There have been ways to get around a corporate exchange device administrator for other devices. Anyone know what can be done on the xoom?
Since adding my exchange account, I now have a required lock screen code, and required display time out, and the possibility of a remote wipe.... Probably familiar to some of you.
The standard lock screen was so cool!!!!! Arrrrr
The techniques I've seen before included an app that disables the device admin, or an email.apk with the exchange security removed.
Mine did the same thing. Its a security setting that needs to be in place based on the Exchange server settings. My Droid X needs a lock code as well.
It is actually a good thing for me, due to the fact I keep work info on it. Frustrating but necessary.
Yes, I have the email.apk on my Captivate that bypasses this screen lock. THough it has other deficiencies like width problems in the email and the links in an email don't work. But getting the email and responding works fine. Maybe try out the email.apk for the phone and see how it looks. You can always revert. I think no matter what, you are going to have to get a hacked version to bypass the exchange permissions options that a corporate admin can impose. The guy that hacked the email.apk has a paid program that probably fixes all the bugs in his free app.. and I hear he is very good about refunding within the first 24 hours if the program doesn't work as expected. Might be something to try.
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Bauxite said:
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
100% agreed. I did not know there was a way round this and if there is, I will not be supporting Android devices on our corporate network. I will continue to support it for private use but not corporate.
There is a way around everything. You can't just blame android. As admin you should randomly check devices to ensure the security measures are in place anyways. The users have to sign an agreement and if there a caught breaking the rules then the will suffer the consequences. Don't blame android because you too lazy to enforce your policies. You going blame windows when a user downloads torrents that contains malware?
Sent from my Xoom using XDA Premium App
Bauxite said:
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
OK, Thanks!
Except I can add the exchange mail to my laptop and save the password. There is no enforcement of my Windows login, screen saver, or the possibility of my laptop being wiped. I don't think the device admin is a good fit for a tablet, whereas a phone is a little different.
You guys are supposed to back me up here.
What was the name of the email.apk and paid app for the Captivate?
Weird. Im using touchdown and it didnt make me enter a lock password
Pitnefor said:
Weird. Im using touchdown and it didnt make me enter a lock password
Click to expand...
Click to collapse
Depends on the server settings that your admin has setup.
Here is the 'less supported' email client apk.
http://forum.xda-developers.com/showthread.php?t=775007
His paid for program is called Enhanced Email.
https://market.android.com/details?id=com.qs.enhancedemail&feature=search_result
Here is his website with forum stuff.
http://quantumsolutions.us/forum/
As far as IT having issues with this because of android.. my last Windows phone didn't have any type of security to force a password. So I agree its not an Android issue. Plus, some people can use IMAP to get their corporate data which also doesn't impose security passwords. Not saying it is the right thing to do (get email without locking down the phone) or not, just saying it can be done and here is how. You guys are big boys and girls.. make your own decisions.
eaglecomm said:
As far as IT having issues with this because of android.. my last Windows phone didn't have any type of security to force a password. So I agree its not an Android issue.
Click to expand...
Click to collapse
Which Windows phone is that? All WM phones that support EAS (WM5 and later) supports exchange policies. Whether or not a password is required totally depends on your Exchange Server policy. WM phones also support email encryption policy which wasn't supported on iPhone until 3GS and never supported on any Android OS.
Plus, some people can use IMAP to get their corporate data which also doesn't impose security passwords. Not saying it is the right thing to do (get email without locking down the phone) or not, just saying it can be done and here is how. You guys are big boys and girls.. make your own decisions.
Click to expand...
Click to collapse
Any corporate that requires password and other security policies also disables IMAP and POP3 access to their exchange server.
Any incompetent corprate IT that left IMAP enabled probably also doesn't require any password policy either.
foxbat121 said:
Which Windows phone is that?
Click to expand...
Click to collapse
Tilt2
foxbat121 said:
Any corporate that requires password and other security policies also disables IMAP and POP3 access to their exchange server.
Any incompetent corprate IT that left IMAP enabled probably also doesn't require any password policy either.
Click to expand...
Click to collapse
It would seem your second statement here overrides your first. I am not here to debate what they SHOULD be doing. I am stating the current state (or what was the last time I tried IMAP).
Whether they are incompetent or not is not for me to decide. You all seem to have enough opinions of your own for me to worry about changing your minds.
How 'bout we get back on topic?
Security is in place for a reason. Incompetence on the part of your IT dept is one thing, but deliberately trying to circumvent an enforced policy just because you don't really like the look of a lock-screen is another. Should be an interesting meeting with HR when an unsecured device (via security circumvention) is lost with confidential company data.
Just because you can do something doesn't mean you should. So what if your admins weren't bright enough to disable IMAP/POP3 access, if they are enforcing mobile security, respect it.
In my experience, the same people that complain about security are the ones that lose their phones or laptops the most, and also stay silent when proper security measures save their butts from losing their jobs.
eaglecomm said:
Tilt2
Click to expand...
Click to collapse
Tilt2 definitely supports all the Exchange policy, all the way down to SD care encryption policy and domain enrollment policy. The fact is your 2-year old WM phone is actually much more secure at enterprise level than your fancy new Android system. This is one area that Android currently lacks.
I'm not saying the Tilt2 didn't support it... was just making the statement that it didn't have it on it because it wasn't forced. Hell, I didn't even know it was an option until I had to use an iPhone for a few months and it forced the lock screen.
And it had nothing to do with the way it looked. It has to do with everytime I want to use my phone, I had to enter in a code. There was no way to set it (that I could find) that it would only turn on the lock after being off for, say, 10 minutes. Which means if I hit the power button by accident. Locked. No matter what, as soon as the screen went black.. locked.
Anyways, I'm not looking to pick a fight.. just stating things. I figure it's a free world. Once people start enforcing every part of your life, it won't be. I am sure everyone on this forum has passed the speed limit in their car (and probably do a typical basis). Rule broken.. there for your safety.. yada yada yada. Do what you like.. hence why I moved to Android from apple.
eaglecomm said:
And it had nothing to do with the way it looked. It has to do with everytime I want to use my phone, I had to enter in a code. There was no way to set it (that I could find) that it would only turn on the lock after being off for, say, 10 minutes. Which means if I hit the power button by accident. Locked. No matter what, as soon as the screen went black.. locked.
Click to expand...
Click to collapse
That I have to agree. WM5.0 did the right way but starting from WM6.0, it basically locks the phone all the time whenever screen goes dark. Now Android 2.2 and later does the same thing. It seems to be some kind of security precaution.
Anyways, I'm not looking to pick a fight.. just stating things.
Click to expand...
Click to collapse
Not to pick a fight either. Simply correcting your misconception.
I figure it's a free world. Once people start enforcing every part of your life, it won't be. I am sure everyone on this forum has passed the speed limit in their car (and probably do a typical basis). Rule broken.. there for your safety.. yada yada yada. Do what you like.. hence why I moved to Android from apple.
Click to expand...
Click to collapse
No one is forcing anything upon you. You have the choice not to receive company emails. However, if you do elect to receive business emails, companies have the right to enforce whatever security measure it deems necessary. Company emails often contain a lot of sensitive information and even maybe trade secrects. If your phone is accidentally lost and without the proper protection, anyone could take advantage of those information stored on your phone. And if your company found out that the information leak is from you because you circumvented the security policy, you will be in deep trouble
iPhones before 3GS and most Android phones before 2.2 actually cheated a lot of the EAS security policy by falsify policy query reponse. Basically, if your exchange server has a policy to require support of email encryption on device, old iPhones running old iOS and a lot of Android phones running old Android will repond as 'YES, supported' but in reality they don't have such support at all. Apple fixed this after 3GS release (3GS and newer do support email encryption) and Google fixed it in Android 2.2 OS by correctly respond 'No, do not support such policy". A lot of big corporations do enforce email encrytions.
foxbat121 said:
Not to pick a fight either. Simply correcting your misconception.
Click to expand...
Click to collapse
No worries.. no misconception. I just stated my phone didn't have it. Which it didn't (in terms of forced security that was implemented). Likely a corporate decision, but it still didn't have it.. which is what I said.
foxbat121 said:
No one is forcing anything upon you. You have the choice
Click to expand...
Click to collapse
Agreed.. choice.. at least this far in life.. is ours.
I can understand the need for having security measures in place... by why the he77 would those permissions need to include the ability to wipe my device?
I'm rather disappointed to see how many of you are unhelpful in a forum full of people who do this exact same thing in various applications. To answer your question, I use Blue Mail to bypass this silly corporate requirement and I actually like it a lot better than Outlook. Its also free.
Related
I hope this time it's the correct forum.
So long story short.
I've written an app that allows to hijack FaceBook profiles over the WiFi. So when you're connected to WiFi you can "hack" into other users profiles. It doesn't work for profiles using SSL (yes you have that option in FB). So it can be treated as a "bad app". BUT! it is not dangerous for the one using it. I am aware that this is "questionable" application, but is there any other way to tell people - "HEY! use secure connections, it is not safe to use public WIFI!". I'd bet that a lot of you don't use SSL now and after using/reading this app you will turn SSL on.
That could be the #1 reason for deleting my app.
The second one is that I've put a 'demo' app in the market with a limit to sniffing only 3 profiles. But you could buy it through paypal. And today I've found out that this also could lead to app deletion. However i've bought launcherpro through paypal so I don't see why my app was removed in less than 24 hours.
What is your opinion and what can I do to sell my app somehow (i need my 25$ back that I've paid to register in google wrr...). Is there an option I could do put it in market without google deleting it like putting a disclaimer or something? The app itself is safe for the user downloading it.
Edit: If I put a link to this app here will this thread be deleted? If so, is there an option to promote it here?
Per forum rules, link removed
bponury said:
I've written an app that allows to hijack FaceBook profiles over the WiFi
Click to expand...
Click to collapse
There's your answer.
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
+1 on that
if it allows you to hijack fb you can steal other information from the users account so why would they allow it and put themselves into a legal bind for doing so
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
So if it wasn't for this app you would be safe? No, facebook is ignoring users privacy and this app is nothing more then a good way to show people what could be the cost of not using secure connections. Of course this can be used in a bad way, a lot of apps can. Like sms bombing or phone number spoofing. But they are not removed from the marked do they?
Ethics
And even worse you want to get paid for it.
wdl1908 said:
Ethics
And even worse you want to get paid for it.
Click to expand...
Click to collapse
Yes, I know what ethic is however we're not living in a perfect world and just believing that everyone is good and ethical so I can just leave my door open when leaving the house is not going to protect me against the reality. I believe in http://en.wikipedia.org/wiki/Full_disclosure and this case is even better because FaceBook is aware of the problem and just ignore it. A few people are aware that there's an option to use SSL on facebook. In my opinion FB should just get it done right and force users to use it. It's not a problem these days right? And what is wrong in getting paid for my work. I've spent some time developing it. Security by obscurity is not working, really. Take my app for example it would take max 1h to crack it. It's not security it's just being to lazy to secure it. And hoping that no one would care to crack it.
sms bombing is not hacking someones account! you are just spamming someone with messages.
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
traumatism said:
sms bombing is not hacking someones account! you are just spamming someone with messages.
Click to expand...
Click to collapse
People are killed for spamming in russia (http://www.theregister.co.uk/2005/07/26/russian_spammer_killed/)
And what about spoofing caller id? AFAIK that things are valid in court cases in Poland.
traumatism said:
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
Click to expand...
Click to collapse
I don't know how to tell people - secure yourself any other way. I know i'm devils (myself) advocate right now, but really do you think that forgetting about insecurity is a good way? I don't force anyone to use it in a bad way. But after I showed how it works in my house all my room-mates turned SSL on instantly. And they were not mad about it, shocked a bit but now they are safer now. Sure you can just tell people - hey turn ssl on and 90% of them will ignore you. But when you show them - look! i can see your messages that easily if you don't do it. Then they would listen.
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
MarkusPO said:
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
Click to expand...
Click to collapse
So if you have a car that can be opened by someone who has a screwdriver wouldn't you want car manufacturer to secure your car. Buying a bulletproof car isn't exactly the same as pushing a button in a web browser isn't it? And you're comparing killing a man to posting "I'm a jackass on someones FB wall". But still, you can buy a gun right? Also pretending that there's no problem isn't fixing a problem.
And hey, this app isn't new you know, if it wasn't for this thread maybe you wouldn't know that people use this apps on PC's maybe one day you would find that all your mail is gone (yes, this app could be modified to work with other sites like this forum). And ask yourself wouldn't you be pissed if you've found out that anyone using your network could get into your bank account? Well I would. But most (all?) banks use SSL by default. Google does. Why FB doesn't?
hazard99 said:
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
Click to expand...
Click to collapse
Yes, in fact it needs root to modify iptables and send raw arp messages and I know people get scared when an app needs root. If someone is interested I could write here how it's done and anyone could write it. It's actually nothing magical.
I wrote this app as a project for my mobile programming class. In the first version it also sniffed for Gadu-Gadu messages (it's a polish messenger). But I sure hope that when and if this app let's loose than FB will react and enable ssl by default. Maybe other websites will use it too. It's just that easy to protect your users, I don't understand why they don't do it?
most people who do not want their details stolen, do not use public access internet. does FB take money transactions over their site?
google does and the banks do so they will have a secure section. fb may do this using paypal or google checkout or otherwise so may not need the ssl that the banks need. sure it still renders people vulnerable to attack and theft of other information but even so that information is very limited dependant on the user of the account.
traumatism said:
most people who do not want their details stolen, do not use public access internet.
Click to expand...
Click to collapse
Yes, so other people want their details stolen? You are aware of the problem 'cause your "into computers" but out of 500 milion fb users how many of them ever heard of SSL? How many know that they are unsafe?
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
traumatism said:
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
Click to expand...
Click to collapse
Sure I could write an e-mail to facebook, but this issue is known for years! http://en.wikipedia.org/wiki/Session_hijacking I am sure FaceBook is aware of it. In fact they've enabled SSL only a month ago (maybe two months) but why it isn't enabled by default?
who knows. perhaps issues with other applications on the website, or applications made to access facebook. they may have left it so they can cater for other applications for and on the site. only they can answer that question.
anyway, he just showed the spirit of a developer and created something new
he never told anyone "hey go hack facebook profiles" or "sniff those profiles, its fun"
he just showed the possibilites of android development and did nothing wrong in my opinion
it's not his fault if facebook is unable to close a security leak known for a long time
yeah dont get me wrong blezz i understand that completely. but the argument was as to why they would remove it. legality reasons would be tne main issue. to cover their own backs as they can in fact face legal action for allowing the app to become available in their market.
I don't see anything wrong with the app.
It shows the flaws of facebook, and the fact that no one in facebook cares enough to do anything about it. But then I understand whygoogle would remove it... If facebook decided to sue for this google would be sued not YOU.
so it would be best if you released it HERE on xda rather than the market
I am going to be honest, I have never taken computer security seriously and I feel like it is going to bit me in the bum really soon if I don't change my habits. This all started with a few emails I received about forgetting my password on multiple accounts. The first time, I just assumed someone typed in the wrong account. I received a second one a few days later and it started to make me wonder if someone had my email. Then a few days ago I signed into Paypal only to realize that they locked down my account and refused to open it again until I provide some more information. I thought this was strange because I had been using my PayPal account for a few years now to purchase things on eBay. After I submitted my information, they wanted an explanation as to why someone who lived in Iran tried to access my account. I don't know anyone who lives in Iran and so now I am a little freaked out. I want to know what I can use to prevent hackers from getting access to my accounts.
Is it a good idea to pay for a vpn service for daily online activities?
Should I setup a password keychain for my accounts and use long randomly generated passwords?
Should I switch to Ubuntu? (current running Windows 8)
My computer skills are pretty solid so feel free to suggest things that maybe a more advanced user might do.
It is possible but can be done without paying. Tor is very popular and a really good service but it can only provide anonymity, not security. That for install HTTPS everywhere and customize every service you use to provide SSL.
Sent from my GT-I9100 using xda app-developers app
PayPal are pretty smart, your account should be safe, your account was flagged because of an attempt of a login x amount of miles from your usual common log in region, like you said Iran, so of course, PayPal will do whatever they can to protect your account, even if it bugs you.
You can protect yourself by making sure you have virus protection, free or paid, making sure its up to date, and scan once in a while.
I use Windows 7, so I use Microsoft Security Essentials for real time protection, I also use Malwarebytes but disable it for real time protection as more than one real time scanner would cause performance issues for anyone. keeping both up to date and scanning regularly should keep you virus/adware/malware/spyware free.
As a precaucion, I also use adblock plus for firefox to prevent ads, not just because its annoying, but also because ads sometimes are bad for you and you end up with fake antospyware 20xx and so on.
As for passwords, just try your best to make sure your entering them at the actual website you think your on, check the security certificate on the address bar on the left of the url.
Voice messages are always automatically downloaded for the best communication experience...
Really..??
Mmmm there is a stench of security breach..
ever asked yourself how they finance their continous updates? do you really think they just release a new version every 2 days just because they like you? think about it..
SecUpwN said:
think about it..
Click to expand...
Click to collapse
What do you think about that?
tryin said:
Voice messages are always automatically downloaded for the best communication experience...
Really..??
Mmmm there is a stench of security breach..
Click to expand...
Click to collapse
What are you talking about? First of all, you can turn off the option of auto-downloading various file types in the app settings. Secondly, EVERYTHING you use Whatsapp for is passing through their servers (I'm assuming it's encrypted, because a while ago it was cleartext). If you're that paranoid about having your information read, don't use it. As a matter of fact, don't use a cell phone or the internet, because someone somewhere is skimming your data, whether it's a person or a computer doing it.
They also don't send out updates every 2 days. I have no idea what you guys are talking about. Their updates come months apart. They get their "funding" from user subscriptions...It's 99 cents for a year and $3 for 3 years. Multiply that by however many users they have (more than that of any other service) and you have a LOT of revenue. They've been doing this for years. Their app spans Android, iOS, Windows Phone, BB OS, Bada, Symbian, etc.
Whatsapp is already backdoored by 3 letter agencies and victim to dozens of security problems http://www.firsthacknews.com/2013/04/whatsapp-plagued-yet-again/
Don't use proprietary software use GuardianProject Gibberbot with a Tor .onion jabber/xmpp server to avoid SSL/TLS MITM attacks or open the app in Eclipse and pin certs to it for your jabber server.
Product F(RED) said:
What are you talking about? First of all, you can turn off the option of auto-downloading various file types in the app settings.
Click to expand...
Click to collapse
Take a look at the screenshoot..
Secondly,
Product F(RED) said:
If you're that paranoid about having your information read, don't use it. As a matter of fact, don't use a cell phone or the internet, because someone somewhere is skimming your data, whether it's a person or a computer doing it.
Click to expand...
Click to collapse
you really saying that your advice is to stop using the internet or any other stuff if I care a bit about security or privacy (aka I'm paranoid, right!), seroiusly?
tryin said:
Take a look at the screenshoot..
Secondly,
you really saying that your advice is to stop using the internet or any other stuff if I care a bit about security or privacy (aka I'm paranoid, right!), seroiusly?
Click to expand...
Click to collapse
Basically, yes. If something this negligible is bothering you, then you have bigger problems to worry about. Also the screenshot is saying that the audio is downloaded to your device automatically, not by someone else (even if it is). Anything that goes into or comes out of Whatsapp has been through their servers.
Solution? Don't use Whatsapp.
Product F(RED) said:
Anything that goes into or comes out of Whatsapp has been through their servers.
Click to expand...
Click to collapse
And then? I don't understand the link...
I don't understand your link; you're saying that somehow the fact that voice messages are automatically downloaded to your phone are a breach of security... What about text messages then? Don't they work the same way?
I said that download automatically any type of file, (not text that in this context seems to be not executable) STINK of security breach...
Product F(RED) said:
What are you talking about? First of all, you can turn off the option of auto-downloading various file types in the app settings. Secondly, EVERYTHING you use Whatsapp for is passing through their servers (I'm assuming it's encrypted, because a while ago it was cleartext). If you're that paranoid about having your information read, don't use it. As a matter of fact, don't use a cell phone or the internet, because someone somewhere is skimming your data, whether it's a person or a computer doing it.
They also don't send out updates every 2 days. I have no idea what you guys are talking about. Their updates come months apart. They get their "funding" from user subscriptions...It's 99 cents for a year and $3 for 3 years. Multiply that by however many users they have (more than that of any other service) and you have a LOT of revenue. They've been doing this for years. Their app spans Android, iOS, Windows Phone, BB OS, Bada, Symbian, etc.
Click to expand...
Click to collapse
haha, no it's not secure neither good encrypted. Anyway, it's almost free and easy to use. Aslong as you dont share very private stuff you shouldnt care about privacy..
You should always care about privacy. This whole "if you're not doing anything illegal, you shouldn't care" mentality is how we got here to begin with.
Sent from my Verizon Wireless Samsung Galaxy SIII, via Tapatalk.
meskes said:
You should always care about privacy.
Click to expand...
Click to collapse
I agree!
With this apps,our privacy is very respected just scantly
Has any tried setting up the Email app on the N5? I'm getting getting "You don't have permission to sync with your server." error mgs. I have set up hundreds of these including my own Exchange account. I have looked on the Exchange server and security is all good. Hell, I can connect just fine with my Nexus 4 or any other phone. Thoughts? THX
Works for me.
Worked out of the box for me on exchange 2010. Maybe your setup is not set to allow the nexus 5. Check your activesync device policy.
Weird! Anyway, I got it to work. I ended up removing all devices associated with my account. The Exchange 2010 Server can allow 10 user device agents and I only had 4 devices linked. Technically, I should be able to add new devices without issues without removing old user agents. Maybe in this case, the server got confused or something... lol.
The Nexus 5 isn't encrypted, are you guys really allowed to connect unencrypted devices to corporate email?
That's blocked here.
I use touchdown which stores corporate email in an encrypted container.
"The Nexus 5 isn't encrypted"
I disagree with this. Android OS does have some level of basic encryption. I recalled that it was implemented back in the Gingerbread days. The argument is not whether it's effective or not, but some sort of "encryption" does exist in the Android platform.
By default it's not encrypted, but there is an option in Security section to encrypt your device.
xxxman999 said:
"The Nexus 5 isn't encrypted"
I disagree with this. Android OS does have some level of basic encryption. I recalled that it was implemented back in the Gingerbread days. The argument is not whether it's effective or not, but some sort of "encryption" does exist in the Android platform.
Click to expand...
Click to collapse
It's not hardware level encryption that's always on, and on by default like with blackberry or iPhones though.
It's a software based option that 99.999% of people have turned off.
.
Alliance shield app bricked my phone...the owner (RRiVEN) banned me for asking about the permissions his app uses and he got butthurt and banned my account and ip address knowing it would soft brick my phone if i factory reset it with all the apps I disabled and now I can't remove the spyware/malware infected app or recover my device back to factory settings...him and his app destroyed my brand new 1200 dollar s21 ultra
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Maxxx17 said:
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Click to expand...
Click to collapse
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Also this app proxys all your data and activity thru his server....the required sign up and login for the app to work is the first dead giveaway and a huge red flag
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
HELLFISH420 said:
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Click to expand...
Click to collapse
You may be right. Be careful next time.
yeah the owner is in trouble and he dont even know it....he even tried to push a zip file to my phone (script)
HELLFISH420 said:
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
Click to expand...
Click to collapse
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
oh yeah one last thing [email protected]
RRiVEN said:
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
Click to expand...
Click to collapse
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
HELLFISH420 said:
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
Click to expand...
Click to collapse
All I see is more accusations and ZERO proof. Typical Hellfish.
Where is the poof I log passwords? I will happily give you any version of the Shield going back 2 years. Decompile it and show me the password grabber, or exodus, or anything else. You can't so I won't be holding my breath.
It has multiple permissions yes, but most are so the Knox features work. You know what permissions I don't request? Storage.
HELLFISH420 said:
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
Click to expand...
Click to collapse
Once again more accusations and yet zero proof. Same offer still stands, show me the malicious permissions, what ever that means.
Since we banned you for lies it has been half a year. My app is still here. Still waiting for it to be taken down. My guess is another 6 months will pass and we will still be here.
You were nice and we were nice untill we asked for proof about your wild claims, then it changed. Suddenly we were the bad guys. Extraordinary claims require extraordinary evidence.
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
We are happy for you, really are, no sarcasm, but once again you don't understand why we have the login.
All it takes is reading our website feature list to see why, but hey you compare apples to carrots.
Also you better hope Samsung doesn't find out you are using Knox to disable system apps or your key will be revoked.
If it uses Samsung Knox, then it needs an internet connection, so excuse me If I don't believe you 100%
HELLFISH420 said:
oh yeah one last thing [email protected]
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
Click to expand...
Click to collapse
What are you even talking about? I really think you need to get help, your infatuation of us is weird and how you think everything we do is hacking you.
Trust me, if I had a zero day (which I don't) I wouldn't use it to hack random people via my legit app we worked 5 years on and almost half a million downloads. I would sell it for $100,000 and then find the next one.
But hey, you think whatever you want.
Edit:
After reading my comment again do you think the Cloudflare or Google link is an ipgrabber? I take it you never heard of Cloudflare or Google, interesting.
Cloudflare has a market cap of 65 Billion and Google 1.99 Trillion, very huge respected tech companies.
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Suprnova84 said:
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Click to expand...
Click to collapse
Any legit company can apply to use Samsung Knox, which I did.
My connection with the Military has nothing to do with the app. The Shieldx was created in my spare time using my company (RRiVEN LLC) that I set up as a College project before I joined the Military.
Knox is a very powerful system that the Shield only scratches the surface of what it can do. I am not surprised that the Military uses it.
This hellfish character is a troll. Shield is a great app and works well. Only I don't stick with it because there is still no way to add large hosts from online sources easily. Once that happens, I'm switching. Until then, adhell3 is the best solution.
Wow that war was awesome to read. Go Alliance Shield X whoo whoo !!! lol
this issue has been resolved....mods please delete this entire post
I'm not related to hellfish or whatever, just saw a recommendation in the internet - app to control running services on Samsung devices, well that was quite an experience.
This is just ridiculous software, probably author is a follower of well known Terry Davis (god bless his soul) with his well known TempleOS. IT IS JUST FREAKING RIDICULOUS! never ever install that crap and stay away... just a complete nonsense beyond imagination, you may get a taste of it just browsing through official website, which was already very much suspicions, but I registered and installed anyways... mother of god...
also author's weak excuses about dot in emails? WHAT ON EARTH???? have you ever seen a single rnd generator... do you have a slightest idea how email works, any understanding of modern spam\antispam techniques? zero, zilch... my god... sheeez....
HELLFISH420 said:
this issue has been resolved....mods please delete this entire post
Click to expand...
Click to collapse
How did you resolved the issue? pls update me about the solution so we can also try..
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
also how can I get this software of yours? Have you uploaded this in the forum or playstore or somewhere else? Please update me...