Recently I received a notice from Google saying that my account was accessed from Russia. I also recently installed a custom Android ROM onto my T-Mobile HTC HD2. I was thinking, pretty much anyone can take the Android OS, make a custom version, and release it for download, right?
If so, is it possible that the person who created the custom Android ROM also modified it so they could steal my personal information? I really do like the ROM I am currently using and would not like to switch if I don't have to, but this whole Google thing has me paranoid now.
I have had my facebook lock down a few times from that kind of thing. But never out of the country. Did you check if mock locations is enabled? Settings - Applications -Development. Not sure id that could be the issue, but it is possible it was your phone reporting as another location.
Sent by Supersonic!
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me. I tried changing that Mock Locations setting, but it was already disabled. Just to be sure I haven't entered any of my new passwords into my phone yet since this last incident and I'm going to see if I still have problems.
johnny1178 said:
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me.
Click to expand...
Click to collapse
That's not good. Stay away from those warez & p0rn sites that end in ".ru"
Sent from my ADR6400L using XDA App
Watch out.
Are you sure google is sending these messages?
And does the mail contain a link for you to click on sayiong to change your password?
Alot of times the mail themselves are the scams. And are in most cases sent using the google account but from another server.
Could you copy paste the headers...leaving out your personal mail. In Outlook you can view this by opening the mail File->Info -> properties.
You should see internetheaders there.
Copy paste them. Dunno how to find them in Gmail havn't checked yet gonna see later how to view them in Gmail
Anything is possible, someone making a ROM could put whatever they wanted in there.
It's probably not the most likely way your account would end up compromised though, it could be anything from random hacking to malware on your PC.
Well, that's a good question. It's something that I wonder myself and that sometimes concerns me.
I have ESET antivirus installed and regularly do quick scans on my PC, but I suppose that wouldn't catch everything.
As far as the Google notice, it is not an email message. The notice appears in a red box with bold text at the top of my inbox when I sign into gmail, and I also checked the URL to make sure I was actually on Google.com.
I remember when I looking for ROMS to download, this particular build (can't remember the name) had the most thread views out of all of them at the time, so hopefully someone else would have noticed this issue by now if it was part of the build...
Anyways, thanks for your help. I'll try running an in-depth ESET scan to see if anything comes up.
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
I always thought about that. Just me being cynical I suppose. Some of these deevs just do it for the love
I never thought of that before, maybe I should be more careful in the future..
Thank you gr8 idea...
lude219 said:
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
Click to expand...
Click to collapse
What are you doing where you'd really need to worry about that? Just seems like using an android phone without a google account would be a pain.
Related
I am new to Android. Just got my Vibrant. I want to protect this phone so that in case it is lost or stolen I can recover it. Could you tell me what are some of the best apps for this?
Here is a list of names I know about for now:
Where's My Droid - This is currently installed, but required me to send a text to my phone to activate the GPS and even then it won't keep the GPS active long enough to get a precise location. Furthermore, it can alert the would be robber.
Glympse - well, this is not for stolen phones
Wavesecure - couldn't find any good threads on this. Seems to have an annual subscription fee of $19. I don't want that. Just want a standalone tracker.
Remote security - Not clear that this is a good app.
TheftAlarm - Again, developed in foreign language and I don't know how good it is
MobileDefense - Maybe this is the best app, but it is still in beta and no more users are accepted. I already filled out a request.
Find My Android - Was suggested in this thread, but it doesn't seem to be different from Where's My Droid, except the notification when SIM is replaced.
Lookout Mobile Security - Doesn't seem bad, but it doesn't lock your phone remotely. Can easily uninstall the program. I also found out that I better use a different email address than the one my phone gets otherwise the phone gets an email with "location" of the phone when you look it up online. This is better than Where's My Droid since you can do it more discreetly online, without sending texts (but have to make sure the email you use is not managed by the phone).
Am I missing something? I really want to protect this phone and it is frustrating that among so many apps, we seem to be missing good anti-theft solutions. Preferably I want something that can lock the phone remotely and allow me to do things without interruptions from the thief or at least discreetly. What would you recommend?
Also, I have a rooted (stock) Vibrant.
Thanks.
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
khaytsus said:
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
Click to expand...
Click to collapse
WOW! Ok, but the question is - 1.can it lock the phone remotely? 2.What happens if the thief uninstalls Tracker or changes the SIM (can you password protect it)? Finally, 3.can it take picture AND email them remotely? Otherwise, I don't see much use to this feature if the phone is gone.
Lookout seems rather good, but I have not tested it personally. I'd add a link, but I'm a new user. Should be easy to find with a Google/Market search, though.
Well that (un installing tasker)may be the case with any tech anti theft, if the thief is smart and careful they will wipe/reset/format whatever they took, rendering a soft lo jack useless
I would just get tasker and lookup findmyandroid on lifehacker, its the best current option
Captiv
Yeah, I found out about LookOut on Android forums. I have installed it. It doesn't allow you to lock the phone remotely and can easily be uninstalled.
As for Find My Android, I don't see how is it different from Where's My Droid., maybe except the part where you're notified if the SIM card is replaced.
I updated the original post.
Find my android isn't the name of the app, its what the lifehacker post is tagged as (#findmyandroid)
The program is tasker, and its more customizable and it can turn on gps
Captiv
Sure, Lookout can be uninstalled, as can any other app. But really, you should have some sort of password on your device. With pattern unlock, there's really no reason not to do so.
According to one of the devs on their forums, remote locking as well as "other features" will be coming to Lookout "very soon".
https://lookout.zendesk.com/entries/24881-remote-lock
In the meanwhile, I use WaveSecure for locking my phone and Lookout for tracking, as its mechanism seems much better.
If you want to prevent Lookout from being uninstalled, just move the apk to /system/app (assuming your phone is rooted).
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
GPS Tracker by Instamapper is the one I use most. With a text message, it will return its location via Google maps. It will continually do so for as long as you have it set up for. Every 10 Seconds, Every 2 minutes, Every half hour, etc. I used it to track my stolen phone with the laptop in the car. This app saved me from buying a new phone.
stickerbob said:
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
Click to expand...
Click to collapse
Same here. Glad I got it while it was still a beta!
My phone is both unlocked and rooted. I couldn't stand the crap. I just froze it since all the apps I want install on the card anyway.
With this leak for Android (which Google is patching) is there any app or ROM that will make password entry required (no saved passwords - I don't save them on the computer, so it's no hardship)
I do have wifi calling, and I will use it over public wifi. I go to places where I get one bar at the most, and the motel has free wifi. I want my pet sitters and house watcher to be able to contact me at any time. My daughter moved to England, so I need Skype, and Skype only works on wifi on Android.
I don't use Picasa, sync the calendar, but I don't want my contacts to be bothered if that is what a hacker has in mind. There is no personal info saved on my phone. I also don't game. I don't watch movies.
Also, I would like a firewall. I have both Bing and Groupon banned in the firewall and in the hosts file. Bing is getting too far ahead of itself. It's allied with Yahoo and I do have a Yahoo mail account.
I use the phone as a PDA reference guide, and the processor speed and screen is why I bought it. I have frozen all the social apps and I might delete them. The phone has been working super since it's been rooted and I enjoy it.
Thanks,
Zuben
I am not sure what you are exactly asking?
You mention password entry? If you are talking about accessing the phone, there is the lockscreen that you can either password enable or choose a pattern to lock the device.
You also mentioned about a firewall? There is webroot security which you can manage things. But, you said that you blocked a few things already? I dont understand.
fknfocused said:
I am not sure what you are exactly asking?
You mention password entry? If you are talking about accessing the phone, there is the lockscreen that you can either password enable or choose a pattern to lock the device.
You also mentioned about a firewall? There is webroot security which you can manage things. But, you said that you blocked a few things already? I dont understand.
Click to expand...
Click to collapse
I want the apps to ask for a password - not the phone. If I use app market I want to log in every time - do not save the password.
Google mail and Tmobile I could stop from automatic sync. I don't want them syncing automatically unless it's a needed function.
Example: I got a list of updates today, and I can't block the ones I don't want.
There's one in the list for Youtube and Youtube is frozen. So is Facebook. So I didn't allow the updates.
So does anyone have a custom ROM or an app that does this? And where do you find info on webroot security?
Unfortunately the SGS4G is still in its early stages of development, there are a couple good roms out there but they are still stock and not custom, however they do improve the performance of the phone. As for what your asking for, no there are no roms that do this yet
dsexton702 said:
Unfortunately the SGS4G is still in its early stages of development, there are a couple good roms out there but they are still stock and not custom, however they do improve the performance of the phone. As for what your asking for, no there are no roms that do this yet
Click to expand...
Click to collapse
Thanks, do you think there will be one?
How far can developers go to get rid of stuff?
I saw this:
http://www.usatoday.com/tech/news/2011-05-09-emergency-alerts_n.htm
and I don't want it. Especially presidential alerts. I would guess that the final version isn't out yet, but I'm curious. I think it would eventually lead to abuse.
I buy my phones for my own reasons and use them in my own way, so I'm not your typical user. I see the phone as a PDA, only voice/text is communication.
The rest is all my required information at my fingertips, and the new screens and processors on the phones are great.
Ran accross this article just now, relized you all had to read this. It appears HTC ****** up hard.
http://www.androidpolice.com/2011/1...e-numbers-gps-sms-emails-addresses-much-more/
Scary stuff.
I'm so damn tired of all companies taking the liberty to just monitor our lifes just how they like, no matter if its google, microsoft, facebook, apple or HTC. What anoyys even more is how we passivly is forced into accepting it, and just shrudd our shoulders about it. Reading this, I wish I was smart enough to strike back somehow.
The article says "Some Sensations" I'd like to know what that means
Good find.
Pikabat said:
The article says "Some Sensations" I'd like to know what that means
Click to expand...
Click to collapse
Try running the app...
errr ok this is scary though. i wanna ask what's htcLaputa.apk is?
Sent from my HTC Sensation XE with Beats Audio using xda premium
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
This is the example of how we/some of us just go used to this kind of things and started to accept things we never would have a few years back.
How exactly do you determine whats a trusted source? Obviously weve already had a bunch of malwares entering the market.
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
EddyOS said:
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
Click to expand...
Click to collapse
Im not using so much apps either, on the other hand I want to be able to try some "fun" app from androidmarket without fearing theft og my personal information.
Its not about paranoia to me, I couldnt care less about wheter or not some random dude can read my sms. But Im rather angry about the companies doing just as they like, mainly to direct commercials and ads conected to your personality. Did you know facebook, after their latest update, now saves a certain cookie after your logout and sends all urls you visit with your browser back to their server..?
Well, now Im going offtopic in my own thread.
Id like to see HTC comment on this atleast.
Again, if Facebook care if I open a YouTube video every now and then then that's up to them - I'm not interesting!!
Would be nice to see what HTC say but I'm not going to hold my breath!
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
I tried to run the app, seems like my Sensation is not affected (Dutch one, that is)
so, in order to gain any kind of advantage, those apps need to know this vulnerability exists, am i right? just deleted that apk file, along with some other ones.
As the Android Police blog appears to have melted, here's Aunty's take on it
http://www.bbc.co.uk/news/technology-15149588
Oh noes naughty people can access:
The list of user accounts, including email addresses (but apparently not usernames or passwords)
A log of recent GPS locations (so you can be stalked!!!!)
Phone numbers taken from recent call logs (so people you call can be stalked!!!)
SMS data, including recent numbers and encoded messages (meh if they want to read "Park 123 543" be my guest)
HTC's response:
"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible," the company said in a statement.
"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
jggonzalez said:
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
Click to expand...
Click to collapse
Remember it appears you are absolutely fine unless you install an app which is written to access the log files.
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video). The VNC thingie would also bug me cuz it is an app without any apparent use for the user and it does not serve a specific purpose - its just there until "someone" needs it. Now of course HTC wants to improve on user feedback and pulling it is much more convenient than asking for it, but if they want my opinion and see what I'm using they should at least ask me for it. That said, let's hope HTC addresses this problem in the very near future and does clarify why those apps are there and what purpose they serve. I will run the test app again after the next OTA for sure.
kwiggington said:
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
Click to expand...
Click to collapse
I don't think HTC is the problem.
I believe the problem is Google.
Ever go to the Google Android market place and see what they want to run in the background before they let you in?
I don't go near the place.
majesensei said:
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video).
Click to expand...
Click to collapse
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
xaccers said:
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
Click to expand...
Click to collapse
True, and I agree that this is not a scary thing for itself. I am not a fan of conspiracy theories, but think about a combination of things: The log is created and sits there. There is a VNC client embedded deeply in your system by your manufacturer for no reason, which gives access to your device from a remote location. I am from Germany and used to a debate about data preservation (which is illegal, in Germany), but there are other countries that have a much broader "grey-zone" for these kind of things. I wonder where those Sensations with the HtcLogger.apk are ([email protected]?). We are all running the same Android build (as long as we don't root our phones), some are affected, others aren't. I just find it weird, and I doubt that some rogue dev at HTC programmed these apk's just for the fun of it.
There are thousands of complaints made of the past couple years about old devices/apps showing in Market/Play with nothing more than "we're looking into it" response. Being one of those people I contacted Goggle about this and continued to do so until I received something other than the typical run around. After multiple emails back and forth between myself and Google about old devices (or in my case, the same device multiple times) and unwanted/removed/no longer available apps listed in Market/Play accounts, I have finally received a solution but it's not what you think. Google's solution;
"If you create a new GMail account, you will have a clean record of
apps. You could also switch to another phone (outside of the Android
ecosystem)."
So create a new account and repurchase your apps or leave Android. Umm...thanks?
Emails and support forum posts accomplish nothing to resolve this, submitting this to portal may make some progress towards a solution.
I'll choose the latter option. Maybe if enough people do, Google will make at least some attempt at fixing their product.
Sent from my SGH-I777
If this does make portal and spreads to the other sites with no resolution from Google then that may be the only option left.
The excuse that there's no way to purge/clean the DB is laughable at best. If there was no way to do so then purchased apps released by dev's who's accounts have been closed would not have auth fail issues. This happens because the app/dev DB has been removed/purged from the system. This means the functions to maintain the DB are already in place.
I'm guessing that nobody other I cares about this so kill it with fire.
I care a little bit, I think it is ridiculous that there is no option to do this, but I am not about to give up android at this point in time.
Same here, I think Google's reply was the dumbest thing I have ever heard a company say, but I don't think this is a big enough issue to leave android.
Sent using Tapatalk
i do find it annoying that old devices of mine still show up in the market...
SGS2 (T989) on CM7_373R6
I can see one reason they don't want to enable this feature. But it's not like they are admitting this is a reason.
If you can delete devices and someone compromises your gmail account they can delete your device.
I'd say a viable solution would be to be able to delete a device if it's been inactive for >6 months
And at least one of my first phones has fallen off the list, but that was a long time ago.
A few months ago, someone hacked my gmail and associated their phone with my account. I have no way of kicking them off my account because Google has a "I can't see it so it's not a problem" attitude.
TimberWolf5871 said:
A few months ago, someone hacked my gmail and associated their phone with my account. I have no way of kicking them off my account because Google has a "I can't see it so it's not a problem" attitude.
Click to expand...
Click to collapse
If you change your password they won't be able to connect to your account anymore, but the device will still show under your account.
Sent from my DROID BIONIC using Tapatalk 4
I have a general question for all droid phones.
To make a long story short I have a crazy ex-wife that constantly hacks into my phone. When I get a new phone she tells me the model.
She reads thru my text messages and at times has even sent texts to my contacts.
At times when I open my phone she displays her facebook picture on the phone.
Does anyone know how to stop this???
I heard that droid phones are easy to hack by using something with the email system. If this is true is there any way to stop this?
This constant hacking is driving me crazy. My service provoder will not help no matter who I talk to.
Any advice would be greatly appreciated.
Jerry
Yeah get a restraining order... The perfect way to deal with a crazy X. Been there.
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
raydowe said:
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
Click to expand...
Click to collapse
Minus, or so I am guessing, she isn't any where near him when she does it...
In other words, the phone could be in his pocket, and she would still be able to hack it...
I've never heard of anything like this being done without physical access or even knowing what model phone the person has, have you? I guess if someone had access to your google account they could remotely install apps through the marketplace.
It looks like she has access to your google account sync to your droid and installed any "spy" app. Try changing your account's password, do a factory reset and don't allow any backup.
raydowe said:
they could remotely install apps through the marketplace.
Click to expand...
Click to collapse
If she has his email and password, I can see it possible. But either way if the phone company wont do anything. Then the easiest way is to serve her with a restraining order. My ex was this way and I had to freaking move states in order to get the hell away from her.
Even so she still followed and harassed me in the state I am in. Not in person. Electronically. I just ignored her, and the problems went away eventually.... His ex sound pretty persistent. That gets annoying QUICK! like you start having evil thoughts annoying.
Therefore I say get a restraining order. You may even be able to get a fee wavier if you qualify for it.
Change your google passwords, phone co. account password (if you pay online) lock you phone and any other accounts associated with your phone. Do get a restraining order!
Sent from my Radar 4G using XDA Windows Phone 7 App
Wow I feel sorry for you man it sounds crazy... Hope you can life through it and fix everything.
raydowe said:
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
Click to expand...
Click to collapse
You're missing the point, this crazy woman is his ex wife so there's no way she's putting her hands on his phone but she hacks him anyway from remote !
Your wife is really crazy to do such things! Get a restraining order. Change every account associated with the device. Create new ones. Hope things would definitely change!
extrem0 said:
It looks like she has access to your google account sync to your droid and installed any "spy" app. Try changing your account's password, do a factory reset and don't allow any backup.
Click to expand...
Click to collapse
sorry but why do not allow any backup? what's the problem with the backup? I was hacked in a similar way and the only thing I did was clicking on a fake video I was tagged on Facebook, which installed a remote access tool. And similarly to the author of this thread, the hacker can now read my whatsapp, facebook, instagram and gallery pictures no matter how many password I change or 2FA. I would like so much to get rid of it.