Related
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
looking for something kinda like this, but useful...
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
Back in 2003, I came across a feature quietly tucked away in a service pack update I got for Win XP. They called it Microsoft Groove. It was a means of storing info online in case it was too big to send,you could upload pretty much anything(contacts,folders,etc.) and access the info remotely from any internet enabled computer in the world. Thanks but no thanks, I thought. My info, and that of others, is my responsibility to administrate.
Cut to 2012, now the contacts I had synchronised with Outlook back then,were associated with my Windows live account, which saved them online "as a backup". I cant sync contacts directly with my PC, now the info goes straight to the cloud platform. The cloud storage is the common meeting point for my devices, for years you could not take files directly from your 'high-tech' WP7 device and put them in your PC, you were ushered into the cloud computing framework and convinced that the whole thing was your idea all along. Real control over personal information is synonimous with older devices, the more advanced and current your device is,the less control you get over info. Sounds like a lame trade-off to me.
Vukile said:
Back in 2003, I came across a feature quietly tucked away in a service pack update I got for Win XP. They called it Microsoft Groove. It was a means of storing info online in case it was too big to send,you could upload pretty much anything(contacts,folders,etc.) and access the info remotely from any internet enabled computer in the world. Thanks but no thanks, I thought. My info, and that of others, is my responsibility to administrate.
Cut to 2012, now the contacts I had synchronised with Outlook back then,were associated with my Windows live account, which saved them online "as a backup". I cant sync contacts directly with my PC, now the info goes straight to the cloud platform. The cloud storage is the common meeting point for my devices, for years you could not take files directly from your 'high-tech' WP7 device and put them in your PC, you were ushered into the cloud computing framework and convinced that the whole thing was your idea all along. Real control over personal information is synonimous with older devices, the more advanced and current your device is,the less control you get over info. Sounds like a lame trade-off to me.
Click to expand...
Click to collapse
Many years ago I came across a little used feature called email, all sounded a bit "fantastical" to me at the time, I mean, we had pens, we had paper, letter boxes in every home, if we all sat around typing on monochrome screens our eyes would bleed, we'd get radiation burns and we'd all forget how to write and besides, it hadn't been THAT long since telegrams were sent on mass, and interestingly they would still have been a bigger user base for that too compared to "email"
needless to say we didn't all go blind or forget how to write (although that at least is partially debatable!) and now we send these fandangled electronic letters everywhere instead, so much so in fact, our postal service is just about broke.
I do hear what you are saying, but this IS the world we live in, we need to move with it an to be perfectly honest, the cloud has saved my bacon more than once, in situations that a direct sync with a computer would have been as useful as a chocolate teapot.
im curious
what is it that you don't like about cloud? is there any actual reason other than the "idea" of dumping your stuff on a third party service that can arguably can look after your data in a much more secure location than a home computer
I happen to like having full control of what goes in and out of my device. I dont live too far from the beach,but I rarely go. The idea of not having that option anymore would drive me over the edge, its as logical as having a pool at your house. My rant was spurred on by an article that suggested that our devices would merely be shells. Remember when gmail crashed a while back, or RIM, Facebook,Twitter,etc.? Bothered the hell out of me. If Im likely to fall prey to that again,I should at least be able to keep operating independently of those vices, otherwise my phone will turn into an overpriced flashlight.
Vukile said:
I happen to like having full control of what goes in and out of my device. I dont live too far from the beach,but I rarely go. The idea of not having that option anymore would drive me over the edge, its as logical as having a pool at your house. My rant was spurred on by an article that suggested that our devices would merely be shells. Remember when gmail crashed a while back, or RIM, Facebook,Twitter,etc.? Bothered the hell out of me. If Im likely to fall prey to that again,I should at least be able to keep operating independently of those vices, otherwise my phone will turn into an overpriced flashlight.
Click to expand...
Click to collapse
and yet, the flip side to that coin is that, yes you could sync directly to your computer to stay in "control" but should the server go down you still wont get your email in either case. If my server goes down my device keeps the contacts on it, it keeps the emails going back as far as I tell it too, I do not need to have the a connection to the server other than to get new data, which would screw both methods if that were to happen.
The other thing is that whilst direct syncing has benefits to some degree although personally I don't notice the difference any more as I cant even remember the last time I fired up outlook... anyhow, yes you can sync, but lets say you were on the beach and your phone goes tits up, I bet I can reset and be synced before you got off the beach unless the server is down in which case yes you could sync all your old data but your just as stuck for anything new as I would be, of course my other email account would be able to sync its contacts, so that would have to go down too, or perhaps the whole network stops...and wifi,,,
I do see what your saying, I used to think the same until I actually stood back and looked at it objectively, I asked myself some honest questions and added a second layer of redundancy by having my live and gmail accounts sync contacts and calendar info periodically. There really is only so much you can do and the benefits of cloud storage for me far out weigh the downsides.
Sorry my friend, but one way or another, direct syncing like the good old days is a relic of a time that's soon to be forgotten
I get you,dazza,really. My point is, though, that if theres a loss or unavailability of data, I want to be 100% responsible. I dread the day when I have to periodically look at a notification that says "Our technicians are working on it". This crap has gone down with every major cloud computing service or derivative since the innovation was thrust upon the masses. I just want my phone back,man. Screw the innovations, let me take my under-utilised hardware and be on my way.
Vukile said:
I get you,dazza,really. My point is, though, that if theres a loss or unavailability of data, I want to be 100% responsible. I dread the day when I have to periodically look at a notification that says "Our technicians are working on it". This crap has gone down with every major cloud computing service or derivative since the innovation was thrust upon the masses. I just want my phone back,man. Screw the innovations, let me take my under-utilised hardware and be on my way.
Click to expand...
Click to collapse
rip pimp c
I completely understand, but the reality is that is unlikely to come back, although I do see a future where the location of cloud can be changed, think along the lines of corporate domains with AD setup, companies may be ok with you taking work home an accessing via a phone but only on their terms, on their servers, if that were possible I could see a windows server extension to allow that, an thus potentially have it on a home server too... Maybe
Sent from my Samsung Focus S using XDA Windows Phone 7 App
Vukile said:
I get you,dazza,really. My point is, though, that if theres a loss or unavailability of data, I want to be 100% responsible. I dread the day when I have to periodically look at a notification that says "Our technicians are working on it". This crap has gone down with every major cloud computing service or derivative since the innovation was thrust upon the masses. I just want my phone back,man. Screw the innovations, let me take my under-utilised hardware and be on my way.
Click to expand...
Click to collapse
I used to feel the same way about print and electronic media. Think about it.
What I don't like is everything being dumbed down and the options being removed (Or made astronomically expensive) that used to exist before.
Microsoft has the technology (And the phone even supports it for corporates).
The fact is in terms of real usefulness palm os offline had far more innovative applications. (And didn't try to make everything moron proof).
---------- Post added at 02:59 AM ---------- Previous post was at 02:56 AM ----------
gentry33 said:
I used to feel the same way about print and electronic media. Think about it.
Click to expand...
Click to collapse
Realistically the consumer should get outlook connectivity / lync / sharepoint / office 365 in a hosted manner not the dumbed down experience that we do get.
(Even the old activesync system was preferable in a lot of ways).
And yet dumbed down is exactly what people want, you are not not the target user
Sent from my Samsung Focus S using XDA Windows Phone 7 App
dazza9075 said:
And yet dumbed down is exactly what people want, you are not not the target user
Sent from my Samsung Focus S using XDA Windows Phone 7 App
Click to expand...
Click to collapse
Schaps had the gameplan years ago, but we were too busy sleeping. Imma donate the hell out of itParticipate.
I fell for this this "We're not updating xxxxxxx device" crap afew times. I had an iMate Jam (largest selling PDA of its time) and I let it go because it was never gonna get a WM5 update. Nowadays, I see cats doing backflips and handstands with their WM6.5 iMate Jams like its the most natural thing in the world. When it comes to devices, N.E.R.D
You can still have a modern "PDA" and live completely off the "cloud", your data haphazardly fragmented across devices, if you really feel the need to live in the past. Ironically though, Microsoft is no longer the company that will provide you the platform with which to do so.
I wonder how many former HTC Leo owners wish they never listened to that. Btw, since starting this thread, I managed to achieve my goal. A little Chinese ingenuity here,a little Vietnamese there, a dollop of Russian app and add some Italian and Egyptian flair.... Tasty.
history is cyclical, that's how humanity progresses, we do learn mistakes from the past, but will find news ways to make it again. In XX years time, we might end up going back to individual storage again.
If you are like me, you should have all your favorite apps, documents, pictures etc. stored right on your phone that basically gives a full picture of who you are as an individual. You also have been pretty satisfied with the pattern, pin number, password or face unlock or all of these together as a security you have in place to prevent unauthorized access. But here is something that happened by accident that led me down this thought process. While trying to yank out the phone from my pocket while driving (which when you are getting a phone call especially becomes the most impossible task), I noticed that the phone "Power Down", "Restart", "Airplane Mode" pop up was on. This is on top of my regular swipe to unlock with pin number lock screen. This made me curious and noticed that the back button will work to close this pop up and also the power button works to reactivate this pop up. I hope everyone is with me till here. What surprised me was that the phone will actually turn off or restart from this point without the need for an unlock code. This means anyone with rooting and backup knowledge can steal my phone, restart my phone into recovery and wipe it to make the phone their own or just create a backup (CWM) and through that access my personal information. I know that photos and documents stored on the external card is open unless encrypted. But I hoped the internal data would be secure.
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
TL;DR version
If phone is stolen and person has knowledge of android they can factory reset your phone, even if you have a password setup. If they enter recovery they can wipe data and factory reset your phone and now it is usable for them.
My theory if you have your phone rooted I wish there was a way to lock the recovery with a password. Unfortunately ODIN will always be available able to get back to stock. Cerberus is a great app to have full control of phone if stolen FYI
DesperateScorpion151 said:
What do you guys think about this? Is there any app that would prevent access to the phone while locked via hard keys? What do you do to keep your information safe?
Click to expand...
Click to collapse
As soon as I realize it is missing I would activate the wipe feature in this software.
https://play.google.com/store/apps/details?id=com.lookout&hl=en
If I have your phone in my possession I guarantee I can hack it regardless of any security measure you make take, so the best solution is to be able to wipe it remotely.
technically even a remote wipe is not enough if the thief is knowledgeable. I accidentally wiped flashing in Odin with nand erase checkd and recovered everything that was on it using this
http://forum.xda-developers.com/showthread.php?t=1994705 so your never completely safe
Exactly my point like everyone else confirms it here. We have advanced so much to a point that even a 9 year old (not that 9 is too young to know computer basics) who is familiar with basics on rooting after reading through forums after forums can get away with stealing a smart phone now a days. At this point the only way I could think of protecting my data (first priority) and then track my phone is if the tracker is incorporated into the boot loader or recovery itself on top of what ever software you have installed in the OS. So if the thief tries to unlock my phone after a restart, the installed software should take care of the rest but If he/she is smart enough to go via boot loader or recovery then the incorporated tracker can do its thing. Anything of that sort exists?
Did you forget you could just pull the battery to get into recovery?
Why do you need to pull the battery?
Aerowinder said:
Why do you need to pull the battery?
Click to expand...
Click to collapse
You don't, but its easier than going through all of the steps OP posted.
I really doubt my data is worth anything. Pictures of my cats aren't exactly hot commodities and I don't store anything on my phone that I wouldn't publicly reveal, anyway.
I wouldn't be worried about my worthless information, just annoyed I was dumb enough to let it get stolen. Yeah, I know that basically anyone with half a brain can wipe a phone and re-sell it - it always amazes me when people think that thieves aren't smart enough to do that.
I'm cynical. Saves a lot of worry since I just expect the worst, I guess.
They get into your email where it may be more info to compromise.
Sent from my SGH-T999 using xda app-developers app
I would be less worried about the minute possibility of a phone thief targeting your personal information than I would be about your personal data being mined from your phone by numerous applications.
Bottom line is, if you use Google or Facebook, you personal information is already in the hands of giant corporations who will never be held accountable for the theft of your personal info.
Take Facebook for example - within the app, the only time it should ever ping your location is if you are using FB chat and have the location setting enabled. However, even when you disable location within FB chat, every single time you open Facebook it uses your GPS to get your location. Every time.
In addition, although you are unable to see it in action because there is no notification icon for it, I would bet a million bucks it's also pulling your network location if your GPS is off.
Facebook is constantly working in the background - even if you never opened it.
Google? I won't even begin to try and explain the amount of data they are collecting from you. As is T-Mobile, Sprint, Verizon, ATT, etc. every single second that your phone is on with data enabled.
Should we be concerned with some random thief who knows the ins and outs of Android pulling your data? Sure, we should think about it. But the reality is, if you own a smart phone your information is already out there in the hands of companies who will use it to any end they can in order to turn a profit. Period.
ButWhile I see the pros and cons of different parts involved in using social networks and so forth, one thing we can (at least for now) be certain of is that they won't use your credit card information etc. to make illegal purchases and so forth. I know of a person who routinely used the credit card app to check balance, pay bill etc. and next thing he was getting phone calls to see if the purchases made at a casino in Spain are OK?! This is without ever losing the phone!!. So, it could be worse in the case of phone loss. Sure, personal data, pictures and even email to some extent is not as bothersome to me as identity theft. Thank to some anti-fraud features of the banks etc. one can deny and simply not be associated with that activity (of course in legitamate cases). My friend ended up getting another card with different number and they closed the online banking account. He had to re-register all over with another id. So, it can be a big hassle. I heard of cases where people had to hire lawyers and run around courts to prove their innocence due to identity theft. Of course if you keep a picture of your driving licence on the phone, you are really asking for it so... (trust me, one girl was doing this because she didn't want to carry her purse/wallet on night outs)
Having said that, I am always worried if the roms we download here in XDA have trojans or backdoors built into kernels and system files... I know that it is like doubting even the good devs but how do we know for sure? Unless you are really an in-depth expert and figure out all the details such as processes and ports that are open and so forth, how do you really know? The phone's data icons keep pinging back and forth every now and then and at times I wonder what's being sent and what is it receiving... just sync'ing contacts...or...??
Call me paranoid but, after what happened to my friend, and similar stories, I am a bit skeptical about the security and integrity of the ROMs in the first place... Now, mostly I download and try different roms and settle on one that suits my preferences. I use the phone for calls as well as to make general tasks easier in many aspects except financial transactions. In short, I don't trust my smart phones.
For those of you wondering what Google is tracking, (not by any means the only place to look) login to your gmail account and look around different settings. You'll see web history, phone data to name a few..
Hello my friends, this is a kind of funny? post but i need your help!
I work in a company that provides us a Samsung galaxy note 8.0 this device has its policy settings that way so we cant play with settings etc. (you get an "policy does not allow this action" or something message. It also has a gmail account installed that the IT knows the passwords and username and they are able to see the location of the device through google settings.
This is my last 10 days in the company and i have this arsehole supervisor that calls the IT department and asks them to see my location so he can stalk me. I want to make him a joke so he gets his lesson. Next time he asks for my location, he gets his home!!! (specially pinned to the bedroom of his house ) he is a kind of douche that is very jealous and he will think i hamp his wife :good::good::good::good::good:
i found this nice app in google play (fake gps) but it requires "enable mock location"
i AM able to install apps in the device if i get the apk file in the sd card and then install it from "file manager" app.
What i need is a nice little app that enables the mock locations
i have observed that the settings are locked BUT if you install an app that does the job there is no problem.
for example, the device wont let you disable/enable wifi from the scroll down menu or settings, but if you install an app that does the same thing it wont say "no"
in the same way, if there is an app that "enables mock locations" or a nice guy that can provide me with an apk that does the job i would be greatfull.
thanks in advance!
hello my friends again, not a single answere, i understand that you might think i am the douchebag that wants to hurt an inocent supervisor. Just to let you know, the hole team is getting the faq out of the company because of this ahole. He was one of us untill 1 month ago, but when he sat in the bigger chair he made the hole work concept an agonising experience. We are all moving to other company and just want to give him a little surprise....imagine him calling his "friend" at the it and asking the teams location, and finding out we all are in his house!! Asking for the location is highly illegal, we dont move money or drugs, we are just salesmen! He will freak out and learn his lesson, he wont be able to tell anybody that this thing happened because he will be in trouble for stalking us. We dont want him to get fired though, so we want to give him a freak out moment of "oh ****, they are all at my house? wtf?" and run to his house to find us, then he will call us with a douche attitude, not being able to tell "why the faq your stalked device shows my home location?" it will be good type of "goodbye arsehole!!! supervisor of no team at all" i'll even let you know what happened! come on!!! lets laugh a little, its been a realy realy sad month!!
Your device has been encrypted by your supervisor, and without the password you nor any app can enter the device settings. The only way is to wipe the device to the default settings.
http://www.phonearena.com/news/Heres-how-to-easily-fake-your-GPS-location-on-Android_id62775
Muffycheeks said:
Your device has been encrypted by your supervisor, and without the password you nor any app can enter the device settings. The only way is to wipe the device to the default settings.
Click to expand...
Click to collapse
thats sad!!! we will have to think of other ways to play with his brains....
im willing to try any ideas, if there are any...
it seems to me that only the "settings app" is locked, since i can change locked settings (like wifi enable/disable, BT enable disable, screen backlight etc) from other apps while i get a "policy does not allow this action" when i try to change them from standard android links. I thought i can change "allow mock locations" from an other "app" too.
how about rooting the device, changing this setting and then unrooting? sounds like a plan, no?
how can i check if device is really encrypted? i have almost 0 experience but it seems to me that the device is locked with a crap app like storm windows back in 1995!
i cant enter the settings....