Tripping Knox - what exactly do you lose? - Galaxy Tab S Q&A, Help & Troubleshooting

Forgive me if this has already been answered somewhere, but as I've been away from Samsung devices since the SGS3 I'm not familiar with Knox at all and coudn't find any information about it. I know it's an e-fuse and when you trip it, you just won't get it back to untripped status. My question is, what features exactly are affected by this status? Fingerprint sensor/private mode? The ability to run enterprise-protected apps? Some other minor issue? Or is there no consequence at all, just the status change?

Steve_max said:
Forgive me if this has already been answered somewhere, but as I've been away from Samsung devices since the SGS3 I'm not familiar with Knox at all and coudn't find any information about it. I know it's an e-fuse and when you trip it, you just won't get it back to untripped status. My question is, what features exactly are affected by this status? Fingerprint sensor/private mode? The ability to run enterprise-protected apps? Some other minor issue? Or is there no consequence at all, just the status change?
Click to expand...
Click to collapse
Warranty status. Private mode is only affected by root which can be fixed. In certain countries, even if you trip Knox, you still have warranty no matter what (due to laws and such). Most likely, if it's an software issue and you tripped Knox, you aren't covered. But if it's and hardware issue out of the box, then you are covered. Some of claimed getting warranty either way.
Sent from my SM-T800 using Tapatalk

DUHAsianSKILLZ said:
Warranty status. Private mode is only affected by root which can be fixed. In certain countries, even if you trip Knox, you still have warranty no matter what (due to laws and such). Most likely, if it's an software issue and you tripped Knox, you aren't covered. But if it's and hardware issue out of the box, then you are covered. Some of claimed getting warranty either way.
Sent from my SM-T800 using Tapatalk
Click to expand...
Click to collapse
Thanks. Is that all? Warranty and a fixable glitch on Private mode? Even "useless" stuff will just keep working? I'll be able to use secure, enterprise-installed stuff that go through Samsung? Pay Pal integration keeps working fine?

Steve_max said:
Thanks. Is that all? Warranty and a fixable glitch on Private mode? Even "useless" stuff will just keep working? I'll be able to use secure, enterprise-installed stuff that go through Samsung? Pay Pal integration keeps working fine?
Click to expand...
Click to collapse
As for banking apps and all that,I do not know Hopefully someone else can tell you. I don't use any of those things.
Sent from my SM-T800 using Tapatalk

Knox is for keeping and encrypted and secured environment for several apps to work more secure. The idea is that you will have a secured container for you apps (like contacts, bank apps, etc) for use at work, that's it you can have a said application with work confidential data and at the same application have personal data no confidential. So far I did see any big corporation using it, but I'm pretty sure they will start to use it. Unfortunately when you break knox you loose the ability to create that secured container or environment for ever. The idea behind it is that is impossible to break that container even through flashing over something to recreate the phone or tablet clean knox environment.
My references: I use to work with security... don't ask where...
It's a very useful thing if you are into it, but 99% of users, even some like me, don't needed. I have both my phone and tablet encrypted (well everything at my home is encrypted), but no because I'm paranoid about our government knowing my little secrets, they have the means to know it anyway, but because identity thief and such... As for the government, I don't care, they always have a backdoor to access everything. The only way to control the government is through electing honest politicians (don't laugh, there are some of them), so they control the abuse of those tools.

Related

[Q] Password for entering CWM-Recovery?

Questions answered in the below quotes!
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
martonikaj said:
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
Click to expand...
Click to collapse
_Dennis_ said:
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
================================================================================================================
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Isn't that what you want them to do? Even if they're not sophisticated enough to wipe it you're just going to wipe it yourself considering the chances of getting it back are slim to none.
Either way, the device gets wiped.
EddieN said:
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Click to expand...
Click to collapse
Indeed, I have wondered this a few times too. I mean, hopefully if you lose your phone then you'll be able to find it before any of this stuff happens...but not necessarily. If the thief turns your phone off/battery pulls then they effectively win! I suppose the benefit of a non-removable battery is that, if you have a lockscreen password, then the thief should find it hard to even power off your device!
I think a lock on CWM should be implemented...but who wants to forget their password to CWM and never be able access their device again? Not me!
---------- Post added at 10:35 AM ---------- Previous post was at 10:34 AM ----------
martonikaj said:
Isn't that what you want them to do? Even if they're not sophisticated enough to wipe it you're just going to wipe it yourself considering the chances of getting it back are slim to none.
Either way, the device gets wiped.
Click to expand...
Click to collapse
That's true...didn't think of that. Still though...I'd prefer my phone back!
Unlocking the bootloader would wipe the phone, and afaik there is no way to prevent that. Also, it isn't going to stop your phone from getting stolen...
Well sure, if my phone gets stolen it gets stolen. I don't have it anymore. But Avasts Anti-Theft enables you to send SMS commands to lock/wipe the phone, turn on/off GPS, disable any user interaction except from SMS messages from TRUSTED numbers etc. So even if I don't have the phone, BUT I have a password protected CWM, the phone will be useless as they cant flash a new ROM or have access to the OS/internal SD (thanks to disabling USB when the phone is flagged as lost) so it's just a paperweight with no resell value no matter what sim or battery they insert. It will be locked.
As long as they have the phone turned off, sure, I can't access it's location and whatnot. But at the same time they cant do anything with the phone either. I also doubt they'd disassemble the phone and take the time to somehow hardware flash the ROM chip to force a flash.
There have been cases in my country where people have gotten back their ipads/iphones/phones that have their respective "find my phone" if it gets lost/stolen etc.. Manufacturers don't implement functions like this for nothing, and law enforcement is usually helpful in cases like this if the GPS location and IMEI number are provided, as well as proof of ownership (which is displayed on the lock-screen of Anti-Theft as well as the IMEI).
It just seems contradicting having an Anti-Theft option when CWM is a few button presses away from wiping the phone and everything along with it, totally crippling anti-theft software.
Locking the bootloader every time I flash a rom (just in case i go out that one night and get robbed etc.) is a pain, and even if they unlock the bootloader everything is wiped anyway (including Anti-Theft).
The only reasonable solution is to have a password protected CWM. But of course, it's a HUGE risk if you forget your password to it.
and afaik by wiping through SMS, it only wipes the personal data (pictures, sms, anything personal) but keeps the rom intact as not to break the Anti-Theft. It would be really stupid if you remote wiped and the entire rom was wiped? Given that the thief isn't as smart as the regular XDA-crawler they'd need to flash a custom rom for it to even boot after that. But that's another story. Point being that remote wipe doesn't wipe the rom. Only all settings/personal data so a thief cant access private info.
imo if my phone got lost/stolen i'd try to (before it would happen) safeguard myself as much as I could to maybe at least have a small chance of getting it back. You never know.
Completely unnecessary, just call your carrier and report your phone lost/stolen and have them blacklist the IMEI number, done.
In any case, I can't even see a reason for this sort of childishness. If you lost your phone, bad on you, take better care of your things; if you had your phone stolen because you weren't paying attention to where it was, again, bad on you, take better care of your things; if you were threatened and mugged at knife/gunpoint, give the damn phone up and be happy, your life is worth more than any stupid phone, **** happens and then you die.
ZeroBarrier said:
Completely unnecessary, just call your carrier and report your phone lost/stolen and have them blacklist the IMEI number, done.
In any case, I can't even see a reason for this sort of childishness. If you lost your phone, bad on you, take better care of your things; if you had your phone stolen because you weren't paying attention to where it was, again, bad on you, take better care of your things; if you were threatened and mugged at knife/gunpoint, give the damn phone up and be happy, your life is worth more than any stupid phone, **** happens and then you die.
Click to expand...
Click to collapse
There's no reason to be rude and condescending. A phone can be lost/stolen no matter how careful you are. Of course your life is incomparable in value to a stupid phone, but that's not what this thread is about so no reason to go OT.
Back OT though, I still believe a password system should be looked in to. What if this wasn't about your phone being stolen, what if someone is just screwing with your phone? Why DO we have passwords? We have them to keep intruders at bay for things we don't want them to have access to. I wouldn't want anyone to be able to access CWM and wipe my phone.
It just seems strange how such a powerful tool can render any lockscreen/pin unlock/pattern unlock useless by just wiping the phone and reflashing a rom (keeping personal data such as pictures etc.) and gaining access to them anyway. It renders all these passwords/lockscreens etc. useless.
EddieN said:
I wouldn't want anyone to be able to access CWM and wipe my phone.
It just seems strange how such a powerful tool can render any lockscreen/pin unlock/pattern unlock useless by just wiping the phone and reflashing a rom (keeping personal data such as pictures etc.) and gaining access to them anyway. It renders all these passwords/lockscreens etc. useless.
Click to expand...
Click to collapse
So does the stock recovery. Doesn't seem as if anyone is complaining to Samsung or Google asking them for password protection on stock recoveries.
In the end, it's a portable communications device designed to be in your possession at all times, and if it is in your possession at all times, then there isn't any need to worry about a 3rd party wiping your phone randomly.
I am also hoping for password on the recovery.
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
EddieN said:
So I got Avast with it's Anti-Theft protection baked into the ROM, but of course if my phone gets lost, it doesn't matter if i remote lock it or wipe it. If the thief is smart enough, they can just reboot into CWM and wipe data/dalvik/cache and flash a new rom onto it and resell the phone as "new". (And trust me, they are in 9/10 cases that smart)
So I was wondering, is there any way to put a password onto CWM? Like a 4 digit pin or similar. I realize it would be hard to do given the limited controls (vol up, down, power), but does the Touch Recovery enable this?
That way it would be a good safeguard for losing your phone as no one without access can wipe the ROM and render your theft-protection useless within seconds..
Thanks
Click to expand...
Click to collapse
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
This.
You can wipe (or obtain all the data stored into io) a galaxy nexus directly from the bootloader... Even before loading the recovery...
If I was in you i would care more about stolen data/photos and so on... (ics support full system encryption but clockwork mod does not iirc)
sooooo?
So back to the original question Any1 no of a hack that password protects recovery? Its a great idea and for those that don't think so for whatever reason wouldn't have to use it .
drawde40599 said:
So back to the original question Any1 no of a hack that password protects recovery? Its a great idea and for those that don't think so for whatever reason wouldn't have to use it .
Click to expand...
Click to collapse
Did you not read the thread? Its a waste of time to do this...
I guess it's a conundrum for us hacky types - unlocked bootloader lets us do all sorts of stuff, and gives us an escape hatch from unstable ROMs without losing our data. But it also lets anyone else get full access.
Now what would be nice is if the unlocked bootloader could be configured with a password. So it's effectively locked for everyone else unless they wipe.
cmstlist said:
I guess it's a conundrum for us hacky types - unlocked bootloader lets us do all sorts of stuff, and gives us an escape hatch from unstable ROMs without losing our data. But it also lets anyone else get full access.
Now what would be nice is if the unlocked bootloader could be configured with a password. So it's effectively locked for everyone else unless they wipe.
Click to expand...
Click to collapse
Even if you have a locked bootloader, all they have to do is type Fastboot oem unlock, and your data is wiped. With the phone we have, there is NOTHING you can do to stop someone from wiping it. If we could put a password before that, this would be the only safeguard (like a bios lock on a computer).
Sent from my Galaxy Nexus
bwcorvus said:
Even if you have a locked bootloader, all they have to do is type Fastboot oem unlock, and your data is wiped. With the phone we have, there is NOTHING you can do to stop someone from wiping it. If we could put a password before that, this would be the only safeguard (like a bios lock on a computer).
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Right, there's the separate questions of data integrity vs. tracking software integrity.
Most Androids, with stock recovery, are capable of being wiped too without booting into the OS at all.
cmstlist said:
What it comes down to is, anyone smart enough to know how the GNex works can beat these sorts of things. You'll catch the dumb criminals but few others. Even if you could theoretically put a lock on CWM, the device can be wiped from the bootloader level and made to work. And chances are, if you have CWM loaded you already have an unlocked bootloader. Which means if you put a password on CWM, the thief could just reflash a clean CWM over top of it.
Click to expand...
Click to collapse
martonikaj said:
Exactly. The only criminal getting caught here is an extremely dumb one. If you're stealing phones you know to go in and uninstall Lookout or factory reset the device... then you wont be able to get the device back either way. Any criminal "smart" enough to use CWM to wipe the phone will use one of the many other ways to make it untraceable.
As someone else said, call the carrier and blacklist the SIM and IMEI.
And if you want your phone to be the most secure, use a PIN lockscreen, fully encrypt the device, and keep it stock with a locked bootloader. And above all... keep your phone in your sight/possession whenever in public. All basic stuff.
Click to expand...
Click to collapse
_Dennis_ said:
The anti-theft stuff is not so much anti-theft of the phone as anti-theft of you personal information. Think of it like this, you lose your device, criminal takes your information and uses your stored bank account information to steal your money, your stored address and name to get a new driver's license, and new license to get new credit card to ruin your credit score, along with making $500 on selling your phone.
Or he steals your phone, you remote wipe and blacklist iemi, he makes $200 selling phone for parts.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
bwcorvus said:
They can wipe the phone in fastboot also...so this would stop nothing.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Well thanks for the great insight then! I didn't know fully that you could, still, even with a hypothesized passworded CWM, gain access and flash a new recovery before even getting into recovery (i haven't stumbled upon a situation like this yet)
So really there is no way to fully PROTECT the device with a password per se, unless you, like someone said, keep it fully stock with the bootloader locked. That way the device will be wiped anyway. Or have some kind of a BIOS-lock.
The thread was made to merely speculate if a password for CWM was feasible, and if it was, if it would do any good. Since we have come to the conclusion that it is not (any good at least), the best thing to do is to simply encrypt the phone, put a lockscreen pin/pattern or something like it and take care of the phone (of course). If it gets stolen, it does. Call the carrier and flag the IMEI. I know that already, but it would be a nice consolidation to somehow have some hope of getting the device back.
Needless to say you probably never will. So be careful guys!
Thanks for the thread and the knowledgeable inputs, there were apparently a few more peeps wondering about the same thing as I so I hope it helped them

Little Help Please

Okay so very new obviously. Just rooted my gs3 sgh-t999 with help to an amazing guide by chainfire seen here http://forum.xda-developers.com/showthread.php?t=1963806 extremely easy and as stated did it in about 30 seconds. now that this is done I may just be very new but i don't see a difference in admin access or to my phone.. i did see the red android and know i did it correctly but maybe i dont know what I should do now that it is rooted. can someone help me with what i should do now that its rooted, certain apps i need to get or things i need to do. Im sure you all hate these newbie posts but i really appreciate the help. thanks.
just curious, why did you root if you have no clue what to do with it?
look in the app drawer for SuperUser or SuperSU, you can go in the play store and search Root or SuperUser and look for apps that you might want, you can get apps to freeze or remove completely from your /system you can flash a custom recovery granting you permission to flash custom roms which can lead to severe Crack Flashing, or help find a rom that is completely perfect for you and the best thing you can ever imagine (phone wise)... read some more is what I'm saying.
Get root explorer, delete bloat. Or titanium backup to delete/freeze/backup.
mt3g said:
just curious, why did you root if you have no clue what to do with it?
look in the app drawer for SuperUser or SuperSU, you can go in the play store and search Root or SuperUser and look for apps that you might want, you can get apps to freeze or remove completely from your /system you can flash a custom recovery granting you permission to flash custom roms which can lead to severe Crack Flashing, or help find a rom that is completely perfect for you and the best thing you can ever imagine (phone wise)... read some more is what I'm saying.
Click to expand...
Click to collapse
i got it because i want to bypass the stupid tmobile hotspot block on my unlimited 4g plan. also saw posts about being able to extend battery life. .. just wanted to know if there were some other really cool things i should be doing? also now that i am rooted should i never do a system update?
also i like being able to delete the stupid apps that tmobile forces you to have on your phone... tmobile tv and stuff like that
you know how easy is to re-root, I'm not even positive how that all works cause I've only been on a stock rom for a few months with the the G1 lol. I'm pretty sure you can still update it'll just wipe your root, SU. Honestly flash a custom stock Touchwiz rom that is debloated and has some tweaks, like tethering option.
Or if you don't want to get into flashing which may destroy your phone just use titanium backup to freeze or delete bloat. Then maybe you can get a battery voltage control app for your battery.
Sent from my SGH-T999 using xda app-developers app
well not sure if you exactly know what "rooting" really means.
think of rooting as "unlocking". when you buy a phone from anywhere (let's just take the SGH-T999 for example), the phone isn't actually yours yet. not entirely. sure you paid the money for it, sure it's in your possession, so to most, the phone is yours. but the phone is still locked to, for example, T-Mobile, you can't use it on any other carrier. and the phone is also locked to Samsung, like say, the bootloader. think of it this way: on computers, YOU, or someone else is the administrator of it: you choose what happens to the computer. in this case, Samsung/T-Mobile is the administrator of your device, you are just the user. i guess the iPhone would be a better example. we all know how locked down that is. think of your Android phone that way, locked down by both the Carrier and the Company. now when you root the device, you are doing much more than just "jailbreaking" like on the iPhone. by rooting, you are allowing yourself full administrator access to everything on your device. the Carrier and the Company now have no way to stop you from doing what you want to do with your device (well...there's the warranty stuff i guess...). but point is, with root, you have full power and full access to yours, it is now your phone. completely.
but with such power, also comes responsibility and danger. you need to realize that everything you do after obtaining root, has the possibility of you ending up with a bricked (dead) device. that is why i don't suggest "noobies" play around with root. it is very dangerous and very serious. you must know what you are doing.
i suggest you read as much as you can about rooting and such, rooting and hacking can be fun (trust me), but it can also lead to great consequences as well.
good luck.
saranhai said:
well not sure if you exactly know what "rooting" really means.
think of rooting as "unlocking". when you buy a phone from anywhere (let's just take the SGH-T999 for example), the phone isn't actually yours yet. not entirely. sure you paid the money for it, sure it's in your possession, so to most, the phone is yours. but the phone is still locked to, for example, T-Mobile, you can't use it on any other carrier. and the phone is also locked to Samsung, like say, the bootloader. think of it this way: on computers, YOU, or someone else is the administrator of it: you choose what happens to the computer. in this case, Samsung/T-Mobile is the administrator of your device, you are just the user. i guess the iPhone would be a better example. we all know how locked down that is. think of your Android phone that way, locked down by both the Carrier and the Company. now when you root the device, you are doing much more than just "jailbreaking" like on the iPhone. by rooting, you are allowing yourself full administrator access to everything on your device. the Carrier and the Company now have no way to stop you from doing what you want to do with your device (well...there's the warranty stuff i guess...). but point is, with root, you have full power and full access to yours, it is now your phone. completely.
but with such power, also comes responsibility and danger. you need to realize that everything you do after obtaining root, has the possibility of you ending up with a bricked (dead) device. that is why i don't suggest "noobies" play around with root. it is very dangerous and very serious. you must know what you are doing.
i suggest you read as much as you can about rooting and such, rooting and hacking can be fun (trust me), but it can also lead to great consequences as well.
good luck.
Click to expand...
Click to collapse
thanks... i guess its too late for me to go back now lol i dont plan on doing anything too crazy, just delete some bloat , back up and hopefully try and bypass this wifi hotspot block tmobile has put on my unlimited 4g. which i still havent been able to figure out... UA spoofers dont seem to work but for some reason when i connect USB the tether does work fine as or now, just not the wifi hotspot which i need for PS3 and Ipad

Can't unlock phone on boot

Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
You can search that but might as wipe in the meantime. Get yourself a working phone.
bobby janow said:
You can search that but might as wipe in the meantime. Get yourself a working phone.
Click to expand...
Click to collapse
Thanks for the reply. Going through the post-wipe setup now. Grrrr. It's just that I entered the password a bunch of times, and it always worked. Just on reboot from recovery it didnt. Now I'm afraid to go back into twrp...
Anyone know if this could be caused by some android security feature that doesnt like systemless root, xposed, etc.
greves1 said:
Hi all,
bit of an emergency here. I am running rooted Chroma rom, just went into twrp to backup my EPS, and upon reboot it is saying I need to enter my password. I have done this several times. Now, it keeps saying the password is incorrect, and after the 5th time, there is no option to reset it! Help please!! Don't feel like wiping my phone again...
Click to expand...
Click to collapse
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
After restoring the nandroid, boot into twrp and then delete /data/sytem/locksettings.db. If that doesn't fix it, delete the locksettings.db-shm and locksettings.db-wal in the same location. If that doesn't fix it either, delete gatekeeper.password.key and gatekeeper.pattern.key in the same location.
Click to expand...
Click to collapse
KennyG123 said:
I assume this is the same problem as the Nexus 6P. You need to disable the security before making a TWRP backup. The fix is:
Click to expand...
Click to collapse
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
greves1 said:
Thanks for this fix. I'll keep it in mind next time. My broader question is now about security in general, since there seems to be a way to remove security from our roms?? For example, if someone got ahold of your phone, couldnt they just follow these steps to get in? Is this just a side-effect of unlocking the phone that is unavoidable? If I'm missing something about how to maintain security in the unlocked/rooted environment, please let me know. I've looked around but I haven't found any great guides for best practices regarding nandroids/security, etc. Thanks all!
Click to expand...
Click to collapse
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
KennyG123 said:
Rooting is in itself the biggest security risk. This is why carriers are working with manufacturers to make many phones fully locked and unrootable. Our main security expert Jcase does not use a rooted phone. He recommends if you need to root, go ahead, make the changes you want, then quickly unroot. So sure, if someone stole your phone they could follow that procedure to get into it. They could also just force a fresh stock version on it to wipe everything. Security and locks are meant to keep out honest people and slow down the dishonest.
Click to expand...
Click to collapse
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
greves1 said:
Just so I'm clear, the only thing keeping a stock phone safe is that when its locked, it can't be unlocked/rooted because the option to allow oem unlocking/adb connections are not (or should not be) checked in the developer options, is that correct? From what you're saying, as long as those two boxes are checked, there is essentially nothing stopping someone from wiping out your password and getting into your device. I'd love to run unrooted, but would adaway still have an effect? I'm thinking that the definitions are already applied, so maybe it would work unrooted. But cf.lumen, which I love and can't find the same functionality anywhere else, seems to always "enable interactive shell" on boot. Would this work unrooted? But again, as long so you're doing all this stuff, you can't lock your bootloader again, can you? Or can you lock it on a stock rom with the kind of modifications I'm talking about. I read that locking bootloader while having a custom rom loaded can cause a brick, although I'm not quite sure why. Couldn't you just always get into fastboot to unlock it again?
Click to expand...
Click to collapse
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
KennyG123 said:
Pfew...so many questions...there are always vulnerabilities out there that hackers can find..like Stagefright...but a rooted phone is the most vulnerable. So having a phone with a locked bootloader and unrooted is the best security...still not guaranteed against every possible thing. But it is the best...now what are you trying to protect? Your data...or someone being able to wipe and use the phone as their own? All you can do really is try to protect from a phone being hacked remotely...and a rooted phone is like leaving the safe door open. But if someone steals your phone, there are always nefarious ways to make it usable.
Click to expand...
Click to collapse
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
greves1 said:
Yeah, sorry for the wall of questions. I am just trying to wrap my head around some of these issues. At the end of the day, I don't really keep sensitive data on the phone, although it would not be good if a bad actor got into my gmail, for instance. I suppose I should migrate the last of my sensitive accounts to a secondary email, so no password resets could be initiated from a stolen phone. It's always a tradeoff between convenience and security I know. It's also a little worrysome that simply unlocking the phone activates it for androidpay. An unlocked phone stolen out of someone's hand is essentially the same as stealing all the credit cards in their wallet. It would be nice if android pay allowed an additional fingreprint/pin/password to make the transaction. Anyway, I'm now taking my own thread way off topic. Thanks for the insights though.
Click to expand...
Click to collapse
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
KennyG123 said:
For most phones that have fingerprint security Android Pay can be set up that way. I won't use it anyway because it would be crazy to hand a waiter your unlocked phone, or to have to follow him to the register. It would only be useful to me in the supermarket but I am carrying a credit card anyway. But that is one thing people forget, rooting a phone means removing the main security.
Click to expand...
Click to collapse
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
greves1 said:
N5X and android pay seems to tell me to just "unlock your phone" and hold it close to the reader. No need for an additional fingerprint. And no option to require this in settings...
Click to expand...
Click to collapse
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
KennyG123 said:
Yes, that should get you to the authorization screen and then if you have fingerprint set up should ask you for the fingerprint to authorize. Android Pay also now works on phones without fingerprint sensors so that is why they provide those simple instructions. Final authorization instructions will appear on your screen.
Click to expand...
Click to collapse
Ah, great to know. Thanks.
greves1 said:
Ah, great to know. Thanks.
Click to expand...
Click to collapse
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
KennyG123 said:
Unfortunately I can't test that theory since I am on a custom ROM and also Xposed. But everything I read says it should utilize the fingerprint if available.
Click to expand...
Click to collapse
Real word use shows that android pay does not ask for an additional fingerprint at the time of use. It's just as the instructions say, as long as your phone is unlocked at the time it is held up to the scanner, androidpay will work. I kind of wish they allowed for the additional security of an at-scan fingerprint read, but oh well. I have yet to test if the password/pin can be removed by the methods discussed in this thread, and androidpay working after defeating this security. If it does, then this is obviously a major security vulnerability of having an unlocked phone and using androidpay at the same time. Probably not more dangerous in terms of protecting against CC thieves, since they can just swipe a card stolen from your wallet at a terminal, but you probably wouldn't want to keep too many cards on your phone. Again, I haven't tested this out, if a fingerprint is still required to get in after a password database defeat, but someone should do this test.
If you have your phone lost or stolen just cancel your cards as if it happened to your wallet. Simple no?

Re: Moving apps

Re: Moving apps
I am about to help my husband root his 8.4 Tab Pro. But before I even do this for him, I need to know if I'm wasting my time.
What he wants is to be able to move his apps to his micro sd card. He says he doesn't have any room on his tablet.
So is that possible to do, once rooted?
Thanks
ms.journie said:
I am about to help my husband root his 8.4 Tab Pro. But before I even do this for him, I need to know if I'm wasting my time.
What he wants is to be able to move his apps to his micro sd card. He says he doesn't have any room on his tablet.
So is that possible to do, once rooted?
Thanks
Click to expand...
Click to collapse
Apps will have to be re-downloaded from the Play Store Store assuming he had gotten them there. In the possible case of Amazon Apps, you'll need to get it from them.
But, it sounds to me like you'd want to look for Titanium Backup, which should help you setup that task
I have no clue as to which version ot the Tab Pro you might have T320 (WiFi), or the T325 (LTE).
Either way, if your husband will somehow require the Knox (Security functions), of that Device.... STOP NOW!
Rooting to replace the Recovery, or OS WILL PERMANENTLY TRIP THE KNOX FLAG. Thus rendering Knox Security useless.
Assuming there is anything worth backing up it might well be inside there. And the ONLY TIME you have to back it up is before you trip the flag.
Once tripped there is no going back ever, and as I stated Knox will be dead to the Device, along with any hosted data that was part of it
Otherwise I wouldn't be to pressed about his Apps...
Ichijoe said:
Apps will have to be re-downloaded from the Play Store Store assuming he had gotten them there. In the possible case of Amazon Apps, you'll need to get it from them.
But, it sounds to me like you'd want to look for Titanium Backup, which should help you setup that task
I have no clue as to which version ot the Tab Pro you might have T320 (WiFi), or the T325 (LTE).
Either way, if your husband will somehow require the Knox (Security functions), of that Device.... STOP NOW!
Rooting to replace the Recovery, or OS WILL PERMANENTLY TRIP THE KNOX FLAG. Thus rendering Knox Security useless.
Assuming there is anything worth backing up it might well be inside there. And the ONLY TIME you have to back it up is before you trip the flag.
Once tripped there is no going back ever, and as I stated Knox will be dead to the Device, along with any hosted data that was part of it
Otherwise I wouldn't be to pressed about his Apps...
Click to expand...
Click to collapse
Thank you for this info!
I just asked him if he uses his knox security, and he says he doesn't because he has bit defender and malwarebytes. So since he doesn't use that program I guess I can go ahead and proceed.
ms.journie said:
Thank you for this info!
I just asked him if he uses his knox security, and he says he doesn't because he has bit defender and malwarebytes. So since he doesn't use that program I guess I can go ahead and proceed.
Click to expand...
Click to collapse
I'd like to think I'm up on most thing security wise. But, I'm not aware of those Apps. being on Android. Specifically MicroSoft's Bitdefender.
To describe what knox is (besides a means to void ones warranty), its a very secure business ordinated front end, that only come into its own when the Employer
also has a knox backend server running, to control it.
So long as thats NOT the case... Flash it!
If on the other hand it might be, I'd advise against it, as you can never go back from a Knox 0x1 state.
It will also (On newer Device that support it), brick up things like Google Pay.
Thankfully the Tab Pro does not have that feature to lose.

Can't create work Profile on my Galaxy Note Plus

Hello everyone.
I'm totally new here. This is my first post on XDA.
Recently I bought a 2nd hand phone, Samsung Note 10 Plus with a very good condition. Everything seems to me perfect when I purchased it. All features are working great.
Recently I tried to add an educational google account that was provided from one of educational institution.
When I tried to add this account on this particular phone, it's showing an error that -
"Can't create work profile!!
The security policy prevents the creation of a work profile because a custom OS has been installed on this device."
(I'm posting the screenshot also)
I don't know why it's showing this error message, because I'm not using any custom OS, according to my knowledge. I got official OTA update after purchasing it.
So as far as I know, it's running on stock OS.
The model number of my Note 10 Plus is "SCV45". It's a Japanese variant named "au".
What is reason of this error behind it? I didn't install any custom OS nor root my phone. I don't know the previous history as it's a 2nd hand phone. What should I do now to fix this issue. Please help me as I'm new to this thread.
Settings>About Phone>Status>Phone Status
Phone status should be "Official" otherwise it's been rooted and the Knox efuse tripped.
Can you set up/use Secure Folder?
Thanks for your earliest reply.
Here, phone status is showing "Official".
But after using some days, I get t know about "Knox Security" & I found heart breaking fact that my phone's "Knox Security" is void & I have to live with it as there is no workaround for that issue. (Found on XDA)
But the fact is, currently I didn't found any root access & from the about section, it's showing Official OS.
Then why it's giving error msg that I am using custom OS?
I got to know from xda that if knox security is tripped then I can't use some of Samsung app like Samsung Pass, Secure Folder, Samsung Heath....
But why I can't use a work profile when I am running on stock OS & which is not ever rooted (according to my knowledge).
So what I can do now to fix this issue?
Please help.
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
blackhawk said:
So much for that efuse trip method indicator... there are other ways to tell. Lol, always thought that one worked. You're questions have me curious as well.
My guess it was Knox efuse, but as for work profile not sure if it was or is tied together with Knox.
I avoid the Knox features as they're rules are convoluted... and I have no need for them.
You might want to reflash the firmware to be on the safe side. There are many here that can give you a better appraisal about this than me though.
I run stock N10+'s.
Lastly you could consider returning the device if it has been rooted in the past and the seller didn't state so.
Click to expand...
Click to collapse
I didn't think so it is tied with knox security. Because I have used that work profile on another mobile other than a Samsung phone. So there is no link up between my work profile and the knox security.
Now I want to reflash the stock firmware by Odin3. But the problem I faced is, when I visited SamMobile for downloading the exact firmware, I didn't see any model number with "SCV45".
All the model numbers are like - SM-N975F, SM-N975U, SM-N975U1, SM-N975N... & so on.
So, should I flash any of them? I can't choose the proper version.
My mobile is snapdragon variant.
If I flash any of the version, what will happen?? I need to know about that.
And lastly, about returning the device.
I have purchased it as 2nd hand, and the first unit that I got, has the hardware problem. So I already returned that one. So they already gave me a replacement.
So I know, there must be some issues & I have to accept that as I am getting at very cheap price. But the last one I received, is totally in fresh condition. Even the screen paper that comes with intact phone, is still there. I have checked all the the hardware and sensors. All are working perfectly. And battery backup is also good. I am getting almost 7.5hr SOT. I have checked the battery cycle. Battery discharge cycle count is 164 (I don't know whether it is modified or not). I checked the other phones that have battery discharge cycle count is almost 500 to 700.
That's why I pick this last one. All seems perfect. Only have the issues with knox security, but I get to know about that later. And knox security is also not important for me. But at least I need to use my work profile.
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
blackhawk said:
That is the Japanese variant.
If you're stateside a Samsung Experience center at a Best Buy can run advanced diagnostics on it and reflash it if needed.
I would stay on Android 10. Either 9 or 10 run well. 11 not so much so and 12 is a mess, both have fully active cpu cycle sucking scoped storage.
Click to expand...
Click to collapse
When I purchased the Mobile, It has Android 10. I've upgarde to andoird 11 just. Everything is working fine except that issue.
Can I flash SM-N975U or SM-N975U1 firmware? there will be any problem??

Categories

Resources