Database Users

Disable totally KNOX

I have disabled all possible knox related services with Package Diabler Pro, with the exception of SMART MANAGER that is necessary gto have battery icon on taskbar, still it seems knox is running in the backgroud: any way to completely disble it? I have no root

Good question. I don´t think that you actually can do that, on newer phones. I had all knox related services I would guess disabled, but KLMS agent is still being reported by eStar as a batt sucker.

Extacly

You must be rooted to do this, without it is impossible.

Downgraded to Kitkat and rooted ...... housecleaning time.

So ...... I bought a copy of Titanium Backup to backup/freeze/erase the unneeded stuff. Installed Sdfix and backed up everything to SDcard. Is there a list or easy method for determining what I can freeze/wipe?
Think I'm gonna leave it at Kitkat for now. It appears to work and does what I need it to do. How long do you think I can get away without upgrading for new mainstream features, etc?
Edit to add: Reading on XDA, I found info on some really interesting privacy apps called "Xprivacy" and AFWall+. Xprivacy allows you to restrict individual permissions on apps and AFWall+ is a really simple firewall. It's worth your time for a look if you value your privacy and security.
github.com/M66B/XPrivacy (prefix is https)

Life without root

In preparation for the impending upgrade to Android 6 Marshmallow, I'm trying an experiment on my Android 5 based Zenfone 2. I'm going to see how annoying it is to give up root. The first thing I did on my first android phone was root it, so I've only every used rooted Android devices.
Prologue:
Root on Android 6 (usually) requires an unlocked bootloader, because root is achieved by modifying the boot image to inject su into the system. That way the system image is left unmodified and can continue to pass dm-verity checks.
At the moment, there does not appear to be anyway on the Zenfone 2 to unlock the Marshmallow beta bootloader, and it also appears to relock any unlocked bootloader. In fact, the droidboot binary in the droidboot.img of the Marshmallow beta contains the strings rm -rf /factory/asuskey and rm -rf /factory/asussignature. droidboot also contains the strings unlock successfully...reboot after 5 seconds and **** Unlock bootloader? **** as well as other strings referring to unlock (droidboot from the .184 Lollipop also has those strings). So, my hope is that there is a simple way to unlock the bootloader, which will be revealed by Asus, or discovered by somebody.
My thought is that worst case those of us who want root will use an unlockable Lollipop bootloader with a Cyanogenmod 13.1 based ROM created with updates from the Asus Marshmallow source code.
Experiment:
I've removed Xposed and SuperSU from my phone. Making it stock Android 5. I'm documenting here the functionality that I lose. The first goal is for my own amusement to keep a log of what I'm giving up.
The second goal, and probably the major one, is to solicit suggestions on what can be done to replace the functionality I'm losing.
What I'm giving up:
AdAway - No system wide ad blocking. Firefox with uBlock Origin should cover blocking ads on the web. I usually buy apps I use frequently, but I'll have to see which ones are annoying with ads. I'm aware of the VPN based ad blocking methods, but I'll have to wait and see if it comes to that.
AFWall+ - Using root to improve security... I mostly use this to prevent some apps from using mobile data, and to prevent some apps from gaining network access at all.
BetterBatteryStatus - It works in non-root mode, but not as well.
BusyBox - Without root, there isn't much need for this anyway.
Cryptfs Password - Once again, security is harmed by removing root. This allowed my encryption pin to be different (and much longer) than my screen lock pin. I don't want to type 10 digits to unlock my screen, but it's fine for booting.
Greenify - This definitely kept some aps in check, but perhaps Asus' Auto-Start Manager will be able to replace it.
GSam Battery Monitor - Like BetterBatteryStatus, this had a root component to provide more information.
Kernel Adiutor - For some reason my phone seemed to only go to 1.8ghz instead of 2.3ghz, so I used this to fix it.
Linux Deploy - I never used the Linux chroot image for much, but it was a cute toy.
Secure Settings - This let tasker automate adjusting some things which require root to change.
Titanium Backup - This is a massive loss in functionality. Simply having backups is tremendously important. The ability to freeze unwanted system apps is also nice. I can reload many of my apps from Google, but not all of them bother to save their settings in the Google backup. Ohh, the bloat!
Trimmer (fstrim) - Probably not really necessary, anyway.
Xposed
Amplify - It saved me lots of wakeups, but I don't know if it really did much to increase battery life.
Fix Lollipop Memory Leak - I don't know if this did anything, either.
GravityBox [LP] - I didn't tweak too much, but what I did change was really useful.
NetStrength - I like replacing my wifi bars with useful information.
ProtectMyPrivacy - The permission settings in Marshmallow would make this obsolete anyway.
YouTube AdAway - Nice, but not required.
What I'm gaining:
Android Pay - I guess I can play with this now.

AFWall+ - Using root to improve security... I mostly use this to prevent some apps from using mobile data, and to prevent some apps from gaining network access at all.
Click to expand...
Click to collapse
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
For the rest, no root is to accept to take along twice monitoring tools of an advertising billboard.
Keep in mind that Google is an advertising agency that is desperate to earn money, including harassment to get the maximum information.
Its purpose, despite what he claims, is not to improve people's lives, but his bank account.
Android is a disguised tools for Google, not for the people who is a commodity to be exploited.

I'm gonna miss Adaway and Afwall+ the most. Afwall+ is much better than the Asus built in firewall. You can disable net access by default for newly installed app. You are notified to set firewall rules when you install an app. You can filter apps to be set. If only Asus could provide a such a bunch of feature for their firewall, I won't miss root so much.
Sent from my Asus Zenfone 2 using XDA Labs

IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
Click to expand...
Click to collapse
Thanks for the info about the functionality in Asus Mobile Manager, I didn't know that.

As far as Adaway goes, try this https://block-this.com
Sent from my ASUS_Z00A using Tapatalk

IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
For the rest, no root is to accept to take along twice monitoring tools of an advertising billboard.
Keep in mind that Google is an advertising agency that is desperate to earn money, including harassment to get the maximum information.
Its purpose, despite what he claims, is not to improve people's lives, but his bank account.
Android is a disguised tools for Google, not for the people who is a commodity to be exploited.
Click to expand...
Click to collapse
Agree with most of that... unfortunately the ASUS mobile manager "firewall" doesn't work any more on the current marshmallow beta.
It's still there, but it seems not to work for blocking apps.
The new app permission system in MM may be used to prevent apps from connecting around, in theory at least, but I'm not sure how effective that is.

This phone without root absolutely sucks. There's a thread on the ASUS forum, guy has links to pre rooted system images but I haven't tried it.
http://www.asus.com/zentalk/thread-39487-1-1.html
Sent from my ASUS_Z00AD using XDA-Developers mobile app

The thread mentioned was opened in September '15... Didn't try downloading the files but can't imagine that there's a pre-rooted file out there already. Somebody would have known and told us, I guess
If anyone tried and it works, may you leave a line!
sent from my Binford Z00AD using tapatalk

nfc expert said:
if you want stop ad without root, you can try this : https://block-this.com/
Click to expand...
Click to collapse
kenbo111 said:
As far as Adaway goes, try this https://block-this.com
Click to expand...
Click to collapse
There are several other VPN based ad blockers as well. AdClear, AdGuard, and I think some more.
I played with some of them when they first started coming out, but always returned to the host file based blocker, because it was easy and worked fine with root. I think the phone has plenty of RAM and CPU to run these VPN ones, but I haven't been annoyed to try them again. So far uBlock Origin in Firefox has been fine. In the almost two days since unrooting I've used one app which shows me ads.

IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
Click to expand...
Click to collapse
Thanks for the tip, I didn't know about it. This was easy enough to setup, even if it doesn't have as many features as AFWall+. I haven't tested to make sure it works.

My idea to get root on Asus' Marshmallow release is to install just the system, but keep the unlocked bootloader and ifwi from Lollipop. It should be easy enough to modify the updater script to only flash the system and boot image, while leaving the bootloader and ifwi alone. I don't know if that will work, or if the system will crash when it finds an old ifwi, or if the bootloader will fail to load the new system. With an unlocked bootloader, root is trivial.
As long as the bootloader is in place, it should be easy to recover from a broken system.
Don't take my word for it though, these are just ideas, and I'm not ready to try them yet. My warranty is over at the end of the month, so I'll unlock my bootloader then.

Knox Discontinuing and replaced with Secure Folder soon, Root still a risk?

Hey all,
I upgraded my ZTE Axon 7 rooted and whatnot to a Samsung Galaxy S8+ about 4 months ago but have really missed being rooted at times. I have gotten a few warning emails from Samsung stating that Knox will be discontinued and replaced with Secure Folder soon, and I was wondering, if Knox ceases to exist, will there still be a reason not to root?
I use Secure Folder quite a lot, but my country doesn't support Samsung Pay yet so the main reason I'm asking is, when Secure Folder replaces Knox - will it still have some issues with rooting? Outside of Samsung Pay and Warranty void etc. I don't wanna lose access to Secure Folder but some of the things I wanna be able to do with my phone require root access :/
Thanks for any input and happy new year to you all!
- TriixstaR

What should start requiring root access that doesn't now? You don't come clear here. Maybe at some point someone manages to make secure folder working while rooted, But there are alternatives if thats what you are asking.

Augustin.2 said:
What should start requiring root access that doesn't now? You don't come clear here. Maybe at some point someone manages to make secure folder working while rooted, But there are alternatives if thats what you are asking.
Click to expand...
Click to collapse
Sorry, perhaps I should have been more clear: I haven't rooted yet because of the fact that rooting trips Knox but I'm more thinking if Knox is no more, would there then be this same sort of system just with Secure Folder instead?
Things like Pokemon Go spoofing and modifying APK files are things I've dabbled with in the past and have missed doing so with my S8+ hence the question if it will be "safe" to root as far as Knox/Secure Folder goes when we get to a point where Knox is no more.
Just out of interest, what kinds of apps work the same as Secure Folder? I have never really needed to find alternatives as I've always just used Secure Folder, but would be interesting to know any experience you have with other similar apps?

Knox will continue to exist. Only the MyKnox app is being replaced with secure folder.
Sent from my SM-T820 using Tapatalk

CASz said:
Knox will continue to exist. Only the MyKnox app is being replaced with secure folder.
Sent from my SM-T820 using Tapatalk
Click to expand...
Click to collapse
Damn, okay well thanks for clearing that up!

TriixstaR said:
Damn, okay well thanks for clearing that up!
Click to expand...
Click to collapse
No problem. Knox is their security system that allows them to compete in thee corporate world. If you don't care about thaat, go ahead and root. If you have a physical warranty problem it won't be apparent and if you have a software prooblemm, you should be able to resolve it using Odin and community support.
Sent from my SM-T820 using Tapatalk

TriixstaR said:
Sorry, perhaps I should have been more clear: I haven't rooted yet because of the fact that rooting trips Knox but I'm more thinking if Knox is no more, would there then be this same sort of system just with Secure Folder instead?
Things like Pokemon Go spoofing and modifying APK files are things I've dabbled with in the past and have missed doing so with my S8+ hence the question if it will be "safe" to root as far as Knox/Secure Folder goes when we get to a point where Knox is no more.
Just out of interest, what kinds of apps work the same as Secure Folder? I have never really needed to find alternatives as I've always just used Secure Folder, but would be interesting to know any experience you have with other similar apps?
Click to expand...
Click to collapse
Well, Parallels space is the one I feel works the best.

Is it possible to use secure folder after root ?

Hi,
I just root my s8, but find out I'm not able to use secure folder anymore.
Is there any way that I can use it.
Or do I have to remove the root to use secure folder again.
Many thanks

Little-white said:
Hi,
I just root my s8, but find out I'm not able to use secure folder anymore.
Is there any way that I can use it.
Or do I have to remove the root to use secure folder again.
Many thanks
Click to expand...
Click to collapse
Generally NO once your phone has been modified you will trip your Knox. Once Knox is tripped you can not use things like secure folder,Shealth, Samsung pay. There is no fix for a tripped knox

spawnlives said:
Generally NO once your phone has been modified you will trip your Knox. Once Knox is tripped you can not use things like secure folder,Shealth, Samsung pay. There is no fix for a tripped knox
Click to expand...
Click to collapse
Bastards man, why can't they be like they used to with the S5 and below...
Now they just want people to use dumb phones and scare them away from exploring their own devices potential.

Hi,
If you had something, like the pin or password list, in the secure folder, you did the backup before rooting and now restore it, what happens with that list? Is it restored or not? If yes, where?
Thanks!
Sent from my SM-G955F using Tapatalk

CoreyOS said:
Bastards man, why can't they be like they used to with the S5 and below...
Now they just want people to use dumb phones and scare them away from exploring their own devices potential.
Click to expand...
Click to collapse
First, thinking about it, Knox is a bonus. Without Knox you still have access to every function that other Android also have. You can use Google Fit to replace Shealth, Google Pay to Samsung Pay, and Island (by Oasis Feng) or Parallel Space to Secure Folder. Obviously all of these alternatives don't perfectly replace Knox, but there is a reason to root devices lose access to Knox, it's for security. Knox is a subsystem isolated from the rest of the system to store highly confidential information. it's not about you bank data or your nudes, it's to prevent that industrial secrets you could have in your Secure Folder will not be stolen by a malware disguised as a game. There is also a hardware implementation called ARM TrustZone that stores encrypt keys and biometrical data and do security related computing. Remember now that a Root device can be deeply compromised. Normally all we do are tweaks to turn UI better, but you can also change firmware, modify system as you like, etc. To guarantee that your device are safe to store whatever your cautious boss want, Knox could verify every single file of your OS, firmware and beyond, or only verify if a bit have changed from 0x0 to 0x1. That's why they can't be like S5 and below
I'm not here exactly to defend Samsung, only trying to explain why it's works that way (and I'm not an Samsung Employee nor what to spend 3 hours explaining how it's hardware implemented, so what I'm saying is based on my own research)