Related
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
With 1.5 i didn't have to use a password, but with 2.1 now i do.
This works
just thought i would update with my latest info. So here is the scoop. You can disable the exchange password lock and have it survive reboot/and mail checks. To do this follow these steps:
[APP] LockPicker - disable Exchange lock screen [30-03-2010]
Hi all,
"j0bro"
Just whipped an app together that disables the Exchange lock screen as soon as the server has enforced its policy by using a background service and an observer on the system setting. This requires no polling, scripting, etc. and survives reboots/enforcements
If you want to use the pattern lock follow the next steps if not just skip the next steps., First set the lock pattern before you setup your exchange server, Then after you set your pattern lock setup your exchange and it will ask you to set your password after complete download Lockpicker in the market and install & run. Iit will bypass the Password lock and the pattern will now work.
Or
klaus27
Originally Posted by klaus27
Ok, my app is ready. I have sent it to tamburylar for testing.
Version 1.0 is ready for testing. Working with HTC Sense. Waiting for reply for Milestone support. HERE
__________________
HTC Sense or Motorola Droid with Exchange and password policy? Get rid of it: http://forum.xda-developers.com/showthread.php?p=6044673
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
Click to expand...
Click to collapse
Not sure what you're trying to say here...
I'm using Exchange through my work, and the process is exactly the same as it has been on 1.5. Can you clarify your issue? Thanks!
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
Click to expand...
Click to collapse
This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.
As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.
swornenemy said:
This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.
As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.
Click to expand...
Click to collapse
Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks
networx2002 said:
Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks
Click to expand...
Click to collapse
Yeah android 2.1 is more EAS compliant and can actually do remote wipes if you ever lose your phone which is nice. I did this on my hero and it wacked everything off and would only boot into recovery. Thank god for nandroid.
Be advised that if you enter your password wrong 10 times, (provided that you are still using the built in android exchange support) it will format your phone as well.
I've got it backup, Just hate to have to unlock it all the time.
Wish they would let you use a pattern
networx2002 said:
I've got it backup, Just hate to have to unlock it all the time.
Wish they would let you use a pattern
Click to expand...
Click to collapse
I am in the same position as you. Delete your exchange account and use touchdown for your exchange mail. This way it doesnt require you to use a pin to use your phone except when accessing your exchange mail through touchdown
swornenemy said:
I am in the same position as you. Delete your exchange account and use touchdown for your exchange mail. This way it doesnt require you to use a pin to use your phone except when accessing your exchange mail through touchdown
Click to expand...
Click to collapse
i have never been able to get touchdown to work for me
Just thought I'd join this thread, as I was shocked to find the exchange password on 2.1 too. Personally I love the idea of password and secure wipe, but the problem is the keypad is so difficult to type passwords on it takes me forever to login. I prefer just using the sliding password. And lets face it if someone wants into your password protected phone all they need is a USB cable, laptop, and SDK and they can bypass it.
To this end I've been playing with a way to bypass the password and I have been somewhat successful. I am VERY new to this stuff I've been basically teaching myself as I go, so if there are any experts around with an interest please feel free to take this knowledge and run with it.
** DISCLAIMER ** I've no idea what this will do to your phone or your email so make sure you backup, i've had no problems with any of these settings and I've always been able to just delete the exchange account and readd it when there was a problem. That being said.. you've been warned, Backup. Also bypassing your companies pointless security measures may be dangerous and cause for termination.
To get started you'll need the SDK and working ADB. It appears all the exchange info is stored in a database file that you can read/edit with sqlite3. Here is what I've found so far:
adb shell (probably need root, not sure)
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
Optional sqlite3 settings to make reading easier:
.headers on
.mode column all
.width 2 40
There are two tables of interest here:
select * from secure;
select * from system;
The following update commands are what I used:
update secure set value=0 where name='DevicePasswordEnabled';
** This command will turn off the DevicePasswordEnabled and let you use a slide unlock pattern, but the password is still set from before.
update system set value=0 where name='lockscreen.lockexchange.enable';
** This command is the magic, I found out by watching logcat that when you unlock your phone it does an IF check on this variable and if it's set then it requires you to enter a password. Once this is set to 0 it skips the password and will ask for your slide unlock pattern instead. If you don't have an unlock pattern it will just jump to your home screen.
update secure set value=0 where name='MaxInactivityTimeDeviceLock';
** This one isn't too critical but I found it and thought I would share it. It basically removes the Exchange requirement for a idle timeout.. mine was set to 30 mins which was perfectly reasonable, but I removed it anyway.
Now once you run these update commands the changes are "done" no need to reboot or do anything special (don't even need to quit sqlite3) if you try to unlock your phone it might ask for a password the first time but enter it and lock the phone again. When you try to unlock it now the password has been removed. WOOOT!!
Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.
I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.
Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.
My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).
I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).
Good Luck
My employer is one of the paranoid companies that require the full password, so I'm also pretty interested in the answer. Changing values in the database show promise, but we'll need to see how this impacts what data is sent back to Exchange. For example, if I change the value to not requiring a lockscreen password, does Exchange know? If so, I get in trouble with Exchange admins, and they probably wipe my phone at their will. Ultimately, the device sends data back to Exchange, and the real solution is to find where the connection between Exchange and the lock screen is, and cut the cord.
For what it's worth, on the Pre this was handled in the lockscreen app and not anywhere near Exchange. The result was bypassing the lockscreen app altogether (return true; - elegant, right?), but that wouldn't meet the needs here of still having something. Once I get it reflashed with Damage's ROM tonight, I'll be playing with this.
And for the record - I'm also not trying to work around security policies enacted by my employer. This is purely for research and educational purposes.
say I wanted to go the other way, my Exchange server doesn't require a password but I want to use a pass... will following inverse instructions enable the policy?
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
With 1.5 i didn't have to use a password, but with 2.1 now i do.
Click to expand...
Click to collapse
My company has the security enforced on our Exchange server. Keyguard Disabler (look it up in Market) will do this, but it also disables the slide-to-unlock. You can toggle it on and off as you need it.
-Daryel
Ill have to try it.
Installed Keyguard Disabler from the market and it works great. Well worth the buck 50. Buggy when set to auto start on boot so I just put in the password once at boot and run the app. Completely bypassed the lock enforced by my exchange server.
Hell, I just logged into my Exchange server and disabled the pin requirement.....
tamburylar said:
Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.
I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.
Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.
My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).
I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).
Good Luck
Click to expand...
Click to collapse
I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.
kranz68osu said:
I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.
Click to expand...
Click to collapse
That would be nice
magic answer to fixing this password stuff
i had the same problem with my work email server, i tried touchdown, didnt like. here's th eanswer people, download lockbot, the free version , from the market. use it, and if your like me, you will have no problem.
damn it feels good to finally help and not be helped by these forums. lol. hope i tworks. post back
ukcatsfan said:
i had the same problem with my work email server, i tried touchdown, didnt like. here's th eanswer people, download lockbot, the free version , from the market. use it, and if your like me, you will have no problem.
damn it feels good to finally help and not be helped by these forums. lol. hope i tworks. post back
Click to expand...
Click to collapse
Downloading now
It works. Thanks
one happy hero user
I'm concerned that my ex has installed spyware on my htc incredible. Its scrolling screens and lighting up when not in use. I think she may be getting copies of texts, emails etc... any help is appreciated. greg
Hard reset if you cant find the program in the add/remove program menu
thx. trying to avoid that. My concern is that when I reload my email accounts, the program could be reloaded the same way purchased apps are reloaded. I dont know enough about the different ways these programs can be loaded to know I'll be safe after the tedious job of resetting up - loading apps - rooting this phone - etc. .....for as widespread as this problem is getting, I'd think one of you geniouses in the field would be able to seek out these threats. (not a malicious comment, some of the things I've found here are friggin genious)
gginsberg said:
I'm concerned that my ex has installed spyware on my htc incredible. Its scrolling screens and lighting up when not in use. I think she may be getting copies of texts, emails etc... any help is appreciated. greg
Click to expand...
Click to collapse
Install Lookout Security!
Sent from my HERO200 using XDA App
Or don't give your ex your phone, and she wont be able to install anything on it...
I like avg. It found some things lookout didn't. You can get it through the market.
Sent from my SCH-I500 using XDA App
Some people... No one I know would install crap like that on my phone.
If you are tyring to find something to confirm that she has installed, run both Lookout and AVG checks. Those are your only options at this point. I would absolutely hard reset my phone if I had that concern. Last, make sure you lock your phone with a pin number or password pattern. Make sure you uncheck visible pattern so no one will be able to guess your pattern.
lol I assumed the OP was a woman and the "ex" was a man, simply because I wouldn't think a woman would think to install some sort of sniffer application on her bf's phone lol
jconway said:
If you are tyring to find something to confirm that she has installed, run both Lookout and AVG checks. Those are your only options at this point. I would absolutely hard reset my phone if I had that concern. Last, make sure you lock your phone with a pin number or password pattern. Make sure you uncheck visible pattern so no one will be able to guess your pattern.
Click to expand...
Click to collapse
and wipe off your screen often
thx all, I have been trying to factory reset. Goes to black screen. Do I need to unroot it? Also, whoever said "dont know anyone that would do that" , ya never really know em till ya leave em..... Thx for your help.
You can download our F-Secure Mobile Security for free. It does a pretty decent job of finding Android trojans. See http://f-secure.mobi
--
Mikko Hypponen
Chief Research Officer
F-Secure Labs
@mikkohypponen on Twitter
Hi. I'm looking for a program that could be able to assign a password to every single program I have installed indepently. For example, assign a password when I want to open Dolphin browser for example or another one applied to the settings option.
Also, I'd like the phone to start without asking me for a pin number. I know that is a very insecure thing to do but I'm looking to immediately use the phone when I wake up in the morning Thanks in advance.
Jordibcn said:
Hi. I'm looking for a program that could be able to assign a password to every single program I have installed indepently. For example, assign a password when I want to open Dolphin browser for example or another one applied to the settings option.
Also, I'd like the phone to start without asking me for a pin number. I know that is a very insecure thing to do but I'm looking to immediately use the phone when I wake up in the morning Thanks in advance.
Click to expand...
Click to collapse
1. Lots of apps like this on the market, personally I prefer pattern protection from apps like, Seal. However, you could probably find alternatives if you look at related apps. If we had Gingerbread, then we can use Visidon which is a face unlock for apps.
2. Do you mean when phone starts up? or when you unlock? I think you want password protection to be disabled completely. If its not from an app and from the phone itself, then go to Settings > Location&Security Settings > SetUp Screen Lock > None.
I tried Seal and works great. Very easy to use and do exactly what I wanted. I hope an update to gingerbread comes soon so I can try the other one (but unfortunately I don't see it in market, maybe is why I have froyo 2.2?) with face recognition. I thought face recognition was a feature of ice cream sandwitch so is good to know that for gingerbread we can use this feature somehow. Thanks.
We can't find it in the market because the developer set the minimum version to be Gingerbread so to avoid having people download it without knowing on 2.2 and lower devices and leaving negative feedbacks, we wont be able to see it till we're on Gingerbread. I've tried it out on another device and it works pretty well.
Basically Gingerbread added Front Camera Support to the SDK so that allowed developers to use the Front Camera without any... fragmentation. In 2.2, if we tried that we would have had a much more difficult time in getting the front cameras to work because we'll need to find out how HTC did it, how Samsung did it, and how LG does it.
Ice Cream Sandwich offers an official way Face Tracking, but that's still using the Front Camera so as long as developers create their own Face Tracking stuff, it can be used in Gingerbread.
i'm looking for a specific type of app that i cant find anywhere in the playstore and i did my fair share of testing. This app would enable the lock screen to recognize two pins. One would be the normal pin you enter when you want to unlock the phone and the secondary pin when entered would trigger a series of security protocols like wipe all data on the phone ,erase all contacts and sms apps etc. Is there such an app? If not,then this would make a great idea for an app. I know i'd pay for it. Thanks in advance.
There are no such apps right now .
But you may try something like android device manager or mcAffee which provides online accessibility to your device for wiping data,fact. reset etcetera .
Or , instead of writing/requesting here , you may contact your favorite lock screen app developer and simply request to then to implement your idea on it . They will add it without any doubt
Sent from my GT-S7562 using XDA Forums PRO
bg1129 said:
i'm looking for a specific type of app that i cant find anywhere in the playstore and i did my fair share of testing. This app would enable the lock screen to recognize two pins. One would be the normal pin you enter when you want to unlock the phone and the secondary pin when entered would trigger a series of security protocols like wipe all data on the phone ,erase all contacts and sms apps etc. Is there such an app? If not,then this would make a great idea for an app. I know i'd pay for it. Thanks in advance.
Click to expand...
Click to collapse
There's not an exact match to your requirements always but still on the half way down there are some apps which you may try & deal accordingly.
I would recommend you to use
1. Smart Applock
2. Theftie
3. Cm Applock.
Out of these you may select the one you feel comfortable with.
Hope you find this useful...
ayushbpl10
ayushbpl10 said:
There's not an exact match to your requirements always but still on the half way down there are some apps which you may try & deal accordingly.
I would recommend you to use
1. Smart Applock
2. Theftie
3. Cm Applock.
Out of these you may select the one you feel comfortable with.
Hope you find this useful...
ayushbpl10
Click to expand...
Click to collapse
OP posted a SINGLE requirement, and none of the apps you listed can fulfil that requirement.
snapper.fishes said:
OP posted a SINGLE requirement, and none of the apps you listed can fulfil that requirement.
Click to expand...
Click to collapse
Have you tried Smart Applock...
Then look for a feature of lock screen setting which allow you to have 2 passwords for the lockscreen & also has the feature of siren when password feeded wrong & mailing an image as well as video of the person trying to gain unauthorized access to your device. Also it provide wipe & lock feature.
Talking about other apps they also function the same but don't have a feature of multiple password.
I hope next time you try the apps first & then post such a reply....
Moreover I strictly mentioned that the exact requirements are not be found with these apps & user must look accordingly as per the available features.
ayushbpl10
ayushbpl10 said:
Have you tried Smart Applock...
Then look for a feature of lock screen setting which allow you to have 2 passwords for the lockscreen & also has the feature of siren when password feeded wrong & mailing an image as well as video of the person trying to gain unauthorized access to your device. Also it provide wipe & lock feature.
Talking about other apps they also function the same but don't have a feature of multiple password.
I hope next time you try the apps first & then post such a reply....
Moreover I strictly mentioned that the exact requirements are not be found with these apps & user must look accordingly as per the available features.
ayushbpl10
Click to expand...
Click to collapse
Ok. By now i understand there is no such app so let me tell you why all of the above do not work for me.
We all store more and more sensitive info on our phones,we make payments with the phone we have banking apps installed ,private emails and so on.All the above apps are great apps if your phone is stolen,but full of flaws.you can take out the sim card and that's it.What do you do if someone forces you to enter the pin and then disappear with the phone wallet etc?in the time it takes you to go home and remote wipe the phone they already have everything that was on the phone. All those apps are useless and full of flaws in cases like this.
First of - I'm just an everyday user of Android device, never interested in hacking or any other "advanced" use of computers and likes. My greatest achievements so far are jailbreaking Iphone, rooting an Android phone and installing stock ROM on it. You can call me a noob. However - I like to improve things I use and I also value my privacy. That's why I installed a software that locks access to certain apps on my phone. I recently found this app actually made an opposite - it made my device vulnerable to identity theft and potential financial loss. I wouldn't really bother telling my story if developers didn't delete my one-star-rating with a brief description of the problem right after I posted it in Play store.
So, to the point. I installed CM Security and app lock app (nearly 14 millions of users and 4,7 rating) and locked some of the "sensitive" apps with it. One evening I was bored enough to try and play "a hacker" who "found my phone" and see what such person could do. Considering "a hacker" somehow managed to unlock the device he'd now encounter my second line of the defense - the mighty app locker. And now, in a few short steps I'll show you how much damage you can do with it:
1. First it obviously asks you for an unlocking password/pattern, but -as you don't know it - you hit in-app menu button and choose "forgot password?" option.
2. It asks you to log in to your Google account in order to reset the password (YES, you can access Google password recovery from inside the app, so even if you lock your device's Settings, your mail client and so on, you can still access the most vulnerable option of your account from "security" app).
3. As you don't know a Google password you hit the "forgot password" link that starts Google password reset process.
4. It will ask you for the "last password you remember", but you can just say you don't know it and then it gives you an option to get a verification code by SMS - chances are it will be sent to the device you're just holding in your hands. And these chances are big.
5. After you get a verification code you're in. You can now set a new Google account password and reset app locker password/pattern.
It's that easy. You not only unlocked an app locker but also got access to Google account which gives you pretty much endless possibilities, including purchase of some apps in the Play Store as it stores your card details and you only need an account password to authenticate the purchase. You can also try to restore Ebay or Paypal passwords or even try to get directly into bank accounts via banking apps. Sky is the limit.
I already deleted CM "security" app and looked for some replacement. I wasn't really surprised it's kind of a standard that when you install them, security apps ask you to give your Google account details just in case you need to recover your password in a future. And they often make you think that giving these details is an integral part of installation process, a must-do that is necessary for an app to install and work. Some apps, like CM "security" don't even ask - they just use your Google account details and don't give you a chance to give up such option.
After all - here's some advice I can give:
1. Don't install any security software that connects to your Google account and gives "password reset" options;
2. Don't give Google your mobile number, even if it seems convinient;
3. Don't use your Google account address as your contact information in "owner info" option of your device.
If you have any other suggestions that may improve security, please share.
Cheers
Question is why you didn't lock your device in the first place.
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
That is what a combination of a lock screen pwd,short for convenience, and full encryption using a separate and longer pwd of high entropy/randomness is for. Even with that its important to understand how it works and its limitations. Such as it does not encrypt.the ext sd card data. So if you put apps or privledged data there you either should not or using other means to encrypt it. One such way would be to use truecrypt to encrypt it using a pc, being the easiest and then use one of the apks that gives suports accessing those types of partitions/files.
The function you are speaking of is ther to prevent people you have a large degree of trust in such as a family member or close.friend possibly that you may allow to use your phone but do not want them to be able to access private data. Think of a parent allowing their child to use the phone to play a game but does not want them scewing up email or going into their bank app and randoming clicking around etc...
I hope you get the idea. Its not there to prevent someone that means to do you direct intentional harm.
I also want to point out my comments are only directed at the most basic level and only deal with physical secure of data on the phone and not the phone itself nor from remote access or privacy.
Also want to point out that a screen lock pwd is nothing but a inconvenience at best to someone wanting access to your data. A quick reboot into recovery and a bkup to a sd card will get them all your data and any weakly secured credentials there in. Its only one part of physical security, of which, is only itself one part in over all data security, which itself, is only a part of data privacy. Its a large house of cards and removing one or putting one little piece in just slightly the wrong place and collapse the whole house.
Its hard to do just the small piece of each of these parts correctly and exrremely hard to.combine all the small and large parts together for a total protection scheme. It takes considerable research and learning to do these things especially if your goals are for higher levles of security and privacy.
As an example someone that really wants their phone data ue on android to be private from commerical.data collection which via proxy means all gov access to said data would never install goggle play store or any google app on their device. That is just one glaring example of many.
http://ad.cmcm.com/en/?f=home-en-top
Cheetah Mobile is spyware. watch the video on their website
I would suggest using the built-in encryption on Android. I don't use it myself, but have the Avira app installed. I like their PC software, and gave it a try.
It can be used to track a lost phone or lock it remotely. Since I have rooted my Huawei G300 it complains a bit, but still scans all apps being installed.
bigeasy911 said:
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
Click to expand...
Click to collapse
Fact is still that this app claims it provides certain security, yet it doesn't. Not everyone will realize this. So it's always good that people keep pointing this out.
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
Reviews or star ratings are not always very reliable, just use as a rough guide .... (In my opinion SOME of those Chinese apps seem to be amongst the worst offenders)
https://techcrunch.com/2014/05/27/f...unes-but-google-play-has-the-worst-offenders/
optimumpro said:
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
Click to expand...
Click to collapse
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the damn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
billysam said:
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the d
amn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
Click to expand...
Click to collapse
Epoxy: Knowing how small and fragile phone motherboards are, I think you will most likely damage the board while trying to penetrate epoxy... Maybe you shouldn't epoxy the usb port on the ouside, but cut the data pins and epoxy on the inside to not give a hint to an attacker. Anyway, I wish an attacker fun time trying to remove epoxy...
The point of encryption is to protect data when the phone is off. So, it makes sense that for someone without a password, the phone turns into a brick. And if you tend to forget the password, then write it down somewhere other than the phone...
Mobile security is a myth. At best it is a door knit lock. Will keep honest People honest but won't stop someone from. Really trying and doing it.
I see lots of talk from people about security and yet these same people use Facebook which has enough holes in it that anyone could hack someone else pc. I use it all the time to mess with people. The looks on their faces are priceless.