[Q] Exchange ActiveSync with Security Policy (Pincode vs. Fingerprint Reader) - Galaxy S 5 Q&A, Help & Troubleshooting

hi guys
anyone know how I use the fingerprint reader with exchange policy (enforce password on device)?
with the iphone 5s it works, but with the samsung s5 the fingerprint reader is disabled (Pincode enforced)..
Thank you to all

I dont think they have an option for exchange policy which is kind of stupid. I hope they come out with a fix for this.

tony_k55 said:
hi guys
anyone know how I use the fingerprint reader with exchange policy (enforce password on device)?
with the iphone 5s it works, but with the samsung s5 the fingerprint reader is disabled (Pincode enforced)..
Thank you to all
Click to expand...
Click to collapse
You'll need to download a different app to use for your exchange account. I just downloaded "Nine" and it gives you the option to set the exchange security on the app level instead of the phone level. Two week trial then it's $10.

bgask1717 said:
You'll need to download a different app to use for your exchange account. I just downloaded "Nine" and it gives you the option to set the exchange security on the app level instead of the phone level. Two week trial then it's $10.
Click to expand...
Click to collapse
Thanks, nine is cool but it dosnt support s/mime (for sign an encypt) and imap4 for private use.
I use "smail". it support s/mime and imap4 but not the exchange policy avoiding.
maybe smail will implement this feature in future. smail developer quote: "I will check the nine. But I don't know when I will implement it currently. I am busy with something. I will try to do it. Thank you!"

tony_k55 said:
Thanks, nine is cool but it dosnt support s/mime (for sign an encypt) and imap4 for private use.
I use "smail". it support s/mime and imap4 but not the exchange policy avoiding.
maybe smail will implement this feature in future. smail developer quote: "I will check the nine. But I don't know when I will implement it currently. I am busy with something. I will try to do it. Thank you!"
Click to expand...
Click to collapse
Good deal. I not super familiar with s/mime, but apparently my company does not require that level of security.
Do a Google Play search for Touchdown. Another email client (not as polished looking as Nine) that says it supports s/mime. It's a bit pricier, $20 I believe, after the free trial. If I remember correctly you can set the security at the app level as well. Worth a shot. Hope that helps.

Disabled with my company's policy as well. Was hoping it would work like the iPhone. I can use touchdown or cloudmagic but I prefer the stock email/calendar.
Sent from my SAMSUNG-SM-G900A using XDA Premium 4 mobile app

If u r using this with work email... is it safe (legal) to use other apps?

Related

CM9 and issues with Exchange

I have seen on the CM9 thread that there are a few users who are having trouble with the stock apps syncing with Exchange.
I had the same issue after installing alpha 2 a few days ago. A little research let me to this article: http://code.google.com/p/android/issues/detail?id=22975
Basically, there are a number of Exchange configurations that the stock ICS clients simply are not compatible with right now. It may be as simple as the security requirements that your employer is trying to enforce, or in my case, the fact that my employer is running Exchange 2010sp1. Apparently sp2 is compatible.
In any case, this is an upstream Google issue, and is not specific to CM9. They are working on it.
I am using Moxier Mail in the interim.
And, yeah, I know I should have posted this in the thread, but I don't have enough posts yet.
-AH
Sent from my SPH-D700 using XDA App
Glad to hear. Hope it gets fixed soon. My college's notification website pushes all notifications to our school email which uses exchange. Sadly I have to log in to my email to check for these rather then get them automatically on my phone.
Sent from my SPH-D700 using XDA App
brooksyx said:
Glad to hear. Hope it gets fixed soon. My college's notification website pushes all notifications to our school email which uses exchange. Sadly I have to log in to my email to check for these rather then get them automatically on my phone.
Sent from my SPH-D700 using XDA App
Click to expand...
Click to collapse
Can't you use POP or IMAP, so you don't have to log into the website?
No. MS Exchange Server is a completely different and much more secure protocol than POP or IMAP, and entities that use it do so precisely because they do not want their sensitive info going out on POP or IMAP. And, as Exchange offers true push, and several other features that go beyond the scope of just email, it has other advantages too.
And, while there usually is a website component available (Outlook Web Access) that's not what we are talking about here.
TWO515TY said:
Can't you use POP or IMAP, so you don't have to log into the website?
Click to expand...
Click to collapse
what issues specifically are you having trouble syncing.
All. None of mystock android apps work with exchange.
My work uses Exhange 2010sp1 and there is a security requirement that android 4.0.x exchange services do not support. The issue is not present in sp2. I'm not an expert. This is what I have found out through my research, and have been told. My employer has no plans to implement sp2. Now why android 2.3 would work, and then they would leave out that compatibility in 4.0 is beyond me. And why the android team would still be working on it 4 months later without resolution is also beyond me.
Sent from my SPH-D700 using XDA App
amateurhack said:
No. MS Exchange Server is a completely different and much more secure protocol than POP or IMAP, and entities that use it do so precisely because they do not want their sensitive info going out on POP or IMAP. And, as Exchange offers true push, and several other features that go beyond the scope of just email, it has other advantages too.
And, while there usually is a website component available (Outlook Web Access) that's not what we are talking about here.
Click to expand...
Click to collapse
well, I wouldn't say exchange is any more or less secure (probably less) than IMAP (POP is dead) over SSL/TLS. Companies do it so that they can enable group policy on the data, you know, like being able to REMOTELY WIPE YOUR PHONE (without your appoval). really depends on the company. I work on the systems team for the production servers at our company, but I'm not part of the IT group facing our employees. We use Exchange. They know the guys in my group are not idiots, so they enable IMAP for our accounts at a special requrest from us. IMO, IMAP is far better than trying to screw around with Exchange/Outlook.
Though I do have a Windows VM that I use to accept meeting invites. *shakes fist*
I just gave up on exchange for now. It was eating through my battery and it would forget my credentials.
I am just having all of my exchange emails forward to my gmail for now.
Yes, in terms of the tranfer of data over ssl, there is little or no difference between exchange and imap, though I would bet that a lot of users don't have their imap account set up with ssl. For a lot of exchange users, ssl is required.
And yes, my employer wants to be able to remotely wipe my phone. I want them to be able to as well. They know, as do I, that some of the information on my phone is personal/private/confidential/sensitive/secure, so to them, and to me, the advantage of being able to remotely wipe my phone makes Exchange MUCH more secure than IMAP.
I guess it's all a matter of needs and perspective.
dzl said:
well, I wouldn't say exchange is any more or less secure (probably less) than IMAP (POP is dead) over SSL/TLS. Companies do it so that they can enable group policy on the data, you know, like being able to REMOTELY WIPE YOUR PHONE (without your appoval). really depends on the company. I work on the systems team for the production servers at our company, but I'm not part of the IT group facing our employees. We use Exchange. They know the guys in my group are not idiots, so they enable IMAP for our accounts at a special requrest from us. IMO, IMAP is far better than trying to screw around with Exchange/Outlook.
Though I do have a Windows VM that I use to accept meeting invites. *shakes fist*
Click to expand...
Click to collapse
I just realized I linked the wrong thread in hte OP. Here is the correct one:
http://code.google.com/p/android/issues/detail?id=22975
I'll update the OP.
The email.apk and exchange.apk included with epiccm9's test build of android 4.0.4 have fixed my exchange sync issues.
Big props to whoever fixed this!
Sent from my SPH-D700 using XDA

Exchange email security.

I tried to set up an account to my Exchange email at work using the default email app on my TF101. When I set up an account it requires that I enable all of these security settings on the tab like having a PIN and encrypting data. I don't want to do all of that. I realize that this is something set up by my Exchange administrator but I am not sure they even did it knowingly and anyway I don't want to have to deal with it to check email.
Does anyone know how to bypass this? Searches of these forums and the web show that there are some modded email apks for other platforms that let you bypass the security settings. I have not seen any such mods for ICS on the TF101.
Thanks in advance for your help.
Hello,
I do not believe the stock email is able to handle the security settings from an exchange server. You need to look at other programs like Moxier Mail or TouchDown.
+1 for touch down. Works great but it is $20
Enhanced email is another option. I got it from free app of the day by Amazon. At first, it did not work on android 3.0+, but it works fine now. It gives you the option to ignore security policies.
Alternatively, if you decompile the email.apk, I believe you can force a variable so that the email app always tells the exchange server you have sufficient security enabled (I'm not exactly sure where must be changed).
tonyz3 said:
+1 for touch down. Works great but it is $20
Click to expand...
Click to collapse
I couldn't agree more. Do the trial first to see if you like it. I don't recommend bypassing the security. You can unknowingly pass a virus through your corporate exchange. Hopefully, one day, they will resolve this issue in the Android exchange client.
tonyz3 said:
+1 for touch down. Works great but it is $20
Click to expand...
Click to collapse
+1... Touchdown. Forget any other Exchange apps.
+1 for Enhanced Email - optionally bypasses the admin security settings - works fine on Honeycomb and ICS too.
Exchange Admin
Hello,
When setting up exchange servers in the past, the default exchange policy is to have those features enabled. Even if those are DISABLED, the tablet will still ask to create the partnership. I believe this is so it can be wiped remotely. It seems ICS just tells you it is going to do all of those things as a generic warning. I have noticed this is only on ICS though. If you click ok, it shouldn't ask you to create a PIN or anything if it isn't actually required. We currently only have exchange 2010 in production in a test environment, so I have yet to look for the setting to disable this feature entirely. Hope this helps you understand how it works at least a little.

[WARNING] [Alert] samsung SPIES on us and READS our emails and passwords!

Warning for everyone who uses the Samsung applications for (at least) email!
If you use the Samsung email application then YOU JUST GAVE SAMSUNG your username(s) and password(s)!
How did I find out about this? Easy, and you can try it too if you know how to run an email server.
I run my own IMAP email server. So I configured email on the phone and then I synchronised my email.
Then I had a look on my server to see what my phone was doing.... and HOLY SHIITAKE! It wasn't my phone's IP address... it was Samsung's IP address195.124.9.34 which is eu025-egress-a.fra.samsungsocialhub.com.
That means your phone logs into Samsung's servers and Samsung's servers log into the email server.
Yes, I'm extremely worried by this. Just think about how many politicians, CEOs, sysadmins, and ordinary people use Samsung's email program! We know Google does this on their own servers but if you use a different IMAP or POP3 server for email then you wouldn't expect Samsung to read over your shoulder!
Is this even legal???​
What type of connection did you establish between your IMAP server and the phone? Do you have it set to periodic polling (check every few minutes) or have you set it to "push" mail of some sort.
If the latter one is the case, i believe there is no alternative to letting the samsung server check for new mail and send the notification to your phone when it arrives. Otherwise your phone would have to send/receive your IMAP info all the time and would be battery dead in no time.
brittonberkan said:
What type of connection did you establish between your IMAP server and the phone? Do you have it set to periodic polling (check every few minutes) or have you set it to "push" mail of some sort.
If the latter one is the case, i believe there is no alternative to letting the samsung server check for new mail and send the notification to your phone when it arrives. Otherwise your phone would have to send/receive your IMAP info all the time and would be battery dead in no time.
Click to expand...
Click to collapse
It happened during a manual synchronisation. But even if it were periodic, IMAP has an IDLE command. My HTC One S can do this in exactly the same way without using HTC's servers. That is why this is so alarming. You never knew your password would be used by Samsung.
this is one of the most stupidest things i have ever read
whats so special if it goes through samsung's server
your emails are hosted on gmail servers does that mean google spies on us ? maybe maybe not
bluefa1con said:
this is one of the most stupidest things i have ever read
whats so special if it goes through samsung's server
your emails are hosted on gmail servers does that mean google spies on us ? maybe maybe not
Click to expand...
Click to collapse
Third party knowing your password is a huge security problem.
Stop smoking so much hash
Sent from my GT-I9100 using xda premium
Who actually cares
Sent from my GT-I9100 using xda premium
This is stupid mate what a waste of thread...its not like you discovered america mr colombus. We all know our username and passworda are stored in email servers...how the heck are you excpected to log in and out of your email accounts ??
Close this off man...its a waste.
Sent from my GT-I9100 using xda app-developers app
drowsy1982 said:
This is stupid mate what a waste of thread...its not like you discovered america mr colombus. We all know our username and passworda are stored in email servers...how the heck are you excpected to log in and out of your email accounts ??
Close this off man...its a waste.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
bluefa1con said:
this is one of the most stupidest things i have ever read
whats so special if it goes through samsung's server
your emails are hosted on gmail servers does that mean google spies on us ? maybe maybe not
Click to expand...
Click to collapse
Don't be so quick on that guys, he's pointing out a legitimate thing.
When you setup an IMAP Server yourself (like [email protected]) and you add it to an IMAP Mail client (like the "mail" app), there should be no reason to contact a third server which has nothing do to with your IMAP server (unless that server adds some functionality, like the push mail i suggested).
CORRECT METHOD
IMAP CLIENT (Has username/PW) --------> IMAP SERVER (any server, checks username/PW, sends mail to client)
SAMSUNGS MAIL METHOD
IMAP CLIENT (Has username/PW) -------> SAMSUNG SERVER (transmits username/PW) -----> IMAP Server (any server, checks username/PW, sends mail to client - or samsung?)
So, i think we should look into this. Not because i don't trust Samsung, but it's an unnecessary step which shouldn't be taken. And it hans over your credentials to a third party, usually without you knowing about it.
thanks for the effort mate.. lol!
brittonberkan said:
Don't be so quick on that guys, he's pointing out a legitimate thing.
(...)
So, i think we should look into this. Not because i don't trust Samsung, but it's an unnecessary step which shouldn't be taken. And it hans over your credentials to a third party, usually without you knowing about it.
Click to expand...
Click to collapse
Exactly. People can call me stupid or they can not give a sh* about their own privacy, but these are legitimate concerns. I don't care if people who work their boring job and don't have much self worth aren't able to see the worthyness of pointing out this issue, but it does not mean that there is no issue to begin with -- there is, really, there is.
Just imagine the following examples where only private (non-gmail, non-hotmail) servers are being used.
1) You work at Apple. You're a big shot. But you like android more, so you bought a Galaxy. You configure your corporate email account on it. You don't realise all emails, usernames and passwords are being sent via Samsung. The emails include corporate secrets, patents and so forth.
2) You're a Korean dissident emailing in secret using your Galaxy S2 on human rights abuses.
3) You're a Russian diplomat working together with North Korea.
3) You're a politician. You work in the EU on the Digital Rights Assembly.
4) You're a judge and work on copyright and patent cases.
Do I really need to point out the implications of any entity secretly reading these emails?
that should only happen if you use the advanced imap stuff, which i guess is samsung's way to do push for non-push enabled server types.
I really don't care..I'm not a spy or anything
Sent from my GT-I9100 using Tapatalk 2
fatjivi said:
I really don't care..I'm not a spy or anything
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
You really don't get it do you? I am saying you are being spied on!
Just pretend you would care: what would you do if you would care?
heldchen said:
that should only happen if you use the advanced imap stuff, which i guess is samsung's way to do push for non-push enabled server types.
Click to expand...
Click to collapse
This happens for all servers, not only servers that don't support push.
Thank god i never used samsung email app. And also i never used any chinese app due to sevuriyy reasons.
Sent from my GT-I9100 using Tapatalk 2
First: to all who say "what do I care, I'm not a spy, I've got nothing to hide" - you're the stupid sheep who give up your privacy and freedom, who don't care about your rights, who will happily accept invasive "security measures" which destroy people's private life, who will accept any government abuse in the name of "security". If you "don't care" that your email (and others) can be so easily snooped, I guess you will not complain when a bored hacker gets a copy of them and publishes them online, so everyone will see your medical records, your sex life details, your "innocent" flirting with the new secretary at work, etc. Sheep !
There, cooled off a bit now. Ah, and if you say "Google has my emails anyway": yes, they do, but that's a free service which you're paying with your personal details in order to get advertising. If you're holding private/sensitive information there, be wary.
@voidzero: have you tried capturing the traffic sent from the phone ? if you enable SSL for your IMAP server, it should at least trigger a warning about certs being wrong, IMHO. Use Maildroid in the mean time, much better than the Samsung client.
never had the time to check this but I was pretty sure that if not all but most of the 'traffic' that is in "your" phone is going through samsung or whatever the app you are running. Its a privacy issue and probably a serious one, thats why you should be carefull on what you use and post with your phone. The ppl who doesnt cares about their privacy, sooner or later they will release they were very wrong, when their information be used againt them.
It's probably Samsung's push servers.
I just sent an email stating "Samsung can suck my ****" and my Samsung TV exploded!
Coincidence? I think not.
Sent from my GT-I9100 using xda premium

Bypass Exchange Security?

Anyone figured out how to bypass Exchange security on the G2?
Thanks!
Soundchasr said:
Anyone figured out how to bypass Exchange security on the G2?
Thanks!
Click to expand...
Click to collapse
Would like to know this too. In the meantime search for an xposed mod. Notification mod. This one allows you to use the notification pulldown.
Helps a lot.
Sent from my LG-D802 using Tapatalk
Anyone? Please?
Soundchasr said:
Anyone figured out how to bypass Exchange security on the G2?
Thanks!
Click to expand...
Click to collapse
Did you try new Google KitKat email app? Make sure that you install both Email and Exchange 2 email apk.
http://androidcommunity.com/nexus-5...s-android-4-4-google-apps-downloads-20131101/
the easy answer is to use enhanced email, can be found in Google Play. I am using that myself
alex72 said:
Did you try new Google KitKat email app? Make sure that you install both Email and Exchange 2 email apk.
http://androidcommunity.com/nexus-5...s-android-4-4-google-apps-downloads-20131101/
Click to expand...
Click to collapse
I think the OP like me wants to bypass the security set by the rules, not the app itself.
henrylar said:
the easy answer is to use enhanced email, can be found in Google Play. I am using that myself
Click to expand...
Click to collapse
Best most money on an app spent!.... NOT...DOESN'T WORK IN MY CASE...
And you know 15 minutes are not enough to even try it due to the options and testing and hoping. Bought it long ago. In my case it didn't work...
Company has its own app. And another 2 apps checking if the app is admin etc.
Only thing that could be done is either to input the pass automatically when I unlock the phone. Maybe something via xposed. And add a second screen unlock option.
Somewhat like the iPhone jailbreak has it...loved the security bypass plus android pattern unlock....
Sent from my LG-D802 using Tapatalk
Can someone try this? Saw it in company forums. But might be completely unrelated https://play.google.com/store/apps/details?id=ru.chunky.AutoKeystore&hl=en
I use touchdown so the policy is applied to the app and not the device.
Sent from my LG-D803 using XDA Premium 4 mobile app
PAGOT said:
I think the OP like me wants to bypass the security set by the rules, not the app itself.
Best most money on an app spent!.... NOT...DOESN'T WORK IN MY CASE...
And you know 15 minutes are not enough to even try it due to the options and testing and hoping. Bought it long ago. In my case it didn't work...
Company has its own app. And another 2 apps checking if the app is admin etc.
Only thing that could be done is either to input the pass automatically when I unlock the phone. Maybe something via xposed. And add a second screen unlock option.
Somewhat like the iPhone jailbreak has it...loved the security bypass plus android pattern unlock....
Sent from my LG-D802 using Tapatalk
Click to expand...
Click to collapse
It depends obviously then on how the exchange server is configured. In my case e-email bypasses the security demands from the exchange server completely. When I had my HTC sensation, I used a mod you can find in the HTC sensation development, search for exchange - there is also something about using it with other phones.
see this post for files/kudos: http://forum.xda-developers.com/showpost.php?p=47063058&postcount=406
however, you don't need to push via ADB or anything:
1) uninstall your current email and exchange apks (via titanium backup or something similar)
2) either wipe dalvik cache or delete the associated email and exchange odex files in /data/dalvik-cache
3) install the 2 APKs (i usually install exchange first, then email)
4) setup your email
been working perfectly for me for the past week.
EDIT: this is the new 4.4 email/exchange, btw, with the gmail-style interface. it's fantastic.
I would really like to find a way to dodge the lockscreen and other policies that are enforced by Exchange. I don't want to use the KK email.
I use an app called Keystore Unlocker from the play store...must be rooted. You can skip the step adding a VPN and it will still work.
Sent from my VS980 4G using xda app-developers app
tlbland0426 said:
I use an app called Keystore Unlocker from the play store...must be rooted. You can skip the step adding a VPN and it will still work.
Sent from my VS980 4G using xda app-developers app
Click to expand...
Click to collapse
Can you explain the process? I've got the app and have it set up but I'm not entirely sure that I understand what it's doing...
The policies are still in place.
w0rdie said:
Can you explain the process? I've got the app and have it set up but I'm not entirely sure that I understand what it's doing...
The policies are still in place.
Click to expand...
Click to collapse
If you are just trying to get past the pin/password requirement this app stores it so you don't have to enter it when unlocking your phone. Not sure if it works for PIN security but it works for PASSWORD security.
Follow these steps:
1. Open app and click on Credentials store password (enter your lockscreen password)
2. Click Try to unlock
3. Check Auto Unlock
4. Click VPN w/o password for >=4.0
5. On the next screen click on # 3. Press Here (to remove phone lock)
That should do it and remove the lockscreen password that exchange forces you to use.
Soundchasr said:
Anyone figured out how to bypass Exchange security on the G2?
Thanks!
Click to expand...
Click to collapse
Have you tried simply increasing the lock timer to, say, 30 min?
I find I don't often have to enter the PIN with it set high like this.
vween said:
Have you tried simply increasing the lock timer to, say, 30 min?
I find I don't often have to enter the PIN with it set high like this.
Click to expand...
Click to collapse
I still want it to lock. I just want to use the pattern instead of the pin and that's not possible with the Exchange policy.
Soundchasr said:
I still want it to lock. I just want to use the pattern instead of the pin and that's not possible with the Exchange policy.
Click to expand...
Click to collapse
Have you tried buying your IT department Mt Dew and Pizza?
w0rdie said:
I would really like to find a way to dodge the lockscreen and other policies that are enforced by Exchange. I don't want to use the KK email.
Click to expand...
Click to collapse
real quick- you do realize that the kitkat email that i posted is in fact modded to dodge those policies, yes? that was why i posted it. install them, set up your account - it will still tell you "your account needs some extra settings" blah, but it won't actually enforce them.
if you're talking about wanting to use the LG email app, well, i don't believe anyone has made a mod for that. i find the new kitkat email app superior anyways, so if you're willing to try it, that is a solution.
fireworksordie said:
real quick- you do realize that the kitkat email that i posted is in fact modded to dodge those policies, yes? that was why i posted it. install them, set up your account - it will still tell you "your account needs some extra settings" blah, but it won't actually enforce them.
if you're talking about wanting to use the LG email app, well, i don't believe anyone has made a mod for that. i find the new kitkat email app superior anyways, so if you're willing to try it, that is a solution.
Click to expand...
Click to collapse
Thanks! Looks like it's time for me to install a recovery then.
Soundchasr said:
Thanks! Looks like it's time for me to install a recovery then.
Click to expand...
Click to collapse
You technically shouldn't need to in order to set it up, but it's not a bad idea to make a nandroid. And it'll make the dalvik wipe/odex removal easier. That part may not even be necessary, but I had some issues the first time installing it where Exchange Services started force closing repeatedly.

APP for Exchange Bypass

Hi all,
I want to buy S8, but my only worry is that the app I'm using to bypass exchange policy will not work. (App name "Exchange Security Bypass" from Xposed Module Repository)
I tried it on S7 and it didn't work. so at the moment I'm still with my S5.
Anyone tried it by any chance on S8?
or any other app that can help me bypass the Exchange security? (our company forces encryption & being device admin on our devices which to both I say - NO).
Would like to mention that my device is not rooted and I'd prefer to not root the S8. the app above works like a charm on an S5 without root.
Thanks,
Poly
I've used nine email to bypass exchange policy, might be worth trying that.
I'm a Nine user
adz3d said:
I've used nine email to bypass exchange policy, might be worth trying that.
Click to expand...
Click to collapse
But since the policy comes from Exchange all I got was one mail in the Nine app saying that only once I finish encrypting & adding the company as device administrators the mail will work again.
Once I installed the app of Exchange bypass on the S5 - it started working again.
Do you know if Nine added a security baypass as a new thing and potentially I don't need the bypass anymore?
thanks,
Poly
Nine allow you to apply security at the application level. Since S8 is encrypted by default, unless your company push a lot more weird policy like blocking camera and such, it shouldn't be that bad anymore.
The "Exchained" app doesn't need rooting and works with Nine too.

Categories

Resources