon as I try to block it.
Edit: never mind I got it, had to revoke its device admin rights before blocking it. Annoyingly a bunch of previously disabled apps got enabled again. smh.
degraaff said:
Annoyingly a bunch of previously disabled apps got enabled again. smh.
Click to expand...
Click to collapse
Yeah, I had the same thing here, I froze some with Titanium Backup (root) and they unfroze themselves....
I have access to an unlocked and a locked device, the same thing happened when I tried to disable apps @ the one with the locked BL. The thing that helped me was clearing the data/cache for the apps that I were about to disable. (aka before disabling them.)
Try that.
Sent from my D5803
degraaff said:
Thanks, though does anyone know how to block the Enterprise Service? It unblocks itself as soon as I try to block it.
Edit: never mind I got it, had to revoke its device admin rights before blocking it. Annoyingly a bunch of previously disabled apps got enabled again. smh.
Click to expand...
Click to collapse
Correct, we had that (a longer time) before: you have to disable it in settings -> security -> administrators before you block it. Don't confuse disabling with blocking. Disabled Apps may get enabled again after disabling device admins, blocked ones shouldn't.
Just for the sake of completion, here is the complete adb tutorial+ a nice list of processes which can be disabled so you dont have to look them all up
https://www.reddit.com/r/SonyXperia...battery_life_is_out_of_this_world_bye/cnmj0vn
2mal16 said:
Just for the sake of completion, here is the complete adb tutorial+ a nice list of processes which can be disabled so you dont have to look them all up
https://www.reddit.com/r/SonyXperia...battery_life_is_out_of_this_world_bye/cnmj0vn
Click to expand...
Click to collapse
Why does he list Small Apps as one of the main bloatwares to block? I'd think small apps is actually quite a useful addition to many.
degraaff said:
Why does he list Small Apps as one of the main bloatwares to block? I'd think small apps is actually quite a useful addition to many.
Click to expand...
Click to collapse
I agree but he states "You could leave the small app launcher/widget if you like it." . Apparently some ppl just dont like it .
Sorry to bother you guys, I would really like to kill/freeze some apps from this great device, in the easiest way possible and WITHOUT connecting the device to the computer. Is it possible to enter all those commands in a Terminal Emulator on the phone itself? Would it be great if we can do like a script or a batch that disable all the apps we dont need/want so, as soon as we reset the phone, it will disable/kill them in an easy way, not 1 by 1 going into the applications list.
Sorry again if this was a stupid question, but this is chinese for me.
Thanks in advance.
Alx
Wow... Great info i really like it...
Nice App!! Would be nice making a list of secure app to be block, without making any damage to the phone Like com.sony.touchscreen, Device Usage, User Data Logging and Crash Monitor what does each one?
I tried to use a Terminal Emulator and kill the What's New using PM BLOCK blah blah blah......it says "killed" but the app is still working.......what is wrong? *in english, please
Thanks in advance.

Categories

Resources