Related
NM. I answered my own question. The log in screen was misleading. Have to stop multi tasking when I do these things. @ me.
KOF33 said:
NM. I answered my own question. The log in screen was misleading. Have to stop multi tasking when I do these things. @ me.
Click to expand...
Click to collapse
Just for fun, the answer is most definitely *NO*. Not if you have any personal information on your google account since this would allow that app to not only steal all your personal information, it would allow the app author to hijack your account, send your login credentials to china, etc.
lbcoder said:
Just for fun, the answer is most definitely *NO*. Not if you have any personal information on your google account since this would allow that app to not only steal all your personal information, it would allow the app author to hijack your account, send your login credentials to china, etc.
Click to expand...
Click to collapse
So can't use GDoc or Greed?
cigar3tte said:
So can't use GDoc or Greed?
Click to expand...
Click to collapse
I wouldnt...
Unless you know the code and compiled it yourself.
Or if you definitely don't have any sensitive info on your account.
There's no telling what they'll do with it.
Do you know the author? Have you met them? Do you even know what country they're in?
If you have a rooted device then id watch out for any apps you install, I've read about malware that uploads you browser.db and other data, and we all know that google didn't implement encryption into password storage.
I'm developing a shell app to do this over adb or on the phone console I have implemented
Browser database
Contact database
Ebuddy password
you could always use a password you just made up out of the blue. the app won't be able to recognize whether it's your actual gmail password or not.
tazz9690 said:
you could always use a password you just made up out of the blue. the app won't be able to recognize whether it's your actual gmail password or not.
Click to expand...
Click to collapse
Well the app that made me ask didnt "Require" it. But just recently after that A Gmail/Fbook sync app asks for both passwords.
Without it it wont work. I dont feel comfortable giving my PW to some random app.
Sudox-
Do you mean installing from non marketplace ?
Even rooted marketplace should be ok no ?
Ive never looked extensively at the safety precautions Google implemented.
KOF33 said:
Well the app that made me ask didnt "Require" it. But just recently after that A Gmail/Fbook sync app asks for both passwords.
Without it it wont work. I dont feel comfortable giving my PW to some random app.
Sudox-
Do you mean installing from non marketplace ?
Even rooted marketplace should be ok no ?
Ive never looked extensively at the safety precautions Google implemented.
Click to expand...
Click to collapse
The only thing that the market gives you is a partial assurance that the publisher's market account can be traced back to them based on the credit card number that was used to sign up. Google does NOT security verify the applications that are posted there. The security is built in to the OS -- and note that the app shows you what kind of data it can access at install time. It is therefore UP TO YOU to ensure that the application doesn't get any information that you would consider "sensitive".
And as for root access... this is a potential danger if you aren't careful about limiting root access from certain applications. The community-root scheme is fairly OK, but any program to which you grant ROOT PERMISSION will have access to *everything*. Be careful about what applications you give root to.
lbcoder said:
The only thing that the market gives you is a partial assurance that the publisher's market account can be traced back to them based on the credit card number that was used to sign up. Google does NOT security verify the applications that are posted there. The security is built in to the OS -- and note that the app shows you what kind of data it can access at install time. It is therefore UP TO YOU to ensure that the application doesn't get any information that you would consider "sensitive".
And as for root access... this is a potential danger if you aren't careful about limiting root access from certain applications. The community-root scheme is fairly OK, but any program to which you grant ROOT PERMISSION will have access to *everything*. Be careful about what applications you give root to.
Click to expand...
Click to collapse
This is something I have been wondering for a while now. Say you grant an app SU rights, however upon installation that app did not specify "Internet Access", meaning that the permissions for that program do not allow access to the internet (for sending of any information it could possibly gather). Can that app somehow access the internet, or modify it's own permissions in packages.xml?
daveid said:
This is something I have been wondering for a while now. Say you grant an app SU rights, however upon installation that app did not specify "Internet Access", meaning that the permissions for that program do not allow access to the internet (for sending of any information it could possibly gather). Can that app somehow access the internet, or modify it's own permissions in packages.xml?
Click to expand...
Click to collapse
Yes, any app with root access *can* change its own permissions, yes, any app with root access can access the internet, even withOUT internet permissions, and yes, an update to the app can come with additional permissions than an earlier version.
Note possible attack;
publish an app withOUT internet and/or read contacts permission,
app tries to send sensitive information to china -- permission denied, catch exception, no visible effect to the user. App granted ROOT access, alters /data/system/packages.xml to add internet and read contacts permissions and immediately the phone "randomly" reboots, upon reboot, that app has permissions required to send sensitive information to china.
And yes, the root app is NOT completely secure/trustworthy. There are several vulnerabilities that need to be considered...
1) A *pair* of apps can conspire to break out... i.e., one "trusted" app with root can modify a DIFFERENT app into the whitelist. This can include granting blanket root access.
2) The userid of an uninstalled application may remain in the whitelist, allowing it to be replaced by a *different* app that could later use that root access to do all kinds of nasty things.
In general, a better form for the community root database app would be along the following lines;
1) There should be NO WHITELIST.
2) The root permission state should remain in *memory* for a limited period of time (i.e. 1 minute).
3) The root app should request a PASSWORD (to prevent other people from tampering with it) -- store a password hash in the app's home directory,
4) The root app should be *forced* to be a *system* app in order to eliminate possibility of other user uninstalling and reinstalling it to bypass the password.
1 and 2 should be considered essential. 3 and 4 make it bulletproof, but still can't possibly do anything to stop an app given root from running amok.
In fact, note this;
Even WITH a secured root app, all any app needs is a MOMENT with root to do severe nastiness -- like give itself its very own su command that can't be stopped by the root-app...
Note: in order to *really* give decent security, the su command/app should work more like 'sudo' than like 'su'.
I.e., some app runs "sudo somecommand". This invokes the "sudo" app, which says... "XYZ is attempting to run this command as root: ---. Do you want to allow it?" You know, it is a much stronger position to be in if you can see *exactly* what some root-wanting app is trying to run. Also, nice to prevent some app from just going off as root any time it wants to.
According to Kaspersky Lab an Android app disguised as a “Movie Player” is in deed a SMS Trojan app designed to send text messages to premium rate numbers without the users knowledge nor consent, resulting in money passing from a user’s account to that of the cyber criminals. Lookout, makers of mobile security software, is already on the job of protecting users who have their Lookout Mobile Security application installed by releasing an over the air update to protect against the Trojan.
Currently there is no evidence the app was in Google’s Android Market however installed outside the Market. The user had to voluntarily accept application installs outside the Android Market by enabling and accepting the feature in the settings menu known as “Unknown sources”, which allows installation of non-Market applications. Furthermore the Trojan seems to only have affected Android smartphone users in Russia and only works on Russian networks.
According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there’s not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.
Via ReadWriteWeb
What to do if you think you’re affected? Here are some tips from Lookout:
How to tell if you’re affected
Review your phone bill for any premium SMS messages you did not send
If you have recently downloaded a media player, check the permissions to ensure it does not have the ability to send SMS messages. (Go to Settings, Applications, Manage Applications)
Be aware of the Android Apps you install
There has been a lot of news around mobile application security and data protection lately, one of the greatest takeaways in all this is the enlightenment of the consumer to be aware of the permissions requested when installing applications on Android phones. If an app requests a permission you are not comfortable with, either do not install it or contact the developer to inquire more.
Source: http://www.androidtapp.com/lookout-for-android-issues-security-update-for-android-sms-trojan/
I installed CM9 on my Defy+ because I had data abuse from Motorola Apps on original ROM. Now I've installed Onavo data counter and I found out that during 4 hours of using Internet connection Motorola apps used 4 MB. In this time I receive and send a few emails and send a few messages with Whatsapp but these apps have separated counter.
Does anyone know how block motorola apps?
Are you sure that is the motorola apps that are using your mobile data? remember that google also keep collecting data from your device, things like localization and syncing with google acc.
I know that but google maps, google services, Android OS, synchronization, google play, gmail they all have own meter
sidlo said:
I know that but google maps, google services, Android OS, synchronization, google play, gmail they all have own meter
Click to expand...
Click to collapse
Try to delete a VPN
same issue here (on my droid pro). what is motorola apps???
I use a firewall to block unwanted data usage in order to not waste any unnecessary mb. I started using Droidwall, and now am using Android Firewall, both of them are equally good, I'm just testing Android Firewall for the moment.
I block everything I do not want using data (including Kernel, due to having had Android OS use up to 143 mb once), and even games (blocks ads ), just don't block Google Play Services, or else background data won't function properly and apps like Whatsapp, for instance, won't receive messages until you open the app, or any other app that you want using a network connection.
Yep just run one of the mentioned firewall.
I also suggest to disable some of these useless apps, you can do it with Bloat Freezer for example.
Hi all
After updated to 4.2 I created new user for my wife.
"Installed" same games but they are 'new' for new user.
I want to copy data games files from my user to her user.
Anyone knows how to do it?
Need to be root?
Thanks
Sent from my Nexus 7 using xda app-developers app
Assuming they are free games, as paid ones will need to be purchased twice. You can use titanium backup to back them up on your account and then restore them into her account. You do need to be root for titanium though.
Sent from my Nexus 7 using Tapatalk 2
dr.m0x said:
Assuming they are free games, as paid ones will need to be purchased twice. You can use titanium backup to back them up on your account and then restore them into her account. You do need to be root for titanium though.
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
Sorry - misinformation.
Paid apps do not need to be purchased twice, or restored into her user ID. That would be a really bad idea anyway - you would have two copies of the app.
With root use file explorer to find your save file under /sdcard/o/...something. Copy that file to an identical file structure under /sdcard/1, or whatever number your second user uses.
Apps done the correct way for multi-user never download a second copy. The Play store just sets a link to them in the main user.
Assuming app is available to both:
adb backup/restore might work for unrooted. Me, I'd Titanium Backup if it was important.
On a slight tangent, is there a shared data area that I could put shared files and videos that each user account would be able to view? If so do I need root access? Thanks.
bertracoon said:
On a slight tangent, is there a shared data area that I could put shared files and videos that each user account would be able to view? If so do I need root access? Thanks.
Click to expand...
Click to collapse
Don't forget a shared data area would mean the contents, like high scores, are shared between the users.
Most of the time, different users will want their own customizable data.
Technically, you need to purchase the app twice for two different account under playstore, that's the whole purpose of multiuser right?
Sent from my Nexus 7 using xda premium
Leechoonhwee said:
Technically, you need to purchase the app twice for two different account under playstore, that's the whole purpose of multiuser right?
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Multi-user is not a developer enrichment scheme.
Your tablet has one owner, and apps are sold to that owner on an account basis - not by user or device ID.
The owner is able to make them available to any other users of that tablet without repurchase.
I suppose you would want an eye sensor, to make sure the person using the app is the one that paid for it?
No need to pay twice.just install twice.
Seems I need root.
I used some file explorer, find this:
/storage/emulated
/storage/sdcard0
/sdcard
All seems point to the same folders.
No sdcard1.
More than this, can't find data game. I have to explain that I have free games (from play store) and paid games (humble pack). If I search imaginarium game with Astro, no resulta found -.-'
Pd: No root at this moment, original 4.2 room
Sent from my Nexus 7 using xda app-developers app
Sorry - misinformation.
Paid apps do not need to be purchased twice, or restored into her user ID. That would be a really bad idea anyway - you would have two copies of the app.
Click to expand...
Click to collapse
Can you clarify this, apps are linked to the gmail account they were purchased with no? I haven't tried multiuser yet but I thought I read from others you have to add the primary gmail account to any secondary account to access the bought apps. Is this not correct? And if it is correct, can one add it only to google play and not have a secondary account access the associated email?
sark666 said:
Can you clarify this, apps are linked to the gmail account they were purchased with no? I haven't tried multiuser yet but I thought I read from others you have to add the primary gmail account to any secondary account to access the bought apps. Is this not correct? And if it is correct, can one add it only to google play and not have a secondary account access the associated email?
Click to expand...
Click to collapse
Set up a secondary user. Secondary user needs a Google account. Create a new one if appropriate.
Open Google Play on the secondary user. Click Options, then Add Account. Add your primary account (the one that owns your apps).
You will be given a choice of items to synch - uncheck them all. All you want is app access.
Display your apps (they are now visible to you). Install the ones you want the secondary user to have. They will NOT download - this user just gets a link.
When done, you can delete the main account from this user - or just leave it
I am going to start cutting and pasting this description - I keep having to retype it...
rmm200 said:
Don't forget a shared data area would mean the contents, like high scores, are shared between the users.
Most of the time, different users will want their own customizable data.
Click to expand...
Click to collapse
I appreciate that, I was just wondering whether there was a shared folder everyone could access as well as completely private areas for each user. Sounds as though there is absolutely no difference between multi user and having two completely separate tablets.
Well... Biggest difference is that only one copy of the app is shared by all the users.
Sent from my Nexus 7 using xda app-developers app
When done, you can delete the main account from this user - or just leave it
Click to expand...
Click to collapse
Thanks, but one more thing. If I leave it in google play do they have access to the associated gmail? I would prefer to just leave it for future apps and add a password for google wallet so they can't purchase things. Hmm, I guess though they can uninstall things that I wouldn't want uninstalled. I"m thinking of a kid mucking about where he shouldn't.
sark666 said:
Thanks, but one more thing. If I leave it in google play do they have access to the associated gmail? I would prefer to just leave it for future apps and add a password for google wallet so they can't purchase things. Hmm, I guess though they can uninstall things that I wouldn't want uninstalled. I"m thinking of a kid mucking about where he shouldn't.
Click to expand...
Click to collapse
You could try an 'app lock' app. i've tried 'app lock' on the play store which allows you to pin protect stuff like settings and install/uninstall and other apps - although couldn't lock gmail or certain system apps. But it should work for the play store. Maybe there are similar apps that allow you protect gmail.
rmm200 said:
They will NOT download - this user just gets a link.
Click to expand...
Click to collapse
Is it possible to move apps and its data from one user to another? To to so can I just uninstall app from first user? After that will this app and its data still be available for new user?
rmm200 said:
Set up a secondary user. Secondary user needs a Google account. Create a new one if appropriate.
Open Google Play on the secondary user. Click Options, then Add Account. Add your primary account (the one that owns your apps).
You will be given a choice of items to synch - uncheck them all. All you want is app access.
Display your apps (they are now visible to you). Install the ones you want the secondary user to have. They will NOT download - this user just gets a link.
When done, you can delete the main account from this user - or just leave it
I am going to start cutting and pasting this description - I keep having to retype it...
Click to expand...
Click to collapse
I tried to follow these instructions but a) I didn't get the sync message b) Play store doesn't display my bought apps in one place so it's not easy to find them and c) I have the feeling that it really double installs (I was hoping for a link).
I installed the QD2 U firmware yesterday and was able to login to my apps (Chase Bank, PayPal) using the fingerprint scanner, but the option is gone today after rooting. I'm still able to unlock the phone with the fingerprint scanner and certain other apps though. I'm sure rooting broke it, but is there a fix for this while keeping root?
EDIT: FIXED
PayPal just required me to login once and from there it let me re-enable.
Chase Bank keeps crashing when trying to launch---
Open app permissions and turn off storage access.
Re-launch app and it asks for permissions, grant them.
Login again and re-enable fingerprints.