Related
hi,
I'm thinking about buying WaveSecure...
But I'm almost positive that each one of the developers here, or even some smart kid can uninstall it or change the rom without much problem...
Or am I wrong...
How hard is it to remove WaveSecure? thinking as a thief...
p.s.
Does it turn your GPS on, to send the phone location even if it was off?
Thanks
Gil
It should be fairly easy to remove WaveSecure if the phone has root access, so its a little safer when you have a phone that requires a wipe to get root, and has no on-the-fly exploits to root with.
For uninstall protection, it comes as two separate market apps, and each one will lock down the phone if the other is uninstalled. This won't work if you have ADB enabled, as the thief can use "adb uninstall" to remove both apps even under a lockdown.
If I recall correctly, Google removed the ability for applications to enable or disable the GPS in an earlier version, so WaveSecure will not be able to enable the GPS if it is disabled.
It does give you the option of using it as a "device admin" in Froyo, for things like password reset and remote wipe.
I have an account from WaveSecure back when they were given out freely, so I can test specifics if you have more questions.
So? why should I?
Thanks for the detailed reply..
From your answer I looks like it doesn't worth it...
It requires a good thief, and your WaveSecure doesn't matter...
First thing that a thief will do is remove the battery, and second thing is to wipe it.
some idiots will turn it on to see it if and how it looks like
what do you say?
pay the $20? for a maybe maybe?
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
DroidBois said:
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
Click to expand...
Click to collapse
People do and have bundled things into roms - often dropping them into /system/app directory, though I don't think anyones gone as deep as into the bootloader?
Though, if your phone is rooted, and your installed the app to /system/app, then a thief could in theory just flash your phone faster than if your phone WASNT rooted. They don't even need to root your phone at that point.
An interest aspect of hardening this, might be to compile your on recovery/bootloader that would require a password to get into.
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
The tough pay as I see it would be everyone would need their own custom ROM.
Sent from my SPH-D700 using XDA App
Xerloq said:
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
Click to expand...
Click to collapse
Yep, that's it. I'm assuming most thieves would not recognise a custom ROM or know what to do with it. At least buy some time to try and locate and recover the phone. Only time I'd want a front facing camera.
So what happens if they replace the SIM though? Sending SMS's is nice, but only if your number is still working with that phone. A hard baked security system would send an SMS when the SIM was changed at least.
You shouldn't make a ROM to put an apk into /system/app. You can simply push it through ADB or via terminal emulator. That will atleast survive a factory reset. I don't think many thieves actually take the time to flash a new image
So this is all we need to do? Use the ADB method? So I push through WaveSecure, that could survive a factory reset with settings intact?
Something baked in to recovery would be awesome too.
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
RAMMANN said:
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
Click to expand...
Click to collapse
The application itself will survive - but wouldn't all it's data, which still resides in /data/data be wiped?
So yes... the app survived... But it no longer knows who you are, or whose phone it is.
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
tbaker077 said:
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
Click to expand...
Click to collapse
It's a bit extreme to fork out another $700 on a new phone just for this. The whole point is to avoid spending money in case of theft or loss
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
tbaker077 said:
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
Click to expand...
Click to collapse
Didn't quite understand you, are saying it is possible to bake in some security?
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
tbaker077 said:
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
Click to expand...
Click to collapse
So something *is* possible via software, not requiring special hardware?
Once some gimboid puts in their own SIM you'd think that you can't send an SMS to control the phone although WaveSecure seems to cover that too.
I'd like something as subtle and as invisible as a good virus. Bootloader would be ideal. Theoretically then a full factory wipe wouldn't clear it.
I couldn't tel you. All I know is the Droid Pro is a 3G CDMA. GSM device with some special enterprise security features/software aimed at the BB users.
Doesn't really help us then if that's only available on the Droid Pro.. For the rest of us we still need to work out how to bake in WaveSecure or, ideally, something very subtle. If someone takes my phone I want to nail the little turd, or at least embarrass him when the phone siren goes off or he gets a loud spoken message or something.
Another point, with IMEI numbers, is this of any use if you bought your phone outright? I.e. if my phone is stolen, I can't get the IMEI blocked can I? And can IMEI numbers be changed?
This may meet your needs/requirements. It is called lookout mobile.
https://www.mylookout.com/
I know Paul at Modaco bakes wavesecure into his roms.. not sure if the data would survive a wipe but then whats the point of baking it in system if it doesn't right? Check it out:
Version R9: (requires membership)
http://android.modaco.com/content/h...-rom-for-htc-desire-online-kitchen-2-2-froyo/
R8: (Free for all)
http://android.modaco.com/content/h...for-htc-desire-with-online-kitchen-2-2-froyo/
Okay.. Just found out. This explains everything!
https://www.wavesecure.com/blog/how-to-make-wavesecure-hard-reset-proof.aspx
I don't own an Android phone (yet). A friend of mine does, and I'm the only person she knows who's even marginally familiar with Android.
She has this app on her phone (Ubersocial, not sure how it got there, sounds like it's NOT part of the standard bloatware package). If she uninstalls it, it reinstalls. If she unchecks 'allow updates', it rechecks the box.
Without rooting the phone, is there a way to remove it? I haven't actually physically looked at the device yet, and I've not used Android yet, so for all I know this is the dumbest question ever.
If I DO have to root the phone to remove it, when I root it, how do I ensure it's removed and gone?
I've been talking to others about the issue (on reddit, so replies are slow), and they suggested trying to identify which apk the app is. Is there a file browser on Android, or would I need to physically connect it to a computer. Can I browse it with just Windows Explorer, or is there a specific program I need?
Factory Reset the device.
It can be done from within Android settings and will return the phone to a pristine state.
DirkGently said:
Factory Reset the device.
It can be done from within Android settings and will return the phone to a pristine state.
Click to expand...
Click to collapse
Will only help if the app is not installed as system app.
Hey all,
I would post this on the CM7 thread in development, however I don't have 10 posts to my name, so it's here. I also didn't see anything via searching the Q&A with security of CM7 or other ROMs. If I am wrong, or it's been posted, I apologize!
I read all of these posts on the internet about jail-breaking iDevices via SSH, and it made me wonder if a rooted phone has the same vulnerability (via SSH or other method) that could compromise my phone.
Currently, I have TWRP with CM7, and back-ups of everything, so if I do manage to catch something nasty, I have no problems with restoring. But I'd like to avoid all of that in the first place. I realize pretty much all of this can be avoided with smart internet surfing, avoiding un-trusted apps, and making sure the unknown sources setting is unchecked. Anything else?
There's the app called "look out" I think that's a great app for stopping malware from apps. Or you can go with any anti virus app on the market
Sent from my PG06100 using xda premium
Lookout is a great app, though I personallly prefer Avast as it has the ability to firewall and has a killer anti-theft service that can stay on the device even if the thief factory resets it
Pretty much just common sense, like you said.
- Uncheck "Android debugging" (ADB), "Allow mock locations" and "Unknown Sources" in Settings>Applications>Development.
- Never install Apps that didn't come from the Market (Google Play, whatever). Review the permissions before installing an app... isn't it odd that your notepad app needs internet access, account access and network-based location capabilities?
- Revoke unnecessary permissions and auto run conditions for your apps (I use Gemini App Manager for auto run).
So, I looked at Lookout (no pun intended), and it's ok. I haven't tried Avast yet, and I have Sprint, so I'm looking at it's Total Equipment Protection app as well.
Another question: how effective is the Superuser app at blocking requests for root? Does it intercept all requests or only apps? I understand that getting root via the terminal emulator on the phone needs the superuser, but using the computer to run commands through the shell doesn't (I think). So, if the Superuser app can't prevent USB debugging without permission, what are my options in case my phone gets stolen?
smmiller506 said:
So, I looked at Lookout (no pun intended), and it's ok. I haven't tried Avast yet, and I have Sprint, so I'm looking at it's Total Equipment Protection app as well.
Another question: how effective is the Superuser app at blocking requests for root? Does it intercept all requests or only apps? I understand that getting root via the terminal emulator on the phone needs the superuser, but using the computer to run commands through the shell doesn't (I think). So, if the Superuser app can't prevent USB debugging without permission, what are my options in case my phone gets stolen?
Click to expand...
Click to collapse
Superuser app will prompt you for anything thats asking for root access... When I first rooted my shift I had to grant adb shell superuser permissions...
And honestly if your phone gets stolen, it's gone... We had a user that had has phone stolen and the police nor sprint could do anything about it, even though he knew where the phone was... Here is the thread...
Sent from my PG06100 using Xparent Blue Tapatalk 2
drob311 said:
Superuser app will prompt you for anything thats asking for root access... When I first rooted my shift I had to grant adb shell superuser permissions...
And honestly if your phone gets stolen, it's gone... We had a user that had has phone stolen and the police nor sprint could do anything about it, even though he knew where the phone was... (LINK REMOVED)
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
You know what, you're right about the Superuser part. So, that's good. Now I just need to lock down the recovery (TWRP).
On a side note, it is no longer illegal swap ESN/MEID info anymore, so long as you own the phones involved. I think that was passed by Congress around the same time as the whole jailbreaking thing, however with the new laws coming out soon in regards to the national database of bad phones, that may change.
fayrarri said:
Lookout is a great app, though I personallly prefer Avast as it has the ability to firewall and has a killer anti-theft service that can stay on the device even if the thief factory resets it
Click to expand...
Click to collapse
I use avast too you can select root installation. On a side note about security having root doesn't make your phone any less secure. User error makes things less secure like not checking permissions of a app before installing it.
Yeah but its not just about knowing who took your phone or where it is, the remote wipe can be helpful to remove sensitive data from the phone
fayrarri said:
Yeah but its not just about knowing who took your phone or where it is, the remote wipe can be helpful to remove sensitive data from the phone
Click to expand...
Click to collapse
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
drob311 said:
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
I would pay a good 10 bucks for that app!
Sent from my myTouch_4G_Slide using Tapatalk 2
I realized something unfortunately - the recovery and bootloader can't be locked down, which means that any apps loaded onto the phone can be easily deleted. So, that kinda makes locking the phone down to prevent data theft on a stolen device pointless.
Thoughts on locking the recovery and/or bootloader down in case of a stolen device?
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
drob311 said:
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
Knowing me I'd brick the phone and then find it two days later in my car
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
fayrarri said:
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
Click to expand...
Click to collapse
sparksco said:
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
Click to expand...
Click to collapse
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.
However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.
I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
fayrarri said:
Knowing me I'd brick the phone and then find it two days later in my car
Click to expand...
Click to collapse
But if you activated the brick app, your phone would have already been reported stolen to assurion and put on the bad esn list, even if you find it, it can't be re-activated...
Sent from my PG06100
Lol yes I realize that, just making a joke
smmiller506 said:
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.
However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.
I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
Click to expand...
Click to collapse
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
sparksco said:
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
Click to expand...
Click to collapse
I completely agree with you on this one - data security is more important than anything else. Which is why I'm curious about the security of rooted phones - I enjoy the features of a rooted phone and hate the bloatware/jail-cell environment of a stock phone to give up root.
I will assume that the chances of a thief knowing how to use a rooted phone are pretty good. So, if I can lock down Android and root permissions in the OS, how can I do the same to the bootloader and/or recovery to achieve ultimate security?
Friend got into a fight with his brother. His brother was able to break into his phone.
Friend changed the password on the device last week, and because of his school, he doesn't take the phone with him.
He opened the phone today, and can't remember the password.
It is a Moto G7 Power, running Android 9
It has GenTech installed on the phone.
I do not know any specifics beyond that, as the settings are hidden behind a lock screen.
When I logged into the Google account, it looks like the account hasn't been backing up photos, contacts, etc since the GenTech was put on. iDrive also hasn't been backing anything up.
Are there any tools that can remove the lock screen? Preferably free, but I wouldn't mind paying a small amount. And NOT wipe the device.
Before coming here, I saw Eelphone, but it looked super shady.
Searching through XDA's forums, I saw Dr.Fone as an application as well.
Are these the best options? I mean, I troubleshoot devices for clients all the time, and thankfully haven't had to recover their devices like this, and I know that it has changed a lot since the beginnings of Android, but I need something in the toolbox for sure.
Any help is appreciated, thank you!
Edit: I thought I might try Dr.Fone on my Motorola device. Uh, not the right application that I need! I want the data preserved, not wiped. If I wanted the phone wiped, I'd have done it from the bootloader.
(Or do they make a copy of the device, wipe the phone, and reload everything minus the lock screen?)
(Or is Dr.Fone a malicious program masquerading as legitimate?)
DaNissNYC said:
Friend got into a fight with his brother. His brother was able to break into his phone.
Friend changed the password on the device last week, and because of his school, he doesn't take the phone with him.
He opened the phone today, and can't remember the password.
It is a Moto G7 Power, running Android 9
It has GenTech installed on the phone.
I do not know any specifics beyond that, as the settings are hidden behind a lock screen.
When I logged into the Google account, it looks like the account hasn't been backing up photos, contacts, etc since the GenTech was put on. iDrive also hasn't been backing anything up.
Are there any tools that can remove the lock screen? Preferably free, but I wouldn't mind paying a small amount. And NOT wipe the device.
Before coming here, I saw Eelphone, but it looked super shady.
Searching through XDA's forums, I saw Dr.Fone as an application as well.
Are these the best options? I mean, I troubleshoot devices for clients all the time, and thankfully haven't had to recover their devices like this, and I know that it has changed a lot since the beginnings of Android, but I need something in the toolbox for sure.
Any help is appreciated, thank you!
Edit: I thought I might try Dr.Fone on my Motorola device. Uh, not the right application that I need! I want the data preserved, not wiped. If I wanted the phone wiped, I'd have done it from the bootloader.
(Or do they make a copy of the device, wipe the phone, and reload everything minus the lock screen?)
(Or is Dr.Fone a malicious program masquerading as legitimate?)
Click to expand...
Click to collapse
Is the device rooted?
Does the device have USB debugging enabled in system settings?
If the answers to these questions are no, then all you can do is factory reset. After resetting, it will probably be FRP locked(Factory Reset Protection), which means you still need to remember the google account username and password to get logged into the device, but, the lockscreen pin/password will be removed. You'll lose the user's data in the process. At this point, if it isn't rooted or does not have USB debugging enabled, there aren't really any options to save their user data before resetting the device.
Sent from my SM-S767VL using Tapatalk
The phone is not rooted, unless the GenTech software gained the root access. (I am too new to post a direct link, but it is a monitoring program - I don't know how common it is outside of my community)
If I recall correctly, I did get access to developer options, but that was back in July - I'm not sure if I have developer options enabled at this time.
The paid softwares can't crack it? That really is too bad.