Hi everyone. I'll explain you. After i watched the documentary about Edward Snowden, i feel that someone is spying on me. I found the blackphone online, and his PrivateOS is awesome! I'm not a porter, so if someone may port the PrivateOS to our OnePlus X, it would be awesome!! Some guys, wanted to port it on xperia (sauce: http://forum.xda-developers.com/android/general/privatos-rom-1-0-1-t2833178)
If you want privacy buy a BlackBerry.
Hi, I had it on my Wiko Wax. I didn´t like it because de UI it´s not nice and it has a lot of security apps that I think it´s unnecessary for users like us. We have decent protection with security patches and the best security is the user. Maybe the blackphone rom is very secure yeah but if you want 100% security with this ROM just buy the blackphone, I don´t think it will be useful on our OPX. And yeah someone is spying on you. Google.
Exodusche said:
If you want privacy buy a BlackBerry.
Click to expand...
Click to collapse
Respect his idea, don't make fun.
sheraz1015 said:
Respect his idea, don't make fun.
Click to expand...
Click to collapse
Thank you so much sheraz1015!
Yesterday, i found a video on youtube. This guy was explaining how to get your search history of Google.
I found that Google, was spying on me...they recorded with microphone of my OnePlus X my voice, every 2h!!
I was surprised that they recorded me also when i was sleeping!!!
I found also that they tracked my position, but my gps is always switched off!!
I didn't know that, but everyone who has google play services on the phone, they keep in history when you open
or close any app that you have. I'm pissed off!
Will someone try to port it, or make a secure rom, maybe not based on google apps?
WithoutValorFreedomDies said:
Thank you so much sheraz1015!
Yesterday, i found a video on youtube. This guy was explaining how to get your search history of Google.
I found that Google, was spying on me...they recorded with microphone of my OnePlus X my voice, every 2h!!
I was surprised that they recorded me also when i was sleeping!!!
I found also that they tracked my position, but my gps is always switched off!!
I didn't know that, but everyone who has google play services on the phone, they keep in history when you open
or close any app that you have. I'm pissed off!
Will someone try to port it, or make a secure rom, maybe not based on google apps?
Click to expand...
Click to collapse
Can you send me the link please..
sheraz1015 said:
Can you send me the link please..
Click to expand...
Click to collapse
Here it is dude
Sauce: https://www.youtube.com/watch?v=TtmR9L0ITlM
Go to minute 2:03 also
Wasn't trying to be rude just herd blackberry has best security. But In this case I don't think it would matter. Thanks for sharing this don't think too many people know about it.
okay first: appreciate, that obviously there are other people concerned about their privacy.
second: there are people even more concerned about their privacy, like i.e. German's chancellor, making them pay 10,000$ for a cell phone - hacked. so how secure can som cell phone for some 100$ be?
next: about BlackBerry: where is ur privacy when all ur communication is routed through a private companies servers? As long as u do not fully trust such a company i'd call that surveillance too...
that being said: what do u consider to be secure regard ur privacy? first answer urself this question before making any progress. keep in mind, that ur cellphone is basically a full featured tracking system (which isnot a bad thing per se).
What do I mean?ˋWell for instance personally i don't consider photos synced to dropbox/google drive/microsoft's whatever to be private. they're located on servers inside the use, and as such accessable by officials whenever there's desire. also I do absolutely not consider my passwords to be safe when synced to my google account. Next i will not consider any call to be secure in a matter of "no one can listen"- that wont change unless u use end-to-end encryption which requires the called person to have an according setup. etc etc
i came to the conclusion that my phone simply is NOT secure! So if u do not intend to just keep ur hands off any device connected to the internet/gps u can be tracked. Just a matter of the effort to achieve that....
Now how can i just keep calm with all that. well i actually don't. its a compromise for me, as i just don't want to miss certain points which are provided by smartphones.
However I totally disagree with just handing over my private data making it needless to spy on me cause i instafacetweet**** whenever i'm at starbucks taking a coffee or sending private photos using services, that claim property of such (needless to call it by name..)
finally, to shorten this and maybe give u one or two hints especially regarding google apps etc:
- y handing google my actual name (u certainly won't be able to hide ur identity just because of this!! but referring to the last paragraph above this is step no1)
- personally i use opengapps pico which shrinks the amount of spyware down a bit (however there are some packages included safe to uninstall)
- regarding the "google tracks my app usage": well this is because u grant playstore/play services permission to do so (settings-->security-->app ausage access)
- also i have restricted access to pretty much anything for google apps as i only want playstore running(privacy guard or similar)
- using greenify (xposed required i guess) u can "uncover hidden synchronizations" which will (what a surprise) a HUGE list of syncs to be disabled in settings -->accounts-->google-->whatever
- also take a look in google settings (ads/"security")
- system administrator
etcetcetc...
if u want to minimize the chance one can create location profiles: mac spoofing (i guess thats the english term). also when u use buetooth headset, u ar visible for any near device. same goes for wlan search, nfc bla.
These are just a few things that make me personally feel a bit more comfortable using such devices. a huge part in this takes NOT using whatsapp/facebook or anything like that. i'm convinced computers don't understand social interaction, and as such they should only take a minor "transmitting" role in this and not tell me who/what i might like or what the f***
I actually do have friends and they will know if theres sth worth to know, which works the other way round too.
I hope I somehow stuck to the read thread (do u really say so? ) and maybe there were 1 or 2 points of use for u.
Whats most: the more u use/rely on such technology, the more of ur life can/will be exposed OR the more effort u will have to put into it to prevent that. (with the only result u increase the effort in spying on u/whatever).
Gesendet von meinem ONE E1003 mit Tapatalk
tet-bundy said:
okay first: appreciate, that obviously there are other people concerned about their privacy.
second: there are people even more concerned about their privacy, like i.e. German's chancellor, making them pay 10,000$ for a cell phone - hacked. so how secure can som cell phone for some 100$ be?
next: about BlackBerry: where is ur privacy when all ur communication is routed through a private companies servers? As long as u do not fully trust such a company i'd call that surveillance too...
that being said: what do u consider to be secure regard ur privacy? first answer urself this question before making any progress. keep in mind, that ur cellphone is basically a full featured tracking system (which isnot a bad thing per se).
What do I mean?ˋWell for instance personally i don't consider photos synced to dropbox/google drive/microsoft's whatever to be private. they're located on servers inside the use, and as such accessable by officials whenever there's desire. also I do absolutely not consider my passwords to be safe when synced to my google account. Next i will not consider any call to be secure in a matter of "no one can listen"- that wont change unless u use end-to-end encryption which requires the called person to have an according setup. etc etc
i came to the conclusion that my phone simply is NOT secure! So if u do not intend to just keep ur hands off any device connected to the internet/gps u can be tracked. Just a matter of the effort to achieve that....
Now how can i just keep calm with all that. well i actually don't. its a compromise for me, as i just don't want to miss certain points which are provided by smartphones.
However I totally disagree with just handing over my private data making it needless to spy on me cause i instafacetweet**** whenever i'm at starbucks taking a coffee or sending private photos using services, that claim property of such (needless to call it by name..)
finally, to shorten this and maybe give u one or two hints especially regarding google apps etc:
- y handing google my actual name (u certainly won't be able to hide ur identity just because of this!! but referring to the last paragraph above this is step no1)
- personally i use opengapps pico which shrinks the amount of spyware down a bit (however there are some packages included safe to uninstall)
- regarding the "google tracks my app usage": well this is because u grant playstore/play services permission to do so (settings-->security-->app ausage access)
- also i have restricted access to pretty much anything for google apps as i only want playstore running(privacy guard or similar)
- using greenify (xposed required i guess) u can "uncover hidden synchronizations" which will (what a surprise) a HUGE list of syncs to be disabled in settings -->accounts-->google-->whatever
- also take a look in google settings (ads/"security")
- system administrator
etcetcetc...
if u want to minimize the chance one can create location profiles: mac spoofing (i guess thats the english term). also when u use buetooth headset, u ar visible for any near device. same goes for wlan search, nfc bla.
These are just a few things that make me personally feel a bit more comfortable using such devices. a huge part in this takes NOT using whatsapp/facebook or anything like that. i'm convinced computers don't understand social interaction, and as such they should only take a minor "transmitting" role in this and not tell me who/what i might like or what the f***
I actually do have friends and they will know if theres sth worth to know, which works the other way round too.
I hope I somehow stuck to the read thread (do u really say so? ) and maybe there were 1 or 2 points of use for u.
Whats most: the more u use/rely on such technology, the more of ur life can/will be exposed OR the more effort u will have to put into it to prevent that. (with the only result u increase the effort in spying on u/whatever).
Gesendet von meinem ONE E1003 mit Tapatalk
Click to expand...
Click to collapse
Thank you very much for your dedication on a precise answering. All that you said.....you are right. Damn
I'm just trying out Nameless ROM. I noticed it has privacey guard as mentioned above. Whether it actually does anything who knows.
I'm paranoid about google services aswell.
Hence i installed a fresh build of CM13 / AOSP CAF
Installed F-Droid as primary market and replaced apps with open source replacements. (Replaced Chrome/AOSP browser with chromium etc.).
I also installed Firewall, adblocker+ and system manager for monitoring malicious apps and processes. Privacy guard & app ops also works wonders together
this not only gives u ability to customize android your way but also provides good level of security.
If you are still paranoid about identity, u can use orbot and tor network for anonymous identity. (Both found on F-Droid).
This also greatly improves battery life and keeps the phone snappy.
Hope this helps
In all honesty, just use Sailfish and remove everything you find funky. Private OS isn't worth porting. Another alternative would be to just flash any ROM without flashing GAPPs
---------- Post added at 04:02 AM ---------- Previous post was at 04:01 AM ----------
At the end of the day though, you are still at the mercy to some company... We have already lost this fight.
karan5chaos said:
If you are still paranoid about identity, u can use orbot and tor network for anonymous identity. (Both found on F-Droid)
Click to expand...
Click to collapse
I agree... in theory. however if u assume to be under surveillance, u better assume that u are not the only one inside the tor network to be under surveillance. u just need to observe a not too small amount of tor servers (which is still a relatively small amount, taking the capacity of todays intelligence services into consideration) to be able to reconstruct the whole path of any communication routed through that network. now also seeing that bandwidth is just lousy, there's just no point in using tor (except u want to access services, that require u to do so).
To cut a long story short, if u want ur internet traffic to be secure, u'll have to go for a vpn provider! (of course u have to trust that provider, as they are able to read anything u pass through that gate)
regards
t
P.S.: if u're interested in vpn service, pm me and i'll tell u my hoster which i think is one of the most trustworthy around and also provides some advanced methods other just don't.
(just to stick to the rules and not advertise here )
Related
Hey Everyone,
Wanted to tell all of you about a neat app we're developing, called Flexilis.
It's a mobile security suite for Windows Mobile devices, that keeps your device and data safe from loss, theft, hackers, viruses, malware, spam, and more.
We've currently opened signups for our private beta testing, if you're interested in checking it out, just hit up http://beta.flexilis.com and sign up, and feel free to chat about the product here
If anyone has questions or runs into trouble, just shoot us an email at [email protected] and we'll help you out!
-Chris
Community Director,
Flexilis Inc.
[email protected]
Also, if any of you request an invite and it hasnt gotten granted within a day or so, let me know and I'll take care of it.
If you weren't asking for so much personal information, you might actually get people to try your app...
we're actually working on revising that, the reason we ask for the phone number is because it's used to sms you your download link for the software later on in the process, we're in the process of moving that to later on in the process, as well as an explanation of why we ask for it.
Thanks for the feedback!
-Chris
NRGZ28 said:
If you weren't asking for so much personal information, you might actually get people to try your app...
Click to expand...
Click to collapse
Hey man,
nice thing with this soft, that we give the phone number is not so a big problem i think. could you post a little bit infos about the program? Cause on your side there a not many informations.
But i ithink i'll give it a try...
I just have one little question, on you privacy page you write:
When you use the Flexilis Services, our servers automatically record certain information about your usage. These logs may include information such as the IP address, mobile device identification number, phone number, operating system, version information, wireless carrier, web requests, browser type, browser language, referring pages, landing pages, pages viewed, or other usage information.
Click to expand...
Click to collapse
Why do record the pages we visit?
we're still working on a little bit of a tour/walkthrough area of the software on the front page, as we get closer to public beta, but for now there's nothing there yet. My first post in this thread gives a brief summary of it though. Feel free to shoot me an email at [email protected] with any questions!
-Chris
There's nothing in the software that tracks the pages you view or anything, what that refers to is on our end we track what pages users use on the flexilis website the most, much the same way other websites do, to track what pages and content on our site our most popular, etc.
JeckyllHavok said:
I just have one little question, on you privacy page you write:
Why do record the pages we visit?
Click to expand...
Click to collapse
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
No worries
1] once it's authorized the first time, it shouldnt have to authorize again, what kind of phone are you authorizing it on? we're making some fixes to the authorization process to make it even simpler that should roll out in the next release.
2] if you're outside of the US, you might need to add your country code and such if that's the case, let me know, or send me an email to [email protected] so we can look into it.
3] per all authorization questions, it'll try til its authorized, again we're fixing this.
4] per the it being hidden from task managers, we've given this some discussion, for right now it's a security feature to try to prevent theives from disabling the software, though we might fix that in the future to have the app visible in there somehow.
As far as being more indepth on all of the features, we are working on a tour of sorts to explain it all before the beta goes public.
Thanks for the feedback!
-Chris
mrcaze said:
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
Click to expand...
Click to collapse
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
fredcatsmommy: sorry it didnt work out for you. hopefully in the future when that's fixed (should be less than a week), we can lure you back, it does some amazing stuff, but we do run into bugs from time to time due to the vast number of windows mobile devices out there, and only having a small test bed of them to work with. Keep your eyes peeled, and we'll have that fixed soon!
fredcatsmommy said:
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
Click to expand...
Click to collapse
I think you need to tell us what the app actually does?
I have read this and your site and still don't know what it does?
Will hold off on trying it till I know.
How long is the initializing and activating supposed to take?
seriously, the authorizing bugs should have been worked out before releasing a beta here. we cant even tell if its running, authorizing, stealing information from our devices, etc.. I surely hope this is a legit app youre pushing, if so, FIX IT, so we can at least see what it does.
thx
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Advertising your application for beta purposes is usually not a problem. But, it seems you are here more for "recruiting" testers than anything else. Looks like you joined for this purpose only.
My suggestion to you, is to give a little more description on your develpoment. Seems there are too many questions going unanswered here.
jhw549 said:
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Click to expand...
Click to collapse
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Polargoat said:
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Click to expand...
Click to collapse
I have an HTC Mobul/Titan using default Rom/Radio with WinMo 6.1
To install it I just did what I would any other and installed it onto internal memory...
Correction: The application works just fine if you don't have push e-mail (aren't connected to a remote exchange server), I have been having problems all day with my push e-mail from mail2web which I use to forward my work e-mail to my phone. I have therefore decided to remove it as I can't afford to have it interfere with work.
After reading the article about TaintDroid (http://www.digitaltrends.com/comput...oid-apps-secretly-sharing-your-personal-data/), and how a significant portion of the apps were sending back data when not required to....I must admit, I am a bit concerned about security on my Nexus.
What are you all doing to be safe with your information on your phone? Is there a firewall that any of you are using to deny apps the ability to transmit data?
And please no responses like "don't log into anything or enter any passwords for anything on the phone" ...because then we might as well be rocking blackberries and not a phone like this with a capable browser.
"Name and shame" is the best way for an open system to eradicate this stuff
Damn alarmist journalism. Scare everybody into a corner, and then come out with a product that magically makes it all right.
Personally, I don't do anything different. I don't see why you should.
there's a firewall app that will let you block internet access to specific apps
i think it's called droidwall
Wallpapergate...
This whole issue is a joke, I agree something to monitor outgoing information would be great, I doubt however that someone who want to steal your info would sent it out unencrypted so catching this may not be easy at all..
As for this new episode of the WallPaperGate again, the info this application send is common on any platform, if you ever paid for an app on handhango or such site, the first thing they do is to ask your imei so that the app can be linked (ie DRM) to your phone… in this case the guy use imei as a cookie so that he can offer the correct screen resolution.
I would like to point out that one of the sponsor of this “studies” that target only android device is Intel who have interest into many thing including MeeGo and off course MeeGo is much safer than android…
My 2 cents…
Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).
Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:
What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html
How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html
How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html
Why would you want to install this?
There can be many reasons for installint TaintDroid:
- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is
What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.
Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.
BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
+1 for the idea
Sent from my GT-I9000 using XDA App
+1
Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
I can not cook Kernels, but this is something i want to use.
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
I am sure i am not the only one.
+1
Yes please... This should be in all android phones... as a security option you could turn on!!!
Antonyjeweet said:
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
Click to expand...
Click to collapse
And do some of these applications only send stuff when you open them?
--
From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
Do you know some ROM where Taindroid is included?
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
exadeci said:
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
Click to expand...
Click to collapse
glad you did that
+1 support the idea. hope some of our hardworking kernel builders will add this in.
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
I have been wanting TaintDroid built into android by default since the day it was announced, but I really do not think google cares about this, so please, please ROM cookers out there (Maybe Doc?), lets add this into our galaxy S roms.
Well, this seems to work only on android 2.1
Make it so.
+1
Combined with walldroid (or other firewall) this could put back power into users hands. Would really love to see this inside hardcores kernel. Maybe as an option for the stable releases?
+1
This should be the next standard in aAndroid
idea about spoofidroid application
how about a program to spoof or make the phone send fake:
GPS location,
IMEI,
phone number,
simcard id,
etc... information to applications that ask without permission.
this way you can feed these application with information they want but without breaking your privacy. (both end sides are more than happy)
-----
nice option to have:
1) enable/disable auto generate different id every time.
2) allow list / ban list of application to have real or fake id.
3) enable/disable notify for application request.
-----
there are all ready applications that fake your simcard PLMN mobile network codes without the need of kernel rights, but you need to enable disable the flight mode to restore the default code.
===========
good luck to spoofidroid or similar applications.
Jumba said:
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
Click to expand...
Click to collapse
I hope there will be developers out there who prioritize privacy/security over speed/battery and storage usage.
I'm the project lead of the TaintDroid system. We are currently working on a few extensions of TaintDroid but unfortunately are short on engineering resources to port TaintDroid onto other systems than Nexus One that we originally developed. We'd greatly appreciate it if XDA developers would take on this effort! Many ongoing projects would hugely benefit from having easy-to-run TaintDroid ROM available for many different devices and upcoming Android systems let alone user benifit.
Thanks,
Jaeyeon
Research Scientist @ Intel Labs Seattle
Ettepetje said:
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
Click to expand...
Click to collapse
beta2 lite? i think that was malware, make sure it came from rovio otherwise it's fake and you should delete it.
It's really scary to see with the lookout app how many apps can access to your imei, telephone number "Read Identity Info", can access your contacts, track your position, and can send out all this data.
Here a HTC Desire user, asking for some privacy.
Best regards!
I'm finding a lot of threads about changing from pin/password to pattern unlock, but not having any luck in completely disabling the security feature BS...
Is it possible to completely eliminate the password lock required by my exchange server? I have tried lockpicker and no lock, neither of which worked.
I would like to keep syncing but am not going to deal with this unlocking all the time (they JUST started enforcing it)...any help would be appreciated.
BTW, running Calkulin's EViO 2 v 1.7 (sense, so HTC mail)
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Thanks...I figured it wouldn't be that easy but I had to ask.
Justin.G11 said:
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Click to expand...
Click to collapse
I get complaints all the time about policies. 99.999% of the time, the policies are created/approved by steering committees, the legal department or executive management. There is usually nothing IT can do about it as the policies are put into place for legal reasons or company security.
Additionally, if IT departments are not compliant in company policies there could be legal ramifications if the company has to comply with certain government guidelines.
And IT staff don't hate dealing with people...it sounds like your work environment is not like others.
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Khilbron said:
Check out this thread to see if it does what you are looking for.
http://forum.xda-developers.com/showthread.php?t=775007
They modified the actual email.apk app to remove the security requirement that was hardcoded in it.
It was taken from CM7 which is AOSP, so I cannot say whether or not it will work on sense.
EDIT: After searching some more, droidforums has a modified email.apk file that you can install, that you use instead of the HTC mail, which tricks your exchange server into thinking that you have your security enabeled.
http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Just download the zip, and extract the apk from it, then place the apk on your SDCard and install it just like a regular app.
Click to expand...
Click to collapse
Will look into that. Thank you very much!
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
awenthol said:
I ended up using the modified email.apk from CM7...works like a charm!!! The Droid forums version kept coming up with security errors. THANKS AGAIN Khilbron!!!
Click to expand...
Click to collapse
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Justin.G11 said:
Nope, this is tightly integrated down to the OS in order to pass MS requirements, and it reports the control level back to exchange so it can make sure it's in compliance with their mobile device policy.
In theory you can make an app that proxies the API and lies about what the phone can do ... but it wont be done with a simple APK/market app ... it's integration goes much deeper.
Honestly your best best: this is clearly a new policy. complain repeatedly to your IT staff. You're probably not the only one upset ... and noise will result in policy change ... because reality: IT staff hate dealing with people. They want to deal with servers.
Option 2: if you have a buddy on the exchange team he can put you on the same policy he undoubtedly created for himself and his team, that's 10x as lenient so he can mess with his little pet projects he plays with on the side.
Click to expand...
Click to collapse
Yes..this reply really isn't correct. There have been some sqlite modifications that can be made or using the mail.apk from this link (http://forum.xda-developers.com/showthread.php?t=775007) works perfect, even with the new CM7-RC2
Bypassing Exchange security
I had this same issue with my work email. My way of bypassing it and still using the stock Mail app is by installing widgetlocker. Unfortunately the newest version does not bypass your encryption, but the older version before the most recent update does. Also it allows you to fully customize your lockscreen and add widgets and what have you. All in all pretty cool app.
widgetlocker.teslacoilsw.com/general/widgetlocker-1-2-9/
(unfortunately because i have never posted before i cannot post links so pm if the link does not work)
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
ramiss said:
Amazing! So you guys have a device in your pocket that has complete access to your work mail server (something you don't own), and you apparently don't care if that falls into the wrong hands?
I don't want to get preachy but this is serious stuff:
1. Are you aware of the damage that can fall on an organization, its IP and reputation if a hacker/spammer has access to a mail account?
2. Your company's mail server is an assett of the company. Gaining access and leaving it unlocked is like borrowing something from work and leaving it on the street.
I understand that IT policies are annoying to the end user, but they are there for good reason.
Would you leave the company vehicle unlocked because it is annoying to get the key out? No.
Oh, and by the way, you can be held directly liable for damages for disabling/ hacking around policies. I have seen employees get fired for it.
Sent from my device.
Click to expand...
Click to collapse
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
bkrodgers said:
The issue I have is with the idea that the company gets to dictate how my entire device functions. Your points are valid, but why not just require a password on the email app, not on the whole phone? Why do I have to consent to allowing them to order a full device wipe, instead of just a wipe of the company data?
Click to expand...
Click to collapse
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Sent from my "locked" device.
ramiss said:
Those are some good points and questions:
If you just locked the mail app then the app would need to encrypt/decrypt all data, which would make it MUCH slower. However, the main reason is that the app lock approach is much more hackable..one simple example would be to load a proxy on the phone to intercept communication before it could be encrypted.
The idea behind the device lock is that it happens on a deeper level and is the most secure answer.
Click to expand...
Click to collapse
Yes and no. There are approaches that are easier if you aren't securing the whole device, but that doesn't mean it can't still be hacked.
The question about having a choice with your device is actually a simple one to answer...if you don't agree with the work policy then don't use your personal device for work email.
Click to expand...
Click to collapse
Overall I agree with that, although I think at a company that offers mobile email, there's a sort of "peer pressure" to use it. Not to say that's a good reason. I'd imagine that it'd be hard for a company to actually require you to use mobile email on your personal device -- if your job truly requires it, I'd think they'd have to provide you a device if you don't have a compatible device or aren't willing to use it that way. So yes, you're probably right that you have the choice. It doesn't mean that we can't complain though.
The other thing is that, besides not having a choice, the forced answer is beneficial for everyone....if I lose my device then I definitely don't want strangers crank calling my family or getting personal info. I have read about some horrible stories.
The real question is...If your phone is lost why would you NOT want it to be secure and erased asap??
Click to expand...
Click to collapse
If it's really lost forever, yes. But what if:
- The exchange admin sends the wipe command to the wrong phone. ("Hi, I'm John Smith and I've lost my phone.")
- The "wipe after X invalid passcode" policy is enabled. A friend or a kid picks up the phone and tries to play with it. Whoops.
- Something else goes wrong...bottom line is that the company should have no right to wipe anything other than their own data.
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
matt2053 said:
Can you please post a link to the one you used?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=775007
awenthol said:
I understand the need for locking the device...I really do. But, if someone does happen to find my phone (knock on wood but HIGHLY, HIGHLY unlikely, as I've never even almost forgotten any phone, anywhere, ever) they aren't going to find ANYTHING of value in my emails. I'm pretty low on the totem pole.
If I had sensitive data on my phone...no questions asked, I would keep it p-word locked.
Click to expand...
Click to collapse
Your Exchange Admin (or you depending on the version of Exchange you're using) has the ability to remotely wipe your device in the event it gets stolen/lost.
Could anyone give a brief possible explanation of why I can connect to my exchange server easily using Touchdown, but not using the Android integrated Exchange Account Sync?
Sent from my PC36100 using XDA App
Just found this thread as I've encountered the same issue on a HTC Sensation, just setup Exchange ActiveSync, and bam, have to set up the PIN lock on the phone.
However I've noticed that once you've done it, you can then go into Settings, Security and change the timeout before it locks up to 1 hour (I think that is dependent on your company setting). Mine was defaulting to every time the screen locked, but changing it to 1 hour I find I hardly ever have to unlock the phone now apart from first thing in the morning as I tend to use it regularly through the day.
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
peachpuff said:
Its google that doesn't want to implement an internet permission, we can block apps from access to storage/location/contacts and whatnot but not the internet, blame google not samsung.
Click to expand...
Click to collapse
Well, blame them both. Samsung is knowingly 'accepting' the Google 'flaw' on it's phone. So Samsung is also culpable.
Talk about an Over the Top Melodramatic 1st post!
Stay off the internet - Get rid of your Smart TV - Live in a box... SMH
Sent from my SM-G955W ??
Niccolò Paganini said:
According to Samsung customer support and some members of this forum, this device does not have a built-in way of blocking Internet access for specific applications!
Many of those apps have permissions like "storage", "phone ID", "contacts", "calendar", "camera", "microphone", etc...
Therefore, when those applications are given Internet access they will be able to send all our data via the Internet...
That's why it would be of crucial importance and vital to have a built-in way of blocking Internet access to those apps.
For example, if an application has access to your data, to your storage or your contacts, it stands to reason that it should not have Internet access...
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Google, Samsung or any other companies should not have, simultaneously, access to our storage data, contacts, calendar, camera, microphone..., and Internet access to send out all those data and info...
Besides, most apps are proprietary... so nobody knows what info or data the app is really sending out...
(Curiously and as a side note, my son has a Huawei P10 and that device allows the user to block Internet access to specific apps).
Therefore, given that this Samsung device does not have a way to limit specific applications from reaching the Internet, the phone is a spyware device!
Click to expand...
Click to collapse
I wouldn't worry about it the NSA and Google already know everything about you.
without permissions 99% of your apps won't work. want to stop tracking ?dig deep into your account, real real deep to cut off a lot of privacy issues
then when you have time, google your name
pltctytc said:
....then when you have time, google your name
Click to expand...
Click to collapse
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Gregzi said:
Not much came out for me, just a Google+, Twitter, Photobucket and my company activity...
But: I must agree with OP to some extent...at the end it is weighting between functionality vs privacy.
Click to expand...
Click to collapse
Agreeing to ANY extent with the OP's RIDICULOUS and ABSURD post & a Thread Title that is Entirely Misleading and Uninformed!
While everyone is entitled to their opinion - This Thread & Particularly it's Title are perilously close to warrant being Reported to the Mods!
It's a simple process to Disable Background Data for each and every Application that you decide to disable in Settings - Apps - Permissions - Data - Background /Toggle Off.
I made reference to Smart TV's as they are constantly "listening" in order to provide functionality - Then there's Laptop cameras which could be equally used to "spy" on their users... Are we to disable the functionality offered by Ok Google - Which is also "listening" to provide the functionality that we have come to expect from our technology?
Two Tin Cans and String are the bastion of the Paranoid & Conspiracy Theorists.
Sent from my SM-G955W ??
**** this I'm going back to a Palm Pixi so the NSA can't spy on me!
What if.....
The NSA IS Google?!
Seriously? You're downloading things from F-Droid and Yalp and you're concerned with what data individual apps are sending? If you don't trust an app to have an internet connection, why on earth are you using it? If you don't trust the company behind an app to use your data appropriately, whey are you using that app? Do you shut off all data so your internet/mobile provider can't sniff out what you're doing? Tin foil is relatively cheap.
Niccolò Paganini said:
The only explanation for the lack of such an integrated system of blocking Internet access for specific applications can only be explained by the fact that Samsung and Google intend to have all our data and info sent over the Internet ... probably for specific domains ...
Click to expand...
Click to collapse
Surely this is "the only reason", surely. I'll assume you have thought through the entire process of creating a mobile phone operating system as complex as Android, and also every detail involved in creating an application ecosystem that scales to millions of user created applications access by billions of people that worldwide probably generates over a trillion dollars in overall economic revenue (including employment by business built around it, advertising money spent, etc). Surely you saw a foolproof way too easily do all of this AND follow seemingly arbitrary privacy rules? You MUST have also COMPLETELY ruled out every other innocent explanation using this model, including showing conclusively that it wouldn't cause ANRs, app crashes, or anything else. Right?
You also have data showing more than just you would revoke this permission right?
Right?
Mr. Orange 645 said:
What if.....
The NSA IS Google?!
Click to expand...
Click to collapse
You mean you only just realised this NOW???!
I have to say, I'm always amazed how little people care about the spying that's being done through their phones. Saying "live in a box" or "just don't use the app" is a stupid response. You can still want to be part of society (which nowadays REQUIRES using whatsapp/facebook/google) EVEN THOUGH you're uncomfortable with the privacy implications. Someone acknowledging and being aware of this, and trying to improve upon it (or even simpler, just demanding improvements by the companies you pay a thousand dollar for a new phone) is often ridiculed as if it wouldn't matter, or people accept it as an something that is required for the systems we use. Social networks could work totally fine without being centralized, google maps doesn't actually need to send your location to google to function, and no app that i know of needs to send your usage of the phone to their company to do whatever it promises to do. Yet many apps do. It's not so much about that it is possible, the problem is that it is allowed. It shouldn't be allowed, much of the data collection should simply be outlawed. But, since hardly anyone seems to care, I don't see that coming anytime soon. I've tried to find people interested in this, but not even on reddit /r/privacy/ this seems to be a major concern.
@the_toast
There's a difference between being responsible for the amount of privacy you have and the amount of personal information that has already been made available... long before people were even aware of the amount of personal information that was already gleaned from the Products and Services that you have been using for years. To some extent trying to reign in your personal information is like closing the barn door after the horse is long gone.
The guy who originally posted this Thread is focusing his "panic" on one device and THAT is naive and Grossly Misleading!
Whether it's FB (which I don't use) or signing up for a Loyalty card - Your personal information is everywhere! Using common sense going forward is the only rational approach, but standing on an imaginary mountain top and shouting to the world that one device is "spyware" is ridiculous and deserves to be called out ?
Sent from my SM-G955W ??
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
MiMtnBiker said:
Ahh, the time of the Internet where everyone knows who you are, what you're doing, what you're buying, what sites you browse, your fetishes, etc. Most importantly, here in the U.S., your IP now can sell your internet history to anyone they please, even that time you looked up 2 girls and a cup. Sorry, Charlie, your life is no longer a private one and never will be again.
Click to expand...
Click to collapse
And if you Travel into the USA... Did you know THIS?
https://www.google.ca/amp/www.cbc.ca/amp/1.4494371#ampshare=http://www.cbc.ca/1.4494371
Sent from my SM-G955W ??
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
@the_toast
Many of the answers - including "live in a box" - "stay off the internet" were in direct response to the careless & irresponsible comments by the OP - like = like?
Not only your phone has the potential to gain access to your personal information - But your Laptop camera - Your Smart TV (that is "listening") But this technology is something that most people appreciate and expect their tech to provide them with the functionality that they want - Being aware of the capabilities of your Tech is prudent - being paranoid & frightened by it is just sad.
The issues of Privacy are extensive and if someone decides to pull on that thread - it's going to be never ending.
Common sense & being informed is the most appropriate way to go ??
Sent from my SM-G955W ??
the_toast said:
@shaggyskunk True, the OP is alarmist and uninformed. I was just put off by many of the answers, which basically said "why do you use Internet then". With respect to your post about searching phones - we can easily make this a scare thread (and people would be scared for good reasons). Let me continue:
- apps that want to use your microphone without apparent reason (of course also the ones WITH a good reason to use the mic) can track you through high-pitched sounds you cannot hear, which are emitted e.g. by some retailers to track you through their store.
- You talk about 1 in 13.000 people arriving in the US getting their phone/laptop looked at and potentially copied? How about knowing for 1Bn people (1 in 7 on earth) who they talk with, when they talk with them, and in which location they are whenever their phone has internet. That's Whatsapp.
@MiMtnBiker Gnn that's exactly my problem, people just accept it and believe it's never going to change. I'm not happy they know what kind of porn I'm looking at, and even less happy that they could sell the information (although I don't live in the US). If it is that way, it CAN be fixed, you CAN prohibit selling this information. Or to collect it at all. It's definitely better to know the big 5 have all my information but won't have all future information about me than to know they can continue like this forever
Click to expand...
Click to collapse
I'm afraid the only way you are going to change it is to completely get off the grid. Many people are oblivious to the fact that they are willingly giving up their personal information when they have their noses buried in their smartphones pert near all day. What's worse is that the politicians only seem to cater to the wealthy, and since they are salivating at the idea of getting their grubby hands on your info, this will continue. Unless there is a huge uprising and people assemble in protest of this, it will not stop. Heck, I don't even think it will stop, then. Nope, money is the reason as to why this won't change and, unfortunately, you have no say in the matter. Unless, that is, you do get completely off the grid.