Related
Found a way around the enforcement of The Exchange security policy on FROYO (ROOT USERS ONLY), at least until lockpicker gets FROYO support.
You need to unzip and install the attached APK. It will give you an extra mail application on the phone (The Saphire, White envelope, and Gold Message popping out icon), but you can remove the stock one if you have some knowhow, or just delete your account from the stock one.
I take no credit for this. Original work done by raidzero at http://www.droidforums.net/forum/dr...onal-froyo-bypass-exchange-server-policy.html
Disclaimer: For Educational use only. I take no responsibility for your company firing you because you lost precious confidential information.
Edit: I see that member afflaq already posted a similar fix here: http://forum.xda-developers.com/showthread.php?t=729753&highlight=exchange+security
I downloaded the zip file but I am new to rooting and not quite sure how to apply this zip to my phone... do i copy to root of sd card and boot into bootloader and apply it that way via recovery? or can i run the zip from the phone on normal boot.
broj999 said:
I downloaded the zip file but I am new to rooting and not quite sure how to apply this zip to my phone... do i copy to root of sd card and boot into bootloader and apply it that way via recovery? or can i run the zip from the phone on normal boot.
Click to expand...
Click to collapse
You have to extract the apk from the zip file, and then just install the apk from a file manager program like estrongs or astro. You do not need to use recovery or the bootloader for this at all. I probably should gave just posted the apk, without zipping it up to avoid confusion but i didn't.
I have been hit with this ridiculous security policy too, my IT admin guy just shrugs his shoulders, and it doesn't seem to hit iPhones (which are hopeless for security anyway?).
So when I install .apk, do I then need to migrate my Exchange account to a new mail application?
I have a rooted phone, is there any way to just disable Exchange security policy? It even allows 'login attempts' to my device to be 'monitored', get stuffed, I'm not having that.
DroidBois said:
I have been hit with this ridiculous security policy too, my IT admin guy just shrugs his shoulders, and it doesn't seem to hit iPhones (which are hopeless for security anyway?).
So when I install .apk, do I then need to migrate my Exchange account to a new mail application?
I have a rooted phone, is there any way to just disable Exchange security policy? It even allows 'login attempts' to my device to be 'monitored', get stuffed, I'm not having that.
Click to expand...
Click to collapse
Not that I know of yet. Uninstall native email app. Use titanium bu. Clear security. Reboot. Install this one.
Sent from my PC36100 using XDA App
What is this app and how does it work? Is it a hacked native email app? Also, silly question perhaps, how do we know it's safe to use?
Native email ap, modded. Aosp, not sense. Click the link to original post in first thread for more info. I use this exclusively anytime I flash a new 2.2 rom.
Sent from my PC36100 using XDA App
How was it modded, is the native app open source?
How are you all going with this? I'm thinking of installing it. Does it still pull in and integrate the work calendar and contacts?
Yep, but non-sense style...
Sent from my PC36100 using XDA App
Bang3r said:
Yep, but non-sense style...
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
What do you mean non-sense style? It doesn't integrate with the Sense calendar and contacts?
DroidBois said:
What do you mean non-sense style? It doesn't integrate with the Sense calendar and contacts?
Click to expand...
Click to collapse
C'mon....Just give it a try already if you're interested. Don't delete the stock mail app just yet, but delete your credentials, and remove your security (password). Then install this one, see if you like it. I honestly don't remember if it syncs calender with with sense (but I don't think it does). Don't use sense. It is not a Sense app. Its AOSP-like.
Nothing to lose by trying it.
Yeah ok I'll give it a shot.. There are several versions of this app flying around in various threads, is the link in this thread the one to use?
All seem the same to me. Could be mult authors/modders though. I just found on another forum and posted it here.
Sent from my PC36100 using XDA App
Message deleted.
Sweet... working!
How can I get the email widget for unread message count? It does come with it.
pkmusic said:
How can I get the email widget for unread message count? It does come with it.
Click to expand...
Click to collapse
It depends. Is it a sense widget you're talking about? If so, this will not work. This is the native android email application, not the Sense version. As such, the Sense widget cannot "talk" to this application. There may be a widget on the market for that though.
Beautiful...works great. I can't begin to express how much this helps me out. Any way to change the colors in the email app?
Muchas Gracias
FYI..i'm a noob
Sigh, still getting connection errors when trying to d/l attachments >1MB in size. Otherwise it works fine.
Seems that HTC is finally acknowledging Peep's vulnerabilities and while not publicly releasing an update, they will send it out to people who request it...
http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
It's about time they got a fix out for it!
By the way, the Tweet for @xdadevelopers went out saying this was for Android users, instead of Windows Mobile users.
We have published an article regarding this situation on our Portal
http://www.xda-developers.com/android/htc-peep-vulnerability-update/
How did you find the vulnerability, is there a packet analyzing tool for android?
No luck
I just received a response from HTC saying they have no idea what I'm talking about. I just sent them back a response with the linked article. Hopefully someone can get the update from them and post it here so we don't have to deal with them at all.
So is this Windows mobile only, or Android too?
Sent from my HTC Desire using XDA App
Lothaen said:
So is this Windows mobile only, or Android too?
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
I don't think Android uses Peep in its interface for Sense. I'm not 100% positive on that, but I know we've had an issue with this for WM for about five or six months now.
In trying to get a hold of this update, here are my responses from HTC so far for anyone interested.
Me said:
I just heard about the update to HTC Peep for Windows mobile users. I have an AT&T Tilt2 with Sense loaded on it. I was hoping you guys could send me the Peep update so I could use that tab again without worrying.
Click to expand...
Click to collapse
Kathleen said:
I understand how important it is for you to be able to update your Peep application. Unfortunately, we are not aware of an update for the Peep application. I have looked for the update and it is nowhere to be found. You will need to keep an eye on http://www.htc.com/us/support/tilt-2-att/downloads/ for updates for your device.
Click to expand...
Click to collapse
Me said:
I read about the security flaw in the HTC Peep tab back in August and never used it because of this. The Peep application discloses the username and password via a HTTP OAuth-related request during the initial sign in to anyone eavesdropping on the connection. It also exposes the username and password after the connection is established by having all of the requests from the mobile device to the Twitter service use a HTTP Basic authentication header even though the app is supposed to be using OAuth. For more information, please refer to this article: http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
Click to expand...
Click to collapse
Lindsay said:
We have not made an official update, any updates found on 3rd Party websites are up to you to do the research and download yourself. Just know these updates are considered rooting on your Tilt 2, so make sure before you update you do the research.
Click to expand...
Click to collapse
Me said:
Then when will the update be made public? It is kind of a pain that I've waited for six months now to use a feature of this device because of a security issue. Also, how would this be considered rooting since I'm not using an Android device? Windows Mobile users have administrator-like privileges by default in this operating system. There is no such thing as rooting on a Windows Mobile device.
Click to expand...
Click to collapse
Lindsay said:
If you re-write the ROM it is considered rooting. If you can add any applications to the SD Card and install it to the device, that is not rooting. We do not have any information on any updates available for your device at this time. I apologize that we do not have any updates for HTC Peep.
Click to expand...
Click to collapse
Me said:
I don't mean to sound insulting, but rooting is not the same as flashing a custom ROM. Rooting is gaining root-level administrator privileges on a Linux based operating system. Windows Mobile provides this access to the user by default. There is no other setting for this. Android, being a Linux based distro, does not come with root privileges installed to protect itself from users inadvertently messing around with things they shouldn't. It is the same thing on desktop operating systems like Ubuntu, Fedora, and the like. Rooting is completely different from flashing a custom ROM, as you are suggesting. Either way, an updated Sense tab using HTTPS, as it originally should have done, would be as simple as installing a *.cab file. My question, then, becomes to whom should I address this issue to get further support should I decide to call about it with the information I have?
Click to expand...
Click to collapse
Lindsay said:
The fact is we do not have an update for your device at this time. I apologize for this, but at this time we do not have any updates.
Click to expand...
Click to collapse
Me said:
Yes, you mentioned that. I asked whom I should voice my concerns with since this is the case. I understand that you don't have any information to offer me. I wasn't questioning that. I would simply like to know where I should go from here as there has been a serious security flaw in this device for quite some time. I do not mean to insult you, if I have done so, and apologize if I have, but I want this matter resolved once and for all. Obviously, the users are not allowed to modify the HTC Sense code or this would have been resolved some time ago. If some users were allowed the Peep source code, this could be rectified very quickly with the SenseSDK, but as that isn't an option, I, and several others, look to HTC to provide support for their product and software. If it is simply a problem of my device becoming outdated, then the HTC HD2 (Leo_512, Leo_1024) has the same problem on the latest ROM image as well.
Click to expand...
Click to collapse
Lindsay said:
I have sent the forum you sent me to the appropriate department for review. If you would like to troublahoot you device I would be glad to further assist you, but at this time this email will need to be closed if there is no troubleshooting to be done on your device. Again, I have sent the forum to the appropriate department.
THREAD CLOSED
Click to expand...
Click to collapse
It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.
i contected taddong and they told me
yeah they told me they had no idea what i was talking about....i contacted "tadong" and they told me to sedn the link from there site regarding the issue to HTC and he would handle them if they wanted more info on it...i guess we'll see what happens
It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.[/QUOTE]
Uh... "If you can add any applications to the SD Card and install it to the device, that is not rooting."
Under that logic, if unrevoked forever ever releases a .apk to turn S-OFF, does that imply that merely doing that to get root access isn't rooting?
edit: this is what happens when companies aren't smart enough to release some kind of auto-app updater, separate from OTA updates. Stuff like this takes an eternity. How hard is it to add an "s" to the http of the authentication? (for that matter, why the hell is Twitter letting you log in this way in the first place?)
lol, first thing i thought of when i saw this posts title...
http://my.starstream.net/neobigd/htc_peep.jpg
HTC finally release the Peep security update for the Rhodium, Topaz, Leo, and Photon. I've attached the files to this post, but they can also be had at HTC's website at the link below.
HTC Peep security update
EDIT: These updates do not work with custom ROMs, it seems. The *.exe needs to be copied to your device and run from there. I'm working on extracting them and making proper *.cabs now.
Peep Update *.cabs
EDIT: DO NOT PM ME ABOUT THIS FIX. IT DOES NOT WORK.
Please do not PM me about this security fix. It has nothing to do with the current Twitter outage as of the beginning of May 2011.
After pulling them apart and recompiling them, with the help of JVH3, here are the HTC Peep Update *.cabs. These are for Windows Mobile users with version 6.5 or higher. It should work, in theory with version 6.1, but I didn't feel like testing it out. Obviously, you'll need Sense 2.5 as well. There are four versions, but they all seem to be exactly the same. I didn't notice any differences other than the dates they were packaged. The Rhodium version seemed to have a slightly smaller TwitterApp.exe file, but I still don't think it was different.
Disclaimer: I take no responsibility for anything you do to your devices. These are posted for informational purposes. If you choose to install the application update, then any side effects (of which there should not be) are on you.
Changes
This update changes the way the Twitter Tab (HTC Peep) authenticates your user account. Before this update, your account information is sent via unencrypted http headers upon login which reveal both the username and password to anyone who happens to be eavesdropping on the connection, whether it is by cellular data or wifi as seen below.
Code:
authenticity_token=c8b5abaf53f223e827d9258ddfef4285a816db5f&
oauth_token=I4FK956n1foaHjayLKXJT2IaBpsmoo0amKyPhebc&
session%5B[B]username_or_email%5D=USERNAME&session%5Bpassword%5D=PASSWORD[/B]
Also, when sending tweets or receiving them, their is a continuous authenticate request sent which exposes the username and password again as illustrated below.
Code:
GET /statuses/friends_timeline.json?count=50&page=1 HTTP/1.1
Accept: text/xml, application/xml;q=0.9, */*;q=0
[B]Authorization: Basic BASE64("USERNAME:PASSWORD")[/B]
User-Agent: TwitterEngine
Host: twitter.com
I haven't been able to confirm the status of the current update yet with traffic monitoring, but according to HTC, this update sets the Peep application to use OAuth to establish a connection with https to encrypt the username and password instead of leaving it exposed for all the world to see.
EDIT: This is not a 100% fix. It seems that while the initial session is now being sent over https using TCP port 443 (sending against the api.twitter.com domain), during the rest of the session, Peep switches back to HTTP basic. This still leaves the whole session after the initial login vulnerable to hijacking based on the Twitter's session ID through cookies. I suggest using a different Twitter client, as neither HTC nor Twitter care for our aging devices.
EDIT: DO NOT PM ME ABOUT THIS FIX. IT DOES NOT WORK.
i dont like to install os on sd card
squaloforte said:
i dont like to install os on sd card
Click to expand...
Click to collapse
What relevance does your post have to anything related to this thread?
Nothing about this thread has anything to do with installling an os or anything to your sd card.
It is about the twitter tab security flaw and the recent patch by HTC.
A patch could only be installed to the device, since patches need to replace files on the device.
Still getting login error!
I'm still getting login error problem on my HTC HD2 o2 uk phone, this update and the HTC HD2 Peep Security update on the HTC website http://www.htc.com/europe/SupportViewNews.aspx?dl_id=1085&news_id=866 doesn't work
Is anyone else getting this problem?
ramonguthrie said:
I'm still getting login error problem on my HTC HD2 o2 uk phone, this update and the HTC HD2 Peep Security update on the HTC website http://www.htc.com/europe/SupportViewNews.aspx?dl_id=1085&news_id=866 doesn't work
Is anyone else getting this problem?
Click to expand...
Click to collapse
Please try to keep up.
This fix has nothing to do with login errors.
This fixes a security vulnerablity.
Without the fix, user name and password are sent in plain text through http.
With the fix, oauth is used instead, so each request does not send this information. And when it initially is sent to authenticate, https is used.
The twitter tab works for just about everybody. And the fact that no one else is reporting problems since applying the fix indicates that the fix does not have a problem.
Things to check:
Do you have a twitter acount?
Are you entering your twitter user name and password correctly?
Is your twitter account locked by twitter? (try using it with your computer)
Do you have a data plan?
Do you have a strong cell signal with Edge or 3G service?
Have you tried soft resetting your device?
Are you in the UK?
If not, does the country you are in block access to twitter?
Can you browse web pages with your phone?
No need to reply to this reply to your post since your post was not on topic for this thread.
JVH3 said:
Please try to keep up.
This fix has nothing to do with login errors.
This fixes a security vulnerablity.
Without the fix, user name and password are sent in plain text through http.
With the fix, oauth is used instead, so each request does not send this information. And when it initially is sent to authenticate, https is used.
The twitter tab works for just about everybody. And the fact that no one else is reporting problems since applying the fix indicates that the fix does not have a problem.
Things to check:
Do you have a twitter acount?
Are you entering your twitter user name and password correctly?
Is your twitter account locked by twitter? (try using it with your computer)
Do you have a data plan?
Do you have a strong cell signal with Edge or 3G service?
Have you tried soft resetting your device?
Are you in the UK?
If not, does the country you are in block access to twitter?
Can you browse web pages with your phone?
No need to reply to this reply to your post since your post was not on topic for this thread.
Click to expand...
Click to collapse
My Peep app stop working in January, there are no problems with my twitter account, all I'm looking for is a solution or fix!
Do you know where i can get a Peep.cab?
ramonguthrie said:
My Peep app stop working in January, there are no problems with my twitter account, all I'm looking for is a solution or fix!
Do you know where i can get a Peep.cab?
Click to expand...
Click to collapse
As I previously said, this thread is dedicated to the HTC Security Patch for the twitter tab.
I suggest either looking for a thread dedicated to the twitter tab not working or creating your own thread in the question and answer section.
http://forum.xda-developers.com/forumdisplay.php?f=456
This thread is not the appropriate place for your question.
My HTC Peep stopped working on my Rhodium after installing this update. Peep worked right up until I installed the HTTPS Fix.
Verizon TP2, using the Custom ROM --> Verizon MR2 Fixed by Mr. X
(ROM Found here)
http://forum.ppcgeeks.com/cdma-tp2-...zon-mr2-fixed-mr-x-boots-unlocked-device.html
I see the "Tap Here to Authenticate" Screen
I type in Username/Password (which works when logging into the website)
HTC Peep tries to log in, but I get an error --> "You entered an incorrect username or password."
I cleaned out the Temp folder to try and get a fresh start, but no luck.
I tried to uninstall, but I am unable to uninstall properly.
I tried to Re-install, but no luck.
I shut down Sense, re-installed, and rebooted and turned on Sense, no luck.
So, minus doing a brand new ROM flash it looks like this .CAB tanked the Twitter tab for me. I didn't really want to keep using it unsecured, but it sucks that the update stopped it from working altogether.
I am using a Custom ROM on Xolo Q800, 4.2.1, how can i enable Guest mode?
What exactly do you mean. Do you want to create a user account for guests.
Sent from my HTC One using Tapatalk 4 beta
**Press the thanks button if I have helped you.
I think he wants a second user name on his phone. I think this is only possible on tablets.
[email protected] said:
I think he wants a second user name on his phone. I think this is only possible on tablets.
Click to expand...
Click to collapse
It is only possible on tablets and is only available as a feature on 4.2 so he would need a tablet running 4.2
Sent from my HTC One using Tapatalk 4 beta
**Press the thanks button if I have helped you.
right, thats the same I was thinking.
WildfireDEV said:
It is only possible on tablets and is only available as a feature on 4.2 so he would need a tablet running 4.2
Sent from my HTC One using Tapatalk 4 beta
**Press the thanks button if I have helped you.
Click to expand...
Click to collapse
on android 4.2.2. I already tried xposedinstaller but it doesn't give me that option.
itechengine said:
on android 4.2.2. I already tried xposedinstaller but it doesn't give me that option.
Click to expand...
Click to collapse
requires at least 4.2
prantoroy said:
requires at least 4.2
Click to expand...
Click to collapse
I am already using ROM Android 4.2.1...
itechengine said:
I am already using ROM Android 4.2.1...
Click to expand...
Click to collapse
then under setting u will find users.
there u can do it!
Guest Mode for All Android Phones (App)
The first time a guest mode was revealed for any android device was with the launch of LG G2 series phones. This feature was advertised so well in the media. I also bought an LG G2 at that time (not for this feature alone) as it was a great phone. I realized that a little over six months had passed and I seldom used the Guest Mode feature on the phone.
The guest mode in G2 and the one in the upcoming Android L (5.0) is something that is too apparent in nature. What I mean is that any adult who is given a phone in the guest mode will easily be able to come to know that they do not have the full access to the phone. In cultures (like India), it will be considered very rude in case I lent a phone to another user in Guest Mode. Also, what do you do when you Dad asked you for your phone, you surely cannot give him in Guest Mode (this will make him more suspicious).
This was the practical challenge when I decided to make an app for myself, the app that I have been using is similar to an app locker. However, it has been added with a screen lock as well. I chose two different types of passwords (one master and another guest). The app allows me to chose all the applications that I consider private and want to be locked (such as emails, whatsapp, other chats, picture gallery etc). When I unlock my screen using the master password, the screen gets unlocked and all protected apps get unlocked as well. When I give my phone to someone else, I just give them my guest password. The screen gets unlocked normally using the guest password, however, all the protected apps continue to be locked. This helps me easily give my phone to others.
When I gave the app to my friends, the kind of response that I received was overwhelming. So launched it for public as well. You can download the app for free from Google Play. Just search for Pluggdd on Google Play, it is the only app on Pluggdd as the developer.
Looking forward to feedback from you all developers on what is missing in the app and what more features can I add.
Hi, I have XOLO Q800 running with android 4.2.1 and my son somehow enabled guest mode. When i try to remove / change it, it is asking for a password. My son says he did not give any password. With guest mode, i cannot see call log or SMS messages. How can i remove it without a password.
Hi guys,
First of all sorry for my English lol
I know it's a strange question, I'll try to explain me better
I have a tablet provided by my company for my work as agebt/seller with all company stuffs, it has a normal Android original rom, ita a galaxy 10.1 gtn8000 with Android 4.1.2
Im allowed to use it for my personal use (they said go on youporn but not when u are working lol) but I'm forced by the company to use my private Gmail account to use playstore, so my mail are both on phone and tablet, they shouldn't watch at it because of privacy but I have many reasons to think they do it constantly, tablet has remote control enabled due to let theme install updates of working stuffs
Well how can I check what they do when access to my tablet? I googled so much but I only find ways to check if gf is cheating lol I need to see what they do on my device hehe
Any advice? Any program that records screen when I'm not using it (usually they do updates at night time
Thanks a lot to everyone
A little bump hoping in some ideas
xardus said:
Hi guys,
First of all sorry for my English lol
I know it's a strange question, I'll try to explain me better
I have a tablet provided by my company for my work as agebt/seller with all company stuffs, it has a normal Android original rom, ita a galaxy 10.1 gtn8000 with Android 4.1.2
Im allowed to use it for my personal use (they said go on youporn but not when u are working lol) but I'm forced by the company to use my private Gmail account to use playstore, so my mail are both on phone and tablet, they shouldn't watch at it because of privacy but I have many reasons to think they do it constantly, tablet has remote control enabled due to let theme install updates of working stuffs
Well how can I check what they do when access to my tablet? I googled so much but I only find ways to check if gf is cheating lol I need to see what they do on my device hehe
Any advice? Any program that records screen when I'm not using it (usually they do updates at night time
Thanks a lot to everyone
Click to expand...
Click to collapse
The APP can use some security class
[emoji4]
Sent from my Redmi Note 2 using Tapatalk
LeWaOSofficial said:
The APP can use some security class
Click to expand...
Click to collapse
Thx for ur answer... But I don't understand what do u mean lol its not related a single app, they have access to the whole tablet by remote (authorised in security options for remote access)
Hello guys, Is anyone aware of a mod or way of editing the Teamviewer Quick Support app to allow connections to a device automatically without the need for allowing access? I'm looking a way similar as you can do with the PC version of the software, connecting without authentication. This is basically so I can access my parents android box from anywhere, They are not very tech savvy and no matter the amount of times I try telling them to enter the quick support app there is always problems. Does anyone know a way to edit the app so to give access which having to allow it everytime?
I have a bit of knowledge on decompressing apks and stuff, but I wouldn't know where to start (if it is possible to edit something) to edit the app to my likings.
I would greatly appreciate anyones input guys, even if theres the answer No, so i know not to continue searching for what im after. Thanks alot.
+1 for this. Any solutions anybody?
Thanks
Sent from my SM-G935F using Tapatalk