Stock ROM, Oreo, rooted with Magisk.
When I turn on encryption for the SD card, then attach a USB storage device, a notification says "a security policy restricts the use of USB storage". A google search suggests this is an issue specific to Sony phones, and that in previous Android versions, removing device admin permissions for a preinstalled Sony configuration app would fix it.
Is there a good reason for this? For example, would allowing USB storage give someone the ability in possession of my locked, encrypted phone to transfer data from the encrypted SD card? That seems unlikely.
I'm assuming there's not a known workaround, like an app that displays the current security policies the device is enforcing and provides a way to change them. I've done searches for something to that effect, but not exhaustive ones.
Finally, could an Xposed module fix it? There are a few that prevent certain other onerous security policies from being set, e.g. by Microsoft Exchange. I have no experience writing Xposed modules, but I've read one and it doesn't look terribly hard. The part I'm not sure about is finding out exactly what to hook and override.
Related
Is there any way to enable the encryption via registry settings?
Even if I check "Encrypt files when placed on a storage card", then I close and reopen it and it's still unchecked. Encryption isn't working with different roms and different storage cards. Weird, because it was working in the past with an older rom but after a reflash of an new ROM it's gone.
Could it be a hardware problem?
Maybe there is a registry setting to force encryption? If not, maybe there is any software, that is running permanently in background and encrypts new data on the SD "in real time"?
Thanks in advance for any help.
Found it
check the windows reference here:
http://msdn.microsoft.com/en-us/library/aa912271.aspx
on on htc touch hd go to start >setting>system
you then have the encryption tool that says when you activate it
"encrypted files can only be read on this device "
so may be a daft question but when i have this activated can i connect my phone via active sync or as disk drive and still see the files and open them and my memory card ?
what im trying to get at is if anyone found my phone they can read the files as they have the phone. what has been encrypted ?
thanks
I'd say no
I'd also say reflash with another rom and you can't read it ever again
even hardreset the phone and you can never read it again
it's made to make sure you're most secret stuff never gets out if you're phone
is stolen not to make sure your stuff will ever be something you can retrieve if something goes wrong
are you saying that you think the encryption is not working ?
No. That's not what he's saying. He's just advising that you not use it. The encryption key is stored on your phone's memory, so that if you ever hard-reset or flash another ROM, the encryption key will be lost and you won't be able to access the data on your memory card, ever again. You would have to do a full format of the card to even be able to use it again.
thanks for clearing that up .
could you recommend any software that i can install on the phone that requires
password to access the memory card while still in the phone and require password if memory card was taken out of phone and put into a pc memory card reader
thanks
I don't really know of anything that would be compatible across multiple systems/platforms like that
I just googled this and found the following software:
http://www.aikosolutions.com/encryption/secubox-encryption-vs-windows-mobile-encryption/
Just some thoguhts for using the native encryption...
I wonder if the encrytion key can be extracted from the phone...?
That way it could be added again on another ROM. Also, the key could then be used in a desktop application that implements the same algorithm (AES, I think). This would allow the card's contents to be accessed outside of the phone.
To save some people time in searching and asking the same question I had (and for 4.4.2 I think there will be plenty...):
I had severe issues using a brand new SD card in a brand new unrooted Galaxy S5. However, I now found through test that it was not the card.
I tried many things, formatting on my computer, formatting on another phone, etc etc. Nothing worked. I then tried to use the card on other devices, which worked fine! I then tried other cards, none of them seemed to work.
So I thought the S5 was defective. I did some searching online, and found that it actually is not defective. This is a feature of kitkat 4.4.2!
The card is perfectly usable, but under very restrict situations.
For example, reading is perfectly possible, but writing is controlled by kitkat. I found through some websites that Samsung decided to beef up security and at the same time make the use of external storage more clean.
Previously you could use any file browser to manage any file son any external storage, like an SD card. Although this gave great freedom, Samsung also seemed to believe that it is a source of security risk where rogue apps could read/write to folders they didn't create. They also seemed to believe this made management of files on external storage messy. To control this Samsung now allows properly installed apps to generate folders only in internal memory, and those same apps can only access folders they themselves created. The exception to this are factory standard default apps that come preinstalled on the device.
So my mistake was to use ASTRO file manager to move around a file. Once I read the issue online, I tried the same action with Samsung's pre-installed file manager, and to my surprise the file did transfer to the SD card!
To further clarify, I suspect this "feature" is limited to write activities. For example, backup to SD apps will fail to write apps to SD. Similarly, Airdroid cannot copy files from your desktop to the SD card, only to their own folder (and thus you need Samsungs file manager to move those files to the SD card).
What's interesting about this however, is that READ access seems to still be possible. ASTRO file manager can still read files from directories other apps made. Adobe reader can still read files on all kinds of folders.
The criminal spy app can still read and copy your banking files from your bank directory to its own directory for transfer to the criminal mind who will then plunder your account. So no, the security issue Samsung wanted to address has not been addressed.
What is my opinion about this? Well, I think Samsung made a nice attempt to improve security. However, they completely failed to address the biggest security risk, which isn't write access, but read access. And at the same time made it very painful and difficult to store large numbers of music, video and document files to the SD card. Because now you will either need to plug in your memory card into your computer, or move all those files via internal memory to the external SD card using Samsungs file manager, which of course takes much more time.
More info on the feature can be found here:
http://gs4.wonderhowto.com/how-to/b...ns-android-4-4-kitkat-your-galaxy-s4-0152036/
here:
http://support.solidexplorer.pl/responses/kit-kat-442-issue
And here:
http://developer.samsung.com/forum/...Lines=15&startId=zzzzz~&startPage=2&curPage=4
We could all ask Samsung to revert this "feature", but chances that they will, are remote since there are ways around this problem.
Of course, people who use many many apps/games will be out of luck, as they will be restricted to 16/32 GB.
Note to moderators: Can we make this a sticky for kitkat 4.4.2?
Root and you'll be able to R/W on the ext-SD card and try this app SDFix
Samsung has nothing to do with it... It's an Google's android policy.
So, the links I provided make that same statement. I.e. I'm aware of possible fixes. However, I bought my phone in Singapore so I could have a reliable unhacked, unrooted, unmodified phone. Others might also want original phones and not root their phone until their warranty runs out.
This was not my point though. My point was to provide some info that could be turned into a sticky so it is easier for people to find what could cause their memory card issues.
I still hope the original post will help others troubleshoot their memory card issues with their s5.
https://code.google.com/p/android/issues/detail?id=67570
Sure I can connect my android to a pc and have r/w access via usb 3.0 connection, or use only the built-in file manager by samsung and have r/w access to the external sd.
But that is not what I want, I want full es explorer access and full poweramp access which I do not have.
After some research I've learned that I need to edit the file "/system/etc/permissions/platform.xml" the relief myself from the read-only limitation (at best, sometimes not even that) that 99% of my apps have for the externalSD card,
And that the only way to do that is via root, which I do not want to do to my device because in the horrible scenario that I actually need to use my warranty, I have learned that the flag that the action of rooting my device turns on - no body knows yet how to turn off, so I really don't want to root my device just yet.
Is it possible somehow to remove this limitation that samsung/google have brought with their ignorant policies to my device? without rooting that is?
other then switching to a non-android4.x rom? or switching to a non-stock rom?
EDIT:
* I started to notice the whole issue when I wanted to move all my music from my old android to the new one's externalSD.
Right now all I want is for that to work again.
Is it possible to create a symbolic link in the Internal Storage so that when my poweramp app scans for music it will SEE the files on my externalSD since they are available from a path nested under the visible Internal Storage mount?
I know that in my old android, there was a mount point / sym link called 'external sd' that lead directly to the externalSD, but now there isn't and I'd love to get this back.
** Plus I heard that apps always have access (on ANY Storage) to the path '/Android/data/<package_name>' but after I moved the music files to:
'<EXTERNAL SD CARD>/Android/data/_com.maxmpz.audioplayer'
and also tried:
'<EXTERNAL SD CARD>/Android/data/com.maxmpz.audioplayer'
In both cases the music wasn't available to the app. so there is that feature of accessing the externalSD which I also can not use
This might be the stupidest question ever, but has anyone else had total difficulty getting Windows to read the external SD card in their device when directly connecting their Tab A device to their PC via USB?
My device is new...it worked once registering my storage partition in Windows and hasn't again. Things that have happened since then: I updated to latest firmware with March 2018 painful security updates. May be no correlation but I thought I'd mention it.
As I was waiting for OEM unlock, I hadn't activated my ext4 partition but it still wouldn't work in Windows via USB....the card works FINE in Windows directly - I've taken it out of Samsung and put it directly into to my PC and Surface Pro and it reads storage fine. My partition software detects the app partition as well.
Then, I rooted with SuperSU/TWRPed and modded.....app partition activated successfully with Apps2SD and linked some data to it fine with Link2SD. No problems..... can't remember if I was getting the "corrupted" message I am now getting from Samsung then... I think maybe? Regardless, internally, both partitions were/are working just fine. On Windows it works fine as a stand alone card. But when I plug it in via USB inside my Tablet, I only get "Tablet" storage. This is driving me nuts. What's the point of that?
Then I switched to Magisk and the fun really started. Now, it shows what I appears to be my ext4 app partition as "corrupted" in Settings > Storage. It isn't by the way - it still works with my apps fine and the whole card is working fine (and I've run diagnostics on the card too). I have to add though, whether this was doing it between mount scripts and switching to Magisk I'm not 100% sure, it might have been.....but it's definitely there now. It's almost like it just doesn't like ext4 and doesn't really doesn't like those Mount Scripts.
Today I also reformat/repartitioned the card and did another slow error scan. So from scratch... the card is FINE as far as I can tell. This time it wouldn't mount at all since switching to Magisk. I've got it to mount through TWRP... so we're back working again. My ext4 app partition is working again with Link2SD but I'm still getting that annoying "corrupted" message in Settings > Storage WHEN IT ISN'T.
Is there some hidden settings somewhere in the stock ROM of 7.1.1 to change on the T380? Usually my devices let me pick from MTP, USB mass storage etc.... this one doesn't. It just connects to either Windows or my Surface and internal storage only.
I don't know what I'm really talking about... but it's almost like the system doesn't like that app partition... once it activated and had the Mount Scripts on it.... it was worse saying it was "corrupted" (when it isn't). Then we get back to my original problem which is getting the damn Fat32 to show up in Windows in the first place without having to take the card out of my tablet and plug it directly into Windows.
Any ideas? Thanks.
P.S. I even uninstalled and reinstalled all Samsung drivers.....dunno what to do
P.P.S. Could be an unrelated thing, but since masking everything from Samsung, when I do go to Settings now at some point between opening Settings and getting to the Storage section, I get a popup "SysScope has stopped" (or something similar). I'm not sure what that is.... but it's obviously trying to sniff around what I'm doing but I've blocked it. I doubt that's related to Fat32 and Windows, but wondering if its related to its dislike of my ext4 partition?