I was a bit confused about how to use OpenVPN on an Android device because there was so little information around. I thought I'd post this to make it easy for others. It turns out to be very simple. I have an Android phone (Note 2, Jellybean) rooted and Busybox installed, but neither is necessary.
The following steps relate to using an Android device with a commercial vpn service (like an anonymizing service amoung others), but they should help clarify in other situations.
Step 1: download the OpenVPN config files from your vpn provider.
Step 2: download, install and start "OpenVPN for Android by Arne Schwabe" (O4A) (get it from any android app source, it's free, but donation to the author is optional and its a great app).
Step 3: on the "VPN Profiles" page of O4A, use the folder icon upper right to browse to the .ovpn config file for a server, select, and save it on the following page. The server name will appear on the Profiles page.
Note: Sometimes the server config files include a .p12 file which O4A will want to import, then require a password to decrypt...just uncheck that file (upper left) before saving; later O4A will ask for a password, just leave it blank and hit "OK", it will connect just fine (at least with my vpn provider).
Step 4: open the settings for the server you just imported (icon to the right of the server name), navigate to the "Basic" page, and enter your username and password at the bottom of the page (if your provider uses the u/p type connection). YOU ARE DONE (but, you will need to repeat this for each server you want to use).
Step 5: tap on the server name on the "Profiles" page, O4A will open the log file and you will see it going through the steps of the connection process in both the log and the notification bar . When it's finished successfully, you'll see "connected". You can check the connection in the log file. Also depending on your device the connection will show in the notification bar for as long as its connected. You can disconnect by tapping the notification.
The correct configuration settings for OpenVPN are usually included in the .ovpn file, so you likely won't need to change any config setting in O4A. However, you can add the line "auth-nocache" to the .ovpn file manually or add it on the O4A page "Advanced -> Custom Options". This will prevent the username/password from being cached if that's important to you.
NOTE: Using dnsleaktest.com I have noticed that google dsn servers appear sometimes as a dns server. This might represent a dns leak as there would seem to be no reason, for example, for a European located server to use a U.S. located google dns server. I'm not clear about why the google servers are showing up, maybe someone can verify/clarify.
However, you can force a dns server of your choosing by going to the "IP and DNS" page of the server config settings in O4A, and select "Override DNS Setting by Server". You can then use the default dns servers chosen by the author or enter your own.
Enjoy!
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
IMHO, anyone who cares about their privacy should use a vpn. It does give you privacy on the web. Otherwise all your net activity, email, messaging, etc.are recorded by your ISP as well as snooped by various international TLAs (three letter organizations i.e. FBI, NSA, CIA, GRU, etc) and commercial entities seeking to monetize your information.
There are many vpn services around, some good, some very bad. After doing some research, I've been using Perfect-Privacy.com for a few years. Some of the things I like about them are: you can sign up and pay anonymously, They have over 40 servers in some 20 countries. You can switch between servers from your machine in seconds. You can chain 2 or more servers for even stronger privacy (though you probably don't need that). They have free port forwarding (needed for some p2p progs). They do not log anything anytime. They donate part of their server bandwidth to the TOR project. Their servers are fast (I can dl at my ISP's cap speed (@12 mb/s) but PP's bandwidth is much higher if you can use it). There's no limit on your traffic. Their up time is very good...occasionally a server goes down, but they get it fixed timely and with 40 servers to choose from its not a problem. Their staff is friendly and responsive (though you should plan on following instructions for setup...pretty easy). They use OpenVpn with AES-256 bit encryption which is currently unbreakable (PPTP and L2TP are hackable) (they also provide access via SSH2, Socks 5, Squid, PPTP and L2TP). My take is that they are very committed to privacy; Overall I think the quality of their service is excellent. All that said, they are a bit more expensive than some vpns, but worth it IMO. You can sign up for one month to try it out, then apply that to a cheaper longer time if you like it.
BTW, you could use TOR (The Onion Router) to check out using a vpn. Its a great project, open-source and free! Its a bit slow because it chains through three servers and all the nodes/bandwidth are donated. But it works well and is a great great service to those who understand that privacy is important. Be aware that the TOR admins ask people not to use it for p2p because that lags down the system.
Hope that helps. Good luck
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Glad to help. BTW TOR has a free web browser package with the TOR function already built in. Just download it, install and you're up and ready to browse anonymously. Easier than that it doesn't get Search for TOR, you'll find it.
Related
Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.
suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....
Since I run TOR on my computer I figured I'd check into it for Android and wouldn't you know, it exists. In this age of tracking and privacy going out the door, it's nice to still be able to retain a bit of anonymity.
EDIT: I figured I'd add a small explanation for anyone that's interested in this and doesn't know what TOR is.
Without getting into great detail, some of which I'd have no clue what the hell I'm talking about, it's a way to be anonymous. If you do it correctly no longer will your IP address show up as you current IP which can be used to spy, hack, trace, ad target, and so on. Your IP will show up as something else. e.g. My current location is Overland Park, KS - my IP will reflect this, my ISP also knows my exact address from that IP. With TOR my IP shows up as being located in say, Russia. Problem solved, no more tacking and other bs.
This isn't a pass to do what you want online, you're still a human so act like it. It's just a take back a little bit of privacy and anonymity.
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Click to expand...
Click to collapse
Thanks theSpam
UPDATE: I fixed the issue of Orbot not connecting me to the TOR network. There are more in depth methods but I'll just give the quick and dirty version. After installing Orbot make sure everything is unchecked in setting except: start on boot, transparent proxying, tor everything.
Download ProxyDroid and in setting:
proxy host: 127.0.0.1
Port: 8118
Proxy type: HTTP
Auto connect: check
Global Proxy: check
don't mess with anything else unless you know what you're doing.
Now you can check your IP or use Orbot to check if you're on the TOR network. Enjoy.
Tor? I'm curious
dont send me pm's crying about how i hurt your feelings in a thread
So you know what Tor is then?
Well I installed it and so far it's working aside from not actually connecting me to the network. My IP stays the same so I guess I have to do a few things manually, oh well. When you first boot up and it's starting it eats the processor like a fat lady eats cake but that goes away after 15-20 seconds. On the plus side it doesn't start loading until after the system has finished loading completely so boot times aren't effected.
No sir I'm not sure what TOR is. Was hoping you might shed a lil light on the subject.
dont send me pm's crying about how i hurt your feelings in a thread
OK I updated the OP for you. Hopefully I got it right. I'm not a network genius so I may be a little off.
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
Click to expand...
Click to collapse
There's an option in the settings for it but it's not activated by default. I couldn't imagine switching that option on while using 4G
Hi,
I am currently using a VPN to get into my network & Then accessing my data that way. However to get to it in Gingerbread, I have to hit menu, then settings, then wireless, then scroll down to VPN, then click on my VPN, then put my password in & hit connect.
It would help a lot to be able to just click on my VPN link on the 'home' screen. I cant figure out how to get the shortcut there.
Any suggestions?
Thanks,
Rich
I just tried and you add a shortcut to your home screen, just as you add a widget.
I dont see anything related to a VPN within the shortcut menu or widgets. Any ideas on how to do a shortcut for the VPN?
Tried anycut from the market?
Sent from an Epic in the sky.
Thanks, Anycut might do the trick, of course there is no VPN listed. Is there a way to determine what processes are running in Android? If i could find the VPN process, I could probably get it going.
I believe you can achieve this with Tasker. I know its a paid app but its an option.
As a side note, how did you manage to get tour vpn to work? Are you using ddwrt by chance? Since getting this phone I could no longer vpn over sprints network due to firewall issues. From what I found online if you ask sprint for a static IP it fixes the problem but they charge you a monthly fee. It used to work fine on my old HTC hero.
Sent from my SPH-D710 using Tapatalk
dbldown768 said:
I believe you can achieve this with Tasker. I know its a paid app but its an option.
As a side note, how did you manage to get tour vpn to work? Are you using ddwrt by chance? Since getting this phone I could no longer vpn over sprints network due to firewall issues. From what I found online if you ask sprint for a static IP it fixes the problem but they charge you a monthly fee. It used to work fine on my old HTC hero.
Sent from my SPH-D710 using Tapatalk
Click to expand...
Click to collapse
We use L2TP/IPSEC PSK at work though Sonicwall, and it works great.
I don't have a static IP on my account. Works fine from 3g or my home WiFi.
Sent from my SPH-D710 using XDA
I am using a Zyxel firewall & L2TP also. It works fine but... sprints lousy service seems to stall out, requiring me to re login to the VPN. Yesterday with 1 bar, I was logged into the VPN but there was not enough 3g to actually use any data, but enough to stay logged in for 2 hours & not get any emails.
It works fine & I suspect if i had better 3g (or verizon) it would work OK.
I was using DDWRT & OpenVPN with CM7 on my Evo 4g & it worked but I switched to a new router.
Yeah, missing emails is never good.
We don't have an Exchange server at work (not cost effective enough to make it work properly across 10 locations), so I'm able to access my email with K9 via IMAP or POP3.
It's strange that it worked with one Sprint phone, but not reliably with another. Has data service had a general decline in your area?
Sent from my SPH-D710 using XDA
You should try vpn show. You can find it in google play.
Check the "Launch VPN" app on Google Play
Sorry to revive an old thread. I was looking for this as well and found a way. Just adding if anyone searches for this sort of thing.
Add a shortcut to home screen, select settings, then look for VPN.
This works in my HTC ONE on 4.2.2
I use NFC Task Launcher on my Samsung Galaxy S4.
The following could be a little bit different depending on your phone's make and model and rom type. I did the following.
WARNING: I am not responsible for any damage made to your phone or anybody or anything else during the reading or by following the acts of this tutorial in any way possible.
Click to expand...
Click to collapse
Open up NFC Task Launcher and go through the tutorial.
- In the end you can create you own task.
- When you create a new task just click for NFC.
If you have NFC Disabled, just leave it like that and when it'll ask you if you want to enable it, press cancel. (TIP; if the top bar overlay is bugging with more information, just tap on one of the buttons after explanation to have it's focus come back to the window.)
- Name the task 'VPN' or something.
- Click on the cross (✚) in the right top corner to add an action
- Search for 'Applications & Shortcuts' and select 'Open Activity', then click next at the bottom.
- The application list will load up. Select 'Settings' as an application and the activities list will be updated.
- Choose; 'com.android.settings.Settings$VpnSettingsActivity' and select 'Add to Task' at the bottom.
- Then press the arrow to the right '→' in the top right corner.
- It will say you need to place a tag underneath it. DON'T DO THAT, AS IT WILL OVERWRITE THE TAG. (I hope you still have NFC OFF!)
- Just press the tick mark (✓)
- Now you have at least 1 task in the 'My Tasks' list.
Now, to add this to you're homescreen, do the following;
- Go to your homescreen.
- Add a widget like you would normally do. The name of the widget is 'Run Task', so look for the 'R'.
- There are 3 options there, background color (I personally like the black BG), select Icon (I've chosen the gear icon since its a setting) and select task. In 'Select Task' choose for the VPN task you've made and press 'Done'.
- Now press the task on the homescreen, and it'll open up the VPN list (at least on SGS4 it does).
- Connect to your VPN as you would normally do.
You can even write this to an NFC, but that doesn't make sense, since all it does is open the VPN settings menu, not connecting to the VPN directly.
Sidenote; This app is also handy for making other tasks, such as tweeting your at work, check in at Foursquare, send your boss an email that you're in the office and turn off the sound of your phone all in one task, just by connecting to your works wifi connection or by taping an NFC task.
Now you can easily connect to your favorite VPN easily.
DroidSheep is an Android application that demonstrates security weaknesses (not using https) and is capturing facebook, twitter, linkedin , yahoo, and other accounts.
PS> this is NOT my work, nor do i intend it to be taken as my work, I just wanted to share with the community!
NOTE FROM THE GERMAN DEVELOPER:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
Now>
WHAT DO YOU NEED?
1. A rooted phone (no, it will for sure not work without root)
2. The App installed on the phone (latest build attached to the present post)
3. A WIFI network to test it on
How do you use it?
DroidSheeps main intention is to demonstrate how EASY it can be, to take over nearly any internet account. Using DroidSheep any user – even without technical experience – can check if his websession can be attacked or not. For these users it is hard to determine, if the data is sent using HTTPS or not, specially in case of using apps. DroidSheep makes it easy to check this.
This video demonstrates what DroidSheep can do:
http://droidsheep.de/?page_id=14
How does it work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
http://droidsheep.de/?page_id=424
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.
You can also install DroidSheep Guard from the Market:
https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&hl=en
A very interesting feature is the possibility to save cookies!!
Source> http://droidsheep.de
Imagine the possibilities....
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
backfromthestorm said:
This isn't good dude.
And 'air' isn't the 'transmission medium' for WiFi. We figured that out when we discarded the ether hypothesis around a century ago.
Click to expand...
Click to collapse
-what exactly "isn´t good" ?
Ok you are correct, yes, WIFI (as any other electromagnetic wave) can also be transmitted through vacuum, so yes there is no need of "air"
Re-ported to a MOD I don't think this should be shown or talked about on XDA this isn't an hacking site like you might think for taking advantage of other peoples accounts.
XDA is a hacking community for the good like Rooting.
This app has been on XDA for quite a while http://forum.xda-developers.com/showthread.php?t=1593990
Even a portal article about it http://www.xda-developers.com/android/droidsheep-undresses-network-security-and-shows-how-its-done/
Please use the main thread to discuss this app, not this one.
@ shankly1985, we appreciate your concern, but people need to know how insecure important accounts can be. Thus enabling them to make the changes to fix them.
Thread Closed.
[Q] how hide apps in start menu of Windows 10 Mobile "or" add whitelist to Edge?
Hi,
is it possible to "hide" an app from the W10M start menu? And I don't refer to the home screen, I mean the full list of apps.
Or would there be a way to let the browser only work with a whitelist? .. No, Microsoft Family does not work properly on W10M.
Background - feel free to call me soft:
- Bought a Lumia 640 XL for my wife and a 2nd hand Lumia 535 for my daughter (to be her first smartphone, getting 9 end of the month) so that they could "share" the same experience, more or less.
- Played around with the "Microsoft Family" feature, and, to make it short, it doesn't work properly, not nearly close to what was expected or advertised. That might change ... in a few months. Maybe.
At least the URL filtering does not work "at all".
- So, in short, in order not to instantly fall back to pick an Android based device for my daughter (one beloved Razr i still in close range...), I was wondering if it was possible to "hide" one or the other thing from the start menu instead, the Edge browser in particular. Uninstallation I don't expect to be possible, probably being a deeper chunk of the OS, but only touching the start menu I concluded "should" be possible, one way or the other. At least I hope so.
Would I start to deal with the "full file system access" approach or rather try to dive into registry fiddling? Any help or maybe clear hint would be highly appreciated.
By now I did not find anything related to this. Neither here at xda or somewhere else. Probably no one considers doing something like that for his kids on Windows 10 Mobile ...
Who would want to hide a browser on a smartphone, anyway? .. yeah, I can't keep my kids "off" of the bad Internet, but I can at least keep an eye upon as long as possible.
Thanks in advance,
regards,...
bloodot
additional remark:
... after adding "a few" URLs to Microsoft's web interface for blocking URLs (via a web automation tool, yeah, I'm lazy...) it stopped working at 1003 regitered URLs. So, as long as they don't come up with something that works (whitlist... external service for checking URLs... whatever...) any help on this matter would be highly appreciated.
You want to keep her off the "web," correct?
Change your Mobile Data & Wifi DNS to 127.0.01
(You will need interop/FS access: )
Create a hosts file in C://Windows/system32/drivers/etc
Determine what sites you want to *allow* and find their IP. For example, if you want to whitelist Facebook, open cmd.exe from your PC and type:
Code:
ping facebook.com
You'll see:
Code:
C:\WINDOWS\system32>ping facebook.com
Pinging facebook.com [31.13.76.68] with 32 bytes of data:
Reply from 31.13.76.68: bytes=32 time=75ms TTL=82
Reply from 31.13.76.68: bytes=32 time=76ms TTL=82
Reply from 31.13.76.68: bytes=32 time=79ms TTL=82
Reply from 31.13.76.68: bytes=32 time=74ms TTL=82
Ping statistics for 31.13.76.68:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 79ms, Average = 76ms
C:\WINDOWS\system32>
So, you'd add:
Code:
31.13.76.68 facebook.com
31.13.76.68 www.facebook.com
to your phone's host file.
If you can create profiles on your router, you can also do the same (DNS to 127.0.01 for her phone's MAC address)
Doing this would make all of the web unresolvable, except facebook.com
To change the Wifi DNS:
Settings -> Network & Wireless -> Wi-fi -> Static IP -> fill your info
*If your router doesn't support static IP, you should check and see if your router supports profiles, and build one to target her phone mac address.* (If you don't target her mac address/other phone identifier and set your router to 127.0.01, all of the devices on your network will encounter blocked access to the web)
For Mobile Data:
I don't see an immediate switch for this (at least with my provider), it's routed through a network port on their servers. Unless something changes in future builds, it's probably best to just turn mobile data off and use the Wifi/hosts to keep control of what sites she can access.
Thank you very much!
Point is, I don't want to keep her off completely, and the major issue would be to keep control once she's "not" inside our home network but on cellular.
So I think I need to start investigating on my own whether I can manipulate the start menu or even the browser itself.
The local DNS lookup, which would only work on WiFi anyhow, would also result in me analyzing all communcation end points for "any" kind of
app I'd like her to use. Doable, but still the mobile part would be open. Beyond that I cannot block here "re-enabling" the cellular data connection,
the system isn't that strict in that matter. Would be nice, though, ...
@home I already use OpenDNS, probably should have mentioned that, so that's more or less under control.
Let's see if some other ideas or approached pop up from xda; I'm actually trying to get in direct contact with one of the Microsoft Family team
as, on a business level, we're currently working closely with some of the Microsoft 10 teams.
If they, if connected that is, tell me that they're aware of the bugs and that they're actually part of a road map, I'd be happy, too.
However, for the time being I expect I have to sort it on my own.
I'll give it a go with interop and see what I can find to deal with.
So, any other ideas?
Regards,..
bloodot
How about interopunlock and use your own hosts file?
How about App corner inside settings?
augustinionut said:
How about interopunlock and use your own hosts file?
How about App corner inside settings?
Click to expand...
Click to collapse
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
bloodot said:
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
Click to expand...
Click to collapse
PIN + kids corner. Can't bypass it.
-W_O_L_F- said:
PIN + kids corner. Can't bypass it.
Click to expand...
Click to collapse
... it's not my phone she should use. She should be able to use her own phone.
That includes calling her mum or me.
"Phone" is not an allowed app for the kids corner, it ain't listed when setting that up.
And even if it was, it would allow "anyone" who would steal that phone to directly use it's SIM card hazzle free.
And, as a minor annoyance, anything else that would be allowed via that mechanism.
It's just the current truth to deal with, W10M is not child-ready by any means.
If I want more control, I need to switch the phone.
Or start trusting a 9year-ish old girl to deal with the Internet without restrictions.
... so fiddled around with a few things, though interop is active according to the tool itself after sideloading it, wconnect won't work at all (crashes, no proper error given and before that IpOverUsbInstaller won't finish installation), so I can't get that key to get the SSH connection done and therefore I can't get full file access.
I think I'm done with this now. Selling the phone, using the Razr I instead, already have the proper system locking tools in place for that, bye bye Lumia 535. I would have loved to see my child deal with such an "easy" OS interface for getting used to smartphones, but I can't let her have access to the Internet while "not at home" without restrictions. No way.
... went so far and tried miradore to restrict the system via MDM. And guess what ... the f'n browser CANNOT be blocked via MDM. At least miradore has a free trial of 14 days. I was even willing to pay the damn 2$ per month for that service. *sigh* MAYBE it has a URL filter SOMEWHERE ...
... however, at least one can disallow the "usage" of the browser. MAYBE that works. Trying...
Yes. Works. JESUS ... what a mess. Let's see if I can get that done somewhere / somehow via MDM "without" another monthly fee ...
yeah, worked. Pitty though, they want "10$" minimum fee per month.
BUT: ... I stumbled over https://www.manageengine.com/mobile-device-management/
Free for up to 25 devices. Either cloud based (not supporting W10M for now) or Windows based installation (supporting W10M, more up2date...).
And it works. Thank you very much. Case closed.
Though I cannot restrict the URLs ... I can blog the Edge browser. And the Microsoft Store. Happy bunny.