How to avoid using screen security (pattern) and still have VPN connections? - Samsung Galaxy Nexus

I have this issue (I guess I'm really lazy but bear with me) that I don't really need an screen security measures like patterns, password, pin etc. but I do need to have some VPN connections stored on my phone and it's really annoying that Android obliges us to have an screen security to be able to store VPN credentials.
So my question would be, Is there any way to bend Android to our will here?

NoobSibot said:
I have this issue (I guess I'm really lazy but bear with me) that I don't really need an screen security measures like patterns, password, pin etc. but I do need to have some VPN connections stored on my phone and it's really annoying that Android obliges us to have an screen security to be able to store VPN credentials.
So my question would be, Is there any way to bend Android to our will here?
Click to expand...
Click to collapse
I've done it before, I cannot seem to remember how though. Something about setting a pin, copying a file with adb, guessing wrong password and using email option, then pushing a file with adb.
Cannot find the article tho, but this should work.....
HTML:
http://forum.xda-developers.com/showpost.php?p=32987763&postcount=1

Related

[Q] VPN on Galaxy Nexus

Is there anyway to setup a PPTP VPN connection on ICS without being forced to use a lock screen with PIN/password/pattern? VPN works but I don't want to lock my screen with a PIN.
This was possible on 2.x so why did they change it? Tried using a 3rd party solution like 1VPN but it doesn't even connect to my VPN..
I hate to bump this thread but I really need to know if there is a workaround for this. VPN is the only way I am able to access the Onlive servers to play.
Yea, I just came across this "feature." There has to be a way to disable it. I wish people would stop insisting on handling my security for me. I'm a big boy, I can do it myself.
Sent from my Galaxy Nexus using Tapatalk
What's wrong with using a pattern? Its just as quick and easy as the drag to unlock.
Still haven't found a workaround.. a pattern is not as annoying as a password but it removes the quick access to the camera from the lockscreen doesn't allow you to use face unlock.
I've managed to muck around with the Settings.apk, and I've gotten it to allow me to configure and connect to my VPN without having to set a pin code on the lockscreen. However, it doesn't SAVE the VPN entry. Once you back out of Settings, the entry is lost and will have to be re-added again.
While I'm no stranger to line-based coding, I have to say I'm rather new to Android and I'm learning as I go. Lots of trial and error.
Hey, it's progress.
For those wanting to muck around themselves, I'm tinkering inside the VpnSettings.smali file -- specifically in the onResume method. That's where the check is to see if the Credential Storage is unlocked/locked/uninitialized. I can circumvent that check -- but I think the issue is that it's not ACTUALLY unlocked hence why the settings aren't saved.
Any progress since your last post? I got the same annoying issur.
I am also looking for this annoying "feature" to be overcome.
Just wanted to reply so you know others are also wanting credentials to be stored without losing the ease of access from the lockscreen.
+1
_____________
+1. Wtf is the point of quick camera access if you're forced to lose it?
+1
I'm also interested in removing this annoying "feature"!
I can't wait for the day this problem will be fixed! Annoying as hell!
Sent from my Galaxy Nexus
gabster21 said:
Is there anyway to setup a PPTP VPN connection on ICS without being forced to use a lock screen with PIN/password/pattern? VPN works but I don't want to lock my screen with a PIN.
This was possible on 2.x so why did they change it? Tried using a 3rd party solution like 1VPN but it doesn't even connect to my VPN..
Click to expand...
Click to collapse
Hy,
I wrote an application that can connect to a PPTP VPN Server
without having to use PIN or Pattern :
PPTP VPN Manager
Hope this post can help you:
http://forum.xda-developers.com/showthread.php?t=1597093

[Q] How to bypass the need of having a security when accessing a secured WiFi network

Hey guys,
I have a simple question, which I hope, has a simple, but atleast an positive answer.
When I try to connect my HTC One X with the school Wifi network, it says 'You need to have a pincode, password or path-unlock security, otherwise you cannot access the network' (when you open the phone)
So the question: Anyway of bypassing it? I only want to move the ring to unlock the phone, instead of ALSO having a pincode, password or path-unlock.
Blackvibes said:
Hey guys,
I have a simple question, which I hope, has a simple, but atleast an positive answer.
When I try to connect my HTC One X with the school Wifi network, it says 'You need to have a pincode, password or path-unlock security, otherwise you cannot access the network' (when you open the phone)
So the question: Anyway of bypassing it? I only want to move the ring to unlock the phone, instead of ALSO having a pincode, password or path-unlock.
Click to expand...
Click to collapse
Are you sure this isn't something to do with the Wireless encryption rather than security for unlocking your phone?
dr9722 said:
Are you sure this isn't something to do with the Wireless encryption rather than security for unlocking your phone?
Click to expand...
Click to collapse
Pretty sure it has something to do with the network itself, but hope someone can tell me how to bypass it
Sent from my HTC One X using XDA
If I understand you correctly, you are wanting to hack a WEP code? I would respectfully suggest that particular area of the forum is devoted to the HTC One X whereas your query would be better directed to a website that deals with security issues.
I think the OP doesn't want to hack.
@ OP: Ever tried opening up the browser, type in an address and then the security screen of the network appears so you can log in and probably even safe your credentials?
Elsewise I don't know either, sorry.
The problem is that the the OS requires a pin code to be set up in order to store the WifFi credentials.
So if you want to log onto the network you must set up a pin. I have this problem at Uni.
No solution yet.
JamesBarnes said:
The problem is that the the OS requires a pin code to be set up in order to store the WifFi credentials.
So if you want to log onto the network you must set up a pin. I have this problem at Uni.
No solution yet.
Click to expand...
Click to collapse
On Android 2.3.x (in CM7 at least) there was the option to turn off this requirement. Annoying that it's been removed in ICS!
Hi,
I also face this issue when connecting to my office WIFI hotspot. But, after you have set the pin and then set the password to connect to your WIFI. You can disable the PIN lock in Security setting right away. It's just one-time setting.
laruku said:
Hi,
I also face this issue when connecting to my office WIFI hotspot. But, after you have set the pin and then set the password to connect to your WIFI. You can disable the PIN lock in Security setting right away. It's just one-time setting.
Click to expand...
Click to collapse
Yeah. I removed the pin and stuff and now it still reconnects..
The only problem: I can browse the web, but cannot send mails. It keeps saying 'mail not sent'.
Any ideas?
It's more than likely to do with the exchange setup, I know at our offices we have the option to enforce encryption and various different things from the server before allowing people to connect. As to why it's showing when you try to connect to the wifi network, I've no idea. It must be trying to access the domain.
Dave Trouser said:
On Android 2.3.x (in CM7 at least) there was the option to turn off this requirement. Annoying that it's been removed in ICS!
Click to expand...
Click to collapse
It has not been removed in ICS - this appears to be an HTC implementation.
I connect to the company 802.1x EAP network using PEAP and on my Galaxy Nexus there is no requirement to set a password/pattern, etc to store said 'credentials'. Only now that I'm trying this with my One X do I see this pop-up.
Yes, VPN credentials always required a password/pattern in ICS, but this ain't no VPN.

bypass mail app password checker?

so i just my new galaxy nexus and to check my work email (through an app called lotus), it checks my phone to make sure i have a 10char+ complicated password set. as you can imagine, having to enter a 10char+ complicated password everytime you want to get to your phone is annoying. is there a way to bypass this? i am rooted...
The password is thought, to kep the phone safe. Just make an easy password, and leave it be. And why not just use the mail app, that is shipped? It's good enough.
familyguy59 said:
The password is thought, to kep the phone safe. Just make an easy password, and leave it be. And why not just use the mail app, that is shipped? It's good enough.
Click to expand...
Click to collapse
company requires us use lotus and requires password to be extra strong
unknown00 said:
company requires us use lotus and requires password to be extra strong
Click to expand...
Click to collapse
So let me make sure this is clear: You are asking for help on bypassing security enforced by your employer, without discussing it with the administrative/tech support team? You are aware that many businesses have clauses that if you bypass their security, you can loose your job over it.
Honestly, I would attack this problem from the other end. Go to your manager and put a business case on why having such a strong password on a mobile device is not needed. Do your research and go in detail about how secure different passwords can be, look at the app, see if there is an auto-wipe for # of incorrect password attempts (if you can't brute force it, then a weaker password might just be as good). Mention the enhanced security the nexus device has (full device encryption), etc etc etc.
If you do it right, you will get recognition for being a forward thinker, for following the rules, and if successful, for saving the company money on their bottom line.
I do IT support and if one of my users by-passes my security, I'm talking to their boss and will SEVERELY restrict anything they do down to the bare minimum needed for the job.
It's also possible that you are in a position where you e-mail is highly sensitive and the risk of having that e-mail fall into a competitors hand is so great, that these security needs are required.
You can set the timeout b4 you are asked to enter your password again. I did it when i was on 4.0.2, but I can't remember where or how i did it though.
manager hates the pw requirement too and wants to get rid of it. it's something corporate put up that everyone complains about. there is nothing i can do personally as the company is too large. i just want to figure a way around it if possible
Herman76 said:
You can set the timeout b4 you are asked to enter your password again. I did it when i was on 4.0.2, but I can't remember where or how i did it though.
Click to expand...
Click to collapse
Bump, in case you missed it since we answered simultaniously.
unknown00 said:
there is nothing i can do personally as the company is too large.
Click to expand...
Click to collapse
And it's that attitude that will prevent any changes from occurring.
Personally, I worked at a company of about 100,000 people that has an international presence. I was successful with a BPI project where we licensed an application to manage multiple monitors (this is before win7) I had to show that the increased productivity offset the cost of the application.
Matridom said:
And it's that attitude that will prevent any changes from occurring.
Personally, I worked at a company of about 100,000 people that has an international presence. I was successful with a BPI project where we licensed an application to manage multiple monitors (this is before win7) I had to show that the increased productivity offset the cost of the application.
Click to expand...
Click to collapse
i work in a company of 400000+ internationally and is one of the largest IT companies in the entire world (take a guess ) but in all seriousness, it's not possible that 1 person can get rid of pw requirement. sry, don't argue that point
Figured it out. If you set security to pin (I only tested it with pin), you will get an option to choose timeout b4 you will get asked for pin again.
Combined with short timeout for screen off, I think this will be a good workaround.
Sent from my Galaxy Nexus using Tapatalk 2
Herman76 said:
Figured it out. If you set security to pin (I only tested it with pin), you will get an option to choose timeout b4 you will get asked for pin again.
Combined with short timeout for screen off, I think this will be a good workaround.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
i understand this is a "workaround" that may work but i'm looking for a permanent fix to get rid of it as a whole

What exactly does encryping encrypt? Any point?

Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Are there any know exploits / gaping security holes?
If my phone is lost or stolen is encrypted going to prevent any data theft?
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Thank you for any info,
BR
bob_ross said:
Since I'm totally new to Android. When you select encrypt internal memory what exactly is going on? What does it encrypt exactly? Contacts? Memos? Messages?
Click to expand...
Click to collapse
It encrypts your entire drive, at least /data and /sdcard, not individual files.
Are there any know exploits / gaping security holes?
Click to expand...
Click to collapse
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
If my phone is lost or stolen is encrypted going to prevent any data theft?
Click to expand...
Click to collapse
Supposedly, yes. But only if: 1.) You use a pattern/password/pin/face unlock on your lockscreen or 2.) You leave your phone off. If someone finds your phone, and you use only the slide lock and you leave it on, encryption is worthless.
Is it possible to have a separate (more secure) password that is just for device encryption other than the screen lock password? seems redundant that I must put in a password for device access and use the same password to unlock the home screen. Can two passwords be used?
Click to expand...
Click to collapse
I haven't used encryption, but I would have assumed that it would use a different password than the one for your Android user account. I'm assuming by your question that that's not how it works, in which case, that's kind of stupid.
Last question would be password. Is there a recommended minimum length? Don't want to type in a paragraph every time I unlock my phone.
Click to expand...
Click to collapse
Same rules apply to any password you create anywhere ever. A good mix of numbers and letters, no dictionary words, and probably 10 chars +. Use mnemonic devices to remember without making the password too obvious.
Thank you for any info,
BR
Click to expand...
Click to collapse
I should mention that you should also only bother encrypting if you will remain stock. If you plan on flashing ROMs, you'll just have to re-encrypt constantly. Plus, I'm pretty sure CWM and TWRP would be unable to wipe or install anything unless you unencrypt first anyway.
EndlessDissent said:
It uses AES-256 encryption. Not even the NSA (or any other government agency, or anyone without a supercomputer) can crack it.
Click to expand...
Click to collapse
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
advancedbasic said:
Eh, I wouldn't be so sure. If I can build a device for like $3k that uses an array of consumer grade graphics cards to test 30B+ hashes per second the NSA probably has some insane computing power. Not saying it's cheap, but if they want to decrypt something of very high importance I bet they can do it, even for 256-bit AES.
Click to expand...
Click to collapse
Thanks. I hadn't read about AES-256 since I encrypted my laptop several months ago. I looked it up again, and the part about the NSA was that they approved AES-256 as their own encryption model for top secret documents. The NSA must trust AES-256 at least marginally.

Need help unlocking a device.

Hello, my stepdad passed away last week and we were left with his phone thats locked with a fingerprint plus a security password due to the amount of people that tried putting their fingers on it anyway.
This phone has a lot of important pictures and videos of my little brother and phone numbers of people who still don't know he passed away, the notebook he left behind only has outdated numbers and we haven't been able to find these people yet.
He didn't know about developer tools so he didn't know about OEM unlock, USB debugging, and didn't even have usb media transfer enabled, due to that there's no way for me to use twrp and aroma file manager as far as I know.
Is there anything I can do to get into this phone without losing the files?
XenolithD said:
Hello, my stepdad passed away last week and we were left with his phone thats locked with a fingerprint plus a security password due to the amount of people that tried putting their fingers on it anyway.
This phone has a lot of important pictures and videos of my little brother and phone numbers of people who still don't know he passed away, the notebook he left behind only has outdated numbers and we haven't been able to find these people yet.
He didn't know about developer tools so he didn't know about OEM unlock, USB debugging, and didn't even have usb media transfer enabled, due to that there's no way for me to use twrp and aroma file manager as far as I know.
Is there anything I can do to get into this phone without losing the files?
Click to expand...
Click to collapse
If you can sign in his Google account, on another device, you can remote change pin.
Sent from my ali using XDA Labs
sd_shadow said:
If you can sign in his Google account, on another device, you can remote change pin.
Sent from my ali using XDA Labs
Click to expand...
Click to collapse
Thats through Find My Device right? When I tried it it said that if the phone already had a lock screen I wouldnt be able to use the temp password.
To get all these photos and the other stuff stored on the device you need to know your stepdad's user login anyway. Every change of the security settings requires a password confirmation.
But maybe there's an active login on the notebook you mentioned. Did he use chrome? The password could be stored by the password manager.
As a final step you could try to reset the password with his phone number if still active.
WoKoschekk said:
To get all these photos and the other stuff stored on the device you need to know your stepdad's user login anyway. Every change of the security settings requires a password confirmation.
But maybe there's an active login on the notebook you mentioned. Did he use chrome? The password could be stored by the password manager.
As a final step you could try to reset the password with his phone number if still active.
Click to expand...
Click to collapse
Unfortunately none of the passwords saved in his account worked on his phone, but we discovered that all of his phone's pictures and videos were automatically uploaded to Google Photos (I should have checked there first and I'm embarrassed), and we had a few emotional hours. Now that we have the pictures we don't need to unlock his phone anymore. Thanks for everybody who helped, I really appreciate it.
XenolithD said:
Unfortunately none of the passwords saved in his account worked on his phone, but we discovered that all of his phone's pictures and videos were automatically uploaded to Google Photos (I should have checked there first and I'm embarrassed), and we had a few emotional hours. Now that we have the pictures we don't need to unlock his phone anymore. Thanks for everybody who helped, I really appreciate it.
Click to expand...
Click to collapse
I'm glad to hear that you could solve the problem!

Categories

Resources