DroidSheep is an Android application that demonstrates security weaknesses (not using https) and is capturing facebook, twitter, linkedin , yahoo, and other accounts.
PS> this is NOT my work, nor do i intend it to be taken as my work, I just wanted to share with the community!
NOTE FROM THE GERMAN DEVELOPER:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
Now>
WHAT DO YOU NEED?
1. A rooted phone (no, it will for sure not work without root)
2. The App installed on the phone (latest build attached to the present post)
3. A WIFI network to test it on
How do you use it?
DroidSheeps main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep any user – even without technical experience – can check if his websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
This video demonstrates what DroidSheep can do:
http://droidsheep.de/?page_id=14
How does it work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
http://droidsheep.de/?page_id=424
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.
You can also install DroidSheep Guard from the Market:
https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&hl=en
A very interesting feature is the possibility to save cookies!!
Source> http://droidsheep.de
Imagine the possibilities....
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
backfromthestorm said:
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
Click to expand...
Click to collapse
-what exactly "isn´t good" ?
Ok you are correct, yes, WIFI (as any other electromagnetic wave) can also be transmitted through vacuum, so yes there is no need of "air"
Re-ported to a MOD I don't think this should be shown or talked about on XDA this isn't an hacking site like you might think for taking advantage of other peoples accounts.
XDA is a hacking community for the good like Rooting.
This app has been on XDA for quite a while http://forum.xda-developers.com/showthread.php?t=1593990
Even a portal article about it http://www.xda-developers.com/android/droidsheep-undresses-network-security-and-shows-how-its-done/
Please use the main thread to discuss this app, not this one.
@ shankly1985, we appreciate your concern, but people need to know how insecure important accounts can be. Thus enabling them to make the changes to fix them.
Thread Closed.
Related
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
looking for something kinda like this, but useful...
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.
suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....
When your out traveling you often connect to different wifi spots(restaurants, hotel,...) and you never know how what happens behind.
Is there a way to use your phone on Internet in a safe way? Like a switch on your home screen you can turn the it on/off easly? I guess you need an app, a vpn or a server of some sort??
What do you mean with "in a safe way" ?
For example gmail uses a cripted (SSL) channel to read/send email. Is SSL "enough" safe for you ?
Using a "public" hotspot is not less "safe" than acecss your online backing form a pc at office. Is it possible for the "neworking guy" to see that you are accessing an online bank? Yes, for sure. Could he read your PIN/passwd and steal your money ? If your bank has a decent website (HTTPS) probably not (or not so easily..).
Do you wnat to be "safe" to read an online newspaper for last headnews?
Tor, private VPN
Sent from my i9250
kliw said:
For example gmail uses a cripted (SSL) channel to read/send email. Is SSL "enough" safe for you ?
Click to expand...
Click to collapse
With the easy availability of Jasager routers and how simple SSL-stripping is, no, SSL isn't safe enough on a public wifi.
As bk said, either use Orbot (TOR's Android implimentation) or a private VPN that provides endpoint-to-endpoint encryption.
I usually tend not to do any super personal stuff over public wifi - that means access gmail, google drive, etc.
I tend to stick to browsing websites for reading and that's it.
Chances are, if it's in a known location of a big business you probably have nothing to worry about.
A mom-and-pop coffee shop, or a crummy hotel wifi access point I'd be skeptical of the security enforced.
Here you go..
http://forum.xda-developers.com/showthread.php?t=1350941
akira02rex said:
Chances are, if it's in a known location of a big business you probably have nothing to worry about.
Click to expand...
Click to collapse
Actually, a big business's wifi is probably less safe. Anyone who wants a large number of targets at once just needs a Jasager router, the ability to launch a de-auth attack (not difficult at all), and a local Starbucks.
[Q] how hide apps in start menu of Windows 10 Mobile "or" add whitelist to Edge?
Hi,
is it possible to "hide" an app from the W10M start menu? And I don't refer to the home screen, I mean the full list of apps.
Or would there be a way to let the browser only work with a whitelist? .. No, Microsoft Family does not work properly on W10M.
Background - feel free to call me soft:
- Bought a Lumia 640 XL for my wife and a 2nd hand Lumia 535 for my daughter (to be her first smartphone, getting 9 end of the month) so that they could "share" the same experience, more or less.
- Played around with the "Microsoft Family" feature, and, to make it short, it doesn't work properly, not nearly close to what was expected or advertised. That might change ... in a few months. Maybe.
At least the URL filtering does not work "at all".
- So, in short, in order not to instantly fall back to pick an Android based device for my daughter (one beloved Razr i still in close range...), I was wondering if it was possible to "hide" one or the other thing from the start menu instead, the Edge browser in particular. Uninstallation I don't expect to be possible, probably being a deeper chunk of the OS, but only touching the start menu I concluded "should" be possible, one way or the other. At least I hope so.
Would I start to deal with the "full file system access" approach or rather try to dive into registry fiddling? Any help or maybe clear hint would be highly appreciated.
By now I did not find anything related to this. Neither here at xda or somewhere else. Probably no one considers doing something like that for his kids on Windows 10 Mobile ...
Who would want to hide a browser on a smartphone, anyway? .. yeah, I can't keep my kids "off" of the bad Internet, but I can at least keep an eye upon as long as possible.
Thanks in advance,
regards,...
bloodot
additional remark:
... after adding "a few" URLs to Microsoft's web interface for blocking URLs (via a web automation tool, yeah, I'm lazy...) it stopped working at 1003 regitered URLs. So, as long as they don't come up with something that works (whitlist... external service for checking URLs... whatever...) any help on this matter would be highly appreciated.
You want to keep her off the "web," correct?
Change your Mobile Data & Wifi DNS to 127.0.01
(You will need interop/FS access: )
Create a hosts file in C://Windows/system32/drivers/etc
Determine what sites you want to *allow* and find their IP. For example, if you want to whitelist Facebook, open cmd.exe from your PC and type:
Code:
ping facebook.com
You'll see:
Code:
C:\WINDOWS\system32>ping facebook.com
Pinging facebook.com [31.13.76.68] with 32 bytes of data:
Reply from 31.13.76.68: bytes=32 time=75ms TTL=82
Reply from 31.13.76.68: bytes=32 time=76ms TTL=82
Reply from 31.13.76.68: bytes=32 time=79ms TTL=82
Reply from 31.13.76.68: bytes=32 time=74ms TTL=82
Ping statistics for 31.13.76.68:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 79ms, Average = 76ms
C:\WINDOWS\system32>
So, you'd add:
Code:
31.13.76.68 facebook.com
31.13.76.68 www.facebook.com
to your phone's host file.
If you can create profiles on your router, you can also do the same (DNS to 127.0.01 for her phone's MAC address)
Doing this would make all of the web unresolvable, except facebook.com
To change the Wifi DNS:
Settings -> Network & Wireless -> Wi-fi -> Static IP -> fill your info
*If your router doesn't support static IP, you should check and see if your router supports profiles, and build one to target her phone mac address.* (If you don't target her mac address/other phone identifier and set your router to 127.0.01, all of the devices on your network will encounter blocked access to the web)
For Mobile Data:
I don't see an immediate switch for this (at least with my provider), it's routed through a network port on their servers. Unless something changes in future builds, it's probably best to just turn mobile data off and use the Wifi/hosts to keep control of what sites she can access.
Thank you very much!
Point is, I don't want to keep her off completely, and the major issue would be to keep control once she's "not" inside our home network but on cellular.
So I think I need to start investigating on my own whether I can manipulate the start menu or even the browser itself.
The local DNS lookup, which would only work on WiFi anyhow, would also result in me analyzing all communcation end points for "any" kind of
app I'd like her to use. Doable, but still the mobile part would be open. Beyond that I cannot block here "re-enabling" the cellular data connection,
the system isn't that strict in that matter. Would be nice, though, ...
@home I already use OpenDNS, probably should have mentioned that, so that's more or less under control.
Let's see if some other ideas or approached pop up from xda; I'm actually trying to get in direct contact with one of the Microsoft Family team
as, on a business level, we're currently working closely with some of the Microsoft 10 teams.
If they, if connected that is, tell me that they're aware of the bugs and that they're actually part of a road map, I'd be happy, too.
However, for the time being I expect I have to sort it on my own.
I'll give it a go with interop and see what I can find to deal with.
So, any other ideas?
Regards,..
bloodot
How about interopunlock and use your own hosts file?
How about App corner inside settings?
augustinionut said:
How about interopunlock and use your own hosts file?
How about App corner inside settings?
Click to expand...
Click to collapse
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
bloodot said:
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
Click to expand...
Click to collapse
PIN + kids corner. Can't bypass it.
-W_O_L_F- said:
PIN + kids corner. Can't bypass it.
Click to expand...
Click to collapse
... it's not my phone she should use. She should be able to use her own phone.
That includes calling her mum or me.
"Phone" is not an allowed app for the kids corner, it ain't listed when setting that up.
And even if it was, it would allow "anyone" who would steal that phone to directly use it's SIM card hazzle free.
And, as a minor annoyance, anything else that would be allowed via that mechanism.
It's just the current truth to deal with, W10M is not child-ready by any means.
If I want more control, I need to switch the phone.
Or start trusting a 9year-ish old girl to deal with the Internet without restrictions.
... so fiddled around with a few things, though interop is active according to the tool itself after sideloading it, wconnect won't work at all (crashes, no proper error given and before that IpOverUsbInstaller won't finish installation), so I can't get that key to get the SSH connection done and therefore I can't get full file access.
I think I'm done with this now. Selling the phone, using the Razr I instead, already have the proper system locking tools in place for that, bye bye Lumia 535. I would have loved to see my child deal with such an "easy" OS interface for getting used to smartphones, but I can't let her have access to the Internet while "not at home" without restrictions. No way.
... went so far and tried miradore to restrict the system via MDM. And guess what ... the f'n browser CANNOT be blocked via MDM. At least miradore has a free trial of 14 days. I was even willing to pay the damn 2$ per month for that service. *sigh* MAYBE it has a URL filter SOMEWHERE ...
... however, at least one can disallow the "usage" of the browser. MAYBE that works. Trying...
Yes. Works. JESUS ... what a mess. Let's see if I can get that done somewhere / somehow via MDM "without" another monthly fee ...
yeah, worked. Pitty though, they want "10$" minimum fee per month.
BUT: ... I stumbled over https://www.manageengine.com/mobile-device-management/
Free for up to 25 devices. Either cloud based (not supporting W10M for now) or Windows based installation (supporting W10M, more up2date...).
And it works. Thank you very much. Case closed.
Though I cannot restrict the URLs ... I can blog the Edge browser. And the Microsoft Store. Happy bunny.