Anyone have any experience with encryption on the One? My work email is requiring it and I've heard bad things about speed and battery life on other phones.
ewong90 said:
Anyone have any experience with encryption on the One? My work email is requiring it and I've heard bad things about speed and battery life on other phones.
Click to expand...
Click to collapse
I'm a network admin at my work, and I setup our Exchange policy, also requiring encryption on mobile devices. I added my work email to my personal One, and the encryption process took around 30 minutes (rough guess). Only had the phone a few days before I did this, but I haven't really noticed any performance of battery difference. I think this was a problem on older devices, but I've never used encryption previously on my personal devices, so I can't speak for anything else for sure. But, this phone is a beast, no issues for me.
I ran a AnTuTu Benchmark test on the stock ROM (I'm not unlocked ), with the result: 26044.
Attached some photos, 1 of the benchmark, 2 showing proof on the Exchange policy and encryption.
Edit: It wouldn't let my upload more than one image, not sure what's going on...
I have the other pictures saved with same date and time, maybe I can upload them in a few mins.
There exists an app that sandboxes exchange so you can enable all their nonsense but it does not actually touch anything. I do not remember what it is called sadly.
Putting your work exchange email on your personal phone is a dumb move. As soon as you do this you no longer "own" your phone, your employer does. They can fully wipe your phone at any time. People need to stop allowing this practice entirely. If your work requires you to have exchange email on a mobile device, make them provide it. Stop using YOUR device, and footing the bill, for a tool and service that THEY should provide. It's amazing how you get to pay for it, but they want complete control.
Sent from my HTC One using xda app-developers app
c5satellite2 said:
Putting your work exchange email on your personal phone is a dumb move. As soon as you do this you no longer "own" your phone, your employer does. They can fully wipe your phone at any time. People need to stop allowing this practice entirely. If your work requires you to have exchange email on a mobile device, make them provide it. Stop using YOUR device, and footing the bill, for a tool and service that THEY should provide. It's amazing how you get to pay for it, but they want complete control.
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
for some people its a personal choice for convenience.
For others, their employer pays their cellphone bill while allowing the employee to choose the device. My wife's work is like that, but they don't seem to require even a secure lockscreen.
Put me on the "Personal Choice" list. I have been running exchange on my devices for years for my corporate email. No encryption forced but the security does require a pass-code. The other option would be to carry 2-3 devices...not my cup of tea.
I highly recommend Moxier Mail. My company requires that my entire phone is encrypted and this program was a good way to circumvent this. They have no way to tell that you are using the program. It is a bit pricey, but to fully encrypt a phone can take up to 16 hours depending on what you have.
nrfitchett4 said:
for some people its a personal choice for convenience.
For others, their employer pays their cellphone bill while allowing the employee to choose the device. My wife's work is like that, but they don't seem to require even a secure lockscreen.
Click to expand...
Click to collapse
Just giving a heads up. Few people are aware that your entire phone can be wiped once you do this.
Sent from my HTC One using xda app-developers app
Like I said, I'm a network administrator at my work, and I created our Exchange policy, requiring a PIN and encryption. Exchange also has the option to control certain available features on the mobile device, such as the camera, or wifi, as well as preventing unsigned apps on the device. Like others have said, there is also the ability to remotely wipe the device from the Exchange server, or just remove the active sync account from the device.
I agree mostly with the above statements. I do not have a company supplied mobile phone, and don't really need one, but I did choose to have my work email setup on my phone for convenience, and for calendar entries. We do allow staff to add their work email to their own personal device, and that is why these type of options are available, so the company has a better control on the security and privacy of their digital property. I do not feel in any way that because I choose to add my work email to my own personal phone, that it is now company property, and I can remove my account at any time. I do agree, if the company requires you to have your work email on your mobile device, they company should at the very least pay the mobile bill, if not supply the device to begin with.
As far as the encryption, my HTC One took around 30 minutes to encrypt, and I have not seen any performance difference.
Attached are a few shots of the policy properties screen.
Edit: Another shot of the remote wipe screen.
Another thing to note, remote wipe is not necessarily a bad thing. I take some security in knowing I can wipe my device instantly should it go missing. Our setup has the option in the Outlook web interface so end-users can manage the device.
The longest encryption I ever did was an hour. 16 seems way too much but I guess it would depend on the phone and what was on the storage at the time.
calash said:
Another thing to note, remote wipe is not necessarily a bad thing. I take some security in knowing I can wipe my device instantly should it go missing. Our setup has the option in the Outlook web interface so end-users can manage the device.
The longest encryption I ever did was an hour. 16 seems way too much but I guess it would depend on the phone and what was on the storage at the time.
Click to expand...
Click to collapse
+1, forgot to mention users can also remotely wipe their own device in the OWA.
calash said:
Another thing to note, remote wipe is not necessarily a bad thing. I take some security in knowing I can wipe my device instantly should it go missing. Our setup has the option in the Outlook web interface so end-users can manage the device.
The longest encryption I ever did was an hour. 16 seems way too much but I guess it would depend on the phone and what was on the storage at the time.
Click to expand...
Click to collapse
It is a long time but when you have a 32 gig on storage w/ 32 gig sd card filled with vids, pics, and music it will get take a while for it to go.
Related
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
Hi everyone. I recently got a T989 from Telus, to which I used an Ebay unlocked. Now first things first....I have never had my email account or any account hacked. My computers in my home are virus free, so I have eliminated them. Within a week of using my T989 with Mobilicity, my gmail account (which my phone knows the password to) was hacked and logged in by someone in the U.S (Gmail shows IP logins) and they spammed my entire contact list. Now I am trying to think of ways this could have happened, but I honestly think the phone may have a keylogger or something on it.
Here are the steps they had me carry out (and it did unlock the phone immediately).
Download and install necessary files
http://www.UnlockClient.com/SAMSUNG_USB_Driver.exe
http://www.UnlockClient.com/dotNetFx40_Full_setup.exe
Very simple procedure:
1. Enter your paypal email or start in demo mode
2. Type *#7284# and select USB - Modem
3. Type *#9090# and select [1] USB
4. Exit service menu and reboot the phone
5. Once phone rebooted connect the phone and computer
6. Wait until all drivers are installed
7. Click "Unlock" button
8. Enter 00000000
Here is the auction for this unlock I got. http://www.ebay.ca/itm/280852210909?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
Is there anything there that I should worry about? Or is there any possibility they have someone routed everything I do on my phone through them? I am seriously worried about my online banking information and such. Thank you very much in advance.
not sure if serious?
- taz b.
Why wouldn't I be serious? Isn't this a legitimate conclusion? I don't have a lot of posts but I have been lurking for years. I am serious however.
Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA
Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.
wy2sl0 said:
Oh I have wiped many times. The problem is that I don't think any of that wipe stuff will go back to factory settings in those *# menus or for the modem settings etc.
I know an unlock code is all that is needed, but I bought from a website that couldn't find the code. This one offered and instant unlock by a program (like the ones shops use) to unlock.
I am also not dumb, the paypal account doesn't require a password or anything it is just a way to identify your keys.
Click to expand...
Click to collapse
And did you test your phone with a different sim card? Everything is functional?
As far as I know, the legitimate way and the only way to unlock a phone is through the codes generated by the datebase. All the reputable sites that unlock phones that I know of, all use codes to unlock. When I had bought my telus g2sx the store unlocked it using the code.
Something like a keylogger would be app level, not modem info or hardware level. Also, something transmitting every keystroke would use a LOT of data and battery.
First thing I would do, personally, is check my battery stats to see if any app was using a suspicious amount of battery.
In my opinion, it wouldn't make sense for a company who already got your money for an unlock service to install a key logger to spam your Gmail contacts.
Just my two cents. It would take a tremendous amount of technology to track everyone who used the service. Not to mention man hours in sifting through collected data.
Check the battery stats. Settings>About Phone>Battery Use.
Hope this helps in any way. Hacked accounts are always a bummer man.
Wierd, I used that site a week or two ago and nothing like that happened to me. Makes me worried now.
I didn't use ebay though, I did it directly from the site. You could always re-flash your phone to stock then update it, that would eliminate any possibility of odd software.
In step 1, did you run a program on your computer, on the phone or both?
anomy13 said:
Unlocking phone is really a matter of entering a simple code in one step. All your steps there including entering your PayPal account, connecting USB?? and installing drivers are unneccesary and sketchy at best.
I've seen some reputable phone unlocking sites but definitely never seen something like that from eBay.
If I were you I would try a darkside full wipe and go back to whatever was at a safe state before.
Sent from my SAMSUNG-SGH-T989 using XDA
Click to expand...
Click to collapse
If you want your phone as clean as possible then do this in recovery
go to mounts and storage format /data format /system format /cache format/emmc. Then flash the super wipe followed by the rom but remember doing it this way deletes everything from your phone.
Sent from my SGH-T989 using Tapatalk 2
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol
-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
Click to expand...
Click to collapse
Isn't GMail SSL now?
Joe USer said:
Isn't GMail SSL now?
Click to expand...
Click to collapse
and ssl can be stripped from packets now. Intercept the packet and then use it to sign in. then profit.
an app to play with if you want to try it out for your self is faceniff for andorid.
-Mr. X- said:
probably had nothing to do with the unlock, but more likely you had soem one arp attack your wifi on an open hotspot and they just nabbed your password.
I fiddle with this in coffee shops all the time and i always leave with a list of facebook, youtube, gmail hotmail and other passwords.
I'm not a spammer, i just like to see how insecure things are and if any one is intelligent to use ssl... even though ssl can be stripped from a packet now lol
Click to expand...
Click to collapse
Any recommendations to protect yourself then?
sent from the darkside of the galaxy
Z-Man™ said:
Any recommendations to protect yourself then?
sent from the darkside of the galaxy
Click to expand...
Click to collapse
dont use open hotspots at coffee shops and stuff like that. look for the shady nerd in the corner, and i think there is an app that can detect if your wifi is being arp spoofed.
https://play.google.com/store/apps/details?id=com.gurkedev.wifiprotector&hl=en
i think there may be free ones too, i dont know. but that app will detect if your being attack by a man in the middle/arp spoofing
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
its not just your phone that is at risk for these attacks. anything you sign on with is if some one does the man in the middle attack, among other attacks.
Other reasons besides your phone unlocking are the root cause of your issue. It's unfortunate none the less but man in the middle password sniffing and fishing are the leading causes i see at work for your spamming hijacking. i work with this stuff daily.
wy2sl0 said:
I don't use Wi-Fi hotspots since I have unlimited data on my phone. I really don't understand how this could've happened.
Click to expand...
Click to collapse
Did you ever figured out if unlockclient.com had injected some malware in your device.
Has anyone on this site had problem with them or any developper had a chance to check what they are doing ?
I recently thought I had lost my phone but I had just misplaced it at home. Because I had powered it off I was unable to locate it by making it ring and I thought it had been stolen.
Unfortunately, I hadn't set a lockscreen pin or installed a security app to help locate and control my phone remotely so my phone was totally unprepared for the situation.
I hurridly set about changing sensitive passwords using my laptop then I tried to remotely install a security app called "Android Lost" and when I eventually found my phone the app was automatically installed but did not work because it needs to be run and activated.
So, I have learned my lesson from this experience and I have now set a lockscreen password PIN and installed and registered "Android Lost".
Now if I really lose my phone I am not completely helpless and I will not power it off unless it is on charge.
I hope my experience acts as a warning to others who have not taken phone security precautions.
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
I think the app "Plan B" will work in that situation. Never tried before though.
Using "Wheres my droid" myself.
parker09 said:
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
Click to expand...
Click to collapse
Thanks for your informative reply. I've switched from "Android Lost" to Cerberus which looks better.
Cerebus, Android lost or where's my droid?
I tried Cerberus because of all the positive comments I had seen on xda. I can personally say it is by far the best one out there. I've used seek droid, where's my droid and nearly all of them but Cerberus just seems to do more
Sent from my Nexus 4
ltylty123 said:
I think the app "Plan B" will work in that situation. Never tried before though.
Using "Wheres my droid" myself.
Click to expand...
Click to collapse
Plan B doesn't work on 4.0+
I use Cerberus.
parker09 said:
Yeah that's basically the first thing I did with the Nexus 4, I ended up going with Cerberus which was about $4aud for a account which I can use on my two previous phones and tablet should I decide to take it away since the Nexus doesn't have USB OTG support.
Does basically everything, my most wanted feature was the invalid pin/pattern photo, where if you put the wrong pin/pattern in it'll take a photo & Email it to me.
Thankfully haven't needed to put it into action but I make sure to test it after each ROM upgrade just in case it doesn't work.
Click to expand...
Click to collapse
Yeah, I use Cerberus as well (got it for free quite some time back when the developer was having a "free for life" weekend special). Also, it's worth mentioning that once bought you can use it on up to 5 devices (which is great if you have multiple phones).
In addition to doing what is quoted above it also lets you do all kinds of things in the web interface. From locking the SIM to tracking the phone's location over a given time period to being able to pull up call and text logs. All of that in addition to the usual features of locating your phone (via GPS) and setting off an alarm (that is insanely, and occasionally scary, loud).
I highly recommend it to my friends and family members. Definitely think you should give it a go. If I hadn't gotten it for free I would gladly have paid for it. Never had to use it (beyond showing off its capabilities to people looking for a security app), but it gives me peace of mind knowing it just works (and does so after ROM flashing).
Also, if you have root and enable it as a device administrator it'll do quite a bit more. From locking your phone to remote wipes to uninstallation protection (of course a complete wipe from recovery will beat that, but there's only so much you can do or not do in that case).
I like the way Cerberus can take a picture of someone trying to crack the lock screen pin and email it. I wonder how difficult it is to get past a screen lock pin?
How big is the impact of Cerberus on battery life guys?
Lexus fan said:
How big is the impact of Cerberus on battery life guys?
Click to expand...
Click to collapse
Almost no impact at all
Anyone using avast?
I just got my Nexus 4 and have yet to setup a security app. I used Prey on my last phone and it seemed pretty good. Anyone know how it compares to these other apps?
Lexus fan said:
How big is the impact of Cerberus on battery life guys?
Click to expand...
Click to collapse
No impact at all. Since the app doesn't run until you manually send commands from the web interface. And even then the app doesn't really "run" per se. There's no visibility at all it's even there, minus the icon in the app drawer. (And you can even hide the app and make it so it's only accessible by dialing a certain code from the phone dialer.)
i want to install these 'lost my phone' apps but dont they really drain the battery and you have to turn on gps and location settings on? also if the thief who steals your phone will read up on how to reflash and wipe the phone? it will render these apps useless
I've been using Cerberus for some time now and it's absolutely perfect! Every part of it functions just as it's intended to and the app has practically no impact on battery life. Great stuff!
elbel86 said:
I just got my Nexus 4 and have yet to setup a security app. I used Prey on my last phone and it seemed pretty good. Anyone know how it compares to these other apps?
Click to expand...
Click to collapse
I was using prey, but thanks to this thread I just switched to Cerberus - much better deal, interface, and functionality - plus a couple extra features if rooted. Totally worth the USD4.
Sent from my Nexus 4 using xda premium
If you are like me, you should have all your favorite apps, documents, pictures etc. stored right on your phone that basically gives a full picture of who you are as an individual. You also have been pretty satisfied with the pattern, pin number, password or face unlock or all of these together as a security you have in place to prevent unauthorized access. But here is something that happened by accident that led me down this thought process. While trying to yank out the phone from my pocket while driving (which when you are getting a phone call especially becomes the most impossible task), I noticed that the phone "Power Down", "Restart", "Airplane Mode" pop up was on. This is on top of my regular swipe to unlock with pin number lock screen. This made me curious and noticed that the back button will work to close this pop up and also the power button works to reactivate this pop up. I hope everyone is with me till here. What surprised me was that the phone will actually turn off or restart from this point without the need for an unlock code. This means anyone with rooting and backup knowledge can steal my phone, restart my phone into recovery and wipe it to make the phone their own or just create a backup (CWM) and through that access my personal information. I know that photos and documents stored on the external card is open unless encrypted. But I hoped the internal data would be secure.
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
TL;DR version
If phone is stolen and person has knowledge of android they can factory reset your phone, even if you have a password setup. If they enter recovery they can wipe data and factory reset your phone and now it is usable for them.
My theory if you have your phone rooted I wish there was a way to lock the recovery with a password. Unfortunately ODIN will always be available able to get back to stock. Cerberus is a great app to have full control of phone if stolen FYI
DesperateScorpion151 said:
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
Click to expand...
Click to collapse
As soon as I realize it is missing I would activate the wipe feature in this software.
https://play.google.com/store/apps/details?id=com.lookout&hl=en
If I have your phone in my possession I guarantee I can hack it regardless of any security measure you make take, so the best solution is to be able to wipe it remotely.
technically even a remote wipe is not enough if the thief is knowledgeable. I accidentally wiped flashing in Odin with nand erase checkd and recovered everything that was on it using this
http://forum.xda-developers.com/showthread.php?t=1994705 so your never completely safe
Exactly my point like everyone else confirms it here. We have advanced so much to a point that even a 9 year old (not that 9 is too young to know computer basics) who is familiar with basics on rooting after reading through forums after forums can get away with stealing a smart phone now a days. At this point the only way I could think of protecting my data (first priority) and then track my phone is if the tracker is incorporated into the boot loader or recovery itself on top of what ever software you have installed in the OS. So if the thief tries to unlock my phone after a restart, the installed software should take care of the rest but If he/she is smart enough to go via boot loader or recovery then the incorporated tracker can do its thing. Anything of that sort exists?
Did you forget you could just pull the battery to get into recovery?
Why do you need to pull the battery?
Aerowinder said:
Why do you need to pull the battery?
Click to expand...
Click to collapse
You don't, but its easier than going through all of the steps OP posted.
I really doubt my data is worth anything. Pictures of my cats aren't exactly hot commodities and I don't store anything on my phone that I wouldn't publicly reveal, anyway.
I wouldn't be worried about my worthless information, just annoyed I was dumb enough to let it get stolen. Yeah, I know that basically anyone with half a brain can wipe a phone and re-sell it - it always amazes me when people think that thieves aren't smart enough to do that.
I'm cynical. Saves a lot of worry since I just expect the worst, I guess.
They get into your email where it may be more info to compromise.
Sent from my SGH-T999 using xda app-developers app
I would be less worried about the minute possibility of a phone thief targeting your personal information than I would be about your personal data being mined from your phone by numerous applications.
Bottom line is, if you use Google or Facebook, you personal information is already in the hands of giant corporations who will never be held accountable for the theft of your personal info.
Take Facebook for example - within the app, the only time it should ever ping your location is if you are using FB chat and have the location setting enabled. However, even when you disable location within FB chat, every single time you open Facebook it uses your GPS to get your location. Every time.
In addition, although you are unable to see it in action because there is no notification icon for it, I would bet a million bucks it's also pulling your network location if your GPS is off.
Facebook is constantly working in the background - even if you never opened it.
Google? I won't even begin to try and explain the amount of data they are collecting from you. As is T-Mobile, Sprint, Verizon, ATT, etc. every single second that your phone is on with data enabled.
Should we be concerned with some random thief who knows the ins and outs of Android pulling your data? Sure, we should think about it. But the reality is, if you own a smart phone your information is already out there in the hands of companies who will use it to any end they can in order to turn a profit. Period.
ButWhile I see the pros and cons of different parts involved in using social networks and so forth, one thing we can (at least for now) be certain of is that they won't use your credit card information etc. to make illegal purchases and so forth. I know of a person who routinely used the credit card app to check balance, pay bill etc. and next thing he was getting phone calls to see if the purchases made at a casino in Spain are OK?! This is without ever losing the phone!!. So, it could be worse in the case of phone loss. Sure, personal data, pictures and even email to some extent is not as bothersome to me as identity theft. Thank to some anti-fraud features of the banks etc. one can deny and simply not be associated with that activity (of course in legitamate cases). My friend ended up getting another card with different number and they closed the online banking account. He had to re-register all over with another id. So, it can be a big hassle. I heard of cases where people had to hire lawyers and run around courts to prove their innocence due to identity theft. Of course if you keep a picture of your driving licence on the phone, you are really asking for it so... (trust me, one girl was doing this because she didn't want to carry her purse/wallet on night outs)
Having said that, I am always worried if the roms we download here in XDA have trojans or backdoors built into kernels and system files... I know that it is like doubting even the good devs but how do we know for sure? Unless you are really an in-depth expert and figure out all the details such as processes and ports that are open and so forth, how do you really know? The phone's data icons keep pinging back and forth every now and then and at times I wonder what's being sent and what is it receiving... just sync'ing contacts...or...??
Call me paranoid but, after what happened to my friend, and similar stories, I am a bit skeptical about the security and integrity of the ROMs in the first place... Now, mostly I download and try different roms and settle on one that suits my preferences. I use the phone for calls as well as to make general tasks easier in many aspects except financial transactions. In short, I don't trust my smart phones.
For those of you wondering what Google is tracking, (not by any means the only place to look) login to your gmail account and look around different settings. You'll see web history, phone data to name a few..
Can anyone help me carrier unlock my Verizon phone? My phone has been hacked and I hope being able to flash it will help me to get rid of whatever they have done to it. Can anyone tell me why I get this message when I reset my phone? Any help would be greatly appreciated
there is no carrier unlock for VZW models. if you can boot into recovery, sideload the OTA version that was last on your device.
What did you do that resulted in the phone being hacked? With the sectors being wiped that are shown in the images, it looks like you have provided total device access to something whilst having an unlocked bootloader or something similar. If you let us know what happened, it might help us to figure out what options you may still have.
But definitely see if you can do what @uicnren mentioned first.
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
How do I find what OTA version was used on my phone?
Nothing hacked here... this is an error when wiping the Secure Element (the trusted secure module).
(https://android-review.linaro.org/p...cure_element/1.0/SecureElementHalCallback.cpp line #66)
Are you initiating the wipe from the recovery? If so, that's likely the reason. If there is an account attached to the device, a wipe must first be initiated from within Android (Settings)
Woodruff87 said:
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
Click to expand...
Click to collapse
what symptoms were you seeing that made you think you were hacked?
Those errors are normal in Recovery Mode. I see them all the time, sometimes they don't appear, usually they do.
Did you remove your google accounts from settings, do a factory reset from the reset menu and lastly in recovery mode where you posted the screenshots from.
Your Account might be hacked but the phone is unlikely hacked. You would get a message at boot telling you that the device has been modified. With a locked bootloader its extremely unlikely (unless NSO Group is targeting you).
Woodruff87 said:
Can anyone help me carrier unlock my Verizon phone? My phone has been hacked and I hope being able to flash it will help me to get rid of whatever they have done to it. Can anyone tell me why I get this message when I reset my phone? Any help would be greatly appreciated
Click to expand...
Click to collapse
Did you unlock the bootloader? Have custom firmware/kernel installed?
A "hacker" wins nothing by resetting/wiping your phone. They want data, and that only works if the phone can turn on and works. This looks like a wipe/factory reset gone wrong, which spells user error or software error and less likely a "hacker" attack. Most hacks you will never notice. A hacker that makes you notice that something went wrong, is either an amateur or did it on purpose. Ergo, he wants you to know that something went wrong, which usually only happens in order to extort you. If there is no extortion, then an obvious act by a hacker is highly unlikely.
We need some more information. What firmware had you installed? What happened exactly when. Did you install any new apps recently? What did you do prior to something going wrong? All the information that could help us troubleshoot your issue.
You said your phone wiped itself a day after connecting to your girlfriends wifi, and that a replacement device that you got sent by your carrier, did the same. Did you check your Google account? Do you have two factor authentication activated? It sounds like your phone got wiped over wifi, which would require access to your Google account. It's just odd that you get errors, which normally shouldn't happen if someone would use the erase a lost Android device function.
It's also possible that your backup from your GAccount is simply corrupted (many people had issues with random reboots). You should try and set up your (replacement) phone anew without any backup, maybe that can fix your issue.
Beyond that Google account thing-y, anything else is highly unlikely. Even specialized companies have serious issues getting into a modern smartphone, lest alone an Android 12 phone with a Google Server grade Titan m2 chip. The newer the firmware, the less likely the chance that someone from the outside could get in, especially with a phone like a Pixel that isn't very common. Most security firms/govermental agencies can only abuse older, known security loopholes. It's more likely that very popular phones like a Samsung or IPhone are targets from "the bad guys", since there will be bigger payoff for breaking the security of those phones, since there is a greater pool of users to target. Most hacks I've witnessed weren't random, they were targeted. Ask yourself: Am I worth the trouble of getting hacked? Do you have anything of interest on your phone that would warrant an excessive use of resources? Managing to hack a Pixel is not only unlikely in terms of the security you need to breach, but also in terms of the potential payoff in relation to the necessary knowhow and resources. It's just "not worth it".
What you should do immediately, just in case, is secure your Google account. Change your password. Maybe even change your two-factor authentication, if you have one (sms is not secure, use a token generating software/device). Change the wifi password from your girlfriend and check the list of connected devices. make a list of these connected devices + history (find that in the rooter software) and check them against the devices you know of. Also check the list of connected devices to your GAccount. Use the option to log out ALL devices from your Google account, so only your device is connected.
Do any other people have access to your phone? Do any other people know your passwords? Does your girlfriend has access? Do any other people have biometric security saved on your phone? Do you trust your girlfriend completely?
Make sure you use a special, new password for your GAccount, never reuse old ones that you have used somewhere else. Also check your emails on https://haveibeenpwned.com/
Beyond that, if you are not doing already, use a password manager.
Woodruff87 said:
Im not sure who or how they wiped anything. It happened one day after connecting to my girlfriends wifi. I got ahold of Verizon and they sent me a new phone and as soon as I started it the same thing happened to it also
Click to expand...
Click to collapse
Wait a sec. Verizon sent you a new (refurbished probably but new nonetheless) phone and when you turned it on weren't you greeted with the startup menu? Am I missing something?
Morgrain said:
Did you unlock the bootloader? Have custom firmware/kernel installed?
A "hacker" wins nothing by resetting/wiping your phone. They want data, and that only works if the phone can turn on and works. This looks like a wipe/factory reset gone wrong, which spells user error or software error and less likely a "hacker" attack. Most hacks you will never notice. A hacker that makes you notice that something went wrong, is either an amateur or did it on purpose. Ergo, he wants you to know that something went wrong, which usually only happens in order to extort you. If there is no extortion, then an obvious act by a hacker is highly unlikely.
We need some more information. What firmware had you installed? What happened exactly when. Did you install any new apps recently? What did you do prior to something going wrong? All the information that could help us troubleshoot your issue.
You said your phone wiped itself a day after connecting to your girlfriends wifi, and that a replacement device that you got sent by your carrier, did the same. Did you check your Google account? Do you have two factor authentication activated? It sounds like your phone got wiped over wifi, which would require access to your Google account. It's just odd that you get errors, which normally shouldn't happen if someone would use the erase a lost Android device function.
It's also possible that your backup from your GAccount is simply corrupted (many people had issues with random reboots). You should try and set up your (replacement) phone anew without any backup, maybe that can fix your issue.
Beyond that Google account thing-y, anything else is highly unlikely. Even specialized companies have serious issues getting into a modern smartphone, lest alone an Android 12 phone with a Google Server grade Titan m2 chip. The newer the firmware, the less likely the chance that someone from the outside could get in, especially with a phone like a Pixel that isn't very common. Most security firms/govermental agencies can only abuse older, known security loopholes. It's more likely that very popular phones like a Samsung or IPhone are targets from "the bad guys", since there will be bigger payoff for breaking the security of those phones, since there is a greater pool of users to target. Most hacks I've witnessed weren't random, they were targeted. Ask yourself: Am I worth the trouble of getting hacked? Do you have anything of interest on your phone that would warrant an excessive use of resources? Managing to hack a Pixel is not only unlikely in terms of the security you need to breach, but also in terms of the potential payoff in relation to the necessary knowhow and resources. It's just "not worth it".
What you should do immediately, just in case, is secure your Google account. Change your password. Maybe even change your two-factor authentication, if you have one (sms is not secure, use a token generating software/device). Change the wifi password from your girlfriend and check the list of connected devices. make a list of these connected devices + history (find that in the rooter software) and check them against the devices you know of. Also check the list of connected devices to your GAccount. Use the option to log out ALL devices from your Google account, so only your device is connected.
Do any other people have access to your phone? Do any other people know your passwords? Does your girlfriend has access? Do any other people have biometric security saved on your phone? Do you trust your girlfriend completely?
Make sure you use a special, new password for your GAccount, never reuse old ones that you have used somewhere else. Also check your emails on https://haveibeenpwned.com/
Beyond that, if you are not doing already, use a password manager.
Click to expand...
Click to collapse
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
bencozzy said:
Two things are they refurbished? And do they work without signing into google?
Click to expand...
Click to collapse
The first one was new, but the one I got from Google as a replacement was refurbished. Ill try resetting through the settings and deactivating all my accounts.
Woodruff87 said:
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
Click to expand...
Click to collapse
This, among many other things, is one of the reasons I use GrapheneOS and NO gooble services (despite all the attention they give to sandboxed gooble services).
Woodruff87 said:
Thanks I really appreciate the help and all the advice. I checked https://haveibeenpwned.com/ and my account has been pawned in 1 data breach... I will deactivate the Google account and start over fresh. Thanks again for all the info
Click to expand...
Click to collapse
your google address was found on that site for another service and you used the same password for both services, correct?
despite what some believe, your google account will not get hacked unless your password is insecure (ie. leaked or insufficient with 2FA). anything less and your asking for trouble (also using GrapheneOS).