hi,
as a victim of lost or stolen phone being used to sign up to premium rate text service, which can not be blocked according to phone companies I was wondering two things.
1. the ****tard signed up online using my name and number - that is all, and then confirmed the sign up by just returning a text from my phone. Is there anyway to trace the computer and thus the user who stole my phone and signed up. Any techies here who fancy the challenge - and give hackers a good name for a change? I'm thinking trace to a internet cafe computer and then ask cafe for CCTV...... like that case where the barrister was caught.
2. I think that a sign up to any such services should require security at least at the level that one has to use when speaking to your phone company.... ie providing a password of the account, etc. Returning a text is no confirmation at all - as it can all too easily be in the hands of a crook. It is in fact an open wallet, one that can hold hundreds or thousands to lose over a matter of hours. The regulator, phone companies and police are all, "it's not fair" but apply for a refund........(which is proving hard to even get through to the company of course)
I was relatively lucky, as at £260 at least it's the low end of fraud, but it makes me very angry that genuine innovative technology is poorly implemented and leaves open such obvious flaws for sharks to so easily take advantage.
Any suggestions.
Regards
anyone got a view on this?
so is no one interested in letting me know or suggesting a good protocol / technical mechanism that the industry could use to make it necessary for a handset to start using a texting service it must go through a security check with the phone provider....... such as PIN with phone provider, to prevent thieves from setting up via the web and then getting handset going stealing 1000's out of one's account.
The phone company operators are saying they can't do that?
Anyone give me some ammunition to say 'yes you could'?
Please anyone.
New to the Android platform. It's surprising how 'connected' they are. Apologies if this is the wrong forum. I'll be happy to post elsewhere or see this post moved.
I have an Epic 4G Touch.
I've been pondering the security and privacy aspect of these Android phones, and it seems to me that precautions are prudent, but I’m not exactly sure what precautions are necessary and how to put them into practice. I’m really not even sure what questions to ask. I’m very computer literate, so I guess that gives me a head start of sorts.
I guess complete privacy, information safety and anonymity is impossible, but I hope there is some sort of method that will allow as much as is available.
The questions below are examples of some of the questions I have.
Is there some sort of primer that covers these and other details that should be known?
Questions that occur:
1. What is the most secure way to purchase apps? How do the ‘savvy’ users handle this? And should they be purchased online or via the phone? What method of payment are most comfortable with?
2. Is it a bad idea to access other online accounts from the phone, or is it better to establish some sort of new account with a ‘credit limit’ or a low limit credit card?
3. I’m using a few of my ‘anonymous’ Gmail accounts on the phone. I’m not sure how much privacy this provides, given that the phone is in my name?
4. Are there practices that should be avoided (i.e., emailing my 'non-mobile’ accounts)?
5. After getting up to speed, I’ll likely be rooting. Any extra security precautions required? I guess an app like LBE Privacy Guard is warranted?
I suppose a good primer will cover much more. Thanks for any help .
Sam
I can't really help with the purchasing of apps questions, as I don't invest much money into apps, but I would definitely recommend LBE. It helps get your app permissions under control.
Sam Sung;19111758]New to the Android platform. It's surprising how 'connected' they are. Apologies if this is the wrong forum. I'll be happy to post elsewhere or see this post moved.
I have an Epic 4G Touch.
I've been pondering the security and privacy aspect of these Android phones, and it seems to me that precautions are prudent, but I’m not exactly sure what precautions are necessary and how to put them into practice. I’m really not even sure what questions to ask. I’m very computer literate, so I guess that gives me a head start of sorts.
I guess complete privacy, information safety and anonymity is impossible, but I hope there is some sort of method that will allow as much as is available.
The questions below are examples of some of the questions I have.
Is there some sort of primer that covers these and other details that should be known?
Questions that occur:
1. What is the most secure way to purchase apps? How do the ‘savvy’ users handle this? And should they be purchased online or via the phone? What method of payment are most comfortable with?
I do it via phone and bill to my phone bill.
2. Is it a bad idea to access other online accounts from the phone, or is it better to establish some sort of new account with a ‘credit limit’ or a low limit credit card?
I check my info with the banks application.
3. I’m using a few of my ‘anonymous’ Gmail accounts on the phone. I’m not sure how much privacy this provides, given that the phone is in my name?
Probably not much.
4. Are there practices that should be avoided (i.e., emailing my 'non-mobile’ accounts)?
I can't think of any shouldn't make a difference.
5. After getting up to speed, I’ll likely be rooting. Any extra security precautions required? I guess an app like LBE Privacy Guard is warranted?
Only security precaution I suggest is read perms. Lol
I suppose a good primer will cover much more. Thanks for any help .
Sent from my PC36100 using xda premium
First you need to decide how private you want to be.
Hiding your activity from Sprint for example would be fairly difficult. The ET4G is setup to route all internet traffic through sprint's proxies, you can change this (search the ET4g forums to find out how) but I'm certain that sprint could still monitor your activity if they wanted to unless you setup some kind of VPN which I don't even know if we can do on our phones.
Next up would be google, they make money by gathering information about you... so yeah if you want to hide from them your a tad limited since this is android. I guess you could just not associate a gmail account with the phone, but then whats the point of running android?
Personally I'm not insanely worried about the above two entities. What concerns me is the tons of random apps people load onto phones that have every permission granted you could think of. This is where LBE Privacy Guard comes into play and should be used regardless of rooting. Safest place to get apps is the official market, downloading cracked apps opens you up to who knows what.
Anyway thats my spiel
Sam Sung said:
New to the Android platform. It's surprising how 'connected' they are. Apologies if this is the wrong forum. I'll be happy to post elsewhere or see this post moved.
I have an Epic 4G Touch.
I've been pondering the security and privacy aspect of these Android phones, and it seems to me that precautions are prudent, but I’m not exactly sure what precautions are necessary and how to put them into practice. I’m really not even sure what questions to ask. I’m very computer literate, so I guess that gives me a head start of sorts.
I guess complete privacy, information safety and anonymity is impossible, but I hope there is some sort of method that will allow as much as is available.
The questions below are examples of some of the questions I have.
Is there some sort of primer that covers these and other details that should be known?
Questions that occur:
1. What is the most secure way to purchase apps? How do the ‘savvy’ users handle this? And should they be purchased online or via the phone? What method of payment are most comfortable with?
2. Is it a bad idea to access other online accounts from the phone, or is it better to establish some sort of new account with a ‘credit limit’ or a low limit credit card?
3. I’m using a few of my ‘anonymous’ Gmail accounts on the phone. I’m not sure how much privacy this provides, given that the phone is in my name?
4. Are there practices that should be avoided (i.e., emailing my 'non-mobile’ accounts)?
5. After getting up to speed, I’ll likely be rooting. Any extra security precautions required? I guess an app like LBE Privacy Guard is warranted?
I suppose a good primer will cover much more. Thanks for any help .
Sam
Click to expand...
Click to collapse
.
Thread moved to Q&A due to it being a question. Would advise you to read forum rules and post in correct section.
Failure to comply with forum rules will result in an infraction and/or ban depending on severity of rule break.
Thanks to all for your comments.
R1ptide said:
First you need to decide how private you want to be.
Hiding your activity from Sprint for example would be fairly difficult. The ET4G is setup to route all internet traffic through sprint's proxies, you can change this (search the ET4g forums to find out how) but I'm certain that sprint could still monitor your activity if they wanted to unless you setup some kind of VPN which I don't even know if we can do on our phones.
Next up would be google, they make money by gathering information about you... so yeah if you want to hide from them your a tad limited since this is android. I guess you could just not associate a gmail account with the phone, but then whats the point of running android?
Click to expand...
Click to collapse
I agree. Although I've always been very 'privacy centered', I've come to accept the reality that there is a compromise required here. It never occurred to me that I should worry about Sprint. The 'Big Picture' where Google is concerned is somewhat disturbing, but I suppose the (unacceptable) alternative is to throw away my android and limit all of my online activity.
At this point, I can safely say that I won't be tossing my Android unless I become a fugitive of justice .
However, I'm only willing to give up what I have to. The problem is, at my current level of experience, I'm not quite sure what that is. And that is the question I should have included in my OP:
If I want to protect my privacy, data, acounts, and all else to the greatest degree possible without giving up my Android (and still retaining the lion's share of functionality and features), how would I best accomplish that?
I do understand that common sense plays a large role here, and I'm not looking to overide that, but whatever practices, software, some kind of anonymous payment methods or whatever else that can provide the greatest degree of protection, privacy and anonymity without shelving all functionality is what I'm after.
Personally I'm not insanely worried about the above two entities. What concerns me is the tons of random apps people load onto phones that have every permission granted you could think of. This is where LBE Privacy Guard comes into play and should be used regardless of rooting. Safest place to get apps is the official market, downloading cracked apps opens you up to who knows what.
Anyway thats my spiel
Click to expand...
Click to collapse
I appreciate your well thought out response. As far as cracked apps, I apply the same caution here as I do to my computers. No questionable software or sites. No 'off the beaten path' practices unless thoroughly researched.
Where LBE is concerned...the Market description (and a thread I read in these forums) states that Root is required. Is that not correct?
Again, thanks for your (and any other) responses.
Sam Sung said:
Where LBE is concerned...the Market description (and a thread I read in these forums) states that Root is required. Is that not correct?
Click to expand...
Click to collapse
That is correct, and if you're getting at what I think you are, then yes, some people have a problem with this. It's hard accepting that LBE protects you from bad apps, while LBE itself has full access to every inch of your phone. That being said, I don't believe anyone has come up with any solid evidence that the app itself is harmful; people, however, can still be skeptics.
Without it, when you come across an app with a questionable permission, your only option is to not use the app. Every other permission blocker I've come across does so forcefully, which leaves the apps useless (force closes, etc). LBE, on the other hand, maintains the usability of the apps while still preventing them those permissions. In my opinion, it's a wonderfully helpful app. Your decision to use it may be different though, depending on your paranoia.
upichie said:
That is correct, and if you're getting at what I think you are...
In my opinion, it's a wonderfully helpful app. Your decision to use it may be different though, depending on your paranoia.
Click to expand...
Click to collapse
Well, actually, my question was based on the reality that I would be running it now if my phone was rooted (and the supposition that it will be pointless to install to an unrooted phone). I will be rooting this phone (Epic 4G Touch) eventually. The only reasons I haven't are:
1) This is my first Android phone and therefore I have no experience with rooting (still reading different rooting threads). I tend to research before I leap into something new.
2) I just don't have the time right now to troubleshoot if something goes wrong. And this phone is so incredible, I'd rather not be without it for any extended length of time (I use it as an 'appliance' rather than a phone...I have other phones for such menial tasks)
But I'm definitely convinced of the virtues of rooting, largely due to the app functionality. I also want to be prepared for the caveats. I'm not sure what they may be right now, but there must be some security risks.
Thanks!
Apps can be purchased via PC web browser at AppStoreHQ.
Gapps are optional. After rooting you could remove them or just those you don't need. Market is a tough one to live without, IMO.
If you don't plan to use your device for email then create a new email account specifically for the phone. Don't give it out. This will allow you to use the Market, etc.
Install Shark for Root + SharkReader to look at network traffic, or do it via router. Use hosts file to block google analytics etc. Routinely wipe the cache.
If you root install busybox and a terminal emulator and you can control the apps and system yourself. Everything LBE does you can do manually. Compile/install a kernel with tun.ko module and connect to a VPN. Or change DNS if you want. It's Linux, always keep that in mind.
My BIGGEST problem with Android is the lack of timely updates which include security patches. For this reason these devices are a security nightmare. Turn off WiFi, data, gps, Bluetooth when not using them. Disable install from unknown sources and debugging when not in us. Follow blogs that report on security issues and understand where you're vulnerable.
I'm security conscious as well and don't purchase or do banking with my phone. Sure it's convenient but it can wait until I get home. If someone is sniffing my traffic or should my phone be stolen I'm not scurrying to cancel credit cards and change passwords. This gives me the piece of mind I need to enjoy my smartphone. It also limits it, but I'm ok with that.
Turducken said:
Apps can be purchased via PC web browser at AppStoreHQ.
Click to expand...
Click to collapse
Is there a more anonymous payment method than standard CC?
Gapps are optional. After rooting you could remove them or just those you don't need. Market is a tough one to live without, IMO.
If you don't plan to use your device for email then create a new email account specifically for the phone. Don't give it out. This will allow you to use the Market, etc.
Click to expand...
Click to collapse
Actually, I have 3 gmail accts on the phone. One for market, one for clients, one for logins.
Install Shark for Root + SharkReader to look at network traffic, or do it via router. Use hosts file to block google analytics etc. Routinely wipe the cache.
If you root install busybox and a terminal emulator and you can control the apps and system yourself. Everything LBE does you can do manually. Compile/install a kernel with tun.ko module and connect to a VPN. Or change DNS if you want. It's Linux, always keep that in mind.
My BIGGEST problem with Android is the lack of timely updates which include security patches. For this reason these devices are a security nightmare. Turn off WiFi, data, gps, Bluetooth when not using them. Disable install from unknown sources and debugging when not in us. Follow blogs that report on security issues and understand where you're vulnerable.
I'm security conscious as well and don't purchase or do banking with my phone. Sure it's convenient but it can wait until I get home. If someone is sniffing my traffic or should my phone be stolen I'm not scurrying to cancel credit cards and change passwords. This gives me the piece of mind I need to enjoy my smartphone. It also limits it, but I'm ok with that.
Click to expand...
Click to collapse
Thanks, Turducken. This is really good information. All the more reason I need to get up to speed w/rooting so that I can batten down the hatches. I'm not quite sure how to use some of this info yet, but time and educating myself will remedy that.
One app I just ran across looks interesting (which I can't use until I root) is Logging Test.
It was originally written for HTC phones, but the paid version will support more devices.
Please consider this thread ongoing. Any information and/or links pertinent to security, data and privacy protection is enthusiastically welcomed!
Unfortunly I have recently lost one of my beloved gadgets, and after that situation I came up with this idea. I presents you an anti-thef system. I don't have the technical skills to develop it, neither I have the time, that's why I decided to post it here and if you consider this idea viable, may some of you want to involve in this tiny project with me
The idea:
Motivations: Most people don’t think about recovering their gadgets until they lose them. There are plenty of applications in Google Play dedicated to this purpose, however they are useless in most of the circumstances, specially if we attend to the fact that except in some exceptions, these apps don’t survive a factory reset
Idea: I propose to develop a system with wide acceptance among developers which in a transparent way for users allows them to gather information if their gadgets have been lost. This system would activate after downloading an application using this technology. This application would gather information about the gadget (permanent data such serial number of IMEI and volatile data such email address or phone number) and send it to a database usable only by the gadget's owner
Design: The system would have two parts:
An API - This API must be extremely simple and it could be integrated in all the applications in Google Play without efforts. The more wide accepted it is, the more effective the system will be. That’s why in my opinion this should be developed by a community like this in order to achieve a great acceptance quickly
The code will run the first time the application is executed. In that moment it gathers all the required information and it is sent to the database
A Web Service - The web service basically is a data base with two user interfaces - One interface designed to receive the data sent by the application - and another interface designed to return the information of a given gadget identified by its serial number. I have been wondering how to verified the ownership of an user, and I there are several ways, however it's an open discussion subject
Advantages of the system:
It’s totally transparent for the user
It’s a reset-proofing system, because as soon as the “new user” downloads a “marked” application, the database will receive helpful information in order to get the gadget returned to the real owner
It has more chances than the traditional applications to have the “thief” triggering events which runs the code
With a minimum cost we can offer something new to the market
Let’s see an example
A nice guy with a new gadget (let’s say a new phone), he downloads some applications, most of them marked with this system. In this situation the database collect the information of this new phone and indexes it using its serial number.
Few days later this nice guy forget his phone in a plane and the person who finds it forces a factory reset. As soon as the phone downloads one application the database stores the new information. Five minutes later our nice guy connects to the web site and discovers the name and the phone number of the person using his phone. They get in touch and the phone is returned to our nice guy
pls take a look @ ceberusapp.com . hope this is what u looking for.
Sent from my GT-I8150 using xda app-developers app
just add an app to /system which want the user to insert a code every 10 minutes when screen is on. after 3 wrong tries device will make wuiuiiiui and run away, hum?
Example: Chuck Norris have a new Phone. He Never Loose it. End.
Example 2: Justin Bieber have a new Phone. He loose it. Haters Destroy it and don't download applications. End.
Example 3: Jader132245324239 has got Xperia arc S and loose it. Jader13254 Find it and reflash Software and remove SIM. Jader1322u45324u239 will not Find it. End.
What Do You Think About?? If The User Wipe the Device & Reflash Software + Removed SIM, there would be no way to remember the Owner..
Cerberus is nice, in fact I use Cerberus on my mobile phone, however it has the problem I mentioned, it depends on the user to install it, and most users won't install anything because they don't even think in losing its mobile.
The system I proposed doesn't depend on the user, it automatically gathers the permanent information (for instance the serial number) and sends it to a database.
The main advantage of this system is that the thief, even after wiping the telephone, will probably download an application and then database will have information about this person.
What do you think?
Not a development thread - moved to General.
Most articles are about hacking and my intent is to setup a full defense to my business that is thoroughly hacked through a pernicious hacking of all texts, phones and pc displays.
There is isatap adapter on pcs, system preferences moved and lost on macs, remote shutdown, extension of battery life and monitoring.
This has to do with a circumstances I won't go into but there is a criminal suspected of jealous stalking and tampering.
There is a ZTE maven phone with clients calling from as long as 7-1/2 years and they expect to text, and call without being surveilled or even the phone just being shut down or even worse a physical stalking as soon as I turn it on or have it around.
What are the options to 1) get rooted startup scripts and packages off my phone and 2) trap data about the individuals suspected please.
My first priority is to get phone function back. I have master reset as much as 10 x a day and even on different sim and phone there is still a changing or spoofing of apps within 10 minutes. One app had a whopping 238 permissions added to it including finding out what car speed you are at and so forth. Please help!
I am technical just not too techie with android yet. I do need my business back there is almost total financial ruin and damages, financial and beyond please.
Thank you.
I too have been hacked all four of my phone's are controlled by remote. Thankfully it's not business oriented o have no financial data on any phone but I do have contacts whose anonymity is most important to me. My phone book and my texts have been transferred several times and I am in contact of sorts with a person or persons either trying to help or hackers posing as good Samaritans. Whatever steps I take towards de hacking my phone's when successful I will get back to you with my solution and hopefully it will help you too.
As more and more companies require their employees using business apps or store relevant information on their devices, how to protect the data becomes a hard nut to crack. Under this circumstance, some of them involved the "remote wipe permission". By signing BYOD (Bring Your Own Device) agreement, employees should give companies access to wipe the data on their phone for business purpose. Actually, a recent survey by Acronis showed that around 21% of companies "perform remote wipes when an employee quits or is terminated."
Although this is considered to be an efficient way of protecting the interest of companies, a growing number of employees felt to be kind of "offended" by their employers. "It's just like a loaded gun pointing to my personal data," said by one of the employees. Another one of them lost all the photos of a relative who had passed away.
In order to avoid the risks, what should we do? Actually, there should be lots of methods. Some companies have a timely reminder to let their employees back up the data. Some employees delete the apps or files for wiping data before resign. These sort of ways are helpful, but they just partially resolved the issue, as the data could still be wiped at any time.
How could we get the risk totally settled? Is it the only way of owning another device for business? The answer is, no. Owning another device is certainly a perfect way to resolve the issue, but it's lack of cost-performance and convenience. What's more, there's even another risk for losing one of the devices. By adding another virtual system to store all the business stuff, and give the company wiping permission for it should be a brilliant way.
Hard to find one? VMOS could help you out. With the VM (virtual machine) technology, VMOS contained a whole Android system inside the app, which allows you to install/delete/run apps just like normal. With the root access equipped, you can put anything you like into the virtual system, and will not affect your physical device. The message penetration function also prevents you from missing any information.
In this way, we could put all the business apps inside the virtual system. Whenever the companies would like to delete them, it would happen only in VMOS, the data in your phone will be stored safe and sound.
Direct copy/paste from here:
https://medium.com/@ckzhao9112/prevent-your-data-from-remote-wiping-by-the-company-25df7a3abdc9
Thread closed.