Related
This actually applies to most HTC handsets, heck, maybe most phones, but this is the Dream forum and I wanted to talk about the Dream (since I own one). I actually had realized this the day I first rooted my phone, but it had been on the back of my mind until today when I ported MCR 2.6 for the Dream and saw the laughable WaveSecure app. I then thought about posting this general warning for Dream users and hopefully we can brainstorm and bring this big security hole to an end.
WaveSecure is an app that runs as a high priority process in your phone and it can do silly things such as disallow the usage of the device or access to the data on it by placing a locking screen on your phone. To enable your phone back, you enter a pin. Does that sound familiar? Ofcourse, your phone already has a lockscreen. The app also has a few backup and restore features, but nothing that hasn't been done before. Probably the only worthwhile feature is the ability to lock your phone remotely (but then the lockscreen was already active anyway).
Our rooted phones are different than stock ones, though. If you lose your phone and a knowledgeable person gets a hold of it, all they have to do is reset the phone, hold Home and Red, and voila, they have access to ALL your personal data inside your phone. I'm not only talking about the SDCard here, because accessing that data is so stupidly simple, but your phone writes enormous amounts of personal data to /data. There you can find account logins for all your installed apps, contacts info, you can find browser cache info and if you do your banking on your phone's Browser and have cookies set, well, they're all there. I've looked through several of the files in /data and most things there are dumped in human readable format, so a crook wouldn't even have to try very hard. I found my home's wifi hidden SSID AND 22 character lenght alphanumerical WAP2 encryption key in a file, and both were labeled as such .
One solution I see is easy, modify recovery to give you an option to prompt for password on start. But there's still the fact that, with the device on, we can still adb remount and then adb pull /data, so the adb binary would also have to be re-written for this purpose.
There's still yet another problem, though. Fastboot... Most of us are running a flavor of an Engineering SPL (either Death SPL or Hard SPL), and even if we block /recovery and /system, a crook can still fastboot flash boot and fastboot flash system and with a minimal booting image (no android runtime, only enough in /bin to boot a linux system) he can still get adb pull /data access.
That's where I'm at a loss, though. How do we patch SPL to prevent unauthorized usage? Are there any other security gaps I might have missed?
Comment, discuss, develop.
I'm confused. Wiping clears out the /data partition. Where are you getting all this data from post-wipe?
And that's exactly why I carry my important data safely with me. Wipe clears out the /data partition as much as "Emptying the Recycle Bin" erases deleted data in Windows.... meaning, it's still there. Although flash memory is better at deleting data, it can still be easily recovered, but then again, how are you supposed to wipe if you don't have the phone with you. I didn't see anything about remote wipe. Also, any person with two neurons firing would think right away about removing the battery and SIM before attempting anything.
Also, so let's say a wipe did clear /data entirely and you were able to remotely wipe EVERY SINGLE TIME the phone was lost or stolen (I once went a week without realizing I had lost my phone, paying that kind of bill and talking to Customer Service for hours on end is no fun), it still doesn't mean that the security gaps are not there. I still think they should be fixed, even if to foil people not interested in the data at all but on using the phone for their own. Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?
Oh, I see what you meant XD. Edited my post.
I've noticed this too, but the safest way to secure it is to have android encrypt the files as they are put on the data partition. Even then, that data is still unsecure. We should file an issue with the google code page for android and have them worry about it
Well, this has actually been considered...
For 'droid 1.6: From the home screen, Menu --> Settings --> Security --> "Use secure credentials". It is, of course, up to the application to make use of secure credentials. This is something that you should question the developers of secure applications about.
Other times, you may note that applications like "Password safe" will password protect and encrypt their data sets.
So it is definitely up to you to ensure that the applications that you use are written with security in mind.
Now for your home wifi password... does that really matter that much? They have to actually be IN (or very near to) your home to make use of it.
B-man007 said:
I've noticed this too, but the safest way to secure it is to have android encrypt the files as they are put on the data partition. Even then, that data is still unsecure. We should file an issue with the google code page for android and have them worry about it
Click to expand...
Click to collapse
No device can be more secure than being encrypted (assuming use of strong encryption). There is most definitely NO WAY EXCEPT encryption to secure your data.
I guarantee that EVEN WITH a no-root recovery partition and a no-fastboot bootloader that enforces system image signatures, that the data on the device *CAN STILL* be read off it.
It is definitely impossible to secure these devices against being read through something like jtag. And if it is read through jtag, the only thing that can possibly protect your data is encryption.
is it possible to do a complete wipe of the device? i know its not permanent but i figure if i quit banking online after i wipe the phone then i am no longer succeptible to that form of theft
I bet this is making some people that sold their rooted G1's nervous right now lol
this is the same issue blackberry users have, , even with a remote wipe ,there was concern that data can still be retrieved. That's also why the secret service is so concerned about the president having and using one daily, if its ever lost or stolen, ,,well you know, ,,
So rooted or not android is not the only platform with this issue. .
I would like to address this
"Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?"
Did you know if you called any cellphone carrier that you have and told them your phone was lost/stolen they will put the IMEI or ESN on the lost/stolen list, and then it can no longer be active on their network and from what I hear any other networks.
card13 said:
I would like to address this
"Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?"
Did you know if you called any cellphone carrier that you have and told them your phone was lost/stolen they will put the IMEI or ESN on the lost/stolen list, and then it can no longer be active on their network and from what I hear any other networks.
Click to expand...
Click to collapse
Depends on where you are, here in Canada, if it gets blacklisted by Rogers, it will still work on Fido (which happens to be owned by rogers).
There is also the possibility of rewriting the IMEI. Not exactly a major difficulty.
I have an idea. Since that, if someone gets hold of your phone physically, there's no way that he/she will be restricted from accessing the data, unless it's encrypted properly.
Therefore, to enhance the security, the data (or at least, /data) should be encrypted all time. I'm not familiar with Linux so I have no idea if it's doable or not, but that's a start.
That way, even if someone gets hold of your phone, and flash/hack/cheat all kinds of things, fastboot, recovery, adb... He/she will still be unable to access your data.
To do this, the bootloader (or the init script?) needs to implement a way to unlock the data.
To further increase the security, remote shutdown and wipe should be implemented as well.
Remote lock will NOT work because, while a phone is locked, it means it's running, and the data is already unencrypted at that point, and while I don't have much knowledge in hacking. I think a serious-enough person can hack the phone and get the data.
Of course, this still doesn't solve the problem that, if you, or your family member, is being held at gunpoint.
Just my 2 cents.
1) No changes to bootloader. Bootloader is not relevant to encrypted /data. The changes would be to add in the appropriate encryption scheme to the kernel. Also, to mount the /data partition using the selected encryption method, and to prompt at the appropriate time (mount time) for password. This would be DURING BOOT.
2) The reason you don't want to do this is that d/encryption eats CPU and memory.
bug666 said:
I have an idea. Since that, if someone gets hold of your phone physically, there's no way that he/she will be restricted from accessing the data, unless it's encrypted properly.
Therefore, to enhance the security, the data (or at least, /data) should be encrypted all time. I'm not familiar with Linux so I have no idea if it's doable or not, but that's a start.
That way, even if someone gets hold of your phone, and flash/hack/cheat all kinds of things, fastboot, recovery, adb... He/she will still be unable to access your data.
To do this, the bootloader (or the init script?) needs to implement a way to unlock the data.
To further increase the security, remote shutdown and wipe should be implemented as well.
Remote lock will NOT work because, while a phone is locked, it means it's running, and the data is already unencrypted at that point, and while I don't have much knowledge in hacking. I think a serious-enough person can hack the phone and get the data.
Of course, this still doesn't solve the problem that, if you, or your family member, is being held at gunpoint.
Just my 2 cents.
Click to expand...
Click to collapse
lbcoder said:
1) No changes to bootloader. Bootloader is not relevant to encrypted /data. The changes would be to add in the appropriate encryption scheme to the kernel. Also, to mount the /data partition using the selected encryption method, and to prompt at the appropriate time (mount time) for password. This would be DURING BOOT.
Click to expand...
Click to collapse
So that's the init scripts?
lbcoder said:
2) The reason you don't want to do this is that d/encryption eats CPU and memory.
Click to expand...
Click to collapse
And battery, may I add?
To what extent is the question, I don't think it's a must-have feature for everybody, but think some may be willing to put up with the trade off...?
bug666 said:
So that's the init scripts?
Click to expand...
Click to collapse
Mainly kernel, but yes, some adjustment would have to be made to the init.
And battery, may I add?
Click to expand...
Click to collapse
Certainly. Anything that eats CPU eats batter.
To what extent is the question, I don't think it's a must-have feature for everybody, but think some may be willing to put up with the trade off...?
Click to expand...
Click to collapse
A better implementation would be to encrypt *some* data, i.e. application home directories, but specifically NOT the ~/lib directory. Because really, do you CARE if your APK's or dalvik cache are encrypted or not? This would minimize the performance impact (to negligible) while providing the desired data security.
Also, encryption on a per-application basis would allow this to be done withOUT having to pause bootup to ask for a password... it could be done more intelligently on first-access-attempt.
Anybody tried using Walkie Vault (http://www.walkie-vault.com/)...? Can it encrypt the data/home folder...?
A system-wide usable encryption system that different apps may make use of is a good idea, but is it on Android's agenda yet...?
It hasn't quite entered the collective consciousness that the connected smartphone, as configured today and if logged into online services, is the ultimate personal identity device. Unlike other personal effects we keep on us at all times (id cards, keys), a Google login gives a thief potentially a treasure trove of data to exploit without requiring any further identification to the phone other than the lock screen (assuming the user has set one). Once it becomes a big enough issue we may see solutions such as:
- Built in biometric identification (fingerprint scan, iris scan) replaces lock screen.
- OS framework requires apps storing sensitive user data to store into encrypted databases, authenticated from above biometric keys.
- Carriers, digital identity providers (e.g. Google, MSN) providing remote wipe as free standard services and accessible over the phone, not just a web page.
No computer is 100% secure.
Biometrics are often easy to fool.
3 of the fingerprint scanners I have encountered were easily by-passed with a pencil, and a rubber glove. Not to say they are all like that, but some are super simple to get around. Myth busters bypassed one with a photo copier and a sharpie. My buddy bought one super cheap, and put it on his wife's computer to make her feel safer. We bypassed it by breathing on it. (it was super cheap)
The current "Lock" on the G1 is like that super cheap biometric scanner. Your fingers leave behind oils. Oils are what leave the marks on the screen. Breathe hot air on the screen and you can see the pattern of the lock sequence. Some lock.
Note to self: remember to wipe off screen everytime you unlock phone.
I think that the best way around this is to remove all the data from the phone in the first place. For several years now I have been telling my friends that google's ultimate goal will be server side data storage that you log into to use.
The world of cell phones is headed this direction as well.
Google voice, Google Chrome, Google Docs, Cloud....all operate under the idea that you connect to the data, manipulate it, save it, then (ideally) your device forgets it was there.
If you want to stop cell phone theft, you have to hard code the phone to accept only one set of data, and any attempt to change that data in a way not prescribed by the phone will result in the destruction of the data and the usability of the phone. Not real cost effective for a device that lasts on the average of 18 months.
Another option is to make a daily use phone. Only good for 24 hours. Then you have to get a new one. Make them cheap, and disposable.
Common users would freak out over having to back up the data all the time, or you would need a uplink storage location like...oh say Google voice, Google Chrome, Google Docs, Cloud.
The average consumer has no clue what that thing in their hand is capable of doing, storing, or tracking. The techno geek is the problem and much like ROM's, what stops a Techno geek today, won't necessarily stop him tomorrow.
In the mean time, wave secure at least offers you the satisfaction of telling you when someone has put a different sim in your phone.
And it will scare the crap out of someone when they pull out the sim card. it is very loud!
But I agree the android system needs a better lock.
Maybe a mod could be prepared to separate /data into a cryptfs system, only trouble is that to make it secure a start/unlock password would need to be entered.
I'm still running Fresh 1.1. I've been holding off on the upgrade to a 2.1 ROM since I use this phone daily for business, and CAN'T have a ROM that has things missing or broken, or that just has general annoyances that interfere with the usability of the phone. It looks like we finally have some 2.1 ROMs that really are "100%" (there were claims going back awhile ago, but they definitely were not "100%").
My question is: What is the exact upgrade process, and what is the impact of that process? There are tons of threads about these 2.1 ROMs, but none have detailed specific install steps and explain exactly what you're doing. The threads seem to be targeted towards those that have a "disposable" state of their phone, not those that need a consistent and reliable phone.
It seems to be consistent that these upgrades require a factory and dalvik cache wipe. What exactly does that do? I have ~20 apps installed from the market, and they're probably 50/50 paid and free. Will these disappear during the wipe/upgrade process? Will they auto-reinstall from the market? If not, what is the best way to back them up and restore them? What other data will I lose and need to restore after the wipe/upgrade? I'm ready to move to a 2.1 ROM, but can't risk losing data or spending a couple days rebuilding my phone back to a usable state.
cmccracken,
I have been running 2.1 based roms since the Eris leak and have been very satisfied and have come to the place that i am currently experiencing no problems, however, I would advise you to wait if you are using your phone for business because all current Sprint based 2.1 roms Damage, Flipz, Regaw, etc) have the potential to leave you with no audio (no audio in calls, rings, notifications). This is a random problem that is not affecting everyone but just know it could happen. Rethink this move until the devs here can fix the audio problem for sure.
Yowza, that's scary. It would be nice if ROM dev's would actually list known issues and remove bogus "100%" claims. Flakey audio on a phone for even a portion of users is NOT "100%" by any stretch of the imagination.
I'd still like to see an explanation of the upgrade process, and what the impact to apps and data is.
Well, for most people these roms are 100% (just not for a select few and no one knows why yet).
As for impact of data etc. If you upgrade to a 2.1 rom, you will loose everything. All apps will be deleted (although thy can be backed up with Titanium backup, an app on the Market)You can still use your paid apps. All themes will be deleted. All contacts will be deleted, though they will resync as long as you have them backed up through your Google acct. All saved texts and emails will be deleted. This will be a complete wipe and I would strongly advise you to try 2.1 if you were only using your phone for personal use, but business......
cmccracken said:
Yowza, that's scary. It would be nice if ROM dev's would actually list known issues and remove bogus "100%" claims. Flakey audio on a phone for even a portion of users is NOT "100%" by any stretch of the imagination.
I'd still like to see an explanation of the upgrade process, and what the impact to apps and data is.
Click to expand...
Click to collapse
hello,
when you change firmware versions (1.5 to 2.1) you will need to wipe data. basically start over. everything on the sd card will stay (pictures, music, anything you've downloaded) but all apps and app data will be gone. never fear, your market history will be there still and any paid apps you don't need to pay again. even your free ones should still be in your download history. then after a while your contacts will get pushed from gmail and pretty much all you will need to set up is individual app settings/ custom ringtones/ custom sense setups.
you get used to it after a few times
EDIT: but yes if you use your "phone" a lot for calling you may experience the no-audio (i haven't...yet) and sometimes your phone will ring and then freeze up you won't be able to answer the call. that's irritating
cmccracken said:
Yowza, that's scary. It would be nice if ROM dev's would actually list known issues and remove bogus "100%" claims. Flakey audio on a phone for even a portion of users is NOT "100%" by any stretch of the imagination.
I'd still like to see an explanation of the upgrade process, and what the impact to apps and data is.
Click to expand...
Click to collapse
first I use my phone to run 2 different businesses and have been running 2.1 since the first eris build with no problems. I would strongly suggest making the change as now we are building off of the actual sprint leaks everything works out of the box. and considering that from the way the 2.1 releases have been for the droid sprints "official" 2.1 will more than likely come in the form of an RUU anyways and you will lose everything. so why not make the switch now.
second yes there are some that have the sound problem but that seems to be the only issue if you use wither damage control or fresh 2.0d the new zen one still needs a fix for the market so that would not be the way for you to go if you dont want to fix it. also just so you know by your logic even the sprint 1.5 release could not be considered "100%" as even it had its bugs and there are people that have issues. you have to understand that we basically have computers in our pockets and with that comes some bugs. hell even the market leader in personal comp OS's (microsoft) just sometimes does not work right on some peoples comps. This is the reality that we live with in a world of tech. in the world of software NOTHING is EVER gaurented to work for 100% of the people 100% of the time. if you can find a company that pulls that off let me know so that I can buy stock. lol
as far as the upgrade process goes it is pretty much the same as when you flashed fresh 1.1 download the zip, put it on the root of your sd card, boot into recovery, choose the wipe option and then choose wipe data/factory rest and wipe dalvick cache, go to the option flash zip from sd, choose the proper file, flash, reboot, enter info, done.
1.5 doesn't work 100% either by our standards. Flipz 1.1 is a step in the right direction, but the underlying version of the OS is flawed.
2.1 makes the phone work better, period. Ive tried almost every ROM around for this thing, and I'd have to say the latest Flipz offerings are pretty spot on. I dont have anything not working at this point. Sure there are some minor annoyances, but nothing deal-breaking. Plus when you get used to the process, its easy to update to a new rom or figure it out and patch yourself if you DO find a problem.
Sure there are some having odd issues, but their numbers are low (or theyre not posting) and every problem ive been able to either
A)try wiping and reflashing more than once
B)go back to my old install via backup/recovery (nandroid...recovery image)
The benefits of 2.1 far outweigh the very minor bugs ive encountered . Just getting rid of the laggy moments sold me on the 2.1 v 1.5.
BTW When is a device ever at 100% working? Ive never seen it.
I have a stock 32 gb wifi only Nexus 7.
I was in Vegas last week to get married, placed the Nexus 7 in the room safe and when I came back, it was gone. Strange part was the thief left several thousands of dollars in wedding rings, pearl necklace, etc in the safe. All they took was my Nexus 7.
I discovered it missing scant minutes before we had to meet the limo to take us to get married. So we got married and when we returned to the hotel I reported it.
Security came up to the room after we did a report in their offices and searched the room thoroughly at my request. I opened the safe and we emptied it, security searched the safe and all around it with a flashlight, it was not in the room.
My wife and I left with security after the room search, security went back to work (I suppose), we went to dinner.
A few hours later we returned and I noticed the closet doors had been disturbed. The maid had been to the room MUCH earlier in the day. So I opened the safe and lo and behold, my Nexus 7 had "found it's way home".
I can think of no good reasons why someone would steal a Nexus 7 then return it. I can certainly think of a few bad reasons why they would do such a thing.
So I left it in airplane mode for the remainder of the trip, just used it to read a book on the Kindle app.
Of course I took a LOT of security measures with my banks, etc.
Since this has happened I returned home and encrypted the tablet. There are two levels of passwords you have to go through now when it boots just to get to the "desktop".
I also installed AVG after the theft and did a complete scan, I made sure to tell AVG to scan EVERYTHING.
The scans came up clean.
ALL my passwords where I bank, etc have been changed. I always use passwords of 15+ characters and when I can I also mix in special characters such as [email protected]#$, etc. Often banks won't allow those though. Curious.
So, I do use this tablet to login to my bank accounts sometimes.
Do you feel I'm safe to do so again?
Should I do a complete wipe of the tablet?
I do have the correct version of Android and the correct build number that I downloaded. They are for the wifi only Nexus 7 and they match what's on the tablet now.
If you feel I should do a complete wipe, where can I find a tutorial? ... and will my apps including the paid ones automagically reinstall?
You shouldn't have touched the tablet at all, but called the police to take evidence, such as fingerprints and an analysis of whatever might have changed.
Now that aside, using a probably Compromised device any further is not the smartest thing either. It does not matter if you change the password of anything, if you then enter the password through the compromised device, since there you are giving away the new password again.
Wipe the device, reset it to factory and restore from a pre-vegas backup. Then change all accounts again.
Sent from my Nexus 7 using xda premium
Maybe its someone you know or room service. BTW the reason they returned it because they realized its not an iPad mini. Next time you need to spend more money on hip devices of you want it stolen.
You might want to wipe the device not just factory reset which is not wiping, since it will retain the system partition. I don't know how to write zeros to the partition and doing it wrong probably perm brick the device too, but someone else might know. But you can be more thorough by using fastboot to flash the factory image which will format all the partitions, then encrypt afterward. Just use the sticky thread in this section on hour to factory reset and use the fastboot links in my signature.
Also I don't use antivirus on Android, but last time I heard Microsoft once pulled AVG from their app store because it doesn't do anything but run adsware. Not saying that it's useless, but there are other good ones to look at: http://www.av-test.org/en/tests/mobile-devices/android/jan-2013/ I heard good things about Zoner as well. Just throwing a few suggestions out there, use which ever you prefer.
This is also a good time for you to check out the app Cerberus for theft prevention, but it required sending hidden text message so I guess you will need a 3G version to receive SMS, but still recommended for phones.
Also make sure to turn off USB debugging when not using it.
Sent from XDA app
Hi All,
This is my first post on XDA and I hope that I'm posting in the right place!
I have a Nexus 4, 4.4.2 which has never been rooted. For what it's worth, I've always run AV software (Lookout from day 1, subsequently Kaspersky) and only downloaded from the Play Store. (I have always had 'Unknown Sources' unticked). I'm pretty careful with permissions.
In hindsight (a wonderful thing) things started shortly after one of the Kitkat OTA updates. Not absolutely sure which…
One evening, my lock screen clock suddenly showed my time as 3 hours ahead (i.e. Moscow: I'm in the UK) along with a rectangle giving my home time zone time. I googled the symptoms and it seemed widely reported so I just put it down to an update bug and carried on.
However, I've recently been having large, unexplained, data spikes in seemingly innocuous programs. Specifically, I had a 6GB spike attributed to Opensignal. I uninstalled Opensignal, but the data use continued, albeit on a smaller scale, reported in Data Usage as 'Removed Apps'. This was definitely data use *after* the program was removed: I altered the sliders to focus on the time after uninstall.
To be on the safe side, I gritted my teeth and performed a factory reset and altered my important passwords.
However, this is happening again.
'Removed App' data use has started increasing once more and have just had another large data spike attributed to, of all things, Kaspersky. Over 600MB in a day. All data is now turned off, but possibly too late?
Do I have to assume that the phone is well and truly hacked? If so, am I going to have to unlock and root the phone and side load a factory image from Google, or is there an easier route?
Many thanks in advance for any help.
Cheers,
Edward.
muso_ed said:
Hi All,
This is my first post on XDA and I hope that I'm posting in the right place!
I have a Nexus 4, 4.4.2 which has never been rooted. For what it's worth, I've always run AV software (Lookout from day 1, subsequently Kaspersky) and only downloaded from the Play Store. (I have always had 'Unknown Sources' unticked). I'm pretty careful with permissions.
In hindsight (a wonderful thing) things started shortly after one of the Kitkat OTA updates. Not absolutely sure which…
One evening, my lock screen clock suddenly showed my time as 3 hours ahead (i.e. Moscow: I'm in the UK) along with a rectangle giving my home time zone time. I googled the symptoms and it seemed widely reported so I just put it down to an update bug and carried on.
However, I've recently been having large, unexplained, data spikes in seemingly innocuous programs. Specifically, I had a 6GB spike attributed to Opensignal. I uninstalled Opensignal, but the data use continued, albeit on a smaller scale, reported in Data Usage as 'Removed Apps'. This was definitely data use *after* the program was removed: I altered the sliders to focus on the time after uninstall.
To be on the safe side, I gritted my teeth and performed a factory reset and altered my important passwords.
However, this is happening again.
'Removed App' data use has started increasing once more and have just had another large data spike attributed to, of all things, Kaspersky. Over 600MB in a day. All data is now turned off, but possibly too late?
Do I have to assume that the phone is well and truly hacked? If so, am I going to have to unlock and root the phone and side load a factory image from Google, or is there an easier route?
Many thanks in advance for any help.
Cheers,
Edward.
Click to expand...
Click to collapse
I know you probably isn't going to like this, but for the most part, apps like Kaspersky and lookout does a lot of phoning home, thus use a lot of data. Some will say they are useless, but that's a judgment call. I have tried them but usually end up getting rid of them.
I don't know OpenSignal so I can't really speak on it. What's it used for?
Sent from my Nexus 7 (2013)
no silly Malware are for Windows. You said Kaspersky? lol.... anyway seems like an app issue. I always enable > set mobile data limit to certain MB / GB. Try checking other apps aswell like (Google Plus, Facebook) disable auto photo sync.
To Factory Reset:
1. Backup your files from your sd card.
2. Download Nexus 4 4.4.2 (KOT49H) image from here.
3. Extract it using Winrar or 7zip.
4. Connect the Nexus 4 to your computer and run *Flash-all.bat*
5. Let it do its magic.
Berrydroidcafe said:
I know you probably isn't going to like this, but for the most part, apps like Kaspersky and lookout does a lot of phoning home, thus use a lot of data. Some will say they are useless, but that's a judgment call. I have tried them but usually end up getting rid of them.
I don't know OpenSignal so I can't really speak on it. What's it used for?
Sent from my Nexus 7 (2013)
Click to expand...
Click to collapse
Hi,
Thanks for the reply.
Opensignal is a crowd-sourced mobile/wifi signal mapping app.
Can't post a link yet (only 1 post!) but if you Google it... Had it installed for ages and didn't use more than a few kB a day, as one would expect.
Really think it's something deeper than this, because programs are continuing to use data after uninstall and, although AV programs use a fair bit of data, half a gig for just definition updates seems silly.
Cheers.
muso_ed said:
Hi,
Thanks for the reply.
Opensignal is a crowd-sourced mobile/wifi signal mapping app.
Can't post a link yet (only 1 post!) but if you Google it... Had it installed for ages and didn't use more than a few kB a day, as one would expect.
Really think it's something deeper than this, because programs are continuing to use data after uninstall and, although AV programs use a fair bit of data, half a gig for just definition updates seems silly.
Cheers.
Click to expand...
Click to collapse
My suggestion would be to wipe your dalvik, cache and at the extreme your data, but you're not rooted.
The AV app(s) does a lot more than check for definition updates. They also check out the websites that you visit as well. That could account for the data used.
I'm not aware of an app that could wipe the mentioned partitions without root. Maybe someone else might know?
Sent from my Nexus 7 (2013)
Hi all, I am starting this thread for my own info, but also hopefuly to see if it can be helpful to others in the future.
I often change devices, and soon will resell my S4.
Usually, before doing so, I wipe all, including internal storage from recovery then flash a stock/stock looking rom.
Should that be enough to get rid of absolutly everything? I recently heard a podcast where they were discussing the fact that many phones sold on ebay and such still contain quite a lot of personnal data, but I tend to think that the people reselling their devices just don't even take the necessary precaution to wipe it.
They went on saying that encrypting the device, then removing the encryption would make sure that nothing is left, but is it really necessary in your opinion? I am thinking that simple formatting all as I do (and many of us too I guess) should be enough?
What do you think?
kipue said:
Hi all, I am starting this thread for my own info, but also hopefuly to see if it can be helpful to others in the future.
I often change devices, and soon will resell my S4.
Usually, before doing so, I wipe all, including internal storage from recovery then flash a stock/stock looking rom.
Should that be enough to get rid of absolutly everything? I recently heard a podcast where they were discussing the fact that many phones sold on ebay and such still contain quite a lot of personnal data, but I tend to think that the people reselling their devices just don't even take the necessary precaution to wipe it.
They went on saying that encrypting the device, then removing the encryption would make sure that nothing is left, but is it really necessary in your opinion? I am thinking that simple formatting all as I do (and many of us too I guess) should be enough?
What do you think?
Click to expand...
Click to collapse
When you wipe your data you are still able to recover them with programs like Recuva.
To be 100% sure you have to delete your data and overwrite the complete internal storage with senseless information.
Sent from my Galaxy S4 using Tapatalk
DarkerTimes said:
When you wipe your data you are still able to recover them with programs like Recuva.
To be 100% sure you have to delete your data and overwrite the complete internal storage with senseless information.
Sent from my Galaxy S4 using Tapatalk
Click to expand...
Click to collapse
Oh yeah I see, but it is still some "work" to get information from an individual person, what I mean I do not hold any sensitive info or anything.
But good to keep in mind, i guess I'm just wondering if that would be enough for normal usage... No personal info can normaly survive such a wipe I think
When you delete data on a storage it still stays there. It isn't deleted, the system just releases the space for overwriting with new information.
Sent from my Galaxy S4 using Tapatalk
kipue said:
Oh yeah I see, but it is still some "work" to get information from an individual person, what I mean I do not hold any sensitive info or anything.
But good to keep in mind, i guess I'm just wondering if that would be enough for normal usage... No personal info can normaly survive such a wipe I think
Click to expand...
Click to collapse
For normal usage, yes. Using Odin to flash the stock ROM will remove all references to your data. The data will still be there but will not have a file structure so a normal person getting their hands on it won't know that there is existing data and will overwrite it with their own data in due time.
If you sell it to someone who knows what they are doing, the data is easily accessible.
If you really want to kill the data, kill the phone. Put it in the microwave for 45 minutes. Have a fire extinguisher handy. The phone will not have any data remaining.
(Do not actually do this. You will burn your house down.)
Skipjacks said:
For normal usage, yes. Using Odin to flash the stock ROM will remove all references to your data. The data will still be there but will not have a file structure so a normal person getting their hands on it won't know that there is existing data and will overwrite it with their own data in due time.
If you sell it to someone who knows what they are doing, the data is easily accessible.
If you really want to kill the data, kill the phone. Put it in the microwave for 45 minutes. Have a fire extinguisher handy. The phone will not have any data remaining.
(Do not actually do this. You will burn your house down.)
Click to expand...
Click to collapse
Haha, yes true, or I could keep the phone for myself
No I'm not trully worried, I just wanted to see if others have better, more convenient or thorough ways to do so, but really i don't care so much.
Thanks for your input, I think that my usual way is good enough, and standard
kipue said:
Haha, yes true, or I could keep the phone for myself
No I'm not trully worried, I just wanted to see if others have better, more convenient or thorough ways to do so, but really i don't care so much.
Thanks for your input, I think that my usual way is good enough, and standard
Click to expand...
Click to collapse
If you want to be more thorough figure out how much free space is on the internal storage and then upload that amount of mp3's to the storage. Then delete them. That will overwrite your data.
It could still be recovered by someone who REALLY knows what they are doing, but at this point you would have to be paranoid to worry about it.
On a tablet forum I frequent I had this exact question asked, and the solution I gave was to encrypt the data first, then wipe the device. That way if something is extracted from the device, it's virtually useless as the new owner won't have the necessary information to decrypt the data.
Yeah, all those would work too
I'm not that paranoid, as I don't really hold any very important info on this device, I think i'll just go for a complete wipe, thanks for your input guys.
There is a software named NUKE MY DEVICE.. its an apk file.. install and run it on ur device..it will erase all the data and the data will no longer be recoverable..