Related
Hey guys, I have acquired a contract up here for several motorola xoom tablets but need to completely lock them down before delivering them to the end user.
By lock down I mean, remove almost all applications, settings etc so they can not be altered.
Can someone point me in the right direction. navigating these forums is just insane now! The community seems awesome though.
I'm not opposed to loading a custom ROM on the device, in fact would prefer that. The devices I have ordered are Xoom 3G 10.1" GSM Unlocked.
ulchm said:
Hey guys, I have acquired a contract up here for several motorola xoom tablets but need to completely lock them down before delivering them to the end user.
By lock down I mean, remove almost all applications, settings etc so they can not be altered.
Can someone point me in the right direction. navigating these forums is just insane now! The community seems awesome though.
I'm not opposed to loading a custom ROM on the device, in fact would prefer that. The devices I have ordered are Xoom 3G 10.1" GSM Unlocked.
Click to expand...
Click to collapse
So, you made a commitment before researching how to fulfill the client requirements?
Seems a bit backwards to me.
The level of lockdown you're looking for simply isn't possible without extensive framework modification. Honeycomb's source isn't out yet, so it's not possible to modify the framework much.
The best you'll be able to do is remove apps, but that can make updating the device problematic.
Ya locking down the tab was an after thought and still is. It's not required for the immediate product launch but is something to be looking into afterwards. If the solution is just to remove apps that's extremely easy to do and I"m sure will be 'fine' for now. is everyone in the corporate world just giving these tabs to people completely wide open and letting them do whatever they want on the companies data plan?
How would I go about making a custom ROM of this after I have removed the apps I don't want and have the tab setup the way I would like.
Maybe looking for something along the lines of this?
http://www.air-watch.com/platforms/android/index.html
The device administrator stuff in Android is pretty crappy.
air-watch looks interesting if it works with honeycomb
As an aside, It's my experience that corporate clients hate the idea of rooting. It means voided warranties, and no support/accountability from a vendor.
Ya for sure I dont' want to root the device so much as lock it down however it seems that the 2 are kind of attached right now. Air-watch might be the answer I'll do some testing. Thanks.
Hi all,
this is my first post, though I have been lurking around for some time here. I didn't get into androids until gingerbread, so I am not too tech savvy about all this, but I have played around with a few ROMS on my Razr Maxx and I like the customization ability of it all.
For reasons I will not get into (to keep this post on topic), I am currently looking for custom ROMS, possibly based on CM10 or CM9 for both mine and my girlfriend phone's.
She has the Droid 4 and I have the Droid Razr Maxx. I originally read about carrier IQ and that a custom ROM was usually the only way to disable it. As far as I can tell I do NOT have CIQ on my Razr Maxx atm. However I do see e911 location which is always on and is, from what I can tell, pretty much the same thing as CIQ. I already know how to disable Google locations services etc - but that's not what I am talking about.
Are there any ROM's for ICS or Jelly Bean which (have data and almost everything working - I can go without a rotate animation etc) disable Verizon's or other government tracking?
My girlfriend's x-bf is a top level NSA hacker, and can always tell where she is, what she's doing, etc. It's very annoying but that's just the tip of the iceberg, but as I said, I'm only looking for relevant answers to my question.
If there are ROMS which intentionally or unintentionally have disabled the e911 or other built in, undisable-able location tracking, as well as anything that would allow texts or calls to be recorded, I would like to know about them. Obviously they would need to be either for the Droid Razr (Maxx) or the Droid 4.
Yes I could buy a "drug dealer pre-paid throw away phone" without being tracked, but I'm not a drug dealer, and I have a contract with Verizon and I love my phone except for the CIQ type problems.
I know quite a bit about windows programming, but I am lost as to how android works, and I don't know what other location, tracking, etc services are hidden with these phones, and I would like all of them GONE, if possible.
Also:
If there isn't such a ROM available, how easy or hard would it be to modify one in this interest?
Thanks for your time, and PLEASE keep the replies on topic and without juvenile remarks in regards to my concern for privacy, as those who would give up essential Liberty to purchase a little temporary Safety, deserve neither Liberty nor Safety.
demiurgic_maven said:
Hi all,
this is my first post, though I have been lurking around for some time here. I didn't get into androids until gingerbread, so I am not too tech savvy about all this, but I have played around with a few ROMS on my Razr Maxx and I like the customization ability of it all.
For reasons I will not get into (to keep this post on topic), I am currently looking for custom ROMS, possibly based on CM10 or CM9 for both mine and my girlfriend phone's.
She has the Droid 4 and I have the Droid Razr Maxx. I originally read about carrier IQ and that a custom ROM was usually the only way to disable it. As far as I can tell I do NOT have CIQ on my Razr Maxx atm. However I do see e911 location which is always on and is, from what I can tell, pretty much the same thing as CIQ. I already know how to disable Google locations services etc - but that's not what I am talking about.
Are there any ROM's for ICS or Jelly Bean which (have data and almost everything working - I can go without a rotate animation etc) disable Verizon's or other government tracking?
My girlfriend's x-bf is a top level NSA hacker, and can always tell where she is, what she's doing, etc. It's very annoying but that's just the tip of the iceberg, but as I said, I'm only looking for relevant answers to my question.
If there are ROMS which intentionally or unintentionally have disabled the e911 or other built in, undisable-able location tracking, as well as anything that would allow texts or calls to be recorded, I would like to know about them. Obviously they would need to be either for the Droid Razr (Maxx) or the Droid 4.
Yes I could buy a "drug dealer pre-paid throw away phone" without being tracked, but I'm not a drug dealer, and I have a contract with Verizon and I love my phone except for the CIQ type problems.
I know quite a bit about windows programming, but I am lost as to how android works, and I don't know what other location, tracking, etc services are hidden with these phones, and I would like all of them GONE, if possible.
Also:
If there isn't such a ROM available, how easy or hard would it be to modify one in this interest?
Thanks for your time, and PLEASE keep the replies on topic and without juvenile remarks in regards to my concern for privacy, as those who would give up essential Liberty to purchase a little temporary Safety, deserve neither Liberty nor Safety.
Click to expand...
Click to collapse
u can always try downloading a spoofer, it will give off a fake location for u. But the best way would be to actually remove the GPS chip from your phones, its like brain surgery but its possible, then u would need to also find a Rom that does not do a hardware check so that your phone will boot without the GPS chip...best bet, have her shut off her cell phone and pull the battery out, or just not use a cellphone, iPod, iPad, tablet, laptop or pc because anything that can hookup to the www can be tracked one way or another.
I just got a note 4 and so now my S3 does not have a carrier plan or sim card or any way to connect to Internet except WiFi. Since it's still in good shape, I'd like to turn it into a media device to use around the house or wherever.
Is there a Rom that has been designed for this purpose? I would think that a dev could really get creative with the design and features if you don't have to worry about cellular network or legal requirements and whatnot.
Anyone ever heard of something like this? I know it can just disable my mobile data, but I'd like to find a more elegant way to make my S3 a media device/streaming device.
Now that I think more about it, it would be just like putting a non-lte tablet rom on it.
Anyway, any ideas or thoughts? Thanks.
Not that I'm aware of. People always ask this question but from most of the perspective I've seen, you can just enable airplane mode and then enable wifi, or with many roms hide what you don't want to see. On my old phone that's basically all I did and I stripped out a lot of apps I didn't need. What I eventually found is that keeping up with 1 device is enough work.
All of the discussions I am seeing are about people trying to root their new Pixel 2 devices. They are worried they won't be able to root due to the Verizon locking and/or lack of images. My question is simple. If I buy a Pixel 2 / XL from google's site, is there anyway I can prevent the phone from being rooted and/or flashed with another (custom or google) bootloader? Can the FRP help me here? I'm just getting ramped on how google's phones work and I want to know if I can prevent evil maid attacks (someone temporarily gets access and loads malicious software on it). If someone has rooted it, is there anyway I would know? Would it have been erased? If I set the OEM unlock to disabled in the developer's options, would that prevent it, or is there a way to disable that in the recovery boot environment? I know the blackberry prevents root and I'm wondering how to achieve similar security with Pixel 2 devices.
Thanks in advance
brainysmurf said:
All of the discussions I am seeing are about people trying to root their new Pixel 2 devices. They are worried they won't be able to root due to the Verizon locking and/or lack of images. My question is simple. If I buy a Pixel 2 / XL from google's site, is there anyway I can prevent the phone from being rooted and/or flashed with another (custom or google) bootloader? Can the FRP help me here? I'm just getting ramped on how google's phones work and I want to know if I can prevent evil maid attacks (someone temporarily gets access and loads malicious software on it). If someone has rooted it, is there anyway I would know? Would it have been erased? If I set the OEM unlock to disabled in the developer's options, would that prevent it, or is there a way to disable that in the recovery boot environment? I know the blackberry prevents root and I'm wondering how to achieve similar security with Pixel 2 devices.
Thanks in advance
Click to expand...
Click to collapse
If you let people spend inordinate amounts of time with your phone, there's not much you can do to prevent someone from rooting your phone... except putting a password on it and not letting people spend inordinate amounts of time with your phone.
Sent from my Pixel 2 using Tapatalk
ajrty33 said:
If you let people spend inordinate amounts of time with your phone, there's not much you can do to prevent someone from rooting your phone... except putting a password on it and not letting people spend inordinate amounts of time with your phone.
Sent from my Pixel 2 using Tapatalk
Click to expand...
Click to collapse
Thanks for the answer. However this has not been true for many phones, namely the blackberry, and even some models of the Pixel (verizon). I noticed you mentioned "putting a password on it". Assuming my phone is entirely feature protected (password, encryption, oem unlock disabled...), will this prevent the the standard rooting procedures? I understand exploits may be found, but I'm not considering those seeing as they will be patched. It's the standard rooting procedures I'm concerned about. I don't want rooting my phone (without me knowing) to be an enabled feature (or possible at at all if that is feasible). My only goal here is to stop that.
Thank you
brainysmurf said:
Thanks for the answer. However this has not been true for many phones, namely the blackberry, and even some models of the Pixel (verizon). I noticed you mentioned "putting a password on it". Assuming my phone is entirely feature protected (password, encryption, oem unlock disabled...), will this prevent the the standard rooting procedures? I understand exploits may be found, but I'm not considering those seeing as they will be patched. It's the standard rooting procedures I'm concerned about. I don't want rooting my phone (without me knowing) to be an enabled feature (or possible at at all if that is feasible). My only goal here is to stop that.
Thank you
Click to expand...
Click to collapse
To root you need to have an unlocked bootloader. Unlocking the bootloader requires the OEM unlocking switch to be flipped. Getting to that point requires you to enter your password twice (unlocking the phone and enabling developer options). You also need a computer with a functional fastboot setup. Unlocking the bootloader wipes the phone and all of your personal information with it. After unlocking the bootloader you have to push some files to the phone via adb or with mtp after you have logged back into your phone. Then you have to flash twrp via fastboot and in turn flash magisk. (This is all of the to of my head. You can read the root threads for the exact details.)
The point is your phone can't be rooted without you knowing it.
Sent from my Pixel 2 using Tapatalk
PiousInquisitor said:
To root you need to have an unlocked bootloader. Unlocking the bootloader requires the OEM unlocking switch to be flipped. Getting to that point requires you to enter your password twice (unlocking the phone and enabling developer options). You also need a computer with a functional fastboot setup. Unlocking the bootloader wipes the phone and all of your personal information with it. After unlocking the bootloader you have to push some files to the phone via adb or with mtp after you have logged back into your phone. Then you have to flash twrp via fastboot and in turn flash magisk. (This is all of the to of my head. You can read the root threads for the exact details.)
The point is your phone can't be rooted without you knowing it.
Sent from my Pixel 2 using Tapatalk
Click to expand...
Click to collapse
Excellent. That is what I was looking for. If that is true, this phone meets my security needs.
brainysmurf said:
Excellent. That is what I was looking for. If that is true, this phone meets my security needs.
Click to expand...
Click to collapse
You don't need to be rooted for malicious software to be loaded on to your phone. Just stick with installation of apps from the play store and check the reviews/ratings and if something sounds to good to be true then it's probably best to avoid it unless you have valid sources authenticating it.
flunk03 said:
You don't need to be rooted for malicious software to be loaded on to your phone. Just stick with installation of apps from the play store and check the reviews/ratings and if something sounds to good to be true then it's probably best to avoid it unless you have valid sources authenticating it.
Click to expand...
Click to collapse
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
brainysmurf said:
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
Click to expand...
Click to collapse
The workflow that @PiousInquisitor stated is true for, AFAIK, every modern Android device in existence.
brainysmurf said:
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
Click to expand...
Click to collapse
So far all the above answers are correct. I'll add a couple more. Evil maid attacks are not being used on phones/android afaik. My understanding is that a computer must be booted with a USB stick while you're not looking, installing software onto your computer/laptop and then hijacking it. So I wouldn't worry about that. Even so, keeping OEM lock in the disabled state in dev options will prevent root on your device. Also do not install unapproved software and if you are that worried you might want a scanning program that will root (no pun intended) out malicious software. I think there are a few out there.
As for FRP, it's a good idea but it can be bypassed. There are people out there that can take a stolen phone and bypass FRP for a fee of around $30. Also searching for FRP bypass will give you some ways as well. So I would not rely on that. Nonetheless they would need to wipe the device to do that and by that time you would have blacklisted the IMEI and rendered the phone useless to the thieves. You and your company seem aware and cautious. I don't think you'll run into any issues with the Pixel 2. You made a good choice.
The device software is rarely the vulnerability, it's the people using the device.
If your threat model is such that the ultimate question is "what can someone do with physical access to the device", you're dealing with zero day exploits that aren't publicly known and all of our feedback is out the window.
Telperion said:
The device software is rarely the vulnerability, it's the people using the device.
If your threat model is such that the ultimate question is "what can someone do with physical access to the device", you're dealing with zero day exploits that aren't publicly known and all of our feedback is out the window.
Click to expand...
Click to collapse
The op is gone. Not sure if she was trolling but this thread is over.
Sent from my Pixel 2 using XDA-Developers Legacy app
T-Mobile will only do a 'temporary unlock' on an S8+ my friend gave me, so I've got 30 days til they lock it again (oddly enough they say we can do this 5 times....can't make sense of that but ok!)
I want to carrier-unlock/crack this handset and it doesn't matter to me if I 'trip' the CPU by rooting to do this (I don't care about not getting updates, am not even intending to use data on this handset just talk/text), though I'm not sure rooting is even required as I've read on Reddit about newer firmwares that you can flash to that, once flashed, will make the handset carrier-free - I'm hoping against hope that that's true and that there's a simple/straight-forward way to just update it and crack the lock but am doubting that, *but* if I'm OK with 'breaking' the functionality of data-usage/updates to android/etc, is there *any* possible avenue for flashing/anything to crack that lock? So long as I can still call/text I'd be happy, am more than fine 'taking it off the network' so far as data is concerned and hoping that would make *some* approach worthwhile, so far my best bet is taking a chance with sites that sell codes to unlock but I've read of people doing this only for the phone to be re-locked (presumably the carrier catches-on, this is part of why I think just disabling data completely would be a smart move for me to get&keep the handset unlocked, and losing data capabilities isn't a real issue for me in the first place as there's wifi everywhere anyways!)
Thanks for any suggestions of what I could look into, I know the 'lock' is on the cpu (snapdragon/US-based/t-mobile) so harder to get around but just can't imagine it's un-crackable w/o a tech on their side helping me (ie those 'unlock unit' sites, which I'm imagining are run by people who work within the telecom infrastructure if they're able to do what they claim- still is hard to believe they'd be able to do that very long w/o being shut-down, it's not like they're working via bitcoin-only or something!)
New1Phone said:
T-Mobile will only do a 'temporary unlock' on an S8+ my friend gave me, so I've got 30 days til they lock it again (oddly enough they say we can do this 5 times....can't make sense of that but ok!)
I want to carrier-unlock/crack this handset and it doesn't matter to me if I 'trip' the CPU by rooting to do this (I don't care about not getting updates, am not even intending to use data on this handset just talk/text), though I'm not sure rooting is even required as I've read on Reddit about newer firmwares that you can flash to that, once flashed, will make the handset carrier-free - I'm hoping against hope that that's true and that there's a simple/straight-forward way to just update it and crack the lock but am doubting that, *but* if I'm OK with 'breaking' the functionality of data-usage/updates to android/etc, is there *any* possible avenue for flashing/anything to crack that lock? So long as I can still call/text I'd be happy, am more than fine 'taking it off the network' so far as data is concerned and hoping that would make *some* approach worthwhile, so far my best bet is taking a chance with sites that sell codes to unlock but I've read of people doing this only for the phone to be re-locked (presumably the carrier catches-on, this is part of why I think just disabling data completely would be a smart move for me to get&keep the handset unlocked, and losing data capabilities isn't a real issue for me in the first place as there's wifi everywhere anyways!)
Thanks for any suggestions of what I could look into, I know the 'lock' is on the cpu (snapdragon/US-based/t-mobile) so harder to get around but just can't imagine it's un-crackable w/o a tech on their side helping me (ie those 'unlock unit' sites, which I'm imagining are run by people who work within the telecom infrastructure if they're able to do what they claim- still is hard to believe they'd be able to do that very long w/o being shut-down, it's not like they're working via bitcoin-only or something!)
Click to expand...
Click to collapse
You can't (really) root US phones. You should be able to put a U(niversal) rom on it, though.
You can have it unlocked via some service, leaving out the U rom.