I'm configuring my exchange server set up and got my IT dept. to help out. We set up all of the required parameters and when we try to log in keep getting the following message:
"The server requires features that your Android device doesn't support, including: don't allow unsigned applications, don't allow unsigned application installers"
The IT guys are telling me that there has to be some way (like in an Iphone) to disable the ability to install unsigned apps? Can anyone help out?
Maybe try disabling "Install from unknown sources" in settings/security, if it is checked.
Sent from my SAMSUNG-SGH-I317 using Tapatalk 2
wblteen said:
Maybe try disabling "Install from unknown sources" in settings/security, if it is checked.
Sent from my SAMSUNG-SGH-I317 using Tapatalk 2
Click to expand...
Click to collapse
Thanks for the suggestion. Tried this and still getting the same message
Are you running a custom or rooted rom? It may be seeing that.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
spycedtx said:
Are you running a custom or rooted rom? It may be seeing that.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
Click to expand...
Click to collapse
My phone is rooted, but I'm running stock ROM for now
spycedtx said:
Are you running a custom or rooted rom? It may be seeing that.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
Click to expand...
Click to collapse
I don't believe that is the issue. I run rooted all the time and connect to Exchange. My Exchange server has no options to stop a rooted phone from connecting.
Are you sure your Exchange server is using supported certificates? Some companies don't use industry standard certs and instead create their own and publish them. Your phone would not know how to use the presented cert from your Exchange server if it was self created.
Sword Fish said:
I don't believe that is the issue. I run rooted all the time and connect to Exchange. My Exchange server has no options to stop a rooted phone from connecting.
Are you sure your Exchange server is using supported certificates? Some companies don't use industry standard certs and instead create their own and publish them. Your phone would not know how to use the presented cert from your Exchange server if it was self created.
Click to expand...
Click to collapse
Not sure about the supported certificates? I can ask IT. They did tell me that other employees with iphone's are able to connect and that the iphone has a security setting for connections?
greatg said:
Not sure about the supported certificates? I can ask IT. They did tell me that other employees with iphone's are able to connect and that the iphone has a security setting for connections?
Click to expand...
Click to collapse
I am pretty sure that on an iPhone, you can force it to create a secure profile that must be present to connect to your server. I am not sure however if that same ability exists on an Android phone. Does you company use a 3rd party app to get access? Something like GOOD or Mobile Iron which control access from mobile devices? Or are you trying to simply use Activesync?
Try this
greatg said:
I'm configuring my exchange server set up and got my IT dept. to help out. We set up all of the required parameters and when we try to log in keep getting the following message:
"The server requires features that your Android device doesn't support, including: don't allow unsigned applications, don't allow unsigned application installers"
The IT guys are telling me that there has to be some way (like in an Iphone) to disable the ability to install unsigned apps? Can anyone help out?
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1117452
Related
Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.
suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....
Hey guys,
I have a simple question, which I hope, has a simple, but atleast an positive answer.
When I try to connect my HTC One X with the school Wifi network, it says 'You need to have a pincode, password or path-unlock security, otherwise you cannot access the network' (when you open the phone)
So the question: Anyway of bypassing it? I only want to move the ring to unlock the phone, instead of ALSO having a pincode, password or path-unlock.
Blackvibes said:
Hey guys,
I have a simple question, which I hope, has a simple, but atleast an positive answer.
When I try to connect my HTC One X with the school Wifi network, it says 'You need to have a pincode, password or path-unlock security, otherwise you cannot access the network' (when you open the phone)
So the question: Anyway of bypassing it? I only want to move the ring to unlock the phone, instead of ALSO having a pincode, password or path-unlock.
Click to expand...
Click to collapse
Are you sure this isn't something to do with the Wireless encryption rather than security for unlocking your phone?
dr9722 said:
Are you sure this isn't something to do with the Wireless encryption rather than security for unlocking your phone?
Click to expand...
Click to collapse
Pretty sure it has something to do with the network itself, but hope someone can tell me how to bypass it
Sent from my HTC One X using XDA
If I understand you correctly, you are wanting to hack a WEP code? I would respectfully suggest that particular area of the forum is devoted to the HTC One X whereas your query would be better directed to a website that deals with security issues.
I think the OP doesn't want to hack.
@ OP: Ever tried opening up the browser, type in an address and then the security screen of the network appears so you can log in and probably even safe your credentials?
Elsewise I don't know either, sorry.
The problem is that the the OS requires a pin code to be set up in order to store the WifFi credentials.
So if you want to log onto the network you must set up a pin. I have this problem at Uni.
No solution yet.
JamesBarnes said:
The problem is that the the OS requires a pin code to be set up in order to store the WifFi credentials.
So if you want to log onto the network you must set up a pin. I have this problem at Uni.
No solution yet.
Click to expand...
Click to collapse
On Android 2.3.x (in CM7 at least) there was the option to turn off this requirement. Annoying that it's been removed in ICS!
Hi,
I also face this issue when connecting to my office WIFI hotspot. But, after you have set the pin and then set the password to connect to your WIFI. You can disable the PIN lock in Security setting right away. It's just one-time setting.
laruku said:
Hi,
I also face this issue when connecting to my office WIFI hotspot. But, after you have set the pin and then set the password to connect to your WIFI. You can disable the PIN lock in Security setting right away. It's just one-time setting.
Click to expand...
Click to collapse
Yeah. I removed the pin and stuff and now it still reconnects..
The only problem: I can browse the web, but cannot send mails. It keeps saying 'mail not sent'.
Any ideas?
It's more than likely to do with the exchange setup, I know at our offices we have the option to enforce encryption and various different things from the server before allowing people to connect. As to why it's showing when you try to connect to the wifi network, I've no idea. It must be trying to access the domain.
Dave Trouser said:
On Android 2.3.x (in CM7 at least) there was the option to turn off this requirement. Annoying that it's been removed in ICS!
Click to expand...
Click to collapse
It has not been removed in ICS - this appears to be an HTC implementation.
I connect to the company 802.1x EAP network using PEAP and on my Galaxy Nexus there is no requirement to set a password/pattern, etc to store said 'credentials'. Only now that I'm trying this with my One X do I see this pop-up.
Yes, VPN credentials always required a password/pattern in ICS, but this ain't no VPN.
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Have your company email forwarded to another email account?
Sent from my SPH-L710 using Tapatalk 2
Get 2nd line for a work phone.
Root access is a essential part of custom roms.
It's like having a Lamborghini but putting a 4 cylinder engine in it. Just doesn't work...
Sent from Pluto.
Actually you can remove superuser and most likely unroot as long as nothing the rom is doing needs root permissions
Sent from my SPH-L710 using Tapatalk 2
---------- Post added at 01:52 AM ---------- Previous post was at 01:52 AM ----------
There's nothing to say you can't
Sent from my SPH-L710 using Tapatalk 2
Thanks for the suggestions. I couple of notes:
1) Forwarding is not a viable option given them I am just duplicating my email, which will increase the challenge of managing it (i.e. need to delete twice, replies will not be threaded, sent mail will not be available in a central location, etc.)
2) 2nd line is not practical for cost reasons, plus then I have another phone (my goal is to increase convergance and limit the number of devices I have)
3) The removing the superuser is an interesting option, but I do not know enough about it and the features of the ROMs to understand the potential impact.
Thanks again and if you have any additional options/ideas, please let me know. Thanks.
Raife1 said:
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Click to expand...
Click to collapse
Yes you can I do it all the time root flash ROM than use super su to unroot with NP and all my apps that don't allow root work perfectly
Sent from my SPH-L710 using xda app-developers app
Please read forum rules before posting
Questions go in Q&A
Thread Moved
Thank you for your cooperation
Friendly Neighborhood Moderator
Use the cm9 multiboot and just switch back and forth. Or look aroimd for the hacked exchange apk with the security **** removed
Raife1 said:
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Click to expand...
Click to collapse
Within the past 2 months I implemented MaaS360 to manage our companies mobile devices. Your IT department will have to manually check the box that says check for rooted/jailbroken devices, otherwise MaaS360 does not care if the device is rooted or not. Half of our corporate Android phones are rooted, and does not cause a problem with MaaS360. If you have buddied up with the guy who will be configuring MaaS360 for your company, you could always ask him to create you a custom profile (its a 2 second process) that doesn't check your device to see if it is rooted or not.
billard412 said:
Use the cm9 multiboot and just switch back and forth. Or look aroimd for the hacked exchange apk with the security **** removed
Click to expand...
Click to collapse
He cannot use the stock exchange apk if his company is implementing MaaS360, the way that MaaS works to sync the exchange profile to Android devices, it requires Touchdown.
Just a quick picture to show you that by default it does not restrict rooted/jailbroken devices (this is from the default compliance policy)
Also a sidenote, your name looks very familiar Raife, do you by chance use Spiceworks?
Khilbron said:
Within the past 2 months I implemented MaaS360 to manage our companies mobile devices. Your IT department will have to manually check the box that says check for rooted/jailbroken devices, otherwise MaaS360 does not care if the device is rooted or not. Half of our corporate Android phones are rooted, and does not cause a problem with MaaS360. If you have buddied up with the guy who will be configuring MaaS360 for your company, you could always ask him to create you a custom profile (its a 2 second process) that doesn't check your device to see if it is rooted or not.
He cannot use the stock exchange apk if his company is implementing MaaS360, the way that MaaS works to sync the exchange profile to Android devices, it requires Touchdown.
Just a quick picture to show you that by default it does not restrict rooted/jailbroken devices (this is from the default compliance policy)
Also a sidenote, your name looks very familiar Raife, do you by chance use Spiceworks?
Click to expand...
Click to collapse
Sorry- no spriceworks fpor me.
It sounds like I have 2 viable options:
1) Unroot and go stock (not happy about that option)
2) find a corporate IT buddy to create me a custom profile
As a curiosity, why would a firm choose to prevent rooted phones (also jailbroke iDevices)? I followed up and it is stated in the FAQ on the deployment that it doesn't work on rooted and jailbroke devices.
Thanks for everyone's reply's so far.
I would say go back to complete stock and unroot and then wait for the jb update coming out soon
Sent from my SPH-L710 using xda app-developers app
You can use SuperSu and uncheck the box that enables it. And if you need to do something requiring root access go ahead and check it
nicholaaaas said:
You can use SuperSu and uncheck the box that enables it. And if you need to do something requiring root access go ahead and check it
Click to expand...
Click to collapse
Well the temp unroot seems like a viable option. The only thing I am really using the root for now is wi-fi tether (I only use tether when travel - maybe once or twice a month)
Khilbron - whould the following scenario work with MaaS360:
Root phone
Install custom ROM (or leave stock)
Select Temp Unroot in Super User for daily use
When I need to Wi-fi tether, unselect Unroot, use tether
When done with tether, re-select Temp Unroot
Again the big thing I want is to receive my corporate email (and I do use Touchdown)
"RootCloak" part of the xposed framework will allow you to hide root from your selective aps. There are other aps on the Appstore but this is the only one that worked with Maas360
Anyone offer any info on root and good root check?
1. Yes it is byod policy and I have had phone for years and own it and pay my bill. and I always root for titanium,
New email app for company.
2. I'm rooted and running note 5 port MOaR.
3. I have looked at magisk but don't think it will work. I have one shot for a key, and help and or direction or suggestions are appreciated.
Please save us all from the reasons why good checks for root, I get it, I just do not think my company should dictate what I have on my personal device.
And no its 100% byod they are not buying a phone for me to use for company email. Yes I know it blows!
4. If I posted in wrong place please move.
BiggieD said:
Anyone offer any info on root and good root check?
1. Yes it is byod policy and I have had phone for years and own it and pay my bill. and I always root for titanium,
New email app for company.
2. I'm rooted and running note 5 port MOaR.
3. I have looked at magisk but don't think it will work. I have one shot for a key, and help and or direction or suggestions are appreciated.
Please save us all from the reasons why good checks for root, I get it, I just do not think my company should dictate what I have on my personal device.
And no its 100% byod they are not buying a phone for me to use for company email. Yes I know it blows!
4. If I posted in wrong place please move.
Click to expand...
Click to collapse
1. Good for Enterprise SUCKS.....it dictates your phone lock settings, and gives IT access to ALL your photos/media, if they so desire. I would avoid it at all costs.
2. I can't remember if I was rooted or not when I used it VERY shortly. I know that I went to MobiMail, and then CloudMagic to get to my work email, basically through the OWA portal. That way I didn't have to relinquish any control or access of my device. If other apps through your work are going to be looking for Good, then you may not be able to use those.
3. ......
4. Yes, I do think this is in the wrong place, but then again, what do I know.
Cloud magic, this works for Lotus? Or just exchange?
Thanks for the info.
HeyBeerManTX said:
1. Good for Enterprise SUCKS.....it dictates your phone lock settings, and gives IT access to ALL your photos/media, if they so desire. I would avoid it at all costs.
2. I can't remember if I was rooted or not when I used it VERY shortly. I know that I went to MobiMail, and then CloudMagic to get to my work email, basically through the OWA portal. That way I didn't have to relinquish any control or access of my device. If other apps through your work are going to be looking for Good, then you may not be able to use those.
3. ......
4. Yes, I do think this is in the wrong place, but then again, what do I know.
Click to expand...
Click to collapse
Sent from my SM-N920P using XDA Free mobile app
BiggieD said:
Cloud magic, this works for Lotus? Or just exchange?
Thanks for the info.
Click to expand...
Click to collapse
I think just exchange.
Alright, I'm in that nice panic stage where you've learned enough to scare yourself but don't know enough to reassure yourself.
Had a factory reset recently, seems likely it was due to 3rd party lock/wipe app i triggered while dealing with my dog. (But not 100% sure there was a drop just prior and I've had stability issues since school has required me add a work profile but, of course tech support for both Microsoft and my school have zero response to inquiries)
Any way, user certificates now has two:
FindMyMobile
AttestationKey_com_wssyncmldm
And I have no idea how to verify those in any way. Its quite possible isn't it that an app could have actually installed them right?
Findmymobile, obviously is such a cert, allowing for find my mobile. It has a key a CA cert and user cert.
AttestationKey_com_wssyncmldm
Has a user key and user cert
I would say it's the school/work profile. Microsoft InTune is for enterprise IT management. If your school's IT managers don't know how to configure it, it can screw things up for everyone.
Try deleting your school profile and see what happens.
My company recently migrated from Google to Microsoft services and when I added my company as a work profile, my phone started acting wonky.
Sent from my SM-N976V using Tapatalk
I would reload and not put the crapware back on it.
It's your phone... my favorite word is No!
I have zero faith in the new MS; don't run any of their cloud junk on my 10+ and never will.
Find my device is normally present. You can disable it as a device administrator in advanced security settings.
It will auto enable on reboot or sometimes when you go to Playstore.
HungryRobotics said:
Alright, I'm in that nice panic stage where you've learned enough to scare yourself but don't know enough to reassure yourself.
Had a factory reset recently, seems likely it was due to 3rd party lock/wipe app i triggered while dealing with my dog. (But not 100% sure there was a drop just prior and I've had stability issues since school has required me add a work profile but, of course tech support for both Microsoft and my school have zero response to inquiries)
Any way, user certificates now has two:
FindMyMobile
AttestationKey_com_wssyncmldm
And I have no idea how to verify those in any way. Its quite possible isn't it that an app could have actually installed them right?
Findmymobile, obviously is such a cert, allowing for find my mobile. It has a key a CA cert and user cert.
AttestationKey_com_wssyncmldm
Has a user key and user cert
Click to expand...
Click to collapse
So are these both normal then?
sirv said:
So are these both normal then?
Click to expand...
Click to collapse
I don't know. I don't have a work profile set, and I show no user certificates.
The names seem off too. I see why the OP was a bit shook up. I'm running a AT&T 10+
Here's how they show on my 10+, it's running fast and clean.
sirv said:
So are these both normal then?
Click to expand...
Click to collapse
Find my mobile is for find my mobile being active when you have a VPN that may block it.
The other I still don't know but may be Knox related under same circumstances.
Thank you, @blackhawk and @HungryRobotics
I had a similar guess, that findmymobile was the Samsung service. Since I was using a VPN-based ad block (Adguard), it makes sense that it appeared there.
As for the other one (AttestationKey_com_wssyncmldm), I'm still not sure, but I wonder if it was for the Link to PC service.
It's alarming to find anything in User Certificates, honestly, and there seems no way to get information that they are legit. My hope is that it is only the system apps that can install certificates without user intervention.
sirv said:
Thank you, @blackhawk and @HungryRobotics
I had a similar guess, that findmymobile was the Samsung service. Since I was using a VPN-based ad block (Adguard), it makes sense that it appeared there.
As for the other one (AttestationKey_com_wssyncmldm), I'm still not sure, but I wonder if it was for the Link to PC service.
It's alarming to find anything in User Certificates, honestly, and there seems no way to get information that they are legit. My hope is that it is only the system apps that can install certificates without user intervention.
Click to expand...
Click to collapse
wssyncmldm is the infamous AT&T updater usually listed as in my previous screen shot.
Seems it might have something to do with this.
My guess is it has to do with setting up the work profile.
If it was there on the AT&T stock rom, after a factory reset it should be ok.
Maybe check with AT&T.
blackhawk said:
wssyncmldm is the infamous AT&T updater usually listed as in my previous screen shot.
Seems it might have something to do with this.
My guess is it has to do with setting up the work profile.
If it was there on the AT&T stock rom, after a factory reset it should be ok.
Maybe check with AT&T.
Click to expand...
Click to collapse
I don't have AT&T, but it could be an updater for my carrier.
sirv said:
I don't have AT&T, but it could be an updater for my carrier.
Click to expand...
Click to collapse
Those apps have every permission under the sun. Check to see what is set as system administrators. Find my Device will be there.
I don't know.
Maybe it's nothing but what if it's something
I found these and other User Certificates on another device, too. It's disconcerting. Is it known, can any app install User Certificates?
This may be helpful:
How To Remove all Stored Certificates on Android - Technipages
Ever been greeted by a popup saying, "The certificate doesn't come from a trusted authority?" when trying to access a website? These security certificates
www.technipages.com
Lockdown time, add Karma Firewall, a VNP based freeware app that uses almost no battery and has logging. Can run at boot up.
I also use this setting to globaly block ads...
blackhawk said:
This may be helpful:
How To Remove all Stored Certificates on Android - Technipages
Ever been greeted by a popup saying, "The certificate doesn't come from a trusted authority?" when trying to access a website? These security certificates
www.technipages.com
Lockdown time, add Karma Firewall, a VNP based freeware app that uses almost no battery and has logging. Can run at boot up.
I also use this setting to globaly block ads...
Click to expand...
Click to collapse
It's strange, I can find nothing online about common entries in User Certificates on Android. My thought is that they get generated when VPN is used, such as AdGuard.
Thanks for the Private DNS tip for ad blocking. In the meantime, I have been using Disconnect Pro (based on Knox).
sirv said:
It's strange, I can find nothing online about common entries in User Certificates on Android. My thought is that they get generated when VPN is used, such as AdGuard.
Thanks for the Private DNS tip for ad blocking. In the meantime, I have been using Disconnect Pro (based on Knox).
Click to expand...
Click to collapse
Can you delete them?
If you don't do/want OTA updates wssyncmldm isn't needed.
I'm still happily running on Pie...