So I was messing around with settings.db - hoping i could enable PIN Lock from Exchange - yes I want a PIN and no none of the 3rd party tools work correctly.
Anyway - I caused the phone to come up and ask for a password, I put in the wrong thing 3 times and it erased my data - all my 3rd party apps gone, but stuff installed via update.zip (Frameworkres, Root, and Voodoo stayed - although Voodoo scared me when it started talking and re-applying itself).
Anyway, all is back and running, but i have a default wall paper that is not in the gallery of built in wallpapers. Does any know where this came from? I have not themeing apps installed prior to the wipe..... Running JH7 that was installed from Stock JH6.
Don't know, but I want it!!!
I believe it came with Cognition.
alphadog00 said:
So I was messing around with settings.db - hoping i could enable PIN Lock from Exchange - yes I want a PIN and no none of the 3rd party tools work correctly.
Click to expand...
Click to collapse
PIN policy comes from Exchange server. If your exchange server doesn't require it, there is no way to enable it because it is not part of Android system. Even if you do get a PIN, there is no way to change it anywhere later on. It's a bad implementation in Samsung's exchange email client. Actually, the leaked document from Verizon list this as a critical bug. Imagine your Windows desktop ask you to setup a password but won't ever let you change it.
Stock firmware is JF6, not JH6.
That wallpaper is the stock Cognition wallpaper.
You can find it here
http://www.zedge.net/wallpapers/6080248/rain-designs-hd-wallpaper/?pos=5&search=rain
I never installed cognition but i did install the battery mod framework-res that is packaged in it. The wallpaper must be in there; but the wallpaper chooser doesn't see it.
As for pin lock, i have it on moto android phones so i was hopimg a simple props change would expose it. I guess i have to wait on froyo. Why it is not stock 2.1 i will never know.
Dear XDA users,
I am looking to find a really secure rom. I dont want to run OEM corrupted roms which do gods knows what. I have googled for a good bit and I have found some areas which are interesting from a security perspective. However, there does not seem to be a holy grail when it comes to a secure rom at the moment. Paranoid Rom sounded oh so promising but has no additional security related features. Cyanogenmod is a nice custom rom with root disabled by default, which is a great improvement and makes it interesting as a secured non-OEM rom. You also have the NSA developed SE Android rom which you need to compile yourself but comes with a great list of additional features.
Can anyone recommend me a rom which is build to be secure?
Also lets have a discussion on features which you would like to have in a secure rom:
Hidden-TrueCrypt partition on SD card.
Fully encrypted memory
Password protected recovery
Tor network enabler with apps for the various anon services on onion networks (such as torchat, onionmail, etc.)
Location scrambler
Strict firewall with easy enable/disable mode
Remote lock-down
First question. Why?! Are you a spy or something?! There's nothing wrong with standard ROMs. There are antitheft apps available that can remote wipe the entire device including SD card if its ever lost or stolen. I can't think of any reason why you need that level of security on your device.
I believe a truecrypt partition can be mounted on the SDcard. As far as hiding it goes, I'm not sure.
As far as password protecting recovery, there's no tweak/hack for it. I understand the security concern with someone meddling with your phone and flashing a rom but it's called 'recovery' for a reason.
I believe tor is available for Android.
You can spoof your location with several apps. Wouldn't hurt to google it.
Cerberus can remotely lock-down your phone, retrieve contacts/call logs from a sim, etc...
Try compiling your own rom and cater it to your needs.
Whoa, why would you need that much security? I do suggest creation of your own Rom as mentioned this way all you're security needs can be met.
Sent from my Sensation Z710e using xda premium
privacy
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
My name is Bond. James Bond.
To answer your question no you cannot have that kinda ROM here. Root disabled?? pretty much every ROM here has it enabled. GPS can be disabled with one click. I'd suggest SIM lock through phones security settings, face lock for apps pro from the market and a nice cold beer to make you less paranoid. No offence but not even presidents want that much security.. Its a phone..
hjfkuiper said:
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
Your network provider is never going to know you use recovery or that you can gain access to your system partitions. They're not going to know you use root apps or that you have root access either. firewall you can obtain via the avast antivirus app in the market.
And I don't think you'll ever be able to cover your tracks when it comes to hiding who you call and text. The network company holds records of all calls and texts for billing purposes and only relase these in case of police investigations, with your permission. You can turn off your GPS, but you can still be located using the cell towers, which you need for reception, so you can't hide yourself completely. If you want internet access with out this just use wifi with a vpn or other such ip hider/rerouter and remove the sim card all together.
There is genuinely no need for this level of security on your phone. Like I said in my last post, if your phone is lost or stolen, you can always remote wipe your device so no one will know what you had on it, it'll just be a shiny brick.
hjfkuiper said:
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Jonny said:
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Click to expand...
Click to collapse
And Carrier IQ is not in any custom roms, and even if it was it can be easily deleted.
Cyanogen most certainly does NOT have root access disabled by default. Half the features on it wouldnt work without root access.
If you really need that kind of security the best answer is to not do whatever you need that kind of security for on your phone. Use another device.
Also, invest in a high quality tin foil hat.
Sent from my HTC Sensation using xda app-developers app
Hi,
First, not even 1% care about security and privacy in thiers phones. People just having fun not knowing what data is being leaked from thier phones.
I know what you mean, if you want to have secure ROM, use CyanogenMod and patch it with autopatcher - PDroid2.0, then block almost all permission to all apps (including system) and this will give you the best privacy. Also don't use gaps and remove bluetooth if you don't use it.
Use K-Mail with APG to encrypt your emails, use Ostel to make anonymous calls, use Tor as a browser.
I think CyanogenMod9 for Sensation has already Pdroid patch merged. I suggest it over CM10 as is more stable and faster.
Below are links that may be useful for you.
PDROID:
http://forum.xda-developers.com/showthread.php?t=1923576
Autopatcher:
http://forum.xda-developers.com/showthread.php?t=1719408
Guardian Project:
http://forum.xda-developers.com/showthread.php?t=1840929
Hardening Android Guide
http://forum.xda-developers.com/showthread.php?t=1954513
Have fun
THE_GENIUS
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Dun Dun Duuuuuuuuunnnnnnnnnnnn!! (sorry, couldnt resist ) :silly:
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Without DroidWall - yes, anything can leak, but with - no chance.
Thank you! This is the only helpful reply in a thread full of morons.
I'm in the same boat
I would like something similar. I know we have remote wipe, etc. However I would like to know that if I loose my device, the only thing I am loosing would be the device. Currently I am using ARHD 50.0. I can not get the local storage to encrypt. The Micro SD however can be encyrpted. So I am working to try and install all the apps I need, then move them to the microSD and force them to write data there instead of the default location.
It is a bit strange that this seems to not work well at all.
Android is rather secure. Every non-system runs in its own sandbox.
Follow these steps to get you phone really secure:
1. Encrypt internal storage as well as sdcard.
2. Go S-ON. Relock your device.
3. Remove custom recovery after ROM installation. Otherwise encryption can be broken. Especially if you're scared of NSA.
4. Use superuser to remove all apps you don't need, then disable superuser.
5. Disable ADB. Both USB and wireless.
Any "trusted" ROM capable of this is secure.
Happy to help.
Far_SighT said:
1. Encrypt internal storage as well as sdcard.
Click to expand...
Click to collapse
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
imma gonna get ma tinfoil hat
bastei said:
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
Click to expand...
Click to collapse
You need to use a ROM that supports it. I use ViperS 5.1.0 (Vipers 4 also supports this).
Not that because SD card encryption, other cards that you put into your phone will be read only until you decrypt external storage
Hi guys & girls,
I have a Desire HD, not a sensation smartphone, however maybe I can add helpful Info here.
I am just exploring the activity on all smartphones, so I can discover which devices have the most developers, people and support now =D
Which Smartphones have the most Developers and Users now, by the way? Thanks
Well, the Best Secure Rom, I think is only the Guardian Rom.
That Rom is develloped just with the propose to be most secure, emphatize on just security as a priority, after all the NSA & government & Intelligency Agencies Surveillance.
Era Post-Edward Snowden =D
I think the name of the great Developer is "x942".
The problem is, He is just one Develloper working on that, so not so fast developing and very few devices are supported.
(I think only Galaxy Nexus, Nexus 4 and Galaxy S2, not certain)
He has other security projects also, like "Secdroid" and his hardened kernel.
Second to "Guardian ROM" maybe:
BlackPhone
(But i think for while not so worth because all software and apps is just 3rd party apps opensource that we can install too on our smartphone. And not worth spend 600 euros/dollars i think. But is very good and opensource hardware).
CryptoPhone is a security project on Germany/EU too, based on era Post-Snowden.
But just a smartphone based on Galaxy S2 with software we can install by our methods too =)
I think the best and most secure but simultaneous with very strong developing/support/updates for future proof is really CyanogenMod.
But we need to deposit our trust on them still, even now that they are now a Company, not anymore opensource community like on old early days, when Cyanogen started =)
The best is Guardian ROM.
However just one great develloper can not support many devices and long and faster develloping like CyanogenMod as a fact.
About software and apps we have many:
But the popular/best are:
All apps of "TheGuardianProject" site like:
Orbot; Orweb; GPG; ChatSecure (Gibberbot); Ostel; Pixlknot; Obscura Cam; and so on...
Whisper Security apps:
RedPhone; TextSecure (WhisperPush on Cyanogen);
SilentCircle apps se can trust but i think are Paid.
Tor (orbot) , I2P, and MacChanger (MacMan, etc...) apps for Anonymity.
SecDroid as i said.
PDroid (but with kitkat i think se do not need anymore).
AfWall+ (Sucessor and total opensource of DroidWall, linux iptables firewall).
WiFi Protector (by Gurkedev, opensource wireless that protect us from Arp poisoning, MITM attacks like droidsheep, faceniff, other sniffers and packets captures...)
AdAway (opensource blockers of adware, spyware ads and popups)
Virustotal app =D
KeePassDroid (Password manager protected with encryption data base).
K-9 Mail with APG (opensource email with open PGP implementation).
And for TrueCrypt similar encryption and containers i think exist many apps already on market, but do not know which is the best yet.
EncFS is good also.
One great market just with opensource apps and a must have is
F-Droid.
If you want use your data connection with a VPN (Virtual Private Network) on my researches i discover and read some of the best are:
Free - > SpotFlux; HotSpot Shield; CyberGhost; SecurityKiss; HideMan; ...
Now the Best ones are Paid.
Some of the best ones:
MullVad
iVPN
NordVPN
TorGuard
Proxy.sh
BolehVPN
AirVPN
And the Countries with the Best Privacy Laws and Protection are:
Iceland ; Norway ; Romania ; Serbia ; Sweden ; Swiderland ; Luxenbourg ; Panama ; Seichelles ; Taiwan ; Hong Kong ; Malaysia ; ...
Well, hope I can help with something, and please if anyone know more Info about Security, Privacy & Anonymity tell also, and let all us know more knowledge =)
Cheers, Guys & Girls.
Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
If you didn't read it, it could be a good start in your search.
https://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
VPN!!!!
I think, regular updates with security patches is a must. But if you don't trust your original OS, how can you trust it's updates? I use mokee OS for this reason. And no gapps.
ThirdEchelonSam said:
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
Click to expand...
Click to collapse
Assuming you are just talking about general privacy and security, then you are in with a chance to minimise data available to Google etc and be largely secure. If you are trying to prevent the likes of the NSA then you have no chance. At the very least your cell provider will know somethings about you (you have to show id in the US don't you?)
Without going to extremes as in the first link below and ending up pretty much with a dumb phone your best bet is to follow something more like this
https://privacytoolsio.github.io/privacytools.io/
As for security you can "harden" your system, there are some good threads etc on this. Or you could just buy a phone that is already hardened see Copperhead OS.
You are your phones best security, but I would say EVERYONE is fallible and could be tricked into opening a malicious email etc under the right circumstances so you should run a good antivirus, it may just save you one day. However they are not even 100% against all known malware let alone future ones or other exploits, it's just another layer of defence. Keeping your phone up dated with monthly security patches is probably your 2nd best defence after you! At some point you are trusting whoever provides your OS, network and any apps installed. Then of course this level of security must extend to all your devices that may link to your phone, no good running a router which doesn't get regular firmware updates, just this week all Linksys ones were found to be vulnerable, before that some Netgear ones, before that ....
Even using TOR does not guarantee anonymity as the NSA, GCHQ etc have been able to identify users in several ways, and no doubt still can, but it is the best way, though can be slow
Use your phones built in encryption, though this only works on a looked phone, anyone can see your data if they lack it up unlocked, or if using remote admin. Using an app to encrypt folders/files can prevent a local person viewing saved files though.
Rooting & removing bloatware would certainly help reduce data "leaks", but it has it's own risks and will void your warranty (though not up to date on S8 & tripping knox etc or on unlocking bootloaders on Verizon phones as I'm not in the US.) If it was me I'd buy an older model that has great support on xda & that you know you can unlock bootloader/root which has a good choice of roms from reputable devs that release monthly security updates quickly & then get a limited set of apps from fdroiod or similar.
whirlpool95 said:
VPN!!!!
Click to expand...
Click to collapse
But be choosy!
https://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/
(some vpn's are named in the full report, link at bottom of page)
Yea just don't use the internet on your phone, that's my advice .