Hi all,
I've just found out that the exchange server I connect to at work will soon enable remote wipe capabilities for security purposes.
I'm running cyanogenmod 5.0.7 on my HTC Dream. Not knowing a lot about remote wipe, will they still be able to do it even though I have this custom Rom?
I'm assuming that if they do a remote wipe, I can just boot into the recovery and restore a nandroid backup?
I don't expect them to do it but I just want to understand the repercutions if I enable email on my phone.
Geoff
IIRC, that feature was included in Android 2.2.
I'm currently using 5.0.7 of cyanogen though so it's only 2.1. I'm assuming then a remote wipe can still be done on a custom rom?
Is it as easy as going into the recovery and restoring a backup in the event a remote wipe is done?
If the exchange client and server both support it then yeah, you'll be able to remote wipe. This will only wipe your emails though.. not your whole phone..
You cannot enable remote wipe as a feature in the stock email client in android 2.1 regardless of which rom you are using
You have 2 options, either install Touchdown from the market (which costs money) or run Android 2.2, currently the only rom that I know of built on 2.2 is here http://forum.xda-developers.com/showthread.php?t=686105
I'm already using touchdown. I was told at work though that a remote wipe will wipe the phone, not just email.
sounds like a need for a new app
Seems like what is needed is an app that tells the server that it supports remote wipe, complex passwords, etc, and then doesn't do anything unless the end user allows it.
When somebody pays for my phone they can put whatever back door on it they want. Until then, I'll put in my own back doors...
rich0 said:
Seems like what is needed is an app that tells the server that it supports remote wipe, complex passwords, etc, and then doesn't do anything unless the end user allows it.
When somebody pays for my phone they can put whatever back door on it they want. Until then, I'll put in my own back doors...
Click to expand...
Click to collapse
And then have that app fake it's device string so it would appear as Touchdown or some other well-behaved app. I like it.
gleff1 said:
I'm already using touchdown. I was told at work though that a remote wipe will wipe the phone, not just email.
Click to expand...
Click to collapse
Heh. That would be contrary to android security implementation. Letting windoze to remotely interfere with an android phone would be REALLY BONEHEADED.
Simply put, the application would have to have SYSTEM permissions, which it simply isn't going to / can't have unless it was installed as part of the system image. ANY kind of add-on application WILL NOT have the permission required to interfere with your phone unless you do something REALLY dumb, like authorizing root access (assuming that the application even knows to ask for it, which is unlikely).
There *IS* a possibility that froyo "enterprise" features would implement this capability, but if you have control over the device, it would simply be a matter of disabling that application.
IN GENERAL, such security features would only be possible on devices that are (1) owned by somebody besides you, (2) configured by those who own it to do so. Simply connecting to some MS server MUST not be sufficient for them to interfere with your phone.
And to be honest with you, I would NEVER allow anything I use to connect to an MS server. I absolutely do NOT trust them. MS probably steals all your information without telling you. They're evil like that.
The person in your IT dept that told it wiped the entire device is not telling you the entire truth. This is taken directly from Microsoft Technet:
Perform a Remote Wipe on a Mobile Phone
[This topic's current status is: Content Complete.]
Applies to: Exchange Server 2010 Topic Last Modified: 2009-10-13
Microsoft Exchange Server 2010 enables you to send a command to a mobile phone that will perform a wipe of that phone. This process, known as a remote device wipe, clears all Exchange information that's stored on the mobile phone. You can use the EMC or the Shell to perform a remote wipe on a mobile phone.
You can use this procedure to clear data from a stolen phone or to clear a phone before assigning it to another user.
Now, there are MANY administrative options for the Remote Wipe tool. Most organizations only worry about the Exchange side. The other options are dependent on a device having a true 1to1 ActiveSync Partnership. Android devices do not have this, Only WinMo devices do. So, no, your phone will not be wiped clean if they initiate a remote wipe, only your corporate email.
W.O.P.R said:
The person in your IT dept that told it wiped the entire device is not telling you the entire truth.
Click to expand...
Click to collapse
Actually, I.T. staff member *is* correct: "In addition to resetting the mobile phone to factory default condition, a remote device wipe also deletes any data on any storage card that's inserted in the mobile phone"
http://technet.microsoft.com/en-us/library/bb124591.aspx
Related
Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
matt1313 said:
Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
Click to expand...
Click to collapse
Checking for root is configurable by your IT area. My account is not setup to check for root but I have had other problems. Can you easily unroot and reroot your device so Good would work except for the rare times that you actually need root? One problem I have had is the initial setup would never complete (stops at retrieving policies) unless I go back to stock eclair, get it working and back it up via Titanium backup, then upgrade to Froyo or GB, and then restore it. Mine continues to work via root though. The other problem I have had is if I ever restore to an earlier state (using the same PIN), it will stop syncing. I need a new PIN issued to get it working again.
I'm reading that IT admins can lock your phone camera, wipe SD card, etc.
What other kinds of things can they do once "Good for Enterprise" is installed on your personal phone?
Nate2 said:
I'm reading that IT admins can lock your phone camera, wipe SD card, etc.
What other kinds of things can they do once "Good for Enterprise" is installed on your personal phone?
Click to expand...
Click to collapse
I was involved in piloting "Good for Enterprise" for my company. I do know that the possible "controls" vary depending on the platform. Good for Enterprise on the IPhone will have much more control because the devices (hardware) and OS are very limited compared to Android. Keep that in mind as you read some of these items if they don't mention which platform. Also, the Good application would have to be granted root access to your phone "I believe" in order to do any of the items you mentioned. If you are running a custom ROM and have the "SuperUser" app, you would see if it had that access. I "think" it will be very hard for Good to implement some of those controls unless the Android OS provides an API for it because the underlying hardware can vary so much. I'm not a developer but I think that is correct.
Also, if you work for any decent sized company, they will be very concerned about the legal aspects of company provided software deleting (or even reading) personal information outside the "Good container". I mention the word container because Good provides encryption of everything within the app so it can not be read by anything outside the app (such as root explorer). I have successfully backed up and restored the encrypted data to another ROM but it is just bits to Titanium Backup or anything else. Feel free to PM me if you have any other questions on it that I might be able to answer. I know the admin for Good for our company that I could ask other questions.
I'm reading that the installation can detect jailbroken iPhones and rooted Android devices, and if the IT admins decide, they can configure it to refuse installation on such devices to prevent compromising Good's security/integrity of its resources.
(I'm not rooted, and don't plan to root my DroidX, so it is a moot point for me)
I heard from Verizon that IT admins can remotely control hardware components, including cameras, Bluetooth and IR ports, SD Cards, and more.
Things I'd like to know... can IT admins:
Track/monitor internet usage on the device?
Track/monitor GPS usage?
Copy non-Good related resources (e.g. files) from the device or SD card?
Lock the device?
Locate the device?
Wipe non-Good related resources?
Does the Good app send device System Logs to the IT folks?
Phone call logs?
App Permissions:
YOUR ACCOUNTS
ACT AS AN ACCOUNT AUTHENTICATOR Allows an application to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.
MANAGE THE ACCOUNTS LIST Allows an application to perform operations like adding, and removing accounts and deleting their password.
SERVICES THAT COST YOU MONEY
DIRECTLY CALL PHONE NUMBERS Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
NETWORK COMMUNICATION
FULL INTERNET ACCESS Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ CONTACT DATA Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
READ SENSITIVE LOG DATA Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
WRITE CONTACT DATA Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.
PHONE CALLS
READ PHONE STATE AND IDENTITY Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS
MODIFY/DELETE SD CARD CONTENTS Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
RETRIEVE RUNNING APPLICATIONS Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
PREVENT DEVICE FROM SLEEPING Allows an application to prevent the device from going to sleep.
YOUR ACCOUNTS
DISCOVER KNOWN ACCOUNTS Allows an application to get the list of accounts known by the device.
HARDWARE CONTROLS
CONTROL VIBRATOR Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE Allows an application to view the state of all networks.
VIEW WI-FI STATE Allows an application to view the information about the state of Wi-Fi.
SYSTEM TOOLS
READ SYNC STATISTICS Allows an application to read the sync stats; e.g., the history of syncs that have occurred.
AUTOMATICALLY START AT BOOT Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
KILL BACKGROUND PROCESSES Allows an application to kill background processes of other applications, even if memory isn't low.
Sent from my unrooted DroidX using XDA App
I've been using EVO CM7 nightlies for quite a while now and never had issues with Good for Enterprise. With last 3 versions of nightlies, Good hasn't worked. When trying to reinstall Good, it says there is no phone network when trying to register. When looking at Device Info in Good setup screen, it doesn't have a phone number. Tried clearing, data, all cache, etc.
Is anyone else having this issue? It's like CM7 is not sending the phone string to Good when calling it.
A coworker also uses CM7 (not nightlies) and has no issues with Good on EVO. The phone number shows up in Good device info on his EVO.
I had the same problem, but I'm luckily an admin at our company on the good software. After messing around with it... this is what I had to do.
1. Uninstall Good from your phone on CM7 (Must be uninstalled at first for this to work....)
2. Reboot into Recovery and make a Nandroid Backup
3. Wipe the both Caches and Data, Install a Sense Rom
4. Install Good Mobile and have you admin resend you the email to enroll your phone
5. After entering the code and entering a password.. the Good will try to pull emails... kill the good app before this.
6. With Titinium Backup, backup Good and its Data.
7. Reboot into recovery.
8. Wipe the both Caches and the Data... Recover your previous CM7 Nandroid backup.
9. In CM7 launch Titanium backup and restore Good Mobile and its Data.
Worked after that... this way Good would communicate with the phone during the enrollment... which for some reason with CM7 it doesn't work... and just complains about not being connected to your mobile network.
Coincidentally I've just put up another post relating to IMSI numbers which was prompted by Good refusing to activate as some devices are reporting the same 1st 6 digits of their IMSI rather than the full 15 that Good uses to authenticate the license relative to the specific SIM card the license is for. Has anyone else come across this issue with Good?
matt1313 said:
Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
Click to expand...
Click to collapse
Mine quit syncing after the first day. I had to upgrade my personal unlimited data plan to a corporate/enterprise data plan for an additional $15/month with Verizon, and reinstall Good.
Sent from my unrooted DroidX using XDA App
Sievers said:
I had the same problem, but I'm luckily an admin at our company on the good software. After messing around with it... this is what I had to do.
1. Uninstall Good from your phone on CM7 (Must be uninstalled at first for this to work....)
2. Reboot into Recovery and make a Nandroid Backup
3. Wipe the both Caches and Data, Install a Sense Rom
4. Install Good Mobile and have you admin resend you the email to enroll your phone
5. After entering the code and entering a password.. the Good will try to pull emails... kill the good app before this.
6. With Titinium Backup, backup Good and its Data.
7. Reboot into recovery.
8. Wipe the both Caches and the Data... Recover your previous CM7 Nandroid backup.
9. In CM7 launch Titanium backup and restore Good Mobile and its Data.
Worked after that... this way Good would communicate with the phone during the enrollment... which for some reason with CM7 it doesn't work... and just complains about not being connected to your mobile network.
Click to expand...
Click to collapse
I previously had a similar problem that I mentioned above - on custom FROYO ROMs it would stop at retrieving policies but flashing to stock eclair, I could finish the setup (and let all current emails come in) and then backup via TB, flash to custom FROYO, then restore and it would be all set. However, when I recently reinstalled Good on Continuum 5.5, I decided to try to let it complete the setup and it did with no problem. I only tried that since my IT admin setup "self-service" for me. I can access a link where I can send a new PIN for my account since it can easily stop syncing. The PIN goes to your corporate email so it is safe to allow.
@Nate2 - sorry I didn't see your post previously. Yes, there are Good policies that can be setup to detect "jailbroken" IPhones, etc. At my company, Good on Android is still not a standard offering because corporate policies are limited to what they can do on Android due to the numerous OS and hardware combinations. However, I have been pushing simply putting trust in the Good encryption (AES 256 if I remember right). Looking at the permissions of the app makes it look at first glance like it can do anything. However, I don't think it is as extensive as it seems. The only "data" outside the Good container that can be read by the app "to my knowledge" is the contact info. This is because your IT administrator can allow Good to sync corporate contact info (in Good) to your phone's contact info. This allows you to easily see who is calling (rather than a phone #) if it is one of your corporate contacts. Although it can access (modify/delete) SD contents, it doesn't say "Read". I don't think I am "reading" too much into that... For internet access, I know Good is working on adding in internet access (from inside the Good container) so browser access is allowed. I am "guessing" this is mostly for IPhones, etc. where the IT admin could stop internet access outside the Good container. That way they could control internet access on a "corporate" device. This is speculation on my part, though. I do think it can send device logs which is required "I think" to detect root access. Look over all the permissions listed keeping in mind READ access to system logs and contact info only and it seems to fit. Therefore, I think they probably can detect that you enabled/disabled GPS but I "doubt" they can detect where you went since I don't "think" that goes in system logs that they pull. If you still have any question, send me a PM since I don't frequently check this thread.
Thanks RichMD.
I once worked in a large company where a sysadmin was fired for accessing the corporate e-mail of an employee (his ex-girlfriend). She reported the incident to HR. Possible access to additional sensitive resources on the phone makes these kinds of incidents worse, and that's why we should be cautious.
Sent from my unrooted DroidX using XDA App
Just got my Samsung Focus S, and I'm trying to get as much data as I can from my old Samsung Focus over to the new phone. What's the best way of doing this?
image the phone to the sdcard and then change the car.... oh wait.... wp7.... nevermind
that was fun
Bottom line, you can't get there from here.
Anything that has been copied to your PC through Zune (photos, videos, music) can be copied back to your new phone. Also, anything that is already stored in the cloud will still be available. But anything that is solely on your phone (app/game settings & saves, SMS messages, documents created by apps that don't support cloud storage, etc), will be permanently lost.
Microsoft does not provide (or even allow for) any mechanism to make a transferable backup of your device.
ohgood said:
image the phone to the sdcard and then change the car.... oh wait.... wp7.... nevermind
that was fun
Click to expand...
Click to collapse
yea that was productive...NOT!!! go somewhere. Anyway u can't make a backup of one device and transfer it to another but u can reinstall all ur apps from the web marketplace and resync all media once reconnected to Zune. Text messages and game saves will be gone unless the games get updated for cloud saves.
Sent from my T7575 using Board Express
any chance of using that custom backup tool and then forcing a restore backup? I know the backups that Zune makes before an update store everything (sms, apps, contacts)
ScottSUmmers said:
any chance of using that custom backup tool and then forcing a restore backup? I know the backups that Zune makes before an update store everything (sms, apps, contacts)
Click to expand...
Click to collapse
The backup is just like a Image backup in your Windows, which means any changes after the backup is voided if you restore.
What we want is, a working backup that can backup our precious data like SMS, apps data, etc... so that we can quickly restore it after we reseted our phone or switching to a new phone...
Cheers~
weijoon said:
The backup is just like a Image backup in your Windows, which means any changes after the backup is voided if you restore.
What we want is, a working backup that can backup our precious data like SMS, apps data, etc... so that we can quickly restore it after we reseted our phone or switching to a new phone...
Cheers~
Click to expand...
Click to collapse
No but that's what I'm getting at. If this guy has a new phone, in theory, he'd just have to load the image of backup over the new phone's OS. Unless, Windows Phone freaks out over hardware changes like Windows does
ScottSUmmers said:
No but that's what I'm getting at. If this guy has a new phone, in theory, he'd just have to load the image of backup over the new phone's OS. Unless, Windows Phone freaks out over hardware changes like Windows does
Click to expand...
Click to collapse
To further your knowledge, each backup are encrypted and unique to each phone by reading the device ID and which only restorable to that specific device.
Yeah, means if you switch to new phone, your old phone backup cannot transfer to the new phone
JustinTV773 said:
yea that was productive...NOT!!! go somewhere. Anyway u can't make a backup of one device and transfer it to another but u can reinstall all ur apps from the web marketplace and resync all media once reconnected to Zune. Text messages and game saves will be gone unless the games get updated for cloud saves.
Sent from my T7575 using Board Express
Click to expand...
Click to collapse
you're taking a loyalty to a phone far too seriously here mate.
wp7 could benefit from real, full os imaging, just like -any- digital device that reads/writes zeros and ones could.
imaging a device has aboslutely zero security risk, to the owner, developer of applications, or to the market (hardware) place. the unique device ID (hardware) is enough to ensure software piracy is kept at bay.
its a huge plus to the consumer:
at 3am the phone automagically images it's entire self to microSD, and deletes the oldest past 3 backups, saving two.
sms, gamesaves, offline documents, offline settings, CALL LOGS, and system updates are all in a safe, convenient place.
then just mount the microSD to your computer and copy over the phone images to your computer or encrypt and upload to a secure server.
this means destroying a phone is only a hardware loss. within 10 minutes of recieving a new piece of hardware the entire phone could be as it was before whatever damaged the previous.
how people see this as something that isn't needed is beyond me.
weijoon said:
To further your knowledge, each backup are encrypted and unique to each phone by reading the device ID and which only restorable to that specific device.
Yeah, means if you switch to new phone, your old phone backup cannot transfer to the new phone
Click to expand...
Click to collapse
Ah gotcha. Didn't know that.
[/COLOR]
ohgood said:
you're taking a loyalty to a phone far too seriously here mate.
wp7 could benefit from real, full os imaging, just like -any- digital device that reads/writes zeros and ones could.
imaging a device has aboslutely zero security risk, to the owner, developer of applications, or to the market (hardware) place. the unique device ID (hardware) is enough to ensure software piracy is kept at bay.
its a huge plus to the consumer:
at 3am the phone automagically images it's entire self to microSD, and deletes the oldest past 3 backups, saving two.
sms, gamesaves, offline documents, offline settings, CALL LOGS, and system updates are all in a safe, convenient place.
then just mount the microSD to your computer and copy over the phone images to your computer or encrypt and upload to a secure server.
this means destroying a phone is only a hardware loss. within 10 minutes of recieving a new piece of hardware the entire phone could be as it was before whatever damaged the previous.
how people see this as something that isn't needed is beyond me.
Click to expand...
Click to collapse
I totally agree. I love wp7 and will fight its corner against anything to anyone however if something is missing and needed its still missing and needed! This is one of them things just like vpn. I am 4 days from upgrading to the lumia 800 and i hate the fact i will lose all my game saves esp as some are working towards xbox live points. As i said you cant pretend something isnt needed just because its not there, this is a real shame. To me though it is like loveing my son but i do hate it when he screams at me cos i didnt give him my malteasers. Dont mean i love him any less but i would hope they sort it out. Or ay least give me some malteasers.
ScottSUmmers said:
Ah gotcha. Didn't know that.
Click to expand...
Click to collapse
Glad that I can help.
ohgood said:
how people see this as something that isn't needed is beyond me.
Click to expand...
Click to collapse
The most we can do at this point is VOTE UP that feature in the windows phone feature suggestion page and MAYBE microsoft will implement it. That feature has a ****load of votes, cannot remember link. The idea is quite good.
The reason the dude commented on your post was because your initial post did absolutely NOTHING to help the OP, it only satisfied your urge to bash the platform :-/
Very unproductive.
so no way to restore from old phone ..............hmmmmm
What if Microsoft made a feature like the ones found in Windows, the Easy Transfer wizard? They could whip up a feature in Windows Phone settings as "Easy Transfer" and let the user choose how they will transfer the files and settings (wallpaper, sms, system settings, as in ALL including synced emails) from the old phone to the new one, either wifi, or at least bluetooth. EVERYBODEH HAPPEH
I wrote a data backup app for HTC phones a while ago, but nothing for Samsung yet because Heathcliff74 hasn't released a tool for getting filesystem access (like his WP7 Root Tools app does) to other devs yet. No guarantee it'd be immediatley usable anyhow though, since the Focus S seems to use different high-privilege DLLs than the first-gen phones so all our current high-privilege apps (registry editing and provxml and all) don't work yet.
just found a way to get my apps back on my Focus S
Its not quite the end all fix,
but I just bought a focus S and wanted to transfer my apps from my old focus, of course the marketplace doesn't show that I own those apps on my new phone and there's no way to transfer them in Zune, but you can do it through the windowsphone site.
if you log into your windowsLive ID at WindowsPhone.com theres an option to reinstall apps from your purchase history. you just select the phone you want to transfer to, and then you select the app or game and then it sends you a text message to reinstall the app.
its not the greatest way, but atleast you dont have to buy all the stuff over again
newtype311 said:
Its not quite the end all fix,
but I just bought a focus S and wanted to transfer my apps from my old focus, of course the marketplace doesn't show that I own those apps on my new phone and there's no way to transfer them in Zune, but you can do it through the windowsphone site.
if you log into your windowsLive ID at WindowsPhone.com theres an option to reinstall apps from your purchase history. you just select the phone you want to transfer to, and then you select the app or game and then it sends you a text message to reinstall the app.
its not the greatest way, but atleast you dont have to buy all the stuff over again
Click to expand...
Click to collapse
Attempting to repurchase an app will simply tell you you've purchased it before and install it for free. So the market doesn't tell you what you've bought before, but there's no risk of repurchasing either.
Is there a way to securely delete any user data either before or after a factory reset on a stock Android tablet (ICS or above)? I'm working with a local computer shop who's had a couple returns because of user inexperience, but I want to make 100% sure their data is securely deleted, minimum of one pass wipe, before I give it the OK to resell
Can this be done via a Google Play app?
Sorry for the inexperience, I'm very new to Android.
Thanks.
rysal said:
Is there a way to securely delete any user data either before or after a factory reset on a stock Android tablet (ICS or above)? I'm working with a local computer shop who's had a couple returns because of user inexperience, but I want to make 100% sure their data is securely deleted, minimum of one pass wipe, before I give it the OK to resell
Can this be done via a Google Play app?
Sorry for the inexperience, I'm very new to Android.
Thanks.
Click to expand...
Click to collapse
There is an app called 'Shredroid' on the Play Store that wipes deleted data, but without actually testing it by running and then attempting a forensic analysis on the phone it is impossible to state if it works or not.
It is, however, the only thing out there unless you are happy to access your device's internal storage and run "dd=" commands on the relevant partitions, which carries a serious risk of screwing your device beyond recovery.
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
+1
i like it.
Please dont qoute OP
It is possible
But our devices are flashed completely if we flash a new rom
Every 1 is changed to zero
And if some devs figure out how to create such partition then people will figure out how to disable it
If a thief know how to flash new rom then he might find out a way to disable it.
We can change kernel and system so its not so much secure.
I don't have enough knowledge
For example you own a Samsung device and you created partition like that and a thief will just flash a stock rom including pit file so your partition will be merged or wiped
Sent from my C6502 using XDA Premium 4 mobile app
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
There Are many of them:
NQ Mobile Security Free
AVG antivirus
Quickheal
Avast
Mobile Tracker
(according to my theory)
Unless you can modify your hardware, it is highly impossible to have anti-theft app or security which persist through wipe (full wipe).
What if you have access to your hardware ? You can make system like Knox. Let say if your device is tampered, you can make the (Let say X-hardware) flag become 1. Now what should it do when the flag become 1 ? Either locks entire rom or make the device looks like bricked or etc (which make the device useless until you reset it). In hardware part, you should also modify how device should behave when it is turned on. Let say you have a microcontroller which see this X-hardware flag. If it is 1, skip entire process and turn off the device. How about software side ? Of course you need modified OS to support this.
The theory looks easy, but implementation is the hardest one.
There is a very easy way to implement this.
Most all new comouter hard disk and solid state disks sjpport what is known as HPA.
HPA stands for Host Protected Area or Hidden Protected Area.
It can be set or queried with the linux tool hdparm.
It effectively makes the disks report a smaller total size to the OS at the firmware level. Anything can be put inside including anti-theft software (see: computrace)
Easy enough.
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
I dont know if you live in a developed country, but phones have thing called IMEI that can be tracked. The guys who steal phones and who buy stolen phones are obviously stupid enough to believe that reselling phones is a thing.
Really, if you get your phone stolen so much, my suggestion would be buy two phones this time. One feature phone and a smartphone you keep at a safeplace. You use the smartphone only in safe situations and the dumbphone in all other cases.
Works fine, believe me. A feature phone costs less than an SD card nowadays.If you got your phone stolen 4 times, dont use or get a smartphone in the places you work or pass.
Software cant help if you are surrounded by thieves.
Sounds a great idea.
def a good idea. but as the previous post mentions., imei does a moderately good job of keeping blacklisted phones of the network
came across this article, and made me think of this post
its talks about an anti-theft method called poison pill
here is an excerpt:
The loss or theft of a company laptop can cost far more than the replacement hardware. It can cause significant disruptions to business. It can result in legal or financial exposure. It can put your company in breach of compliance with HITECH, HIPAA, and other stringent rules and regulations regarding data security and privacy.
Laptops with an Intel® Core™ processor with Intel® Anti-Theft Technology (Intel® AT) provide IT administrators with intelligent protection of lost or stolen assets.
With Intel® AT, you can now disable a lost or stolen PC with a local or remote "poison pill". This poison pill can delete essential cryptographic material from system hardware in order to disable access to encrypted data stored on the hard drive. The poison pill can also block the laptop’s boot process, rendering the system a "brick".
Intel® AT’s flexible policy engine allows you to specify the detection mechanism that asserts theft mode, the thresholds for timer intervals, and the theft-response action(s) to take. Because the technology is built into PC hardware, Intel® AT provides local, tamper-resistant protection that works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop is disconnected from the network. When the laptop is recovered, you can reactivate it quickly and easily using your choice of methods: pre-provisioned passwords, one-time codes generated by IT, security questions, and more.
Intel® AT is activated through service subscriptions from Intel® AT-enabled software and service providers.
Source
If you have a Samsung phone, Enable "Reactivation Lock" from Settings->Security.
Wouldn't you have to use a custom PIT file to realize this? I think the best thing at the moment is the reactiviation lock, which is coded into the bootloader as far as i know.
Try Android Lost. If you convert it to a system app, you'll have a great security app (the best, in my opinion) that should survive a reset.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Great idea! I would like a developer to make a recovery (such as CWM) that could be able to give you an option to put a password on the recovery. That'd be awesome.
Try using Hidden Eye. It captures a photo using front camera every wrong password. The full version have an ability to send the photo to your email. Check it out.
Never underestimate a kid whose poor in cash but rich in time.
https://play.google.com/store/apps/details?id=com.lsdroid.cerberus
Cerberus does all of the things mentioned in this thread except create a hidden partition and survive a new rom flash but does survive factory resets.
If the person was tech savvy enough to flash a new rom then they are tech savvy enough to change the IMEI to circumvent blacklisting. The reality is that the vast majority of people would at most do a factory reset on a stolen device.
So I'm selling my old Meizu M2 Note which is running Flyme OS that doesn't allow me to encrypt the whole phone. How can I ensure the data is actually gone before selling? Normal wiping doesn't erase everything.
That's a good but hard to answer question.
A good old fashioned hard drive can be single pass overwritten (debate about overwrite passes is still an open discussion) making it unrecoverable for anything but an MFT, Mobile devices use flash memory just like a USB drive or an SSD.
What is the difference? Wear leveling (https://en.wikipedia.org/wiki/Wear_leveling).
Because of that people came up with crypto-shredding or crypto erase which only truly works with Hardware Encryption because Software encryption can never, with 100% certainty, know how the wear leveling reacts on every device.
You already said this isn't an option so what can you do to be sure nothing can be recovered? The answer is unfortunately short, nothing.
However recent research showed that multi pass overwriting caught a lot of data but even the Gutmann method (35 passes) did not get rid of everything (I forgot the link to the Whitepapers).
That said, you aren't selling it to a forensic specialist.
My best suggestion is to use one of the higher rated wiping apps (Shreddit for example) to first destroy your files, then factory reset and download a few good recovery apps and again a wiping app. Make sure you can't recover your own files anymore (if you have very sensitive data you can connect it to a PC and use even better recovery or, if you are paranoid, forensic tools) then overwrite it with as many passes, rounds and algorithms you feel comfortable with. Check recovery tools again and call it a day when you feel satisfied.
This WILL eat at the wear level so keep that in mind when you want to start overdoing it.
Not everything will be gone but it's as good as it's going to get and I highly doubt the person you sell it to will be able to recover anything.
Good luck!
GU42 said:
So I'm selling my old Meizu M2 Note which is running Flyme OS that doesn't allow me to encrypt the whole phone. How can I ensure the data is actually gone before selling? Normal wiping doesn't erase everything.
Click to expand...
Click to collapse
#noob guide incoming
(potentially useless and harmful)
i just thought of it
shred memory
download custom rom and flash
fill memory with stuff
shred again
xD
TheMarchHare said:
That's a good but hard to answer question.
A good old fashioned hard drive can be single pass overwritten (debate about overwrite passes is still an open discussion) making it unrecoverable for anything but an MFT, Mobile devices use flash memory just like a USB drive or an SSD.
What is the difference? Wear leveling.
Because of that people came up with crypto-shredding or crypto erase which only truly works with Hardware Encryption because Software encryption can never, with 100% certainty, know how the wear leveling reacts on every device.
You already said this isn't an option so what can you do to be sure nothing can be recovered? The answer is unfortunately short, nothing.
However recent research showed that multi pass overwriting caught a lot of data but even the Gutmann method (35 passes) did not get rid of everything (I forgot the link to the Whitepapers).
That said, you aren't selling it to a forensic specialist.
My best suggestion is to use one of the higher rated wiping apps (Shreddit for example) to first destroy your files, then factory reset and download a few good recovery apps and again a wiping app. Make sure you can't recover your own files anymore (if you have very sensitive data you can connect it to a PC and use even better recovery or, if you are paranoid, forensic tools) then overwrite it with as many passes, rounds and algorithms you feel comfortable with. Check recovery tools again and call it a day when you feel satisfied.
This WILL eat at the wear level so keep that in mind when you want to start overdoing it.
Not everything will be gone but it's as good as it's going to get and I highly doubt the person you sell it to will be able to recover anything.
Good luck!
Click to expand...
Click to collapse
Thanks for your amazing reply!
I finally found the solution I was looking for: as Avast! support told me, you can still use Avast! Mobile Security to securely erase your phone (by overwriting data), it's just a hidden feature. You just have to deactivate the Device Administrators permission for the app.
Then you just use the "erase device."
Was that research about multi pass overwriting done on SSD, or HDD? I always thought that one pass is enough on a standart HDD.
Can you recommend me any good forensic tools to use to check if the data is truly erased, please? And does the phone need to be rooted in order to restore deleted data?
Thanks for all your insight and advice !
GU42 said:
Thanks for your amazing reply!
I finally found the solution I was looking for: as Avast! support told me, you can still use Avast! Mobile Security to securely erase your phone (by overwriting data), it's just a hidden feature. You just have to deactivate the Device Administrators permission for the app.
Then you just use the "erase device."
Was that research about multi pass overwriting done on SSD, or HDD? I always thought that one pass is enough on a standart HDD.
Can you recommend me any good forensic tools to use to check if the data is truly erased, please? And does the phone need to be rooted in order to restore deleted data?
Thanks for all your insight and advice !
Click to expand...
Click to collapse
Avasts shredder works but it's a single pass on flash memory so it doesn't clear everything with 100% certainty because of the wear leveling but no algorithm does. I'm pretty sure that's a feature they added after purchasing CCleaner.
They also added it as a module in their windows platform.
The multi pass research was done on Solid State Drives and I still can't find the link. Just from a research paper in 2011.
SSD's are still closest in comparison to the kind of memory used in Mobile devices.
As for HDD's it's an open debate. Forensics have claimed to be sble to read past 200 writes in the past but there is no research to support this. I believe that they showed that 1 pass PRNG is enough in 2005, however the DoD was still developing machines to perform 7 pass DoD standard wipes so, I have to say that I have no idea.
If you want serious forensic tools you're looking at these kind of distributions (infosec just made me laugh, SSL_ERR_CERT_COMMON_NAME_INVALID, it's infosec! ??).
http://resources.infosecinstitute.com/computer-forensics-tools/
But if anyone you sell it to would try something it would be more along the lines of Recuva and similar software.
On phones you can just download a bunch of high rated recovery tools and see if anything pops up.
You do not need root for most of them.
You could run fstrim which I'm pretty sure has no root requirements either. This would mark all blocks as invalid so Garbage Collection can pick it up as well. Even though GC has been show not to clean everything it doesn't hurt.