Related
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Have your company email forwarded to another email account?
Sent from my SPH-L710 using Tapatalk 2
Get 2nd line for a work phone.
Root access is a essential part of custom roms.
It's like having a Lamborghini but putting a 4 cylinder engine in it. Just doesn't work...
Sent from Pluto.
Actually you can remove superuser and most likely unroot as long as nothing the rom is doing needs root permissions
Sent from my SPH-L710 using Tapatalk 2
---------- Post added at 01:52 AM ---------- Previous post was at 01:52 AM ----------
There's nothing to say you can't
Sent from my SPH-L710 using Tapatalk 2
Thanks for the suggestions. I couple of notes:
1) Forwarding is not a viable option given them I am just duplicating my email, which will increase the challenge of managing it (i.e. need to delete twice, replies will not be threaded, sent mail will not be available in a central location, etc.)
2) 2nd line is not practical for cost reasons, plus then I have another phone (my goal is to increase convergance and limit the number of devices I have)
3) The removing the superuser is an interesting option, but I do not know enough about it and the features of the ROMs to understand the potential impact.
Thanks again and if you have any additional options/ideas, please let me know. Thanks.
Raife1 said:
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Click to expand...
Click to collapse
Yes you can I do it all the time root flash ROM than use super su to unroot with NP and all my apps that don't allow root work perfectly
Sent from my SPH-L710 using xda app-developers app
Please read forum rules before posting
Questions go in Q&A
Thread Moved
Thank you for your cooperation
Friendly Neighborhood Moderator
Use the cm9 multiboot and just switch back and forth. Or look aroimd for the hacked exchange apk with the security **** removed
Raife1 said:
Hello All - I have a question of if I can:
1) Root my phone
2) Install custome ROM
3) Unroot phones (and leave custom ROM)
The reason I ask is my company is initiating use of an app (MaaS360) to manage mobile devices that receive company email (currently optional, but soon to be required if I want my company email on my phone). The app will not accepted rooted phones (it checks and then disables Exchange push). I currently use Touchdown as it is compliant with my companies security policies.
Any ideas? I would need to receive my company email, but also want to use custom ROMs and ideally remain rooted. Thanks.
Click to expand...
Click to collapse
Within the past 2 months I implemented MaaS360 to manage our companies mobile devices. Your IT department will have to manually check the box that says check for rooted/jailbroken devices, otherwise MaaS360 does not care if the device is rooted or not. Half of our corporate Android phones are rooted, and does not cause a problem with MaaS360. If you have buddied up with the guy who will be configuring MaaS360 for your company, you could always ask him to create you a custom profile (its a 2 second process) that doesn't check your device to see if it is rooted or not.
billard412 said:
Use the cm9 multiboot and just switch back and forth. Or look aroimd for the hacked exchange apk with the security **** removed
Click to expand...
Click to collapse
He cannot use the stock exchange apk if his company is implementing MaaS360, the way that MaaS works to sync the exchange profile to Android devices, it requires Touchdown.
Just a quick picture to show you that by default it does not restrict rooted/jailbroken devices (this is from the default compliance policy)
Also a sidenote, your name looks very familiar Raife, do you by chance use Spiceworks?
Khilbron said:
Within the past 2 months I implemented MaaS360 to manage our companies mobile devices. Your IT department will have to manually check the box that says check for rooted/jailbroken devices, otherwise MaaS360 does not care if the device is rooted or not. Half of our corporate Android phones are rooted, and does not cause a problem with MaaS360. If you have buddied up with the guy who will be configuring MaaS360 for your company, you could always ask him to create you a custom profile (its a 2 second process) that doesn't check your device to see if it is rooted or not.
He cannot use the stock exchange apk if his company is implementing MaaS360, the way that MaaS works to sync the exchange profile to Android devices, it requires Touchdown.
Just a quick picture to show you that by default it does not restrict rooted/jailbroken devices (this is from the default compliance policy)
Also a sidenote, your name looks very familiar Raife, do you by chance use Spiceworks?
Click to expand...
Click to collapse
Sorry- no spriceworks fpor me.
It sounds like I have 2 viable options:
1) Unroot and go stock (not happy about that option)
2) find a corporate IT buddy to create me a custom profile
As a curiosity, why would a firm choose to prevent rooted phones (also jailbroke iDevices)? I followed up and it is stated in the FAQ on the deployment that it doesn't work on rooted and jailbroke devices.
Thanks for everyone's reply's so far.
I would say go back to complete stock and unroot and then wait for the jb update coming out soon
Sent from my SPH-L710 using xda app-developers app
You can use SuperSu and uncheck the box that enables it. And if you need to do something requiring root access go ahead and check it
nicholaaaas said:
You can use SuperSu and uncheck the box that enables it. And if you need to do something requiring root access go ahead and check it
Click to expand...
Click to collapse
Well the temp unroot seems like a viable option. The only thing I am really using the root for now is wi-fi tether (I only use tether when travel - maybe once or twice a month)
Khilbron - whould the following scenario work with MaaS360:
Root phone
Install custom ROM (or leave stock)
Select Temp Unroot in Super User for daily use
When I need to Wi-fi tether, unselect Unroot, use tether
When done with tether, re-select Temp Unroot
Again the big thing I want is to receive my corporate email (and I do use Touchdown)
"RootCloak" part of the xposed framework will allow you to hide root from your selective aps. There are other aps on the Appstore but this is the only one that worked with Maas360
My company will be requiring Airwatch to be installed on any mobile device that accesses company email, on the 15th of this month. There is only a little information on XDA related to this, most of it being >7 months old & not very informative; however I've learned the following:
-AW can detect root
-AW allows the admin to encrypt device & SD storage, track the device via GPS, & view installed apps
-I suspect, but don't know for sure, they can also perform a full wipe - should the device security be compromised.
What I'd like to know is if any XDA users are familiar with this app/IT security measure. Is there a way to bypass root detection, or have a source in IT create a custom profile, on the server end, that would not flag my device?
I own my SGS3, & pay for my service, as my company initiated a BYOD policy a few months ago. Now they say I have to install this if I want to continue to access my email, calendar, contacts, etc. The choice is mine, but I'd prefer to have my cake & eat it to, if possible.
So, I'm putting it to the brilliant collective minds, thoughts, experience, & expertise of the XDA community! Any thoughts, accounts of direct experience (admin or end-user), solutions, suggestions - anything would be appreciated.
Thanks!
Samsung Galaxy S3
OdexedBlue ROM
Trinity Kernel
XDA Premium - Support our developers!
Bump....
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Bump... Still nothing! What a bummer!
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Honestly I wouldn't want to give my company access to my personal phone like that... You never know what they can look at that they aren't telling you. Plus tracking the GPS, that's pretty much the same as getting the ankle monitor when you on house arrest. Total invasion of privacy.
I'd pay the $20 for another line on my family share plan And use that for a business phone. That way unless I'm at work or do a on call shift I can turn the phone off and not have to worry abut being tracked.
Sent from Pluto.
Do you really need email access on your phone that badly? Seems like you are giving up a lot...
Sent from my SPH-L710 using xda premium
Well they used to pay for my old blackberry, then initiated the BYOD for everyone. I get approximately 250 emails per day, have all off my contacts on outlook (I had backed up my BlackBerry contacts that way), and I typically have my days packed with one meeting after the other. So, being able to use my phone, instead of carrying around my laptop, to access emails, contacts, & my calendar is extremely useful and convenient.
I'd read on a thread for a similar security product that you can have a custom profile built that will disable the check for root functionality on that. That's why I began looking for possible solutions for Airwatch by posting this thread.
Bottom line though, I will not install it if there's not a work around, or solution of some kind.
Samsung Galaxy S3
OdexedBlue ROM
LI3 Stock Kernel
LIF Baseband
XDA Premium - Support our developers, modders, & themers!
Your place of employment sucks... that's like saying "hey if you want to use your phone for work, well then we own it but you will pay for it."
I mean I get why they have the safeguards in place, just a sucky situation.
I'd still go with my idea, get another line galaxy note 2 would be perfect.
Sent from Pluto.
atm there is no way u can bypass the root check from AW.
but u can disable AW frm "Device Administrator" @ Security when u are off from work.
And install it back when you are back to office.
(click the enrollment link from your email to activate AW)
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
The other thing would be, perhaps a 3G tablet? Unless you absolutely need to make phone calls, that way you can check e-mails and all that jazz, and turn off GPS. Just my two cents. Either way, good luck!
Airwatch user here, member of work IT, with an iPhone, iPad, and Fascinate. Mine reports as compromised devices, and I already told them to wipe my device if it's really out of compliance and they have a problem with it. So far, jail broke and root happy still
My employer is cancelling the BES server (and devices) and switching to a BYOD policy, including Airwatch. The i* device users are ready to be assimilated, but right now there challenges getting the agent on the Droids.
Our policy is that certain employee positions (including mine) are required to have access to a smartphone for e-mail access and/or on-call, and we are in a right to work state. So that means we either comply or risk losing our job. The employee is responsible for purchasing the phone, service & replacing damaged phones, and can turn in the billing summary page each month for up to $100 reimbursement.
The BB was the only smartphone I've had, and my Droid should arrive today. I can understand they want to secure devices which attach to the internal network but that doesn't make me feel any better about how the product integrates with the devices.
Will the agent install on the Droid if it's rooted? Can they prevent me from resetting the phone to remove the agent? And if I do that, will it just re-install if the device is configured in the Airwatch console?
airwatch on S4 blocking USB Debugging
Guys,
I just received a new company Samsung Galaxy S4 and have Airwatch disabling the USB Debugging option, it's greyed out:crying:. Can't even root it now if I wanted to.
Such a shame, I have now two Galaxy S4s, what a b*&(9it to carry around.
Any ideas would be much appreciated.
Cheers!
Airwatch and other email/calendar client
trmixing said:
I actually work for Airwatch, If you own your phone and the company didnt supply it it doesnt matter if your phone is rooted or has a custom rom. its YOUR phone. Yea every week on the AW client it'll report compromised device but its your phone so your company cant say anything to you unless they provide you a phone.
just turn turn off a lot of access and tracking stuff with in the AW app as well
Click to expand...
Click to collapse
Hi,
recently also my company has adopted airwatch MDM to give us the access to email by phone.
I would like to know if there is a way to use a different email/calendar client instead the Airwatch Inbox client... I would like to have a client that offer the possibility top have a calendar with a widget.
cheers,
Luigi
Any updates on this?
I've tried:
RootCloak - downloaded from playstore, didn't work.
Also tried installing it from xposed, but there's an issue with galaxy phones, almost bricked mine.
There's also a thread someplace talking about editing the scripts of AW, but not all scripts are visible any longer.
Bottom line - doesn't work. Using SM-G925F. Any ideas?
So I feel like I know my way around rooting and putting custom roms on android devices. I've done it multiple times and love the features doing those two bring to your device. I recently received a GS3 from my employer and this will be my main device for work and personal use. But the company I work for has an application that is installed on every phone with company information on it so that the app can do things like wipe the device remotely if the phone is lost/stolen for obvious security reasons. But this application also restricts side loading apks and root users on the devices as well.
The application is Maas360:
https://play.google.com/store/apps/details?id=com.fiberlink.maas360.android.control.samsung&hl=en
I actually work with the helpdesk of the company, and we have what Maas360 calls 'security policies' that include the settings restrictions for each of the devices with android or iOS... some of the restrictions set in place are like I said with not be able to side load apks, no root users, must have a screen lock with pattern or pin (depending of which security policy is applied), along with other little things.
1.) Is there a way to get the Samsung bloatware off the device by flashing a Stock, non-root custom rom?
2.) Is possible to side load apps with Maas360 installed? The usual setting of 'Allow the installation of non-Google market apps' is grayed out and unchangeable currently...
If there are any other suggestions, those would be great as well. I just want my device to have the flexibility and openness of what a true Android device should have. Thanks
Typically employers put software like that not just for security measures of lost or stolen, but also to prevent their employees from doing exactly what you are wanting to do. As such, you are essentially asking people here to potentially help break your company's policy and bypass security measures they have installed. As far as I am concerned, you are on your own.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
I got a popup asking to autoupdate the Samsung security policies. Does anybody know what the Samsung Security Policy updates update? I obviously declined the automatic updates, but was wondering if anybody knows if there are consequences either way.
I'm pretty sure this is Knox related. I've declined it myself only to be asked about a dozen more times since. Seems like it finally gave up though. If anyone else has input, I'd be interesting hearing what they know.
Sent from my SM-N910V using Xparent Green Tapatalk 2
My thought is to decline but i would be interested in hearing what a developer thinks.
I want to bump this question. I just had a notice to allow security policy updates. The terms and conditions that must be accepted state that the "updates may add new security policies and delete any existing policies, if necessary. The service may detect and delete any downloaded software which contains malware." Since I have a Developer Edition, am rooted and have many apps that have been granted Super User permissions, I'm wondering if these security updates could delete or alter those permissions or otherwise affect root.
I updated it on my rooted dev edition and I've had no ill effects (so far) I know it required a lot of permissions but it's a security update from the manufacturer for god sake. The last thing I wanted was some security policy to go without being updated. Maybe that's my IT mindset. I was less hesitant to install because I already have root, unlocked bootloader, and a backup, so worse case scenario I could have just restored my nand.
commissionerg said:
I updated it on my rooted dev edition and I've had no ill effects (so far) I know it required a lot of permissions but it's a security update from the manufacturer for god sake. The last thing I wanted was some security policy to go without being updated. Maybe that's my IT mindset. I was less hesitant to install because I already have root, unlocked bootloader, and a backup, so worse case scenario I could have just restored my nand.
Click to expand...
Click to collapse
Agree with this on all points, but, like @GirLuvsDroid said, it sure would be nice to know exactly what these updates are doing.
I have also been declining them, but since you took the plunge for us (and I thank you!) and to your point, that we have backups, I will take it next time.
I have a rooted dev version, and I used Titanium (I bought the premium), and I froze the Knox services, as well as the security policy updates. It stopped the popup and my phone still works fine.
I have a new Pixel 2 XL (google play edition) that I just received as a warranty replacement. I'm on a Verizon grandfathered (real) unlimited plan which disables tethering immediately, but that is a deal break for me. Before someone attacks me for "stealing" from Verizon, I would gladly pay for tethering if they would let me add it to my unlimited plan, but they won't.
My goal is to have my device work with apps that detect root and refuse to function (for example the USAA or ADT apps). As far as I know there's no way around this, but I'm hoping someone knows something I don't (other than modifying the apps APK). Other than enabling tethering I have no reason to have root access or access to the bootloader.
Thanks
Dan
those apps work with Magisk Hide? I know i have a couple apps that still throw a warning message about having dev tools etc enabled, but they still work. Not sure about the apps you listed.
pvtjoker42 said:
those apps work with Magisk Hide? I know i have a couple apps that still throw a warning message about having dev tools etc enabled, but they still work. Not sure about the apps you listed.
Click to expand...
Click to collapse
I totally forgot about magiskhide, I'll give it a shot. Thanks!