Develop Bugs

secure certain parts of smartphone?

Hi There!
I'm new on this page. Joined here because i have special question and my search on the web didn't lead to any solution.
I got the Samsung i900v omnia with windows mobile 6.1 and would like to improve the privacy concearning sms / email inbox fotos or the list of my recent calls.
The phone has a general password which switches on after a while. But that locks the whole thing. For example I might want my girlfriend to be able to use my omnia for a call or to check something on the web, but she shouldn't have access to all of my data.
I've tested skb mobile safety suite 2.02. but its all to complicated, it seems they want to put a whole new operating system over my phone.
i would be satisfied if the normal password check would occur if certain funktions are activated - which i could select upfront.
If anyone has a solution, i would be very happy. Right now my omnia hasn't been much fun to me yet.
Thx & Cheers
Roman

Will this fix affect Builds and ROMs?

Google is releasing a security fix for all phones, is this going to affect the ROMs? Will this be something Devs will have to build a ROM patch for?
Here is the article with the details:
Google Fixes Android Glitch That Affected '99 Percent' of Devices
Google said Wednesday that it has fixed a security glitch that reportedly opened up 99 percent of Android-based devices to a security breach.
"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," a Google spokesperson told PCMag. "This fix requires no action from users and will roll out globally over the next few days."
Google would not say what percentage of devices were actually affected.
At issue is a Tuesday report that said 99 percent of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network. The report, which came from researchers at Germany's University of Ulm, claimed that phones or tablets running on Android 2.3.3 or earlier were vulnerable because of an improperly implemented ClientLogin authentication protocol. ClientLogin is used to verify users' identity on Android apps, and it saves the authentication data (authToken) for up to two weeks. The authToken is obtained from ClientLogin by providing a username and password on an https connection.
But the researchers said that when a user would login to a site like Facebook or Twitter that stored data could be open to attackers who could use the info to falsely gain access to their private information like Google Contacts and Calendars.
The researchers—Bastian Könings, Jens Nickels, and Florian Schaub—decided to simulate an attack to see if there findings were correct.
"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," they said. "The answer is: Yes, it is possible and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."
There was also an issue with the way data was handled when devices were synced with Picasa, but Google said this has also been fixed. Called a "silent fix," a Google spokesperson said all users will get the update automatically.
Click to expand...
Click to collapse

My understanding is this is a Google server side fix, and isn't something that needs to be "pushed" out to mobile devices.

Sounds more like it'll be an update to 1-2 apps to patch the security hole.

[APP] Avast! on Android!!

Full-featured Antivirus and Anti-Theft security for your Android phone.
Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable. A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, the Anti-Theft portion of avast! Mobile Security has been recommended by leading industry experts that include T-Mobile, N-TV, AndroidPIT, and Android Police.
avast! Mobile Security
Antivirus
Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.
Privacy Report
Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.
SMS/Call Filtering
Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.
App Manager
Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.
Web Shield
Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.
Firewall
Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)
avast! Anti-Theft
App Disguiser
After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.
Stealth Mode
Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.
Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.
Battery Save
Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.
SIM-Card-Change Notification
If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.
Trusted SIM Cards List
Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.
Remote Features
SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone:
Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.
https://market.android.com/details?...NvbS5hdmFzdC5hbmRyb2lkLm1vYmlsZXNlY3VyaXR5Il0.

Someone told me that its not necessary to have antivirus in android since its Linux based. So mine don't have.
But really don't know if its true..

I named my Anti-Theft app CarrierIQ and made it in Stealth Mode LOL
Sent from my GT-S5830 using XDA App

droidtwoseven said:
Someone told me that its not necessary to have antivirus in android since its Linux based. So mine don't have.
But really don't know if its true..
Click to expand...
Click to collapse
Hmmm nice thought!!!
But "Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution" Ur memory card never gets attacked by virus ha??
Its for ur safety!! Some apps have been reported that they send data from ur cell.. Obvi linux cant have a virus code!!

droidtwoseven said:
Someone told me that its not necessary to have antivirus in android since its Linux based. So mine don't have.
But really don't know if its true..
Click to expand...
Click to collapse
Hmmm nice thought!!!
But "Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution" Ur memory card never gets attacked by virus ha??
Its for ur safety!! Some apps have been reported that they send data from ur cell.. Obvi linux cant have a virus code!!

I installed it & scanned. Found a virus 'android kisser'(it was sumthing like that) in 1 of my apps.
Sent from Galaxy Ace GT-S5830 using Jusada's awsum ICSunday2 + Slaidmod script.
Dont jus say thanks, use d 'THANKS' button. [XDA RULE]

droidtwoseven said:
Someone told me that its not necessary to have antivirus in android since its Linux based. So mine don't have.
But really don't know if its true..
Click to expand...
Click to collapse
There are 2 things as to why Linux doesn't have as many viruses as Windows (arguable):
1. It's open source (which means it'll make a patch for security holes faster than I can take a shower)
2. A small number of users (malware devs will feel unnecessary to target a system with a small number of users)
Now, Android is open source, and it has that same layer of protection as Linux. But Android is huge. It became bigger than Linux in two years than Linux ever did in twenty years. It's a BIG target for malware.
I'm not saying it's 100% absolutely necessary for you to install an antivirus app, but it's better to be safe than sorry.

Best app for stolen phone?

I've heard of Prey Anti-Theft , and seek droid. Anyone got a good one?

I use cerebrus, it sends a pic to my email every 3 wrong lock pattern entries and can be hidden from the app drawer, remote wipe of device and a whole bunch of other amazing features are included too. Not sure about any others as i'd just bought this and never saw a need to switch to any others.
Edit: Unless of course you mean something that can be installed after the phone is lost/stolen then I'm not sure.

If you're looking for an app that you download after it's already stolen, give this a try. Otherwise, I'm currently using Cerberus though I have yet to lose my phone or get it stolen (hopefully never).

Another shout-out to Cerberus.
It's fantastic.
https://www.cerberusapp.com/download.php
I use the ICS disguised .zip.
It still works just fine on Jelly Bean...and it disguises it as "System Framework."
This way it's a System Application.
And it doesn't show up as "Cerberus" in the Settings>Applications screen.

Jubakuba said:
Another shout-out to Cerberus.
It's fantastic.
https://www.cerberusapp.com/download.php
I use the ICS disguised .zip.
It still works just fine on Jelly Bean...and it disguises it as "System Framework."
This way it's a System Application.
And it doesn't show up as "Cerberus" in the Settings>Applications screen.
Click to expand...
Click to collapse
If the theif flashes a rom on your phone it removes cerberus completely, unfortunately it will only stop people who don't know much about android.

slayr76 said:
If the theif flashes a rom on your phone it removes cerberus completely, unfortunately it will only stop people who don't know much about android.
Click to expand...
Click to collapse
True.
But I've never met anyone who does, personally.
For ultimate security:
Pin Lock on your Screen. ---Obvious
No Custom Recovery. ---ADB access available in Custom Recovery
Disable USB Debugging. ---Not sure if it allows Access with your Screen Locked...but I'd do it just to be safe.
Keep Bootloader Locked. --- http://forum.xda-developers.com/showthread.php?p=27878074 can unlock/lock a rooted phone when YOU need it. Otherwise, they could just flash a new recovery and ADB pull. This way...if they're savvy enough to unlock...at least your data is gone from prying eyes.

I use an app called android lost. It works pretty well.
Swyped with my Galaxy Nexus using Tapatalk 2

comodo anti theft works really good.. has all the features required.

I've been using Avast Mobile Security. It does all the antivirus, privacy, firewall stuff, but can also install Anti-theft piece into the System partition under any name you specify, and you can password protect it; that way it's not that obvious to the thief that it's an anti-theft app and he can't uninstall it through the applications menu. When a new SIM is inserted it detects that and sends sms from that phone number to the phone numbers you specified, then you can do a remote wipe.
Hearing about Cerberus though I am definitely gonna have to check it out.
---------- Post added at 12:43 PM ---------- Previous post was at 12:40 PM ----------
netbuzz said:
I've been using Avast Mobile Security. It does all the antivirus, privacy, firewall stuff, but can also install Anti-theft piece into the System partition under any name you specify, and you can password protect it; that way it's not that obvious to the thief that it's an anti-theft app and he can't uninstall it through the applications menu. When a new SIM is inserted it detects that and sends sms from that phone number to the phone numbers you specified, then you can do a remote wipe.
Hearing about Cerberus though I am definitely gonna have to check it out.
Click to expand...
Click to collapse
I am gonna stick with avast. Seems it does same thing as Cerberus and is free, no trials or subscriptions.

netbuzz said:
I've been using Avast Mobile Security. It does all the antivirus, privacy, firewall stuff, but can also install Anti-theft piece into the System partition under any name you specify, and you can password protect it; that way it's not that obvious to the thief that it's an anti-theft app and he can't uninstall it through the applications menu. When a new SIM is inserted it detects that and sends sms from that phone number to the phone numbers you specified, then you can do a remote wipe.
Hearing about Cerberus though I am definitely gonna have to check it out.
---------- Post added at 12:43 PM ---------- Previous post was at 12:40 PM ----------
I am gonna stick with avast. Seems it does same thing as Cerberus and is free, no trials or subscriptions.
Click to expand...
Click to collapse
I like Cerberus because you can be a total creeper if someone takes your phone.
GPS track it.
Then once you know where they're located...Set of alarms.
The phone makes a siren sound and the torch turns on and off...and a message of your choice is displayed on the screen.
Once they touch the phone it takes their picture and emails it to you =]
And it does the sim-checker as well.
And you can do audio recordings...
Screenshots...
SMS Logs...Call Logs...
And it's a one time payment of...what...$5? It's been quite some time since I bought it.

Cerberus does look nice. No update for jellybean though unfortunately.

exzacklyright said:
Cerberus does look nice. No update for jellybean though unfortunately.
Click to expand...
Click to collapse
Works perfectly on JellyBean, as stated :good:.

slayr76 said:
If the theif flashes a rom on your phone it removes cerberus completely, unfortunately it will only stop people who don't know much about android.
Click to expand...
Click to collapse
agreed.payed for the full version,and totally satisfied.great app from italian dev !!

So how would you go about blocking fastboot.. or the reboot into recovery. No way to? i mean if they're stealing phones they're probably somewhat tech savvy...
Ceberus
It has three ways to protect your device:
- Remote control through the website www.cerberusapp.com
- Remote control via text messages
- SIM Checker (for devices that have a SIM card): you will automatically receive alerts if someone uses your phone with an unauthorized SIM card
Remote control allows you to perform many operations on your device, like:
- Locate and track it
- Start a loud alarm, even if the device is set to silent mode
- Wipe the internal memory and the SD card
- Hide Cerberus from the app drawer
- Lock the device with a code
- Record audio from the microphone
- Get a list of last calls sent and received
- Get information about network and operator the device is connected to
- And much more!
Click to expand...
Click to collapse
Android Lost
Features:
* read sent and received SMS messages
* wipe phone
* lock phone
* erase SD card
* locate by GPS or network
* start alarm with flashing screen
* send SMS from web page
* message popup
* forward calls
* remote install
* phone status: battery, imei, etc.
* remote SMS alarm
* remote SMS lock and unlock
* remote SMS erase SD card
* remote SMS wipe phone
* remote SMS APN control
* start/stop GPS
* start/stop WIFI
* hide from launcher
* email when SIM card is changed
* get call list
* take picture with front camera
* take picture with rear camera
* make your phone speak with text-to-speech
* SMS message command
* SMS speak command
* lock timeout
* restore settings on boot
* record sound from microphone
* start and stop data connection from SMS
* start and stop WIFI connection from SMS
* content browser prototype
Click to expand...
Click to collapse
Anti-Theft Free
Features:
· Find your phone - Get CAT to send you the Google map location of your device.
· Lock your phone - Just send a simple remote command and your phone is password protected at its home screen.
· Wipe your phone - Erase all contacts, stored messages, browser bookmarks, conversations, music, video and other media files stored in both phone memory and the SD card. Prevent your confidential data from falling into evil hands.
· Photo the thief - Requests the person with your phone to answer a text message then takes a photo of them while they are looking at the screen. The picture is then immediately emailed to you.
· SIM card change alert - Sends an automatic SMS to your buddies phone if someone changes its SIM card. You can trace your mobile using the new number and send remote commands to locate or lock your phone.
· Sound an Alarm - Make your device sound a full-volume siren and warning message, even if it is in silent mode
Click to expand...
Click to collapse
SeekDroid
- Control Multiple devices under one account (*)
- Locate your device
- Remotely Enable GPS
- Display its location on a map with history! (*)
- Track the device using breadcrumbs (*)
- Get notified if the device has left a fenced-
in area (*)
- Audible alarm (even on silent)
w/ custom message
- Text Messaging support
- Setup SeekDroid Remotely via SMS
- Lock device w/ custom code
- Retrieve recent calls
- Remotely wipe entire phone
- Remotely wipe SD Card
- Hide from app drawer
- Disable App from being
uninstalled
- Virtually no battery drain
- Works without a SIM Card
- Retrieve SIM ID, IMEI,
active phone number, and battery remaining
Click to expand...
Click to collapse
Prey Anti-Theft
GPS + Wifi geo-location.
- SIM change detection.
- SMS or Push (On Demand) activation (2.2+).
- Lock phone/tablet for privacy (2.2+).
- Uninstall protection (2.2+).
- Loud alarm sound.
- Alert messages to user.
Click to expand...
Click to collapse

exzacklyright said:
So how would you go about blocking fastboot.. or the reboot into recovery. No way to? i mean if they're stealing phones they're probably somewhat tech savvy...
Ceberus
Android Lost
Anti-Theft Free
SeekDroid
Prey Anti-Theft
Click to expand...
Click to collapse
Re-read this thread.

Jubakuba said:
Re-read this thread.
Click to expand...
Click to collapse
I read it... i just scanned it too fast. lol.
https://play.google.com/store/apps/details?id=net.segv11.bootunlocker
would this wipe my phone though?

Nope. Unlocks and Locks without any ill effects.
The kicker is you need to be rooted.
[Meaning you can't use this if your phone isn't rooted...and thus, no, this isn't an alternative to Manually unlocking and rooting your phone]

Jubakuba said:
Nope. Unlocks and Locks without any ill effects.
The kicker is you need to be rooted.
[Meaning you can't use this if your phone isn't rooted...and thus, no, this isn't an alternative to Manually unlocking and rooting your phone]
Click to expand...
Click to collapse
so basically I lock my phone and what exactly does this disable? The rebooting into fastboot?

exzacklyright said:
so basically I lock my phone and what exactly does this disable? The rebooting into fastboot?
Click to expand...
Click to collapse
You can't prevent them flashing the stock images or getting into fastboot.
This will prevent them flashing a custom recovery...without wiping data.
A custom recovery could be used to get into your phone without a reset.

slayr76 said:
If the theif flashes a rom on your phone it removes cerberus completely, unfortunately it will only stop people who don't know much about android.
Click to expand...
Click to collapse
That's why you root and put Cerberus as a system app, it would even survive a factory reset. Cerberus is the best theft app by far.

[APP][FREE][ANDROID] I'm OK, I'm here (geolocation app)

Short description
Link to the google store: https://play.google.com/store/apps/details?id=com.tim4dev.imokhere
Watching the location of the device.
The application allows you to track the location of Android devices (and their owners).
It can be: your's children, elderly relatives, friends, yourself.
The application must be installed on the device "observed" and "observers".
This is a MVP (minimum viable product).
Important: this is not a GPS tracker. Data is transmitted much less often and the data source is not just GPS.
Differences from competitors
Anonymous,
save battery,
free of charge,
no advertising,
no in-app purchases.
Requirements
Android 4.1 "Jelly Bean: (API level 16) and higher.
The "observable" device should be able to determine its location and have access to the Internet.
The "observer" device must have access to the Internet.
How it works
The user who installed the application can be either "observed" or "observer", possibly simultaneously.
In order to become "observable" you need to start the location service in the "I'm watched" menu, and allow the application to access the location and access to the Internet.
In this case, the "observed" will be assigned a certain identifier and data about its location will be periodically sent to the remote server (see privacy policy).
Important: You should not disclose your identifier to third parties.
When you exit the application or reboot the device, the service continues to run in the background. Stop the data transfer service through the same menu or by uninstall the application.
In order to become an "observer" you must obtain the identifier of the "observed". On the "watched" device in the "I'm watched" menu, send your ID to the "observer". After receiving the identifier, the "observer" through the "I'm watching" menu can receive data about the location of the "observed" and see it on the Google map. "Observed" can pass its identifier to several "observers".
"Observer" can receive data from few devices.
Screenshots
See attachments.
Privacy policy
The application does not start up on its own. You must start and configure the application yourself. You can uninstall the app at any time.
The application provides complete anonymity. Registration is not required.
A remote database stores an temporary anonymous identifier that is not associated with you personally, with your particular device, or with your phone number. Data that is transmitted and stored in a remote database is location data and some other data: longitude, latitude, time; If available: accuracy, altitude, speed, bearing, battery charge.
Only the last xx records are stored in the remote database (this restriction may be changed). No data is provided to third parties.
If you reinstall the application, you will be assigned a new anonymous identifier and link with all the old data will be lost.
The application does not hide the fact of its work. The application does not have any other hidden features, except those described here.
Usage limits
The last xx locations are remembered (this restriction may be changed).
https://firebase.google.com/pricing/
https://developers.google.com/maps/pricing-and-plans
https://developers.google.com/maps/documentation/geocoding/usage-limits
Firebase, simultaneous connections : 100.
Geocoding API : 2,500 free requests per day.
For beta testers
To become a member of the open beta-testers team, join the Google group (mailing list)
[email protected]
https://groups.google.com/d/forum/en-imokhere