I am really pissed off by thieves, and I want to improved the security of the phone.
If ever time comes is it possible that sony would employ passwords for the following, so that chances of recovering a stolen phone would be higher..
-flash tool(before we can flash and repair our phone via flashtool,SUS,pc companion it will ask for a unique password which is generated by manufacturers and can only be acquired by providing your IMEI just like unlocking your bootloader)
-factory reset
-android usb debugging..(so that they can't install any types of recoveries easily)
I hope this will happen in the future.
as far as I know doing factory reset, data reset via CWM and other recovery's and repairing the phone via SUS would wipe the DATA files,
so I want to secure my phone a little,
Now I want to create a stock based rom with a pre-installed app eg where's my droid,android lost etc and a custom data partition with an added gmail account automatically(so that by doing factory reset would make the gmail account stay on the rom and would not wipe it, or better just a working data of the tracker app since we can remotely control the phone via sms it is still posible to control without a working internet connection and a logged on gmail account and by doing this they would not be aware that the rom has something within it,) at this condition flashing the phone to another rom will be the only way to restore it,at least if they do not know how to flash they can't get it working easily and most importantly without knowing that the installed rom comes with a pre installed tracker app...
can anyone help me out with this idea?..
I hope It is possible without unlocking the BL also?
mjames.abordo said:
I am really pissed off by thieves, and I want to improved the security of the phone.
If ever time comes is it possible that sony would employ passwords for the following, so that chances of recovering a stolen phone would be higher..
-flash tool(before we can flash and repair our phone via flashtool,SUS,pc companion it will ask for a unique password which is generated by manufacturers and can only be acquired by providing your IMEI just like unlocking your bootloader)
-factory reset
-android usb debugging..(so that they can't install any types of recoveries easily)
I hope this will happen in the future.
as far as I know doing factory reset, data reset via CWM and other recovery's and repairing the phone via SUS would wipe the DATA files,
so I want to secure my phone a little,
Now I want to create a stock based rom with a pre-installed app eg where's my droid,android lost etc and a custom data partition with an added gmail account automatically(so that by doing factory reset would make the gmail account stay on the rom and would not wipe it, or better just a working data of the tracker app since we can remotely control the phone via sms it is still posible to control without a working internet connection and a logged on gmail account and by doing this they would not be aware that the rom has something within it,) at this condition flashing the phone to another rom will be the only way to restore it,at least if they do not know how to flash they can't get it working easily and most importantly without knowing that the installed rom comes with a pre installed tracker app...
can anyone help me out with this idea?..
I hope It is possible without unlocking the BL also?
Click to expand...
Click to collapse
possible but need profissional
you can use my xperia app from sony better security and locate the phone
Related
Hi everyone. I have recently been the victim of theft for my nexus 7. I had the device locked with the pattern so there is no way that the thief could get into it unless they do a software reset from the recovery mode. The thing is, either way there is no way i would be able to recover it because if in fact they do a factory reset my lookout security would be uninstalled and my nexus would be lost forever, also if they can't get through the pattern and find a way to connect to Wi-Fi, it will still be lost forever. I have read about installing lookout in the system/app folder of a rooted device so its not easily uninstalled by normal means or factory reset. But do you think it is possible to have android lost and lookout pre-configured and installed in the system/app folder so that even if the device is factory reset, the credentials will remain?
revolva said:
Hi everyone. I have recently been the victim of theft for my nexus 7. I had the device locked with the pattern so there is no way that the thief could get into it unless they do a software reset from the recovery mode. The thing is, either way there is no way i would be able to recover it because if in fact they do a factory reset my lookout security would be uninstalled and my nexus would be lost forever, also if they can't get through the pattern and find a way to connect to Wi-Fi, it will still be lost forever. I have read about installing lookout in the system/app folder of a rooted device so its not easily uninstalled by normal means or factory reset. But do you think it is possible to have android lost and lookout pre-configured and installed in the system/app folder so that even if the device is factory reset, the credentials will remain?
Click to expand...
Click to collapse
bump
I am thinking about this same issue... how do I make Androidlost app factory-reset-proof? I'm pretty amazed that this serious issue hasn't been answered yet in all those threads I searched regarding Androidlost.
As I understood it's possible for any rooted device to put an app in system/app and it would survive a factory reset, but the question is about the setting of this particular app, and I would be very grateful if someone who managed to do this successfully will share this step-by-step
Thanks
Many suggest wiping the tablet before upgrading firmware but does it really make a difference? If I do it anytime, will the device be back to the state it came in the box (with the possible exception of tripped Knox bit), in other words, is the original firmware and setup on some ROM chip or reserved area or will it be the latest version of firmware installed but cleaned of apps, accounts and settings?
Does it make any difference to wipe before installing an update if it can be easily done afterwards in case of issues without the tablet returning to an earlier version?
To the best of my understanding, and someone can feel free to correct me if I'm wrong, an Android device has several partitions in its filesystem. The operating system and other files that shipped with the device, such as stock apps, are kept on /system, and anything associated with user settings and user apps is kept in /data. As I understand it, factory reset simply wipes this /data partition. Any sort of firmware update overwrites the /system partition with the new version. Thus, if you do a factory reset, your tablet should be cleared of any apps and settings you installed and changed, and the firmware will still be the latest update you have installed.
To the second question, I know that you can wipe after an update without affecting the firmware version you have, however, I'm not sure exactly howy wiping fixes problems, so I will leave it to someone who knows a bit more to explain the pros/cons of wiping before/after updating your firmware.
Might be dumb question but how do I prevent Note installing all the apps I had on it before factory reset after it boots up again and I enter my Google account info?
Co-re said:
Might be dumb question but how do I prevent Note installing all the apps I had on it before factory reset after it boots up again and I enter my Google account info?
Click to expand...
Click to collapse
When you're doing the whole Google account thing, don't check off the box to backup and restore. I checked the box yesterday when I was doing the KitKat flash, and it started downloading things onto it that I had on other devices...it was a mess. LOL So when I flashed a new ROM later in the evening, I made sure NOT to check off that box when setting up the Google account.
Regardless of device encryption and fingerprint scanners and the like, couldn't someone just get your phone, boot into recovery, and factory reset it? Wouldn't that undo any security you had on device?
Yes but the actual files have been encrypted. So while they can start the device fresh and use file recovery tools to "get" the old files, they are useless.
And they would be useless to everyone after that, even you? I guess that would be pretty good. So you encrypt to protect your user data, and you fingerprint lock to make sure nobody can ever decrypt, even if they factory reset thru recovery, which will get past your fingerprint scanner but not previous encryption. That right?
Actually since lollipop you must log out of your Google account before a reset. If you just factory reset you well still have access to the device to track it out wipe your account from it.
I could be wrong here, but if you have stock recovery, a factory wipe can only be started in the phone's settings menu. If you have twrp installed, a wipe can be started with out being in the phone, but you need a password to start it.
If you do wipe the phone, it is still useless as you need the persons gmail username and password to complete the setup, so the phone is useless to all other users bar the user of the phone.
I think you can factory reset from stock recovery.
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
You have to authorize the phone to sync with your computer so you can not get on that way either. If you do not authorize you can not push adb or anything else.
As km8j said, yes, you can factory reset the phone, but you won't be able to recover any of the encrypted data. That's why before you get rid of an old phone you should encrypt (if it wasn't) and wipe it.
jackdubl said:
I think you can factory reset from stock recovery.
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
Click to expand...
Click to collapse
Thats not quite right. If you factory reset your phone, you do need a google account to complete the initial setup wizard. The only exception is if the user releases it from his or her's google account so it can be sold on.
But yes to complete the instillation it will ask for a google account that has been authorised and wont continue until it gets it. This happens automaticly the first time you sign in to play store.
Also factory reset will fully wipe the phone, brand new out of the box. It also wipes the users data, so if you were able to get on the phone, there would be no data to access. I really do like the way google have thought about it. Also I never keep anything on the phone that I would consider critical.
A lot of inaccurate information here. You have been able to skip that Google account setup on all android phones for the past few years. Also in basically any file system, when joy delete a file, even formatting, the content is not deleted. So while the information is not there at face value when you wipe the phone it can easily be recovered without encryption.
Sent from my Nexus 5X using Tapatalk
Yeah, that keeps confusing me. I have activated so many phones without inputting a Google account. It says "skip" right there on the screen!
Didn't Google introduce the security features with the Nexus 6 and 5.0? It locks the phone to your google account even after a factory reset but requires compatible hardware.
I haven't seen it mentioned with this year's devices but when setting up a pin on the 5x I believe it asked if I wanted to enable that feature.
Sent from my Nexus 5X using Tapatalk
jackdubl said:
Regardless of device encryption and fingerprint scanners and the like, couldn't someone just get your phone, boot into recovery, and factory reset it? Wouldn't that undo any security you had on device?
Click to expand...
Click to collapse
No. If your data is encrypted, no one can access it without your decryption key. As for access to the device, if you had set up a Google account on the device, and had a lockscreen password/pin/pattern/etc., then no one else can use the device other than you unless you remove your Google account and lockscreen password before you factory reset. This was a new feature introduced with devices that sold with 5.0+
Panzerapple said:
Actually since lollipop you must log out of your Google account before a reset. If you just factory reset you well still have access to the device to track it out wipe your account from it.
Click to expand...
Click to collapse
Yes!
Stephen said:
I could be wrong here, but if you have stock recovery, a factory wipe can only be started in the phone's settings menu.
Click to expand...
Click to collapse
With the stock recovery, you can reset either from within Android or from within the stock recovery.
jackdubl said:
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
Click to expand...
Click to collapse
Prior to devices shipped with 5.0+, this was true. No longer.
km8j said:
A lot of inaccurate information here. You have been able to skip that Google account setup on all android phones for the past few years. Also in basically any file system, when joy delete a file, even formatting, the content is not deleted. So while the information is not there at face value when you wipe the phone it can easily be recovered without encryption
Click to expand...
Click to collapse
Yes, you can skip Google account setup. However, IF you do set up a Google account and a lockscreen password, THEN you cannot skip the Google account setup on that device after a factory reset (if you hadn't already removed the account prior to the reset).
bblzd said:
Didn't Google introduce the security features with the Nexus 6 and 5.0? It locks the phone to your google account even after a factory reset but requires compatible hardware.
I haven't seen it mentioned with this year's devices but when setting up a pin on the 5x I believe it asked if I wanted to enable that feature.
Click to expand...
Click to collapse
+1.
when i install a custom rom (viper one 4.2.1 or 4.3) i get the following error please sign in using one of the owner's accounts for this device. when i install the RUU for AT&T developer i can log in just fine with my account.
anyone have any ideas on how to fix this problem?
Go back to your functioning rom and remove the google account (might want to do a backup first!). Then do the flashing etc and sign in with your account as a new device.
The problem is googles factory reset protection. Its designed to make the device useless if the phone is factory reset without being unlocked first.
The other way is factory reset from android settings, then flash, then sign in to your account as a new device.
Google needs to address the fact that frp is too strong and needs to add another way in to devices in the event of accidental lockout.
Sent from my HTC One M9 using Tapatalk
I am having the same problem more or less.
I have bought a Nexus 9 from another person.
I did a factory reset today and I cannot sign in now.
Will this solution work? How do I go to funcioning rom, etc?
This is a "Google" security feature... When you wipe a device and then set it back up, if you didn't delete the Google account first, it will ask for those "original" credentials. Only way around it is to completely RUU the device back to the latest stock image. But I've heard some devices still have issues since the SN or IEMI is associated with the previous users Google account.
So, if you buy a new device... ALWAYS make sure the previous owner deleted their Google account first, or have them there when you go through the first few setup screens to enter their credentials....Then after you enter your credentials, you can reset it.
Just kind of mirroring what shivadow said
OH no! I am having this problem with a newer device!! Please help! It has been about 22 hours since I tried booting a custom binary with a non-unlocked OEM lock! I'm waiting to try to sign in to my Google account until 24 hours passes! I might have to wait 72 hours! Please review the post [LINK=http://forum.xda-developers.com/general/help/s7-edge-canada-boot-to-twrp-t3509603]here[/LINK]...I don't know if I posted that right so cut and paste this if that link doesn't work:
http://forum.xda-developers.com/general/help/s7-edge-canada-boot-to-twrp-t3509603
Thanks in advance!!
Want to install lineage os but can't due to same problem
shivadow said:
Go back to your functioning rom and remove the google account (might want to do a backup first!). Then do the flashing etc and sign in with your account as a new device.
The problem is googles factory reset protection. Its designed to make the device useless if the phone is factory reset without being unlocked first.
The other way is factory reset from android settings, then flash, then sign in to your account as a new device.
Google needs to address the fact that frp is too strong and needs to add another way in to devices in the event of accidental lockout.
Sent from my HTC One M9 using Tapatalk
Click to expand...
Click to collapse
I am having same problem with my old lenovo tab 3 7 . When i got it, i used it once and twice and then put it. now after a year or two, i want to install lineage and use it again as secondary device. but the problem is i don't remember which gmail id i used(i had 7 ids) and don't even have a clue about some accounts ids and passwords which i (currently using only 2 ids) don't use. And as usb debugging is disabled i can't do anything with my pc to get out of this situation.
Help!!!!!
Hi, there!
I heard there is a method for the S8+ where you can root your phone without tripping Knox. It isn't the best root method and it has its limitations, but it would do just fine for my needs.
Is there such method for the S9+?
Thanks!
Anyone?
CapBlackShot said:
Anyone?
Click to expand...
Click to collapse
No
*Detection* said:
No
Click to expand...
Click to collapse
And no developers are planning to create one, that we know of? I only need root to make Cerberus a system app. In case the smartphone is stolen and gets hard reset, the app will still be there, hidden. But without root it seems impossible.
CapBlackShot said:
And no developers are planning to create one, that we know of? I only need root to make Cerberus a system app. In case the smartphone is stolen and gets hard reset, the app will still be there, hidden. But without root it seems impossible.
Click to expand...
Click to collapse
KNOX is an e-fuse, once tripped that's it forever, no reversing, nothing devs can do
FRP lock is your hard reset security, unless they know your Google login they cannot access the device anyway
And if they have the knowledge to flash certain firmwares and bypass the lock, your system root app wouldn't be of any use either anyway, so....
*Detection* said:
KNOX is an e-fuse, once tripped that's it forever, no reversing, nothing devs can do
FRP lock is your hard reset security, unless they know your Google login they cannot access the device anyway
And if they have the knowledge to flash certain firmwares and bypass the lock, your system root app wouldn't be of any use either anyway, so....
Click to expand...
Click to collapse
That's very interesting. Can't believe I never heard of this before.
Will the device actually get wiped and then ask for my Google account or will it ask for my Google account before getting wiped? If the first option I mentioned is true, then Cerberus will be gone and I still won't be able to locate my cellphone in case it gets stolen, I'm assuming.
CapBlackShot said:
That's very interesting. Can't believe I never heard of this before.
Will the device actually get wiped and then ask for my Google account or will it ask for my Google account before getting wiped? If the first option I mentioned is true, then Cerberus will be gone and I still won't be able to locate my cellphone in case it gets stolen, I'm assuming.
Click to expand...
Click to collapse
It will get wiped first, it asks for the Google account because it was wiped from recovery and not from inside of Android, meaning anyone could have done it
It will not allow anyone past the Google account request, similar to when iPhones are locked to iCloud, you can wipe it as many times as you like but it will always request the Google account
For example, I steal your phone with Cerberus installed, I cannot access your phone so the most likely thing I`ll try is factory reset from recovery, this will wipe the phone and request your Google account login to access it again, which I do not have
Next thing I would try (If I knew about it) was flash stock firmware over the top, which will wipe again this time removing your Cerberus app, but again it will not prevent the Google login request
Final thing I would try would be FRP bypass to get past your Google account login, and if they manage that they have access to your phone, but it is wiped and Cerberus is gone
End of the day, no mod/app will survive the phone being flashed as the system partition is replaced with stock again, and the wipe will reset the data partition where user apps and data are
Best thing to do is enable the Google security settings for find my phone, lock and erase, and enable it to send GPS of last location when the battery is getting low, that way you can track it online until it is turned off/wiped