[Q] security question regarding 'Trusted Credentials' - AT&T Samsung Galaxy S 4 Q&A, Help & Troubleshootin

Is there any reason why I should have so many Trusted Certificates under the System tab in Credential Storage? I have probably close to 100 in there and most of them I don't recognize; they seem to have some gibberish with an expiration date of a few years in the future. To my knowledge these are baked into the ROM and are not installed by the user so I'm guessing most of them relate to a stock app of some kind (WatchOn, ChatOn, etc.) Because I haven't seen a lot of discussion about it, I am asking if these Certificates are safe( I know it's from android or Samsung blah blah)?
I'm in the tedious process of disabling them just to see what happens but can anyone else shed any light on the matter? Thank-yew...
http://support.google.com/android/bin/answer.py?hl=en&answer=1649774

I'd like to know about this as well.
Sent from my SAMSUNG-SGH-I337

These are all root certificates. The certificate authorities that issue cents to web sites have their root certificates loaded on the phone so the phone can verify that an sisal cert from a web site is legitimate.
This is a lucrative business so there are quite a few CAs around the world. And big banks have become CAs too.
Theoretically they are all legitimate as it is a huge process (or it used to be) to get your root cert included in an OS or browser by default.
Can you remove them? Yes, but be careful. If you only use USA websites then you can probably remove most non-USA CAs. But why do you care? Older versions of android didn't let you remove any, and the only time you need to is if a CA has been compromised.
If you do remove one you need, you will get SSL warnings about visiting an untrusted site, but you should be able to add the root cert back.
HTH

alphadog00, I realize your post is from 2013, but I've been searching for answers to this as well. Why do we need these certificates on our phones? I have 156 on mine, and some of them aren't even in English. Some have the country in the company name, like China, Turkey, and Germany. Some companies have more than one certificate. VeriSign, Inc. has 7, all with different issue dates going back to 1996 but all expiring between 2029 and 2036. A couple of them look sketchy to me, with 'certificate' spelled 'cirtificate', and 'global' spelled 'globel'. They remind me of emails that I get from my dear friend, the widow of a former bank president in Kenya, who needs my help getting her money out of the country. Why do I need 156 trusted credentials from half a dozen countries? How many do I really need? There is a grey item at the bottom of the security page that says “Clear Credentials,” but it’s un-clickable on my phone. Why would that be an option if these certificates are necessary? Would I be safe disabling all the ones from outside of the US and Canada? Are all these certificates taking up space on my phone? What is a ‘fingerprint’? Thanks in advance for any help and advice you can offer me.

27 July 2017. "Turned Off" all but two CAs. Result is could not access Play Store as well as several other sites. One screen stated "No internet connection. Make sure WIFI or cellular data is turned on, then try again." Needless to write, turning off all the CAs has repercussions.

I was helping a friend which I had no idea what was going on until I got there...it's a huge huge ring of I'm not sure what?? Now my phone, my parents phone, there desktop and laptop are all under attack! I downloaded over 20 antivirus apps and could not allow permissions, nor can I get any recovery codes to any email because it keeps changing the password. Plus I found strange apps just installed, settings changed that were not and all countries in the world chamber of commerce trusted certificates and so much more. I'm pretty sure we are under attack! I would GREATLY APPRECIATE and thoughts or ideas of what i should do to our info safe!!!!! Thank You!! p.s. I'm now living every second in fear like her and very scared!

Related

WM 6.1 Sprint Mogul ROM killed exchange ActiveSync

(Appologize made new thread ... new to forum) I purchased a Mogul from RS about three weeks ago. For the first week, it worked great! I logged into my company exchange server down loaded and synced email, cal,contacts,tasks ... was very excited. I also got very excited when I started t read threads in this blog .... it seems like there are some pretty smart members maybe someone can help!!
Noticed that there was a new ROM (sprint TV and improved connection) installed the ROM.
Have spent endless hours with HTC technical support, sprint technical support (not an appropriate name). At times managed to get the email to load but never again Cal, Tasks, contacts. Always able to get sent emails to load. I'm left with a couple of alternatives (any others would be greatly appreciated (actually I really like this phone but I need my email,schedule,etc to work) The error is 0x8503001C there is no exact description about this from MSmobile it seems to be an awh**** code. Searching on the web provides 1000s of hits unfortunately not just my issue.
o Go to an early ROM WM6.0. So far it seems like to do this I need to unlock the phone then flash the earlier rom?? Since no SIM card I need to hack the registry?? There are several products out there which is best (I do not mind paying for something that works well). I down loaded several "Oficial ROm versions ... unfortunately did not write down the number of the one the phone came with.
o Find some way of getting this thing to work well to keep the extra features
o My grace period ends in a week ... cancel with Sprint go to Att but there is not a 3G phone I like ... only Iphone ... it has issues for exchange server??
o I got my wife a Touch at the same time (it runs WM6.1) same issue. Downloaded once my corp email no cal, etc.
o I was told that this Rom was cooked up by MS & Sprint what a disaster
Please, please help ... Thanks in advance
Scurfer
Sprint Touch WM6.1 Killed Exchange mail, Calendar; Skype not working
I upgraded my Sprint Touch to HTC official WM6.1 last week, it went smoothly and I liked the GPS and Rev. A speed!! However, it also killed the working Exchange sync with my company server, which was working on 6.0 ROM. I troubleshot with our IT with a Mogul and with his account on the Touch and finally narrowed down to the culprit--6.1 ROM on Touch (6.1 Mogul ROM has no problem). Another thing that is not working is the Skype, even with the 2.2.0.45 which Skype claims working with WM6.1--no sound after the first ring, even the Skype test call. Can someone share their experiences on Touch or any tips to get these two to work on the 6.1 ROM-- I do not want to give up GPS and Rev.A. Thanks.
Mogul clarification
Thanks for the feedback .... I think I was not as clear as I should have been
On my mogul, I can get the activesync/ exchange to work for email only. If I check cal, tasks, or contacts.... and If under acticesync / menu / options ... I check cal, tasks,or contacts ... and try again I get the infamous 0x8503001C support code.
Reading MS blog someone indicated that WM6.1 is very picky? ... and to try deleting cal with data etc. I limited my cal to the basics still no luck. Deleted all tasks and contacts except one each ... still no luck.
I think my first post was a little confusing in this regard.... (clarifiation) ....I can sync the email with exchange but as soon as I check other options ... or those options by themselves ...0x8503001C.
Thanks,
Scurfer
ive never had a problem with syncing everything on exchange with 6.1, im using DCDs roms, theres plenty of info here on how to use custom roms, so look around
A properly configured exchange server will have no problems syncing with the new rom... i do it all the time..
I would recomend working with your it staff rather than sprint or htc because the problem is most likely with the exchanfe server..
If you want to test it to make sure. I would recommend getting a free account at mail2web.com... they offer free exchange service and if it works with them you have something to show your exchange adim...
Well, ...I appreciate the confidence in the MS sprint WM6.1 ROM however,
... as well as the advice about our IT. The simple fact is we have thousands of employees and the exchange server is not restricted to an employee with the appropriate access rights however, it is unsupported, unless you are a very high level person within the company so while us peeons (pissed on) can have access ... if we have proplems we are on our own....
The simple fact is it (all) worked untill the 6.1 upgrade to my Mogul two weeks ago. There are probaly 50 Moguls with VP/Dirs. I imagine that they were all purchased with 6.0 ... they have no camera I'll never know for sure. Mine may start working properly the day IT has a problem with higher level employees devices. In this age of cost cutting IT assistance ... I am far down the food chain. I may be mistaken about this forum ... I really thought I might get some help here ... so far nothing ...
About the cooked ROMs I have considered but I find Imyself caught in some of the lingo and cautions through 2years of posts as an example:
o My ROm is 3.56.651, there have been posts indicating that you should not try to drop lower that 3.35 ??? I had found a ROM that is suppose to be an official ROM .....RUU_TITAN_SPRINT_WWE_3.35.651.2_RS_TITAN_3.35.04_4350H_SPCS_A
o THere was another post that gave about 30 steps usung special unlock an relock instructions as wel as reg editing and subsequently, several post about bricked phones.
So does anyone know if the referenced 3.35.651.2 is the ROm upgrade before mine. I may become more adventurous as time goes on ... but I'm just trying to get back to the ROm that I had three weeks ago that worked so well with exchange and active sync.
o Does anyone have any clear instructions that would enable me to get back ... I'm on the go so much at work that the push email was a huge benefit ...also being on the run and knowing when a meeting got tossed in my lap helps me schedule my time, updating tasks was great, contacts. That is all gone.
o Does'nt anyone find it strange that this all happen with 6.1 and no other changes?
o This is also not an issue of settings for the server I can still hit it ... I just only can sink my email and once again , not cal,cont,or tasks.
o Doesn't anyone fnd it strange that I can access my email and sync but cal, contacts & tasks do not.
o I can appreeciate that there are a large number of people that are just fascinated by more and more technology ... but all I wanted is my outlook completely back... THe attraction of technology got me in this mess because the Sprint TV like a great addition
Trying to "GO BACK"
As posted yesterday there are several confusing aspects for me involved in going back to a previous ROM .... based on the posts through the last 2 years in this forum
1. Is the ROM I posted above (previous post) the last official ROM before the infamous 7/21/08 post by HTC that gave the speed increase and Sprint TV? If not what is it and where can I get a copy?
2. Is the Titan ROM update utiity,relocker and unlocker posted in XDA wiki the latest if not what is?
3. In previous posts there are at least four ID/PINs that you should capture from your phone in case you get in trouble. How to get these?
4. What is a good utility I.e. Reg editor to use? Will this give me the above ID/PINs? I do not mind spending the money if it gets me out of this mess
5. Another post indicates that you should first unlock ... uninstall the previous ROM? (maybe I'm misunderstanding) then install an appropriate radio by itself then stop the sprint autoupdate before go forward ... relock soft reset, unlock then install the desired official ROM update stop the auto update, then relock. The inferernce is that subsequent future ROM updates will be OK true?
6. If the phone is left in an unlocked state then you try an official additional update does that cause an issue? I have heard that this does ... reading other forums.
7. So is anybody in this forum experienced enough to answer these questions without quessing or shooting from the hip? I'm sure that I am not the only one that would find these answers invaluable.
Assuming there is someon in XDA like that, .... I would greatly appreciate your assistance.
Thanks,
Scurfer
I have a 6.1 Mogul with the newest stock rom and have no problems at all with EAS and sync of email/contacts/calendar. Worked great before the rom update too. Unless you setup activesync on the mogul to only grab email, I can't guess what changed for you.
Active sync/exchange server
Well, I'm starting to believe that you are correct & no, I did not only request email (though I realy do thank you for making the suggestion...). After a lot of checking I believe that this is related to SSL and certificate chains. Because tasks, calendar, and contacts are closely tied to GAL (global address list) and email in some cases will work without it. I.E. if the SSL certificates are only partially recognized, this can apparently happen. The reason they can be only partially recognized is if there is an intermediate SSL certificate. I do believe that WM 6.1 is, as I said before, more Picky...
An intermediate certificate creates a SSL certificate chain that has to be honored. So far I have found that the only practical way to handle this is through XML and a _setup XML file. This in turn has to be put into a CAB and later installed in the CE registry. I have spent many hours trying to understand these processes and get the proper programs. Some from Microsoft for identifying the chain, others for making CABs, being able to view and chage corectly XML and appropriate tools.
Because this operation changes the registry and if not done correctly, it can turn the phone into a brick, I also needed a program that can make a restore. The new SKtools can do this it is a great program with many optimizing features; I highly recommend it after trying several others in the last 2 weeks. The best $20 I have spent in a long time... too bad it will not make CABs.
So finally, I'm able to make the XML file, just got to the point where I understand the CABs, have a way to restore the registry and about to give this a try.
I appreciate your feedback but I am disappointed that there seems to be so few people, other than yourself, in this forum that are willing to dig a little deeper and help some one out. While it is true that it is likely that WM6.1 is just fine (probably more picky), I have had to run through this completely on my own ....
I still have the questions I asked about what was the previous ROM and programs that can unlock/relock, the impact of locked and unlock status on adding a new programs ... earlier in this post ... still unanswered ... Maybe everyone that really knows about phones went to another forum???
I'm close to getting this and I'll post the solution ... and programs required, however, I would really like to get my other questions answered and some feedback from a senior / expert member.
Thanks,
Scurfer
Scurfer,
I'm a network admin for a rather large organization and when issues like these arise with our PDA's/Pocket PC's I usually have the user use their PC to access our Outlook Web Access so they can install and save the certificate on their PC.
Then once they have a copy of the cert, export it to a file (if necessary), copy it over to their PDA/Pocket PC and install/import the cert on the device through the cert program within the device. This has solved almost all of our syncing issues in the past.
I too have a Sprint Mogul 6800 with the newest rom (I wanted Sprint TV and faster speeds too) and following my instructions above has allowed me to sync with our Exchange 2007 server and receive all email/contacts/tasks/etc. I was browsing these forums actually looking for a fix to my HTC home plugin issue which I finally found...thankyou forums....so I figured I'd give you my 2 cents.
Sprint WM6.1 Rom Activesync Exchange Server
Thank you for your feedback. I had tried something similar using the WM forum SSL XML chain saver. I noticed an improvement when using the XML but not completely resolved... I could only hit & sync email. I could at that time hit the OWA directly with my PDA which I could not do before ... so you may be on the right track.
I noticed that we have many more certifiates than the two that the chain saver grabbed. It is possible that installing all of these intermediate certs and related Roots may do the trick, .... However ...
A recent update from me is that I was getting so close to my 30 days with Sprint that I had to push for and got a new phone from the repair center. This phone is at the WM6.0 level and I immediately hit the server downloading email, calendar, contacts but could not sync tasks.
Our company has thousands of employees and they are very slow to upgrade anything ... when I checked we are using 2003sp2++ (holdctrl&rightclick outlook icon).
I believe it is true that wm6.1 works well with 2007 exchange. I do not think it works well with 2003sp2++ here's hoping our poorly manned IT group gets it together at some point and nstalls 2007. It took them many years to change Access over.
So I'm going to close this thread as resolved (and open one to try and get this task issue resolved on 6.0). Contacts and tasks share the same categories in WM and theoretically in exchange / outlook. However, for some reason I cannot remove categories in WM6.0. My thought is that if I have a small number of items that cover the total range of my three catagories ... in both WM & Exch ...may be it will start to sync tasks .... but it did not ... any tips would be appreciated
Once again we are not prohibited from the access ...it is just not supported.
Thanks again to the people that were not so quick to assume that there is no problem .... the Sprint techs now have many, many complaints. About 6.1
Finally though there is that wild card ... what is Sprint adding / removing as an example … they pulled out the folder manager inWM6.1 it is necessary to edit the registry to add it back in (check the web for how to). what else got changed? Looking on the web there are many more Sprint customers with the issue....
Resolved WM 6.1 Sprint, HTC ROM killed Activesync & Exchange
Thanks, I'd like to provide an update... Thanks for the cert info but this last week I was able to get a phone from Sprint with a 6.0 ROM. Well Guess what ... exchange worked perfectly no importing of certs required ... just my base server information. This brought me back to where I was four weeks ago. Unfortunately, I have had to go through several of 6.0 reman phones because of poor repair by whoever Sprint has outsourced that task to, unstable operation, stuck buttons, keyboard that does not work (I'm imagining a cage full of monkeys doing the repairs). You would think that they would ensure that these phones, which are going to already potentially dissatisfied customers, would be given a good look over.
I hear Sprint is strapped for cash but this seems the wrong place to cut cost. The adage in business is that one dissatisfied person tells 4. Satisfied customers tell no one unless asked. Very satisfied people only tell 2. Therefore, dissatisfaction spreads at a rate of two to one. (this is often highly exaggerated by dissatisfied people) but two to one seems the actual case substantiated in business articles. Sprint has new people at the top ... maybe some of them have time to read the blogs, the old ones just wanted to play Monopoly. The moral is you do not have to piss off many people to lose market share.
The good news for Sprint is that, during my weeks of trials and tribulations, I have never met (I must have talked to 12 techs and supevisors) so many people that were honestly concerned and trying to help. So, I would lke to apologize for a comment I made earlier in this thread. There are actually a lot of caring techs there at Sprint
The bad news is that they do not seem to have a swat team that can stay ahead of these issues and communicate with their techs. Poor communication with their techs.... 12 techs and supervisors … twelve different stories.
But one tech supervisor and his manager went out of their way for me today … I heard today I may actually get a new 6.0 phone out of the box, so I’m going to fade away ... happily with my WM 6.0 phone. Because these two tried so hard for me … I’m back in the Sprint camp ... very satisfied with the effort these two made. That makes the difference … the people that try … I was a Verizon customer for many years (they are the kings of indifference), then T-mobile the last two … I could never get anyone at T-mobile to call back so, the people at Sprint seem to really care …. That works for me.
One final thing ... for anyone stuck in nearly the same spot. Initially, I was trying to also get Tasks synced. I finally found out that this is not supported for activesync 4.5 and exchange 2003 sp2 (not sure about 2007). Tasks will only sync with ativesync 4.5 and your desktop. A little know fact … sprint techs….or HTC techs or anybody else I talked to …did not know … dug it out of a WM blog the Windows Mobile team did not think this was a priority.
Really makes you think ... a lot of MS people just working on the desktop ...writing code ... out of touch with how business people work.
Once again thanks to everyone that tried to help
Scurfer
Any Have The Sprint Mogul 3.35 ROM?
I too loaded the new 3.35 ROM for the Sprint Mogul and I cannot access the internet using EVDO. I called HTC and they say that they do not have the old 3.35 ROM. If someone has this, could you please post it or e-mail it to me at [email protected].
Thanks
Updating with NEW ROMS
AKIran, My issue is likely different than yours. However, I may have info to help you. You mentioned that you cannot connect to the Internet. My issue was about Exchange Server. But if it is only cannot connect to the Internet and you put a new ROM in check this.
These may be named slightly different for your phone.
Open the settings icon, go to the connection tab, Then go to and open the phone Icon... Then, go to Services. Pick the Internet. There is a setting for ID passcode and domain. If these are blank then this is your problem.
This is because you do not need the internet to use your phone but you need the Sprint PCS service to contact the internet it is you ISP. A warrning that you cannot to Sprint PCS likely comes up when you try the Internet then times out.
This info gets wiped out when you phone has a hard reset or a new ROM Maybe because of Sprint or HTC not sure....
The Domain name is left blank, ID and passcode are unique to you ... and your account. ...
Call sprint technical support ask them for your unique ID and pass code it will likely be something like.
If the person does not know, suggest that you hear it is the same as the first part of your Sprint email address ... combined with your email passcode
"firstlastname###@Spprint.pcs.com"
so the ID for trhe Internet access is
"firstlastname###" all this with no spaces the ### is a number that is appended to your name by Sprint
and then a pass code
###### a combination of chars&numbs
and no domain name. Enter this info then restart your phone or however they tell you to do it.
If the person does not know, suggest that you hear it is the same as the first part of your Sprint email address ... combined with your email pascode
From their standpoint they do not care about the new ROM...
Sprint is going to discontinue email at the end of the year ... somethng about server space. But they are a litle trapped because of the above...
Keep in mind that you can only upgrade and cannot down grade without being quite a hack ... far beyond me .... hope this helps. Also if this does not do it you may have to have them unlock the phone and set up aditional info.
I tried very hard to get my old ROM from Sprint it is SOP for them & their dealrs to not keep old ROMs.
Scurfer

Issues that marr my Hero experience, and if I can do anything to turn this around?

My most recent problem is to do with my text messages - default app.
One of my contacts / threads has a Caution '!' triangle on it, pretty sure its just showing an unread message, but it's not very distinguishable as to read and unread - I'm damned if I can't actually find it in the thread, I don't want to delete the entire thread - is there a trick or tip to solve it guys?
----------------------
At work I can't jump on to the company wifi, it has one of those web browser auth screens you have to key your login into first before it'll let you surf. A lot like at public wifi hotspots...
It doesn't accept my perfectly valid login, my old Blueangel, netbook and N95 are able to get on with no sweat.
Similarly, one of our web based tools at work doesn't have a paid for / trusted SSL cert, and my Hero (over 3G) warns me but seemingly does allow me to go further by presenting me with a login prompt, but again doesn't accept my login which is valid and keeps returning me to the prompt. I'm wondering if both these issues might be because Android just won't allow me to add SSL exceptions on its browser?
To that end I tried installing Dolphin and a few other browsers but I get no further and so have a sneaking suspicion that they just overlay over the same browser engine??
-----------------------
Hero running Android can't Bluetooth sync with my pc / Outlook and even when using the god awful HTC wired link can't sync Notes from outlook...
Even my old HTC Blueangel could accomplish such things many many moons ago, maybe I should go jump over to HTC's HD2, or does that also have crippled bluetooth capabilities as seems to be the backward trend that started with the iPhone?
I seem to remember trawling Android Market (Again) v recently and now a few developers seem to have 'Notes' sync on offer, anyone had any joy using such?
-----------------------
I just cannot get a clear shot with the camera, I'm no great photographer, any my physical disability plays part here - but I've had camera phones before and had far more success getting non blurry photos than with Hero. Is this a well documented shortcoming of the native ap? Is there a free app that makes the camera more usable perhaps?
-----------------------
I've not tried rooting or flashing my Hero phone yet, but am considering doing it if I sniff out the guide which I'm confident will be here. I just read Android commander may be a vital acquisition for reinstalling my Apps.
Ok i dont know much but i will try
Your current unrooted bluetooth is crap - i cannot get it to do anything but BT Headset connection
But if you root the phone - i used villianrom 3.0 then you have perfect bluetooth options, for syncing and sending files to other phones...
The camera is good for me, but i have to be god damn still. if i move at all it goes blur - HTC and camera's are the worse and you can get apps that do help. will try and track the names down...
riiidaa said:
My most recent problem is to do with my text messages - default app.
One of my contacts / threads has a Caution '!' triangle on it, pretty sure its just showing an unread message, but it's not very distinguishable as to read and unread - I'm damned if I can't actually find it in the thread, I don't want to delete the entire thread - is there a trick or tip to solve it guys?
Click to expand...
Click to collapse
----------------------
This is normally to do with an un sent message, ie you have tried replying to message and for some reason (loss of signal), it was unable to send that message. Look through the thread and see if you have any triangles at all. Other than this, or deleting the thread, I cannot think of anything else.
riiidaa said:
At work I can't jump on to the company wifi, it has one of those web browser auth screens you have to key your login into first before it'll let you surf. A lot like at public wifi hotspots...
It doesn't accept my perfectly valid login, my old Blueangel, netbook and N95 are able to get on with no sweat.
Similarly, one of our web based tools at work doesn't have a paid for / trusted SSL cert, and my Hero (over 3G) warns me but seemingly does allow me to go further by presenting me with a login prompt, but again doesn't accept my login which is valid and keeps returning me to the prompt. I'm wondering if both these issues might be because Android just won't allow me to add SSL exceptions on its browser?
Click to expand...
Click to collapse
-----------------
I have the same problem at uni, where WPA2-Enterprise security is in place. Luckily I just use my 3G but understood not all have an unlimited data plan.
riiidaa said:
Hero running Android can't Bluetooth sync with my pc / Outlook and even when using the god awful HTC wired link can't sync Notes from outlook...
Even my old HTC Blueangel could accomplish such things many many moons ago, maybe I should go jump over to HTC's HD2, or does that also have crippled bluetooth capabilities as seems to be the backward trend that started with the iPhone?
I seem to remember trawling Android Market (Again) v recently and now a few developers seem to have 'Notes' sync on offer, anyone had any joy using such?
I just cannot get a clear shot with the camera, I'm no great photographer, any my physical disability plays part here - but I've had camera phones before and had far more success getting non blurry photos than with Hero. Is this a well documented shortcoming of the native ap? Is there a free app that makes the camera more usable perhaps?
Click to expand...
Click to collapse
-----------------------
Android Cupcake (v1.5) which is what you will have running does not support bluetooth file transfer, just bluetooth headsets. When 2.1 is out you will have full support for file transfer. At current there are developer roms out there which are based on 2.1, but not official releases so have some bugs still. Again with the camera, think 2.1 has a better camera app but I havn't got round to trying one of the 2.1 based developer roms yet. Plus, they're not brilliant cameras. I barely use mine.
riiidaa said:
I've not tried rooting or flashing my Hero phone yet, but am considering doing it if I sniff out the guide which I'm confident will be here. I just read Android commander may be a vital acquisition for reinstalling my Apps.
Click to expand...
Click to collapse
-------------------
Plenty of guides. You may have to check whether your phone requires the goldcard CID bypass, which mine did using T-Mobile UKs shipped rom. Just abuot to go out or I'd link you.
Hope I've cleared some stuff up for you.
Adam
adamg89 said:
----------------------
This is normally to do with an un sent message,
-----------------
Click to expand...
Click to collapse
You know, I finally figured this out and nailed it about an hour before reading your reply. Thanks man!!
riiidaa said:
At work I can't jump on to the company wifi, it has one of those web browser auth screens you have to key your login into first before it'll let you surf. A lot like at public wifi hotspots...
It doesn't accept my perfectly valid login, my old Blueangel, netbook and N95 are able to get on with no sweat.
Similarly, one of our web based tools at work doesn't have a paid for / trusted SSL cert, and my Hero (over 3G) warns me but seemingly does allow me to go further by presenting me with a login prompt, but again doesn't accept my login which is valid and keeps returning me to the prompt. I'm wondering if both these issues might be because Android just won't allow me to add SSL exceptions on its browser?
Click to expand...
Click to collapse
My response is not necessarily relevant to you, but my first Hero (brand new, bought SIM-less, GSM, October 2009), had a problem with wi-fi. Worked sometimes and not others. I finally determined it was defective, the phone. I was having other strange problems which I have never seen anyone else document here at XDA (though I haven't looked). I would very often get a SIM card error where a large graphic of a sim card displays on a home page with a red X circled around it. I eventually concluded this was also a defect.
I initially went to my T-Mobile store and got a brand new SIM card to swap - in case that was it... I had taken my well-worn T-Mobile Wing SIM Card from T-Mobile and loaded it onto the Hero from the start. There were no problems initially. Anyway, even after the swapout of a new SIM card, problem persisted. Next called HTC Tech Support (USA), they did trpoubleshooting with me, including sequential uninstalling of apps.. eventually recommending a hard reset... Which I resorted to because of BOTH the SIM card problem (when this displayed, I also could not connect to T-mo network at all) and the WIFI intermittent problem. FInally they said send it in for repair. (Not a Swapout for a new one, mind you, but a "repair", per policy).
After 2 weeks got it back with what was allegedly a replaced motherboard... The SIM problem persisted, but wifi was working reliably. Amazingly, even now HTC wouldn't commit to replacing it; then said they could only authorize warranty repair! again.
I have since bought a used HERO, and no prob at all with either of these issues. Thus, I just want to throw out a remote chance that you have some flawed hardware. I doubt it, but who knows... I guess only way to rule that out is to have someone with a Hero try to loan you a phone to try to log onto wifi at work, just to see.
Hope this was of help, just as the possibility that they DO have occasional defective hardware. good luck...

Microsoft Exchange setup

OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Dude, never piss IT off...
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
f_v_man said:
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
Click to expand...
Click to collapse
Trust me...I know. Having worked IT for 20+ years...I know.
So my company uses:
https://mail.xxxx.com/owa
As far as I am aware that is is.
I am not following the rest of what you have written though.
What do you mean by a "proper SSL thing?"
Camusa said:
OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Click to expand...
Click to collapse
Even if you figure out the proper address and domain name, there is a good chance you will need a security cert Cab to run to allow you access which must come from your IT dept.
Why not just take this to your boss and tell them you want work email on your phone and have he or she force them to set you up? If your boss isn't down with you having work email on your phone, then IT isn't going to let you anyhow...
I appreciate all the responses.
A couple of points to address:
1. I got it to work no problem.
2. I erased the profile and am going to wait for them to give me the green light/red light.
I am second in command for my satellite office.
I am the assistant program director for a FQHC (Federally Qualified Healthcare Center). We are JCAHO accredited and long-standing.
We have to play by some very serious rules according to the feds and HIPAA is always looming large.
When I put a small applet on my computer to stop the screensaver from engaging (since they took away our privs to be able to just change the setting) someone ratted me out and I was told that it was "HIPAA" policy.
Having been a privacy officer myself I assured them it was not HIPAA policy.
They then noted that it was company policy.
Long and short of it...I am going to have to wade through the BS.
Supervisor is here!
Gotta go!

Company wants to wipe my phone

I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
If you want to pay for it; use Nine mail application.
You can set a full device wipe or just application wipe.
So if your company decides to wipe it, only the mail gets wiped.
what kind of wipe? if your mean is factory reset or something like that. therefore yes. I mean factory reset wipe just own partition and won't touch of other partitions(I'm sorry for my bad English language. I hope you got what I mean) so, obviously you should sync your info between all roms yourself before wipe.
but if your mean is kind of wipe from recovery or flash with Windows P.C or something like that, don't count on multirom or anything else! ?
فرستاده شده از Nexus 6Pِ من با Tapatalk
Personally, if a company would remote wipe my phone if it gets lost or stolen because it contains company related info in it, I don't see the problem of letting them do so. I would even thank them for having my personal info wiped along with it. If I have issues with the company's terms regarding wiping data on MY phone (maybe like remote wiping without letting me know beforehand, even when my phone is not lost), I would use a secondary phone as a work phone.
The company should provide a work ? for you to use.
stankyou said:
I would use a secondary phone as a work phone.
Click to expand...
Click to collapse
I just realised the Samsung Galaxy S2 with its broken screen that my Nexus 6p will replace, will be perfect for this. No SIM card, just sync everything over Wi-Fi, done. Thanks for the creative thinking, all!
dratsablive said:
The company should provide a work for you to use.
Click to expand...
Click to collapse
I agree. If they want permission, they should provide the device.
Generally, companies that want your phone wiped any second are against rooting, unlocked bootloaders and custom roms. The best thing to do is to ask them about it first, so that you won't end up getting fired or sued.
Bluemail
PeterJP said:
I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
Click to expand...
Click to collapse
Ok, so to do this they need to install an MDM agent (Mobile Iron, AirWatch, etc.), a piece of software/application which is granted device administrator rights on your phone. These agents usually manage the security certificates and all the other things needed to authenticate the device with their systems and create a secure connection. If they configured their environment correctly, devices without this agent shouldn't be allowed to connect, which essentially makes the agent required. This is good as only secured and managed devices can connect.
However, as this is a personally owned device, you're allowing them a metric crap ton of access to your personal phone. As a device administrator, the agent can be used to:
* Browse / view / edit files on your phone
* View messages sent or received
* Use GPS to determine the device's location, or even map where the device goes 24/7.
* Change the lock code / pin for the device.
* Lock the device at will.
* Detect rooted devices and disallow service.
* All kinds of other Big Brother-ish type of things.
Your company should have some kind of mobile device policy. Ask to view it. This policy should define acceptable use of mobile devices for employees, and it should also define the acceptable use of the MDM solution for IT staff and management. It should define specifically what steps they will take if the device is lost/stolen, if you get terminated, or any other circumstance where they would want to wipe the device. If they don't have a mobile device policy, or if it does not clearly define these things, demand they provide you with a mobile device and do not grant them permission to use your personal devices. Why? If they don't have their **** together enough to have a policy protecting both them and you, it's just not worth giving them access to your phone.
Furthermore - They should have the ability to perform 2 types of wipes. An enterprise wipe, and a device wipe. The enterprise wipe will remove email, corporate data, corporate applications pushed through the MDM, and finally the MDM agent itself. It shouldn't remove any personal files or wipe the OS. It is often the practice to do an enterprise wipe for personally owned devices in a BYOD environment, but you should check.
So, is all of this MDM stuff bad? No. Your business has a right to protect their systems, networks, and information. MDMs allow them to do this. That being said, if they are making it a job requirement for you to access email 24/7 (or even for just a limited window of time which is outside of your normal shift hours) then the burden of providing you with the appropriate means of doing so rests with them as well. This often means they have to provide you with a mobile phone. If accessing email outside of your working hours is NOT a requirement - then don't! For goodness sake, take a break from the job man!
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
I know this didn't specifically address the OP, but I've had a fair bit of experience with this (both good and bad) and thought I'd chime in. I hope it helped.
how about the reverse, what can a person do to prevent them from wiping your phone?
Elnrik said:
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
Click to expand...
Click to collapse
Nice write-up!! I totally agree with you, 2 phones is the way to go.
https://play.google.com/store/apps/details?id=com.cloudmagic.mail
Access your exchange email without changing security settings on your phone.
ycats said:
how about the reverse, what can a person do to prevent them from wiping your phone?
Click to expand...
Click to collapse
Once their agent is installed and made a device administrator... Nothing.
Ergo - to prevent it, don't install the MDM agent.
---------- Post added at 07:00 AM ---------- Previous post was at 06:46 AM ----------
mikexda said:
Nice write-up!! I totally agree with you, 2 phones is the way to go.
Click to expand...
Click to collapse
Thanks.
I've had some companies tell me "hey, we will pay for your service" and what they wanted was to transfer my line into their business account. Great, I don't have to pay the bill anymore, but I just lost control over when I upgrade (or am eligible for upgrades, as business accounts are still largely based on 2 year contracts), what device I can upgrade to, what plan I get, etc. And here is the scary part of that scenario... Legally the phone number is theirs from that point on. They don't have to release it back to me if either one of use terminates employment. Damn slippery slope, that.
So, unless they are going to cut you a check for your service every month, and you are ensured to retain ownership of the account, best to avoid that altogether.
In fact, any company high on BYOD is doing it wrong IMO. It sounds good, but it can be a nightmare.
Do you actually have to have work email on your phone?
Firms usually offer a corporate device, you can have your email on that, should be a cheap month to month contract.
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. There's a short FAQ with details on how to connect to their Exchange server, but that's when my phone pops up that the server wants access to wipe the phone. I haven't written down the details of the message, though. It could be just the Exchange part, which would be ok. Last thing I want is another party to have any form of control over my personal phone after my assignment ends.
Bluemail looks cool, I'll try it out. I'm curious to see how it reacts to the demands of the Exchange server. In any case, I still have my old phone which will do to stay in the loop when off-site and access my calendar. I might want to have an app that actually copies the calendar to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
ycats said:
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Click to expand...
Click to collapse
Depends on your workplace. Some are more relaxed about it. Personally I avoid it and use a dedicated device.
---------- Post added at 04:49 PM ---------- Previous post was at 04:46 PM ----------
PeterJP said:
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
Click to expand...
Click to collapse
I know a firm who does exactly that, iphones. If it were me I'd avoid it and get out your s2. But that's me. Are you rooted? How does the MDM play with root? If reported would that provoke a wipe? Surely that can be blocked.
What about the exchange hack? Would that be of any use?
Touchdown in the store.
tech_head said:
Touchdown in the store.
Click to expand...
Click to collapse
Was just about to say it has its own secure app container so wiping only wipes company info. Used it for years.

[HELP] OnePlus 2 blocked from company exchange mail server(!)

Hi all,
Recently my company changed its exchange policy and decided that only iPhones and iPads and Samsung devices are eligible to receive mails from the exchange server
You can imagine it is VERY frustrating.......
How can I bypass the exchange policy? can I root my device and report the device type as iPhone/Samsung?
I really need mail access to my day to day job and don't want to give up my OnePlus 2 I love so much
Please help!!!!!!
Thanks,
Mike
Hi Mike,
Welcome to the OnePlus 2 family on XDA! I know this particular issue is very frustrating and I have been avoiding Exchange/Activesync for years.
There are only a few solutions/workarounds, but beware as some are a little dated. The link I have posted for you below is a favorite of mine that I used for a while before doing away with Exchange/Activesync.
Please read over the method(s) before trying and see if they are for you. I will try to search out other methods for you as well, but I'm a Systems Admin and I'm on call 24/7.
**NOTE**
Since this modification disables the enforcement of Exchange security policies, it may be illegal and may violate your workplace/school policies. If you chose to install and use this modification, please remember that you are doing so at your own discretion. I, AndroidSamurai, cannot and will not be held responsible for any issues, legal, technical or otherwise, that may arise due to the use of this modification.
Exchange Security Bypass
Look it over and let me know what you think.
Warm Regards,
AndroidSamurai
Sent from my OnePlus 2 running H2OS

Categories

Resources