Hello All,
My friend is planning on getting an Android phone. This will be his first Android phone as he mostly sticks with one platform for a long long time.
His current phone is an old palm device.
He's very serious about security and has a few other questions as well, which i pasted down below. I am not as experienced in this stuff, so I hope some of your could help. Thanks.
Security
When you lock out the handset, what happens to the raw data? Is the data overwritten or is only the file system wiped?
Right now my handset keeps the files that I don't use all of the time in an encrypted format. If I need to access a client file, I have to enter a password that decrypts the file. It takes some time, but this way if I loose my handset in a taxi it's only my cash that's gone & not my credibility as a professional. If I choose to remotely wipe my handset, random data is entered across the entire memory device, not only the file system, making most data recovery tools irrelevant.
Automated calling card apps
1) I buy a calling card from 7-11 to make long distance calls (not a SIM)
2) I put the phone number & password into my handset
3) When I dial a non-Hong Kong number it calls the calling card number instead & puts in the password for me
This saves me a wack of dough, especially when calling to China.
Would this work on Android?
Calendars
Are the calendars color coded? (Stupid Q, but iPhone can't do it)
ex) Work = Red, Personal = Blue
Syncing
If I sync through the cloud is the data all raw? Can anyone just look through my contacts up as easy as they can look through my email? I've found a way to avoid the cloud with contacts, but I'd use the Cloud if all the data is encrypted on each end.
Password Management
I've been using an encrypted password manager for years now. I have a desktop client and a handset client that sync across the cable. Any changes on one are reflected in the other, but it be locked up and secure.
Hope some professional Android users here could help answer some of these questions.
Thanks.
CrazyDelta said:
Calendars
Are the calendars color coded? (Stupid Q, but iPhone can't do it)
ex) Work = Red, Personal = Blue
Click to expand...
Click to collapse
Yes. Every 'account' you add will be given a different calendar colour by the HTC Stock widget. Eg. Work - Red / GMail - Blue / Facebook - Green etc.
Related
I would be really pleased if someone could give me a technical description (a cryptographic one) about how ANDROID stores the user´s private passwords. I mean, how are they are encrypted (if it does)? ¿using what algorithms and keys?
The reason is easy to understand. A normal user gives it´s phone 2 types of passwords that should be protected:
1.- One, is the Google´s main password used by the phone to sync (GMail, Calendar, etc)
2.- The second are the passwords that have been marked in the ANDROID´s browser as: "remembered"
Isn´t hard to imagine a situation in what you phone becames lost and it arrives at hands of someone that (before formatting it) wants to take advantadge or obtain all the phone´s stored passwords.
In fact, reading the internal file system or the SD one, must be almost trivial, and from there obtaining the passwords. ¿How does ANDROID protects the user against it?
Remote Phone (https://play.google.com/store/apps/details?id=lovetere.remotephone) is the best way to manage your Android device from any browser directly from https://remotephone.mobi/.
Remote Phone requires a Dropbox account, if you don't have one, register here https://www.dropbox.com/referrals/NTI5NDY4NTIwOQ and get your 500 Mb extra space for free!
A new way to interact with your smartphone has born! Call log, contacts, texts, device position, battery status... will be now available just for you on any computer or other portable device.
Sitting in front of your browser, you can text, change the ringing settings (*), send an alarm beep, start a phone call, set your wi-fi and bluetooth services (*), make your phone speaking (*)... use your smartphone even though far from your hands.
We use your Dropbox account for a recurrent back-up of all data in your phone; it will be available anytime, even with your smartphone off.
Don't panic anymore if you loose your smartphone: Remote Phone allows you to block your device with a PIN, as well as take a picture, start audio recording, locate and wipe it (*).
We are really concerned with your privacy. You only have your data! All data are transmitted over a SSL channel; all data are stored on your Dropbox account only.
(*) Some operations require the payment of the full version.
Great idea! It would be a nice add if you could also push/pull files to/from your phone in web browser. Just like using your phone with pc without usb cable!
Make it possible to reply in the messaging center. the only way to text is to type the number in. not cool if you want to have a convo!
mikpel said:
Great idea! It would be a nice add if you could also push/pull files to/from your phone in web browser. Just like using your phone with pc without usb cable!
Click to expand...
Click to collapse
Thanks for the suggestion, I will take into consideration for future updates!
Predator04 said:
Make it possible to reply in the messaging center. the only way to text is to type the number in. not cool if you want to have a convo!
Click to expand...
Click to collapse
You can reply in a thread clicking in the top right side of the header (where you can read the name of the recipient).
UP!!!
Besides the issues SplashData has with their SplashID v7 android upgrade losing many customers data, there is also a very worrying security issue which splashdata ignores = and actively censors, my messages regarding this on their FB page have been deleted and I am blocked from commenting our writing there)
Here is the issue:
The new SplashID version 7 had a cloud sync feature (30 day free trial, then for a fee). When first starting the upgraded version (which may have been installed automatically on Android if one allows auto upgrades!), one first has to again enter one's email address/username, and then the password (which is the one used to encrypt one's database containing all one's private, sensitive data!). Then the upgrade asks whether one wants to try the cloud sync feature.
Even if one declines and opts to stay with the existing Wi-Fi sync feature only(which does not need a cloud account), the upgrade goes ahead and automatically creates such a cloud account on splashdata's servers.*and it uses the same password* for this. (In fact as further part of the upgrade procedure one needs to log into those cloud servers using that password after receiving an activation link in email.
So, splashdata leaks the master password which one uses to secure one's most private data (credit card pins, login password etc) into their cloud, without telling that this will be fine, not asking permission.
There is no info whether the password is stored securely (doubt it), whether it is in ask cases transmitted securely (doubt that too) and anyhow, once this has happened one had lost control over that most important password. It's burnt.in the wild, out of one's own control
Note that changing the password on one's own copy of SplashID us a good idea after that, but any old copy of one's encrypted database that might still live on any old disk backup, cloud service (dropbox etc) or SD card somewhere, us now vulnerable.
And because splashdata in their 'wisdom' associated one's email address (and thus identity) with that password, it's easier for hackers to fund it.better companies than splashdata have lost password in the past.
It is even a very bad idea to user the same password for s cloud service as one uses for securing one's private data. Forcing this into users without permission or warning is almost criminal.
Sent from my GT-N7000 using Tapatalk 2
sejtam said:
Besides the issues SplashData has with their SplashID v7 android upgrade losing many customers data, there is also a very worrying security issue which splashdata ignores = and actively censors, my messages regarding this on their FB page have been deleted and I am blocked from commenting our writing there)
Here is the issue:
The new SplashID version 7 had a cloud sync feature (30 day free trial, then for a fee). When first starting the upgraded version (which may have been installed automatically on Android if one allows auto upgrades!), one first has to again enter one's email address/username, and then the password (which is the one used to encrypt one's database containing all one's private, sensitive data!). Then the upgrade asks whether one wants to try the cloud sync feature.
Even if one declines and opts to stay with the existing Wi-Fi sync feature only(which does not need a cloud account), the upgrade goes ahead and automatically creates such a cloud account on splashdata's servers.*and it uses the same password* for this. (In fact as further part of the upgrade procedure one needs to log into those cloud servers using that password after receiving an activation link in email.
So, splashdata leaks the master password which one uses to secure one's most private data (credit card pins, login password etc) into their cloud, without telling that this will be fine, not asking permission.
There is no info whether the password is stored securely (doubt it), whether it is in ask cases transmitted securely (doubt that too) and anyhow, once this has happened one had lost control over that most important password. It's burnt.in the wild, out of one's own control
Note that changing the password on one's own copy of SplashID us a good idea after that, but any old copy of one's encrypted database that might still live on any old disk backup, cloud service (dropbox etc) or SD card somewhere, us now vulnerable.
And because splashdata in their 'wisdom' associated one's email address (and thus identity) with that password, it's easier for hackers to fund it.better companies than splashdata have lost password in the past.
It is even a very bad idea to user the same password for s cloud service as one uses for securing one's private data. Forcing this into users without permission or warning is almost criminal.
Sent from my GT-N7000 using Tapatalk 2
Click to expand...
Click to collapse
Ouch, that sounds a bad idea. If the user doesn't want a remote account made, they should respect that. Can you give me any more details about this, I would like to contact them and request some proper response to this. While they might not be leaking the plaintext password, anything that can be "opened" with your password is a significant enough leak, as it would allow an attacker to verify they have the right password.
pulser_g2 said:
Ouch, that sounds a bad idea. If the user doesn't want a remote account made, they should respect that. Can you give me any more details about this, I would like to contact them and request some proper response to this. While they might not be leaking the plaintext password, anything that can be "opened" with your password is a significant enough leak, as it would allow an attacker to verify they have the right password.
Click to expand...
Click to collapse
Not much more that I already said. I am a long-time user of their SplashID (Mac) Desktop and Android app to store all my credit card, bank acount and yes, many systems passwords in.
The database they use is encrypted with a 'master password' which one has to enter on ones' Android (or iPhone, etc) or Desktop everytime to
unlock and decrypt (in memory), so that one access the data.
The same password is used on both the mobile and desktop of course.
A few days ago, an upgrade to SplashID v7 was made available on the Google Play store. I don't allow 'automatic' updates (though I am sure a lot of folks do!), but this time I also did not really check what the upgrade offered, and clicked 'UPDGRADE ALL' when it was offered along with a nunber of other upgrades. So it got installed.
When i subsequently opened SplashID again, it told me about all the shiny new features (cloud sync etc) and as normal asked me for my password (it also asked for my email address. I though that this was for them to check my purchase/license ans what features woudl be enabled)..
I thought that it would then show me my data. But wrong. Instead it offered me a selection whether I want to use the new 'cloud sync' feature (30 day free trial, later for $$), or stay with the normal 'wifi sync'.
I opeted for the latter (because I don't trust having my data sent to the cloud).
Anyway, the next thing I get is a message: (paraphrasing) "we have created your cloud account, you will get an email and will have to verify your email). Sure enough, I get an email:
Thank you for signing up for SplashID Safe Personal Edition!
To activate your account, please verify your email address by clicking the link below: Verify Email
Then check your email for our SplashID Safe Welcome message.{/QUOTE]
The link goes to: https://www.splashid.com/personal/webclient/login.php
I had to again ther enter my email address, and *the same password* that I entered before (which I thought would be for my private data-store).
Yes, that same password was used to create my account on their cloud server, even though I opted for the Wifi Sync *only* and never
asked for a cloud-sync.
Nor did the app tell me that the same password would be used to secure that aco****.
The issues with this are self-evident:
a) my most secure password, the one used to secure my data on my mobile and on my desktop is now 'leaked' to their cloud account
b) I have *no* idea how secuerly that password was transferred (in clear, encrypted, just a hash), nor how securely it is stored
c) it clearly is linked to my cloud-account on their website, so
- someone somehow learning that password could 'verify' it by accessing that account
- if someone hacked their system and accessed their database, that link would be apparent to them
d) I have nost *all control* over securing that password myself. It is 'burnt', 'in the wild'
e) Any pass backups of my secure SplashID database that may live on SD cards of mine, on backup disks, which may have
been copied to the cloud (dropbox, others) are now vulnerable. It is no use for me to change this password here now, as
old copies that may still exist somewhere are still encrypted with this password (and I cannot change them back).
Yes, I am trying to limit exposure for that password data file as much as possible, but eg Titatium Backup may have at some point in teh past backed it up and copied a backup to the cloud (yes, that is also encrypted, but once that featire failed).
More that that, of course users who are not as security conscious may have opeted for 'could sync'.
While I have not tried this feature myself, it sounds to me like thsi does copy the teh data to SplashID's cloud and
there secures it too only with that one single password.
So many users wh may not have thought all this out may have opted for the 'CloudSync' trial, and not only have their
password 'leaked'/'burnt' now, but also have all their data in the cloud, again secured only with a password that is no longer in their sole possession.
In fact, any secure, trustworthy system would have
a) been *very* upfront about what they are going to do with the password and the cloud account
b) used a separate password to secure the cloud account
c) only stored my encrypted copy of the database in their cloud, without *them* having the password for it
d) done any syncing on the client (ie, transfer the complerte encrypted password to the mobile or desktop where the comparisonupdates would happen) and then copied back again a secured file, that was encrypted on the mobile).
Click to expand...
Click to collapse
More discussion on SplashID's own site: http://forum.splashdata.com/showthr...ically-send-in-background-to-splash-id-server
From : Google's chief
Eric’s Guide:Converting to Android from iPhone
Many of my iPhone friends are converting to Android. The latest high-end phones from Samsung (Galaxy S4), Motorola (Verizon Droid Ultra) and the Nexus 5 (for AT&T, Sprint, T-Mobile) have better screens, are faster, and have a much more intuitive interface. They are a great Christmas present to an iPhone user!
Here are the steps I recommend to make this switch. Like the people who moved from PCs to Macs and never switched back, you will switch from iPhone to Android and never switch back as everything will be in the cloud, backed up, and there are so many choices for you. 80% of the world, in the latest surveys, agrees on Android.
1. Set up the Android phone
a) Power on, connect to WiFi, login with your personal Gmail account, and download in the Google Play Store all the applications you normally use (for example, Instagram).
b) Make sure the software on the Android phone is updated to the latest version (i.e. 4.3 or 4.4). You should get a notification if there are software updates.
c) If you are using AT&T, download the Visual Voicemail app from the Play Store.
d) You can add additional Gmail accounts now or later.
At this point, you should see all your Gmail, and be able to use any apps and they should work well. Be sure to verify this.
2. Update your iPhone or iPad
a) Power on, connect to WiFi, make sure your Gmail is logged in, and upgrade all of the iPhone software to the latest iPhone software release (typically iOS 7+).
b) Check that you are using iCloud to back up contacts. Go to iCloud (in Settings) and enable that for contacts (“on”). If not using iCloud, go ahead and sign up for it. (The latest Mavericks requires the use of iCloud for Mac users if you want to transfer contacts.)
c) For your personal Gmail account, in Settings/Mail, turn on sync for contacts. In the latest iOS, this should sync your Gmail contacts and iPhone contacts.
d) In Settings/Messages, turn “off” iMessage, as that messenger is an iPhone-to-iPhone messenger and if its on your iPhone friends texts won’t make it to Android. Your iPhone will still use SMS messaging to reach your friends if you use the iPhone after this change.
e) Make sure your iPhone is fully synced to the Mac iTunes. Your photos and music should all be backed up on your Mac when this is done. Go ahead and verify that on the Mac and the iPhone.
At this point you should see all your Gmail, have your apps, and have your contacts in the Android phone. If the contacts are not in the Android phone, manually download the contacts as follows on your Mac:
a) Go to apple.com/icloud, login with your Apple ID, and click on contacts
b) In the lower-left corner, click on the wheel, and “select all” the contacts and “export” the vCard into a vCard file (in Downloads).
c) In a browser, go to gmail.com, click on the Mail button and select “Contacts”. You should see a list of your Gmail contacts. Import the vCard file into Gmail/contacts using the “Import contacts” command and it should have manually added your contacts. Delete any duplicates or use the “More / Find & merge duplicates” function.
At this point you have your Gmail, apps and contacts on the new phone. Also verify this.
3. On your Mac, connect your music to Google:
Download Google Music Manager onto the Mac, and run it. Music Manager will upload your iTunes music to the cloud. The standard version is free and handles most iTunes libraries. You will need to sign up for Google Wallet and give your credit card information, but it’s free. Be sure the music is going to your personal Gmail account above. See https://support.google.com/googleplay/answer/1075570
With the above complete, you should have your Gmail, apps, contacts, and music all moved over. Verify this on the Android phone
4. Take the SIM out of the iPhone and insert it into Android. You may need an adapter (from nano-SIM to micro-SIM), but then reboot the Android and you are all set ! For texting either use the Messenger app in earlier releases or the “Hangouts” app in Android 4.4.
Comments and additions welcome ! Eric
PS. Photos on your iPhone
If you have pictures on your iPhone, you will have to first copy them over to the Mac and then sync the iPhone with iTunes. See http://support.apple.com/kb/HT4083
It’s probably easiest to backup your iPhone photos to the Mac, but not copy the old photos to the Android phone. New photos you take on the Android phone will automatically be backed up to your photos in the Gmail account (iAuto-Upload is normally enabled) so no action is required. If the old photos are important, send them to Gmail and download into the Android phone or upload them to Google+.
PPS. Some general advice
Be sure to use Chrome, not Safari; its safer and better in so many ways. And it’s free.
https://www.google.com/intl/en/chrome/browser/
Be sure to use two-factor authentication for your Gmail and Google accounts. Makes it very hard for someone to break into your Gmail. Also free.
https://support.google.com/accounts/answer/180744?hl=en
Click to expand...
Click to collapse
Check this out! Links to useful Guides and " Banned " Documentaries
Scenario: My Galaxy S8 died completely about a month ago, I got an iPhone - still getting used to it, spent incredible amount of time tuning and tweaking the settings.
Today I've noticed I still have the backup from my Galaxy S8 in my Google Drive account and it seems I still should be able to import that data to my new phone. There are some valuable information for me, especially contacts (in call history, not synced with Google), text messages, whatsapp messages etc.
I however don't have another Android phone to sync it and then somehow export it, also I probably won't be able to do it on my iPhone - I am logged in to that account but somehow can't find a way to import such data. (All of my Google synced contacts for example got imported automatically, but not the rest).
Is there a way to somehow manually download that backup data from Google Drive to PC and "unpack" it?
Thanks.
TinoArts said:
Scenario: My Galaxy S8 died completely about a month ago, I got an iPhone - still getting used to it, spent incredible amount of time tuning and tweaking the settings.
Today I've noticed I still have the backup from my Galaxy S8 in my Google Drive account and it seems I still should be able to import that data to my new phone. There are some valuable information for me, especially contacts (in call history, not synced with Google), text messages, whatsapp messages etc.
I however don't have another Android phone to sync it and then somehow export it, also I probably won't be able to do it on my iPhone - I am logged in to that account but somehow can't find a way to import such data. (All of my Google synced contacts for example got imported automatically, but not the rest).
Is there a way to somehow manually download that backup data from Google Drive to PC and "unpack" it?
Thanks.
Click to expand...
Click to collapse
This might help if you can use the import option to import your backup directly from Google drive then transfer it to iOS. Or maybe you can transfer the backup from Google drive then use 7zip or similar software to extract the backup into its separate parts and import/transfer them from your PC to iOS.
How to Transfer Data from Android to iPhone - [2023]
Want to transfer data from Android to iPhone 14 or iPhone 13/12/11/XS/X/8/8 Plus? Here are some easy and free ways to transfer data from Android to iPhone.
mobiletrans.wondershare.com
The various tools in that software may help you but you may not be able to do it all in with "one shot", you may have to attack from different angles using more than one option, function or tool provided by this software.
Or, another possible option is to install an android emulator on your PC, install Android in it, then sign into your Google account in the android running in the emulator, restore the backup from Google drive in the Android running in the emulator then see if you can transfer the data from the emulated android to iOS
@TinoArts
take note that whenever you backup Android phone to Google, all your data is safely stored in an encrypted backup file over your Google Drive account.