It took us much longer than WP7 did, but the first Interop Unlock hack for WP8 is now available. It's currently limited to SAMSUNG phones, although we're trying to extend it to other phones, of course.
WARNING: Samsung is trying to break this hack! If you take the retail upgrade to GDR3 including the Samsung firmware update, it will not work!
A brief summary, for those unfamiliar with interop-lock: Windows Phone allows a number of high-privilege app capabilities, which can be used to make changes to the OS which are normally not possible for a third-party app. The limitation on whether we can use these capabilities or not is based on what "level" of developer unlock the phone has; standard "ISV" (Independent Software Vendor) dev unlock (max 10 apps or less) is what pretty much everybody gets; OEMs, however, get a special OEM Developer Unlock (300 apps or more) which gives them the ability to use much higher-privilege app capabilities than the standard ISV unlock permits. The name comes from ID_CAP_INTEROPSERVICES, the capability which was most important in WP7. In WP8, however, there are a great many interesting capabilities. Note that Interop-unlock by itself does not enable all of these. However, at least on Samsung phones, it is now possible to enable *all* the capabilities.
Guide for Samsung's ATIV phones:
The instructions are generally well-provided in @-W_O_L_F- 's app (direct link for updated XAP). You will also need the Diagnosis app, which is included (though hidden) on every Samsung WIndows phone.
The instructions are as follows:
Developer-unlock your phone. You will need the Windows Phone Developer Registration tool for this; it comes with the SDK.
Sideload the helper app using Application Deployment (included with SDK) or WPPT. It does not work to just copy the file to your phone, or similar.
Open the Phone dialer (the built-in one) and dial ##634# to install the Diagnosis app (if you hadn't already). You can exit it afterward.
Run the Interop Unlock Helper app and read the instructions, clicking Next until you get to Step 2.
Click the button to generate the toast notification for your phone's Diagnosis app, then tap on the toast to open the hidden registry editor.
Press-and-hold the Back button, and switch back to the helper app without closing the registry editor. Click Next to go to Step 3 in the helper app.
Copy the provided registry paths and values out of the helper app, use the Back-and-hold switcher to return to Diagnosis, paste the values into the registry editor, and write them.
Don't worry if the app says a write failed! Just hit Read afterward to verify the change.
Repeat the previous steps a few times, hitting Next after each set of instructions, until the Helper app says "Finish".
Once all the registry values are written, congratulations; you are interop-unlocked!
At this point, you probably want to run the EnableAllSideloading hack below.
If you want to enable sideloading even more high-privileged apps, you'll want the following:
Install the BootstrapSamsung app attached to this post. This requires having interop-unlock already, and will not work if you have Samsung's ships-with-GDR3 firmware update unless you unblock RPC.
Run the app once, and ensure it displays a success message. You may then exit and (optionally) remove the app.
Install the EnableAllSideloading app attached to this post. This requires the bootstrap step. However, it is not specific to Samsung (we just can't bootstrap anything else yet).
Run EnableAllSideloading once, and ensure it displays a success message. You may then exit and (optionally) remove the app.
At this point, you will be able to sideload any capability, even the ones used for built-in apps and services. However, there appear to still be restrictions, even with a capability such as ID_CAP_BUILTIN_TCB. Multiple XDA members, including @Heathcliff74 and myself, are working to overcome these restrictions.
It may be necessary to repeat these steps after a phone update.
Capabilities which will be enabled, without further modification, by using interop-unlock:
Note: This list is *just* the ones from Interop-unlock; it does not unclude the ones from EnableAllSideloading.
ID_CAP_CALLMESSAGING_FILTER
ID_CAP_CAMERA
ID_CAP_CELL_API_COMMON
ID_CAP_CELL_API_LOCATION
ID_CAP_CELL_API_OEM_PASSTHROUGH
ID_CAP_CELL_API_UICC
ID_CAP_CELL_API_UICC_LOWLEVEL
ID_CAP_CELL_WNF
ID_CAP_CSP_FOUNDATION
ID_CAP_CSP_MAIL
ID_CAP_CSP_OEM
ID_CAP_CSP_W4_APPLICATION
ID_CAP_CSP_WIFI_HOTSPOT
ID_CAP_DEVICE_MANAGEMENT
ID_CAP_DEVICE_MANAGEMENT_ADMIN
ID_CAP_DEVICE_MANAGEMENT_BOOTSTRAP
ID_CAP_DEVICE_MANAGEMENT_SECURITY_POLICIES
ID_CAP_DU_MIGRATOR_STATUS_OEM
ID_CAP_OEM_DEPLOYMENT
ID_CAP_INTERNET_EXPLORER_FAVORITES
ID_CAP_INTERNET_EXPLORER_SEARCH_PROVIDER_KEYS_HKCU
ID_CAP_INTEROPSERVICES
ID_CAP_KIDZONE_CUSTOMIZATION
ID_CAP_MAP_WRITE
ID_CAP_MEDIALIB_PHOTO_FULL
ID_CAP_NETWORKING_ADMIN
ID_CAP_OEM_ADC
ID_CAP_OEMPUBLICDIRECTORY
ID_CAP_PEOPLE_EXTENSION
ID_CAP_PEOPLE_EXTENSION_IM
ID_CAP_PEOPLE_EXTENSION_MOBILE
ID_CAP_PERSONAL_INFORMATION_IMPORT
ID_CAP_RUNTIME_CONFIG
ID_CAP_SMS_INTERCEPT_AGENT
ID_CAP_SMS_INTERCEPT_RECIPIENT
ID_CAP_SYNC_EXTENSION
ID_CAP_VOICEMAIL
ID_CAP_WALLET_SECUREELEMENT
ID_CAP_WIFI_BASIC
One of the goals of this thread will be to explore what we can do with interop-unlock, and look for ways to achieve full permissions. I think I've found one, but it requires the ability to write registry multi-string values. Basically, if we could add a "superuser" privilege, or enable the use of ID_CAP_BUILTIN_TCB, which already has it, this would allow the creation of "root" apps.
Aside from myself, credit for this hack goes to @cpuguy for the Native Toast Launcher tool which permits accessing otherwise-unreachable code, and @-W_O_L_F- for helping put the pieces together. I'm not actually certain which one of us achieved the interop-unlock first; we were both working on it. @Heathcliff74 continues to be a help on the quest for full-unlock.
The source code for the apps below is posted at http://forum.xda-developers.com/showpost.php?p=45606584&postcount=88
Questions and Answers
Can I install WP7 interop apps using this?
They will install, but there's no point. They almost certainly won't actually work. Interop-unlock enables access to parts of the OS which third-party developers were not intended to touch; consequently, there's no backward compatibility. Even the methods used for native code on WP7 (which is different from, but nearly essential to make use of, interop-unlock) won't work on WP8. However, it should be possible to port many of those applications to WP8.
Will this work on Lumia phones / How can I get this on my Lumia / Are you working on this for Lumia phones / What about HTC, or some other OEM?
The current hack relies on a Samsung-specific component. Adding support for other phones will require new hacks. We are looking into it, rest assured; at this time, however, there is no way to gain interop-unlock on any WP8 device other than a Samsung one.
EDIT: It looks like there should soon be a Huawei W1 custom ROM with interop-unlock included. I don't deal with custom ROMs, but you may be able to use homebrew apps on that phone too.
EDIT: Lumia phones *can* be interop-unlocked via JTAG. However, this requires some extra hardware and some phone disassembly. Not an online hack, and not for the faint of heart.
But what if we installed the Diagnosis app on a Lumia phone (using Fiddler proxy or similar) and then followed this guide?
I repeat, Samsung-specific component. Nokia doesn't put the required services/drivers for Samsung's Diagnosis app into their Lumia firmware, so the app would not work!
Can I upgrade my phone to GDR3 if I have this?
Yes. However, be aware: if you install Samsung's updates that come with the retail GDR3 update, it will break your ability to re-unlock, or to use some homebrew apps! (Developer preview updates are fine, as those are purely Microsoft code and don't mess with the Samsung components.)
EDIT: There's a way to unlock the Samsung services for full access again on GDR3. You still need to interop-unlock beforehand, though.
Can I re-lock my phone if I want to?
Yes, easily. The simplest method is to use the Windows Phone Developer Registration tool (the one that comes with the SDK) to de-register the phone (you can then re-register it if you want to get your normal dev-unlock back). This doesn't remove any changes that were made using the interop-unlock, though (for example, it won't undo the EnableAllSideloading hack, not will it set back the Full FS Access hack). Apps that require interop-unlock will still be installed, but may no longer run. To manually remove interop-unlock, you can reset all the registry values that were changed by the interop-unlock hack to their original values, and remove all the apps. There still may be a great many other changes that also need reverting, though, if you want to get back to stock settings. See next question.
Can I get my phone completely back to stock settings without knowing every little thing I changed?
Yes, a hard (factory) reset will undo all changes made by interop-unlock, or any apps (including ones that require interop-unlock), and will remove all apps. If you need to send your phone in for warranty servicing and are worried that they won't take it because you interop-unlocked it, this approach will fix that (they would probably tell you to hard-reset anyhow, if it's conceivably a software problem).
Will the interop-unlock survive a hard reset?
Not using this method! Read the question above. This unlock is purely in software, not firmware; it is reset along with everything else.
Can I upgrade my phone to WP8.1 if I have this?
Tentatively, yes! We're still working on figuring out exactly what WP8.1 means for the homebrew scene. The short version is that most apps and some (but not all) of the hacks they contain seem to still work, though. However, see next question...
Can I interop-unlock my phone on WP8.1?
At this time, I don't believe this is possible (unless you can use a custom ROM). One step of the process appears to have been "fixed" and we will need to find a different way. -W_O_L_F- has indicated that he has one, possibly coming soon...
Apps which use Interop Unlock
SamWP8 Tools Currently includes a basic registry editor and some tweaking tools, including an accent color editor.
Native Access Webserver that requires full capability unlock; still read-only at this time.
PDF to Office enables browsing and moving files.
WPH Tweaks allows easy access to a number of registry tweaks.
AppData Manager allows you to back up the data of an app so you can re-install it (possibly after a hard reset) and not lose its state.
Storage Cleanup allows you to list and delete space-wasting files on your phone.
Reserved for... whatever else is needed.
Awesome!
I suggest first app to the list: my SamWP8 Tools
Upd. I'm little bit late XD
well i ve got an ascend w1 bootloader unlocked if i can help let me know
It's awesome to have my phone Interop Unlocked. I hope to see something to clear my "Other Storage" soon. Its full with faulty Windows Store installation files.. But I guess even with this it will be a lost cause.
Sent from my GT-I8750 using Tapatalk
although the Samsung registry editor will install it will not run on my phone and I believe I was able to interop unlock any idea why it wont run?
@GoodDayToDie your wor is awesome and you are the man
Good luck buddy
@FricoRico: Actually, I'm pretty sure we can clear out those files. I've got a ton of stuff on my plate at the moment, but even if none of the capabilities that work with interop-unlock will natively allow access to the relevant folder (and I wouldn't be surprised if one does; what is the folder in question?) there's a function in the Samsung driver interface to move files; we can move them to a location where we have write access, and then delete them.
@noelito: No idea. If it installs, that means you're unlocked. Make sure your phone didn't re-lock, I guess - try deploying the app again, for example - and make sure you're using the official deployment tool (some of the unofficial ones for WP7 - which may or may not work on WP8 - strip interop capabilities) and then try again. If it still doesn't work, please give a more detailed error report.
I am using the official deployment tool, and I believe the interop unlock does work because I was able to side load operamini, Samsung photo studio, supreme shortcuts and couldn't before BUT that was it they're side loaded but do not work at all ? well actually supreme shortcuts does run but when I try to use a custom shortcut such as brightness it will crash
Sent from my SGH-T899M using XDA Windows Phone 7 App
Aha, an item for the FAQ...
WP7 INTEROP APPS WILL NOT WORK! Interop-unlock lets you develop high-privilege apps, but it's very OS-specific. This is all unofficial stuff; there's no reason for Microsoft to have maintained backward compatibility, and indeed they did not. New apps will need to be developed specific to WP8. That's why there isn't already a bunch of listed apps...
ohhh ok so this interop unlock
is paving the way for future wp8 homebrew apps?
Exactly. Things which I have in mind, beyond the obvious improvements to registry and file system browsing, include options such as sounds customizations, media library access, changing certain "restricted" file/URI associations (alter the default browser?), *possibly* better task management (not sure we have the permissions for that), cleaning up wasted storage space, and as much more as we can manage. There's also a lot of potential for future research which this enables: interop-unlocking more devices, getting even higher permissions, possibly even custom ROMs or at least custom kernel drivers (which is much the same, since once you've got that you can change anything).
Can you write anywhere on the file system?
I can write some places, certainly. We'll see. I've got a couple of ideas for exploits involving writing to System32, but if there's anywhere I *can't* write, it's probably there.
Maybe "test mode" from lumias work like diagnosis app from samsung, really don't know about WP8 because i went from android, but on my motorola some options in fastboot like "Factory Mode" are apk's. Maybe this is a dumb thing (because they are two diferent systems ) :silly: .
Really thank you for your work, u 're awesome.
Sry for my english
GoodDayToDie said:
I can write some places, certainly. We'll see. I've got a couple of ideas for exploits involving writing to System32, but if there's anywhere I *can't* write, it's probably there.
Click to expand...
Click to collapse
Might be able to port @Myriachan 's exploit.
Boss442 said:
Maybe "test mode" from lumias work like diagnosis app from samsung, really don't know about WP8 because i went from android, but on my motorola some options in fastboot like "Factory Mode" are apk's. Maybe this is a dumb thing (because they are two diferent systems ) :silly: .
Really thank you for your work, u 're awesome.
Sry for my english
Click to expand...
Click to collapse
Feature-wise, Test mode is heavily locked on Lumias. One has to authorize to use its the most sweet features.
Related
At least with windows 7.x you could switch ROMs and side load useful apps, with this safeboot thing and Microsoft's lame attitude to give us more of the features and apps that we want it's no wonder why Windows Phone 8 fourms and blogs are so boring. Way to go Microsoft.
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Nobody has been able to find an exploit yet , but I don't really mind lack of activity in forms though as long as cobwebs don't settle upon the entire ecosystem itself we'll be fine
DavidinCT said:
Agreed. I used to come here every day but, now it's once a week (kind of how it was on PPCgeeks.com). No roms, No interop unlocks, no unlocks period.
If you want more discussion about WP8, I suggest going to WPcentral.com...It's pretty active over there...
I really wish a hack of some type would hit, this is getting old. I just want my custom colors back (like I have with WP7).... Advanced Config I miss you !!!
Click to expand...
Click to collapse
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
sinister1 said:
Yea I agree that WP Central has lost more action going on but it's all the same stuff; I mean how many reviews of itsdagram, Facebook, Angry Birds and Skype can one handle before they get bored.
I always use to wonder why XDA turned into Android forum almost over night; now I know why its thanks to Microsoft. I feel sorry for Nokia though they took a big risk and now MS is being stubborn.
Click to expand...
Click to collapse
Agreed, it's the same *****ing over there sometimes. Don't get me wrong, it's a good site if you want new and useful Windows Phone news. This site used to be a WM haven, just like PPCgeeks was. As that is all there was at the time, we had WM and BB...they were all mainly used by business people or hackers like ourselves.
WP7.x was pretty hackable after a while (with custom roms for most phones and interop unlock for about 90% of the models) so it was pretty active but, now with everyone moving to WP8 (ex WP7 users and converts) and No hacks yet, it's slowed down to almost nothing.
Android is mostly hackable and most phones have or NEED a custom rom, so this became a haven for Android users. And for now, as long as they are not going in this area and trolling, there is no issue with it or at least, I don't have an issue with it.
I do think it's a matter of time, they will find a exploit in WP8. I know why MS locked it down, once WP7 was hacked, it opened the doors for the pirates and some people took advantage if it. Sure there was some cool underground apps but, it just opened the system for the pirates. They wanted to lock down WP8 to make the higher end DEVs come and create the apps and games people want, to grow the system.
Nokia was paid pretty well to make a change to WP and over all they are doing very well with it...and their market is growing.
I'm stil deciding if I am going to pick up the Lumia 928 or stick with my HTC 8X(full price, Not giving up my unlimited data)....Hmmmmm... I just wish I could use Advanced Config to get my custom tile colors back
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Personally I like the very secure nature of my windows phone, I have rimmed more than my share of devices over the years, so its kind of refreshing to k ow this nuts hard to crack. Nokia did take a big risk but I think its been good for both companies. Nokia has done well with exclusive apps in a starved market and there devices are aimed well at a growing group of android overloaded users. With apps like tumble, netflix, Hulu and others coming over the devices are getting more main stream support and with time that will pay good dividends too. All in all I have found little reason to "root" this device other than for the hell of it. They come pretty lean on apps out of box. The biggest thing people seem to be trying to do is get tethering to work without paying out to a carrier for it. Personally if that's basically the reason your wanting to rom so bad, go back to android its far easier get going. I ramble now though, to sum up phone runs great unrommed, clean eco system and very secure setup makes for an all around pleasant device. I think special rimming is more or less unneeded for these devices. Been running unrommed windows mobile 7 and 8 now for about two years collectively. Have android tablets all rommed and a s3 rommed as a backup device.
Sent from my RM-878_nam_usa_100 using XDA Windows Phone 7 App
Meh... I considered WP7 without hacks to be nigh-unusable, even though I stuck with a stock ROM. No way to have apps open files automatically, for example (but I could manually add the registry entries, and could write apps that knew how to handle them). No way to access the filesystem (but I could sideload Kindle ebooks using homebrew file managers). No way back up app data or messages (except with homebrew). Minimal control of theming (as a class, this was one of the biggest homebrew categories). No real control over multitasking (I like that the default behavior is so conserving of battery life, but sometimes I don't *want* Puzzle Quest 2 or Fruit Ninja to have to go through its entire launch process just because I switched tasks or let the phone sleep for a bit!). Severe limit on sideloaded apps (I have over 30 of them, counting small utilities that that I developed, and not counting outdated versions, redundent apps, or anything else I removed). No listener sockets (though this didn't require a very fancy hack). No C++ code reuse (same as the server sockets). No way to tell how much space each app was using (but there's a homebrew for that).
WP8 fixes many of the worst problems. We can now register filetype handlers (though Kindle still doesn't register .MOBI or .PRC, so no more sideloading my ebooks for now...), use native code (with restrictions, but it's better than the default on WP7), and theme our phones (well, a litttttle bit more than before; still not enough). They added some much-requested features (SMS backup, variable text size, ability to control the browser app bar at least a bit, WiFi on while sleeping, Skype integration) and of course the change in OS brought many other improvements (multi-core, removable SD cards, higher resolutions, etc.). However, it still has some big problems of its own. True multitasking is still very limited. Data backup is still iffy. Still no filesystem access (or ability to do anything outside an app sandbox except the official Settings tools). Still very limited sideloading.
I promise you, though, people are working on it. I'm one of them, and several of the other names you know from WP7 hacking are as well.
People like GoodDayToDie & netham45 make the windows forums so much fun to follow
nikufellow said:
^stick with 8x at least till Nokia world sometime in September because surprises are on its way
Click to expand...
Click to collapse
Yea but, I am on Verizon....After a release of a model it will take 6 months for Verizon to get a phone that is almost outdated on release.
The 8X is so limited on space that it's driving me nuts, If I find app or game I want to try, I have to uninstall a Paid app to install it. It's getting too old. 8X on format is 11.5gb and the Lumia 928 is 23.5gb, a little over double the space might be worth it, depending on what I can get it for, of course.
The blogs are dead because places like XDA that centralize around modding your phone to improve performance isn't necessary when WP8 software already performs flawlessly. Go to blogs like WPCentral and the Windows Phone community is alive and well swapping out our black Lumia shells for yellow and talking about games and apps. Pretty much doing what we should be doing on a phone, not repairing phones that came broken.
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
I've been wanting to root/unlock my Lumia for one purpose only, sideloading my own developed apps. It's gruesome to try an app in the emulator all the time, but in a month that will be fixed with an AppHub account. And after that my real purpose for rooting/unlocking is gone.
Always fun to see what's possible on the unlocked device though, code-wise.
Sent from my Lumia 920 using Board Express
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
If there is one thing I do not understand about the new SDK APIs, is why on earth an app can not register itself to open file formats reserved by the system. IMO thats the most retarded idea ever implemented in the history of computing. And to make the retarded thing completely retarded, they made it so most common files are handled by system apps, so you can not override the file association.
I am really wondering what is microsoft going to do about these things. If they really want a marketplace full of games, facebook, youtube and instagram apps, then they should stick to their current plan. WP will never get useful in a broad sense.
I hope the update this fall brings new stuff, otherwise the platform will die soon.
GoodDayToDie said:
Flawlessly? ... You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
Although I don't agree with much of his bill-of-particulars, I have to agree with GDTD's sentiment.
Probably, modders need to correct deficiencies. I'm down with MS or anybody else who steps up. I'm in no hurry to crack my OS open right now, though.
I am especially offended at Microsoft's pitiful PDF reader attempt. And some of the apps in the store make me squint. I want to see the author "Google" emblazoned on my YouTube app, not a third party dev. I sure hope MS is putting these apps under a microscope.
The joy of homebrew (and of a developer forum, like this one) is, even if your goals are different from mine, it's possible for you to make your own changes to the device. It's yours; you control it. That's what security *means*, or at least what it's supposed to mean: you (the owner) are in control of what happens.
Ever since the iPhone, though, the trend has been twoards more and more lockdown, taking control away from the device owner and branding this as "security". I don't like it, so I aim to break it. Ideally, we break it in ways that only work with a local attack; I don't want somebody else able to control my device (that really would be the opposite of security)... but I do want to control it myself!
Part of the problem is that there have been no updates in recent months. Portico came out, Nokia dropped some new firmwares last month. But largely, nothing has changed in WP8 since launch. Personally, I find that boring. Maybe I should have an Android phone on the side to keep me entertained with updates, but I find Windows Phone much more usable day-to-day.
It has been more than 6 months since the WP8 launch, and GDR1 didn't really add much. Microsoft should have planned to have GDR2 out by now, even if it meant postponing some features for GDR3. I think most of us would rather have small quarterly updates to WP8, rather than a massive upgrade once a year. It's starting to feel like WP7 and the Mango anticipation all over again, now that it sounds like WP8.1 might be delayed into 2014. Hopefully they come through with their vaporware enthusiast program to keep our attention in the meantime.
I agree with the OP. Cobwebs on this side of the section totally. A thread in a week may be? But there is something I often read on many forums. People who are happy (I know it's a very wide term) with their devices, I.e don't run into problems with their devices, see no need to lurk around. So actually, it is a good sign. It shows how well-thought after a WP device is.
And GoodDayToDie, even though I agree with everything u've noted down, I don't quite believe WP needs all of that.
Still no app data backup machanism. - Umm...Data Sense?
Still no custom themes. - Fair Enough, but again, WP IS NOT meant to be themed to the T
Still no way to sideload XAP files (unless they are "company apps") without a PC. - I believe this is for security reasons.
Still no filesystem access. - Why do you even want that when the system is running flawless, (yes the same word u scorned at.)
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?) - LOL! You gotta be kidding me right?
Android has the worst permission management I have ever seen in my adult life. Android gives wayyyyyyyyyyyyyy more information out than any OS out there.
Still no way remove "Settings" apps. Umm..u sure u want that?
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking). Multi-tasking is really good with WP8.
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it). - Fair enough, but not a deal breaker either.
Still no way to change the default browser or email client or dialer. - I believe you are again entering the territory of themeing, already replied above. Every OS comes with it's own email client. I don't see the point here.
Still no way to install apps to the SD card. - Fair enough. By far the best point in your list.
Still have only limited access to Bluetooth. - In what way?
Still no way to browse, much less edit, the registry. - Again, WHY? WHy mend it when it's not broken.
Still no way to sideload large numbers of (non-"company") apps - U can download the app(paid or otherwise) from the App store on your computer, put it on the SD card and say install from the Store App on the phone. Simple?
DataSense has nothing even remotely to do with backing up (and restoring) app data; where'd you get that idea? Vital feature that homebrew eventually made avaialble in WP7 but is missing in WP8.
"IS NOT meant" nothing! Somewhere under all that sandboxing and locked-down UI is a general-purpose OS running on top of highly capable hardware. It's "meant" to be whatever the owner fo the device *wants* it to be, including (in the case of many, many people if the popularity of WP7 homebrew apps is any sign) theming. Stop being an apologist for Microsoft; it's one thing to say "extensive theming wasn't implemented because other features were higher priority" but when you start trying to tell me that I'm not supposed to theme it, you seriously need to put down the Kool-Ade. Besides, the very claim is ludicrous to the point of disingenious; have you *seen* the WP8 ads? They all stress the customizability of the Start screen. To the point of suggesting you can "meet" a person simply through how they have their phone set up... those ads freaking scream "customize me!" Then you discover there's only a handful of pre-set colors, two background styles, and the ability to mess with the tiles; nothing else.
No, it is quite absolutely *not* for "security" reasons. Security means the owner of the device controlling the device's behavior. If somebody else (like, for example, the manufacturer of the device) is controlling its behavior, that is not security; it's lockdown. The sideloading restriction can only be called security if it's not your device but actually belongs to Microsft. Screw that. Besides, that argument makes no sense anyhow; if I can pay my $99 and sideload with a PC, why can't I sideload without one (or without paying)? The marketplace has DRM to mitigate piracy and that's a darn weak excuse to cripple a device anyhow.
When I can load my Puzzle Quest 2 savegames and other game progress and high scores, copy my PGP keychain, sideload my Kindle ebooks into the Kindle app (yes, this is possible on WP7), extract or replace the built-in audio files, and delete the junk which accumulates in the OS and uses up storage space (without hard resetting the device), then I will stop considering the level of filesystem access a problem. Until then, "running flawless" is quite worthy of scorn indeed.
Wow, I seriously question your reading comprehension. I never mentioned Android in this point, or anywhere else (except to point out that it has a lot of homebrew). But, for your information, the default permissions / capabilities handling in Android is just as broken as in WP8. The difference is that with Android, it is possible (CyanogenMOD did this, for example) to install apps without actually granting them all the permissions they ask for. On WP7, this wasn't properly possible yet, but I was working on a system to do it that hooked the app install process and allowed people to uncheck app capabilities they didn't want to permit.
Um yes, I'd like to remove the non-functioning Samsung apps (until they are fixed) that are taking up space on my phone's storage and making the Settings list longer. I can always re-install them if needed. Every other carrier or OEM app is removable; why should these get special treatment just because they have a field in their app manifest that says "install me in the Settings hub"?
Multitasking - true multitasking, where multiple apps can run at once - is nigh-nonexistent on WP8. Aside from things like audio background agents and once-every-30-minutes-you-get-a-few-seconds-of-CPU-time scheduled tasks, there basically isn't any multitasking (of third-party apps) at all. Fast app switching is *not* multitasking; every app aside from the main one is suspended, unable to do amything until brought into the foreground.
Changing file associations obviusly isn't a deal-breaker, or I wouldn't be using the phone... but definitely a problem. Windows has offered the ability to control file associations since at least Win95, and I think it was possible in 3.1 as well...
Changing the default browser and email client and calendar and dialer aren't "theming" by any conventional definition, but the point made above about theming stands anyhow: it's a matter of personalization. It can also be a matter of functionality (for example, the built-in email client can't handle S/MIME encrypted email at all and has no PGP integration). Or a matter of usability (I use folders a lot; it's a pain needing to expand a menu to get to them)! Or something else... the important point is that it should be possible. Every OS comes with an email client, but every OS except iOS (and WP) allows you to change the default email client, too. This isn't even hard to implement (the relevant registry keys were present on WP7, at least; carrying over the API to control them wouldn't have been hard at all); it's once again a case of Microsoft intentionally restricting what you can do with your phone. If I wanted a mobile OS designed by a control freak, I'd buy an iPhone...
Nothing more really needs to be said here, except that with filesystem access (create a symlink or junction in the apps folder, for example) this would be possible...
Many BT profiles, such as HID devices (for mice and keyboards), are missing from WP8. So far as I know, apps can't use the Headset profile either; the pseudo-turn-by-turn navigation on WP7 would give its instructions via the car's BT if possible, but Nokia/Here Drive must use the phone's speakerphone speaker instead.
When I can change default browser and text editor, create my own themes, enable features that a ROM shipped disabled (have you seen the thread by the guy who can't get visual voicemail?), sideload high-privilege apps (without paying for the privilege), and remove root certificates of CAs that I don't trust (in WP7, these were stored in the registry), then I will stop considering the level of registry access to be a problem.
If they're from the store, they aren't really sideloaded, just downloaded on a different machine. I'm talking homebrew, stuff that the isn't yet, or never will be, or *can't* be (because it breaks some policy of Microsoft's, or requires high privileges to work) put in the store. Besides, many of the most popular WP8 models don't have an SD card slot at all.
GoodDayToDie said:
Flawlessly? Ahahahahaha
Still no app data backup machanism.
Still no custom themes.
Still no way to sideload XAP files (unless they are "company apps") without a PC.
Still no filesystem access.
Still no way to control the permissions an app has (what if I want to use the app, but don't want to give it access to my camera?)
Still no way remove "Settings" apps.
Still no way to do true multitasking (not the restricted and often crippled things that the official APIs call multitasking).
Still no way to overwrite file associations (you can choose them when opening a file that multiple apps claim to support, but that's it).
Still no way to change the default browser or email client or dialer.
Still no way to install apps to the SD card.
Still have only limited access to Bluetooth.
Still no way to browse, much less edit, the registry.
Still no way to sideload large numbers of (non-"company") apps.
...
Seriously, go look at the list of things that are possible with WP7 homebrew (never mind WinMo or Android or iOS), and then see how many of them are possible with WP8 right now. It's a joke. MS added some (much needed) features, but also took away some things that I think are vitally important, and took away our ability to re-create them for the new OS... unless and until we break it as we have broken OSes in the past.
You imply that WP8 didn't come "broken" and therefore doesn't need modding? Bull.
Click to expand...
Click to collapse
The only thing I can agree with you on is the file system, bluetooth, and not being able to override the default apps associations (seriously, the default apps is the most retarded idea ever).
Possable hack or glitch, that is why I am posting here.
According to a few sites, a glitch has been discovered by setting a proxy, you can make your non-nokia phone be able install apps from Nokia's apps.
Sites for info...
http://www.microsofttranslator.com/...n&a=http://www.wpdang.com/archives/98835.html
http://www.wpdang.com/archives/98835.html
http://www.wpcentral.com/glitch-spotted-windows-phone-store-lumia-apps
Does anyone have clear directions on this so everyone knows how to do it?
Also, I am hoping this would allow us to get to the point of a Marketplace Changer like we used to have for WP7 devices.. I personally would like some HTC apps on my Nokia...and a LG app too.
Figured this would be a great place to start a discussion on this.
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
DavidinCT said:
Possable hack or glitch, that is why I am posting here.
According to a few sites, a glitch has been discovered by setting a proxy, you can make your non-nokia phone be able install apps from Nokia's apps.
Sites for info...
http://www.microsofttranslator.com/...n&a=http://www.wpdang.com/archives/98835.html
http://www.wpdang.com/archives/98835.html
http://www.wpcentral.com/glitch-spotted-windows-phone-store-lumia-apps
Does anyone have clear directions on this so everyone knows how to do it?
Also, I am hoping this would allow us to get to the point of a Marketplace Changer like we used to have for WP7 devices.. I personally would like some HTC apps on my Nokia...and a LG app too.
Figured this would be a great place to start a discussion on this.
Click to expand...
Click to collapse
Guyz, I've tried this on my Huawei W1 but its says, cannot connect,,,,,,,,,, ive also tried changing the region but nothing happens, does anyone tried this already, and successfully installed those nokia exclusive apps?
Thank you,
jakelq said:
Guyz, I've tried this on my Huawei W1 but its says, cannot connect,,,,,,,,,, ive also tried changing the region but nothing happens, does anyone tried this already, and successfully installed those nokia exclusive apps?
Thank you,
Click to expand...
Click to collapse
it is time based. I mean, sometimes it happens. sometime it doesnt. keep trying is all I can say.
GH0ST DR0NE said:
it is time based. I mean, sometimes it happens. sometime it doesnt. keep trying is all I can say.
Click to expand...
Click to collapse
yup, i tried this at home and it worked..
It runs smooth with huawei w1 and i dont experience any missed swipes.
Why does it wasnt released for 512 mb ram?
tnx.
GoodDayToDie said:
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
Click to expand...
Click to collapse
I would gladly test (I am dev unlocked) anything you can come up with here.
Anything that could help progress towards a hack on WP8, even if it's a marketplace changer of some type
aclegg2011 said:
Man, we really need to find a way to dev unlock our phones. :/
Sent from my RM-917_nam_usa_100 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
The same process (dreamspark EDU account, etc) that worked for WP7 works on WP8 but, the limits of 3 apps are still there... So I can sideload 3 apps..
DavidinCT said:
The same process (dreamspark EDU account, etc) that worked for WP7 works on WP8 but, the limits of 3 apps are still there... So I can sideload 3 apps..
Click to expand...
Click to collapse
I have an edu account activated since december 2011. I had on my Omnia W (WP 7.5) only the possibility to sideload 3 apps, but now on my lumia 820 i DONT have this limit of 3 apps..
gipfelgoas said:
I have an edu account activated since december 2011. I had on my Omnia W (WP 7.5) only the possibility to sideload 3 apps, but now on my lumia 820 i dont have this limit of 3 apps..
Click to expand...
Click to collapse
I have a Lumia 928, and I dev unlocked it(got one of those free EDU accounts that was going around, I log in 2 times a year), I put on 3 apps and it gives me an error if I try to add more.
I would like to add more but, No biggie because there is not 3rd party tools or hacks for WP8....YET.
DavidinCT said:
I have a Lumia 928, and I dev unlocked it(got one of those free EDU accounts that was going around, I log in 2 times a year), I put on 3 apps and it gives me an error if I try to add more.
I would like to add more but, No biggie because there is not 3rd party tools or hacks for WP8....YET.
Click to expand...
Click to collapse
I dont mind but it seems that my account has a bug..?!?
GoodDayToDie said:
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
Click to expand...
Click to collapse
Here is a question on this. Is there a list of "proxies" for different carriers/OEMS ? I could not find anything besides this one. Do you know how I can access HTC, Samsung, LG, etc list ?
How does one access the marketplace of another OEM than Nokia ? (I have a Nokia so that is not an issue for me)
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
GoodDayToDie said:
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
Click to expand...
Click to collapse
Awsome, I look forward to something ! Thanks !
GoodDayToDie said:
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
Click to expand...
Click to collapse
Hi ,GoodDayToDie
Try fiddler2 to modify the request send by the phone when talking to the Marketplace servers.
I have made some research and it's intresting.....
@Mattemoller90: Yes, but I can't promise that the app will install correctly afterward. Apps identify, in their manifests, the resolutions they support. If the app requires resolution that the phone doesn't have, the phone will most likely simply refuse to install it.
@GoodDayToDie
How can I cheat the Marketplace with Fiddler2 (for change the resolution) I want try
You are the best
Eh, I'm not going to write a full tutorial right now. Short version is install Fiddler, set it to proxy external connections (will need to be let through your firewall), set your phone to use your PC's IP address and Fiddler's listening port as the proxy, set Fiddler to intercept requests, and then open the Marketplace. You'll see an HTTP GET request from the phone to Microsoft's servers, and the URL will contain a bunch of details about your phone (manufacturer, model, version info, region, etc.) including resolution. Replace the resolution string with the one you want to pretend to have, then have Fiddler "Run to completion".
Note: You'll probably have to do this multiple times. It's OK to not do it for things like partial searches, but you'll of course need to do it for the final search query. It can be scripted, but that's outside the scope of what I'm going to tell you to do here. Look at how @xdevilium does it in his app: http://forum.xda-developers.com/showthread.php?t=2362165
Can fiddler be used for other things? Like seeing where server updates are coming from, and how are phones interacts with developer registration?
Sent from my RM-917_nam_usa_100 using XDA Windows Phone 7 App
In theory, yes it can (or any other HTTP/HTTPS proxy; there are several of them available). However, the functions you describe use HTTPS. To intercept SSL traffic, the proxy needs to forge certificates for the sites you connect to (unless it somehow got ahold of the site's private key). To have your phone trust the forged certificates, the proxy (including Fiddler, if you choose to enable it) can sign the forged certificates using its own private key; if the corresponding public key is trusted by the phone (which can be done just by sending the public key to the phone using email or bluetooth or something, and installing it) then the forged signatures will be trusted.
However, that's only true for the general case. For specific OS functionality, Microsoft (and all the other big mobile vendors) use a technique called "certificate pinning" where the SSL certificate must either exactly match a known certifiacte, or must be signed by an exact match. In this case, it doesn't work to install your proxy's certificate and have it be trusted; a feature using cert pinning doesn't even check the OS's trust store. Therefore, we can't intercept those specific communications.
It's frustrating.
I've never scripted Fiddler, I just re-wrote the requests by hand. It's easy enough; there aren't very many. I could tell you how to do it in a couple other proxy programs.
GoodDayToDie said:
I could tell you how to do it in a couple other proxy programs.
Click to expand...
Click to collapse
I Really Appreciate That
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
AccEss-dEniEd said:
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Click to expand...
Click to collapse
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Assuming you have Exchange, does this not provide the management part?
AccEss-dEniEd said:
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
Click to expand...
Click to collapse
I currently work in the infrastructure of a good sized corporation. We're using IOS with a mixture of android hardware and there's some good news and bad news for what you want to do.
Good news is, like Jpcurrie said, exchange will handle remote wiping and locking the phone down. you can require the phone to use a PIN, remote wipe and and a bit more. As for locating the phone, Google actually has finally built in remote locating of your device and remote wipe as well. There's a couple good apps out there (lookout) will turn on your GPS and allow you to locate the phone and they're free. If you happen to have a virtualized environment with VMware, you could also use VMware View Horizons which builds in a secure sector on the phone and you can remotely manage which apps and files the user can use. the best part of View is you can use a BYOD model and keep corporate data secure. The biggest issue is if you don't happen to already use a VMware architecture it gets pricey quickly.
Here's the rub now. you want to install your own logos on the bootup which you could do by installing a custom ROM. This will void your warranty on the hardware and as it isn't 100% stable you'll be spending a LOT of time trying to keep a consistent environment.
Like netsyd said, talk to management about an MDM, and the branding of the devices, maybe even talk to them about using a BYOD to reduce costs of hardware and administration of that hardware.
Isn´t Knox supposed to allow administrators to only delete the data that belongs to the Corporate account (emails, calendars, tasks, etc.), or an administrator can still force a full device wipe? Sorry if the questions is too basic, I've tried searching around for info on Knox but couldn't find anything besides press releases.
I'm not a network administrator, I'm just a user and my school secure wifi installs a device administrator.
I'm sorry to deviate the topic a little bit from the original.
At Delta we use Air Watch but it's far from free. You can however manage devices and remote wipe. You can also view installed apps and remove what should not be there. Options for device profiles also. I help maintain these devices everyday. Not Free but an MDM is your best bet.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
long time - no see
Hiya,
sorry I didn t answer - kinda was overwhelmed with this Task.
Wanted still to thank you: I did what you suggestet and wanted to let you know where I am now.
1. Meraki = implemented - now runnning 160+ devices. (at no costs)
2. CM12.1 implemented (without GAPPS/no SU)
3. Standard Image/w Apps defined. (Mostly Offline capable Tools like "here" etc.(which actually reduced costs))
4. Since Android has limited capability to be administered in a "real" professional Fashion we mitigated this issue by creating a policy to forbid the user to temper with the device (e.g. Installation of Software/SU etc) yet to allow the Installation of Software manually by us via creating a ticket. We check the Software mainly for "sanity" and malware and install it if ok.
This has been working so far like a charm for us. None of the user were happy to loose the Gapps obviously - but once they had their Software and settled in, all was ok. For the Administering part: Meraki can tell me if Software is beeing installed without our Knowledge, also we see if SM doesnt speak with us anymore. So, for now, we got the most out of the System and I am happy to say: I got minimal Control in a Quality sense. No no more "KO Critera" - and we have implemented Android. Tracking etc. is forbidden in Germany anyway - so we use Meraki mainly to wipe if lost and to check if someone goes against policy.
What is still open:
- I am still working on a way to have the user enter his credentials and automatically enter These in all respective config files. (haven't had much luck - with the absense of SU obviously.
- a Little cosmetics still open (I am still trying to figure out how the theming really works ... I usually f**k up the Pictures and sounds.... but so far making Progress
- with less and less good Android devices coming out (now, I am probably beeing flamed now ) that suits our needs (open bootloader, known/supported CPUs, removable battery, SD Card Slot) - I think we might Switch by Q4/2016.
netsyd said:
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Click to expand...
Click to collapse
Hello,
I want to disable the confirmation for the application "Project My Screen" that asking you "Allow screen projection?"
I need it for testing purposes.
How can we make it possible?
I thought about different possibilities :
- changing a registry value (if one is existing for that purpose)
- making a native application to auto accept
- edit the ROM to disable it.
If you have any suggestions I'm open for it.
Thanks in advance,
Best regards
First, grab the app and reflect it ("disassemble" i.e. recover sources - if it's possible of course and app isn't native). Later you may recompile or modify binary code, and replace installed app.
P.S. Of course you need a "interop" (or caps) unlocked handset for that.
I dont think that would be possible.
Because of security/safety. issues
This project my screen app does not only work with USb but also on remote ( if i am not mistaken ).
When someone can kill this notification on someboddies Phone without noticing it, you got a hell of a opertunity to monitor that Phone.
Nice to check out the kids/wife/husband/friend whatever....
WARNING: This is not a place for you to come to say how great you think Chainfire is. I'm not calling his character into question, only his methodologies and the character of the outfit he sold out to (and I don't question the act of selling out, that's business, pays the bills, and puts kids through college). The debates about what people prefer and why are as old as the first software. And of course, I will not tell you what to do, no matter how much I disagree with you. If you UNDERSTAND what I have to say, then THIS software is for you. If you don't, you are probably better off with binaries.
The root situation on Android 5.x left a lot to be desired. There was basically just one distributor of a functional substitute user command (su), and it was binary. Recently, ownership of that binary and all of its history has become the property of a previously unknown legal entity called "Coding Code Mobile Technology LLC". While it was presented as a positive thing that that entity has a great involvement with android root control, this is actually a VERY frightening development.
The people at CCMT are no strangers to the root community. They have invested in, or own, a number of popular root apps (though I am not at liberty to disclose which ones) - chances are, you are running one of them right now. I believe SuperSU has found a good home there, and trust time will not prove me wrong.
Click to expand...
Click to collapse
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
You don't know the owners, and they are distributing a binary, so who the heck knows WHAT is going on.
Now a few important considerations with respect to your security and privacy;
1) Obfuscated binary cannot be sanely audited.
2) Function of this binary depends on the ability to manipulate selinux policies on the fly, including RELOADING the policy altogether and replacing it with something possibly completely different. Frankly, I've never heard a single reason why this should be necessary.
3) While a root control application may give you nice audits over other software that is using its service, it can *EASILY* lie about what it is doing itself. It can delete logs, it can share root with other applications that they have made deals with, it can directly sell you out to spammers, etc.
That is WAY too dangerous, and not worth the risk.
Frankly, you are safer if you disable selinux AND nosuid, and just run the old style of root where you set a copy of sh as 6755. And that is FRIGHTENINGLY dangerous.
So not satisfied with this state of root, and especially now with a new unknown entity trying to control the world, we bring you the rebirth of the ORIGINAL Superuser:
https://github.com/phhusson/Superuser
https://github.com/lbdroid/AOSP-SU-PATCH (this one is mine)
From the history of THAT Superuser:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
Yes, look at the Superuser repo above and see whose space it was forked from.
Note: This is a work in progress, but working VERY well.
Use my patch against AOSP to generate a new boot.img, which includes the su binary.
Features:
1) selinux ENFORCING,
2) sepolicy can NOT be reloaded.
3) It is NOT necessary (or recommended) to modify your system partition. You can run this with dm-verity!
The source code is all open for you to audit. We have a lot of plans for this, and welcome suggestions, bug reports, and patches.
UPDATE NOVEMBER 19: We have a new github organization to... "organize" contributions to all of the related projects. It is available at https://github.com/seSuperuser
UPDATE2 NOVEMBER 19: We have relicensed the code. All future contributions will now be protected under GPLv3.
*** Regarding the license change; according to both the FSF and the Apache Foundation, GPLv3 (but not GPLv2) is forward compatible with the Apache License 2.0, which is the license we are coming from. http://www.apache.org/licenses/GPL-compatibility.html . What this means, is that it is *ILLEGAL* for anyone to take any portion of the code that is contributed from this point onward, and use it in a closed source project. We do this in order to guarantee that this VITAL piece of software will remain available for EVERYONE in perpetuity.
Added binaries to my the repo at https://github.com/lbdroid/AOSP-SU-PATCH/tree/master/bin https://github.com/seSuperuser/AOSP-SU-PATCH/tree/master/bin
These are *TEST* binaries ONLY. Its pretty solid. If you're going to root, this is definitely the best way to do so.
The boot.img has dm-verity and forced crypto OFF.
The idea is NOT to use as daily driver, while I can make no warranties at all regarding the integrity of the software, I use it myself, as do others, and its pretty good.
What I would like, is to have a few lots of people try it out and report on whether things WORK, or NOT.
IF NOT, as many details as possible about what happened, in particular, the kernel audit "adb shell dmesg | grep audit". On non-*nix host platforms that lack the grep command, you'll probably have to have to add quotes like this in order to use android's grep: "adb shell 'dmesg | grep audit'".
How to try:
0) Starting with a CLEAN system.img, get rid of supersu and all of its tentacles if you have it installed, if it was there, it will invalidate the tests.
1) Install the Superuser.apk. Its just a regular untrusted android application. Yes, there is a security hole here, since we aren't (yet) authenticating the communications between the android application and the binaries, or validating the application by signature, or anything else that would prevent someone from writing a bad Superuser.apk. This is on the list of things to do.
2) fastboot flash boot shamu-6.0-boot.img
3) test everything you can think of to see if it works as expected.
Note: there are some significant visual glitches in the android application, but nothing that makes it unusable.[/quote] @craigacgomez has been working on fixing up the UI. Its really paying off!!!
How you can reproduce this YOURSELF, which we RECOMMEND if you feel like daily driving it (in addition, make sure that you UNDERSTAND everything it does before you decide to do that, you are responsible for yourself;
You can build it any way you like, but I do my android userspace work in eclipse, so that is what I'm going to reference. Import the project from phhusson's git, including SUBMODULES. Right click the Superuser project --> Android Tools --> add native support. The library name you choose is irrelevant, since it won't actually build that library. Right click project again --> Build configurations --> Build all. This will produce two binaries under "libs", placeholder (which we won't be using), and su. You need the su binary. Then right click project again --> run as --> android application. This will build Superuser.apk, install it, and launch it.
Next:
repo init -u https://android.googlesource.com/platform/manifest -b android-6.0.0_r1
repo sync
Then apply su.patch from my git repo.
UNFORTUNATELY, the repo command isn't smart enough to apply a patch that it created itself. That means that you are going to have to split up the patch into the individual projects and apply them separately to the different repositories. This isn't that hard of a step though, since there are only FOUR repositories I've modified... build/ (this just makes it possible to build with a recent linux distro that doesn't have an old enough version of openjdk by using oraclejdk1.7. The boot.img doesn't actually need the jdk to install anyway -- its just part of the checking stage, so its up to you.), device/moto/shamu/, external/sepolicy/, system/core/.
After applying the patches, copy the su binary you generated with eclipse into device/moto/shamu/
Then ". build/envsetup.sh; lunch aosp_shamu-userdebug; make bootimage". That should take a minute or two to complete and you will have a boot.img built from source in out/target/product/shamu/
NEW UPDATE!!!!
While I haven't yet gotten around to running a complete cleanup (very important family stuff takes priority), I *HAVE* managed to find a half hour to get on with the Android-N program. If anybody takes a peek at the AOSP-SU-PATCH repository on the AOSP-N branch, you should find some interesting things there.
One warning first though... I updated the patches to apply against the N source code, and then updated some more to actually compile, and compiled it all. BUT HAVE NOT HAD THE OPPORTUNITY TO TEST IT YET.
Nice thing you came up. Sounds awesome.
We should have an alternate to all LLC thing, no matter how much respect (I owe you Chainfire thing) we got for the man who created CF Root (since Galaxy S days) and SupeeSU.
wow, tyvm for this! Will definitely test for ya and let you know.
I already applied your patch, built my own binaries and the boot.img but won't have a chance to test anything until tomorrow. Would love to get this %100 working fine and yeah, will use this from here on out instead of supersu.
Thanks again and yeah, will post when I have something ^^
I will be following progress closely, as should others. Without something like this, many in the community may naively let a corporate entity control root access on their devices. This is extremely frightening, it may not happen right away but if you believe the an entity will not monetize or exploit the current situation I believe you are sadly mistaken.
I could be wrong, however, it's not a risk I will take lightly and no one else should either.
Thanks for this.
Nice work!! Will be following this thread closely.
Time for me to learn eclipse. And do a heck of a lot more reading.
Larzzzz82 said:
Time for me to learn eclipse. And do a heck of a lot more reading.
Click to expand...
Click to collapse
Just note that I use eclipse because I'm used to it. Its become the "old" way for android dev.
i just paid for superSU is this the same people?
TheLoverMan said:
i just paid for superSU is this the same people?
Click to expand...
Click to collapse
I'm not sure what you are asking... are you asking if I am in any way affiliated with supersu, then you probably failed to read the first post in this thread altogether.
Charging money for a binary blob to use root on your device is borderline criminal, and unquestionably immoral. I'm sorry to hear that they got something out of you.
This is pretty great. I'll be watching this as well.
Perhaps this is not the place to take the tangent but why does root behave as it does and not more similar to a standard linux distro? It seems like it would be much more secure to have a sudo function as opposed to an all encompassing root. I'll admit I'm not that familiar with the inner working of the android OS but off hand I can't think of any program that absolutely needs to be automatically granted root every time it wants to run (I'm sure there are but even in this case the power user could chown it to standard root).
Wouldn't it be much more secure if you had to go in to developer options (which are already hidden by default) and turn on the option for sudo. This would then require a sudo-user password (perhaps even different than the standard lock screen password). Need to run a adblock update? Enter the password. Need to run Titanium backup? Enter the password... etc. Much more secure than a push of "accept".
Sorry for off topic but it's always made me wonder and seems like it would be root done right (see how I tied that back to the topic ) If elevating programs/tasks to a superuser was more secure perhaps it would not need to be such an issue...
^ Some root functionality is just too common for a Linux like sudo password to be usable at all. I'll give 2 examples:
1. Since Lollipop Google disabled access to mobile network settings for third party apps. Now it's only possible with root. I have an app that together with Tasker automates my network changing. That network app needs root access EVERY time there is any changes to the connected network and when it wants to change the settings.
Phone connects to a different cell tower? Root needed to detect this and determine the mobile network status.
You can figure how many times this is required per day.
2. I use Greenify to force some misbehaving apps to sleep after the screen goes off. It needs to request root every time it wants to sleep one of those apps. In other words every time I use them, after my screen goes off and I turn it back on I'd be facing both my secure lockscreen and the sudo password.
There's are plenty of other apps that need to request root access on a regular basis. These were just a few examples. If you only need root for TiBu then a sudo password type of security measure would work. In my case all I'd be doing with my phone would be typing that password again and again.
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Sent from my Nexus 6 using Tapatalk
Interesting thread. Thanks for your work....subscribed
doitright said:
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
Click to expand...
Click to collapse
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
I've read a few articles suggesting that they would prefer to prevent people from rooting their phones (partially so that they can monetise Android Pay - which requires a Trusted Computer Base, which means unrooted - as well as controlling Ad Blockers, which affect a revenue stream). I also suspect that only a tiny minority of Android users - and most of them are probably on here - actually root their devices.
Regardless of the motives, having a technological monoculture is never a good thing, especially when it is delivered as a binary owned by an unknown organisation.
(No disrespect to Chainfire - I have had many years of root access to my devices thanks to his efforts.)
scryan said:
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Click to expand...
Click to collapse
Not quite.
"root" is the *name* of a privileged user, with user id of 0.
The "su" command (short for substitute user), is used to substitute your current user for another user, but most particularly root.
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Philip said:
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
Click to expand...
Click to collapse
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
urrgevo said:
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Click to expand...
Click to collapse
Nope. The root directory can be setup to be accessible by specific users just by applying the appropriate permissions to the files.
The root directory and root user are not specifically related.
doitright said:
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
Click to expand...
Click to collapse
Because the "third party" might actually be Google (or an organisation funded by them).
---------- Post added at 15:05 ---------- Previous post was at 15:02 ----------
doitright said:
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Click to expand...
Click to collapse
Shouldn't need to su to root to do this - that's what setuid and setgid are for.