Develop Bugs

[kernel] Do we need data security (aka a working firewall)?

Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards

i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.

What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.

You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...

iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall

kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards

safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)

I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.

@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.

Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.

kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.

suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard

kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....

[Q] Best app to track lost phone?

Hi Guys,
I wanted to know what any of you find to be the best app to find a lost phone. I wanted to know what the best app is to date since things can change over time, and I havent used this type of service for over a year. Some features I'd like are GPS tracking but little to no battery drain, and the ability to sound an alert even when the phone is silent or on vibrate. Thanks for any and all input.

Just me but I use the one that comes with 'Kaprasky Security', it is very accurate in my country of Canada so just try that or wait for other responses
Sent from my HTC Incredible S using xda premium

Cerberus is by far the best.

This is what I use and is the best and has lots features highly recommend.
https://market.android.com/details?id=com.myboyfriendisageek.gotya
Sent from my GNex {GSM} T-Mobile

RogerPodacter said:
Cerberus is by far the best.
Click to expand...
Click to collapse
I second this. No monthly or annual fees. Just pay $4 one time and it covers up to 5 devices.
Here's some of the features:
It has three ways to protect your device:
- Remote control through the website www.cerberusapp.com
- Remote control via text messages
- SIM Checker (for devices that have a SIM card): you will automatically receive alerts if someone uses your phone with an unauthorized SIM card
Remote control allows you to perform many operations on your device, like:
- Locate and track it
- Start a loud alarm, even if the device is set to silent mode
- Wipe the internal memory and the SD card
- Hide Cerberus from the app drawer
- Lock the device with a code
- Record audio from the microphone
- Get a list of last calls sent and received
- Get information about network and operator the device is connected to
- And much more!
Cerberus automatically enables GPS if it is off when you try to localize your device (only on Android < 2.3.3) and you can protect it from unauthorized uninstalling - more info in the app configuration.
The app works even if the device does not have an internet connection thanks to remote control by sms messages. Also, the SIM Checker feature allows you to know the new number to send texts to, if the SIM card is changed. Texts received and sent for Cerberus remote control will not start any notification and will not appear in the Messages application.
Cerberus does not drain the battery because there is no background service running: it will activate only if there is a remote control request and will stop afterwards.
More features for rooted devices: complete uninstall protection (a thief will be able to delete Cerberus only by flashing another ROM), GPS auto-enabling even on Android > 2.3.3. More info on the website in the Help section.
Click to expand...
Click to collapse
Check it out.
https://market.android.com/details?id=com.lsdroid.cerberus&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5sc2Ryb2lkLmNlcmJlcnVzIl0.

ddpacino said:
Hi Guys,
I wanted to know what any of you find to be the best app to find a lost phone. I wanted to know what the best app is to date since things can change over time, and I havent used this type of service for over a year. Some features I'd like are GPS tracking but little to no battery drain, and the ability to sound an alert even when the phone is silent or on vibrate. Thanks for any and all input.
Click to expand...
Click to collapse
Android Lost can do everything you want and more. Best of all, no fees!

GreatBigDog said:
Android Lost can do everything you want and more. Best of all, no fees!
Click to expand...
Click to collapse
I used that to find my wife's phone. Did a remote install too as I didn't have it on the device. .. Amazing.
I've heard a lot about Cerberus, but it needs to always be running on your device from what I can see. Can you remote install and configure it only when you need it? If not, that's a pretty dangerous app to allow basically all functions of your phone to be accessed online...

I use avast! Mobile Security. You can install the application and then enable Anti-Theft. Once it's set-up and installed, you can uninstall avast! Mobile Security. (I'm unable to provide links, but they have a webpage that describes the necessary steps better.)
You can then use a bunch of different commands via text message to locate/lock/unlock/etc. your phone. You can specify two phone numbers to be the only phones that can communicate with your device, or you can leave it open. (Commands sent to your device must contain your pin code and then the command.)
The FAQ for the app says it does not run in the background and is only activated when a text command is sent to the phone. (I think this program only works if you're able to receive text messages to your actual number. Not via Google Voice.)

avast mobile security is awesome!

I use cerberus...they have features such a remote recording of video and audio which I don't think is available on SeekDroid which I was on before
Sent from my Galaxy Nexus using Tapatalk

I've tried Lookout mobile security, but like Prey a bit better

Another vote for androidlost here!

Phonelocator pro hands down beats them all - check it out
https://market.android.com/details?id=com.rvo.plpro
Sent from my Galaxy Nexus using xda premium

ddpacino said:
Hi Guys,
I wanted to know what any of you find to be the best app to find a lost phone. I wanted to know what the best app is to date since things can change over time, and I havent used this type of service for over a year. Some features I'd like are GPS tracking but little to no battery drain, and the ability to sound an alert even when the phone is silent or on vibrate. Thanks for any and all input.
Click to expand...
Click to collapse
You can buy a ball of yarn at the hardware store for a few cents. Tie one end to the phone, one end to your wrist.
Never lose the phone.

Avast can get location even if GPS, wifi, mobile data and location service are turned off, if you are rooted. Cerberus can't.

B1ny said:
Avast can get location even if GPS, wifi, mobile data and location service are turned off, if you are rooted. Cerberus can't.
Click to expand...
Click to collapse
Pretty sure if you allow Cerberus administrator privileges, it can turn on GPS/Wifi/Data on by command...

Pretty sure it can't.
anton2009 said:
Pretty sure if you allow Cerberus administrator privileges, it can turn on GPS/Wifi/Data on by command...
Click to expand...
Click to collapse

B1ny said:
Pretty sure it can't.
Click to expand...
Click to collapse
Okay... I just tested it now with Cerberus dashboard (online website where you can send commands from) with my phone unlocked right in front of me. Sent command "start tracking" and saw with my own eyes the WIFI and GPS toggles go from OFF to ON. Wifi and GPS still on... Sent command "stop tracking" and WIFI and GPS toggles went from ON to OFF.
---Edit---
Sorry, I was wrong about the administrator privileges, by enabling that, it will allow you to erase your data/sd card remotely. To get WIFI and GPS to turn on when you send the tracking command, you have to push Cerberus to /system/app

I see a flaw in all of this:
Factory reset = GG

convolution said:
I see a flaw in all of this:
Factory reset = GG
Click to expand...
Click to collapse
Cerberus help page, and I quote:
"I have a rooted device. Can I get additional features?
Yes! If you have rooted your device you can integrate Cerberus into your ROM and get two additional features: complete uninstall protection (Cerberus will even survive a wipe/factory reset) and GPS auto-enabling even on Android 2.3.3 and later. To have these features uninstall Cerberus, then download cerberus.zip, put it on the sd card and install it from recovery. Cerberus is also available on ROM Manager."
Taken from avast! Mobile Security app page, and I quote:
"Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port."

[TUT] [APP] Hacking Facebook, Yahoo etc. over wifi

DroidSheep is an Android application that demonstrates security weaknesses (not using https) and is capturing facebook, twitter, linkedin , yahoo, and other accounts.
PS> this is NOT my work, nor do i intend it to be taken as my work, I just wanted to share with the community!
NOTE FROM THE GERMAN DEVELOPER:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
Now>
WHAT DO YOU NEED?
1. A rooted phone (no, it will for sure not work without root)
2. The App installed on the phone (latest build attached to the present post)
3. A WIFI network to test it on
How do you use it?
DroidSheeps main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep any user – even without technical experience – can check if his websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
This video demonstrates what DroidSheep can do:
http://droidsheep.de/?page_id=14
How does it work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
http://droidsheep.de/?page_id=424
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.
You can also install DroidSheep Guard from the Market:
https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&hl=en
A very interesting feature is the possibility to save cookies!!
Source> http://droidsheep.de
Imagine the possibilities....

This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.

backfromthestorm said:
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
Click to expand...
Click to collapse
-what exactly "isn´t good" ?
Ok you are correct, yes, WIFI (as any other electromagnetic wave) can also be transmitted through vacuum, so yes there is no need of "air"

Re-ported to a MOD I don't think this should be shown or talked about on XDA this isn't an hacking site like you might think for taking advantage of other peoples accounts.
XDA is a hacking community for the good like Rooting.

This app has been on XDA for quite a while http://forum.xda-developers.com/showthread.php?t=1593990
Even a portal article about it http://www.xda-developers.com/android/droidsheep-undresses-network-security-and-shows-how-its-done/
Please use the main thread to discuss this app, not this one.
@ shankly1985, we appreciate your concern, but people need to know how insecure important accounts can be. Thus enabling them to make the changes to fix them.
Thread Closed.

Optus X Smart 4G smartphone

After purchasing several Optus X Smart 4G smartphones outright that are currently being sold in Australian stores I felt the need to make others aware.
Despite being branded as an Optus mobile phone it is actually an Alcatel mobile phone that comes shipped with some nasty packages, one being "Files" that after several days of enjoying your new purchase is upgraded to "File Manager" an application which now runs a boost application (Hawk Super Cleaner/ antivirus).
This boost application runs 24/7 and nags the user to click an icon then displays advertising. When you remove this application it defaults back to the factory installed version that does not contain "File Manager" stuffed with the boost aplication.
Being installed as an Android System App "File Manager" stuffed with Hawk Super Cleaner/ antivirus is granted with higher Android Operating System App permissions than the end user has limited controll over which brings privacy and security concerns to the device IMHO.
To stop automatic updates that will reinstall the boost aplication a user needs to log onto the Google Playstore and go into settings, then check do not automatically update applications to stop ALL playstore automatic app upgrades. Doing this in the phones bundled "Updates" aplication has no affect in stopping the automatic reinstall. Caveat being that Playstore app upgrades now ALL need manually input from the user who needs to remain mindfully to not update "File Manager".
The other option is to run "File Manager", go into settings and turn off the on screen alerts, this will allow "File Manager" stuffed with Hawk Super Cleaner/ antivirus to run 24/7 on the device and be granted with the many permissions you (like myself) may not want to (and never did) accept upon uograde / install,. However, the on screen displays will be gone from the phone.
Don't bother trying to stop it on the Android operating system level via options like disable app, do not allow peeking and rely on uninstall to the factory shipped version of the app as Android and Included bloatware settings do not act as expected and it will automatically install itself again, also displaying on screen despite the end users wishes and Android settings being checked.
Never being advertised that the phone would have on screen advertising to the end user or forced third party apps as part of the Android operating system I have made a complaint to Optus, the communications ombudsman, the "File Manager" developer, Playstore, Play Protect, XDA forum and anywhere else that I felt relevant.
My unconfirmed fear is that this device may allow the manufacturer to controll bloatware updates in the future via a command and control server rather than exclusively at the Playstore, hopefully this is an unjustified fear and one day the Playstore can clamp down on this type of unwanted and non authorised Android System App behaviour and put security fears to rest.
Currently awaiting an outcome

UPDATE: The Telecommunications Industry Ombudsman has forwarded my complaint to Optus for a resolve.
My argument was that Optus sold a product and forcefully allowed a third party aplication (Hawk Super Cleaner/ antivirus) to be side loaded and included as an Android system App, which in my opinion is outside the scope of Optus being simply a supply conduit to internet services as Optus now dictates what third party app the customer of this product must use 24/7 and without a reasonable opt out.
I have also suggested that Play Protect offer the end user the option to force a single Android System App from updating and add a detection flag for Android System Apps that stuff a third party aplication and byspass the new app install agreement methods used by the Playstore, AI is needed to detect mass user bases being unfairly exploited for the means of profit at the flick of a switch.
Hopefully the 4 devices purchased are given an easy Android System App uninstall option for bloatware that advetises on this phone by default, or get side loaded onto the phone without end user authorisation and after the purchase of the product has been made.
Otherwise replacement phones of similar specs that have Android as expected and advertised on the product box, and without forced Android System App advertising will be preferred for complaint resolution.
Now awaiting complaint communications from Optus.

Hi have you tried 'rooting' the phone to control the system better and remove that type of application? I have heard it may be the only way to stop such apps when standard obvious methods fail. (You will have to Google that as I know nothing more than what I have read). I would be pleased to know how you go with that as I have thought about doing it with my own phone but I haven't had as much of a problem as you are experiencing. ([email protected])

Put a custom recovery on it if there isnt one available im more than happy to build one for it if you would like and then flash magisk root
Install es file explorer, grant system root permissions and remove the file manager completely by deleting it then replace with another stock one in which you know has nothing being forced on you,
I was in the same boat have the optus x spirit next up from smart and the amount of 3rd party applications is to be quite honest shocking in my opinion i developed a TWRP for the X spirit and did exactly what i mentioned above no problems now

Rom for 5056i
Hello just wondering if possible to build a twrp or some rom to root this mobile of mine. Thanking you chaschas

Question Any anti-theft app suggestions?

I always had installed Cerberus on my previous devices, now that I changed to OnePlus 9 Pro I would like to know if is there any better alternatives, my mainly use cases would be to locate phone, lock it and have some pictures from user.

What's wrong with Google?

Google Find My Device - Apps on Google Play
Find, ring, lock, and erase any lost Android device
play.google.com

I believe Prey is another one people use
I use Kaspersky Mobile Security, which is a subscription but I use on all my PC's so buy a 5 user licence which is about £20 for the year, covers Mac/Windows and Android.
On Android the anti theft part allows lock/location, mugshots, wipe data, alarm, SIM watch and also uninstallation protection.

https://www.androidlost.com/ ?

https://www.google.com/android/find
Turn location and location tracking on on your phone. The site above will show you where it is and where it has been.
You can ring it if you've lost it around the house, you can lock it or erase it too if you want to protect your data

Use Macrodroid and create your own commands you can execute from a trusted mail or contact. Almost anything is possible there.

I'm using mcafee mobile security. mcafee lets you erase all your data on your phone remotely.

Droidphilev said:
https://www.androidlost.com/ ?
Click to expand...
Click to collapse
That is simply the BEST anti theft App out there.
Also great for tracking.
It's too bad stupid Antivirus software classifies it as a Thread.