Related
EDIT: Use the app from KShatzkes' post #24.
I installed the the OTA update, and like many 2.2 phones now, if you use the Email app to connect to exchange, you have to enter an annoying password just to unlock your phone, every time it locks. It's annoying and time consuming because you cannot use the pattern unlock --- you must choose an alphanumeric code at least four digits long.
There are email.apk files that bypass this, but since we cannot replace our email.apk permanently, that probably won't work for us.
The phone did not do this before the OTA, but now it does. Also, you can disable it via the databases in 2.1 (or use lockpicker), but these solutions seem to be broken in 2.2.
Any ideas?
Yes! This is bothering the heck out of me too! Hopefully some solution arises soon!
EDIT: I am guessing that the only option we have is to do something like Paul's Goggles Removal app. If we remove the Email that way, we can then install the other .apk just fine.
I emailed my company's IT department today about this, and got an interesting response:
[Me],
Activesync is set up for a production environment, since it sync's with your handheld which then contains [Company Name] material.
While not all handheld manufactures are have all come to the same level of programming, we've allowed underdeveloped handhelds containing a degree of activesync client to communicate with our servers, with the priority on greater protection. This is why the update of your device is now asking your for a 4 digit pin. The update to your device now has a full activesync client. This is by design.
We apologize for any inconvenience this may cause you.
Thanks
-[Technician]
Click to expand...
Click to collapse
So apparently, we got the "full" version of activesync. Sucks. I never before wanted something so underdeveloped. =(
Wish I could revert to the old version of the app as well.
I haven't noticed a difference since I installed the OTA.
I'm definitely not having to enter any password to unlock when I bring the phone to life.
I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.
I have the same annoying Pin requirement now after the OTA. I also did not have a pin before the update. It sucks.
I'll toss out an idea to get around this.
Root with Visionary.
Connect device via USB.
adb shell
su
pm disable com.android.email.policy
Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.
It can be undone by substituting the last command with "enable" instead of "disable.
smasraum said:
I haven't noticed a difference since I installed the OTA.
I'm definitely not having to enter any password to unlock when I bring the phone to life.
I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.
Click to expand...
Click to collapse
This is probably because your IT staff has not enabled the security (or more likely disabled it, since it is enabled by default in Exchange). I talked to our IT guys, and they say the national corporate office won't disable it, but they all hate it (local IT).
I showed them how to disable it in 2.1 Eclair, but those fixes don't work in 2.2 Froyo. The only fix for Froyo is to replace the Email.apk with a hacked version, but we cannot do this without permanent root.
rmk40 said:
I'll toss out an idea to get around this.
Root with Visionary.
Connect device via USB.
adb shell
su
pm disable com.android.email.policy
Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.
It can be undone by substituting the last command with "enable" instead of "disable.
Click to expand...
Click to collapse
I'll give it a shot, but my guess is that you won't be able to connect to the server at all without an email policy.
Edit: Doesn't work. You cannot send without the policy, and the password is still there. If you delete the account and recreate, it still forces you to create a password, and you still cannot send.
So to get this straight, the issue is with the Email.apk or the Email Policy file? Or both?
smasraum, can you upload your Email.apk and/or the com.android.email.policy that you say work for you? I doubt it is gonna work without perm root, but I'm so frustrated that I want to see if the system will allow me to downgrade the files.
Thanks in advance.
Here is the working (without password) Email.apk. I have this working fine on my Nexus with no password required. I don't think any changes to the policy are necessary. I believe this works by telling the Email app not to ask the server what its password policies are.
cparekh said:
Here is the working (without password) Email.apk. I have this working fine on my Nexus with no password required. I don't think any changes to the policy are necessary. I believe this works by telling the Email app not to ask the server what its password policies are.
Click to expand...
Click to collapse
I am assuming this apk won't remain on a reboot, will it? Will it revert back to the new apk?
If so, I guess we can make a visionary.sh script which can install the working apk on boot. Closest thing we will have.
EDIT: I tried to install that Email.apk, but I am getting an "Application not installed." Any ideas?
I don't think you can install it. I think you have to push it to the system/app directory. Then reboot, which is why it won't work on the G2. Also, I believe the ROM needs to be deodexed, so it would not work with the stock ROM anyways.
The steps I followed on my Nexus:
1) Delete Exchange account.
2) Remove password and go to regular lockscreen.
3) Replace existing email.apk with edited email.apk.
4) Reboot.
5) Add Exchange account.
All this was done on CM 6.1, which, I believe, is deodexed.
cparekh said:
I don't think you can install it. I think you have to push it to the system/app directory. Then reboot, which is why it won't work on the G2. Also, I believe the ROM needs to be deodexed, so it would not work with the stock ROM anyways.
The steps I followed on my Nexus:
1) Delete Exchange account.
2) Remove password and go to regular lockscreen.
3) Replace existing email.apk with edited email.apk.
4) Reboot.
5) Add Exchange account.
All this was done on CM 6.1, which, I believe, is deodexed.
Click to expand...
Click to collapse
Ah, okay so I see the real problem more clear now. And a visionary.sh script won't work because we need a reboot...
So I am guessing the only way to actually get this done is through Paul's Google Goggles method. Trick the system into deleting the current Email.apk, and then installing the old one. Anyone know enough to make that happen? =P
You can do that via Titanium backup with Paul's update. The problem is, if it doesn't work, then the change is permanent, and there is no current way of reverting.
I don't know if it would work, though, because it's not a market app, so it would not have the necessary signature to write itself to system/app and then run.
cparekh said:
You can do that via Titanium backup with Paul's update. The problem is, if it doesn't work, then the change is permanent, and there is no current way of reverting.
I don't know if it would work, though, because it's not a market app, so it would not have the necessary signature to write itself to system/app and then run.
Click to expand...
Click to collapse
Ah I didn't know Titanium Backup can do it now! Thats awesome.
But yes, I am wary that the change can be permanent if it doesn't work. Anyone pre-OTA (or a brave soul Post-OTA), willing to help us out and try this? Thanks!
I just caught the end of your last post. Yeah, I didn't think of it that way. I guess no matter what we aren't going to be able to make changes to the /system/app.
But, wait. If we deleted the Email.apk through TB, and then as long as the other Email.apk could be installed, then I think we would be good. Since we could make a visionary.sh script to install the good Email.apk on boot each time. But still, the problem I guess is we aren't too sure if the Email.apk would install in the first place...
KShatzkes said:
the problem I guess is we aren't too sure if the Email.apk would install in the first place...
Click to expand...
Click to collapse
Yeah, that's what I don't know. In effect, the NAND lock is not only keeping us from customizing our phones, it's keeping us from trying to customize our phones.
exchange problem after OTA update
i believe the problem i'm experiencing is related to everyone else here except i am not asked to enter any pin or pass codes. prior to the OTA update on 11/5 am for me, i was having absolutely no problems checking my work email via exchange. now after the update, i get this error message when i go into the app and try to retrieve email "unable to open connection to server".
anyone else experiencing this?
I got this once. The problem seems that after the OTA, it did not push the security policy to the phone. The solution for me was to delete the account and then re-enable it.
Here is the case:
As we know, after editing a software, we need to sign for it just in order to use it. I figured how to edit softwares so that it wont be killed by the system when running background. When testing in Android 2.3.5, with sense 3.5, everything goes smoothly. (I need to simply explain how the installation thing works just so it makes sense. I install the edited version first, move it to system/app, for it requires to be a system app to run the part of code. Then I reboot, and reinstall the original version. [Here is why: This app is an IM app, which means it requires internet connection to the online server, but it also automatically check the signature. If the signature is not the same as the known one, it will not allow me to connect to the server, which makes the app useless.] After this step, the checking mechanism would be tricked. However, in android 4.0, here comes the problem. I CANNOT INSTALL THE SAME APP WITH DIFFERENT SIGNATURE TWICE. The cheating mechanism will not work if I cannot install it twice. This is the biggest problem I am facing right now. Can you guys help me. Thanks a lot.
Um..Is this question that difficult..I mean, it requires to go over the signature checking mechanism of the phone. I really dont know what part of code in the rom this part belongs to, otherwise I can try it myself... And, I do think there is someone solved this question in previous roms like sense 3.5 or sense 3.0, etc, for there were people asking this kind of question...Although their answer is not helpful at all...
sign the zip yourself if toggling permissions in recovery wont work.
you can incorporate just about anything you wont into an image so long as you either change the permission, sign it yourself, or force the update via adb
demkantor said:
sign the zip yourself if toggling permissions in recovery wont work.
you can incorporate just about anything you wont into an image so long as you either change the permission, sign it yourself, or force the update via adb
Click to expand...
Click to collapse
I do have signed it, but the signature of the original app is different, and android 4.0 doesnt allow me to replace the same app which has a different signature...
have you tried incorporating the app into the rom before you flash it?
demkantor said:
have you tried incorporating the app into the rom before you flash it?
Click to expand...
Click to collapse
I guess I can try it...
Dear All,
I recently discovered the atrocious 'security feature' Google is forcing upon it's Nexus users that disallows any downloading of certain compressed file types if they are sent to you via Email.
For those that don't know... send yourself a ZIP file (for instance) as an email attachment and your Nexus device will NOT let you download it once you receive the email within either the 'Email' or 'Gmail' app (other third party apps work fine).
I have searched high and low for a solution to this issue but it seems a fix hasn't been implemented even by the CyanogenMod community.
The closest I came to a fix is the following:
http://forum.xda-developers.com/galaxy-nexus/help/opeing-zip-files-email-t1377475/page3
I have tried the solution suggested in the above thread which involves decompiling Email.apk, modifying some code, recompiling and implementing the new apk but I am now struggling.
I have decompliled the systems email.apk using apk tool... found the correct lines of code for my version of android ( http://grepcode.com/file/repository...Utilities.0UNACCEPTABLE_ATTACHMENT_EXTENSIONS ) and modified the file in question accordingly.
It is here where it all goes wrong... I cannot for the life of me figure what I am doing wrong when trying to implement the new Email.apk.
I copy it into system/apps using root explorer and reboot (after removing the old apk)... nothing. Email app has in fact disappeared.
Could anyone shed some light on this please?
I know there are work arounds such as using webmail but that's no good to me... I am extremely surprised that even at this stage of Android development we still have this kind of restriction so would appreciate all thoughts on how to get this going.
Maybe someone out there has some more information about the issue that I haven't been able to find?
PLEASE HELP!
UPDATE:
Managed to get my modified email.apk loaded but the amendments have not been successful.
Does anyone know any other parts of the source code I should be looking at?
bump
Audio Oblivion said:
bump
Click to expand...
Click to collapse
Can't help you with the source code just wanted to say that I am able to download zip files with the newest version of the Gmail app (v 4.9) just fine. Sent a zip to my yahoo account and tried to use the Email app and keep getting "Couldn't download. Touch to retry." I thought they had fixed both but apparently not.
Having a constant "Security Notice" on phone since rooting. Everything else works fine. Is there anyway I can maybe deactivate this function?
freeze in titanium backup...
Y0sHii said:
Having a constant "Security Notice" on phone since rooting. Everything else works fine. Is there anyway I can maybe deactivate this function?
Click to expand...
Click to collapse
to get rid of the security notice you will get(because the system is now rooted) simply install root explorer(or any root browser) and go to /system/app and delete securitylogagent or go into the folder and rename it adding .bkp to the end of the file name and reboot.
per
http://forum.xda-developers.com/showpost.php?p=68675715&postcount=2
I began getting this, too, after rooting my Note7. I solved it the way others suggested, with Titanium Backup by freezing the Security Log Agent. That worked for me.
SkyPhone said:
I began getting this, too, after rooting my Note7. I solved it the way others suggested, with Titanium Backup by freezing the Security Log Agent. That worked for me.
Click to expand...
Click to collapse
do you still have knox? i use samsung pay and security folder
You used the sprint method root at the N930V PHE or PH1? Not really related to thread, but just out of curiosity.
Same problem....
I'm having this same problem with my rooted note 7.
I've searched everywhere for securityagent on my note 7 and it's not there. The only way I can remove this threat found/restart device, is to remove device maintenance.
But then I lose the app done function and the advanced setting power saving mode.
I have disabled all knox and security realated apps.
But still still get the threat while device maintenance is there.
Does anyone know what the equivalent to securitylogagent is on a note 7 ????
Any help would be much appreciated, I am a noob, until 3 days ago I knew nothing, but I managed to unlock frp and root my note 7, but its been stressfull. I need help now...thanks.
Kellya86 said:
I'm having this same problem with my rooted note 7.
I've searched everywhere for securityagent on my note 7 and it's not there. The only way I can remove this threat found/restart device, is to remove device maintenance.
But then I lose the app done function and the advanced setting power saving mode.
I have disabled all knox and security realated apps.
But still still get the threat while device maintenance is there.
Does anyone know what the equivalent to securitylogagent is on a note 7 ????
Any help would be much appreciated, I am a noob, until 3 days ago I knew nothing, but I managed to unlock frp and root my note 7, but its been stressfull. I need help now...thanks.
Click to expand...
Click to collapse
You should have a package named SecurityLogAgent. Disabling this will stop the security notifications due to rooting. If you're referring to the Samsung messages regarding the recall, then you need to disable the Samsung Push service or just the notifications.
8
I'm not referring to them notifications, I have disabled Samsung push.
There is no package with the name 'securitylogagent' on my note 7.
I have researched this alot before joining and posting here. Its simply not there, no matter what I use to look for it. Just not there..
I would really like device maintenance back.. that's how iv got it disabled at the moment.
I am referring to the 'that found/restart device" warning that flags up in device maintenance.
Kellya86 said:
I'm not referring to them notifications, I have disabled Samsung push.
There is no package with the name 'securitylogagent' on my note 7.
I have researched this alot before joining and posting here. Its simply not there, no matter what I use to look for it. Just not there..
I would really like device maintenance back.. that's how iv got it disabled at the moment.
I am referring to the 'that found/restart device" warning that flags up in device maintenance.
Click to expand...
Click to collapse
Strange, there should be a folder at system/app/SecurityLogAgent
What firmware version are you on? What have you used to look for it?
I'm on 6.0.1, that I rooted on Sunday after I accidentally updated package disabler. I am a complete noob and have managed to just about get to this point without help.
I have looked for it using titanium backup, root browser and device control. It doesn't show on any...
So I have disabled a load of other things including device maintenance, com.samsung.andoid.sm.devicesecurity, and security manager service...
I was hoping one of these was the equivalent of securitylogagent.
Does this information below help?
Kellya86 said:
I'm on 6.0.1, that I rooted on Sunday after I accidentally updated package disabler. I am a complete noob and have managed to just about get to this point without help.
I have looked for it using titanium backup, root browser and device control. It doesn't show on any...
So I have disabled a load of other things including device maintenance, com.samsung.andoid.sm.devicesecurity, and security manager service...
I was hoping one of these was the equivalent of securitylogagent.
Does this information below help?
Click to expand...
Click to collapse
So by the build number I see that you are not on a Verizon firmware so the app names may be different. It appears you have UK firmware so you will have to find what the app name is for that firmware.
What I can suggest is that the next time you get the notification, long press on the icon at the left. You should be taken to the notification options for that app and you should also see an app info button on the right. you may be able to track the actual app down using this info or at least disable notifications.
Thanks for your reply.
Oh crap, I'll never find it then...
Is there a way I could post an image of my system so as some experienced members on here may look at it.??
Thanks again.
Hello,
Need some help. I was able to get TWRP on my new Tab S4 and root it with Magisk without issue. I was trying to install and get Island working so I could sandbox a few apps for privacy and I can't get it to work. A Knox notice keeps coming up "The work profile cannot be created because the OS was changed". Then I give Island root access, it appears to work, then a lovely Knox screen (The Knox work profile Icon) comes up saying an unauthorized application was installed and blocked, please contact your admin. So I spent the next 4 hours combing forums and Island's install doco to find a solution. I have tried everything, I used debloat to turn all the Knox stuff off but the needed work space. I even left work space running but just disabled the Knox models in it. I installed Island manually with ADB, and gave it God rights. That made things worse.... Now this nasty screen came up at boot and forced me to recover the OS because it couldn't be bypassed, if just prompted to factory reset the device. I have exhausted all my known options and am now requesting air support.
Thanks in advance,
One Very Frustrated Android Amature
DevinN said:
Hello,
Need some help. I was able to get TWRP on my new Tab S4 and root it with Magisk without issue. I was trying to install and get Island working so I could sandbox a few apps for privacy and I can't get it to work. A Knox notice keeps coming up "The work profile cannot be created because the OS was changed". Then I give Island root access, it appears to work, then a lovely Knox screen (The Knox work profile Icon) comes up saying an unauthorized application was installed and blocked, please contact your admin. So I spent the next 4 hours combing forums and Island's install doco to find a solution. I have tried everything, I used debloat to turn all the Knox stuff off but the needed work space. I even left work space running but just disabled the Knox models in it. I installed Island manually with ADB, and gave it God rights. That made things worse.... Now this nasty screen came up at boot and forced me to recover the OS because it couldn't be bypassed, if just prompted to factory reset the device. I have exhausted all my known options and am now requesting air support.
Thanks in advance,
One Very Frustrated Android Amature
Click to expand...
Click to collapse
Afaik once knox 0x1 is triggered there is no way to use Island since work profile cant be added. In fact i tried a lot of stuff to get it working on stock software with just recovery and root being installed, tried unrooting going back to original stock.. nothing worked.
OS has been changed probably refers to the knox counter.
Unfortunately Samsung locks Knox if you unlock your device. Afaik this is irreversible.
That is the reason I am still on stock.
Edit: Island should still work though. Haven't tried it though.
spookyspookster said:
Unfortunately Samsung locks Knox if you unlock your device. Afaik this is irreversible.
That is the reason I am still on stock.
Edit: Island should still work though. Haven't tried it though.
Click to expand...
Click to collapse
Is that an OS limitation? I have other rooted Samsung tablets, (older) running like 5.1 and 6.1 and they WORK. Island is able to create its OWN sandbox with root access on those. I feel like this is a security applet / process blocking this only, not a technical limitation. I was able to create the work profile with ADB outside of root access, I was able to assign Island with both Device Owner and Admin over the work profile and it was technically working. Some Knox security process that I didn't disable (most likely because it's a com.system that isn't listed in debloat) that is blocking it from displaying (I believe it is working) with a security overlay that I can't close. I need help finding that, and killing it with fire. I think it is beyond me technically. I am a network admin, not programer, though I speak some programming basic concepts via my network background. Just enough to get me in trouble and get to to here to ask for help.
dr460nf1r3 said:
Afaik once knox 0x1 is triggered there is no way to use Island since work profile cant be added. In fact i tried a lot of stuff to get it working on stock software with just recovery and root being installed, tried unrooting going back to original stock.. nothing worked.
OS has been changed probably refers to the knox counter.
Click to expand...
Click to collapse
Ok, after much OCD digging, I found the permissions and the Knox security file that was popping that up. I deleted the permissions with adb, killed those 2 processes within the workgroup files using root deleter app and now it works. Note, the whole drive is decrypted by default, I applied the decrypt patch when I rooted. So island was able to successfully provision a work profile and is admin over it.
DevinN said:
Ok, after much OCD digging, I found the permissions and the Knox security file that was popping that up. I deleted the permissions with adb, killed those 2 processes within the workgroup files using root deleter app and now it works. Note, the whole drive is decrypted by default, I applied the decrypt patch when I rooted. So island was able to successfully provision a work profile and is admin over it.
Click to expand...
Click to collapse
Hi,
Would you be able to provide a step by step guide ?
Thanks
DevinN said:
Ok, after much OCD digging, I found the permissions and the Knox security file that was popping that up. I deleted the permissions with adb, killed those 2 processes within the workgroup files using root deleter app and now it works. Note, the whole drive is decrypted by default, I applied the decrypt patch when I rooted. So island was able to successfully provision a work profile and is admin over it.
Click to expand...
Click to collapse
A guide please?!:good:
DevinN said:
Ok, after much OCD digging, I found the permissions and the Knox security file that was popping that up. I deleted the permissions with adb, killed those 2 processes within the workgroup files using root deleter app and now it works. Note, the whole drive is decrypted by default, I applied the decrypt patch when I rooted. So island was able to successfully provision a work profile and is admin over it.
Click to expand...
Click to collapse
Please provide your method, i think we are a lot in that situation : rooted and no work profile allowed by knox and tima. I even tried custom kernels announcing knox stuff disable and it's not workin either.
Thks.
Nvm
DevinN said:
Ok, after much OCD digging, I found the permissions and the Knox security file that was popping that up. I deleted the permissions with adb, killed those 2 processes within the workgroup files using root deleter app and now it works. Note, the whole drive is decrypted by default, I applied the decrypt patch when I rooted. So island was able to successfully provision a work profile and is admin over it.
Click to expand...
Click to collapse
Hi how you do this I need to do the same. Thanks
Seriously, he shared the news but didn't share how he did it??
Please provide details
Anybody has a solution on this topic or is this thread dead?
@DevinN, can you provide more info please? What files and apps did you delete?
Edit:
I found that package "com.samsung.android.knox.containeragent" causes the black block-screen, so i disabled it. (adb shell pm disable ...).
Island still refuses fo be installed automatically (security policy prevents creation of work profile because a custom os has been installed) or using root (cannot start the work profile user)
Code:
TZ_init: : TZ_init Process: Device tampered, tamper fuse is set!
TZ_init: : trustlet initialization failed
trogper said:
@hardkeyboard, can you provide more info please? What files and apps did you delete?
Edit:
I found that package "com.samsung.android.knox.containeragent" causes the black block-screen, so i disabled it. (adb shell pm disable ...).
Island still refuses fo be installed automatically (security policy prevents creation of work profile because a custom os has been installed) or using root (cannot start the work profile user)
Click to expand...
Click to collapse
I replied to DevinN, I wish I know when I write post, but now I don't need because use Nicelock with multistar with dr. Ketan rom with secure folder working
I suppose there is no update here or any idea what permissions and knox security file we are talking here ?