Hey all!
Is there any way to implement anti-theft tech on the S5 that is resistant to a factory reset? Many apps are available to track a phone after it is stolen. However, all the thief needs to do is pull the battery to shut it off, pull, the sim card, power into factory reset and poof it's ready to be re-sold. Cerberus offers the best protection I've seen so far as it will survive a factory wipe if the phone has been rooted and a custom ROM loaded. However, even that can be worked around by flashing a custom ROM (which the thief may not know how to do).
Any suggestions? How do you guys handle anti-theft? Had 2 galaxy phones stolen over the past year so I'm looking for any and all advice here. Thanks in advance!
User0919
Enable "Reactivation Lock" in security settings, factory resetting the device forces the person to log into the Google account that was logged into when the lock was enabled, or they have no access to the device, even after resetting it
*Detection* said:
Enable "Reactivation Lock" in security settings, factory resetting the device forces the person to log into the Google account that was logged into when the lock was enabled, or they have no access to the device, even after resetting it
Click to expand...
Click to collapse
Re-activation lock only works when knox is 0x0 but that too can be bypassed by installing custom rom so...
I don't think there is the way. You have to pray that whoever will steal it is not an advanced user.
Reactivation lock does block custom recoveries as they use a custom binary. And if the user tries to flash through recovery they would need the user's google ID ( to unlock the reactivation lock). Though on other sources, it has come apparent that reactivation lock can be tricked (even in the latest lollipop bulid). As a extra measure you should password protect TWRP and encrypt ypur device to prevent any form of identity theft.
Yes it's very easy to break the user's lock screen since the information (cant remember either salt or hash, look up a Android Forensics blog) is stored in a database - settings.db and gesture.key . Someone could easily just delete the field for password.
http://resources.infosecinstitute.com/android-forensics/
there is no way or point in protecting phone to be stolen... if thief cant use or sell stolen phone will he give it back? no.. he will either crack it if this is possible or sell it for parts (screen, battery, casing).
Only reason to encrypt or lock a device is to protect personal data like photos.
Related
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
saudiqbal said:
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
Click to expand...
Click to collapse
There is not fool poof way to prevent this. Even on IOS7 the security can be gotten around. Best advice is to make sure you are backing up your files.
Google does have a remote wipe option built into the Android OS. That is your best bet.
There is no full proof way to make render unusable, but you can call up your carrier and ask them to blacklist the IMEI so they can't use sim cards with it anymore.
You could however, protect your data. Do this by: encrypt your device, stock recovery, disable USB debugging, lock the bootloader. At least with this, if the device is stolen, if they don't know how to flash factory image, they'll need to enter the encrypted password to boot into the phone and can't copy over your datas.
You should also look up the app Cerberus, which with root can survive through factory reset (as long as they don't overwrite or format the "system" partition).
Device is a SM-N916S from Samsung (Galaxy Note 4 S-LTE Exynos 5433 ver.) for anyone that's wondering. It's current state : Completely stock with no root. USB debugging disabled. No Samsung Account linked to device. Can't change password through ADM. No more guesses left for the password anymore, any more will reset the phone.
So yeah. For the past few days I've been trying to bypass Android Device Manager's remote "Lock" feature that's meant to keep your data safe from thieves. As for why? Long story short : I tried to pull a prank on my brother by remotely locking his device through ADM. I have since forgotten the password (it was a random combination of letters and numbers that I thought I could remember, but obviously not.) and trying to set a new password through Android Device Manager just gives me the infamous "Since Google has verified that a screen lock is already set, the password you entered won't be needed." error message.
Now, if this was a phone that belonged to me, I would just install a custom recovery and remove the password with a password disable zip, but unfortunately, that is not an option here. I probably forgot to mention that I CANNOT void the warranty (as in trip the KNOX counter) under ANY circumstances and would very much like to avoid a factory reset. Am I out of luck here? Or is anyone here aware of a method that can be used to bypass the ADM lock / or a way to backup data with usb debugging disabled. Thanks.
use smart switch to go back to stock firmware
SrikarPrayaga said:
use smart switch to go back to stock firmware
Click to expand...
Click to collapse
Hi, could you explain what you mean by this? Does smart switch work even when the phone is locked? And what would going back to stock firmware do? Thanks.
Hi Guys,
my MOthers new Xiaomi MI A1 was stolen this week.
1. Now my Question, is it possible for the Thief to get on her Data?
Theroretically not, because the phone was on last official android update 7.1.1 (nov sec patch)
Phone was saved with a Fingerprint and PIN and ohone was encrypted.
2. Is it possible for the Thief to hard reset the phone via adb or fastboot to got a use for the phone (resell etc)
Thanks
Even if he would format it, the phone will ask to log into Google account of the user that was logged in before formatting. I doubt the thief is smart enough to bypass it.
1. did you enable "require pin/password for phone startup"? If yes, there is probably no way to decrypt the data without the PIN. If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP.
2. factory reset will trigger FRP, but it's probably quite easy to bypass it with a bit of patience.
_mysiak_ said:
1. did you enable "require pin/password for phone startup"? If yes, there is probably no way to decrypt the data without the PIN. If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP.
2. factory reset will trigger FRP, but it's probably quite easy to bypass it with a bit of patience.
Click to expand...
Click to collapse
Yes PIN was set on startup.
" If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP. "
How can he unlock the bootloader? I think he need DEV options and OEM unlock enabled, right?
Consider: There is no MIUI on the phone, its a Android One Phone.
ГАСООП said:
Even if he would format it, the phone will ask to log into Google account of the user that was logged in before formatting. I doubt the thief is smart enough to bypass it.
Click to expand...
Click to collapse
Is it possible to bypass this google account verification?
Flash-User said:
Yes PIN was set on startup.
" If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP. "
How can he unlock the bootloader? I think he need DEV options and OEM unlock enabled, right?
Consider: There is no MIUI on the phone, its a Android One Phone.
Click to expand...
Click to collapse
You are right, I forgot about OEM unlock option (I enable it by default for all my devices). In this case, data should be safe.
My phone is unlocked but OEM Unlock was disabled in Developer Options... So I think is not a problem having that option disabled.
Flash-User said:
Hi Guys,
my MOthers new Xiaomi MI A1 was stolen this week.
1. Now my Question, is it possible for the Thief to get on her Data?
Theroretically not, because the phone was on last official android update 7.1.1 (nov sec patch)
Phone was saved with a Fingerprint and PIN and ohone was encrypted.
2. Is it possible for the Thief to hard reset the phone via adb or fastboot to got a use for the phone (resell etc)
Thanks
Click to expand...
Click to collapse
Try to erase using 'Google Find My Device' i think you can erase the phone using that, also you can know locations where the Device right now.
Just try, Good Luck :good:
Hit 'Thanks' if helped. ASAP
I am fairly certain there would be ways to circumvent the google account verification using fastboot commands and MiFlash. It takes some work and patience, but it should work.
However, as far as I know there are ways to get the IMEIs of the device blocked by carriers when reporting the device stolen. Not entirley sure what needs to be done to do this, but this would render the device useless for the thief.
Localhorst86 said:
I am fairly certain there would be ways to circumvent the google account verification using fastboot commands and MiFlash. It takes some work and patience, but it should work.
However, as far as I know there are ways to get the IMEIs of the device blocked by carriers when reporting the device stolen. Not entirley sure what needs to be done to do this, but this would render the device useless for the thief.
Click to expand...
Click to collapse
Imei blocking is not really gonna help. It's too easy to change.
Yes there are ways around everything in this thread and tuts to do it are only a search away. Heck we host most of the tutorials right here.
Hi,
I have a Tab A6 SM-t580, had it for a while then stopped using it, decided I wanted to give it to my son to play with, so did a reset by home & Vol Up & power button, then eventually it asks for this google verification, I've never seen this before and I cant remember the email address or password i used at the time because I just create a new random one for each device i have.
I used odin to flash the firmware but same thing
I tried to use odin to flash the root from here - https://forum.xda-developers.com/galaxy-tab-a/how-to/root-t3674409 but that says its blocked the file because of the FRP lock.
Have I totally fooked this now? Do I just have a shiny paperweight?
Thanks
And another T580 falls victim to the FRP lock. If you don't enable Developer's options and OEM enable prior to a factory reset, you'll be required to enter your Google username and password upon first reboot. This is supposed to discourage thieves but it seems legit owners get bit by it more than the thieves. The good news is that you can recover from the disaster. But it isn't easy. Search the Q&A threads for "T580 FRP lock" and you should find the instructions for fixing it.
Thanks for that, I like the anti theft system, but maybe it should display a warning before you commit to the reset. I've done plenty of resets before on my android devices before and never seen this
A warning would also alert the thief not to reset. I know some people want more than one Google account and can forget what account they used on a given device. But I think the answer to this would be to allow some method of associating one's account to a main account that could be used to see what logon and passwords were used on each device. Personally, I use the same account on all devices. I have close to a dozen and if I used a different account on each, I'd never remember them all.
I've sorted it thanks to this post - https://forum.xda-developers.com/galaxy-tab-a/help/samsung-sm-t580-frp-lock-t3619870/
Thanks!!!
Okay, so i'm out of the XDA world for a couple years, technology probably changed a lot, so no blaming for being noob etc.
So, i lost my phone on 25.12.2020, FindMyDevice and FindMyMobile are completely useless, all their functions are unusable for some reason.
I started panicking really, so i checked on some videos online if people can bypass the password and use the phone somehow. Surprise, it is easy AS FVCK! All they did was go in recovery and just factory reset it. On top, 3rd day i changed my Google password (which i will never regret in my life), so probably the phone is out of my Google account as well.
So my last hope is that i remember i was trying to root my phone and i couldn't. It was from Verizon. Unrootable. It was some bootloader v4 or some ****. Not really sure.
TLDR, Unrootable S10+ with unlockable bootloader, is it able to factory reset? Wipe it out and bypass the password?
It is always possible to boot to recovery mode and erase the device there. However, deleting the entire storage does not mean that the device is usable after that. When a device is not 'officially' wiped; it is mandatory to log in with the last google account that was on the device. It does not matter that you have changed your Google password. This securityfeature is called frp lock. Unfortunately, frp can also be circumvented when a device is rooted. But in order to be able to root, the bootloader must be unlocked and that is only possible if the device is unlocked. Your device cannot be used by others. But as you mentioned before, FindMyDevice did not work on your device so this lock is of no use to you. The only thing you can do is register the imei number as stolen and then wait for the device to be sold and checked.
Report IMEI as Lost / Stolen - IMEI.info BLACKLIST - News - IMEI.info
Sorry for my bad English.
Mate thanks a lot for your answer, you really helped a lot! Im glad those busters wont be able to use my phone now!