Exchange security bypass for GN works on N7 - Nexus 7 Themes and Apps

For those of you not fond of using a PIN or pattern to unlock due to your Exchange server's security policies, this is god-send
http://forum.xda-developers.com/showthread.php?t=1749921
I used the Stock Android JRO03C version (even though I'm running Android JRO03D). I also needed to manually move EmailGoogle.apk/odex and Exchange2Google.apk/odex files out of system/apps before flashing.
Once flashed and you've set your Exchange server up (don't worry when it warns you about needing permissions, it never asks for them later), you'll need to reboot one more time to enable syncing (otherwise it'll FC when trying to sync).
After that, sit back and enjoy Exchange email with no unlock screen hassles. Just remember that anyone who can get to your N7 can now read your work email, and your employer will rightly frown on that.

Related

[Q] Exchange Security Policy Post OTA

EDIT: Use the app from KShatzkes' post #24.
I installed the the OTA update, and like many 2.2 phones now, if you use the Email app to connect to exchange, you have to enter an annoying password just to unlock your phone, every time it locks. It's annoying and time consuming because you cannot use the pattern unlock --- you must choose an alphanumeric code at least four digits long.
There are email.apk files that bypass this, but since we cannot replace our email.apk permanently, that probably won't work for us.
The phone did not do this before the OTA, but now it does. Also, you can disable it via the databases in 2.1 (or use lockpicker), but these solutions seem to be broken in 2.2.
Any ideas?
Yes! This is bothering the heck out of me too! Hopefully some solution arises soon!
EDIT: I am guessing that the only option we have is to do something like Paul's Goggles Removal app. If we remove the Email that way, we can then install the other .apk just fine.
I emailed my company's IT department today about this, and got an interesting response:
[Me],
Activesync is set up for a production environment, since it sync's with your handheld which then contains [Company Name] material.
While not all handheld manufactures are have all come to the same level of programming, we've allowed underdeveloped handhelds containing a degree of activesync client to communicate with our servers, with the priority on greater protection. This is why the update of your device is now asking your for a 4 digit pin. The update to your device now has a full activesync client. This is by design.
We apologize for any inconvenience this may cause you.
Thanks
-[Technician]
Click to expand...
Click to collapse
So apparently, we got the "full" version of activesync. Sucks. I never before wanted something so underdeveloped. =(
Wish I could revert to the old version of the app as well.
I haven't noticed a difference since I installed the OTA.
I'm definitely not having to enter any password to unlock when I bring the phone to life.
I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.
I have the same annoying Pin requirement now after the OTA. I also did not have a pin before the update. It sucks.
I'll toss out an idea to get around this.
Root with Visionary.
Connect device via USB.
adb shell
su
pm disable com.android.email.policy
Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.
It can be undone by substituting the last command with "enable" instead of "disable.
smasraum said:
I haven't noticed a difference since I installed the OTA.
I'm definitely not having to enter any password to unlock when I bring the phone to life.
I didn't have an unlock code before, and still don't. Maybe that's the difference. Did you have an unlock pattern before? Maybe it changes the type of code you can use.
Click to expand...
Click to collapse
This is probably because your IT staff has not enabled the security (or more likely disabled it, since it is enabled by default in Exchange). I talked to our IT guys, and they say the national corporate office won't disable it, but they all hate it (local IT).
I showed them how to disable it in 2.1 Eclair, but those fixes don't work in 2.2 Froyo. The only fix for Froyo is to replace the Email.apk with a hacked version, but we cannot do this without permanent root.
rmk40 said:
I'll toss out an idea to get around this.
Root with Visionary.
Connect device via USB.
adb shell
su
pm disable com.android.email.policy
Our corporate Exchange server does not have these policies enforced so I cannot confirm whether it will do the trick. But either way, the change is persistent so you only need to do it once unless you wipe.
It can be undone by substituting the last command with "enable" instead of "disable.
Click to expand...
Click to collapse
I'll give it a shot, but my guess is that you won't be able to connect to the server at all without an email policy.
Edit: Doesn't work. You cannot send without the policy, and the password is still there. If you delete the account and recreate, it still forces you to create a password, and you still cannot send.
So to get this straight, the issue is with the Email.apk or the Email Policy file? Or both?
smasraum, can you upload your Email.apk and/or the com.android.email.policy that you say work for you? I doubt it is gonna work without perm root, but I'm so frustrated that I want to see if the system will allow me to downgrade the files.
Thanks in advance.
Here is the working (without password) Email.apk. I have this working fine on my Nexus with no password required. I don't think any changes to the policy are necessary. I believe this works by telling the Email app not to ask the server what its password policies are.
cparekh said:
Here is the working (without password) Email.apk. I have this working fine on my Nexus with no password required. I don't think any changes to the policy are necessary. I believe this works by telling the Email app not to ask the server what its password policies are.
Click to expand...
Click to collapse
I am assuming this apk won't remain on a reboot, will it? Will it revert back to the new apk?
If so, I guess we can make a visionary.sh script which can install the working apk on boot. Closest thing we will have.
EDIT: I tried to install that Email.apk, but I am getting an "Application not installed." Any ideas?
I don't think you can install it. I think you have to push it to the system/app directory. Then reboot, which is why it won't work on the G2. Also, I believe the ROM needs to be deodexed, so it would not work with the stock ROM anyways.
The steps I followed on my Nexus:
1) Delete Exchange account.
2) Remove password and go to regular lockscreen.
3) Replace existing email.apk with edited email.apk.
4) Reboot.
5) Add Exchange account.
All this was done on CM 6.1, which, I believe, is deodexed.
cparekh said:
I don't think you can install it. I think you have to push it to the system/app directory. Then reboot, which is why it won't work on the G2. Also, I believe the ROM needs to be deodexed, so it would not work with the stock ROM anyways.
The steps I followed on my Nexus:
1) Delete Exchange account.
2) Remove password and go to regular lockscreen.
3) Replace existing email.apk with edited email.apk.
4) Reboot.
5) Add Exchange account.
All this was done on CM 6.1, which, I believe, is deodexed.
Click to expand...
Click to collapse
Ah, okay so I see the real problem more clear now. And a visionary.sh script won't work because we need a reboot...
So I am guessing the only way to actually get this done is through Paul's Google Goggles method. Trick the system into deleting the current Email.apk, and then installing the old one. Anyone know enough to make that happen? =P
You can do that via Titanium backup with Paul's update. The problem is, if it doesn't work, then the change is permanent, and there is no current way of reverting.
I don't know if it would work, though, because it's not a market app, so it would not have the necessary signature to write itself to system/app and then run.
cparekh said:
You can do that via Titanium backup with Paul's update. The problem is, if it doesn't work, then the change is permanent, and there is no current way of reverting.
I don't know if it would work, though, because it's not a market app, so it would not have the necessary signature to write itself to system/app and then run.
Click to expand...
Click to collapse
Ah I didn't know Titanium Backup can do it now! Thats awesome.
But yes, I am wary that the change can be permanent if it doesn't work. Anyone pre-OTA (or a brave soul Post-OTA), willing to help us out and try this? Thanks!
I just caught the end of your last post. Yeah, I didn't think of it that way. I guess no matter what we aren't going to be able to make changes to the /system/app.
But, wait. If we deleted the Email.apk through TB, and then as long as the other Email.apk could be installed, then I think we would be good. Since we could make a visionary.sh script to install the good Email.apk on boot each time. But still, the problem I guess is we aren't too sure if the Email.apk would install in the first place...
KShatzkes said:
the problem I guess is we aren't too sure if the Email.apk would install in the first place...
Click to expand...
Click to collapse
Yeah, that's what I don't know. In effect, the NAND lock is not only keeping us from customizing our phones, it's keeping us from trying to customize our phones.
exchange problem after OTA update
i believe the problem i'm experiencing is related to everyone else here except i am not asked to enter any pin or pass codes. prior to the OTA update on 11/5 am for me, i was having absolutely no problems checking my work email via exchange. now after the update, i get this error message when i go into the app and try to retrieve email "unable to open connection to server".
anyone else experiencing this?
I got this once. The problem seems that after the OTA, it did not push the security policy to the phone. The solution for me was to delete the account and then re-enable it.

[Q] CM7 Outlook Security

I have searched and even tried to make this work myself, but have been unable to. Is there a way, using CM7 to:
1) not have to enter an EIGHT digit unlock code due to outlook security OR
2) use the stock HTC email client-which doesn't require it?
I have tried to flash the stock email client but it doesnt work, I have been told the screen unlock overrides the Exchange security-not in my case.
Thanks
If you're on RC1, go open a ticket in the Issue Tracker. More likely to get help from the devs who supposedly fixed this.

[Q] Cleared data from Peep now cant log back in

So last night my wife asked if FriendStream on my phone had any tweets in it. It did but hers had not updated for over a day. I opened Peep and hit refresh and waited for it to update did this a few times and the latest it would get was still over 24 hours old.
Having seem similar problems before I cleared the cache of FriendStream its widget and Peep, Still wouldn't update so I cleared their data and that's where it went wrong.
Opened Peep and it had to the login boxes greyed out and a button saying logout, so I did and then tried to login I get Unable to sign in.
"You entered an incorrect username or password".
I have tried rebooting a few times and adding the account back in Accounts and Sync same problem, tried my account same problem, tried my wife's account on my phone and it logs in fine.
I have tried checking/unchecking SSL makes no difference, I know this happened a while back when Twitter changed there login API but it seems I broke something clearing Peeps data without removing the account in accounts and sync or it was broken already and that's why it would update and I brought the login problem to the surface.
If this was a normal app I would try and reinstall it but now I don't know what to do.
1) Can someone with a stock ROM confirm Peep is working and updating. My Desire has LeeDroid with a slightly newer Peep.
2) I have extracted htctwitter.apk from the Modaco ROM can you install this and have it overwrite the installed Peep on a stock un-rooted phone?
3) Any suggestions apart from do a factory reset? and if a factory reset is done any educated guesses if it will help?
4) Does a factory reset mean you have to OTA again or is the OTA written into the image when its applied?
Thanks for any help, seems I broke the wifes most used feature of the phone Not a good idea on my part.
Snowdan.
Turns out Peep version 1.00.0061.26XXXX that ships with stock T-Mobile phones no longer works with twitter, T-Mobile are aware and talking to HTC about an OTA to fix this.
Snowdan.

Cyanogen rom & encryption

Hiya,
My phone is a work phone and I've rooted it and installed Cyanogen rom on it, however encryption doesn't work as part of that rom. For me to be able to use the phone as a work device I need to encrypt it. If I tell it to encrypt the phone it never seems to do anything, I get the green android appear and that's it I have left it overnight before and it never seems to complete or give me any kind of progress bar. Any ideas how I can fix this please ?
Regards,
Martin
brayman said:
Hiya,
My phone is a work phone and I've rooted it and installed Cyanogen rom on it, however encryption doesn't work as part of that rom. For me to be able to use the phone as a work device I need to encrypt it. If I tell it to encrypt the phone it never seems to do anything, I get the green android appear and that's it I have left it overnight before and it never seems to complete or give me any kind of progress bar. Any ideas how I can fix this please ?
Regards,
Martin
Click to expand...
Click to collapse
if you want to know something then ask in the rom thread....but where do you tried to encypt it? in the settings or where? and which encrypt do you mean? it should work nicely
I'm assuming here you are trying to add an account as either Exchange or a Google Apps domain controlled by your employer and thus you are getting the security pop-ups telling you to add a PIN and encrypt the storage. What you'll find that really sucks is that once encrypted you can't flash updates to CM through the recovery anymore.
Try this app: Enhanced Email $9.99.
It will let you sync without needing to enable all of the security features on your device. I highly recommend you stick with a PIN code though!
Sorry for the self-advertisement: but encryption does work in my 4.2 AOSP ROM: http://forum.xda-developers.com/showthread.php?t=2013506
Note that you should switch to the 'bigdata' layout in order to avoid any data leakage by an unencrypted sdcard.
One-X-master said:
if you want to know something then ask in the rom thread....but where do you tried to encypt it? in the settings or where? and which encrypt do you mean? it should work nicely
Click to expand...
Click to collapse
I thought I did, ok. Yes if I go to settings and encrypt on the phone that way and it doesn't work.
navalynt said:
I'm assuming here you are trying to add an account as either Exchange or a Google Apps domain controlled by your employer and thus you are getting the security pop-ups telling you to add a PIN and encrypt the storage. What you'll find that really sucks is that once encrypted you can't flash updates to CM through the recovery anymore.
Try this app: Enhanced Email $9.99.
It will let you sync without needing to enable all of the security features on your device. I highly recommend you stick with a PIN code though!
Click to expand...
Click to collapse
Yes that's exactly It, Our work email is on Google now so its the Google apps problem. I don't mind if I cant flash updates as I haven't found any problems with the latest nightlies for a long time. I may try that if there is no other solutions dont really wanna spend my own money getting my work email working .

[Q] please sign in using one of the owner's accounts for this device

when i install a custom rom (viper one 4.2.1 or 4.3) i get the following error please sign in using one of the owner's accounts for this device. when i install the RUU for AT&T developer i can log in just fine with my account.
anyone have any ideas on how to fix this problem?
Go back to your functioning rom and remove the google account (might want to do a backup first!). Then do the flashing etc and sign in with your account as a new device.
The problem is googles factory reset protection. Its designed to make the device useless if the phone is factory reset without being unlocked first.
The other way is factory reset from android settings, then flash, then sign in to your account as a new device.
Google needs to address the fact that frp is too strong and needs to add another way in to devices in the event of accidental lockout.
Sent from my HTC One M9 using Tapatalk
I am having the same problem more or less.
I have bought a Nexus 9 from another person.
I did a factory reset today and I cannot sign in now.
Will this solution work? How do I go to funcioning rom, etc?
This is a "Google" security feature... When you wipe a device and then set it back up, if you didn't delete the Google account first, it will ask for those "original" credentials. Only way around it is to completely RUU the device back to the latest stock image. But I've heard some devices still have issues since the SN or IEMI is associated with the previous users Google account.
So, if you buy a new device... ALWAYS make sure the previous owner deleted their Google account first, or have them there when you go through the first few setup screens to enter their credentials....Then after you enter your credentials, you can reset it.
Just kind of mirroring what shivadow said
OH no! I am having this problem with a newer device!! Please help! It has been about 22 hours since I tried booting a custom binary with a non-unlocked OEM lock! I'm waiting to try to sign in to my Google account until 24 hours passes! I might have to wait 72 hours! Please review the post [LINK=http://forum.xda-developers.com/general/help/s7-edge-canada-boot-to-twrp-t3509603]here[/LINK]...I don't know if I posted that right so cut and paste this if that link doesn't work:
http://forum.xda-developers.com/general/help/s7-edge-canada-boot-to-twrp-t3509603
Thanks in advance!!
Want to install lineage os but can't due to same problem
shivadow said:
Go back to your functioning rom and remove the google account (might want to do a backup first!). Then do the flashing etc and sign in with your account as a new device.
The problem is googles factory reset protection. Its designed to make the device useless if the phone is factory reset without being unlocked first.
The other way is factory reset from android settings, then flash, then sign in to your account as a new device.
Google needs to address the fact that frp is too strong and needs to add another way in to devices in the event of accidental lockout.
Sent from my HTC One M9 using Tapatalk
Click to expand...
Click to collapse
I am having same problem with my old lenovo tab 3 7 . When i got it, i used it once and twice and then put it. now after a year or two, i want to install lineage and use it again as secondary device. but the problem is i don't remember which gmail id i used(i had 7 ids) and don't even have a clue about some accounts ids and passwords which i (currently using only 2 ids) don't use. And as usb debugging is disabled i can't do anything with my pc to get out of this situation.
Help!!!!!

Categories

Resources