I turned on my tablet the other night and on the screen was a system dialog box that said a new security profile (or something like that) was applied. It gave a number of the build but I can't remember what it was. I thought by clicking OK I would get some more info, but that was it. I checked for updates and there was nothing. I got no other information.
Anyone else see anything like this? I guess it's possible it was linked to some app I have installed. But the popup window definitely looked like a system framework box.
Edit: I guess I did find on the Security tab in the settings that it is set to Automatically install new security policies. So that would make sense, just wondering what might be included in this update?
I'm pretty sure that would be the same security profile updated to version 013 message that I saw as well. If I am to guess, we can thank Samsung Knox for that message.
<synicism>
Thank you samsung for applying a security profile update that I can't see the details of to a device I don't want Knox installed on in the first place.
</synicism>
<rant>
Wish they would put as much effort into getting an update released that fixes bluetooth keyboards. Or how about functional support for BT 4.0, like it suggests on the box? Yes, you can pass the buck to Google on that one, to which I reply, why was this tablet released on 4.3 when these bugs were known?
I generally love this tablet, but the defunct bluetooth combined with screen mirroring related reboots and the Knox warranty crap really has me waiting for someone else to release a non-crippled 10.1 high dpi tablet with an active digitizer so there is some incentive for Samsung to get its act together. Toshiba isn't even worth mention.
</end rant>
dpersuhn said:
I'm pretty sure that would be the same security profile updated to version 013 message that I saw as well. If I am to guess, we can thank Samsung Knox for that message.
<synicism>
Thank you samsung for applying a security profile update that I can't see the details of to a device I don't want Knox installed on in the first place.
</synicism>
<rant>
Wish they would put as much effort into getting an update released that fixes bluetooth keyboards. Or how about functional support for BT 4.0, like it suggests on the box? Yes, you can pass the buck to Google on that one, to which I reply, why was this tablet released on 4.3 when these bugs were known?
I generally love this tablet, but the defunct bluetooth combined with screen mirroring related reboots and the Knox warranty crap really has me waiting for someone else to release a non-crippled 10.1 high dpi tablet with an active digitizer so there is some incentive for Samsung to get its act together. Toshiba isn't even worth mention.
</end rant>
Click to expand...
Click to collapse
This message?
What's the harm? It's updating something already in place that you can't evaluate so why be up in arms about an update that you can't see to evaluate either? Samsung updates a bunch of stuff passively so it's kind of a trust exercise. Since passively doing bad things to people's s/w and h/w without their consent is a sure way for a publically held company to make the front pages of the news (in a financially damaging way) I'm trusting them until given a reason I shouldn't. Do you know what Google's changed security policy enforcement wise when they roll out updates to Android?
BT keyboard usage isn't broken. You need to disable the on-screen keyboard the first time you pair it. From then on the on-screen keyboard's automatically disabled when the BT keyboard is connected.
KNOX is benign when not in use with the exception of the warranty flag that detects the use of unknown ROMs being loaded on the device. I use KNOX on my N3 and N10.1-14 and like it. I also haven't had a single issue related to it.
And it's here to stay.
http://www.infoworld.com/d/mobile-t...-move-blackberry-users-android-and-ios-230343
Go do a little homework on android 4.3 and bluetooth keyboard issues, then I'll be glad to talk about constant disconnects, key repeats, etc. The note 2014 is even worse than other 4.3 tabs in the bluetooth dept. I have gone through 4 BT keyboards so far and each has disconnect and/or key repeat issues in a major way. This is in no way related to disabling the soft keyboard.
Like I said, it starts with google and some will lay the blame there and hold samsung harmless. I guess I have a higher expectation of quality control and since I bought a samsung product and have no direct relationship with google. Samsung selected this version of android for installation, so I think it is very reasonable to hold them accountable for the functional state of the resulting device.
As for Knox, I'd love it for managing enterprise devices as an MDM platform, but there is a reason MDM software has to be INSTALLED on other platforms. It's intrusive by its very nature. I'm not using this device in a corporate environment, it's my personal tablet. As such, knowing that Samsung has the reigns on a corporate MDM tool that wasn't advertised, I had no say in adding or removing, and also provides no visibility into what they consider an appropriate security policy, isn't exactly inspiring trust. You can trust them all you want, I don't see them as being any better than Apple at this point.
My ultimate point is simple. Samsung is wasting resources reinventing the MDM wheel and forcing it on everyone (whether they want it or not) while there are numerous functional issues with this tablet that aren't being addressed. I see that as a questionable ranking of priorities. If they're worried about device security, how about starting by keeping up with updates to The base android install.
---------- Post added at 02:53 PM ---------- Previous post was at 02:46 PM ----------
Also worth mentioning is the complete lack of release notes that go along with the system updates. Think about that for a minute. How do I, as a user, ever know from one update to the next what issues have been addressed, what functional changes have been made, or what areas might have been modified so I can make an educated decision regarding if/when to update?
Samsung has proven that they can and will remove things from one version to the next as they see fit. Why can't they actually tell people what to expect by putting out proper release notes like any respectable software developer would be expected to do? Samsung lacks the skill or capability to do what developers of $2 apps in the play store are capable of? Surely you jest...
Related
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
Possibly a bit of a dangerous thing to ask about, but I heard about a researcher named Charlie Miller uncovering an exploit through which he could do some fancy hacking on Android phones just by having them scan a NFC tag. I am interested in these hacks, using the old saying "it's not a bug, it's a feature", it could not only be used to perform malicious activities, but also enhance the possibilities of NFC. I seek to use this enhancement. My biggest idea in mind yet is use a tag to make a phone connect to wifi. It may seem like a simple idea, but you need additional software just to make the phone connect to wifi, since giving the command to connect is not standardized. This does impede the potential of NFC a bit, and me being the sort of person who keeps on messing around with his phone ROMs (believe me, my S3's flash count is skyrocketing), computer hardware and Linux distro's because it is never good enough simply can't just leave untweaked hardware and unremoved limitations alone.
There should be a command to turn wifi on? That's the closest you can probably do without installing software
x10man
As far as I know, officially the command has to be launched from an app that has the permissions to do so. As far as I know a bit of hacking is required to do it in another way.
Trying to find a kitkat ROM that supports Voice dialling via Bluetooth on my note II sgh-i317m. If I role back to 4.3 it works fine (like DN3). I am currently testing CM11 and it does not work (unless somebody has a work around)
Most bluetooth functions work fine except voice dial. I hit voice commands on my Jabra and it does hear my commands. I also tried a Motorla bluetooth device and experienced the same.
Moved to Q&A.
Based my personal research, there is no known workaround. None of the operating systems, except those based on stock Samsung kernels, properly support bluetooth. They all have issues reliably initializing an audio and microphone connection to the headset after a voice command button press.
This includes ALL of the CyanogenMod releases.
It is a fairly underreported issue, and when it is reported, noone much cares - evidently, very few people actually use bluetooth to voice command their phone. So, it doesn't get any dev time. Anyone who tries to use their phone intelligently in their car, on a bicycle, or, in my case, on their motorcycle integrated with helmet comms should STRONGLY disagree. But, not everyone can sit about comfortably all day in horn rimmed glasses and ironic facial hair in a starbucks.
In my opinion, this relegates all of these releases to mere "toy" status, since this is an elementary feature of a modern phone - but as I understand it, the problem isn't particularly curable in any case due to somewhat hostile engineering and documentation practices by everyone's favorite, Samsung.
I have done as much work as I could do in researching the problem, reporting the problem and even studying how to collect logging information and eventually, a few attempts to roll my own modified kernel to attempt to solve the problem, to no avail - keep in mind I am not an android developer by any means, and have gone to some effort to learn what I could so as not to be merely a complainer.
My advice, if you insist on departing from the vendor operating system release series, is to seek the Samsung kernel-based mods, such as Ditto Note, as you have been doing. These have a higher chance of properly supporting the headset natively. They have recently moved to a kitkat release (that I haven't tested yet,) so that may satisfy.
As for myself, I will likely leave Samsung behind for my next phone, for something a little more open source friendly, hardware-wise. Being at the mercy of vendor updates and the S-voice for something I need to use more than 3 hours a day on the road has made me feel quite a fool.
FYI, over the last few days, I installed both Official AT&T / Samsung KitKat 4.4.2 and Ditto Note 3 v5.2 (based on 4.4.2) and they both properly support Bluetooth audio and microphone for voice command after a button press.
AT&T / Samsung Official:
Unfortunately comes with a version of Google Search (v.3.6) that provides the terrible Google Voice Dialer in response to a bluetooth button press, so if you were planning on using that, be prepared to root, move it from /system/ to /user/, uninstall, and then go find and install Google Search v.3.4.
S-Voice works fine, but you may need to switch your APN from "phone" to "nxtgenphone," if you haven't done so already. Else, S-voice may only work on wi-fi, not mobile data. Check out the thread on doing so here:
http://forum.xda-developers.com/note-3-att/general/psa-s-voice-stops-volte-markets-using-t2848929
Ditto Note 3 v5.2:
Comes with Google Search 3.4 which gives correct "Listening.." when bluetooth button pressed. Be sure to uncheck auto update in google play store until Google gets their crap figured out. Phone will flash as N7105, so download and use the build.prop for i317 from their extra files and turn on the telephony.lteOnCdmaDevice=1 setting. Set also ro.product.locale.language=en_US and ro.product.locale.region=US since you're an AT&T customer. You'll also need to add the nxtgenphone APN as above, I'm afraid. It's not rooted as it comes - use your recovery to flash the SuperSU binary of choice from your SD card after installation if you want root. It all works, though, and is my OS now.
rmzalbar said:
Based my personal research, there is no known workaround. None of the operating systems, except those based on stock Samsung kernels, properly support bluetooth. They all have issues reliably initializing an audio and microphone connection to the headset after a voice command button press.
This includes ALL of the CyanogenMod releases.
It is a fairly underreported issue, and when it is reported, noone much cares - evidently, very few people actually use bluetooth to voice command their phone. So, it doesn't get any dev time. Anyone who tries to use their phone intelligently in their car, on a bicycle, or, in my case, on their motorcycle integrated with helmet comms should STRONGLY disagree. But, not everyone can sit about comfortably all day in horn rimmed glasses and ironic facial hair in a starbucks.
In my opinion, this relegates all of these releases to mere "toy" status, since this is an elementary feature of a modern phone - but as I understand it, the problem isn't particularly curable in any case due to somewhat hostile engineering and documentation practices by everyone's favorite, Samsung.
I have done as much work as I could do in researching the problem, reporting the problem and even studying how to collect logging information and eventually, a few attempts to roll my own modified kernel to attempt to solve the problem, to no avail - keep in mind I am not an android developer by any means, and have gone to some effort to learn what I could so as not to be merely a complainer.
My advice, if you insist on departing from the vendor operating system release series, is to seek the Samsung kernel-based mods, such as Ditto Note, as you have been doing. These have a higher chance of properly supporting the headset natively. They have recently moved to a kitkat release (that I haven't tested yet,) so that may satisfy.
As for myself, I will likely leave Samsung behind for my next phone, for something a little more open source friendly, hardware-wise. Being at the mercy of vendor updates and the S-voice for something I need to use more than 3 hours a day on the road has made me feel quite a fool.
Click to expand...
Click to collapse
I got a popup asking to autoupdate the Samsung security policies. Does anybody know what the Samsung Security Policy updates update? I obviously declined the automatic updates, but was wondering if anybody knows if there are consequences either way.
I'm pretty sure this is Knox related. I've declined it myself only to be asked about a dozen more times since. Seems like it finally gave up though. If anyone else has input, I'd be interesting hearing what they know.
Sent from my SM-N910V using Xparent Green Tapatalk 2
My thought is to decline but i would be interested in hearing what a developer thinks.
I want to bump this question. I just had a notice to allow security policy updates. The terms and conditions that must be accepted state that the "updates may add new security policies and delete any existing policies, if necessary. The service may detect and delete any downloaded software which contains malware." Since I have a Developer Edition, am rooted and have many apps that have been granted Super User permissions, I'm wondering if these security updates could delete or alter those permissions or otherwise affect root.
I updated it on my rooted dev edition and I've had no ill effects (so far) I know it required a lot of permissions but it's a security update from the manufacturer for god sake. The last thing I wanted was some security policy to go without being updated. Maybe that's my IT mindset. I was less hesitant to install because I already have root, unlocked bootloader, and a backup, so worse case scenario I could have just restored my nand.
commissionerg said:
I updated it on my rooted dev edition and I've had no ill effects (so far) I know it required a lot of permissions but it's a security update from the manufacturer for god sake. The last thing I wanted was some security policy to go without being updated. Maybe that's my IT mindset. I was less hesitant to install because I already have root, unlocked bootloader, and a backup, so worse case scenario I could have just restored my nand.
Click to expand...
Click to collapse
Agree with this on all points, but, like @GirLuvsDroid said, it sure would be nice to know exactly what these updates are doing.
I have also been declining them, but since you took the plunge for us (and I thank you!) and to your point, that we have backups, I will take it next time.
I have a rooted dev version, and I used Titanium (I bought the premium), and I froze the Knox services, as well as the security policy updates. It stopped the popup and my phone still works fine.
So, I've decided that right now there isn't any hardware out there that is enough of an improvement over the Note3 to get me to upgrade (will wait for SD820-based phones).
Unfortunately since T-Mobile has neglected this phone we are running a year-old version of Android, and thus are vulnerable to all of the fun widely-reported security holes uncovered since then.
From what I've been reading all AOSP-based ROMs seem to be dealing with NFC/sensor fusion issues (CM has open bugs for both issues).
My question right now is: is there anything available for the Note 3 that would allow it to have the latest security fixes without having to deal with other major issues like the ones I mentioned above?
I don't really even care about having 5.1, I just want my phone to be more secure.
I'm with you about new phones and actually dislike Note 5 (no SD, non removable battery etc. WTF Samsung, if I wanted iphone I would get one). As far as I know the stagefright is the only major issue on the system level, otherwise chrome bug for example should be fixed with chrome update and other stuff should be easy to avoid as long as normal precautions are followed (installing apps from Play store only for example). But I think even stagefright bug was little overblown. My understanding is Android has ASLR (random address space allocation) so buffer overflow bug is difficult to take advantage off, since the hackers don't know where in memory needed functions are located, so even with the bug, Note 3 should be relatively safe. I updated my wife's GS5 to latest Lollipop: she hates it, I don't like it much either , so not having latest operating software is not a problem for me. Bottom line I don't worry about it too much, I just scan my phone with antivirus and all it can find is that my phone is rooted, like I didn't know that already. I'm running stock, since I can't find custom ROM that has all functions enabled, like WIFI calling, NFC etc. There was some talk of monthly security updates for Android, like Windows have, but with Google, phone makers and carriers all involved, I doubt it will happen soon.