Hello guys I would like to ask if there is any way to "disable" recovery flashing and wipe as well as the download mode in my new Note II. The reason is that I have installed cerberus and i would like to stop the thief from flashing another rom and loose protection. If there is not any way to disable it please tell me a way that will be very difficult to do so. Thanks in advance.
Nope ... just like Apple ... even with passcode lock someone can still restore stock using DFU mode(Apple) and Download mode(Samsung)
The passcode locks are to prevent your data at best not the phone
If i format the recovery partition? Or destroy some recovery files?
dont try to be foolish..dont meddle without proof............why are you so sure that your phone will get stolen?
download mode is 2 steps after phone boots.
1st - power is initialized and the super base of the phone calls boot loader
2nd- boot loader loads the download mode.
so it's absolute base.
if you disable download mode, you won't be able to root/unroot/your company won't be able to give you any service etc.
don't be assured that your phone will be lost.
rather setup mobile tracker, which may still be deleted if the thief is super intelligent to factory reset it.
if you are very freaking insane about this, embed the app into system. which may still be deleted.
:/
UtkarshGupta said:
download mode is 2 steps after phone boots.
1st - power is initialized and the super base of the phone calls boot loader
2nd- boot loader loads the download mode.
so it's absolute base.
if you disable download mode, you won't be able to root/unroot/your company won't be able to give you any service etc.
don't be assured that your phone will be lost.
rather setup mobile tracker, which may still be deleted if the thief is super intelligent to factory reset it.
if you are very freaking insane about this, embed the app into system. which may still be deleted.
Click to expand...
Click to collapse
I am almost sure that my phone will be stolen cause i am 16 years old and 2 of my friends' phones got stolen as well as my bike You will say "Why did you bought suck an expensive phone?". The answer is that i cannot live without high technology, as soon as there is a new exciting thing in the market i wanna buy it. Anyway, I hope that I will be lucky and if my phone get stolen, the thief will not be expert. I have cerberus, the hidden version.:good:
If that is the case you should get pink phones and insurance. Yeah it may suck having a pink phone and getting made fun of but less likely to be desirable. And then of course insurance to mitigate cost of replacements.
Sent from my GT-N7100
If you are American buy a gun and have it with you. If someone comes to rob you, just shoot the bastard.
Anyway. You can setup Cerberus to take photos with the front cam also.
Abd just do not sgow off with phone in hand in bad neighbourhoods
Sent from my GT-N7100 using xda premium
Go for "where's my droid" application
Inviato dal mio GT-N7100 con Tapatalk 2
In security settings, you can crypt your device and your external SD card, if your phone is stolen, no one can steal your data.
You have also a SamsungDive account to track and make your device ring, you need wifi or 3g activated in order for this function to work.
I agree that a password protected recovery is a very good idea.
Too bad that this thread doesn't generate more interest. All these "security" apps(find my droid/cerberus etc..) are basically useless as everybody who steals phones will wipe them right away. Having a password recovery and download mode would be the ultimate protection and could even discourage theft from attempting to steal.
Some security apps are stored in /system and survive a wipe (but not an ODIN flash).
Why no more interest in "absolute protection" :
- thieves won't give you back your phone even if it is unuseable, and they can still sell it for parts
- mess up, forget the password => brick
- whatever your local repair shop can do to restore your phone, bad guys can do it too
If you are so sure your phone will get stolen, get insurance.
Related
Questions answered in the below quotes!
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
martonikaj said:
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
Click to expand...
Click to collapse
_Dennis_ said:
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
================================================================================================================
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Isn't that what you want them to do? Even if they're not sophisticated enough to wipe it you're just going to wipe it yourself considering the chances of getting it back are slim to none.
Either way, the device gets wiped.
EddieN said:
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Click to expand...
Click to collapse
Indeed, I have wondered this a few times too. I mean, hopefully if you lose your phone then you'll be able to find it before any of this stuff happens...but not necessarily. If the thief turns your phone off/battery pulls then they effectively win! I suppose the benefit of a non-removable battery is that, if you have a lockscreen password, then the thief should find it hard to even power off your device!
I think a lock on CWM should be implemented...but who wants to forget their password to CWM and never be able access their device again? Not me!
---------- Post added at 10:35 AM ---------- Previous post was at 10:34 AM ----------
martonikaj said:
Isn't that what you want them to do? Even if they're not sophisticated enough to wipe it you're just going to wipe it yourself considering the chances of getting it back are slim to none.
Either way, the device gets wiped.
Click to expand...
Click to collapse
That's true...didn't think of that. Still though...I'd prefer my phone back!
Unlocking the bootloader would wipe the phone, and afaik there is no way to prevent that. Also, it isn't going to stop your phone from getting stolen...
Well sure, if my phone gets stolen it gets stolen. I don't have it anymore. But Avasts Anti-Theft enables you to send SMS commands to lock/wipe the phone, turn on/off GPS, disable any user interaction except from SMS messages from TRUSTED numbers etc. So even if I don't have the phone, BUT I have a password protected CWM, the phone will be useless as they cant flash a new ROM or have access to the OS/internal SD (thanks to disabling USB when the phone is flagged as lost) so it's just a paperweight with no resell value no matter what sim or battery they insert. It will be locked.
As long as they have the phone turned off, sure, I can't access it's location and whatnot. But at the same time they cant do anything with the phone either. I also doubt they'd disassemble the phone and take the time to somehow hardware flash the ROM chip to force a flash.
There have been cases in my country where people have gotten back their ipads/iphones/phones that have their respective "find my phone" if it gets lost/stolen etc.. Manufacturers don't implement functions like this for nothing, and law enforcement is usually helpful in cases like this if the GPS location and IMEI number are provided, as well as proof of ownership (which is displayed on the lock-screen of Anti-Theft as well as the IMEI).
It just seems contradicting having an Anti-Theft option when CWM is a few button presses away from wiping the phone and everything along with it, totally crippling anti-theft software.
Locking the bootloader every time I flash a rom (just in case i go out that one night and get robbed etc.) is a pain, and even if they unlock the bootloader everything is wiped anyway (including Anti-Theft).
The only reasonable solution is to have a password protected CWM. But of course, it's a HUGE risk if you forget your password to it.
and afaik by wiping through SMS, it only wipes the personal data (pictures, sms, anything personal) but keeps the rom intact as not to break the Anti-Theft. It would be really stupid if you remote wiped and the entire rom was wiped? Given that the thief isn't as smart as the regular XDA-crawler they'd need to flash a custom rom for it to even boot after that. But that's another story. Point being that remote wipe doesn't wipe the rom. Only all settings/personal data so a thief cant access private info.
imo if my phone got lost/stolen i'd try to (before it would happen) safeguard myself as much as I could to maybe at least have a small chance of getting it back. You never know.
Completely unnecessary, just call your carrier and report your phone lost/stolen and have them blacklist the IMEI number, done.
In any case, I can't even see a reason for this sort of childishness. If you lost your phone, bad on you, take better care of your things; if you had your phone stolen because you weren't paying attention to where it was, again, bad on you, take better care of your things; if you were threatened and mugged at knife/gunpoint, give the damn phone up and be happy, your life is worth more than any stupid phone, **** happens and then you die.
ZeroBarrier said:
Completely unnecessary, just call your carrier and report your phone lost/stolen and have them blacklist the IMEI number, done.
In any case, I can't even see a reason for this sort of childishness. If you lost your phone, bad on you, take better care of your things; if you had your phone stolen because you weren't paying attention to where it was, again, bad on you, take better care of your things; if you were threatened and mugged at knife/gunpoint, give the damn phone up and be happy, your life is worth more than any stupid phone, **** happens and then you die.
Click to expand...
Click to collapse
There's no reason to be rude and condescending. A phone can be lost/stolen no matter how careful you are. Of course your life is incomparable in value to a stupid phone, but that's not what this thread is about so no reason to go OT.
Back OT though, I still believe a password system should be looked in to. What if this wasn't about your phone being stolen, what if someone is just screwing with your phone? Why DO we have passwords? We have them to keep intruders at bay for things we don't want them to have access to. I wouldn't want anyone to be able to access CWM and wipe my phone.
It just seems strange how such a powerful tool can render any lockscreen/pin unlock/pattern unlock useless by just wiping the phone and reflashing a rom (keeping personal data such as pictures etc.) and gaining access to them anyway. It renders all these passwords/lockscreens etc. useless.
EddieN said:
I wouldn't want anyone to be able to access CWM and wipe my phone.
It just seems strange how such a powerful tool can render any lockscreen/pin unlock/pattern unlock useless by just wiping the phone and reflashing a rom (keeping personal data such as pictures etc.) and gaining access to them anyway. It renders all these passwords/lockscreens etc. useless.
Click to expand...
Click to collapse
So does the stock recovery. Doesn't seem as if anyone is complaining to Samsung or Google asking them for password protection on stock recoveries.
In the end, it's a portable communications device designed to be in your possession at all times, and if it is in your possession at all times, then there isn't any need to worry about a 3rd party wiping your phone randomly.
I am also hoping for password on the recovery.
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
EddieN said:
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Click to expand...
Click to collapse
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
This.
You can wipe (or obtain all the data stored into io) a galaxy nexus directly from the bootloader... Even before loading the recovery...
If I was in you i would care more about stolen data/photos and so on... (ics support full system encryption but clockwork mod does not iirc)
sooooo?
So back to the original question Any1 no of a hack that password protects recovery? Its a great idea and for those that don't think so for whatever reason wouldn't have to use it .
drawde40599 said:
So back to the original question Any1 no of a hack that password protects recovery? Its a great idea and for those that don't think so for whatever reason wouldn't have to use it .
Click to expand...
Click to collapse
Did you not read the thread? Its a waste of time to do this...
I guess it's a conundrum for us hacky types - unlocked bootloader lets us do all sorts of stuff, and gives us an escape hatch from unstable ROMs without losing our data. But it also lets anyone else get full access.
Now what would be nice is if the unlocked bootloader could be configured with a password. So it's effectively locked for everyone else unless they wipe.
cmstlist said:
I guess it's a conundrum for us hacky types - unlocked bootloader lets us do all sorts of stuff, and gives us an escape hatch from unstable ROMs without losing our data. But it also lets anyone else get full access.
Now what would be nice is if the unlocked bootloader could be configured with a password. So it's effectively locked for everyone else unless they wipe.
Click to expand...
Click to collapse
Even if you have a locked bootloader, all they have to do is type Fastboot oem unlock, and your data is wiped. With the phone we have, there is NOTHING you can do to stop someone from wiping it. If we could put a password before that, this would be the only safeguard (like a bios lock on a computer).
Sent from my Galaxy Nexus
bwcorvus said:
Even if you have a locked bootloader, all they have to do is type Fastboot oem unlock, and your data is wiped. With the phone we have, there is NOTHING you can do to stop someone from wiping it. If we could put a password before that, this would be the only safeguard (like a bios lock on a computer).
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Right, there's the separate questions of data integrity vs. tracking software integrity.
Most Androids, with stock recovery, are capable of being wiped too without booting into the OS at all.
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
martonikaj said:
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
Click to expand...
Click to collapse
_Dennis_ said:
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Well thanks for the great insight then! I didn't know fully that you could, still, even with a hypothesized passworded CWM, gain access and flash a new recovery before even getting into recovery (i haven't stumbled upon a situation like this yet)
So really there is no way to fully PROTECT the device with a password per se, unless you, like someone said, keep it fully stock with the bootloader locked. That way the device will be wiped anyway. Or have some kind of a BIOS-lock.
The thread was made to merely speculate if a password for CWM was feasible, and if it was, if it would do any good. Since we have come to the conclusion that it is not (any good at least), the best thing to do is to simply encrypt the phone, put a lockscreen pin/pattern or something like it and take care of the phone (of course). If it gets stolen, it does. Call the carrier and flag the IMEI. I know that already, but it would be a nice consolidation to somehow have some hope of getting the device back.
Needless to say you probably never will. So be careful guys!
Thanks for the thread and the knowledgeable inputs, there were apparently a few more peeps wondering about the same thing as I so I hope it helped them
If your device gets stolen or lost it sure would be nice to have recovery password protected to stop a quick factory reset or rom flash.
Has anyone seen this done?
This could help preserve security software for as long as possible to assist in locating the phone
Having the Power Off/Reboot password protected could also buy some time if the back cover was glued on
I'm using cerberus but it didnt survive a dirty flash from jediX7.2 -----jediX8. This was with cerberus_disguised-ICS.zip rooted running in admin mode.
But none of this software will work if they pop the sim or batt out. Hence the glued on cover. But the power off/reboot would need to be password protected.
I can buy a new back cover for $10 after I break it to take it off. A lot more for a new phone.
Reason I bring this up, just yesterday my bud sat on a couch in a mall. Phone fell out there. Realized it 2min later and called his number but it was off already
I doubt it's possible to prevent thieves from using Odin anyway. There is a way to encrypt the phone to make one unable to enter recovery, at least it was on my sgs, but it still won't prevent the phone from being recognized on Odin.
Sent from my GT-N7100 using Tapatalk 2
In regards to your mates mobile if a factory reset was not done maybe he could try to install 'plan b' by lookout mobile security from the app store to locate his phone.
Sent from my GT-N7105 using xda premium
I've tried plan b on a note 2, S3 ,s2x and galaxy tab7. All installed remotely but none sent an email to me.(even with texting "locate") Thank you for the suggestion but not much faith in that one at this point. ( although we did send that app to his phone)
Never really thought of that... With all the security features that could be enabled on the OS it seems pretty easy to just access recovery mode and format. I figured it would've been figured out by now and a solution would've been available. would be nice to have an option to set a Security pin on the recovery and download mode. And that the only way to disable the security pin incase one forgets would be to add a secondary option to unlock.
Sent from the Rabbit Hole
One could still force the phone into download mode with a jig. No way to be 100 percent safe I'm afraid.
Sent from my GT-N7100 using Tapatalk 2
Not looking for 100% security. But something better than what is. When you lose the phone it is too easy to shut it off/ factory reset ect.
So I guess what I'm asking is more to the Devs...how hard would it be to password protect the off/recovey option switch in a custom rom? I'm sure the twrp/cwm guys could build a secure version.
Forgive me as I'm still new but is the CWM stored on the same chip as the ROM like on a PC?
Sent from the Rabbit Hole
If you are like me, you should have all your favorite apps, documents, pictures etc. stored right on your phone that basically gives a full picture of who you are as an individual. You also have been pretty satisfied with the pattern, pin number, password or face unlock or all of these together as a security you have in place to prevent unauthorized access. But here is something that happened by accident that led me down this thought process. While trying to yank out the phone from my pocket while driving (which when you are getting a phone call especially becomes the most impossible task), I noticed that the phone "Power Down", "Restart", "Airplane Mode" pop up was on. This is on top of my regular swipe to unlock with pin number lock screen. This made me curious and noticed that the back button will work to close this pop up and also the power button works to reactivate this pop up. I hope everyone is with me till here. What surprised me was that the phone will actually turn off or restart from this point without the need for an unlock code. This means anyone with rooting and backup knowledge can steal my phone, restart my phone into recovery and wipe it to make the phone their own or just create a backup (CWM) and through that access my personal information. I know that photos and documents stored on the external card is open unless encrypted. But I hoped the internal data would be secure.
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
TL;DR version
If phone is stolen and person has knowledge of android they can factory reset your phone, even if you have a password setup. If they enter recovery they can wipe data and factory reset your phone and now it is usable for them.
My theory if you have your phone rooted I wish there was a way to lock the recovery with a password. Unfortunately ODIN will always be available able to get back to stock. Cerberus is a great app to have full control of phone if stolen FYI
DesperateScorpion151 said:
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
Click to expand...
Click to collapse
As soon as I realize it is missing I would activate the wipe feature in this software.
https://play.google.com/store/apps/details?id=com.lookout&hl=en
If I have your phone in my possession I guarantee I can hack it regardless of any security measure you make take, so the best solution is to be able to wipe it remotely.
technically even a remote wipe is not enough if the thief is knowledgeable. I accidentally wiped flashing in Odin with nand erase checkd and recovered everything that was on it using this
http://forum.xda-developers.com/showthread.php?t=1994705 so your never completely safe
Exactly my point like everyone else confirms it here. We have advanced so much to a point that even a 9 year old (not that 9 is too young to know computer basics) who is familiar with basics on rooting after reading through forums after forums can get away with stealing a smart phone now a days. At this point the only way I could think of protecting my data (first priority) and then track my phone is if the tracker is incorporated into the boot loader or recovery itself on top of what ever software you have installed in the OS. So if the thief tries to unlock my phone after a restart, the installed software should take care of the rest but If he/she is smart enough to go via boot loader or recovery then the incorporated tracker can do its thing. Anything of that sort exists?
Did you forget you could just pull the battery to get into recovery?
Why do you need to pull the battery?
Aerowinder said:
Why do you need to pull the battery?
Click to expand...
Click to collapse
You don't, but its easier than going through all of the steps OP posted.
I really doubt my data is worth anything. Pictures of my cats aren't exactly hot commodities and I don't store anything on my phone that I wouldn't publicly reveal, anyway.
I wouldn't be worried about my worthless information, just annoyed I was dumb enough to let it get stolen. Yeah, I know that basically anyone with half a brain can wipe a phone and re-sell it - it always amazes me when people think that thieves aren't smart enough to do that.
I'm cynical. Saves a lot of worry since I just expect the worst, I guess.
They get into your email where it may be more info to compromise.
Sent from my SGH-T999 using xda app-developers app
I would be less worried about the minute possibility of a phone thief targeting your personal information than I would be about your personal data being mined from your phone by numerous applications.
Bottom line is, if you use Google or Facebook, you personal information is already in the hands of giant corporations who will never be held accountable for the theft of your personal info.
Take Facebook for example - within the app, the only time it should ever ping your location is if you are using FB chat and have the location setting enabled. However, even when you disable location within FB chat, every single time you open Facebook it uses your GPS to get your location. Every time.
In addition, although you are unable to see it in action because there is no notification icon for it, I would bet a million bucks it's also pulling your network location if your GPS is off.
Facebook is constantly working in the background - even if you never opened it.
Google? I won't even begin to try and explain the amount of data they are collecting from you. As is T-Mobile, Sprint, Verizon, ATT, etc. every single second that your phone is on with data enabled.
Should we be concerned with some random thief who knows the ins and outs of Android pulling your data? Sure, we should think about it. But the reality is, if you own a smart phone your information is already out there in the hands of companies who will use it to any end they can in order to turn a profit. Period.
ButWhile I see the pros and cons of different parts involved in using social networks and so forth, one thing we can (at least for now) be certain of is that they won't use your credit card information etc. to make illegal purchases and so forth. I know of a person who routinely used the credit card app to check balance, pay bill etc. and next thing he was getting phone calls to see if the purchases made at a casino in Spain are OK?! This is without ever losing the phone!!. So, it could be worse in the case of phone loss. Sure, personal data, pictures and even email to some extent is not as bothersome to me as identity theft. Thank to some anti-fraud features of the banks etc. one can deny and simply not be associated with that activity (of course in legitamate cases). My friend ended up getting another card with different number and they closed the online banking account. He had to re-register all over with another id. So, it can be a big hassle. I heard of cases where people had to hire lawyers and run around courts to prove their innocence due to identity theft. Of course if you keep a picture of your driving licence on the phone, you are really asking for it so... (trust me, one girl was doing this because she didn't want to carry her purse/wallet on night outs)
Having said that, I am always worried if the roms we download here in XDA have trojans or backdoors built into kernels and system files... I know that it is like doubting even the good devs but how do we know for sure? Unless you are really an in-depth expert and figure out all the details such as processes and ports that are open and so forth, how do you really know? The phone's data icons keep pinging back and forth every now and then and at times I wonder what's being sent and what is it receiving... just sync'ing contacts...or...??
Call me paranoid but, after what happened to my friend, and similar stories, I am a bit skeptical about the security and integrity of the ROMs in the first place... Now, mostly I download and try different roms and settle on one that suits my preferences. I use the phone for calls as well as to make general tasks easier in many aspects except financial transactions. In short, I don't trust my smart phones.
For those of you wondering what Google is tracking, (not by any means the only place to look) login to your gmail account and look around different settings. You'll see web history, phone data to name a few..
Hi,
Last week my friend was robbed..and that bugger had the guts to snatch his Note 2 from his hand and run away in a moving bus... he had ADM & Kaspersky Security installed. this is how it happened, the incident took place at 9:27 AM he called me immediately and while i logged in on the site and fire the lock and remote wipe commands it was 9:46 AM.. very obviously the bugger had removed the sim immediately so non of the commands were executed and it is highly possible that he will sell it to some local shop who will first flash the mobile before using it..apart from filing a complaint at police station and putting the IMEI number under surveillance which I know is not happening any time soon.
My question is : Is their a way where we can restrict Flashing the mobile with a password..and to unlock the flashing security the mobile needs to be switched on and connected to a network.. this will at least give us some time for remote wipe and location tracking of that thief/ or otherwise at least he will not be able to use the hardware at all.
Thanks in advance
There's no way to locate your phone if its not connected to network and there's no sim card installed. If theif is smart enough, he will first switch it off and take out the sim card. If he's dumb, he will start calling( from your sim with internet connected) his friends that he stole a new phone..lol
And you know, its android. You can reset very easily and flash custom rom in recovery.
This is how I lost my GNote1 while travelling. It bumped out of pocket and fell somewhere. Then I called it from my friends phone and it was switched off. Tried locating but it couldn't locate...
Sent from my JellyKatted Note2
Exactly Manny thats what i am saying...but can we have a way to stop that phone getting flashed ? I mean can we have a recovery mode password or something that way he won't be able to flash any rom on it...if i am not able to use it...that losser has no right to use it as well rght?
Sent from my GT-N7100 using Tapatalk
adityaomverma said:
Exactly Manny thats what i am saying...but can we have a way to stop that phone getting flashed ? I mean can we have a recovery mode password or something that way he won't be able to flash any rom on it...if i am not able to use it...that losser has no right to use it as well rght?
Sent from my GT-N7100 using Tapatalk
Click to expand...
Click to collapse
No way..recovery can't be password protected. If password protection was possible, you should already had it password protected. Since you don't have, its very easy to flash any rom.
Sent from my JellyKatted Note2
mannyvinny said:
There's no way to locate your phone if its not connected to network and there's no sim card installed. If theif is smart enough, he will first switch it off and take out the sim card. If he's dumb, he will start calling( from your sim with internet connected) his friends that he stole a new phone..lol
And you know, its android. You can reset very easily and flash custom rom in recovery.
This is how I lost my GNote1 while travelling. It bumped out of pocket and fell somewhere. Then I called it from my friends phone and it was switched off. Tried locating but it couldn't locate...
Sent from my JellyKatted Note2
Click to expand...
Click to collapse
exactly how i lost my Note 1 too.. in a metro
Sadly not I'm afraid- can't protect a recovery in any way as far as I'm aware.
marty141 said:
Sadly not I'm afraid- can't protect a recovery in any way as far as I'm aware.
Click to expand...
Click to collapse
And even if you could, anybody could just flash a new recovery through Odin.
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Just to share, I found following to be foolproof
- Setup Pin + Fingerpints
- Setup Pin / Password for phone startup
This
- Keeps the device encrypted
- Unable to boot without pin
- Unable to access TWRP without pin
- Doesn't auto-mount on USB connect
Still, it would be interesting to hear about any cons of the above setup.
hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
zelendel said:
The easiest is to not get it snatched. Or if it does you chase them down and get your phone back. But barring that not alot you can really do and ill explain why.
When someone steals a phone, they dont care about the data on it. They are either gonna sell it or use it. Either way The device has the sim removed with in sec of it being taken and then it is reset or flashed to stock to remove any and all locks. This normally happens within minutes if not seconds of a device being stolen.
Click to expand...
Click to collapse
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
hyperorb said:
A little while ago my brother had his iphone6 snatched. Now with Iphone, I know cannot be mounted to usb directly or even via recovery.
I know pin, fingerprint etc block access to the phone. I want to understand about other ways to access internal storage to gain access to photos and any other documents
That makes me ask - What security options we have for android - in particular OP3 (have 2 of them) and how can we make it more secure. ? Both my phones have Blu_spark TWRP + Freedom OS 2.10, if that matters.
Click to expand...
Click to collapse
Cerberus is a really nice app... You have alot of options sadly it isn't free! But heyy, it's cheap and it's functional! Other then that keep your device encrypted and a boot password should do.
As long as you're not rooted and unlocked, it will be a bit hard for an thieve to have access to your phone. Leaving ADB on, might as well decrease the overall security of the phone.
I for example was given a tablet which had a Google account synced with it, and resetting from recovery only made me renter the credidentials previously used to be able to pass the setup.
My luck was that the guy left ADB on and with a simple command I bypassed the setup screen.
hyperorb said:
Interestingly that was not the case. They remained in contact and kept on asking for phone passcode; which we did not give.
I'm not aware if its equally east in iPhone to enter into (kind of) fastboot mode and erase entire storage. In such case the loss remains of the phone and nothing else ; specially when we may have financial apps too on the phone.
Click to expand...
Click to collapse
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Renosh said:
Not sure about iPhone's but for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
zelendel said:
No apple doesn't have the option. Main reason the fbi had to pay to have an iPhone unlocked not to long ago.
Part of the reason I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
zelendel said:
Exactly. If someone steals your device 99.98% of the time it is too use it or sell it. With way your data is meaningless.
As for them wanting your pass code the above is right. But as they couldn't reset it you could have reported it stolen and the police may be able to find it but most of the time they have better things to do then recover a lost cell phone.
I used to work with people that felt with stolen cell phones. I can say the normally. Withing 30 min of a device being stolen the data is gone. And when I say that I mean a complete DOJ style wipe, format and imei change.
Click to expand...
Click to collapse
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
2x4 said:
....so do all iOS keyboards, both first and third party. it's required for them to function
---------- Post added at 09:25 AM ---------- Previous post was at 09:23 AM ----------
this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
No its not really. It's so they can send relevant ads. Those that remember smartphones before Apple or Android knows that it is not really needed.
zelendel said:
That can easily be bypassed by wiping the data off the device and flash a stock rom to it. The only the the FRP does is prevent them from getting at the data.
Click to expand...
Click to collapse
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
2x4 said:
but how can they flash a stock ROM onto the device if the "require PIN before startup" option is selected? how can they flash if recovery has a PIN on it?
Click to expand...
Click to collapse
Because that is before startup and not the bootloader, even with those set up they normally dont cover download mode or what ever mode that particular OEM uses (not all use the same). In extreme cases with some apps that make it a bit harder or people just dont want to be bothered to mess with things too deeply there are tools available that Will push the update right to the board bypassing all security. Sure its a little extra work but it is a sure bet when you cant get into a device and cant be bothered hunting down getting around it.
Also for the passwords on startup. any password cracker would take out the average password in a matter of min.
This has been very interesting and so much to learn. Thank you all for great inputs.
zelendel said:
I never advise doing any sort of banking on a device as there is just too many security risks. I, mean even android keyboards monitor what you type.
Click to expand...
Click to collapse
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Puddi_Puddin said:
Cerberus is a really nice app...
Click to expand...
Click to collapse
Have it in all my Androids Very helpful at times, even for non theft purpose..
XDRdaniel said:
Leaving ADB on, might as well decrease the overall security of the phone.
Click to expand...
Click to collapse
Thanks. Will read more on this.
Renosh said:
for newer Android phones as long as you are encrypted and have a pin/password set for boot, a thief would just wipe the phone return to stock and sell or use it. 99.9% of the time they just want money so the likely reason they wanted your pass code is they couldn't sell it cause they were blocked from resetting it temporarily. As long they have a physical device and unlimited time they will eventually reset it and get rid of it.
Click to expand...
Click to collapse
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
zelendel said:
With way your data is meaningless.
Click to expand...
Click to collapse
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
2x4 said:
. this is exactly why that semi-recent feature added by google which requires you to log in with the previously added google account in the phone before initial setup following a factory reset is very useful - it makes the phone unusable/unsellable (unless im missing something?)
Click to expand...
Click to collapse
Hmm.. I think I came across that in OP3. Didn't pay attention though.
zelendel said:
Because that is before startup and not the bootloader,
Click to expand...
Click to collapse
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
hyperorb said:
This has been very interesting and so much to learn. Thank you all for great inputs.
Yes. But then Microsoft too is not clean. Browser , Windows.... That way we can never work.
Have it in all my Androids Very helpful at times, even for non theft purpose..
Thanks. Will read more on this.
Once a phone is lost, there's little chance to get it back. Device loss is one thing and data loss (or rather data access) is another. The later at times can have more problems.
I used to keep my id papers (for ease of printing anywhere as needed) on phone (Nokia N5). Lost that phone .. and till date I hope no one used those to buy services, do illegal stuff. That was a lesson learnt hard way
Depends where you are. There are places where one can avail services in other's name using fake ids or stolen data etc.
Hmm.. I think I came across that in OP3. Didn't pay attention though.
It is better to loose one than two. Phone is anyways lost .. so at least we can try secure data. Let them wipe and then get nothing in hand.
Click to expand...
Click to collapse
You don't need to steal someone's phone to get a fake ID with their info. 1500 usd will get you that without it.
As for getting nothing in hand. They got exactly what they wanted. The device. Unless you work for the government in a high place. Then your data is meaningless on your phone. You already put it in enough places on line while using a pc that if they want it they already have it.
I could easily steal someone identity with a little more then what they post on Facebook or other social media outlets.