My company has decided to implement some new policies. In order to access the Exchange Server from a cell phone, they want to set up to be an Admin of the phone, force a PIN and auto screen timeout and have access to remote wipe the device.
They also want to force the phone to be encrypted. That last part, I am not cool with. This is my device and I have had issues in the past with an encrypted phone, where it slows things down, and it makes it inconvenient when you want to copy files to and from the device, like pictures, videos, downloads and music... copying from the encrypted device to the PC, the files were unusable.
MY files, not theirs.
So on my Moto RazR HD, I remember rooting the phone and installing a modified .APK for the Exchange client, that let me set up my account, and when I got to the part that it demanded the device to be encrypted, it simply ignored it and tricked the server into thinking that it had already been done.
So my question is, can I root this phone, install a similar .apk, and then unroot the phone(they claim they will check to see if phones are rooted or jailbroken), and then set up my email account?
Anyone think of a way to accomplish this?
I don't need arguments on how I should obey policy and all that, so let's not go there. If it is get my phone encrypted and possible cause problems on a personal device that I paid $600 for, or not having email on it and inconveniencing others when they can't get ahold of me, I will not have email on the device.
But if I can keep it from encrypting, but keep all the other security in place(PIN, timeout and remote wipe), I am fine with that.
Can this be done today? Is there still a modified exchange.apk or whatever, or maybe another email client that is simple, close to the stock on in look and feel, but won't force the encryption policy?
Related
So, I decided when I first got the phone, to have a 4-digit PIN to unlock the phone, but only if done after a long time. I think it was like 24 hours. I can't remember exactly, but that is irrelevant. So anyway, my friend has a Touch Diamond, and we scored a Microsoft internship together. So, a whole bunch of emails started arriving via Exchange and we wanted to sync our phones to it as well.
Now, he DIDN'T set a password earlier, so he couldn't login when the phone asked him for it, resulting in a complete reset!! He was devastated, but luckily, Outlook had stored all his contacts/tasks etc for him on the server, so he was still fine.
My problem is, I am able to login using my original PIN, but now I have to do it, every 15 mins, which the maximum I am allowed to go. (In Settings > Personal > Lock, the 'Prompt if device unused for...' checkbox is disabled.) I realise this is probably some security feature, but is there a way around this? Or will I have to give up sync priveleges to go back to the old days?
Help!
this is a security feature of exchange, not your phone.
if you don't enter the password you'll find that your phone still receives calls etc. I had this and it was very annoying, until I told our infrastructure manager to relax security permission on our exchange server for my device
check out this website... toward the end of the page is a link to an app that will allow you change the behavior of the "exchange lock" feature. now i use Exchange for push and after i'm setup, i use the app to disable the lock/password feature. my exchange service provider doesn't force me to re-enable this feature; however, your provider may be different. read the info and then decide if this is something you want to try...
I would like to stop putting in a password every time the phone restarts, or isn't used for more than 10 minutes or so. It's a result of my exchange account at work.
I noticed people had found solutions for other phones, but how would we accomplish this for our Fascinates?
I run an exchange server, and as long as there is not a policy with a timeout, it will never ask you for your password, even after reboot.
After all, your phone itself should be passworded already.
With a timeout policy in place, I don't see a means of subverting it without removing the policy
Sent from my SCH-I500
This sucks. I can either have work email on my phone, and be the go to guy if something goes wrong, and have to enter a password every 20 minutes, OR, not.
hrmmmm
thanks for the info
The lockout requirement is dictated by policies on your Exchange server. You cannot override them, at least not easily, and I would not recommend doing so, as there's a reason those policies exist. If you want an alternative solution, buy the Touchdown email application. The security PIN will then be enforced when opening that app, as opposed to unlocking the phone itself. It is also far superior to any stock Android email app in both features and compatibility.
Posted from my EB01 SuperClean Fascinate with Voodoo
My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
I think this has been discussed before, but maybe on a different phone (HeroC maybe) But essentially no there isn't away - to access the server the phone goes through a series of checks, one of the checks being that an appropraite pin was entered to unlock the phone. if that check fails, authentication to the server is denied. Someone *might* be able to spoof the check in the email app, but I am fairly sure its actually OS deep, not just within the mail client.
So it would be a large undertaking and potentially could cause you to loose your job by by passing security measures. I know I wouldn't think twice about firing someone who did it on my network.
No way that I know of, and is something that is on pretty much everyphone. Blackberrys the security policies can even block installation of 3rd party applications.
What's even more fun for you, is the ability of your it staff to lock you out of your phone or even remotely wipe your phone.
Sent from my SPH-D700 using XDA Premium App
Restola said:
My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
Click to expand...
Click to collapse
I think you are stuck. Do you have the option of getting a company-supplied phone to access the company email, and keep your personal Android separate?
There is a thread in Q&A talking about an app that does this.
Do you BONSAI?
Actually there is a way I had to do it to my coworkers phone for her pattern lock
What u need: locked phone phones #, wifi or u can use wifi tether if u have another phone
1. Call the persons phone #
2. Leave phone call connected on both sides
3. Connect to wifi if u havnt already
4. Goto settings/accounts manager setting or what ever and log into a diff google account then it should require u to change the password to by pass it
Should work hopefully I read this thread correctly and answered appropietly
Edit sorry read it wrong and u don't think there is a way
My way is how u get around it
Sent from my Epic 4.1g bonsai plant
Here's the link to the thread that may help:
http://forum.xda-developers.com/showthread.php?t=1033017
I thought it was just being big brother, turns out its a regulatory requirement since we were bought by a publicly traded company. I guess I'll deal with it. If it pisses me off too much I'll just get rid of my exchange account on my phone and stop responding to emails when I'm not at my desk.
A possible workaround would be to try touhdwn for your exchange mail instead of the default mail client. Its a paid app but there should be a demo version in the market. I have a dp2 for work and they pay for touchdown for us. When using touhdown it pin locks just the app instead of whole phone. On my Droid at least moto customized the screen timeout and lock to be different timers so I found the pin to be less annoying than the interface of touchdown.
With the epics slightly bigger screen to make the TD interface a litte less annoying(lots of small buttons instead of utilizing menu button) and since epics lock is all or nothing I think I might actually use TD on my epic if I were getting my corp email there.
While not a complete removal of the pin maybe it would at least make it less annoying for you. Plus I'd guess if work catches you wihout a pin it might not go over well. TD solution lets you protect the email if you lose your phone, and does have a remote wipe for the same scenario.
Hi, I finally got Lightning rom 1.2 working but need to flash the power menu update to my phone via CWM but my email server has forced encryption on my device
when loading cwm it cannot read the sd card says it fails to mount.
any work arounds known?
Thanks
Mark
Hi,
I got the same problem with S2 Cognition. Currently, I disabled my company's mails but that also disables contacts and calendars
I guess, the correct way to solve this would be to let the phone decrypt the sdcard and then start CWM...
Best regards,
Freddy
At the end of the day, if you are using enterprise encryption on the device, you shouldn't be rooted with CWM or anything...
What's the point in being all nice and encrypted, when you have root access available on the device via ADB or indeed a rogue app?
Sorry, but I don't think you should be using CWM or custom ROMs on a business encrypted device. There's good reason this sort of thing won't work.
Well, maybe I shouldn't be rooted - but I am and now I want to use all root features ;-)
In my opinion, at the end of the day, I myself should decide whether I will use a rooted phone. If anything goes wrong, I am responsible anyway!
Interesting topic: As an enterprise IT security geek, I agree with the spirit of pulser_g2's position. That said, I think that it is the responsibility of MDM services to manage, detect and quarantine if any non-compliant state is detected - whether that be rooting, tampering with the device management or policy settings, etc.
The fact that encrypted devices make it more challenging to root the device - further strengthening enterprise management - definitely works to the advantage of those responsible for securing such environments and services.
Just another perspective...
Have you tried using enhanced email app from the market? It has an option (its default I believe actually) that doesn't enforce exchange policies. There's a check box when you set up an account that's blank you CAN check if you choose that reads "Enable all exchange security policies". Just don't check it and you're free and you get all your data all nicely integrated into contacts and calendar just fine.
No reason he should have to carry 2 devices just because he wants to enjoy a rooted device. There's 2 other big ways to circumvent that security, the print screen button used in outlook, and the old pen and paper. Lets not forget camera phones on corporate intranet screens that are all the rage in corporate leaks these days. I understand their "why" but in the end still don't quite agree with it...
Sent from my Transformer Prime TF201 using Tapatalk
My mother's Nexus 7 has 2 accounts, the main/owner one which is my own and a secondary one for her. That's how I initially configured that device but I don't use it anymore, I want to remove my account from that device. How can I do that and transfer the device ownership to her account without resetting and re-configuring everything?
Anyone?
Nazgulled said:
My mother's Nexus 7 has 2 accounts, the main/owner one which is my own and a secondary one for her. That's how I initially configured that device but I don't use it anymore, I want to remove my account from that device. How can I do that and transfer the device ownership to her account without resetting and re-configuring everything?
Click to expand...
Click to collapse
Hi, Nazgulled...
I really don't think there is an easy way of transferring ownership, other than with a factory reset, and then setting it up as a new device, with a new owner.
A factory reset provides a complete and clean break from the previous owner to the new owner.
It also depends on how many accounts you have, and with which organisations.
For example, I have my standard Google account, my Guardian (UK newspaper) account, BBC account, and Facebook account (not that I use it much).
Further, using Chrome browser, I use it to login to multiple blogs, websites and forums (such as XDA), and it remembers my login and password details.
------------------
Removing Google accounts is reasonably straightforward though...
On your Nexus 7
Go to SETTINGS>>ACCOUNTS>>GOOGLE...
Select your Google account, and then tap on the '3 dot' overflow menu at the top right hand corner of the screen, and select the Remove Account option.
(See attached screenshot.)
And then do the same for your mother's Google account, as it's a secondary account.
------------------
Once both accounts are removed, tap BACK twice (to just SETTINGS>>ACCOUNTS) and select +Add Account, select Google and enter your mothers Google login details, username and password...
Or alternatively, just back out of everything to the home screen and then fire up the PlayStore or Gmail app, where you'll be prompted to enter your mother's Google account details.
You're now setting up the Nexus 7 with your mother as the primary Google account holder.
------------------
One possible problem here that I can forsee, is if you've bought any paid-for apps from Google PlayStore using your (Nazgulled) Google account, and that you currently share with your mother, they will still be installed on the Nexus 7, but they will likely, at some point, fail the Google licence check... as you will cease to be the legitimate paid-for and licenced user of those apps on this device, the Nexus 7 (because your Google account will have been removed from the device).
This may possibly result in complete cessation of those apps, or experience some degree of limited/restricted functionality. This may not happen immediately. It could be days or weeks before this happens. It depends on how the apps (in question), and their developers deal with unpaid for, and thus unlicensed software.
Your mother may need to buy the apps (a licence) to continue to use them at some point, or alternatively, uninstall them.
------------------
You should also clear the data of certain apps you currently use, as the primary user of the device...
Any email apps you happen to use, such as...
**Gmail
**Inbox
**MailDroid
Any browsers...
**Chrome and it's derivatives (Beta and Developer)
**Opera
**Boat Browser
**Maxthon Browser
Any banking or financial apps you also might have installed. This will clear username and password login details stored by these apps.
This is accomplished as follows.
I'll use Chrome as an example.
Go to SETTINGS>>APPS>>Scroll horizontally to the ALL tab...
Scroll DOWN to Chrome, tap to enter and tap the CLEAR DATA button.
The same method should be used for apps installed whose login details you wish to clear.
------------------
Please don't misunderstand me... I'm not trying to impugn your relationship with your mother or the level of trust you have with her. But privacy is a consideration when transferring a device that has not been properly wiped. And I'm just pointing out the complexity of removing your personal data from a device... without factory resetting it... and which is the only surefire and guaranteed way of cleanly transferring ownership.
------------------
If all the above sounds a bit messy, that's because it is!!!
I know from experience in the past, with Android devices, Windows PC's, and quite recently, an Apple Mac, that the most straightforward way of transferring ownership, is for the new user to begin with a completely blank slate.
And apart from anything else, a factory reset device generally tends to perform better, is smoother and is more responsive, once the accumulated detritus of months or years of use has been swept away.
------------------
Hope this is useful to you... and good luck.
Rgrds,
Ged.
Wow, such detailed post. Much appreciated...
Now that I think about it, a factory reset would probably work because my mother doesn't have that many apps and the ones that she uses are probably backed up on Google's servers which will be automatically restored when setting up the device a second time. There are no purchased apps that I share with the second account, so that's not a problem. About privacy, no worries mate, that's a non-issue, unless someone unknown gets access to the device and starts poking around, that's not a problem.
I'll probably do a factory reset than, it will probably be easier.
Thanks