Develop Bugs

[Q] A few questions regarding Froyo 2.2

I just downloaded Froyo 2.2 on my new TP2 and i LOVE it miles more than the WinMo setup.
Some problems i'm getting,are the physical keyboard layout seems to be different,like i can't use the numbers on the top row and just a few others,I don't care too much about the other things,but i would like the keyboard to be as accurate as possible.
Another problem i have is,i can't get into the phone and edit some files in the Sd card.
In a tutorial it says i can't use a HC sd card but it would be great as it offers 4 gig of space compared to my 1 gig of space on my current card,can i use a hc sd?
Thanks.

First, this is the general section - you should post in the Android section.
Second, no clue what tutorial you're talking about (you didn't provide any links!) - mine doesn't mention anything about high-capacity cards - assuming your phone can read it, you can use it. Up to 32gb is what our phones can read.
For the physical keyboard make sure you're using the correct startup.txt and corresponding physkeyboard setting.

arrrghhh said:
First, this is the general section - you should post in the Android section.
Second, no clue what tutorial you're talking about (you didn't provide any links!) - mine doesn't mention anything about high-capacity cards - assuming your phone can read it, you can use it. Up to 32gb is what our phones can read.
For the physical keyboard make sure you're using the correct startup.txt and corresponding physkeyboard setting.
Click to expand...
Click to collapse
Yeah,i was actually ready to post in there,in the actual sticky that you made but it didn't let me because i didn't have more than 10 posts.
Oops and it was this this tutorial [Ah can't post links neither since i need more than 8 posts lol]But the tutorial said NOT to use an SDHC card.Also the question i asked about not being able to access the SD card's file from a usb connection,should i just remove the card and plug it into my computer if i need to add ringtones on it or access the android files?
Can't say i saw a physkeyboard setting or file as all i did was download your bundle and place the Tilt 2 startup.txt in the SD card's root location.
Thanks for the quick reply and sorry if this was asked tons of times.I tried to click the FAQ on the sticky but it just weirdly kept redirecting me to the sticky thread again.

You're either blind, or... well I won't go there.
<<<This is a link to the... FAQ Click it!!>>>
I don't see how you missed that link, nor how it was redirecting you anywhere. That "Into to Android" thread is... let's say less than ideal.

arrrghhh said:
You're either blind, or... well I won't go there.
I don't see how you missed that link, nor how it was redirecting you anywhere. That "Into to Android" thread is... let's say less than ideal.
Click to expand...
Click to collapse
Yes i clicked that in the sticky thread several times and it was just acting weird.But it seems to have answered most of my questions,except my physical keyboard is still wonky.I have found the setting you were talking about in the system.txt and it does say physkeyboard=Tilt 2 but i still can't use the row of numbers at the top,and now after a second bootup the on screen keyboard won't show up anymore.

Mugen92 said:
Yes i clicked that in the sticky thread several times and it was just acting weird.But it seems to have answered most of my questions,except my physical keyboard is still wonky.I have found the setting you were talking about in the system.txt and it does say physkeyboard=Tilt 2 but i still can't use the row of numbers at the top,and now after a second bootup the on screen keyboard won't show up anymore.
Click to expand...
Click to collapse
On-screen kb works great, assuming its enabled.
Also, kb setting is "tilt2" if I'm not mistaken. CaSe MaTtErs in Linux!

I was finally able to fix the keyboard problem.I guess i was supposed to have the RHOD 400 startup.txt.Well now i'm absolutely in love with this,except that my phone keeps reboot for some reason...Any ideas?

Mugen92 said:
I was finally able to fix the keyboard problem.I guess i was supposed to have the RHOD 400 startup.txt.Well now i'm absolutely in love with this,except that my phone keeps reboot for some reason...Any ideas?
Click to expand...
Click to collapse
lol, then you have a RHOD400? It clearly states this under the battery, as part of the FCC ID.
Anyhoo, reboots happen for any number of reasons. Anything you're doing in particular when they happen? Are they consistently reproducible? They could be anything from the SD card to a few bugs that I believe are still outstanding relating to the radio to...

arrrghhh said:
lol, then you have a RHOD400? It clearly states this under the battery, as part of the FCC ID.
Anyhoo, reboots happen for any number of reasons. Anything you're doing in particular when they happen? Are they consistently reproducible? They could be anything from the SD card to a few bugs that I believe are still outstanding relating to the radio to...
Click to expand...
Click to collapse
Yeah,i was just herpin derpin i guess.At first i thought it was because of an overclock i applied but then i brought it back to stock clocks and it still does.It reboots anywhere from 3-5 times a day and seems to do so at completely random.

Mugen92 said:
Yeah,i was just herpin derpin i guess.At first i thought it was because of an overclock i applied but then i brought it back to stock clocks and it still does.It reboots anywhere from 3-5 times a day and seems to do so at completely random.
Click to expand...
Click to collapse
That's not normal. Try a different SD, wipe the current SD with the HP Tool...
Short of that, nothing gets fixed or at least confirmed as to what the issue is without logs. From reboots there's ramconsole and dropbox logs. Dropbox logs are easier to gather, as they're just sitting in /data/system/dropbox. Grab all the SYSTEM_LAST_KMSG files. The ramconsole method is a little more involved, and I won't go into it here.

arrrghhh said:
That's not normal. Try a different SD, wipe the current SD with the HP Tool...
Short of that, nothing gets fixed or at least confirmed as to what the issue is without logs. From reboots there's ramconsole and dropbox logs. Dropbox logs are easier to gather, as they're just sitting in /data/system/dropbox. Grab all the SYSTEM_LAST_KMSG files. The ramconsole method is a little more involved, and I won't go into it here.
Click to expand...
Click to collapse
Alright,finally got it to stop rebooting,by changing the sd card...........BUT now people always text me saying that they called me and that my phone went straight to voicemail or just rang all the way through to voicemail,even though i didn't receive anything on my end.This seems very hit or miss,as sometimes it works fine and sometimes i won't receive calls at all.Strange that i'll still get text messages though.

Mugen92 said:
Alright,finally got it to stop rebooting,by changing the sd card...........BUT now people always text me saying that they called me and that my phone went straight to voicemail or just rang all the way through to voicemail,even though i didn't receive anything on my end.This seems very hit or miss,as sometimes it works fine and sometimes i won't receive calls at all.Strange that i'll still get text messages though.
Click to expand...
Click to collapse
Make sure you boot with WinMo in airplane mode. No radios should be on in WinMo when you're booting Android..

My phone used to reboot a lot too especially when I'm moving around. I discovered it was a network thing, so each time I'm moving from around town, I disable data connection. I think Android has trouble understanding fluctuation in data connection, so I noted areas with little or no data reception and switch offg data when passing through such area.
Sent from my MSM using the XDA mobile application powered by Tapatalk

FaluSeyi said:
My phone used to reboot a lot too especially when I'm moving around. I discovered it was a network thing, so each time I'm moving from around town, I disable data connection. I think Android has trouble understanding fluctuation in data connection, so I noted areas with little or no data reception and switch offg data when passing through such area.
Click to expand...
Click to collapse
Are you GSM or CDMA?
The new RIL from forever ago should've fixed most of those issues, but perhaps not all...

Are you GSM or CDMA?
The new RIL from forever ago should've fixed most of those issues, but perhaps not all...
Click to expand...
Click to collapse
I use GSM, but it's a Sprint RHOD500.
Sent from my MSM using the XDA mobile application powered by Tapatalk

FaluSeyi said:
I use GSM, but it's a Sprint RHOD500.
Click to expand...
Click to collapse
Perhaps that's the problem?

I could really use some advice from a technical standpoint please

Hi everyone. I recently got a T989 from Telus, to which I used an Ebay unlocked. Now first things first....I have never had my email account or any account hacked. My computers in my home are virus free, so I have eliminated them. Within a week of using my T989 with Mobilicity, my gmail account (which my phone knows the password to) was hacked and logged in by someone in the U.S (Gmail shows IP logins) and they spammed my entire contact list. Now I am trying to think of ways this could have happened, but I honestly think the phone may have a keylogger or something on it.
Here are the steps they had me carry out (and it did unlock the phone immediately).
Download and install necessary files
http://www.UnlockClient.com/SAMSUNG_USB_Driver.exe
http://www.UnlockClient.com/dotNetFx40_Full_setup.exe
Very simple procedure:
1. Enter your paypal email or start in demo mode
2. Type *#7284# and select USB - Modem
3. Type *#9090# and select [1] USB
4. Exit service menu and reboot the phone
5. Once phone rebooted connect the phone and computer
6. Wait until all drivers are installed
7. Click "Unlock" button
8. Enter 00000000
Here is the auction for this unlock I got. http://www.ebay.ca/itm/280852210909?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
Is there anything there that I should worry about? Or is there any possibility they have someone routed everything I do on my phone through them? I am seriously worried about my online banking information and such. Thank you very much in advance.

not sure if serious?
- taz b.

Why wouldn't I be serious? Isn't this a legitimate conclusion? I don't have a lot of posts but I have been lurking for years. I am serious however.

Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA

Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.

wy2sl0 said:
Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.
Click to expand...
Click to collapse
And did you test your phone with a different sim card? Everything is functional?
As far as I know, the legitimate way and the only way to unlock a phone is through the codes generated by the datebase. All the reputable sites that unlock phones that I know of, all use codes to unlock. When I had bought my telus g2sx the store unlocked it using the code.

Something like a keylogger would be app level, not modem info or hardware level. Also, something transmitting every keystroke would use a LOT of data and battery.
First thing I would do, personally, is check my battery stats to see if any app was using a suspicious amount of battery.
In my opinion, it wouldn't make sense for a company who already got your money for an unlock service to install a key logger to spam your Gmail contacts.
Just my two cents. It would take a tremendous amount of technology to track everyone who used the service. Not to mention man hours in sifting through collected data.
Check the battery stats. Settings>About Phone>Battery Use.
Hope this helps in any way. Hacked accounts are always a bummer man.

Wierd, I used that site a week or two ago and nothing like that happened to me. Makes me worried now.
I didn't use ebay though, I did it directly from the site. You could always re-flash your phone to stock then update it, that would eliminate any possibility of odd software.

In step 1, did you run a program on your computer, on the phone or both?

anomy13 said:
Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA
Click to expand...
Click to collapse
If you want your phone as clean as possible then do this in recovery
go to mounts and storage format /data format /system format /cache format/emmc. Then flash the super wipe followed by the rom but remember doing it this way deletes everything from your phone.
Sent from my SGH-T989 using Tapatalk 2

probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol

-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
Click to expand...
Click to collapse
Isn't GMail SSL now?

Joe USer said:
Isn't GMail SSL now?
Click to expand...
Click to collapse
and ssl can be stripped from packets now. Intercept the packet and then use it to sign in. then profit.
an app to play with if you want to try it out for your self is faceniff for andorid.

-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol
Click to expand...
Click to collapse
Any recommendations to protect yourself then?
sent from the darkside of the galaxy

Z-Man™ said:
Any recommendations to protect yourself then?
sent from the darkside of the galaxy
Click to expand...
Click to collapse
dont use open hotspots at coffee shops and stuff like that. look for the shady nerd in the corner, and i think there is an app that can detect if your wifi is being arp spoofed.
https://play.google.com/store/apps/details?id=com.gurkedev.wifiprotector&hl=en
i think there may be free ones too, i dont know. but that app will detect if your being attack by a man in the middle/arp spoofing

I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.

wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
its not just your phone that is at risk for these attacks. anything you sign on with is if some one does the man in the middle attack, among other attacks.
Other reasons besides your phone unlocking are the root cause of your issue. It's unfortunate none the less but man in the middle password sniffing and fishing are the leading causes i see at work for your spamming hijacking. i work with this stuff daily.

wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
Did you ever figured out if unlockclient.com had injected some malware in your device.
Has anyone on this site had problem with them or any developper had a chance to check what they are doing ?

Samsung find my phone not working?

Hi Folks,
So I'm posting in the Tmobile side since I picked up a Tmobile S4 even though I'm using it on AT&T to see if its a Tmobile thing, maybe some conflict from running on AT&T or just doesn't work at all...
I setup and have created/logged in with a Samsung account in the accounts pane and when I go online to try to find the phone I get two things. The first is the site says its not available in my region. And the second is following some details on their site about enabling it on the phone aren't working. It says add a Samsung account (done), go to settings, more, security then remote management (or remote control) then more steps but there is no remote management or remote control listed under settings.
Is this working for anyone at all?

re: signing in
Screwbal said:
Hi Folks,
So I'm posting in the Tmobile side since I picked up a Tmobile S4 even though I'm using it on AT&T to see if its a Tmobile thing, maybe some conflict from running on AT&T or just doesn't work at all...
I setup and have created/logged in with a Samsung account in the accounts pane and when I go online to try to find the phone I get two things. The first is the site says its not available in my region. And the second is following some details on their site about enabling it on the phone aren't working. It says add a Samsung account (done), go to settings, more, security then remote management (or remote control) then more steps but there is no remote management or remote control listed under settings.
Is this working for anyone at all?
Click to expand...
Click to collapse
Signing up and logging in to your tmobile, google or AT&T accounts are optional
and have nothing to do with how or if your phone will work.
You don't need to sign on to any of these three for your phone to work properly.
If your Tmobile M919 Galaxy S4 is NOT UNLOCKED it will not work on any network
except Tmobile.
It will not work with AT&T unless the phone is UNLOCKED.
Either way, the main thing I was trying to say is whatever your problem is it has
nothing to do with signing into tmoble or AT&T or gmail.
All three of those things are optional and have no effect on the phone working properly.

Awesome good to know. Now the only question is has anyone else gotten it to actually work if they have tried?

Screwbal said:
Awesome good to know. Now the only question is has anyone else gotten it to actually work if they have tried?
Click to expand...
Click to collapse
It's difficult to say if it will work or not since I have NO idea of what the problem is to start with.
All I know is that you have an Tmobile Galaxy S4 cell phone.
I don't even know if you ever tried a Tmobile sim card in it or whether the phone is unlocked and so on.
So I don't know how to be more helpful to you.

Misterjunky said:
It's difficult to say if it will work or not since I have NO idea of what the problem is to start with.
All I know is that you have an Tmobile Galaxy S4 cell phone.
I don't even know if you ever tried a Tmobile sim card in it or whether the phone is unlocked and so on.
So I don't know how to be more helpful to you.
Click to expand...
Click to collapse
No, I just mean the feature in general on the phone. Does anyone have the find my phone function through Samsung working or at least have tried and can confirm that it does work for you, or that you too can't set it up?

Screwbal said:
No, I just mean the feature in general on the phone. Does anyone have the find my phone function through Samsung working or at least have tried and can confirm that it does work for you, or that you too can't set it up?
Click to expand...
Click to collapse
You still are very unclear in what your really want to know, I still do not even know if your phone ever worked properly for you.
I still don't even know if your phone is UNLOCKED or not and I don't even know if you have a at&t sim or a tmobile sim card.
You never mention these things in any of your posts so how can anyone confirm anything you are asking to be confirmed?
If you use your phone on the Tmobile network you will have the option of free wifi calling which does not count against cellular minutes.
On the AT&T network there will be no option at all for wifi calling.
All the other features and options on the Galaxy S4 whether it's on the AT&T network or Tmobile network will be exactly the same.
You will not see or find any differences at all except for the wifi calling which I wrote about.
Anyway I am a bit busy, so I cannot help you anymore but I am sure there will be a lot of other people
here who can help you even more than I can.
Perhaps a mind reader will give you a hand if your lucky enough to find one.

The question is clear. Has anyone had this option ever work for them?
To be honest I am not sure how the option works but it maybe GPS related if Samsung is controlling it and not the carrier.
Wayne Tech Nexus

zelendel said:
The question is clear. Has anyone had this option ever work for them?
To be honest I am not sure how the option works but it maybe GPS related if Samsung is controlling it and not the carrier.
Wayne Tech Nexus
Click to expand...
Click to collapse
The question has nothing to do with whether the phone is network locked or not; or what carrier's sim card is installed. It has to do with whether a specific function in an app works or not for AT&T users with a TMO device. I have an unlocked TMO version on AT&T network, I'll try what you are talking about and get back with you. I'm reverting back to my stock backup to check. I can't seem to find the particular app you're using through Samsung apps and it doesn't appear to be present on the debloated stock ROM I'm using.

re: function
lordcheeto03 said:
The question has nothing to do with whether the phone is network locked or not; or what carrier's sim card is installed. It has to do with whether a specific function in an app works or not for AT&T users with a TMO device. I have an unlocked TMO version on AT&T network, I'll try what you are talking about and get back with you. I'm reverting back to my stock backup to check. I can't seem to find the particular app you're using through Samsung apps and it doesn't appear to be present on the debloated stock ROM I'm using.
Click to expand...
Click to collapse
You must be the mind reader I was talking about........ LOL
Have a great weekend...

Misterjunky said:
You must be the mind reader I was talking about........ LOL
Have a great weekend...
Click to expand...
Click to collapse
I just happen to have nothing but time on my hands.
---------- Post added at 02:59 PM ---------- Previous post was at 02:19 PM ----------
lordcheeto03 said:
I just happen to have nothing but time on my hands.
Click to expand...
Click to collapse
My experience so far is that I also cannot access the feature. You are correct in the fact that the "Remote Control" tab doesn't exist under Settings->More->Security. It should be below "Encrypt Device" but it isn't. The website findmymobile.samsung.com says that once you activate/register your Samsung account on the device, that menu will automatically be enabled; but from my experience (and yours as well apparently) that is definitely not the case.
I did a little research, and within a few minutes I was directed to a thread here on XDA from the SIII forums talking about this particular problem. Apparently, the carriers themselves have removed the ability to use Samsung's built-in mobile location features in preference of the carrier's own mobile location apps and services.

dumb! but I figured out that lookout can do it. going on 24 hours since I picked it up and dusting off my android cobwebs still for how I used to get by a year ago. Was trying to have to install some 3rd party app that I didn't know so tried the built in stuff with no luck but with lookout pre installed and I already know it I figure that should work just fine for me. Thanks folks for the feedback and conversation!

re: finally I understand...............
lordcheeto03 said:
I just happen to have nothing but time on my hands.
---------- Post added at 02:59 PM ---------- Previous post was at 02:19 PM ----------
My experience so far is that I also cannot access the feature. You are correct in the fact that the "Remote Control" tab doesn't exist under Settings->More->Security. It should be below "Encrypt Device" but it isn't. The website findmymobile.samsung.com says that once you activate/register your Samsung account on the device, that menu will automatically be enabled; but from my experience (and yours as well apparently) that is definitely not the case.
I did a little research, and within a few minutes I was directed to a thread here on XDA from the SIII forums talking about this particular problem. Apparently, the carriers themselves have removed the ability to use Samsung's built-in mobile location features in preference of the carrier's own mobile location apps and services.
Click to expand...
Click to collapse
AH, so that's what the guy was looking for, I just could not make much sense of what he was asking after reading his posts.
There are several apps at the play store which have the same or similar capabilities.
Here is a link to one of them, it's called "find my phone" it's a free app which finds phones which have been stolen or lost etc.
https://play.google.com/store/apps/...DEsImNvbS5mc3AuYW5kcm9pZC5waG9uZXRyYWNrZXIiXQ..

Misterjunky said:
AH, so that's what the guy was looking for, I just could not make much sense of what he was asking after reading his posts.
There are several apps at the play store which have the same or similar capabilities.
Here is a link to one of them, it's called "find my phone" it's a free app which finds phones which have been stolen or lost etc.
https://play.google.com/store/apps/...DEsImNvbS5mc3AuYW5kcm9pZC5waG9uZXRyYWNrZXIiXQ..
Click to expand...
Click to collapse
Yeah, but if it's supposed to be provided by the manufacturer it would stand to reason that it would be available to everyone who bought the device. Apparently though, our carriers tend to believe their own software is far superior to that of those who manufactured the device... I personally don't even use that stuff as I never turn GPS on in the first place; so in the event that my phone is stolen or lost, that kind of software won't do me any good to begin with.

Can't unlock phone on boot

Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...

greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
You can search that but might as wipe in the meantime. Get yourself a working phone.

bobby janow said:
You can search that but might as wipe in the meantime. Get yourself a working phone.
Click to expand...
Click to collapse
Thanks for the reply. Going through the post-wipe setup now. Grrrr. It's just that I entered the password a bunch of times, and it always worked. Just on reboot from recovery it didnt. Now I'm afraid to go back into twrp...
Anyone know if this could be caused by some android security feature that doesnt like systemless root, xposed, etc.

greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
After restoring the nandroid, boot into twrp and then delete /data/sytem/locksettings.db. If that doesn't fix it, delete the locksettings.db-shm and locksettings.db-wal in the same location. If that doesn't fix it either, delete gatekeeper.password.key and gatekeeper.pattern.key in the same location.
Click to expand...
Click to collapse

KennyG123 said:
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
Click to expand...
Click to collapse
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!

greves1 said:
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
Click to expand...
Click to collapse
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.

KennyG123 said:
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
Click to expand...
Click to collapse
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?

greves1 said:
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
Click to expand...
Click to collapse
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.

KennyG123 said:
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
Click to expand...
Click to collapse
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.

greves1 said:
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
Click to expand...
Click to collapse
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.

KennyG123 said:
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
Click to expand...
Click to collapse
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...

greves1 said:
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
Click to expand...
Click to collapse
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.

KennyG123 said:
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
Click to expand...
Click to collapse
Ah, great to know. Thanks.

greves1 said:
Ah, great to know. Thanks.
Click to expand...
Click to collapse
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.

KennyG123 said:
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
Click to expand...
Click to collapse
Real word use shows that android pay does not ask for an additional fingerprint at the time of use. It's just as the instructions say, as long as your phone is unlocked at the time it is held up to the scanner, androidpay will work. I kind of wish they allowed for the additional security of an at-scan fingerprint read, but oh well. I have yet to test if the password/pin can be removed by the methods discussed in this thread, and androidpay working after defeating this security. If it does, then this is obviously a major security vulnerability of having an unlocked phone and using androidpay at the same time. Probably not more dangerous in terms of protecting against CC thieves, since they can just swipe a card stolen from your wallet at a terminal, but you probably wouldn't want to keep too many cards on your phone. Again, I haven't tested this out, if a fingerprint is still required to get in after a password database defeat, but someone should do this test.

If you have your phone lost or stolen just cancel your cards as if it happened to your wallet. Simple no?

What security options do we have?

A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.

Just to share, I found following to be foolproof
- Setup Pin + Fingerpints
- Setup Pin / Password for phone startup
This
- Keeps the device encrypted
- Unable to boot without pin
- Unable to access TWRP without pin
- Doesn't auto-mount on USB connect
Still, it would be interesting to hear about any cons of the above setup.

hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.

zelendel said:
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
Click to expand...
Click to collapse
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.

hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.

hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
Cerberus is a really nice app... You have alot of options sadly it isn't free! But heyy, it's cheap and it's functional! Other then that keep your device encrypted and a boot password should do.

As long as you're not rooted and unlocked, it will be a bit hard for an thieve to have access to your phone. Leaving ADB on, might as well decrease the overall security of the phone.
I for example was given a tablet which had a Google account synced with it, and resetting from recovery only made me renter the credidentials previously used to be able to pass the setup.
My luck was that the guy left ADB on and with a simple command I bypassed the setup screen.

hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.

Renosh said:
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.

zelendel said:
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
zelendel said:
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
Click to expand...
Click to collapse
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)

2x4 said:
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
No its not really. It's so they can send relevant ads. Those that remember smartphones before Apple or Android knows that it is not really needed.

zelendel said:
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
Click to expand...
Click to collapse
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?

2x4 said:
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
Click to expand...
Click to collapse
Because that is before startup and not the bootloader, even with those set up they normally dont cover download mode or what ever mode that particular OEM uses (not all use the same). In extreme cases with some apps that make it a bit harder or people just dont want to be bothered to mess with things too deeply there are tools available that Will push the update right to the board bypassing all security. Sure its a little extra work but it is a sure bet when you cant get into a device and cant be bothered hunting down getting around it.
Also for the passwords on startup. any password cracker would take out the average password in a matter of min.

This has been very interesting and so much to learn. Thank you all for great inputs.
zelendel said:
I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Puddi_Puddin said:
Cerberus is a really nice app...
Click to expand...
Click to collapse
Have it in all my Androids Very helpful at times, even for non theft purpose..
XDRdaniel said:
Leaving ADB on, might as well decrease the overall security of the phone.
Click to expand...
Click to collapse
Thanks. Will read more on this.
Renosh said:
for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
zelendel said:
With way your data is meaningless.
Click to expand...
Click to collapse
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
2x4 said:
. this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
Hmm.. I think I came across that in OP3. Didn't pay attention though.
zelendel said:
Because that is before startup and not the bootloader,
Click to expand...
Click to collapse
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.

hyperorb said:
This has been very interesting and so much to learn. Thank you all for great inputs.
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Have it in all my Androids Very helpful at times, even for non theft purpose..
Thanks. Will read more on this.
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
Hmm.. I think I came across that in OP3. Didn't pay attention though.
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
Click to expand...
Click to collapse
You don't need to steal someone's phone to get a fake ID with their info. 1500 usd will get you that without it.
As for getting nothing in hand. They got exactly what they wanted. The device. Unless you work for the government in a high place. Then your data is meaningless on your phone. You already put it in enough places on line while using a pc that if they want it they already have it.
I could easily steal someone identity with a little more then what they post on Facebook or other social media outlets.