My company will be requiring Airwatch to be installed on any mobile device that accesses company email, on the 15th of this month. There is only a little information on XDA related to this, most of it being >7 months old & not very informative; however I've learned the following:
-AW can detect root
-AW allows the admin to encrypt device & SD storage, track the device via GPS, & view installed apps
-I suspect, but don't know for sure, they can also perform a full wipe - should the device security be compromised.
What I'd like to know is if any XDA users are familiar with this app/IT security measure. Is there a way to bypass root detection, or have a source in IT create a custom profile, on the server end, that would not flag my device?
I own my SGS3, & pay for my service, as my company initiated a BYOD policy a few months ago. Now they say I have to install this if I want to continue to access my email, calendar, contacts, etc. The choice is mine, but I'd prefer to have my cake & eat it to, if possible.
So, I'm putting it to the brilliant collective minds, thoughts, experience, & expertise of the XDA community! Any thoughts, accounts of direct experience (admin or end-user), solutions, suggestions - anything would be appreciated.
Thanks!
Samsung Galaxy S3
OdexedBlue ROM
Trinity Kernel
XDA Premium - Support our developers!
Bump....
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Bump... Still nothing! What a bummer!
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Honestly I wouldn't want to give my company access to my personal phone like that... You never know what they can look at that they aren't telling you. Plus tracking the GPS, that's pretty much the same as getting the ankle monitor when you on house arrest. Total invasion of privacy.
I'd pay the $20 for another line on my family share plan And use that for a business phone. That way unless I'm at work or do a on call shift I can turn the phone off and not have to worry abut being tracked.
Sent from Pluto.
Do you really need email access on your phone that badly? Seems like you are giving up a lot...
Sent from my SPH-L710 using xda premium
Well they used to pay for my old blackberry, then initiated the BYOD for everyone. I get approximately 250 emails per day, have all off my contacts on outlook (I had backed up my BlackBerry contacts that way), and I typically have my days packed with one meeting after the other. So, being able to use my phone, instead of carrying around my laptop, to access emails, contacts, & my calendar is extremely useful and convenient.
I'd read on a thread for a similar security product that you can have a custom profile built that will disable the check for root functionality on that. That's why I began looking for possible solutions for Airwatch by posting this thread.
Bottom line though, I will not install it if there's not a work around, or solution of some kind.
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Your place of employment sucks... that's like saying "hey if you want to use your phone for work, well then we own it but you will pay for it."
I mean I get why they have the safeguards in place, just a sucky situation.
I'd still go with my idea, get another line galaxy note 2 would be perfect.
Sent from Pluto.
atm there is no way u can bypass the root check from AW.
but u can disable AW frm "Device Administrator" @ Security when u are off from work.
And install it back when you are back to office.
(click the enrollment link from your email to activate AW)
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
The other thing would be, perhaps a 3G tablet? Unless you absolutely need to make phone calls, that way you can check e-mails and all that jazz, and turn off GPS. Just my two cents. Either way, good luck!
Airwatch user here, member of work IT, with an iPhone, iPad, and Fascinate. Mine reports as compromised devices, and I already told them to wipe my device if it's really out of compliance and they have a problem with it. So far, jail broke and root happy still
My employer is cancelling the BES server (and devices) and switching to a BYOD policy, including Airwatch. The i* device users are ready to be assimilated, but right now there challenges getting the agent on the Droids.
Our policy is that certain employee positions (including mine) are required to have access to a smartphone for e-mail access and/or on-call, and we are in a right to work state. So that means we either comply or risk losing our job. The employee is responsible for purchasing the phone, service & replacing damaged phones, and can turn in the billing summary page each month for up to $100 reimbursement.
The BB was the only smartphone I've had, and my Droid should arrive today. I can understand they want to secure devices which attach to the internal network but that doesn't make me feel any better about how the product integrates with the devices.
Will the agent install on the Droid if it's rooted? Can they prevent me from resetting the phone to remove the agent? And if I do that, will it just re-install if the device is configured in the Airwatch console?
airwatch on S4 blocking USB Debugging
Guys,
I just received a new company Samsung Galaxy S4 and have Airwatch disabling the USB Debugging option, it's greyed out:crying:. Can't even root it now if I wanted to.
Such a shame, I have now two Galaxy S4s, what a b*&(9it to carry around.
Any ideas would be much appreciated.
Cheers!
Airwatch and other email/calendar client
trmixing said:
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
Click to expand...
Click to collapse
Hi,
recently also my company has adopted airwatch MDM to give us the access to email by phone.
I would like to know if there is a way to use a different email/calendar client instead the Airwatch Inbox client... I would like to have a client that offer the possibility top have a calendar with a widget.
cheers,
Luigi
Any updates on this?
I've tried:
RootCloak - downloaded from playstore, didn't work.
Also tried installing it from xposed, but there's an issue with galaxy phones, almost bricked mine.
There's also a thread someplace talking about editing the scripts of AW, but not all scripts are visible any longer.
Bottom line - doesn't work. Using SM-G925F. Any ideas?
I've had a terribly laggy experience on my SM-P605 ever since turning it on for the first time. The original firmware was Vodafone infested so I spent the first week trying to find bloat free versions before trying custom editions (xKat).
Long story short my Knox is triggered but I am no closer to fixing any of the really annoying issues:
- WiFi constantly reconnects (35 other devices are fine)
- Google Chrome top bar 'jiggels' (distracting)
- Mobile data and WiFi stop working after 2+ days and only work again after rebooting
- Video playback in embedded web pages stutters
I'm fed up and would like to finally have a properly working device, my 3 year old S3 (i9300) running CyanogenMod exhibits none these issues...
My question: Is there a way I can reset Knox, apply a stock firmware and get Samsung to credit the unit?
Nope, once tripped it cannot be reset (un-tripped)
Sent from my SM-P600 using Tapatalk
As to the Knox warranty bit, it probably CAN be un-tripped, however, no-one knows how to do it (yet...?) ...
As you may know, a working, Knox-resetting Odin package for one of Note 3 variants leaked some time ago (heh don't get too enthusiastic, it does work only on the specific variant of Note 3 with specific bootloader version...). This seems not to be very helpful, however, it confirms that resetting Knox IS possible (at least on Exynos based devices). It also confirm that Samsung did not tell us all the truth, stating that the Knox is absolutely unrecoverable, because it is based on e-fuse (so it gets physically blown when Knox is triggered) - it seems that either e-fuse is a myth or there are some "substitution" e-fuses included in the hardware.
But as for now, it is true that you unfortunately cannot do anything with the triggered Knox (BUT there is a chance that Samsung service centre won't notice that... there were also ideas such as putting the device into microwave oven for 2-3 secs so the device will be damaged in a way making it impossible for samsung to check the knox status, but they shall be considered as illegal...)
And as to your issues with the device - have you tried adding:
ro.securestorage.support=false
to your build.prop (or changing the value from "true" to "false" if the property "ro.securestorage.support" is present there...).
My phone is an S4 T-Mobile SGH-M919 about as close to stock as it can be except that it's rooted to allow me to uninstall Samsung bloatware and to enable USB tethering. I haven't done any upgrades and have actually uninstalled/disabled the SU ap in Android. Until recently I had not been to concerned about the Stagefright exploit..
I do a lot of business on this phone and recently a customer told me that they had called my business number, which is actually perma-forwarded to this phone, and left a voice message. She was subsequently contacted by someone not me, calling from an entirely different number and they identified themselves as representing my company. I have a screen shot from her phone showing the transaction and yes she did dial the correct number to reach me.
So my question is can this be accomplished and if so is there a way to detect the hack without performing a factory reset as I would like to go after the party(s) legally, I don't want to destroy evidence. And yes I do know who they are.
Hello everyone.
I'm totally new here. This is my first post on XDA.
Recently I bought a 2nd hand phone, Samsung Note 10 Plus with a very good condition. Everything seems to me perfect when I purchased it. All features are working great.
Recently I tried to add an educational google account that was provided from one of educational institution.
When I tried to add this account on this particular phone, it's showing an error that -
"Can't create work profile!!
The security policy prevents the creation of a work profile because a custom OS has been installed on this device."
(I'm posting the screenshot also)
I don't know why it's showing this error message, because I'm not using any custom OS, according to my knowledge. I got official OTA update after purchasing it.
So as far as I know, it's running on stock OS.
The model number of my Note 10 Plus is "SCV45". It's a Japanese variant named "au".
What is reason of this error behind it? I didn't install any custom OS nor root my phone. I don't know the previous history as it's a 2nd hand phone. What should I do now to fix this issue. Please help me as I'm new to this thread.
Settings>About Phone>Status>Phone Status
Phone status should be "Official" otherwise it's been rooted and the Knox efuse tripped.
Can you set up/use Secure Folder?
Thanks for your earliest reply.
Here, phone status is showing "Official".
But after using some days, I get t know about "Knox Security" & I found heart breaking fact that my phone's "Knox Security" is void & I have to live with it as there is no workaround for that issue. (Found on XDA)
But the fact is, currently I didn't found any root access & from the about section, it's showing Official OS.
Then why it's giving error msg that I am using custom OS?
I got to know from xda that if knox security is tripped then I can't use some of Samsung app like Samsung Pass, Secure Folder, Samsung Heath....
But why I can't use a work profile when I am running on stock OS & which is not ever rooted (according to my knowledge).
So what I can do now to fix this issue?
Please help.
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
blackhawk said:
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
Click to expand...
Click to collapse
I didn't think so it is tied with knox security. Because I have used that work profile on another mobile other than a Samsung phone. So there is no link up between my work profile and the knox security.
Now I want to reflash the stock firmware by Odin3. But the problem I faced is, when I visited SamMobile for downloading the exact firmware, I didn't see any model number with "SCV45".
All the model numbers are like - SM-N975F, SM-N975U, SM-N975U1, SM-N975N... & so on.
So, should I flash any of them? I can't choose the proper version.
My mobile is snapdragon variant.
If I flash any of the version, what will happen?? I need to know about that.
And lastly, about returning the device.
I have purchased it as 2nd hand, and the first unit that I got, has the hardware problem. So I already returned that one. So they already gave me a replacement.
So I know, there must be some issues & I have to accept that as I am getting at very cheap price. But the last one I received, is totally in fresh condition. Even the screen paper that comes with intact phone, is still there. I have checked all the the hardware and sensors. All are working perfectly. And battery backup is also good. I am getting almost 7.5hr SOT. I have checked the battery cycle. Battery discharge cycle count is 164 (I don't know whether it is modified or not). I checked the other phones that have battery discharge cycle count is almost 500 to 700.
That's why I pick this last one. All seems perfect. Only have the issues with knox security, but I get to know about that later. And knox security is also not important for me. But at least I need to use my work profile.
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
blackhawk said:
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
Click to expand...
Click to collapse
When I purchased the Mobile, It has Android 10. I've upgarde to andoird 11 just. Everything is working fine except that issue.
Can I flash SM-N975U or SM-N975U1 firmware? there will be any problem??
Hello. Ever since switching to T-Mobile, I have not been able to get hotspot to work properly without limit the way it did on Sprint with an old rooted Galaxy S4. I have unlimited data without hotspot service added on and a second line that I always used to use for hotspot. I really need to be able to hotspot without using pdanet and other applications like that.
For this second line, I currently have the following phones that I can put on that line:
-Note 9 that is stuck partway through the root process (it is saying it needs version 8 of the combo firmware, which I can't find, so I'm hoping it's not a lost cause at this point)
-Nord N200
-Galaxy A32
Anyone know which would be the best candidate for this? I am also open to suggestions for getting another cheap phone to put on the plan if there is a different optimal candidate for hotspot. With the ones listed, I assume it will require root, and I've had a much harder time figuring out how to do that on these than I used to with older phones even after doing research here a bit ago.