Related
I am concerned that Google has their tentacles all throughout the OS, and I want to take all measures to stop that. I particularly don't like their search query tracking (I use ixquick) and their nav app, as their privacy policies are atrocious.
Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious.
Of course I'll not be using the apps of that-search-engine-everybody-uses. Removing them forthwith, in favor of whatever GPL open-source apps there are available for various functions. Using self-contained nav software like CoPilot or TomTom.
So, have any devs investigated whether Android phones home at any interval? Have measures been taken to privacy-enable the Android firmware?
I hear that HTC has some sort of 'phone home' function. How to neuter that?
What good is Wifi? Is it that you can use that when available, not using up 3G bytes? I am asking what use it is on a mobile in consideration of mobility and the security problems -- what uses can this be put to, and how to secure the phone?
Where is the best place to find open-source apps?
I'm curious about this as well, not so much from a privacy standpoint, but how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem? And actually Google apps aren't in the Android sources, so you won't have them after compiling. Yeah, two birds with one stone.
Also you could disable WiFi if you don't like it.
Tachikoma_kun said:
how the hell can I stop the mysterious data that is flowing out of my phone when everything like background syncing and all data connections are turned off.
Click to expand...
Click to collapse
Errr... what ROM and how many apps do you have installed? There is no "mysterious data" on clean system, but 25% of apps use data connection for various reasons.
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
The background syncing does not turn anything off as far as I know.
To my knowledge it allows 3rd party apps the ability to check if the user has flagged this, but they do not have to respect this flag.
Tachikoma_kun said:
I'm on the stock 2.1 ROM for the Samsung Galaxy S. I turn all the background syncing, email, and stuff like that off, and overnight it can use about 1MB of data.
I don't have any "free" apps running that might download new banners or anything like that.
Click to expand...
Click to collapse
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Brut.all said:
http://source.android.com/
This is all you need - you could remove/modify anything you want, so... what's your problem?
Click to expand...
Click to collapse
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
i think he meant either put up or shut up, which is a pretty reasonable statement.
IMO it's anonymous user data.... let them build cybernet
otherwise say no to the T.O.S that is your constitutional right if you have "privacy" concerns
Brut.all said:
Syncing is just... syncing. But there are many other things, that apps do. Spare Parts -> Battery history -> Network usage.
Click to expand...
Click to collapse
Thanks, will give that a try.
themapleboy said:
i think he meant either put up or shut up, which is a pretty reasonable statement.
Click to expand...
Click to collapse
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Brut.all said:
I meant we all have access to the sources, so we don't have to "investigate" what Android exactly does - we just know, that it doesn't do any "mysterious" things. There are many people working with these sources for many months, I doubt there are some undiscovered things.
Click to expand...
Click to collapse
u know what they say about assuming...... it always makes you look like a jackass
Yeah, I mean we're not playing with iOS4 or anything.
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
If you're still concerned, I suppose you could always opt not to install the Google Apps, but you'd be a bit limited, functionality-wise.
Sent from my Droid using XDA App
themapleboy said:
let them build cybernet
Click to expand...
Click to collapse
O' little do you know... many years ago I did work in Eastern Europe. You have no idea the paranoia a society can endure. For an idea, watch the old TV series Danger Man. Or the movie 1984.
If most young people share your view, it is a dark future. I'm glad I'll be dead.
herald83 said:
In all seriousness, Android's been out for quite a while now and has been looked at by a LOT of people. Not saying that it's *impossible* but it's highly unlikely that anything nefarious is going on.
Click to expand...
Click to collapse
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
I smell a rat...
Quantumstate said:
...Before someone accuses me of being a hacker or criminal, I am simply not willing to hand over my 220 year old Constitutional rights for a transient fear campaign manufactured by The Machine. And I do not want my information used for profit without permission. I used to be a cracker, and know what is possible. I'll not respond to those who call me 'paranoid'; they are oblivious...
Click to expand...
Click to collapse
Quantumstate said:
What's my problem, LOL? I am a 52yo real estate developer, not a coder. This is why I'm asking the question.
Click to expand...
Click to collapse
A 52yo real estate developer, whose not a coder, but used to be a "cracker" and knows what is possible? Anyone else here think this doesn't make a bit of sense?
It's funny, but it sounds like someone is trying to stir up some FUD by making claims that Android is somehow doing an "All your data are belong to us...". I hope Apple aren't paying your cheques!
@perpetualmotionuk: Be advised that there is a difference between mathematics and decryption, and coding. Yes I can do some coding, but not at a level necessary to analyze and modify an operating system.
If Apple were paying my 'cheques', wouldn't I come in with some sort of proof that monitoring is taking place? Rather than asking what others have found?
Now, rather than trying to tear people down, why don't you use that considerable nose to investigate this yourself?
No one's seen anything about info leakage?
Quantumstate said:
Understand. I just can not believe though that Google is not harvesting some sort of information, as that's their business model. They never discard any info they receive, and you can build a shockingly accurate portrait of someone from their searches over time. Google's CEO recently said, "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It", echoing the Bush Doctrine of a Police State.
Maybe Android is innocuous for now, and I'm sure it's been examined. But I'm wondering what the results were? Why are ppl seeing data outflows?
Click to expand...
Click to collapse
Most of that data is pulled from search history, I suspect. Which you can disable, if I recall. Don't have my phone on me at the moment to confirm.
I just did a very simple test on an emulator: after ~15 minutes of running system there was 0 (zero, null) of network packets. Now I want to do the same on a device with clean system, but I think results will be the same or similar (SDK system is just normal Android - very similar to these from devices).
I have a feeling that even if I will catch zero packets as well, you will be asking whether Google send something mysterious through... errr... bluetooth? Some hidden antenna?
If you're worried about Google tracking your info...root the phone and don't install the Google apps. What do ya know...problem solved.
If you're still worried that people are tracking what you are doing see steps below.
1) Flush phone or give to a homeless guy to throw them off.
2) Destroy Computers.
3) Liquidate everything you own.
4) Walk into the woods and live off the land.
5) Kill self shortly after because they already have a file on you.
You say you're a 52 year old real estate developer...guess what...they're already tracking you. You're already helping to build "cybernet" just by living and breathing.
And if you are really worried about your "220 year old Constitutional Rights" then go read the Patriot Act and discover that you don't have ****.
I'm normally not one to flame...but you are an absolute idiot.
I'm not an English person, excuse for the syntax/grammar/... mistakes I'd could make.
hedjemunkee said:
I'm normally not one to flame...but you are an absolute idiot.
Click to expand...
Click to collapse
I don't understand WHY this person could be considered as "an absolute idiot" by ASKING if some 'data' are sent over the network through the phone.
Facebook, with it's ad system is sending information for each ad displayed (not alot, but still some !)....
ADS.GOOGLE do you have any idea about what's behind !?
I don't have the number (nobody have it) of webpages using it but it's huge. with this you can track navigation of people, establish profiles, link to a physical person. Without your consent.
I understand the concern of the "OP" here. I don't think the data sent are easy to "catch", or are systematically sent... maybe there is no, and you are paranoid. But it "COULD". So easily. I'm from the young tech generation.
And to quote
Quantumstate said:
If most young people share your view, it is a dark future. I'm glad I'll be dead.
Click to expand...
Click to collapse
People who don't ask themselve the question, or wich refuse to be open minded enough to consider the right to ask this question ... could be surprised very soon. I'm not directly affraid of "google". I'm affraid of those 'blind' people.
You'll be dead in less than 10years !? I hope we can share some of the darkness you're talking about. your parent's generation started it, you continued it.
Anyway, back to the topic.
Why in my pocess list i've : (app id number) com.ap.SnapPhoto:remote
even when I do not use the camera !?
...when I notice my battery is being used more than usual I check the process list and I find this...
What's this "remote" !?
Maybe "remote" refers to "another app wich launch this app"... ? Otherwise... wow.
I can't post links yet. Just Google: iPhone tracking your location
This has already been posted once, but because it is a big deal I wanted to draw more attention to it. As most of the people on XDA run rooted phones and custom ROMs, I would like to know if our favorite ROM developers have happened upon anything "interesting" regarding location data baked into stock ROMs/AOSP ROMs/Cyanogen (God forbid), or any other suspicious behavior.
I don't want to see people freaking out, or pointless jokes about tin foil hats, I'm interested in a discussion regarding our Android devices and location data and the storage of that data.
We all know that Google tracks our searches and some location data in order to provide targeted advertising. This is fine, because I would much rather see an advertisement for a 2012 concept car or screenshots from TES:Skyrim instead of something Macy's or Vagisil related. I'm more concerned about unauthorized people gaining access to this data. If I need to get rid of my Droid X with Fission 2.5.7 to protect my younger siblings or my fiancée or my future child, I want to make that decision with HARD DATA to back it up.
~NDK
[EDIT: Mods may move this if necessary, but my question is really directed towards developers and their (much deeper) understanding of Android and how it operates.]
Lookout keeps me safe.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
It may keep your phone safe, yes. Allowing Lookout to track my phone was convenient for a while, but I realized that in 4 years of smartphone ownership I had never lost my phone do to my invention of the ASSPAT. That's right, the Automated Self Search for Phone And Things. I do it every time I leave the house! Anyway, Lookout ended up being just another useless app that added nothing to my Android experience and subtracted battery life. (Although I saw minimal battery life change and actually liked that app.)
On topic, please ask your dev if they have ever happened upon anything suspicious in digging through the Android file structure.
Androidboy35961 said:
Lookout keeps me safe.
Click to expand...
Click to collapse
really? how sure can you be abt that? you know that any app that has root rights can do practically anyth to your phone don't you?
First of all, why don't I just write this in an existing thread? Because I don't want this post to get buried. I think I've come up with a perfect anti-theft setup.
(1) Go to google and setup a new account. Password for this account should be something easy for you to remember. Do not add this account to your tablet. You also do not want to use this account for your everyday emailing.
(2) Go to market and buy the app "gotya". It's only $2 or so. Come on, morning coffee costs more than this.
(3) Go into gotya and setup so that gotya will email a picture and gps coordinate every time the tablet is turned on or brought out of sleep. Delay taking a picture by a few seconds to make sure the user is looking into the tablet.
(4) Put the email account you just setup into gotya. This email is a complete record of who's been using the tablet. Most of the time, it will be you. But if your tablet is ever stolen or lost, all you have to do is go into this email account and look at the last time it was turned on for picture of user and location.
(5) Don't forget to password protect gotya.
(6) DO NOT password or lock your tablet. The point of this setup is you want the thief to be able to log into your tablet so he can log into wifi so gotya can email the info to you. If the thief is logged out, he can simply nvflash, factory reset, hard reset, or sell it at a pawn shop. You want to encourage him (or her) to use the tablet at least once so you can get a good picture and gps coordinate of the thief for the police.
(7) The app gotya will run quietly in the background for all times. It consumes the absolute minimal resources. In fact, your tablet can even go into deep sleep. Gotya really is a well written app.
(8) Again, do not put the gotya email into your email account to sync on your tablet. You don't want the thief to know you're keeping track of his whereabouts and his face.
hmm. this may be cool to setup in the future. my tf doesnt leave the house at all really so theres no need quite yet. lol good post though OP!
very interesting, thanks for sharing. Would be interested in what fellow xoomers or eepaders have to say about this setup
definitely getting this for my tablet
cerberus is pretty much the same as this and as alot of nice features
salbalboa said:
cerberus is pretty much the same as this and as alot of nice features
Click to expand...
Click to collapse
Please elaborate.
locks the device,emails you the location and takes pictures also can wipe data all from a web page. i use this on my phone aswell as the tf.
salbalboa said:
locks the device,emails you the location and takes pictures also can wipe data all from a web page. i use this on my phone aswell as the tf.
Click to expand...
Click to collapse
How does it know when to lock the device?
It wouldn't stop the thief to boot into recovery right away and wipe the device, would it? So, it might be a nice protection against a crime of opportunity, but nothing against someone who knows what he's doing.
pypen said:
It wouldn't stop the thief to boot into recovery right away and wipe the device, would it? So, it might be a nice protection against a crime of opportunity, but nothing against someone who knows what he's doing.
Click to expand...
Click to collapse
Just for kicks, I've been asking random people the past 5 days or so if they know how to boot into recovery on an android device. So far, no one has said yes.
What are the chances that the thief would know how to wipe the device?
Any security system can be bypassed if you have the know-how. This doesn't prevent we have security systems all over the place. Why? Because not many have the know-how.
goodintentions said:
I think I've come up with a perfect anti-theft setup.
Click to expand...
Click to collapse
I think your name fits you well. It is obvious you have the best of intentions. However, a thief that knows ANYTHING about tech would open it up, and then before doing anything else (such as connecting to wifi) would just factory reset it. At least that is what I would do with any stolen tech I took (assuming I would...and if our economy keeps tanking I might have to become a thief). Even with open wifi, if you don't already have that SSID setup, it wouldn't connect without input.
So unless the person was dumb enough to not only open it up, but then connect to a wifi source first, this would never work. Your best bet would be to hope they were either really stupid in general, or a really stupid identity thief that would want your personal data intact while using it.
Basically, your best anti-theft practices would be to always keep your **** with you. Don't leave it in the car, don't leave it sitting on a table at a coffee shop while you go take a piss, etc. Mine never leaves my side when I'm out and about with it. So the only way someone is getting it from me is either by gunpoint or magic.
I have a story to tell. So, a long time ago in another life I worked as a cop. Patrolled along the highway during the nighttime. One night, and it was a boring slow night, I decided to pull over a car that was going about 15 or so over and was going to give him a warning. Nothing else to do. When I walked up to him, the first thing I saw was him eating something. As we talked, I could see weed all over his teeth. The guy ate a bag of weed. Told him to step out. A bag of rock cocaine fell out of his pocket.
I walked away from my law enforcement career knowing most criminals out there are stoopid. And no matter how tough or tough looking they are, they all cry once busted. Sure, there are some brilliant ones out there. But I'm sure chances are you will lose your TF to a dumb one. The odds are against a smart criminal stealing your TF.
Anyway, you are absolutely right. My method isn't fool proof. But think about it for a moment. The email account for this purpose will have a detail record of who and where turns the TF on or bring it out of sleep. All it takes is a connection to wifi and the app will email all its records.
That said, my TF doesn't leave my side either LOL.
I really wish they would enable wireless/GPS tracking right into the ROM so you can look it up based on serial number. I wonder if I should patent the idea so I can sue Apple and others when they finally get around to implementing it on tablets... Hmmm....
Not sure if it works on tablets, but my wife lost her Android phone and I used Android Track to get it back - I even installed it after the phone was lost. It does quite a bit like location tracking, remote wipe, takes pictures, records audio, will say something using text-to-speech, can view the call log, etc. Free too
-- Sent from my HP TouchPad using Communities
ExploreMN said:
I really wish they would enable wireless/GPS tracking right into the ROM so you can look it up based on serial number. I wonder if I should patent the idea so I can sue Apple and others when they finally get around to implementing it on tablets... Hmmm....
Click to expand...
Click to collapse
Isnt that already in the iphone? They had that big invasion of privacy thing on the news.
If you made it an optional etc though that would be cool and different.
Sent from my tf101 using xda premium 1.54Ghz
A good companion for this is App Locker. It pops up a fake FC screen. You can lock stuff you don't want them to see. pic/mail/ect. It has a feature that if you unlock one app, they all unlock, then locks when screen turns off/on.
Check it out.
https://market.android.com/details?id=net.xdevelop.protector&hl=en
I like the OP's idea. I also think this thread betrays some peoples naiveity. If you are going to steal someones computer: go for broke. See what data of value you can scavenge out of it, THEN do a factory reset. You might find more ROI on the risk of having stole the darn thing, and hey, if you're gonna be a thief, may as well do it right lol.
Does anyone else wonder if ICS's face unlock stuff can handle beards or just photo prints? LOL. Edit: Looks like the photo-print idea has already been tested.
Sent from my Transformer TF101 using Tapatalk
I need to make any information on the device unrecoverable. I need to return my S3 to the store and want no personal or professional information left on it, or recoverable from it.
Is there any way to do this?
Thanks
ancashion said:
I need to make any information on the device unrecoverable. I need to return my S3 to the store and want no personal or professional information left on it, or recoverable from it.
Is there any way to do this?
Thanks
Click to expand...
Click to collapse
Go to settings- backup and reset- then click the factory data reset box.
Thank you for your reply. I understood that a factory reset left data stored on the device. Data which is recoverable if someone decided to look hard enough.
Much like a format of a sdcard. You can still recover information from the sdcard, even though the file folder says it's empty.
On a side note, I wonder if encrypting the device first with the built in app and then wiping it would make the data that much harder.
I really don't have anything I need to hide, I'm just a paranoid soul.
Your paranoia greatly exceeds the amount of effort VZW would go through to get any data off of a returned phone. All they're going to do is wipe it again (possibly wiping the efs partition as well, depending on the conditions of the return and their internal requirements) and ship it off to someone else who will care even less about what was on it before than VZW does.
AlexDeGruven said:
Your paranoia greatly exceeds the amount of effort VZW would go through to get any data off of a returned phone. All they're going to do is wipe it again (possibly wiping the efs partition as well, depending on the conditions of the return and their internal requirements) and ship it off to someone else who will care even less about what was on it before than VZW does.
Click to expand...
Click to collapse
How you feel about it is irrelevant. Do not project your thoughts onto my desires. I wish to wipe my phone so no data is recoverable however paranoid it makes me seem. It is my desire to do so.
ancashion said:
How you feel about it is irrelevant. Do not project your thoughts onto my desires. I wish to wipe my phone so no data is recoverable however paranoid it makes me seem. It is my desire to do so.
Click to expand...
Click to collapse
I wasn't projecting anything. I was simply stating truth. I understand you're paranoid about it, just that your paranoia exceeds the effort anyone would go through.
Whether or not it's possible (something I DIDN'T comment on) is different than whether or not it's necessary from a personal security standpoint (something that's a matter of opinion) and is different than whether or not it's likely to happen based upon effort required (something I DID comment on).
ancashion said:
Thank you for your reply. I understood that a factory reset left data stored on the device. Data which is recoverable if someone decided to look hard enough.
Much like a format of a sdcard. You can still recover information from the sdcard, even though the file folder says it's empty.
On a side note, I wonder if encrypting the device first with the built in app and then wiping it would make the data that much harder.
I really don't have anything I need to hide, I'm just a paranoid soul.
Click to expand...
Click to collapse
The other option you have is to re install the stock firmware through odin. Just check off the boxes within odin that will delete and wipe everything. Lastly, hold vol up, home, and power, go into the recovery mode and wipe all data and cache. This is about as thorough as it gets.
Wow. Very rude. Guy helps you and then you comment like this.
Sent from my SCH-I535 using xda app-developers app
yeah no kidding. its almost as if he is trying to hide something or his wife is a tech .
AlexDeGruven said:
I wasn't projecting anything. I was simply stating truth. I understand you're paranoid about it, just that your paranoia exceeds the effort anyone would go through.
Whether or not it's possible (something I DIDN'T comment on) is different than whether or not it's necessary from a personal security standpoint (something that's a matter of opinion) and is different than whether or not it's likely to happen based upon effort required (something I DID comment on).
Click to expand...
Click to collapse
There is no way to completely do so. Any method will result in data being recoverable, albeit expensive and time consuming to do so.
chamberc said:
There is no way to completely do so. Any method will result in data being recoverable, albeit expensive and time consuming to do so.
Click to expand...
Click to collapse
Writing zeroes to every bit of the /data partition, and then a pass with 1s will completely obliterate any possibility of recovering anything.
Even without doing so, the effort in doing so is exponentially higher than the value of the data unless OP is a covert CIA agent dealing with the Iranian nuclear problem.
Anything that 99.9999999999999999999999% of the cellphone using public has isn't going to be worth more than a few bucks to anyone, and the cost of recovering data from flash memory even after a simple repartition is more than most will obtain.
AlexDeGruven said:
Writing zeroes to every bit of the /data partition, and then a pass with 1s will completely obliterate any possibility of recovering anything.
Even without doing so, the effort in doing so is exponentially higher than the value of the data unless OP is a covert CIA agent dealing with the Iranian nuclear problem.
Anything that 99.9999999999999999999999% of the cellphone using public has isn't going to be worth more than a few bucks to anyone, and the cost of recovering data from flash memory even after a simple repartition is more than most will obtain.
Click to expand...
Click to collapse
Agreed. However for someone so paranoid, I don't think it was wise to mention both the CIA and Iran in the same sentence as that probably might have raised some flags somewhere. Oops..and now I've done it again.
AlexDeGruven said:
Writing zeroes to every bit of the /data partition, and then a pass with 1s will completely obliterate any possibility of recovering anything.
Even without doing so, the effort in doing so is exponentially higher than the value of the data unless OP is a covert CIA agent dealing with the Iranian nuclear problem.
Anything that 99.9999999999999999999999% of the cellphone using public has isn't going to be worth more than a few bucks to anyone, and the cost of recovering data from flash memory even after a simple repartition is more than most will obtain.
Click to expand...
Click to collapse
Incorrect. It is still recoverable.
chamberc said:
Incorrect. It is still recoverable.
Click to expand...
Click to collapse
Show me where data has been recovered from flash media after 2 passes.
Hell, show me where data has been recovered from flash media after just one pass.
My wife isn't a tech and I'm not hiding CIA secrets. I'm just a private person. I don't know why.
I keep a boot and nuke dvd next to my computer at all times. I take it with me on trips.
I also keep a survival kit with me at nearly all times. My jeep is basically a mobile survival kit.
Again, just a private person. I've been starting a lot of **** with Verizon lately and I have to take my phone back to them as they've deemed it DOA. I have an "in person" meeting with a manager at my local (1.5 hour drive) VZW store tomorrow.
Here's a bit of back story- Took my phone in for "in person diagnosis" since VZW tech support over the phone could do nothing over the last two weeks besides issue me new SIM cards. While I'm in there, dude ****s up my phone, refunds my money for my phone, says he's (VZW store) taken possession of said phone and supposedly gave me another one. VZW over the phone verified I am on my original phone via MEID but VZW store front wants to meet in person and view the phone directly. Meanwhile, the phone he said I was issued is missing from the stores inventory. Nobody knows where it is. To make matters worse, when they tried to contact the rep that helped me in person, he had been in a car wreck and is apparently in the hospital. I don't know if it's true or not, but, **** seems fishy about all this and I don't want to take chances. I don't keep much information on my device per-say, but it is in my email, as well as other "cloud based storage" areas. This information is sensitive to me and I don't want joe schmo getting their hands on it.
I plan on wiping the phone, but, if there was a secure way of doing it so none of my information was recoverable, by anybody at any time I would love to do it.
Alex, my apologies if you felt my comment to you was rude, but, straight up- that's how I feel. I didn't ask for peoples opinions of doing it, I asked for a "how-to." I feel like I should do it. I feel I need to cover my ass here. With everything going on, yea, my paranoia meter is off the charts. It goes back to my blackberry storm days. I received a new device from insurance. Installed Pandora and viola- all the last owners playlists popped up. Sure, it may be little information but I didn't even try. This was from a bb as well- supposedly one of the stronger secured devices of the time.
I'm considering encrypting the device via it's onboard software, then wiping it. Maybe? Not really my area here.. (provided I have one..)
OK the guy that helped you is a scumbag. tell the manager how you feel about your personal info but don't sound suspicious it may raise red flags but that tech was trying to scam the system and get a free device.IMHO it does sound fishy bit most likely just a gig trying to scam a phone and is not after your personal info. get your new device and be on your merry way. and prepared isn't paranoid.
Good paper on sanitizing flash memory.
http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
bigmook said:
OK the guy that helped you is a scumbag. tell the manager how you feel about your personal info but don't sound suspicious it may raise red flags but that tech was trying to scam the system and get a free device.IMHO it does sound fishy bit most likely just a gig trying to scam a phone and is not after your personal info. get your new device and be on your merry way. and prepared isn't paranoid.
Click to expand...
Click to collapse
I agree prepared isn't paranoid but damned if that ain't what everyone calls me.
No, they aren't after my information, I'm sure of that. Every time I call Verizon's tech support they ask me if I will allow this device to be troubleshot "remotely." They *could* get whatever they wanted already.
I just don't feel comfortable doing it is all.
That Rep was an asshole. I saw the signs- just didn't put it together. His hands were trembling, he kept looking around for people behind him who could see his screen, he was quiet, really concentrating on the computer.. it was all there. Next time.
henrys01 said:
Good paper on sanitizing flash memory.
http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Click to expand...
Click to collapse
Thanks for the link man but after the first couple paragraphs I realized I was in over my head.
ancashion said:
My wife isn't a tech and I'm not hiding CIA secrets. I'm just a private person. I don't know why.
I keep a boot and nuke dvd next to my computer at all times. I take it with me on trips.
I also keep a survival kit with me at nearly all times. My jeep is basically a mobile survival kit.
Again, just a private person. I've been starting a lot of **** with Verizon lately and I have to take my phone back to them as they've deemed it DOA. I have an "in person" meeting with a manager at my local (1.5 hour drive) VZW store tomorrow.
Here's a bit of back story- Took my phone in for "in person diagnosis" since VZW tech support over the phone could do nothing over the last two weeks besides issue me new SIM cards. While I'm in there, dude ****s up my phone, refunds my money for my phone, says he's (VZW store) taken possession of said phone and supposedly gave me another one. VZW over the phone verified I am on my original phone via MEID but VZW store front wants to meet in person and view the phone directly. Meanwhile, the phone he said I was issued is missing from the stores inventory. Nobody knows where it is. To make matters worse, when they tried to contact the rep that helped me in person, he had been in a car wreck and is apparently in the hospital. I don't know if it's true or not, but, **** seems fishy about all this and I don't want to take chances. I don't keep much information on my device per-say, but it is in my email, as well as other "cloud based storage" areas. This information is sensitive to me and I don't want joe schmo getting their hands on it.
I plan on wiping the phone, but, if there was a secure way of doing it so none of my information was recoverable, by anybody at any time I would love to do it.
Alex, my apologies if you felt my comment to you was rude, but, straight up- that's how I feel. I didn't ask for peoples opinions of doing it, I asked for a "how-to." I feel like I should do it. I feel I need to cover my ass here. With everything going on, yea, my paranoia meter is off the charts. It goes back to my blackberry storm days. I received a new device from insurance. Installed Pandora and viola- all the last owners playlists popped up. Sure, it may be little information but I didn't even try. This was from a bb as well- supposedly one of the stronger secured devices of the time.
I'm considering encrypting the device via it's onboard software, then wiping it. Maybe? Not really my area here.. (provided I have one..)
Click to expand...
Click to collapse
I'd suggest that if you feel that strongly about securing your data you're going to need to go beyond just asking some folks on a forum before you really feel safe considering the steps you've taken otherwise. It is time to do some reading.
Of course you're entitled to do whatever it is you want with your device. I have to wonder:
What do you have that you feel you need to take such precautions?
What do you think folks would do with whatever it is you have?
It also seems a bit odd that taking things so far at home that you'd even use a cellular network in the US and keep data on that phone. So much on these phones auto sync to storage you have no control over and frankly just traversing these fairly insecure networks that are already well integrated with wiretapping and monitoring systems... it seems an odd choice.
Hi
I know that this will sound like another hacked story but I know what to do.
My phone got hacked couple of months back.i didnt know it was untill the hacker started to leave clues. It was then that i started really payibg attention to everything going on. but keeping quiet abort it so that he or she thinks i didn't know
I know of 3 incidents that may have conpronised my security coupled by the fact that I did not practice password hygiene or unique ones for all accounts. I know that its totally my fault and i am not goings to blane Android os. So please dont think of this as one of tjose posts
What i now need is help in understanding what tondo next.
Little details on what happens, lets say i get search for some one on Facebook. The same is Charles smith, I Finish off my search and open Instagram boom i see a pictures where recommended shows a google search page where Charles is written and the Google auto complete is giving options .
Happened twice
I tumlr and I don't really post anything in fact My blog is totally blank. Suddenly i have people followings me and they tend of hame my nick name as their user id .the id displays my WhatsApp status updates.
These and just two examples i have more but i think everyone gets whats going on.
things i have done to prevent such occurences factory formatting the phones mac abd router. Gotten new routers and ready to flash a custom firmware for them.
Password changes .everything.wps2 aes wifi password with random numbers upper case lower case n symbols
Passwords are written on paper without a electronic backup and under lock and key.
I thought that maybe its a key logger but i took my moto x2 n moto e2 to the service center and got them to re load official software.
Two days later bam the same thing.
Any suggestion on where the weakness is ?
The problem is that I am kind of tired if thi
Sent from my XT1092 using XDA Forums
Check account sync settings if it is on more applications can use various private data.
Sent from my A0001 using XDA Free mobile app
i dont understand?
can u explain , i have sync on should I not have it
on different note does anyone suggest rooting and installing something that can isolate and restrict data from being accessed. now i know that exposed does that and marshmallow will work that out. but any other guidance ?
Did you use a virus or malware scanner?
Are there any apps you didn't install on your phone?
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Semseddin said:
If i were you, i would start with doing the following steps by their exact order to get rid of the hacker and operate on a "safe" system.
1- Backup personal files to pc and deep scan them with virus scanner, make sure they're clean.
2- Unlock the bootloader of device and flash every image manually with fastboot from stock factory image.
3- After flashing the images, go to stock recovery and wipe data / factory reset and wipe cache for a complete, untouched system.
4- Change account passwords with stuff that are unrelated to you. I mean if you made a google search for firedance, don't include dance or fire in any your passwords.
* also change the " forgot my password " questions and their answers.
5- Once you boot the system, download any ota packages from the manufacturer to be sure you'd be on a safer and patched software for security.
For future securtity, be sure to check apps permissions before installing anything from google play or external places. Don't root your device and don't enable USB Debugging in developer options. Hope it helps.
Click to expand...
Click to collapse
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Jaytronics said:
Don't Root your device? Don't check USB debugging? Seriously? That is your answer? Wow, do you work for Verizon or AT&T by some chance? Sorry, but with Root and some nicely placed Xposed modules, this persons phone or tablet would be more safe than anything g Verizon or AT &THE could conjure up. You are a dope! Lol! Seriously, go away. Bother another community. ?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Semseddin said:
Pardon me but where does that come from ? Made me laugh. Since this is security forum, the first priority is security not your "nicely put xposed modules whatever that means". It is said many times by security experts rooting an android device removes a big portion of layer of security. I unfortunately don't work for AT&T or Verizon but i wish i worked for them for a nice salary.
This one is coming from the recognized developer and moderator of XDA Android Security forum. Someone who have exploited devices and found vulrenabiliies that you can't even dream of. Lets say i am a "dope" and you're the smart guy. Are jcase, steve kondik dopes as well ?
http://securitywatch.pcmag.com/secu...-have-android-settings-from-a-security-expert
http://www.dailytech.com/CyanogenMod+Creator+Tells+Android+Users+to+Rethink+Rooting/article33058.htm ( yeah, even steve kondik doesn't approve rooting for general users.
https://blog.kaspersky.com/rooting-and-jailbreaking/1979/ " Kasperksky a security platform well known for years are also against rooting.
Think again if you can who is the dope, now, go bother in your nicely put xposed modules forums for the sake of security. :good:
Click to expand...
Click to collapse
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Jaytronics said:
For a dope, I suppose that Root is a security risk. But, just because a device is not Rooted, does not mean it is secure by any stretch of the imagination. Truthfully, they are more unsecured if locked out from the user. That is, if the person is not a dope. What I am saying is that your advice, for the OP to take every update and not Root, was not really that helpful. If the OP installed an app that was a risk, then all the updates and non Root, will not help them. Now, if you were to show them, that if they were to Root, and use certain apps and modules on their device. Then they could keep a better eye out for potential problems. But, even if they did as I just said. If the OP is being a dope, and installing apps that, let's say, they obtained from a torrent site. Then, well, dope would be a fitting title for them as well.
And, if those recognized developers stated that Root was not good at all. Then yes, dope would be a fitting application of the word. Root is only bad for those that are dopes.
I believe that you inadvertently called the OP a dope. You did not help them all that well. What you did was help them to get rid of the problem temporarily. Do we know who apps are on their device? It would be a good idea to know these things. Also, where did they get these apps from? Kind of a big deal there.
But, if you were wondering what it is that I am talking about in regards to xposed. Look it up.
http://repo.xposed.info/module/de.robv.android.xposed.installer
I suggest the OP do the same. As well as anyone else who is having g issues. Now, knowing about xposed and the modules that can accompany it. Will not fully protect anyone from blatant stupidity. Read, read, read. And practice safe device use. There are so many avenues to protecting g ones self. But a big one that anyone can do. Don't download from shady places. Though, it is even very possible to get in trouble from apps from the Play store. Knowing what apps are asking for what permissions is important. What bothered me about your post is that you in the same post, stated for them to unlock the bootloader and then, to not root. Verizon and AT&T are advocates of the no Root behavior. And that sickens me. As well as many others. Instead of helping g people to see the dangers. They are told to do the most simplest of tasks, not to Root. And that they would be fine. Absolutely and completely false and misleading. Now, and again, for a dope. I suppose this would be fine. Though, it is not helpful. Education into matters are. One needs to seek out the underlying issue first. Then attempt to educate. As far as calling you a dope, I do humbly apologize for my Choi e of words. You did not deserve that. It would have been just fine for me to build onto what you suggested. Which was good advice. So, I am sorry. And yes, I am very much a dope at times .
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Humble apology accepted.
You may not like AT&T and Verizon for their tight stance against rooting.I don't like that as well. They're filling their devices with their bloatware and excluding some very useful features from their customers like hotspot for free. However, Anyone who owns an operator variant of a specific device have already signed a contract with his operator already accepted their terms and that's why they get their bloated and controlled devices for cheaper prices in long term instead of paying full in cash. That said, i see nothing wrong with AT&T or Verizon's policy of keeping their devices locked to death since rooting would take a stake from their business and that was not their agreement with their customers. This is not the subject of this thread for sure. Should add, i see nothing wrong if a contracted owner a device wants to take full potencial out of it by rooting since it is the only way for them to get rid of bs in their devices. This is another discussion, not related to this thread.
I will use the word " regular user " instead of "dope" since nobody have to be knowledgeful about android security. Being someone without a clue of android security wouldn't make them a "dope". I currently sport a Moto Maxx, a bootloader unlockable variant of Verizon Droid Turbo sold in Brazil. I paid about 150$ more just to be free of Verizon Bloatware for the exact same hardware. I could have paid 150$ less and bought a Verizon Droid Turbo but i didn't just because i knew i would have Verizons' bs running in my phone every second. There used to be a time for me when rooting was a must with android because i used to own devices bloated with Motoblur, having low amount of ram and storage as well as unavailbility of disabling/deleting of unwanted apps. Now, i have 3gb of ram and 64gb storage with near Vanilla Android experience with my phone. I asked myself, what the heck do i need rooting for ? The answer was easy : nothing.
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Semseddin said:
Lets say, android is an apartment, the root is the key to its door, xposed is the "watchdog" and hacker is the "thief". Would you keep the door unlocked and rely on a dog for its security ? I personally wouldn't do that cause the dogs can be fooled easily by a piece of meat and most importantly they have no responsibility at all. After all, It is just a dog serving for free without any responsibility. I couldn't ask for insurance as well cause i was the one who kept the door unlocked. I am also aware that any door can be opened without a key and the dog can be bypassed easily and the hacker can get whatever he wants. Things will happen if they're destined to be happen, we can't avoid some. Still, it is always our responsibility to keep the door locked in the first place and take counter measurements against. That was what i was pointing in my post.
Disabling USB debugging is the first thing one should do if there're concerns about security and this is not coming from a "dope" but security experts of android. :good:
Click to expand...
Click to collapse
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
optimumpro said:
To show how ridiculously and persistently wrong you are, I am going to use your above example. If root is your key, then what you are doing is giving that key to Google and device manufacturer, while throwing your own copy away. In your own apartment, you are only allowed to go where google and verizon let you. This makes no sense whatsoever, unless the apartment owner is a real dope (no personal offence meant).
Disabling usb debugging also sounds like an aria from the same opera. If the device is on your person, this provides no additional security at all, as usb debugging is only relevant when your phone is connected to computer. If someone physically takes your device, it would take 10 seconds to enable debugging.
Root provides you an opportunity to control your device and restrict system apps, thereby reducing possibilities for hackers to take over your phone... As I have already mentioned before, every operating system provides root access to users. The only reason it is not done on smart phones is becase manufacturers, carriers and OS providers want to turn users into walking advertising beacon-dopes. Again, no offence meant...
Click to expand...
Click to collapse
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Just kiss each other already or dont say anything.
This thread is made by someone who needs help and you two both are taking it off topic instead of helping him. Now out of respect for that user, stop this endless conversation.
Semseddin said:
I see your point, respect it but disagree. Your example doesn't really work with my logic since you're putting players like Google/Verizon in the same league with an hacker. Yes, they for sure have control over their software since they're the one who created Android and offered the hardware along with an oem in the first place. These big companies are not like 3rd party devs who are irresponsible for any their actions.. If you happen to have sensetive privacy trust issues with Google, leave any android device out, you wouldn't even use google search in your pc.
A hacker having pyshical access to a device who would enable USB debugging in 5 seconds. is this what we're really talking about ? Anyone who have a device in hand doesn't need to be a hacker to get data from it. Have a coffee with the target sitting next to to him, memorize his passcode Done. Another way is to flash twrp and give some adb shell commands to bypass any lockscreen code. Done. USB debugging ON help with apk rooters and computer based root exploits as well.They rely on usb debugging to be on. You're hacked in no time.
I just can't trust any 3rd party dev more than my device manufacturer / operating system provider and network provider. I think the same for you like you're persistently and ridiciolusly wrong by giving too much credit to some unknown sources instead of those who have an actual business address. :good:
Click to expand...
Click to collapse
This is not about respect, disrespect or disagreements. The facts (not opinions) remain: every operating system on Earth provides root or administrative privileges to users. However, it is not given to the same user when he turns to a smartphone. There is no security reason whatsoever why a user has root on computer and no root on a smartphone.
As I have already said, there are plenty of non-security reasons for the above: the main one being to prevent the user from removing advertising junk and spying malware inserted there by manufacturers, carriers and software providers. Kids love it (above three) and Mother (NSA) approves...
Every argument against root invalidates itself when applied to computer OS: remember the user is the same.
@its the peanut
Please stop patronizing. This is a security discussion thread and we discuss security, which is beneficial to the poor guy, the OP... :silly:
Semseddin, what do you do to stop fastboot?
rooting and knowledge go hand in hand, the OP states device is rooted, but sounds like hasn't got the interest to know what's behind the process. that is why we don't have the slightest piece of evidence that his device has been compromised. just the users opinion that it has.
having su and adb debugging at least allows them to logcat.