My company uses an Exchange server for email, and it works great....except for one thing:
Due to their arcane policies, I am only able to use a pin lock on my phone. All of the other lock options are disabled, even face unlock. Also, they have the screen set to time out at 1 minute, which sucks when trying to use pretty much any application.
Does anyone know of a way to override these policies since my device is rooted?
Try this:
http://forum.xda-developers.com/showthread.php?p=14577188
Sent from my Galaxy Nexus
You could also get Enhanced Email from the market. Although its pricey, it works great.
That is not arcane at all, those are good security practices. This is why Android still lags behind apple and rim at the enterprise level - too many easy hacks to bypass the security that businesses need. Faceunlock can be cracked by a polaroid and many swipe patterns can be guessed by looking at fingerprints on the screen.
Honestly, with all the personal information that resides on a smart phone I don't understand why everyone doesn't have a strong pin on their phones. Hope your buddies don't swipe your phone at the next party, unlock it with a facebook pic, and play some prank with your work email account.
for me I guess its the stupid 1 minute lockout period. For example, if I am trying to use my phone as a GPS, I only get to see the screen for 1 minute. BOOM...locked out.
Pandora... NOPE. locked out after 1 minute, sure the music still plays, but I have to unlock the stupid phone to change songs and what not.
Scold me all you want virtualcertainty, the minimum 6 character pin, and 1 minute lockout drives me nuts.
Wasn't trying to scold you, just explaining the risks involved and the reasons for the policies. I wouldn't recommend to any of my clients to set policies lower than that. And I know a bunch of people that want an android for work but the IT department won't issue one or even allow people to use their own because of the work arounds.
My work policy is a 4 character pin with 1 minute time out. I exceed that on my device - 5 character pin and 30 second time out. In no time you won't notice it at all.
I don't know if this is a bug, but I have been able to remove the pin lock policy on my exchange account EVERY time
This is what I do
Set up Account
When it tells me that it's going to disable face unlock ,etc , HIT THE BACK key
Voila, you're out of there and it lets you go forward.
Don't know if it's our exchange server but that works for me
BooDaddy said:
for me I guess its the stupid 1 minute lockout period. For example, if I am trying to use my phone as a GPS, I only get to see the screen for 1 minute. BOOM...locked out.
Pandora... NOPE. locked out after 1 minute, sure the music still plays, but I have to unlock the stupid phone to change songs and what not.
Scold me all you want virtualcertainty, the minimum 6 character pin, and 1 minute lockout drives me nuts.
Click to expand...
Click to collapse
Then you should probably talk to your employer about it. This is an extremely basic security practice, and like multiple people have already said the easy "hack" to get around the practices is the exact reason most employers don't allow Android users access to their Exchange servers.
My company doesn't allow any Android phones on their Exchange network, exactly for this reason.
BTW, just for reference, it is possible to implement monitoring tools in an Exchange server to notify the administrators of changes to security features. Most employers wouldn't even talk to an employee that's violating security practices...it's just "Here's your box and there's the door". Complain all you want about them, but they're there for a reason. I wouldn't risk it just to escape having to input a key combination.
BooDaddy said:
My company uses an Exchange server for email, and it works great....except for one thing:
Due to their arcane policies, I am only able to use a pin lock on my phone. All of the other lock options are disabled, even face unlock. Also, they have the screen set to time out at 1 minute, which sucks when trying to use pretty much any application.
Does anyone know of a way to override these policies since my device is rooted?
Click to expand...
Click to collapse
I lol'd.
How dare a company try to protect their IP with a password on your phone...
Samsuck said:
I don't know if this is a bug, but I have been able to remove the pin lock policy on my exchange account EVERY time
This is what I do
Set up Account
When it tells me that it's going to disable face unlock ,etc , HIT THE BACK key
Voila, you're out of there and it lets you go forward.
Don't know if it's our exchange server but that works for me
Click to expand...
Click to collapse
Maybe your admins didn't force device security. My company doesn't even allow pattern locks
martonikaj said:
I lol'd.
How dare a company try to protect their IP with a password on your phone...
Click to expand...
Click to collapse
Im totally aware of a company eanting to protect thier IP. I dont even mind having some sort of lock on my phone. But it would br nice to be able to at least bump the lockout time a bit to make the phone useable. Or at least let me do pattern lock.
Theres no sense in trying to make this a pissing contest on security policies.
soapbox,
I sign up to get company email on my own phone as a convenience to both of us. If their security policy was so strict that it made it difficult to use my phone, that convenience would go away and any after hour emails would have to wait until the morning. Obviously not everyone can get away with that, but luckily I can.
I second trying EE,
I picked up Enhanced Email from the amazon app store when it was the free app of the day and have been happy with it(It can disable exchange policies). I do have the lock feature on my phone enabled however because I also use Google Wallet, so I want a little extra protection.
So, you need my phone an also need two separate passwords to use Google Wallet. Hopefully by that time I will have wiped my phone and/or located it.
once on a custom rom, ive never had a problem with exchange security settings. unless i'm going out for a big night (and might lose my phone) i leave the security off.
versd said:
once on a custom rom, ive never had a problem with exchange security settings. unless i'm going out for a big night (and might lose my phone) i leave the security off.
Click to expand...
Click to collapse
If you are able to turn off the PIN lock while using corporate exchange mail then your exchange server does not have the required security policy.
Unless there's something else you've done which you didn't post.
Samsuck said:
I don't know if this is a bug, but I have been able to remove the pin lock policy on my exchange account EVERY time
This is what I do
Set up Account
When it tells me that it's going to disable face unlock ,etc , HIT THE BACK key
Voila, you're out of there and it lets you go forward.
Don't know if it's our exchange server but that works for me
Click to expand...
Click to collapse
Yep, that'll be the server as I get a security pop up and you can't dismiss it. Once setup all other lock options are off limits.
The annoyance for me was the inability to change the time out period, it made it unusable in certain situations.
Sent from my Galaxy Nexus
BooDaddy... I'm an IT Director for a large, publicly held company. We allow iPhones and Android devices to use our enterprise Exchange email with a 4-digit PIN, 1-minute lock AND the understanding that we can wipe the employee's phone if necessary. Installing software to circumvent this security would violate our security policies and would result in a disciplinary action.
Is this your personal phone or did your company provide it?
105437 said:
BooDaddy... I'm an IT Director for a large, publicly held company. We allow iPhones and Android devices to use our enterprise Exchange email with a 4-digit PIN, 1-minute lock AND the understanding that we can wipe the employee's phone if necessary. Installing software to circumvent this security would violate our security policies and would result in a disciplinary action.
Is this your personal phone or did your company provide it?
Click to expand...
Click to collapse
Not sure how the question is relevant to the thread topic but it is my personal phone.
Look here for solution: http://forum.xda-developers.com/showthread.php?p=19792676
BooDaddy said:
Not sure how the question is relevant to the thread topic but it is my personal phone.
Click to expand...
Click to collapse
Not really relevant, just curious because if the company bought it and pays the monthly costs then you really shouldn't have too much to complain about. So I guess it's your choice to connect to the Exchange server, I would never expect a company to mandate corporate email on an employee's personal phone.
105437 said:
Not really relevant, just curious because if the company bought it and pays the monthly costs then you really shouldn't have too much to complain about. So I guess it's your choice to connect to the Exchange server, I would never expect a company to mandate corporate email on an employee's personal phone.
Click to expand...
Click to collapse
Yeah, had it been their phone and plan, I wouldn't mind it. Their dime, their rules.
While its not mandatory for me to have it, it is very handy since I am a systems admin (Linux) and its nice to get alerted via logwatch emails when something bad happens.
Related
I am just ranting! Now I have a TP2 and I have to carry a stupid BB with everywhere too. I am so ticked off at them!
Try sending a polite letter to your IT policy makers explaining how this decreases your productivity on the road (or w/e).
Reasoned logic works much better than ranting every time.
OWA, too?
You should be able to hit it with a browser. Not a graceful solution, but maybe better until you get them to re-enable.
cavenger said:
I am just ranting! Now I have a TP2 and I have to carry a stupid BB with everywhere too. I am so ticked off at them!
Click to expand...
Click to collapse
Strange they disable Exchange Sync and allowing BB connection. Semms to me they have no sense for security and privacy of company information...
If it's for security reason, you can suggest them to enforce a lock screen. That's what my company does. They can add a policy on exchange server and you have to accept it to sync. The phone will then always lock after 20min inactivity and you have to type the unlock password, which is annoying to me but have to live with it.
Why can't you use Blackberry connect?
I am using Exchange server for work email and use LockPicker to get by the constant entering of a security code to un-lock the phone. Not sure I should load 2.2 because the developer has informed me that LockPicker will not work with 2.2. If anybody is running 2.2 and Exchange server, does 2.2 offer an option of the screen time out vs. the exchange lockout????
Im running exchange and have to enter the code if the phone sleeps for more than 15 minutes. The time is adjustable, plus the code entry keyboard is huge not a problem to enter at all, overall its a minor pain but workable. The guys that developed lockpicker have an app out that disables this, it is only in the beta stage now and not released to the general public but should be soon.
if found that any of my end users were attempting to disable/bypass the Exchange security...i would haul their ass to HR faster than they could enter their PIN.
DraginMagik said:
if found that any of my end users were attempting to disable/bypass the Exchange security...i would haul their ass to HR faster than they could enter their PIN.
Click to expand...
Click to collapse
He He, I'm thinking if I were an IT guy i'd do that too. Lucky for me I'm an end user, I'm hoping somebody comes up with a way to just toggle the time to a longer value say options for 30 - 60 minutes. In reality the new code entry screen is a breeze to use, not such a big deal as before. I'm just wondering if the time delayed is specified by the Exchange server or if it is built into the phone app.
ifly4vamerica said:
I'm hoping somebody comes up with a way to just toggle the time to a longer value say options for 30 - 60 minutes.
Click to expand...
Click to collapse
/shudders at the thought.
I haven't played with it yet, but pray there is no way for my end users to set a 60min lockout period. that's just waaaaaay too long. how long do you have before your work desktop auto-locks? 15min? and that is for a device that doesn't move and if anyone else is at it would draw attention.
perhaps you feel that you are not important on the food chain and have nothing important in your email. but as these type devices get more powerful folks keep more data on them... pictures, movies, xls, doc, mp3 etc. plus tons of email (with email addresses, names and numbers), some folks will setup the VPN function and map network folders or setup VNC/RDC connections (server names, ip addresses and domain name).
it's not "JUST" that someone may see who you're going to lunch with or that your racquetball game got rescheduled. its all that other crap that concerns us. stuff that you may or may not have. for things that you probably don't see as being a possible security breach. sorry if this has an overbearing tone, it's one of those things i have to beat into folks head everyday.
"i don't care if they know my password, maybe they'll do my work." /facepalm
no...they won't.
ask your favorite IT nerd how many pwd's he has floating in his head and how many times he has to unlock his computer each day.
/steps down from security soapbox
DraginMagik said:
/shudders at the thought.
I haven't played with it yet, but pray there is no way for my end users to set a 60min lockout period. that's just waaaaaay too long. how long do you have before your work desktop auto-locks? 15min? and that is for a device that doesn't move and if anyone else is at it would draw attention.
perhaps you feel that you are not important on the food chain and have nothing important in your email. but as these type devices get more powerful folks keep more data on them... pictures, movies, xls, doc, mp3 etc. plus tons of email (with email addresses, names and numbers), some folks will setup the VPN function and map network folders or setup VNC/RDC connections (server names, ip addresses and domain name).
it's not "JUST" that someone may see who you're going to lunch with or that your racquetball game got rescheduled. its all that other crap that concerns us. stuff that you may or may not have. for things that you probably don't see as being a possible security breach. sorry if this has an overbearing tone, it's one of those things i have to beat into folks head everyday.
"i don't care if they know my password, maybe they'll do my work." /facepalm
no...they won't.
ask your favorite IT nerd how many pwd's he has floating in his head and how many times he has to unlock his computer each day.
/steps down from security soapbox
Click to expand...
Click to collapse
I here ya!!! can we comprimise at 55 mins???? Ok 30 mins?? ;-P How did you know my R-Ball game was rescheduled????????????
/retires from badgering the IT guy!
LOL ... if only we lived in a perfect world.
Solution here: http://forum.xda-developers.com/showthread.php?t=745065
Anyone here tell me what the actual setting in the Exchange Active Sync profile causes this error? I am working with my IT group to get back access to the Exchange server that is currently locked out because of a missing security setting.
Microsoft dissed me, Samsung blames Exchange, Exchange peeps won't budge with out direction and I love my phone so I won't go back.
Thanks,
Brian
It has to do with security policies... It could be a number of things (I think on the older WM6 phones, sometimes it actually would tell you why)...
Your IT department should be able to look at logs on their side to find out why it's not being passed...
Keep in mind, this could be something as easy as you not having a pin password when you use your phone (phone lock). But if your IT department have changed default settings, it could be something more complicated.
First off, I would set a phone lock password, and try setting up the sync. If that doesn't work, you'll have to wait for your IT department.
Zhariak said:
It has to do with security policies... It could be a number of things (I think on the older WM6 phones, sometimes it actually would tell you why)...
Your IT department should be able to look at logs on their side to find out why it's not being passed...
Keep in mind, this could be something as easy as you not having a pin password when you use your phone (phone lock). But if your IT department have changed default settings, it could be something more complicated.
First off, I would set a phone lock password, and try setting up the sync. If that doesn't work, you'll have to wait for your IT department.
Click to expand...
Click to collapse
Thank you for the response. I have tried several gyrations of password before Exchange add, Exchange delete and reinstall, number of things. The real puzzling thing is that the settings they have shown me from screen grabs are all supported by WP7. I posted the error code on the Windows Phone boards at MS and no response yet. I have seen other codes for security issues, this one seems to be a lot more obscure. I was hopping someone could bust out a decoder ring so I could just tell our IT guys what to do (pretty common).
I told them about being able to circumvent the password lock in Win6.5 with a simple registry edit, blew their minds.
IT found the fix, sort of. They rebuilt the security policy as part of an another user issue and the phone syncs correctly. Apparently, importing the security policy from Exchange 2003 into 2010 brings along some baggage.
Still no clue what actually caused it, but if anyone else around the web finds this thread because of the error code, ask your peeps to rebuild the policy. They will have other issues besides yours, eventually.
TESTED ON MANGO, AND WORKED FINE
Gentlemen,
I have found the reg key in some posts to disable the lock code for the windows phone, if you have configured the exchange e-mail account in Phone.
I was unable to view the specific reg key in normal registry editor. So I have converted the reg key to an xap file by using provxml method. And you can apply the key even if you don't have the registry editor app installed on your device.
Steps:
1. Deploy the xap file to your developer unlocked device.
2. Launch the app.
3. Tap on the green button, it should gibe you a success message.
4. Uninstall the app.
5. It may require to restart the device, since this is a registry change.
5. U r done. Now u will be able to turn off your phone security code even if you have configured the exchange e-mail account in your phone.
I have tested on my chevron unlocked HTC HD7, and it is working fine.
Hope some one will be looking for this.
Note: it's recommended to keep your phone with lock code enabled, but sometimes we need to keep the phone unlocked for some reasons.
If you install this xap, it will enable another wonderful feature..
By default, the 10 invalid attempts will erase ur phone. But after you install this xap, the password will be locked out for 1 min after 5 invalid attempts. Then after each attempts, the lockout time will double. I have tried untill the phone lockedout for 64 minutes. Then I stopped trying with the invalid lock codes. It will help you to keep the data safe, if anyone play with the phone, especially kids.
Note: Please don't try after 5-6 attempts if the phone didn't get locked out, may be this not compatible on your device. You may lose your data. I applied this on my T-Mobile HD7, and it is working fine.
Hit thanks if you like my post..
Thanks
JAZEEL
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
benneh said:
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
Click to expand...
Click to collapse
I have tested myself, and it's a permanent solution. It's stays for ever. But I don't know what will happen if you reconfigure the exchange account..
Is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
@OP, what is the reg key for the change? You must know that to make an XAP?
timmymarsh said:
@OP, what is the reg key for the change? You must know that to make an XAP?
Click to expand...
Click to collapse
This is the key which deploys through the xap..
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001023"=dword:1
Doesn't Work ...
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Striving said:
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Click to expand...
Click to collapse
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
purian23 said:
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Click to expand...
Click to collapse
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
jazeelkk said:
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
Click to expand...
Click to collapse
Thanks for the response funny a little while after I realized that is was for something other than the dev unlock. And happily I have gotten have way there I am unlock but have to make sure I remember to put phone in flight mode before connecting it.
rhn said:
is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
Click to expand...
Click to collapse
i 2nd that!
jazeelkk said:
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
Click to expand...
Click to collapse
Thanks for your response, the only reg i've ever found to disable the lock on my device is the one you posted and built into your xap file. For some reason the reg doesn't exist in my phone and I can't create it either.
Most likely why you put this together for us. But on my end here, I now have to app to my phone, once I go to launch it I get the message from my previous post, it just wont deploy/launch. Any ideas up i'm for trying.!!
Thank you,
The reg key is protected, so you can't browse to it, but you can still use a tool like advanced explorer to set it by manually specifying the full path and value to change.
I was able to set the value manually like this, but like I mentioned the value is set back automatically next time your phone sync's with exchange. The policy must get checked on every sync with exchange, and gets set back if your exchange server requires a PIN policy.
From what I can ascertain this XAP simply sets that value, so you would have to run this xap after every sync which isn't a great solution.
barrychon said:
i 2nd that!
Click to expand...
Click to collapse
I have tried it as mentioed in some old posts. But it is not working. Only thing I could do is to activate the ON/OFF button with this reg key, so that I can disable the code at any time.
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
You are right. I recommend to keep the phone locked always.
It meant for some situation, where we need the phone need to be stayed unlocked. Atleast we should have the option for it.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
benneh said:
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
Click to expand...
Click to collapse
Lol, you have a point, but or colleague above is quite correct, the policy is enforced for a reason. At my company, such an offense can mean instant dismissal
(if you use exchange for just calendar and contacts, as i do, a pin is not required to unlock, the policy is only enforced for email strangely enough....)
I agree the Pin should be how it was in WM 6.5 where you could have it only ask after 2 hours or evey 24 in some cases. That way if was a good balance. This business of requiring the PIN every time you look at your phone is crap. I have removed it from my droid device and I am fornunate that my company will not hassle me over it. Still though its a bunch a crap to enter it every 5 minutes.
There's quite a significant security flaw in Google wallet at the moment.
Going into application settings and then clearing data for wallet is the same as resetting wallet from within the application, without having to enter a pin. Know what that means? You're able to set up a new password and have access to your prepaid card.
That's right. If a tech-savvy thief has your phone and you don't have a passcode on the lockscreen (possibly because Google's implementation of passcode stuff sucks) or the screen hasn't timed out yet, the thief will have access to whatever funds remain on your Google prepaid card, regardless of the pin you set in the application.
This is yet another reason why Google needs to add the ability to lock out INDIVIDUAL applications with a code or face recognition, not just the friggin' lockscreen. If someone gets your phone after you've entered your lockscreen code/pattern, they have free reign over the device as long as the screen is on. Third party software for this purpose just doesn't work very well at this stage. This functionality needs to be integrated into the OS. Sorry for going off on a tangent.
Basically:
1) Go into application settings
2) Clear data for Google wallet
3) Open wallet and set it back up
4) Everything remaining on your Google prepaid card can now be used.
That's a good point I don't know if Google wallet is supposed to more secure than a credit card.
If some one steals your wallet, what do you do? Suspend any transactions for that stolen card. Just do the same with the cards you have on Google wallet.
Or I'd just remotely wipe the phone , so they have none of your information on your phone .
Sent from my Galaxy Nexus using XDA App
bigmike2424 said:
That's a good point I don't know if Google wallet is supposed to more secure than a credit card.
If some one steals your wallet, what do you do? Suspend any transactions for that stolen card. Just do the same with the cards you have on Google wallet.
Or I'd just remotely wipe the phone , so they have none of your information on your phone .
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Any actual cards that you add to Wallet will of course be removed, but the Prepaid card will still work. How easy would it be to suspend transactions with Google?
Ouch... report it!
Greets
____________
mDroid - Tapatalk
Phone: LG-P500
ROM: Nitrogen - Beta-V1b
Kernel: custom .35
Theme: ICS (Z25 - paid. ported by me )
Tweaks: ALL
Wishlist: Galaxy Nexus
You have to have a passcode to use the wallet feature. I am not following this at all seriously.
To use this application, you have to get into line, make sure that your screen is on when you get to the counter and then make sure you put in your pin #/Passcode before swyping.
The only way for a thief to get access is to take your phone while its in your hand and the screen is open but then also if the screen shuts off, the application closes and you have to input your pin #/passcode again.
Try it.
Ronin09 said:
You have to have a passcode to use the wallet feature. I am not following this at all seriously.
To use this application, you have to get into line, make sure that your screen is on when you get to the counter and then make sure you put in your pin #/Passcode before swyping.
The only way for a thief to get access is to take your phone while its in your hand and the screen is open but then also if the screen shuts off, the application closes and you have to input your pin #/passcode again.
Try it.
Click to expand...
Click to collapse
You can reset the application without the passcode. Once that's done, simply open it up, set it up with a new passcode and you have access to the prepaid card immediately.
Ronin09 said:
You have to have a passcode to use the wallet feature. I am not following this at all seriously.
To use this application, you have to get into line, make sure that your screen is on when you get to the counter and then make sure you put in your pin #/Passcode before swyping.
The only way for a thief to get access is to take your phone while its in your hand and the screen is open but then also if the screen shuts off, the application closes and you have to input your pin #/passcode again.
Try it.
Click to expand...
Click to collapse
try this:
open clear google wallet data, run google wallet again.
it will prompt you for new passcode and link it to the google account on your device.
of course, all the credit card info is wiped, but your google prepaid card can still be added without passcode, so whatever remaining balance you have on it will be usable by whoever activate it
Ronin09 said:
You have to have a passcode to use the wallet feature. I am not following this at all seriously.
Click to expand...
Click to collapse
The OP explains it perfectly.
Evangelion01 said:
1) Go into application settings
2) Clear data for Google wallet
3) Open wallet and set it back up
4) Everything remaining on your Google prepaid card can now be used.
Click to expand...
Click to collapse
That means anyone who gets your phone, even while it's turned off, can follow these steps to remove whatever pin you have set. They can then set up Google Wallet with their own pin and add your prepaid card with all its funds back onto the app and start using it.
To be safe, you'll need to set your lockscreen to use one of the other security types such as pin, pattern, or password, and then hope nobody gets ahold of your phone while the phone itself is unlocked. I don't find face unlock to be very safe at all so I won't even recommend it for protecting Google Wallet funds.
to add some other failure of google wallet...somehow ur wallet gets registered w/ ur device...or that's how it looks like...i had a nexus s w/ wallet fully functional and about $12 left on the prepaid card...bought the GN and gave the NS to my wife...fully wiped the device, reinstalled the wallet and activated w/ my wife's account...guess what she got my remaining balance and when i activated mine on the GN i only got the $10...but to be 100% fair it could be something related with the fact that we're not really supposed to have this running on our phone...so might be something related to that, since my NS was on t-mobile and not sprint...hence i was running a "not approved" app...
Evangelion01 said:
You can reset the application without the passcode. Once that's done, simply open it up, set it up with a new passcode and you have access to the prepaid card immediately.
Click to expand...
Click to collapse
I was having a hard time understanding too until you pointed this out (again?) ... thanks for the heads up.
did you submit this issue to google?
Elganja said:
I was having a hard time understanding too until you pointed this out (again?) ... thanks for the heads up.
did you submit this issue to google?
Click to expand...
Click to collapse
Nope. How would I go about doing that? Knowing Google, even if we were to inform them today there wouldn't be a fix for at least a month.
Still can't believe that after three years they haven't got a solution allowing you to passcode protect individual applications in the OS. Dumbphones could do that back in 2004!
Evangelion01 said:
Nope. How would I go about doing that? Knowing Google, even if we were to inform them today there wouldn't be a fix for at least a month.
Still can't believe that after three years they haven't got a solution allowing you to passcode protect individual applications in the OS. Dumbphones could do that back in 2004!
Click to expand...
Click to collapse
should be here: http://support.google.com/wallet/bin/static.py?hl=en&page=known_issues.cs (click on "let us know") but it isn't working for me atm
Elganja said:
should be here: http://support.google.com/wallet/bin/static.py?hl=en&page=known_issues.cs (click on "let us know") but it isn't working for me atm
Click to expand...
Click to collapse
No surprise there, then. Thanks for the link. Hopefully they'll fix it by Q2.
MIUI had a sweet security app based on individual apps. I would lock down my games cause my boy liked to get in there and press buttons aka delete my saves.
I don't know what process it would involve to port this over. But it would be a welcome one.
Galaxy Nexus - 4.0.3 CM9
Asus Transformer - 3.2 Revolver
I went ahead and emailed the relevant Google deparment about the issue. I'll keep you all updated if I get a response, but bear in mind that this is Google's rubbish customer service that we're talking about... I'm not getting my hopes up.
If you lose your phone just log into your Gmail and change the password. Problem solved.
bp328i said:
If you lose your phone just log into your Gmail and change the password. Problem solved.
Click to expand...
Click to collapse
Yes, problem solved if you can get access to an internet-connected device quickly enough.
Evangelion01 said:
Yes, problem solved if you can get access to an internet-connected device quickly enough.
Click to expand...
Click to collapse
I guess I just don't see it as big of an issue as you do.
I mean if you lose your real wallet you have to track down the phone numbers to your credit card companies and call then all one by one. It would be easier and quicker in this day and age to find an internet-connected device.
All my friends and family have internet-connected devices (smart phones) so I could change my Gmail password faster than I could call one credit card company, get through their phone system, get a live person on the phone and cancel the card.
When it comes to money, credit cards or any thing being use as either of the two there will always be flaws that someone will try to exploit. And with this flaw it can be correct/stopped by the end user within 5 - 10 minutes.
But seriously good find on this!
bp328i said:
I guess I just don't see it as big of an issue as you do.
I mean if you lose your real wallet you have to track down the phone numbers to your credit card companies and call then all one by one. It would be easier and quicker in this day and age to find an internet-connected device.
All my friends and family have internet-connected devices (smart phones) so I could change my Gmail password faster than I could call one credit card company, get through their phone system, get a live person on the phone and cancel the card.
When it comes to money, credit cards or any thing being use as either of the two there will always be flaws that someone will try to exploit. And with this flaw it can be correct/stopped by the end user within 5 - 10 minutes.
But seriously good find on this!
Click to expand...
Click to collapse
That's true, I was trying to look at the worst case scenario. The flaw itself is pretty serious, but the consequences wouldn't be that great yet. I've only heard of one person who had over $100 on their prepaid card, and I think there are extra measures in place when purchasing larger items? Not sure.
But something as simple as this certainly needs to be fixed before NFC payments go mainstream.
Evangelion01 said:
That's true, I was trying to look at the worst case scenario. The flaw itself is pretty serious, but the consequences wouldn't be that great yet. I've only heard of one person who had over $100 on their prepaid card, and I think there are extra measures in place when purchasing larger items? Not sure.
But something as simple as this certainly needs to be fixed before NFC payments go mainstream.
Click to expand...
Click to collapse
I agree it is simple and does need to be fixed. They could make a quick fix by having each app that is based off our Gmail accounts require the Gmail password re-entered when an app is setup and not just ask permission.