Related
I turned on my tablet the other night and on the screen was a system dialog box that said a new security profile (or something like that) was applied. It gave a number of the build but I can't remember what it was. I thought by clicking OK I would get some more info, but that was it. I checked for updates and there was nothing. I got no other information.
Anyone else see anything like this? I guess it's possible it was linked to some app I have installed. But the popup window definitely looked like a system framework box.
Edit: I guess I did find on the Security tab in the settings that it is set to Automatically install new security policies. So that would make sense, just wondering what might be included in this update?
I'm pretty sure that would be the same security profile updated to version 013 message that I saw as well. If I am to guess, we can thank Samsung Knox for that message.
<synicism>
Thank you samsung for applying a security profile update that I can't see the details of to a device I don't want Knox installed on in the first place.
</synicism>
<rant>
Wish they would put as much effort into getting an update released that fixes bluetooth keyboards. Or how about functional support for BT 4.0, like it suggests on the box? Yes, you can pass the buck to Google on that one, to which I reply, why was this tablet released on 4.3 when these bugs were known?
I generally love this tablet, but the defunct bluetooth combined with screen mirroring related reboots and the Knox warranty crap really has me waiting for someone else to release a non-crippled 10.1 high dpi tablet with an active digitizer so there is some incentive for Samsung to get its act together. Toshiba isn't even worth mention.
</end rant>
dpersuhn said:
I'm pretty sure that would be the same security profile updated to version 013 message that I saw as well. If I am to guess, we can thank Samsung Knox for that message.
<synicism>
Thank you samsung for applying a security profile update that I can't see the details of to a device I don't want Knox installed on in the first place.
</synicism>
<rant>
Wish they would put as much effort into getting an update released that fixes bluetooth keyboards. Or how about functional support for BT 4.0, like it suggests on the box? Yes, you can pass the buck to Google on that one, to which I reply, why was this tablet released on 4.3 when these bugs were known?
I generally love this tablet, but the defunct bluetooth combined with screen mirroring related reboots and the Knox warranty crap really has me waiting for someone else to release a non-crippled 10.1 high dpi tablet with an active digitizer so there is some incentive for Samsung to get its act together. Toshiba isn't even worth mention.
</end rant>
Click to expand...
Click to collapse
This message?
What's the harm? It's updating something already in place that you can't evaluate so why be up in arms about an update that you can't see to evaluate either? Samsung updates a bunch of stuff passively so it's kind of a trust exercise. Since passively doing bad things to people's s/w and h/w without their consent is a sure way for a publically held company to make the front pages of the news (in a financially damaging way) I'm trusting them until given a reason I shouldn't. Do you know what Google's changed security policy enforcement wise when they roll out updates to Android?
BT keyboard usage isn't broken. You need to disable the on-screen keyboard the first time you pair it. From then on the on-screen keyboard's automatically disabled when the BT keyboard is connected.
KNOX is benign when not in use with the exception of the warranty flag that detects the use of unknown ROMs being loaded on the device. I use KNOX on my N3 and N10.1-14 and like it. I also haven't had a single issue related to it.
And it's here to stay.
http://www.infoworld.com/d/mobile-t...-move-blackberry-users-android-and-ios-230343
Go do a little homework on android 4.3 and bluetooth keyboard issues, then I'll be glad to talk about constant disconnects, key repeats, etc. The note 2014 is even worse than other 4.3 tabs in the bluetooth dept. I have gone through 4 BT keyboards so far and each has disconnect and/or key repeat issues in a major way. This is in no way related to disabling the soft keyboard.
Like I said, it starts with google and some will lay the blame there and hold samsung harmless. I guess I have a higher expectation of quality control and since I bought a samsung product and have no direct relationship with google. Samsung selected this version of android for installation, so I think it is very reasonable to hold them accountable for the functional state of the resulting device.
As for Knox, I'd love it for managing enterprise devices as an MDM platform, but there is a reason MDM software has to be INSTALLED on other platforms. It's intrusive by its very nature. I'm not using this device in a corporate environment, it's my personal tablet. As such, knowing that Samsung has the reigns on a corporate MDM tool that wasn't advertised, I had no say in adding or removing, and also provides no visibility into what they consider an appropriate security policy, isn't exactly inspiring trust. You can trust them all you want, I don't see them as being any better than Apple at this point.
My ultimate point is simple. Samsung is wasting resources reinventing the MDM wheel and forcing it on everyone (whether they want it or not) while there are numerous functional issues with this tablet that aren't being addressed. I see that as a questionable ranking of priorities. If they're worried about device security, how about starting by keeping up with updates to The base android install.
---------- Post added at 02:53 PM ---------- Previous post was at 02:46 PM ----------
Also worth mentioning is the complete lack of release notes that go along with the system updates. Think about that for a minute. How do I, as a user, ever know from one update to the next what issues have been addressed, what functional changes have been made, or what areas might have been modified so I can make an educated decision regarding if/when to update?
Samsung has proven that they can and will remove things from one version to the next as they see fit. Why can't they actually tell people what to expect by putting out proper release notes like any respectable software developer would be expected to do? Samsung lacks the skill or capability to do what developers of $2 apps in the play store are capable of? Surely you jest...
Root developers are saying don't take the updates. Few people are reporting that the updates made anything better. Don't take the updates if you can help it.
Follow the instructions below, and report back with your phone info (carrier, variant, software version, etc.). Also report if updates were successfully blocked, or if they installed anyway, or if you just get a nag screen. Thanks!
If your phone has already downloaded the update and is trying to install it, follow the advice here. This won't work for AT&T phones because they removed recovery mode.
Start here:
Get debloater (works without root!) and set up your computer so you can run ADB and connect with your phone. You may need to install the LG United Mobile Driver.
Please donate to the Debloater developer, gatesjunior! Debloater has made this so much easier!
There are many packages you can block that will improve the performance and battery life of your phone (see my blocked.txt below), but the packages you want to block that will hopefully prevent updates are:
LGDMSClient.apk (Blocking breaks WiFi calling setup on Sprint only.)
LGUpdateCenter.apk
LGFOTA.apk Two users reported calls going straight to voicemail with this blocked.
LGLDB.apk I don't know if it's related to updates but it seems to be MLT spyware.
Not all carriers will have all these files, but block what you do have and report any problems so I can update this post with what works and what doesn't
Carrier specific files:
Sprint users may want to block:
Sprint_Installer.apk
ItsOnService.apk
ItsOnUID.apk
Tierez reported that blocking the ItsOn files breaks WiFi. They also reported that blocking LGDMSClient.apk broke the WiFi calling setup screen.
Verizon users should block:
VerizonIgnite.apk, It's a post-sale bloatware installer. Thanks alan242!
@JeffXT inadvertently blocked a Verizon file that enabled tethering.
AT&T users should block:
WildTangent.apk
T-Mobile users should block:
AdaptClient.apk
This will break the software update screen in about phone and so far has prevented my phone from trying to update. My AT&T H810 hasn't tried to update and I can't force it to update since I blocked LGDMSClient.apk, but it seems we can't be too safe in preventing forced updates so leave no questionable package unblocked!
Something I also did during setup was to not agree to the optional LG EULA that would have allowed app updating. I've also blocked:
LGStartupEula.apk
LicenseProvider.apk
UnifiedEULA.apk
Don't block LGSystemServer.apk, it breaks notifications and other stuff (LED, sound, and vibration).
Autoprime is listing which software versions are updating the firmware to V1 here.
Good luck!
Don't block LGSystemSetup.apk or LGSetupWizard.apk! You'll need it to run if there phone gets reset. Ignore the blocked.txt file below.
phineous said:
After seeing the mysterious "security enhancements" mentioned in the AT&T release notes on the July 1st update I think it's important to prevent further updates incase they break future rooting methods. Also, why take their update if it's not shown to improve performance? Come on! There's an update to Uber, but no mention of touch screen fixes?!
FIrst, get debloater (works without root!)and set up your computer so you can run ADB and connect with your phone. You may need to install the LG United Mobile Driver.
There's a ton of packages you can block that will improve the performance and battery life of the phone, but the package you want to block to prevent updates is LGDMSClient.apk. This will break the software update screen in about phone and so far has prevented my phone from trying to update.
Good luck!
Click to expand...
Click to collapse
Just a quick heads up (might just be me, might be US Cellular in general....I am not sure) I went through and did this after hearing about different companies basically force feeding their clientel these OTA Updates and even though I did it all right down to the letter and did not skip anything my US991 still went ahead and did a forced update to 10c (not sure why or even when it did this, just know that it did at some point).
Hopefully they are not blocking any exploits with this stupid 10c update (which I assume they did as my device was running buttery smooth and had no issues that would have needed an update in order to correct).
Z3ldaFan88 said:
Just a quick heads up (might just be me, might be US Cellular in general....I am not sure) I went through and did this after hearing about different companies basically force feeding their clientel these OTA Updates and even though I did it all right down to the letter and did not skip anything my US991 still went ahead and did a forced update to 10c (not sure why or even when it did this, just know that it did at some point).
Hopefully they are not blocking any exploits with this stupid 10c update (which I assume they did as my device was running buttery smooth and had no issues that would have needed an update in order to correct).
Click to expand...
Click to collapse
Sorry to hear it didn't prevent your update.
I've added more files to block, and one to unblock in the OP.
phineous said:
Sorry to hear it didn't prevent your update.
Try blocking LGUpdateCenter.apk also. My AT&T H810 hasn't tried to update and I can't force it to update since I blocked LGDMSClient.apk. Seems we can't be too safe in preventing forced updates so leave no questionable package unblocked!
Something I also did during setup was to not agree to the optional LG EULA that would have allowed app updating. I've also blocked:
LGStartupEula.apk
LicenseProvider.apk
UnifiedEULA.apk
I've attached a Debloater blocked.txt that shows all the packages I've blocked.
Click to expand...
Click to collapse
No worries, it just is what it is (yeah I was angry about it, but not like I can do anything about it). I will certainly go through and block the rest of the applications that you mentioned though so hopefully I can prevent any future aggravations caused by these damn self-updates. Thanks for posting how you went about it and letting us know that (so far at least) it is going according to plan.
Holy Cow! I thought T-Mobile was bad with the bloat but jeez....AT&T makes our bloat look like....well, I dunno it's still bloat, but we've got a LOT less of it lol. I use the debloater tool, but UX 4.0 isn't that bad by its self. I removed all the T-Mo stuff and that's about it.
Thanks!
painedglass said:
Holy Cow! I thought T-Mobile was bad with the bloat but jeez....AT&T makes our bloat look like....well, I dunno it's still bloat, but we've got a LOT less of it lol. I use the debloater tool, but UX 4.0 isn't that bad by its self. I removed all the T-Mo stuff and that's about it.
Click to expand...
Click to collapse
Did removing the TMobile bloat affect wifi calling?
G4'ed it!
Not at all, less lag and a bit smoother. Battery lasts longer since apps that drain the battery are disabled. Just be smart about what you disable. It has a search feature, so I'll search for say "tmo" any apk or service with that search term in it will show up in the list, disable it and move on to the next apk/service. You dont even need to reboot, you can watch them get disabled in real time.
I just bought my second G4, trying the phone again. It is another Verizon model.
People raised interesting points about holding off on updates, in case it makes root more difficult, so I got the Debloater tool (that is awesome!) and tried to block the items listed in the original post.
With Verizon, I don't see an entry for "LGUpdateCenter.apk", so I could not block that one. I hope the remaining 5 will be enough to keep the update at-bay for now.
phineous, that's an interesting point about the optional LG EULA. I agreed to something from LG during initial setup today, I guess I didn't give any real thought to not agreeing.
I have not yet applied anyone's complete Debloater list, I guess I'm not quite brave enough for that just yet. I only went through and disabled things I could identify and knew I wouldn't need at the moment.
How many apks does the AT&T G4 have? My Tmobile has 273.
Replacing my earlier post, to avoid confusion: Verizon messed up something on my line. After a day, they got it fixed, and now I can use Advanced Calling on my G4, still with the original software (having not gotten the recent update). Everything seems to be working now.
RedOCtobyr said:
Replacing my earlier post, to avoid confusion: Verizon messed up something on my line. After a day, they got it fixed, and now I can use Advanced Calling on my G4, still with the original software (having not gotten the recent update). Everything seems to be working now.
Click to expand...
Click to collapse
What's your Baseband Version and Build number? I'm buying the Verizon G4 this Saturday and would like to know if I have the OTA out of the box.
GUGUITOMTG4 said:
How many apks does the AT&T G4 have? My Tmobile has 273.
Click to expand...
Click to collapse
I don't remember how many it came with originally, but I've blocked 85 out of a total of 297. I've probably installed about 57. I would guess around 240 originally.
flamadiddle said:
What's your Baseband Version and Build number? I'm buying the Verizon G4 this Saturday and would like to know if I have the OTA out of the box.
Click to expand...
Click to collapse
Don't let the salesperson set up the phone! They seem to delight in downloading updates. I'd keep the phone off or at least disable WiFi till I could connect it to a computer and Debloat it.
Good luck!
phineous said:
Don't let the salesperson set up the phone! They seem to delight in downloading updates. I'd keep the phone off or at least disable WiFi till I could connect it to a computer and Debloat it.
Good luck!
Click to expand...
Click to collapse
Yeah, that's the plan. I'd just like a frame of reference so I know if all my efforts to prevent the OTA work or if I was defeated before I even got the phone.
phineous said:
I don't remember how many it came with originally, but I've blocked 85 out of a total of 297. I've probably installed about 57. I would guess around 240 originally.
Click to expand...
Click to collapse
Wow 85 is such a relief I blocked just 34. At least it does not get high temps now.T-mobile seems to add much lesser bloat indeed. My 273 include around 40 downloaded apps.
flamadiddle said:
What's your Baseband Version and Build number? I'm buying the Verizon G4 this Saturday and would like to know if I have the OTA out of the box.
Click to expand...
Click to collapse
See attached. I believe the item of interest, relative to the OTA, is the Software Version. The new one (updated) ends in 611A, I think.
They did a brief setup at Best Buy for me. I Factory Reset when I got home, then Debloated the items that would start the update:
http://forum.xda-developers.com/g4/help/how-to-prevent-updates-g4-t3148650
But it wasn't until the next day, after another Factory Reset, that I forgot to Debloat those immediately, and had turned on the WiFi. I noticed when the update was halfway downloaded. Turned off WiFi, and turned on Airplane Mode, until I was able to Debloat the offending items.
No updates stuff since then, several days ago, even with WiFi on.
RedOCtobyr said:
But it wasn't until the next day, after another Factory Reset, that I forgot to Debloat those immediately, and had turned on the WiFi. I noticed when the update was halfway downloaded. Turned off WiFi, and turned on Airplane Mode, until I was able to Debloat the offending items.
No updates stuff since then, several days ago, even with WiFi on.
Click to expand...
Click to collapse
Look at how sneaky the carriers are now! It's a good thing the devs are being quiet about their root method.
RedOCtobyr said:
See attached. I believe the item of interest, relative to the OTA, is the Software Version. The new one (updated) ends in 611A, I think.
They did a brief setup at Best Buy for me. I Factory Reset when I got home, then Debloated the items that would start the update:
http://forum.xda-developers.com/g4/help/how-to-prevent-updates-g4-t3148650
But it wasn't until the next day, after another Factory Reset, that I forgot to Debloat those immediately, and had turned on the WiFi. I noticed when the update was halfway downloaded. Turned off WiFi, and turned on Airplane Mode, until I was able to Debloat the offending items.
No updates stuff since then, several days ago, even with WiFi on.
Click to expand...
Click to collapse
Exactly what I needed. Thank you! :good:
flamadiddle said:
Exactly what I needed. Thank you! :good:
Click to expand...
Click to collapse
You are welcome! Please report back if discover any problems or other files to block.
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
You can search that but might as wipe in the meantime. Get yourself a working phone.
bobby janow said:
You can search that but might as wipe in the meantime. Get yourself a working phone.
Click to expand...
Click to collapse
Thanks for the reply. Going through the post-wipe setup now. Grrrr. It's just that I entered the password a bunch of times, and it always worked. Just on reboot from recovery it didnt. Now I'm afraid to go back into twrp...
Anyone know if this could be caused by some android security feature that doesnt like systemless root, xposed, etc.
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
After restoring the nandroid, boot into twrp and then delete /data/sytem/locksettings.db. If that doesn't fix it, delete the locksettings.db-shm and locksettings.db-wal in the same location. If that doesn't fix it either, delete gatekeeper.password.key and gatekeeper.pattern.key in the same location.
Click to expand...
Click to collapse
KennyG123 said:
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
Click to expand...
Click to collapse
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
greves1 said:
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
Click to expand...
Click to collapse
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
KennyG123 said:
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
Click to expand...
Click to collapse
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
greves1 said:
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
Click to expand...
Click to collapse
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
KennyG123 said:
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
Click to expand...
Click to collapse
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
greves1 said:
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
Click to expand...
Click to collapse
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
KennyG123 said:
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
Click to expand...
Click to collapse
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
greves1 said:
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
Click to expand...
Click to collapse
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
KennyG123 said:
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
Click to expand...
Click to collapse
Ah, great to know. Thanks.
greves1 said:
Ah, great to know. Thanks.
Click to expand...
Click to collapse
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
KennyG123 said:
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
Click to expand...
Click to collapse
Real word use shows that android pay does not ask for an additional fingerprint at the time of use. It's just as the instructions say, as long as your phone is unlocked at the time it is held up to the scanner, androidpay will work. I kind of wish they allowed for the additional security of an at-scan fingerprint read, but oh well. I have yet to test if the password/pin can be removed by the methods discussed in this thread, and androidpay working after defeating this security. If it does, then this is obviously a major security vulnerability of having an unlocked phone and using androidpay at the same time. Probably not more dangerous in terms of protecting against CC thieves, since they can just swipe a card stolen from your wallet at a terminal, but you probably wouldn't want to keep too many cards on your phone. Again, I haven't tested this out, if a fingerprint is still required to get in after a password database defeat, but someone should do this test.
If you have your phone lost or stolen just cancel your cards as if it happened to your wallet. Simple no?
Totally satisfied with 11.2.9.9 and wish to disable updates for good-ish. I did this on my Pixel 3XL and needed to jump through some hoops to stop the insistent nag pop up but got it done with help from XDA good guys. Like the Pixel, the notification does not allow to be silenced or disabled so need to dig deeper. I don't want to delete or uninstall the updater service but am open to freezing it if that won't cause any other issues. I'm rooted of course. Help would be appreciated, Thanks
I'm not sure turning down the already sporadic security patches released for Android phones is a good idea to start with, refusing them while rooted is an even worse plan.
With prevalent betaware updates makes sense for some to stay stable for once AFWall+
miravision said:
With prevalent betaware updates makes sense for some to stay stable for once AFWall+
Click to expand...
Click to collapse
That would be reasonable if the betas weren't explicitly opt-in. Blocking consumer release updates is an entirely different kettle of fish.
miravision said:
With prevalent betaware updates makes sense for some to stay stable for once AFWall+
Click to expand...
Click to collapse
Nailed it Mr Vision -
My phone is 90% de-googled so my biggest security risk has been neutralized.
I usually freeze the update service app in between updates to avoid the nagging while I'm waiting on a full zip to be released, or if it's just an inconvenient time for me to mess with it. It has never caused any issues other than the obvious: if you try to select System Update from Settings while frozen it will force close. Just unfreeze the update service when you're ready to update.
That said, I'm in agreement with other folks who say not taking security updates on a rooted device "ever" is generally a bad idea. New kernel exploits are discovered all the time, and plenty of core system packages have the potential for vulnerabilities.
terlynn4 said:
I usually freeze the update service app in between updates to avoid the nagging while I'm waiting on a full zip to be released, or if it's just an inconvenient time for me to mess with it. It has never caused any issues other than the obvious: if you try to select System Update from Settings while frozen it will force close. Just unfreeze the update service when you're ready to update.
That said, I'm in agreement with other folks who say not taking security updates on a rooted device "ever" is generally a bad idea. New kernel exploits are discovered all the time, and plenty of core system packages have the potential for vulnerabilities.
Click to expand...
Click to collapse
Thanks.
I would keep my phone updated but the ColorOS 12 update pretty much ruined the perfect experience. I'll update in a few months. Hopefully, they'll fix all the issues by then.
terlynn4 said:
"I usually freeze the update service app in between updates to avoid the nagging while I'm waiting on a full zip to be released, "
Click to expand...
Click to collapse
Yes thanks for the reminder this is possible. I went ahead and froze com.oneplus.opbackup. My setup is safely locked in until I decide it needs to be changed!
Maybe some folks from this thread will see my thread lol and rethink the early adopter or as I like to call it, guinea pig strategy.
12 "Stable" Issues Thread
Besides the general low quality of this piece of software, here are some specific pains: 1. SafetyNet test fails (no root) - WTF? Can't use any of my work applications because of that. 2. Status bar notification icons don't appear (except for...
forum.xda-developers.com
Just use a package disabler, a ADB edit or if your rooted you have even more apps to block OTA updates.
Security in real life isn't an issue with Android 9 or higher unless you do something stupid. This stock N10+ has been running on Android 9 for over 2 years with no updates.
The current OS load is over 1.5 yo, still fast, stable with minimum maintenance. I take a few precautions especially with app installations and downloads. Android 9 and higher are reasonably secure even if Google claims otherwise.
So enjoy your current platform for as long as you want. Don't let updates break your phone... they sure as hell can and do.
Redundantly backup all critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Time stagger backups to them incrementally as an added precaution. Have a plan in place for password resets and bank accounts (which are insured from fraud anyway).
In the case of malware if you can't completely isolate and delete it within an hour or two, go full nuke and reload. It takes far less time to reload then it does to attempt to optimize and adapt to a new OS version.
Fools leave in fear, pragmatists live within reality.
Don't ever update to Android 12 then. Remember, you have been warned. No matter what, stay on Oxygen 11
@blackhawk - Yeah I really like App Manager does all you say plus a whole lot more.
@giaur
Both you guys, EXACTLY! Ran Android 9 for 3 years on my rooted Pixel 3XL, no updates past 9/19 no issues no regrets.
11.2.10.10 is safe. But I dont update to A12 soon.
You can disable the updates very easy.
1st: Settings -> System -> System Updates -> Top right the gear -> Disable Auto download over Wifi
2nd: Settings -> System -> Dev. Options -> Disable "Automatic system updates"
RheinPirat said:
11.2.10.10 is safe. But I dont update to A12 soon.
You can disable the updates very easy.
1st: Settings -> System -> System Updates -> Top right the gear -> Disable Auto download over Wifi
2nd: Settings -> System -> Dev. Options -> Disable "Automatic system updates"
Click to expand...
Click to collapse
See the thing is this doesn't stop the random often reoccurring pop-up nag that prompts to download the update. The fear there is the potential for an accidental tap. I don't want the giant update file hanging out on my phone ready to spring into gear at the slightest wrong move on my part. Maybe the tap would be interpreted by the phone as an overide to the 'disable' option selected in Dev Options. Don't know, don't want to find out.
Then use a fire wall and allow apps you want. I never got a update notification since I have the phone. I always updated it by myself.
chetqwerty said:
See the thing is this doesn't stop the random often reoccurring pop-up nag that prompts to download the update. The fear there is the potential for an accidental tap. I don't want the giant update file hanging out on my phone ready to spring into gear at the slightest wrong move on my part. Maybe the tap would be interpreted by the phone as an overide to the 'disable' option selected in Dev Options. Don't know, don't want to find out.
Click to expand...
Click to collapse
Use service disabler from playstore to disable system updater(requires root)
chetqwerty said:
Yes thanks for the reminder this is possible. I went ahead and froze com.oneplus.opbackup. My setup is safely locked in until I decide it needs to be changed!
Click to expand...
Click to collapse
Yes goofy to quote myself but wanted to post an update that sadly this only worked for about a month then the nags returned even though the com.oneplus.opbackup service was frozen. Getting the system update nags every other day after they stopped for a month. Gotta figure this out, I'm sure that sinister google has their hand in this someway!
Hello everyone.
I'm totally new here. This is my first post on XDA.
Recently I bought a 2nd hand phone, Samsung Note 10 Plus with a very good condition. Everything seems to me perfect when I purchased it. All features are working great.
Recently I tried to add an educational google account that was provided from one of educational institution.
When I tried to add this account on this particular phone, it's showing an error that -
"Can't create work profile!!
The security policy prevents the creation of a work profile because a custom OS has been installed on this device."
(I'm posting the screenshot also)
I don't know why it's showing this error message, because I'm not using any custom OS, according to my knowledge. I got official OTA update after purchasing it.
So as far as I know, it's running on stock OS.
The model number of my Note 10 Plus is "SCV45". It's a Japanese variant named "au".
What is reason of this error behind it? I didn't install any custom OS nor root my phone. I don't know the previous history as it's a 2nd hand phone. What should I do now to fix this issue. Please help me as I'm new to this thread.
Settings>About Phone>Status>Phone Status
Phone status should be "Official" otherwise it's been rooted and the Knox efuse tripped.
Can you set up/use Secure Folder?
Thanks for your earliest reply.
Here, phone status is showing "Official".
But after using some days, I get t know about "Knox Security" & I found heart breaking fact that my phone's "Knox Security" is void & I have to live with it as there is no workaround for that issue. (Found on XDA)
But the fact is, currently I didn't found any root access & from the about section, it's showing Official OS.
Then why it's giving error msg that I am using custom OS?
I got to know from xda that if knox security is tripped then I can't use some of Samsung app like Samsung Pass, Secure Folder, Samsung Heath....
But why I can't use a work profile when I am running on stock OS & which is not ever rooted (according to my knowledge).
So what I can do now to fix this issue?
Please help.
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
blackhawk said:
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
Click to expand...
Click to collapse
I didn't think so it is tied with knox security. Because I have used that work profile on another mobile other than a Samsung phone. So there is no link up between my work profile and the knox security.
Now I want to reflash the stock firmware by Odin3. But the problem I faced is, when I visited SamMobile for downloading the exact firmware, I didn't see any model number with "SCV45".
All the model numbers are like - SM-N975F, SM-N975U, SM-N975U1, SM-N975N... & so on.
So, should I flash any of them? I can't choose the proper version.
My mobile is snapdragon variant.
If I flash any of the version, what will happen?? I need to know about that.
And lastly, about returning the device.
I have purchased it as 2nd hand, and the first unit that I got, has the hardware problem. So I already returned that one. So they already gave me a replacement.
So I know, there must be some issues & I have to accept that as I am getting at very cheap price. But the last one I received, is totally in fresh condition. Even the screen paper that comes with intact phone, is still there. I have checked all the the hardware and sensors. All are working perfectly. And battery backup is also good. I am getting almost 7.5hr SOT. I have checked the battery cycle. Battery discharge cycle count is 164 (I don't know whether it is modified or not). I checked the other phones that have battery discharge cycle count is almost 500 to 700.
That's why I pick this last one. All seems perfect. Only have the issues with knox security, but I get to know about that later. And knox security is also not important for me. But at least I need to use my work profile.
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
blackhawk said:
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
Click to expand...
Click to collapse
When I purchased the Mobile, It has Android 10. I've upgarde to andoird 11 just. Everything is working fine except that issue.
Can I flash SM-N975U or SM-N975U1 firmware? there will be any problem??