What Phone Security is necessary? - G2 and Desire Z Q&A, Help & Troubleshooting

What kind of security is recommended to set up on phone? I.e virus scan, firewall etc.
Thanks.
Sent from my HTC Vision using XDA App

I am currently testing Lookout Pro but I am new to smartphones so I would be interested in more experienced users responses.

Android is a modified Linux image. Linux needs antivirus like a fish needs a bicycle.

This is really a controversial issue, with most people seeing phone antivirus as not necessary. Personally I don't see the harm, Lookout is a good app that scans apps as well as locates your phone if it gets stolen. It's what I use.
Other than that just always use a secure wifi connection and only download apps you trust and you should be good to go!
Sent from my T-Mobile G2 using XDA App

I've been using lookout for almost a 2 months it drains my battery fast, but I still use it battery's not a problem though.
Sent from my HTC Vision using XDA App

It is *impossible* for an anti-virus to work on Android. If it did, then BY VERY DEFINITION, the anti-virus would actually be ***A VIRUS***. No installed application can access any data related to any other application unless either signed with the same private key (i.e., was produced by the same developer), or it is accessing information SPECIFICALLY SHARED by that other application.
Don't waste your limited brain capacity messing with antivirus nonsense. This concept only applies to MS WINDONKEYS, which has world renowned smoke and mirrors in place of ANY form of security.
A strong kernel is better than any kind of nonsense scanner.

dhkr123 said:
It is *impossible* for an anti-virus to work on Android. If it did, then BY VERY DEFINITION, the anti-virus would actually be ***A VIRUS***. No installed application can access any data related to any other application unless either signed with the same private key (i.e., was produced by the same developer), or it is accessing information SPECIFICALLY SHARED by that other application.
Don't waste your limited brain capacity messing with antivirus nonsense. This concept only applies to MS WINDONKEYS, which has world renowned smoke and mirrors in place of ANY form of security.
A strong kernel is better than any kind of nonsense scanner.
Click to expand...
Click to collapse
I LOL'd.
10 characters

Been using cell phones for over 20 years, I have used just about every platform, I have yet to come across a virus on a cell phone, right now waste of money, memory phone resources etc.

Took you guys advice and removed the trial Lookout app from my phone, tks!

Quick question I only have been using lookout cause of the GPS tracking incase my phone got stolen anyone know any other apps that do just that without taking up a ton of resources and battery?

Ditto. Android's modified Linux. If anything, Antivirus is just gonna slow it down. Beside, it's awful hard for anything to gain root access (needed to actually infect the system) without ADB. Without this element, a factory reset would destroy any remnants of a virus if any such beast even exists for Android. I seriously doubt anyone has anything to worry about as far as this is concerned.
Most would-be thieves are stopped simply by potential consequences. They know there's a GPS chip in those phones. Theft of service? In a lot of states, automatic felony. If not, the value of the phone alone could push a felony. Who knows if you have GPS tracking software installed? The IMEI blacklist which is activated when you report your phone stolen, essentially rendering it useless? The fact that it's a federal crime simply to change the IMEI to get around the blacklisted number. So many things to think about. Cell phone theft just isn't that common anymore.
So the likelihood of your phone catching a virus? Slim/none. The likelihood of it getting stolen? Also slim. Unless some idiot really wants that phone, which'll shut off as soon as you report it stolen anyway.
I've been using Android since it came out on the G1. I say just enjoy it. Save your space for more useful (or fun) apps.

Related

Bad NAND blocks causing problems?

I've installed and reinstalled android since the .7 builds before android 1.0 was out, i've installed using data images and ext2 partitions... I've put my time in, so i've had a G1 since december and have pretty muched stopped playing with my kaiser, I picked it up today and have been trying to do a NAND install of Poly's build with no luck... got the 320x240-Panel2-Tilt NBH installed and booting, along with poly's build dropping into the andboot folder... and updated to radio 1.71*, after doing a install to NAND (and wiping /data & /system)... I see that I have bad blocks on my mtdblock3 (NAND) when its mounted... I cant seem to boot android all the way, anyone else have a bootable android that has bad blocks... AFAIK most devices that use NAND work around potential bad blocks (Wii, XB360, etc) will it format around these blocks?
wow, I reflashed the .NBH, and still getting the same bad block error, set the phone down and was browsing the web and listening to TwiG, look back over at the phone and it WAS sitting on a shell on a blank line ie. "#", and started the NexusOne logo!!! so I guess its all good with bad blocks and all!
Now another question, I'm on a $9.99 featurephone unlimited dataplan for AT&T, if I throw my sim back in my Tilt, will they figure it out? I dont have my IMEI registered, but obviously they can see it... lol, I know its a little off topic.
I have 3 bad blocks on my Tilt and doesn't seem to be affecting anything.
Yes bad blocks are a part of every NAND memory device. I read somewhere that there is like a 5% failure rate on these types of memory. It's just how the tech is. However, there is a system built into it to keep track of the bad blocks, once it's marked bad, it will never be used. I also have 1 bad block and have had no ill effect on my kaiser. It just seems that the boot process lists which blocks are being reported as bad by the memory.
Hope this helps.
I have around 7 bad blocks, and OK with my sistem.hahahahahahaha.
jmhalder said:
Now another question, I'm on a $9.99 featurephone unlimited dataplan for AT&T, if I throw my sim back in my Tilt, will they figure it out? I dont have my IMEI registered, but obviously they can see it... lol, I know its a little off topic.
Click to expand...
Click to collapse
Yeah they will. They figured it out in less than a week when I got my old Hermes. Even without my IMEI registered, and a custom ROM installed, my account on the site showed I was using a Cingular 8525. They automatically switched me to the $30 data plan. There was absolutely nothing I could do.
at&t
"They" do know, but if you have a feature called "smartphone exclusion" you can get away with a $15 data plan, but as soon as you upgrade to a smartphone the exclusion feature is removed.
So, if you have two lines always upgrade the one that will not be using a smartphone, then switch sim cards.
The only way to know if there is a smartphone exclusion feature is for a rep to open your account and look at your feature codes, even the $0 features.
This probably doesn't make any sense, but I wish there was a way to block an IMEI, then no problem. In the past we could put all 1111's for an imei in the system as a non att phone and there were no reprocussions.
peace
I've wondered the same thing at times about the imei. It seems every time I went exploring the "making imei different' option, all I would ever get is the big lecture about stealing phones.
(RANT ALERT)
Kinda like when you go buy allergy medicine and get carded, cause there are a bunch of losers out there doing something illegal with it.
I am not sure of the ethical issues with using 'too much data' or paying more, b/c I use my wife's Samsung Flite (insured non-smartphone) with $15.00 internet tethered bluetooth to my laptop, so eh...... I'm always a stickler for paying what I think something is worth to me, especially after a company has REALLY taken advantage of me a time or two. And btw, where I live, I only get 1 bar most of the time. Really, our phones hardly work, so we have skype on the PC to make calls from our home. They work great in the city that I work in, but i'm on a computer using google talk mostly. Can you say "Holes in the coverage map?" And yes, i've tried all the radios. Be it my kaiser, the old hermes, my wife's samsung flight, or the 3 we've had Blackjacks, theres just never been good coverage. So ya, I think i'm overpaying a bit. I just use my phone as a toy, a hobby, a see what it can do.
I've read about IMEI changing being illegal in certain countries. What about the USA? I mean seriously, I drive a car with no catalytic converter, but we don't have emissions checks in my state. Yes that means I'm breaking the law, but I also think that relatively speaking, i'd rather the police spend their time busting Meth labs than worrying about my car emitting 20% more stuff from the exhaust.
Its all about saving money, because everyone is trying to get ALL of it from you.
(/RANT)
Can the imei on the kaiser be changed, or killed for that matter? Has it been explored?
And please, spare me the stolen phone lecture. I just don't think I can take it.
carcomp said:
And please, spare me the stolen phone lecture. I just don't think I can take it.
Click to expand...
Click to collapse
How about the "It's illegal to change your IMEI number in most countries and you could face prison if you do it" lecture?
carcomp said:
I've read about IMEI changing being illegal in certain countries. What about the USA? I mean seriously, I drive a car with no catalytic converter, but we don't have emissions checks in my state. Yes that means I'm breaking the law, but I also think that relatively speaking, i'd rather the police spend their time busting Meth labs than worrying about my car emitting 20% more stuff from the exhaust.
Click to expand...
Click to collapse
Pulling out the catalytic converter won't increase your mpg, as many modern cars actually require the back pressure. You'd have to also modify the computer, or own a car made in the 70's and older.
Its all about saving money, because everyone is trying to get ALL of it from you.
Click to expand...
Click to collapse
I bought my Kaiser off Ebay, and it's actually made for the UK. Just to try and avoid having to pay a $25 fee for having access to unlimited internet. Course the 3G doesn't work with T-Mobile in USA, but I use 2G anyway to save battery power.
Cell phone industry is just one big scam. You can't afford to buy a new phone, unless it's under contract, and switching cell phone companies will cost you a disconnection fee. Not to forget that their cell phones are locked to them only, and requires you to beg for the unlock code.
Honestly wish that T-Mobile had a $10 fee for getting unlimited internet, cause relying on wifi is a huge hassle.
Dukenukemx said:
Pulling out the catalytic converter won't increase your mpg, as many modern cars actually require the back pressure. You'd have to also modify the computer, or own a car made in the 70's and older.
I bought my Kaiser off Ebay, and it's actually made for the UK. Just to try and avoid having to pay a $25 fee for having access to unlimited internet. Course the 3G doesn't work with T-Mobile in USA, but I use 2G anyway to save battery power.
Cell phone industry is just one big scam. You can't afford to buy a new phone, unless it's under contract, and switching cell phone companies will cost you a disconnection fee. Not to forget that their cell phones are locked to them only, and requires you to beg for the unlock code.
Honestly wish that T-Mobile had a $10 fee for getting unlimited internet, cause relying on wifi is a huge hassle.
Click to expand...
Click to collapse
Well i've officially derailed this thread. sorry. I'll go join the ranks of losers that I always complain about
BTW, my car doesn't have a cat cause its a 18 year old Cutlass Calais, and I'm not paying to put one back on where the original one rusted away. It does have a new exhaust however, and right where that cat converter goes is a nice shiny honda resonator from a civic Si (got it from a friend at college when he put an aftermarket exhaust on his car).
I don't think you'll get prison time in the United States for messing with your phone, I'm not sure either. I've never heard of it actually happening due to someone changing imei numbers in order to profit criminally in some way.
BTW, just to tie this thread back into its original form, i've gotten Bad Nand blocks reported one time. I flashed hardspl again using sdcard method, and haven't seen them mentioned in android boot since. Weird huh?
carcomp said:
BTW, just to tie this thread back into its original form, i've gotten Bad Nand blocks reported one time. I flashed hardspl again using sdcard method, and haven't seen them mentioned in android boot since. Weird huh?
Click to expand...
Click to collapse
I get errors with bad nand blocks as well, but as someone mentioned, that's normal. It's like buying a LCD TV and you see a few dead pixels. That's normal, even though it pisses you off, knowing that companies dare make products with some defects. Even CPUs have this too. For example, when Intel or AMD makes CPUs, they pick the ones that happen to be made well. The ones with the less defects can clock higher, and therefore cost more money. The CPUs with the more defects get clocked lower, and sold cheaper. It's gotten to the point where some companies are disabling cores. ATI and Nvidia first did this with their videos cards, disabling pipelines that were bad. Now AMD does this with their Athlon and Phenom CPUs, by disabling 1 or even 2 bad cores. Good news is that, many products were sold without defective cores or pipelines, and if you know what you're doing, and lucky enough, you could turn cheap products into expensive ones.
Yea I derailed myself. Anyway, after messing with Android on my Kaiser for 5 hours, I decided it wasn't ready. There's 6 issues that bothered me. Doubt any of it is related to bad nand blocks.
#1 Random features don't function unless you restart phone. Couldn't play MP3's because format wasn't supported. Restarted phone, and now I can play MP3's. There's a lot of instances where restarting the phone will fix a problem, but that brings me to the second issue.
#2 Restarting phone can cause it to not boot. Wouldn't be a huge problem if I didn't need to restart often, but I do. Usually, pulling the battery and holding the power button for a while, usually fixes it for me.
#3 Random freezing. You never know when your phone will just freeze. I got it to freeze when changing my ring tone.
#4 Installing applications must be in internal memory. A specific Android related problem, but annoying as hell. There's a solution to this, but it requires me to partition my SD card, and format it as ext2.
#5 No offline GPS. Again, specific to Android but something I can't live without. I heard Ndrive can do it, but I'd rather use the GPS that comes with the Android. I'm sure there's a way around it, but no good step by step guides to do it.
#6 Can't send audio with texts. I'm not sure if this is a Android issue, or if I needed to restart my phone. I love being able to send pictures and music formatted in the AMR format to friends, but for the life of me I couldn't select any AMR audio to send with texts. I could attact pictures with no problem, but couldn't find any of my mp3's or amr files. The same could be said about changing my ring tone to a mp3, as it just couldn't see it.
Did what i said to you in the other thread help with the sticky boot, and the lockups?
You mean the 3.29 boot loader? It still happened when I flashed it. Though, I did notice that Android booted faster, but that maybe my perception.
FloatingFatMan said:
How about the "It's illegal to change your IMEI number in most countries and you could face prison if you do it" lecture?
Click to expand...
Click to collapse
Its not illegal in america, it IS undoubtably illegal in lots of europe... its obviously illegal to exploit that to do malicious things... but whatever, the knowledge to do so is obviously NOT illegal, I'm VERY tired of that argument... that kind of info IS on this site... also, claiming illegality in the US will require citing law for me to really take ANY credibility in it...
*once again, I'm only promoting the KNOWLEDGE to be able to modify this, not the actual act... obviously there are a TON of scumbags that want this info to push devices illegally in the EU, but I personally could give a crap about them.*
/Rant
jmhalder said:
Its not illegal in america, it IS undoubtably illegal in lots of europe... its obviously illegal to exploit that to do malicious things... but whatever, the knowledge to do so is obviously NOT illegal, I'm VERY tired of that argument... that kind of info IS on this site... also, claiming illegality in the US will require citing law for me to really take ANY credibility in it...
*once again, I'm only promoting the KNOWLEDGE to be able to modify this, not the actual act... obviously there are a TON of scumbags that want this info to push devices illegally in the EU, but I personally could give a crap about them.*
/Rant
Click to expand...
Click to collapse
I guess someone totally missed the smiley at the end of my post.
As for the knowledge how to do it, it took be approx 5 seconds to put a search in to XDA's search box and come up with the results how to do it. Try it yourself instead of complaining about it.
FloatingFatMan said:
I guess someone totally missed the smiley at the end of my post.
As for the knowledge how to do it, it took be approx 5 seconds to put a search in to XDA's search box and come up with the results how to do it. Try it yourself instead of complaining about it.
Click to expand...
Click to collapse
I've searched, and used good forum etiquette, no need for the harshness, i've tried the single piece of software available that isn't INTENDED for the Kaiser, and I couldn't get it to work, also couldn't find any reports of it working for the Kaiser. PM me if you have any other info.
Please PM me too. I've performed the same searches and haven't found anything useful.
Actually changing your IMEI in order to get a service you have not paid for would be fraud, which I believe would be a felony charge at least.
There are US laws on the book regarding changing electronic "serial numbers" on mobile communications devices. They don't say IMEI (this was to deal with ESN cloning fraud in the late '90s with analog cell phones) but if you actually read the laws as they are written - you'd see they could easily interpreted a lot of different ways.
And in todays climate of anti-terror paranoia, I'm sure that changing your imei might also be construed as an attempt to avoid legitimate surveillance, i.e. wiretapping, which uses the imei in order to intercept traffic to and from a suspects device.
Not that i'm being a killjoy, I just had a look for ways of changing imei, and found a few ways of doing it, i'm just about to point anyone in their direction, since i'm in the UK

[Q] Lookout or Kaspersky?

I know some of you might say these kind of apps are useless but just for the sake of argument (and to feel safe since I had a issue with my phone days ago) which one gives more security to your phone? and which one is less heavy on the cpu and battery,Lookout or Kaspersky?
I know u don't want people to tell you that these apps are useless but corrent me if I'm wrong but you can't actually get viruses on phones. (As in Linux due to there being no executable file extensions).
Sorry I don't actually have an answer to your question but I doubt many people use these apps.
Sent from my Desire HD using XDA Premium App
It's certainly possible to get a virus on Android (Linux too for that matter), in fact there's been a few cases lately. I have no idea whether or not the risks are high enough to justify installing anti-virus software right now but I did for peace of mind.
As to which is better that's up for debate. Personally I settled for Lookout as it fit the bill nicely and didn't slow down my phone, but try both and see which you prefer.
Im using lookout atm and it doesn't seem to drain battery too much, with the new kernel and latest radio Im getting 24 hrs battery life with normal usage
If your DHD is rooted, etc... then just be mindful of what you are installing outside of the Market.
The recent incident involving malware in the Market probably would not have been prevented by these apps anyway as it happened very quickly. Google identified the apps in question, pulled them, pushed the remote kill-switch and issued a fix to affected handsets.
If your DHD is not rooted then there would be no need to have either of those, or any of those type of app. You are protected by S-ON, that alone will undo any system changes when you reboot.
Back to your question. I'd pick Lookout, it was the first you mentioned therefore your (subconscious) preferred choice.
I use Lookout also. The features are nice, and they send me weekly emails of what I did with my phone, and it backs up everything, has phone locator, phone wipe, and tells me when the definition database has been updated. It's a nice alternative to the ever-not-working HTCsense.com.

[Q] is there a app to make shutting down the device require a password?

I need some help in trying to find an app that requires a pass code or password to allow the device to shutdown and enter airplane mode. Why you may ask well because while my phone is protected against theft via Cerberus someone could easily shut it down or make it go into airplane mode if it required a pass code then a thief wouldn't be able to do so thus letting me track down the device. I know a battery pull could still make it all useless but my phones case an otter box defender is a bit hard to take off and they'll probably turn on the phone at some point if they where to pull the battery. Anyways if any one knows an app that could do this I would highly appreciate someone telling me what it is. Thanks in advance.
Sent from my Sprint Galaxy Nexus CDMA using XDA
Bump?
Sent from my Sprint Galaxy Nexus CDMA using XDA
I have an Otterbox Defender and it's quite simple to remove it, not hard at all.
Beyond that, if a thief was smart enough, they'd reinstall the battery and go into a method to factory reset it or write the ROM clean.
I understand your point of making things slightly more difficult, but nothing is theft proof, and as such, if they want it they'll take it.
Beyond that, even the best of trackers will not have the police knocking on doors to retrieve it... All the thief has to say is "I don't know what you're taking about" and refuse admittance in to his home.
No judge will authorize a warrant to enter a home to retrieve a cell phone that may or may not be there. GPS systems don't have pin point accuracy, so your phone could be next door or across the street.
So really theft trackers are ok, but slightly useless for retrieval methods.
Sent from my Galaxy Nexus using Tapatalk 2
I've been curious as to whether it'd be possible to "write protect" your custom rom installs, essentially requiring a password to flash a new kernel or rom
Yeah I know nothing is theft proof but still I would like that little extra protection. And also I'm sure someone could make a recovery that could require a password. Someone should request that im pretty sure someone can do it with like twrp 2 and I would also rather have a thief steel a phone that's useless to them than something they could use.
Sent from my Sprint Galaxy Nexus CDMA using XDA
Avast Mobile Security writes the anti-theft to root. So even a factory reset the app will survive. and has sim detection.
Theft can just pull the battery that no one can stop. Unless you have a internal battery.
Yeah battery pull seems to be the only way to make any anti theft app useless and I use Cerberus which has a similar feature where even after you factory reset it will remain on the system pretty good considering I was able to get a free license to it
Sent from my Sprint Galaxy Nexus CDMA using XDA
I'm not sure anything will survive a new rom flash.
At least your data will be somewhat protected.
r29 said:
Avast Mobile Security writes the anti-theft to root. So even a factory reset the app will survive. and has sim detection.
Theft can just pull the battery that no one can stop. Unless you have a internal battery.
Click to expand...
Click to collapse
How does it write anti-theft to root? Do you mean it makes it a system app?
This is one of the only things I like about Apple, is that if your phone gets stolen, you can easily lock it, and nothing gets passed it unless you go to and Apple store.
I'm sure there's another method, but that would require good knowledge of computers and code and most thief's probably don't know about that stuff.
Sent from someone's Galaxy Nexus running AOKP + Franco
Would be smarter to build an app to make it look as if the phone had shutdown. Especially since of they can't shut it down from the power menu then they would just pull the battery.
Sent From My Sprint Galaxy Nexus via XDA Premium

Invasion of privacy

I was recently contacted by an old friend to help with an issue. He was a victim of privacy invasion on his S4, hidden instances of webcam and phone cameras, exporting of personal information, etc. Now he has come to me for help. I have looked at his logs and whatnots, but nothing really stands out. So, I am wondering if any of you have experienced the same problem? If yes, please provide me a complete list of all the apps you have installed on your device. Since I do not own an S4, it is hard for me to create the issue. The only answer is to get this community to pool together and get me the device (which would allow me to dev for the S4 and bring the greatness of the Lightning Zap! kernel), or for you guys that have experienced it, to help me find a common link.
thomas.raines said:
I was recently contacted by an old friend to help with an issue. He was a victim of privacy invasion on his S4, hidden instances of webcam and phone cameras, exporting of personal information, etc. Now he has come to me for help. I have looked at his logs and whatnots, but nothing really stands out. So, I am wondering if any of you have experienced the same problem? If yes, please provide me a complete list of all the apps you have installed on your device. Since I do not own an S4, it is hard for me to create the issue. The only answer is to get this community to pool together and get me the device (which would allow me to dev for the S4 and bring the greatness of the Lightning Zap! kernel), or for you guys that have experienced it, to help me find a common link.
Click to expand...
Click to collapse
Is there any more info you can give about it? I haven't noticed anything personally, but I also haven't been looking.
Would be nice to see you here on the S4 there, pal.
lordcheeto03 said:
Is there any more info you can give about it? I haven't noticed anything personally, but I also haven't been looking.
Would be nice to see you here on the S4 there, pal.
Click to expand...
Click to collapse
Hey man! How goes it? I would love to have an S4 but it's just not in my budget right now...but at about 600 bucks (with no contract) who can afford it...lol
Although, I am up for my new every 2 upgrade... but it is for AT&T, and I'm not sure of the compatibility between the i9500, and the AT&T model (not sure of the exact model number).
As for the invasion of privacy issue, I'm trying to get more details on it. But I'm really thinking the malicious code started on his PC and drifted to his phone. And if it's the trojan I am thinking, then it attacks usb devices by making all the contents of that device hidden and appearing as if everything was deleted. Easy to get rid of, and easy to fix provided you have admin level access. Oh, and it was specifically made to attack Windows 7, but can leak out to other versions of Windows. Reason #1 to switch to Linux: Hackers HATE Windows and Bill Gates! lol
thomas.raines said:
Hey man! How goes it? I would love to have an S4 but it's just not in my budget right now...but at about 600 bucks (with no contract) who can afford it...lol
Although, I am up for my new every 2 upgrade... but it is for AT&T, and I'm not sure of the compatibility between the i9500, and the AT&T model (not sure of the exact model number).
As for the invasion of privacy issue, I'm trying to get more details on it. But I'm really thinking the malicious code started on his PC and drifted to his phone. And if it's the trojan I am thinking, then it attacks usb devices by making all the contents of that device hidden and appearing as if everything was deleted. Easy to get rid of, and easy to fix provided you have admin level access. Oh, and it was specifically made to attack Windows 7, but can leak out to other versions of Windows. Reason #1 to switch to Linux: Hackers HATE Windows and Bill Gates! lol
Click to expand...
Click to collapse
I mean, what were the indications? Like, what made your friend say "Man, I do believe my privacy is being invaded." You say nothing suspicious showed up in logs, the instances of camera and data exports, etc were all hidden... what gave the indication that it was happening?
A friend of mine recently had a very similar problem with his iPhone.
We quicly determined that the answer was that his phone was cloned using a scanner, which gave the bad guy power to hack into the device at the ESN level. Very hard to trace in any kind of logs, especially since the bad guy would have the ability to purge logs.
Your buddy might have someone similar. My friend was in Russian when this happened though, much less common in the US.
Skipjacks said:
A friend of mine recently had a very similar problem with his iPhone.
We quicly determined that the answer was that his phone was cloned using a scanner, which gave the bad guy power to hack into the device at the ESN level. Very hard to trace in any kind of logs, especially since the bad guy would have the ability to purge logs.
Your buddy might have someone similar. My friend was in Russian when this happened though, much less common in the US.
Click to expand...
Click to collapse
I asked him for more info and specifically what led him to believe this has happened. I am waiting for his reply. Here is th main snippet from his initial email:
I have been the victim of a very discreet but maddening invasion of privacy through my phone and also my PC and laptop computers via key logging, hidden instances of webcam and phone cameras, exporting of personal information, etc. I believe it to be a reoccurring problem via persistent data, local and cloud based storage, and corruption of my MBRs on most of my storage media. I know enough to be dangerous, but have yet to find any significant marker that points to faulty reflash process at least on my telephone.
Click to expand...
Click to collapse
He gave me some good logs, but I really don't have much to go on. With the statement about his MBR's, I think his computer was actually attacked and subsequently, his phone and possibly other usb devices have been compromised...
He has MBRs on most of his storage devices?
But I think he probably got Ratted on his computer, the guy controlling the computer saw he had an android phone and installed an android rat onto it when he plugged it in next.
Sent from my SGH-M919 using xda app-developers app

Why I won't be updating to Lollipop

Assuming it even hits our device in an official capacity at some point, I will not be taking the Lollipop update. Why not? Because Google has decided to add a kill switch...
http://www.theverge.com/2014/10/15/...includes-kill-switch-factory-reset-protection
Sure, it sounds like a smart idea and a nice feature on the surface, but having spent more than my fair share of time mucking about with various means of remotely (and stealthily) accessing Android devices, the potential for abuse is too great....Not to mention the fact that the NSA and other alphabets must be absolutely thrilled about such a 'feature'. No thanks....
I see your point. There are ups and downs to.. Pretty much everything. I, myself, would be more than thrilled for a 5.0 update. Not like any of my bank info or other personal info has been stolen or used without my consent, nor have I done any really big illegal activities through my device which would give the NSA a reason to look my way.
Interesting. I think it's worth noting, the article claims that Google implemented the ability to remotely lock phones "last year." So that should automatically dispel any notion of anonymity. Besides that, i think the NSA and other "outfits" have had access to personal devices long before the announcement of lollipop. If you really desire to stay off the grid, he prepared to make substantial efforts.
Not that the NSA needs such a feature. They're already capable of going through your phone it's nothing new.
A big issue would be someone maliciously taking over the kill switch and locking you out with no way in.
Yeah that would definitely suck.
The thing that concerns me most isn't privacy or nefarious doings by the NSA. Everyone knows by now (or should) that privacy and anonymity don't exist in the digital world, and the NSA already has their grubby mitts into everything. I'm more concerned about the possibility of other random people being able to lock me out of my phone.
I'm not going to go into detail, as XDA is not the place for such things and the information can easily be gleaned elsewhere, but as I mentioned, there are already fairly simple ways to get full, remote access of somebody's phone. All it takes is 20 seconds or so of physical access to a device, or a little bit of social engineering to get somebody to install a seemingly benign apk (infected Play Store updates were my favorite), and you can do whatever you want, undetected.
Now imagine you install something, and unbeknownst to you it gives someone complete remote access to your device, starts sniffing passwords, and running keyloggers. Before long, they've got your complete Google account (for example). Next, they change your password, associated phone number, and recovery email addresses to their own, and activate your device's 'kill switch'. You would be left holding a paper weight, without ever knowing what happened, and there would be nothing you could do about it...
I tend to be very careful about what I install, but even I have installed the odd apk I've gotten here at XDA, or compiled and installed something from Github without checking through the source. It's almost impossible to be 100% certain everything you install is clean.
Fortunately, such malicious 'attacks' (for lack of a better word) aren't all that common, relatively speaking. The odds of you randomly becoming a victim of such a thing are marginal. Also, I'm sure once Lollipop is out in the wild, people will start finding flaws with the 'kill switch' implementation, and ultimately, ways of circumventing it. Maybe then I'll consider updating. Until then, however, knowing what nefarious things are possible with it, however unlikely, far outweighs any potential reasons to want to update.
Maybe I'm a little over-paranoid, but that's my take on it, for what it's worth....
Morningstar said:
The thing that concerns me most isn't privacy or nefarious doings by the NSA. Everyone knows by now (or should) that privacy and anonymity don't exist in the digital world, and the NSA already has their grubby mitts into everything. I'm more concerned about the possibility of other random people being able to lock me out of my phone.
I'm not going to go into detail, as XDA is not the place for such things and the information can easily be gleaned elsewhere, but as I mentioned, there are already fairly simple ways to get full, remote access of somebody's phone. All it takes is 20 seconds or so of physical access to a device, or a little bit of social engineering to get somebody to install a seemingly benign apk (infected Play Store updates were my favorite), and you can do whatever you want, undetected.
Now imagine you install something, and unbeknownst to you it gives someone complete remote access to your device, starts sniffing passwords, and running keyloggers. Before long, they've got your complete Google account (for example). Next, they change your password, associated phone number, and recovery email addresses to their own, and activate your device's 'kill switch'. You would be left holding a paper weight, without ever knowing what happened, and there would be nothing you could do about it...
I tend to be very careful about what I install, but even I have installed the odd apk I've gotten here at XDA, or compiled and installed something from Github without checking through the source. It's almost impossible to be 100% certain everything you install is clean.
Fortunately, such malicious 'attacks' (for lack of a better word) aren't all that common, relatively speaking. The odds of you randomly becoming a victim of such a thing are marginal. Also, I'm sure once Lollipop is out in the wild, people will start finding flaws with the 'kill switch' implementation, and ultimately, ways of circumventing it. Maybe then I'll consider updating. Until then, however, knowing what nefarious things are possible with it, however unlikely, far outweighs any potential reasons to want to update.
Maybe I'm a little over-paranoid, but that's my take on it, for what it's worth....
Click to expand...
Click to collapse
I wouldn't doubt it if people are already considering to do that to a greater extent.
First of all the name itself "kill switch" is totally misleading. "Killing" something or somebody in full meaning of the word means ending it's life permanently. The way I read the article, this thing simply disables the phone remotely until proper password is entered? How is this different from SIM card lock password protection, or log on password most phones have for ages, that now it will be mandated by another useless law? Or maybe that this new method can not be bypassed? It's still not a kill switch, if it can be reversed and it should be called disable switch or something, but it doesn't have the same ring to it.
There has to be way to unlock the phone without password, otherwise there will be a lot of angry people who forgot/lost password especially if set once and forgotten until let's say 6 months later the switch is activated.
For example couple years ago I think I set password for program purchases on my cable box, so kids can't purchase something by accident, I have no idea what that password is. At least I have no intentions of buying anything.
Also what stops the thief from breaking phone apart and selling parts? My wife broke the screen on her GS3, replacement screen is more expensive than brand new GS3.
And who activates the switch? if user, a lot of people won't have a clue, if company, imagine some prankster breaks into Apple servers, steals the codes and kills 3,000,000 iphones, actually come to think of it, that wouldn't be such a bad thing.
I may not update to L either, but for more practical reasons, like are there any benefits for me, is there root method without tripping knox, or will it kill my battery, like update to KK did.
pete4k said:
First of all the name itself "kill switch" is totally misleading. "Killing" something or somebody in full meaning of the word means ending it's life permanently. The way I read the article, this thing simply disables the phone remotely until proper password is entered? How is this different from SIM card lock password protection, or log on password most phones have for ages, that now it will be mandated by another useless law? Or maybe that this new method can not be bypassed?
Click to expand...
Click to collapse
I agree that 'kill switch' probably isn't the best term for it. My understanding, from the few articles I've read about it, is that it will lock the phone down until the Google account is verified. I'm not sure if that verification will be done via password entry, email verification, two-factor authentication, or some other means.
For an attacker using the methods I've previously mentioned, a SIM lock would pose a problem, but lockscreen passwords, patterns and pins are trivial to get around.
Like I said, it's not clear yet (from what I've found) how verification will be done to deactivate the 'kill switch', but if it does in fact require verifying the associated Google account in some way, a phone's legitimate owner would be out of luck, as somebody with the means and desire to activate the 'kill switch' in the first place would have no problem in also gaining complete and total control of the associated Google account.
I want to be clear that this is speculation based on my current understanding of a 'feature' that has not yet been released to the public. There may well be safeguards in place to prevent such things, and Google may still make changes before Lollipop is available to the public. I am not suggesting that people refrain from updating to Lollipop when and if an update becomes available. I also want to emphasize that even if the 'feature' is released with such inherent vulnerabilities, that it is not something the average user should every worry about. The odds of anyone randomly being a victim of such an attack are practically non-existant.
That being said, this is XDA. Most members here are fairly technical-minded (at least compared to the general public), and are interested in knowing and realizing the full potential of their devices. As such, I think it should at least be known that such vulnerabilities as I've mentioned do exist, and attacks may be made that much worse, depending on how Google implements the 'kill switch' feature. However remote it may be, it's a possibility, and something that people may or may not want to take into consideration.
Now you know, and knowing is half the battle. G.I. Joe....
Not really a sound reason to avoid lollipop in my opinion. If you're concerned about the remote tracking (that already exists) and the upcoming kill switch; after root, find the associated files and freeze or delete them. The mobile tracker came off my phone right after Knox, not for any reason other than the fact it eats battery like crazy. There's always work arounds to their technology, but as far as the nsa, or any other group or morons listening to you; the chances of you as an individual being targeted are 1 in 136,149,000 (in the US). I don't care if you have 50,000 stolen mp3's on your device and like to try and steal old ladies bank account numbers with your tablet, it's chump change to them and having the mindset that they're listening is as bad as these people who prepare for dooms day, zombie apocalypse, and everything else... it's just crazy. If your concerns are a kill switch, then you might as well stay in your house because there's cameras everywhere out there, your ps3 and Xbox cameras can be accessed if you're on the Web, there's hundreds of satellites circling the globe gathering information, and every thought, search or anything you've done on the Web is accessible whether you delete your history or not. If your computer has been there, there's a footprint, if you used a vpn or tried playing shadow games to hide your identity, it can be traced if they want to. Life is too short top worry about such silly things. Live it up and have fun!
Just my 2 cents for the night.
Do you wear a tin foil hat too?? Whether you like it or not, you're on the grid already. There is no getting off. The NSA wants you, they're gonna get you. Good luck running
That is very true. But as more people protest, the companies are actually fighting back against the government. Like Yahoo against the NSA and Facebook against the DEA, people just need to keep letting know that we won't tolerate getting stripped buttass naked of our personal privacy.
Sent from my hlte using XDA Free mobile app
nighthawk626 said:
That is very true. But as more people protest, the companies are actually fighting back against the government. Like Yahoo against the NSA and Facebook against the DEA, people just need to keep letting know that we won't tolerate getting stripped buttass naked of our personal privacy.
Sent from my hlte using XDA Free mobile app
Click to expand...
Click to collapse
Just look at Apple. They're getting a lot of heat for the filevault encryption software.
Apple has had their legs spread open and panties dropped for the government since day one.
Sent from my SM-N900T using XDA Free mobile app
nighthawk626 said:
Apple has had their legs spread open and panties dropped for the government since day one.
Sent from my SM-N900T using XDA Free mobile app
Click to expand...
Click to collapse
The same and to a greater extent can be said about facebook.
here, http://www.xda-developers.com/android/android-l-lockdown/, right on topic of this thread.
nighthawk626 said:
That is very true. But as more people protest, the companies are actually fighting back against the government. Like Yahoo against the NSA and Facebook against the DEA, people just need to keep letting know that we won't tolerate getting stripped buttass naked of our personal privacy.
Sent from my hlte using XDA Free mobile app
Click to expand...
Click to collapse
Dog and pony show to give a false sense of privacy from these companies to their customers... See the yahoo gag order and the by-the-day increasing fines that the government was imposing to them unless they allowed them to access their data. If the government wants it, they will get it, no matter how 'safe' these clowns make you believe otherwise
Sent from my SM-N900T using XDA Free mobile app
I think a lot of you are missing my point. I'm not worried about the NSA, big brother, or anonymity (or rather the lack thereof). Those are concerns, of course, but I think everyone here knows that if you have any sort of cell phone, they can track and monitor you, and probably are.
What I'm worried about is the potential for random people gaining access to your phone and its' associated accounts and activating this 'kill switch', essentially leaving you with a paper weight. As I've already stated, I am not entirely sure that such a thing will be possible, as I have not seen the source code or all the minute details about how Google is implementing this. However, if it is implemented as described in the articles I've found about it, without any further security measures, there could be a problem.
If it is as described, I would have no problem remotely accessing a device, seizing control of the associated Google account, and activating the 'kill switch', without the device's owner ever having a clue it was happening. Of course I wouldn't do such a thing, especially to random people just for the 'lulz', but we all know there are people that would.
Hopefully that made some sense....I've been awake for too long lol
Not like hackers can't do that already...
Come on man.
Welcome to the 21st century.
Sent from my Nexus 4 using XDA Free mobile app
I don't know about you guys but I did have an LG L9 that I completely bricked. Now the thing would not turn on, no lights, nothing. But with some research, .exe file on my computer, and directions from some very savvy people I was able to plug in my phone to the computer while pressing three buttons that got me onto fast boot mode. This is where I was able to delete the system and install each partition bit by bit. Took helluva long time with multiple tries to finally get it working but it did. My two cents.
Sent from my SM-N900T using xda premium

Categories

Resources