Related
Hello,
Is there a shortcut or a link I can click on the ppc to make to password protect it?
I have it where it will turn on after 90 minutes, but not everytime. and I'd like a way to just click on a link, and the password thing is protected.
Any ideas or suggestions?
if you set it to 0 minutes it will lock when the ppc goes to suspend mode; the downside of course is you have to unlock everytime you power back on.
I'm also interested in something that enables the password screen via software/button. I use the 0 minutes rule but you have to suspend the device which breaks any activesync connection and the whole process starts again when you power on. A simple little app that enables the password screen the same as at power on would be great.
Maybe TranCreative Nice Start would help
you may want to take a look at psshutxp also http://www.freewareppc.com/utilities/psshutxp.shtml
Thanks guys, but neither is what I'm looking for. I don't want a third party security product and I don't want anything that shuts the device down, just a tiny app. that triggers the in-built password screen so I can assign it to a button or icon.
Ah well, have to keep looking.
I use Omega 1-pass, its a great password app (currently the best one for magician I think)
Also, it wont cost you a cent if you search around for the crackz.
mtbsoft said:
I don't want a third party security product ... just a tiny app. that triggers the in-built password screen
Click to expand...
Click to collapse
mtbsoft said:
mtbsoft said:
I don't want a third party security product ... just a tiny app. that triggers the in-built password screen
Click to expand...
Click to collapse
Click to expand...
Click to collapse
I was trying to help others also by the way.. (not just you)
Anyways, the built-in password in PPC is terrible.. buttons are too small and basically its too basic. Why dont you want a third party app? A "tiny app" is a third party app (LOL)
Give 1-Pass ago.. believe me its one of the app that you'll sacrifice some space for it (around 500KB or less I think). Perfect sized buttons, no excess features etc..
If you do try it.. let others know how you get on.
If you afraid/alergic to use 3rd party software just X-backup first your ppc, install the software >> not satisfied >> restore to get the same setting/database
1-PASS IS A WONDER
hi all,
i am using 1-pass and the software is in fact wonderful... lets u assign a hardware button for password access and moreover allows flexibility!
and for the problem with which the topic was started /.... just set the time when u want 1-pass activated when the device is not used and ur work is done!
Nutdhanai said:
Anyways, the built-in password in PPC is terrible.. buttons are too small and basically its too basic. Why dont you want a third party app? A "tiny app" is a third party app
Click to expand...
Click to collapse
nsriza said:
If you afraid/alergic to use 3rd party software
Click to expand...
Click to collapse
I'm not "afraid/alergic" to use third-party products - I have over 90 applications & games installed, ALL legit. by the way, no cracks - I review the stuff as well as use it.
I simply don't want/need anything more than the basic PIN mechanism which the device already provides. Besides which, I wish it to be something my wife (a technophobic!) can use easily, hence the PIN approach.
I've looked at many security packages and either dislike the way they work or find them to be complete overkill. I'm not looking to bullet proof the device just provide simple privacy protection when it's on the desk, hence I just want a basic trigger mechanism for the in-built password screen, nothing more.
BTW I find the 1-pass claim of...
In tests, entering a 4 digit password using the standard password program took 7 seconds.
Click to expand...
Click to collapse
...laughable, what were they using to enter it? A blind gorilla? I have no problem entering the four digit pin in two seconds, including powering the device on with the same hand!
mtbsoft,
try contacting Microsoft, see if they can patch the built-in password protection for you
MTBSOFT seems to be in airs!
the subject sums up all!
Re: MTBSOFT seems to be in airs!
studdocs said:
the subject sums up all!
Click to expand...
Click to collapse
It might... if it made sense!
studdocs said:
try the attachment! .cab file and works like magic!
Click to expand...
Click to collapse
You realise that, by posting bootleg software like this, you are risking the actual owners of this commercial software taking action against the site? You might want to consider removing it for the sake of the other site users.
@mtbsoft back on topic (well hopefully): I was using a set of shortcuts that would automatically send you to the Settings Menu used the Bluetooth one. Anyway when I tapped it, I went straight to the Bluetooth App. Maybe there is one for the Password Application, found it over at brighthand... here is the link for the thread. http://discussion.brighthand.com/showthread.php?s=&threadid=79526
also am not sure but when I used to use OmegaOne's BattpackPro I remember that it had a 'key' icon/link (in Program Bar) maybe this would lock the device as well so? if you have it on your device maybe you can check this feature.
anyway, still thinking of other ways to lock the device without power off (and hopefully additional apps) also...
bnycastro said:
anyway, still thinking of other ways to lock the device without power off (and hopefully additional apps) also...
Click to expand...
Click to collapse
Hi mate,
Thanks for the thread, I'll take a look and see if there's anything there of use to me. I have found a crude sort-of way to give some protection - the screensaver from PHM Tools. When you run it, it simply powers off the screen and doesn't come back on until you press the action button (nav-pad centre), so the device appears to be turned off. If someone then tries to turn it on with the power button it actually turns off and engages the lock!
The disadvantage is that other buttons are actually still enabled and functional when the screen is off so someone could trigger applications or even make a call with two phone button presses, but it's a start. Thanks again for the helpful reply.
mtbsoft said:
bnycastro said:
anyway, still thinking of other ways to lock the device without power off (and hopefully additional apps) also...
Click to expand...
Click to collapse
Hi mate,
Thanks for the thread, I'll take a look and see if there's anything there of use to me. I have found a crude sort-of way to give some protection - the screensaver from PHM Tools. When you run it, it simply powers off the screen and doesn't come back on until you press the action button (nav-pad centre), so the device appears to be turned off. If someone then tries to turn it on with the power button it actually turn off and engages the lock!
The disadvantage is that other buttons are actually still enabled and functional when the screen is off so someone could trigger applications or even make a call with two phone button presses, but it's a start. Thanks again for the helpful reply.
Click to expand...
Click to collapse
I dont understand?? Why would you go through all the trouble when there is a software readily available to do the job that you need?
How little is that tiny app you are looking for?? Why doesn't 1-Pass cut it for you? Please share.. the ppl that are using might want to know if there is a flaw in it or some information that you might know..?
If you dont want 3rd party app then why are you using PHM tools??
i summed up the reason and will provide one more....
mtbsoft works for a company which competes with 1-pass!
HA HA HA ....
Nutdhanai said:
Why doesn't 1-Pass cut it for you? Please share.. the ppl that are using might want to know if there is a flaw in it or some information that you might know..?
<snip>
If you dont want 3rd party app then why are you using PHM tools??
Click to expand...
Click to collapse
Did you actually RTFA or just skim over it? Try again...
mtbsoft said:
I don't want a third party security product
Click to expand...
Click to collapse
...and...
mtbsoft said:
I have over 90 applications & games installed.
Click to expand...
Click to collapse
All of which I use and need (excluding the games), including many of the features of PHM. I don't want and don't need a third party security product. All was looking for was a tiny little exe which wraps up the single API call (probably) to a DLL which triggers the password lock screen - I don't even want it to be memory resident.
mtbsoft said:
I simply don't want/need anything more than the basic PIN mechanism which the device already provides.
Click to expand...
Click to collapse
Memory is a consideration because of the number of applications which have to be installed in Main Memory as opposed to SD. Why should I waste memory for something which is essentially built-in?
mtbsoft said:
I've looked at many security packages and either dislike the way they work or find them to be complete overkill.
Click to expand...
Click to collapse
Take 1-pass - it claims...
Password program you will actually use! - I use the built in!
Fastest ever password entry using innovative hard key password feature - don't need.
Shows essential information - so does the basic "my info" screen
Automatically locks when left unattended - don't want, would find it more annoying
Lock your device on demand - woohoo!
Keylock - just like on your mobile phone - don't need, if the password is engaged!
2 types of password entry - don't want
Use your own picture in the background - don't want
Ideal for corporate deployment - irrelevant for an individual
Supports landscape (320x240) - not on my device since it doesn't
So you see, I'm not knocking the product (even though some of the claims on the website are laughable, misleading or just plain wrong), it simply isn't what I want, it's full of features that I don't want or need and I wouldn't waste USD$20 buying all that for just the one feature I'm interested in. I also dislike the way some of its features require you to buy other products too.
The same applies to most of the products I've looked at - they're all crammed full of stuff that is totally useless to me.
Hello Everyone,
I just got my 8525 in the mail yesterday and upgraded the boot loader, radio, and WM6. I had a little trouble but in the end, all that I can't get working right is the internet for Cingular. I really appreciate all the hard work everyone puts into this. Here is my thank you, this is my first app so go easy on me.
nomb
nombCrypt
nombCrypt is an encryption program I originally made for the desktop but then decide to port it over. It uses a password you provide and encrypts either a block of text or files using 256bit Rijndael (AES). This level of encryption was given the ok to encrypt Top Secret documents. It can of course decrypt as well. This is for Windows Mobile 6. Please enjoy and every developer of course likes to get back feedback.
Planned/Requested Improvements
Truecrypt like encrypted containers
Implement Encrypted Backups (P)
Get File Encrypt Status Bar Working (P/R) <-- I'm dreading writing the working class :'(
Use Device ID As Salt Option (P)
Randomize Salt More (P)
Add More Encryption Algorithms (P)
Change File Open Dialog To Open Less (R) completed - now initially looks for *.nen (nombCrypt Enc. Files)
Encryption Password Confirmation (R) completed
Clipboard Paste Button (R) completed
Clipboard Clear Button (R) completed
Take Off Start Menu Icon (R) completed
Change Icon (R) completed
Add Exit To The Menu (R) completed
Add Time Out Feature (R) completed - (see page two for details)
Integrate nombCrypt Into WM6 More (P)
I. Encrypt MS Certificate Store (R)
Other Fixes
Improved Text Encryption So The End TextBox Is Opened Less
Added file error checking to the file decryption process
Two screenshots and the cab file are attached.
I hope you guys enjoy...
nomb
Hey! I wanted to do the same thing too! Just that I use my own XOR method (One Time Pad-like) instead. Of all the thing, it works alright, except that I can't get it to do a Copy-Paste. (see here http://forum.xda-developers.com/showthread.php?t=321014)
Also, from what it seems, I would presume that (since you uses AES), the end result would be in 'relatively' binary format (right?), which may not be very program friendly.
I was going to do about the same thing, except that I'll have my end result Base64 encoded, such that I can have them pasted to Notes and have it sycned to outlook. And I have my PC based software to do the job there (if required).
Previously, I used a software called Ccrryyppttoo, which did quite alright, but it seems that my PC is doing some coding, when synced, that makes it goes funny (i.e. cannot be decrypted anymore).
I'll PM you a demo of what I did (in Java web), of which I intended to do it in PPC
With Rijnael the resulting encrypted string/file gets encoded into base64 as well because if it didn't, all the characters wouldn't be represented. You can paste this into notes just fine.
Mine is programmed in c# so there is a clipboard function which works relatively well. If you'd like to help with this your more than welcome to. Or if you want to join your project with mine that would be cool too. I plan to support all major and a lot of minor encryption algorithms that I can find. Plus people were complaining about how the encrypted backup on the ppc should use the device id to encrypt instead of the randomly generated key so I plan to implement that as well.
I'm looking forward to seeing your demo.
nomb
Hmm.. so it is b64 encoded.. niicceee. Hmmm. . I should try out C# soon.
Anyway, there is a suggestion, I'm not sure if you have the library for it. After my symmetric cipher program, I'm in thinking about a asymmetric-public-private key cipher, which people can exchange short messages in secret (e.g. via email, IM, SMS) without the need to exchange the key/password. It is relatively done now, I'll show you the web base version once it is done. It runs on the Java security class, which I'm not sure if C# has those library or not.
The idea is, Alice go to my page, generate a pair of keys. Alice then send Bob her pub key. Bob use pub key, go to my page, encrypt the message. Send it to Alice. Alice decrypt message at my page. No software to install, no secret key exchanged.
Yup c# has the ability to do that built into its cryptography namespace.
That is a cool idea, but instead of having Alice send the key to him. You should just make a db to keep track of the keys and then have him answer a question about Alice or something like that to use the pub key. that way thats even one less step they have to worry about. Or have Alice put in his email address and have your site auto email him the pub key. That would be good too.
But sweet idea, maybe I'll make my program talk to your site.
Have you tried mine yet?
nomb
I dont like the "answer a question" method, as in that case, you might as well use the answer as the password?
Anyway, the emailing the pub key is an idea
I'm not in my own PC yet, can't send it to my phone from this PC. Will try it out later tonight.
hanmin said:
I dont like the "answer a question" method, as in that case, you might as well use the answer as the password?
Click to expand...
Click to collapse
Ya I'm at work and was hungry so I wasn't thinking strait. I don't like that idea either. ^^
I think my next step in mine is to build the background worker class to update the progress bar when you encrypt/decrypt a file.
If you just point your phone to the cab above it will install it for you. You don't need a comp unless u don't have a dataplan.
nomb
I dont have data in my plan.. although O2 gives me 1MB+ a month free.. I'm not using it.
Anyway, I've tested your software, a few comments.
Slightly major problems:
[1] It is not wise to do a 'All folders' and 'All Files' upon browsing (for file to be de/encrypt). People (e.g. me) has gazillion files around and it may take ages to load the list.
[2] You may want to pop up a Window, asking the user to confirm his/her password upon encryption (one of the thing I intended to add on mine )
[3] I'm not able to paste any data onto the 'start text' area. E.g., I have encrypted my stuff, saved it into Notes. Later, I wanted to get it back, I copy the encrypted code from my Notes, and no way of pasting it into the 'Start text'
[4] You already knew this, but, good to have some kind of progress bar to indicate the progress
[5] Hmmm.. on the browsing, there doesn't seems to have a way to find files on my Storage Card's root directory
[6] For security reason, probably it is good for you to add a 'Clear Clipboard' button?
Minor:
[1] I find it annoying that once I had the software installed, it is on my Start menu
[2] You could use a better icon, I just see a black square on my not so bright screen. I can help you on this.
[3] Add an "Exit" on the menus below?
Other possible suggestions:
[1] Have a time out on your software, such that, e.g. if there is no activity on software after a certain amount of time, it will do one/some/all of these (a) close itself (b) clear the password, input, output (c) clear the clipboard
Good suggestions, I'll have those done by tomorrow. I can't play with the storage card aspect yet because I don't have one. :'( Soon though I'm hoping to get a 4gb. And ya, i can't make icons worth any.
Oh, to past it back I always did ctrl+v from the keyboard. But I'll throw a button up there to do that. And I'll make sure to take it off of the start menu.
1 good comment would have been nice. Altho criticism is good.
nomb
Haha.. sorry for the lack of good comments, I was trying to think of something to suggest. But come to think of it my post on top are good comments (e.g. niiiiccceee Base 64 encoded), and the fact that it has the simple string->string encryption.
I did googling a bit, and found these
http://www.entity.cc/ICONS/security-icons.php
http://www.hscripts.com/freeimages/icons/computer/lock-icon.php
http://icons.qarchive.org/
which you may want to use as your icons?
Ya I was just teasing you. The icon I have now I got off of your last link at somepoint I just don't remember when. But I think I will probably use one of the others. But ya, I'll work on those fixes and then attach the updated program. Then once I get those fixes done, I'll work on adding the differnt encryption algorithms and the encrypted backups.
nomb
Did you wrote any backup software before for the PPC? I'm not really sure, but it seems that backup-ing can have a lot of issues. You have the "Copy everything" backup, the PIM only backup, etc. Some backups are ROM-flashing/upgrading friendly, some are not. You can have a backup software all standalone by itself. I would recommend you to have the backup software seperated and have encryption onto it as a plugin. Take a look at PIM-backup, it is very popular here.
Hi,
This is a very interesting thread. Thanks for your efforts so far (is there a donation link anywhere?)
A basic question...I understood that to carry out really secure encryption it would be necessary to write a filter driver that worked within the core ROM Image. Is this not the case?
Can I encrypt the MS certificate store too? The crypto protection on this store could be beefed up...
Once again I am very pleased that this thread has appeared and will be testing your software with interest,
Well done for your work so far,
Sam.
Hey there PianoSam,
First I just want to make it clear I'm not doing this to make money. If anyone donates I want it to be because they like the software. I am at work so PayPal is blocked but I'll put my donation link on the front page later today.
Also, I am going to try and incorporate the encryption as much as possible. If that is a feature you'd like, then after I get all of the previously requested changes done, I'll start on that for you.
And thank you for your kind words.
nomb
***EDITED***
Sorry I didn't answer you question at first.
Question: A basic question...I understood that to carry out really secure encryption it would be necessary to write a filter driver that worked within the core ROM Image. Is this not the case?
Answer: I pondered over this for a little while and I can't think of a reason this would be necessary. However, I've only had my phone for two days. Can you find where you saw that so I can read it as well and maybe gather a little bit on information so I can do some research on the topic? If thats what needs to be done then thats what I'll do but I can't see why. Let me know!
Added another cab with all the fixes I've completed.
nombCrypt-beta.cab <-- On the front page.
I added the donate link.
I added the timeout feature and thought I would make a comment on it.
It is a two minute timeout. Whenever you fucos on a textbox the timer is stopped and when the textbox looses focus, the timer is on. The downside to this is if you were in the middle of typing and set your device down, it wont timeout. I could make it so when you start typing into the textbox it restarts the two minutes and you have two minutes to complete your message but I didn't know if that was a good idea or not.
Also, when you copy, and go to another program to paste it in, you have two minutes before the clipboard is cleared and the program shutdown.
When the encryption program is encrypting something, the timeout is not running. It starts afterwards.
I can tweak this as much as you guys would like, just let me know.
nomb
I've tested your Beta.. niiiiiccceeeeee.. it is gooood. Almost prefect. Few things (OH NO! )
- The "Clear" button doesn't seems to be working. It is suppose to clear the clipboard only? Should you clear off everything as well?
Other requests/suggestion
<rant>
- I'm not sure why I thought I need it.. but it would be good to have a copy function for the "End Text" as well. I thought I may need it one day. Not sure why. It ought to make the screen a bit crowded, I thought.
Anyway, slightly related to the suggestion above, I've just revisited the design I made on my copy-paste-failed PPC attempt, I have this idea which I thought you might want to use it. For my design, I do not have "Start Text" and "End Text", I only have ONE TextField "Message" (and another for the password). The user enter the encrypted/plain text on this "Message". Click on the button "Encrypt" or "Decrypt", the result will then overwrite whatever that is in "Message" TextField.
Example:
(1) "Message"=<plain text>. User key in password, click "Encrypt", "Message"=<encrypted text>.
(2) "Message"=<encrypted text>. User key in password, click "Dencrypt", "Message"=<plain text>.
In such cases, you only need a pair of copy-paste to perform copy-paste on both (in a way) encrypted and plain text.
</rant>
As for the time out issue, I thought the typing-sensitive time out would be a better choice. The moment that you are worried about your data being seen is when you are away from your phone. You can have focus on your TextField but you can be million miles away from your phone. But, you ought to be around to be typing stuff, right?
BTW, I'm also wondering on the working of this time out feature. I thought there ought to be a 'clock' running and when time's up, it will clear the stuff needed to be cleared, right? So, if I were to forget to switch off the application, the timer will not be another running software that drain my battery, right?
Good work.
hanmin said:
- The "Clear" button doesn't seems to be working. It is suppose to clear the clipboard only? Should you clear off everything as well?
Click to expand...
Click to collapse
The "clear" button is in the clipboard row, i think i tagged it on the left, and only clears the clipboard. If you go to menu->reset it will clear everything like your looking for.
hanmin said:
- I'm not sure why I thought I need it.. but it would be good to have a copy function for the "End Text" as well. I thought I may need it one day. Not sure why. It ought to make the screen a bit crowded, I thought.
Click to expand...
Click to collapse
The "Copy" button copies the end text to the clipboard. Not the start text.
hanmin said:
Anyway, slightly related to the suggestion above, I've just revisited the design I made on my copy-paste-failed PPC attempt, I have this idea which I thought you might want to use it. For my design, I do not have "Start Text" and "End Text", I only have ONE TextField "Message" (and another for the password). The user enter the encrypted/plain text on this "Message". Click on the button "Encrypt" or "Decrypt", the result will then overwrite whatever that is in "Message" TextField.
Click to expand...
Click to collapse
I originally had it setup this way, however there was a time when I had wrote a huge paragraph in it and encrypted it, and then found out I had forgot a line. I switched it so this wont happen.
hanmin said:
As for the time out issue, I thought the typing-sensitive time out would be a better choice. The moment that you are worried about your data being seen is when you are away from your phone. You can have focus on your TextField but you can be million miles away from your phone. But, you ought to be around to be typing stuff, right?
Click to expand...
Click to collapse
The timeout I have running in it now, (new version that isn't up yet), is completely off of the user's actions. Whenever you do anything in the program the timer resets. Except for encrypting/decrypting. The timer is off for those functions incase you encrypt a file that takes longer.
hanmin said:
BTW, I'm also wondering on the working of this time out feature. I thought there ought to be a 'clock' running and when time's up, it will clear the stuff needed to be cleared, right? So, if I were to forget to switch off the application, the timer will not be another running software that drain my battery, right?
Click to expand...
Click to collapse
The timeout feature does not clear everything in the program. I have it so it actually completely closes the program. So if you forget to close it and walk away, the program will end so it doesn't drain your battery.
hanmin said:
Good work.
Click to expand...
Click to collapse
Thanks, wait till you see the next version...
nomb
I got the progressbar working for encryption, now for decryption.
OP deleted on account I am knot vary smert.
That's nice. Do you want some French Cries with that Whaa Burger?
Sent from my SCH-I500 using XDA App
Nice. You know, my mom always told me that if you don't have anything good to say, then just don't say anything.
Good advice in my opinion.
You've lost your keys or have problems accessing them - it's your problem, not Google's. This is called security - it's a feature, not a bug.
And you can't delete app for quite obvious reasons: in IT world you should try to not delete anything ever. Want some more practical reason? If you would delete your app and release new one with same package name, but signed with different keys, then people who already downloaded your first app wouldn't be able to install a new one.
Yeah, I guess y'all are right. OP deleted because apparently 15 years of work in IT and 2 degrees makes me stupid for losing a file. Thank god no one else has ever lost a file
Yeah... the android market system is pretty well thought out. But can you imagine if they lost the key to angry birds, or to some corporate app?
Lakers16 said:
Yeah... the android market system is pretty well thought out. But can you imagine if they lost the key to angry birds, or to some corporate app?
Click to expand...
Click to collapse
This is the reason why there are all of these "Keep backup(s) of your private key." warnings
You know, there may be much, much, much worse consequences of losing private keys. Many devices or technologies are designed to restrict access to themselves using keys of their manufacturers. Lets imagine Apple lose keys they use for app signing: there would be no more apps for any existent device - for millions of them! Same for other technologies: one harddisk failure and thousands or millions of devices around the world become totally useless.
Private keys are one of the most important and most secured things in many companies.
Rootstonian said:
OP deleted on account I am knot vary smert.
Click to expand...
Click to collapse
Don't forget childish. 8-D
carnegie0107 said:
Don't forget childish. 8-D
Click to expand...
Click to collapse
Always Never plan on getting old, even though the "50" mark is around the corner! LOL
It wasn't too painful to re-create the app. Now I have my keystore files saved on computer, external drive and burned to CD. Live and Learn I guess
Well, I never did find the keystores to my first 2 apps. Thankfully the user interface is really just there for pulling from my hosted databases. I can update the databases outside of Market updates.
Sorry about "whining" about this, but when I first created these apps, i had NO idea how important that keystore file was. I wish the Eclipse Export popped-up a 30 point font dialog box with:
"WARNING! DO NOT LOSE THIS FILE OR YOU WILL NEVER BE ABLE TO UPDATE YOUR APPLICATION!"
I actually thought the keystore was somehow integrated into the apk (which it might be, I don't know, but you still need the keystore file).
I've gone the extra steps and copied my current keystore files to my hosted site AND e-mailed them to myself. That makes 5 copies! LOL
I'm finding a lot of threads about changing from pin/password to pattern unlock, but not having any luck in completely disabling the security feature BS...
Is it possible to completely eliminate the password lock required by my exchange server? I have tried lockpicker and no lock, neither of which worked.
I would like to keep syncing but am not going to deal with this unlocking all the time (they JUST started enforcing it)...any help would be appreciated.
BTW, running Calkulin's EViO 2 v 1.7 (sense, so HTC mail)
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Thanks...I figured it wouldn't be that easy but I had to ask.
Justin.G11 said:
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Click to expand...
Click to collapse
I get complaints all the time about policies. 99.999% of the time, the policies are created/approved by steering committees, the legal department or executive management. There is usually nothing IT can do about it as the policies are put into place for legal reasons or company security.
Additionally, if IT departments are not compliant in company policies there could be legal ramifications if the company has to comply with certain government guidelines.
And IT staff don't hate dealing with people...it sounds like your work environment is not like others.
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Khilbron said:
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Click to expand...
Click to collapse
Will look into that. Thank you very much!
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
awenthol said:
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
Click to expand...
Click to collapse
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Yes..this reply really isn't correct. There have been some sqlite modifications that can be made or using the mail.apk from this link (http://forum.xda-developers.com/showthread.php?t=775007) works perfect, even with the new CM7-RC2
Bypassing Exchange security
I had this same issue with my work email. My way of bypassing it and still using the stock Mail app is by installing widgetlocker. Unfortunately the newest version does not bypass your encryption, but the older version before the most recent update does. Also it allows you to fully customize your lockscreen and add widgets and what have you. All in all pretty cool app.
widgetlocker.teslacoilsw.com/general/widgetlocker-1-2-9/
(unfortunately because i have never posted before i cannot post links so pm if the link does not work)
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
ramiss said:
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
Click to expand...
Click to collapse
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
bkrodgers said:
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
Click to expand...
Click to collapse
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Sent from my "locked" device.
ramiss said:
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
Click to expand...
Click to collapse
Yes and no. There are approaches that are easier if you aren't securing the whole device, but that doesn't mean it can't still be hacked.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
Click to expand...
Click to collapse
Overall I agree with that, although I think at a company that offers mobile email, there's a sort of "peer pressure" to use it. Not to say that's a good reason. I'd imagine that it'd be hard for a company to actually require you to use mobile email on your personal device -- if your job truly requires it, I'd think they'd have to provide you a device if you don't have a compatible device or aren't willing to use it that way. So yes, you're probably right that you have the choice. It doesn't mean that we can't complain though.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Click to expand...
Click to collapse
If it's really lost forever, yes. But what if:
- The exchange admin sends the wipe command to the wrong phone. ("Hi, I'm John Smith and I've lost my phone.")
- The "wipe after X invalid passcode" policy is enabled. A friend or a kid picks up the phone and tries to play with it. Whoops.
- Something else goes wrong...bottom line is that the company should have no right to wipe anything other than their own data.
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
matt2053 said:
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=775007
awenthol said:
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
Click to expand...
Click to collapse
Your Exchange Admin (or you depending on the version of Exchange you're using) has the ability to remotely wipe your device in the event it gets stolen/lost.
Could anyone give a brief possible explanation of why I can connect to my exchange server easily using Touchdown, but not using the Android integrated Exchange Account Sync?
Sent from my PC36100 using XDA App
Just found this thread as I've encountered the same issue on a HTC Sensation, just setup Exchange ActiveSync, and bam, have to set up the PIN lock on the phone.
However I've noticed that once you've done it, you can then go into Settings, Security and change the timeout before it locks up to 1 hour (I think that is dependent on your company setting). Mine was defaulting to every time the screen locked, but changing it to 1 hour I find I hardly ever have to unlock the phone now apart from first thing in the morning as I tend to use it regularly through the day.
Is there a way to add more characters or change font SIZE for the personal message? I want mine to say more letters than they currently allow. I couldnt find any way to do it. Thanks in advance!
No, not going to happen, at least stock. maybe a dev can figure that out, I looked everywhere also.
Good luck.
I know there's no setting to change. This is a dev community, I was kimd of asking them. Thanks though.
Sorry to bump an old thread, But I was wondering if you found an answer to this? I am also looking to increase the character count. Seems very limited. I want a message that will inform potential thieves that may find my phone that their fingerprint has been captured and so has their face from front facing camera and has been uploaded to a server already and provide them with a contact number for return with a reward.
I mean if I picked up a phone and that was the first thing I read on a locked screen boy would I return it quick smart. I would return it anyway, as I know how valuable someones phone data can be to people.
I just want some of the less "legit" people around to follow the same protocol :angel: as I would...and what better way to do this than with a subtle message that is "more encouraging"