{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Introducing the world’s first mobile security app that can survive a wipe / hard-reset!
(From the makers of OVERVI3W and Phone Creeper)
There are many security tools available out there that come with a variety of tools for helping you keep your phone safe, but usually when a phone is stolen the first thing that is done by the thief is removing your SIM card and wiping the phone. Many of the products out there will still help you track your phone if the SIM card is removed, but Root Defense will continue to work after the phone has been wiped. Better yet is that this feature is completely free and the application can only be uninstalled through our website.
Root Defense is also completely hidden, with no user interface or icons and is not listed in the installed apps list. All controls are handled through the web.
Updates are also automatically applied silently in the background so that all users are always up to date on the latest features.
Why would anyone choose anything else?
Root Defense stands out as the most advanced security, tracking and logging commercial mobile application ever created and this is just the beginning.
Root Defense Free – comes with the following features: (FREE)
A free two week trial of Root Defense Pro
Silently and automatically install updates in the background
Silent remote uninstall
Force GPS on / off
Survives wipes / hard-reset and is embedded directly into the OS of your phone for ultimate security
Only shows up in running tasks under “all” and is listed as “security” with the default android system icon.
No interface or application icons on the phone (Truly hidden)
Tracks the LAST phone location on map with timestamp and battery life.
Remotely wipe ALL data including memory cards for ultimate protection (Ensure your data is not compromised.)
Offline data capture will hold and transmit data captured when no internet access is available.
Sound alarm
Turn on ringer (Great if you can find your phone and the ringer is off.)
Uses very little processor and battery
Root Defense Pro – Includes all features listed above plus the following: ($3.99 / Month)
Can be installed on up to 5 phones with no additional cost!
All phones can be managed through the same web account.
Captures call, MMS, SMS, browser history, location, internet favorites and contacts
Tracks phone locations and path over time on a map along with timestamps and battery life
Create lists of allowed or disallowed contacts (great for kids you want only calling home or 911)
Export your logs from the website to your computer.
Silently listen in to phone (If phone is stolen, this might help you identify who has it.)
Sends messages to phone. (Send your kids a message directly to their screen without using SMS)
Allows remotely sending of SMS messages from phone.
Redirect incoming or outgoing calls from select contacts to a different phone.
ROOT DEFENSE REQUIRES A ROOTED ANDROID PHONE FOR INSTALLATION!
REMEMBER, ROOT DEFENSE HAS NO INTERFACE SO USE THE CREDENTIALS CREATED DURING INSTALL TO LOG IN TO WWW.UNFAIRWARE.COM TO VIEW AND CONTROL YOUR PHONES!
AND PLEASE, PLEASE REMEMBER THAT YOU MUST UNINSTALL FROM OUR WEBSITE FOR FULL PROTECTION
CAN BE DOWNLOADED DIRECTLY FROM OUR SITE HERE
Change Log:
V5 has been released!
* Geo-fencing has been added so now you can define regions on a map and set rules to alert you as to if the phone entered or left those regions during stated days and times.
Keep in mind that this feature is still beta. Try to give extra ~30 feet extra room just to be sure you don't get false positives. This will do a check on every GPS check-in time to see if you have entered or left defined areas. So accuracy is only going to be as accurate as check-in time periods. In general I recommend people don't ever alter the default 15 minutes however.
* The issues with the block lists have been fixed up. You can add a block for any number 4 digits or greater and it will be found if the transmission ends with those four digits. Example: if your block is 4567 then the phone number 555-123-4567 would be found. so would 34567,234567,123457,...,5551234567
* The GPS module has been rewritten and is MUCH more efficient and accurate at the same time.
* The "Secret communications" option didn't make it into this release because of time constraints, but will be available in the next release. Time-estimates will be posted when available.
Older changes have been removed to keep post length reasonable.
Reserved - just in case
Look very useful!thanks for sharing.
Now available on the Android Market:
https://play.google.com/store/apps/details?id=com.unfairware.rootdefense
Brand new version just released, supports most devices including tablets now.
Version 3.0 has been released with support for many new devices.
hmm and how is this different than cerebus. Thats not a dig at your program that is just an honest question. Because I was thinking of using that product.
zikronix said:
hmm and how is this different than cerebus. Thats not a dig at your program that is just an honest question. Because I was thinking of using that product.
Click to expand...
Click to collapse
Yeah, Cerberus was a program created after ours that has many of the same features. Even including the 5 licenses for the price of one.
Root Defense comes with many many more features though and no user interface on the phone.
Basically its still free but with more features and a stealthier install.
Also ours shows the existing data of logs and location from before a phone went missing so you aren't in the dark when your device is off.
If you go to both sites and look at the feature set differences, they are actually quite drastically different and both are free for all security features.
I would agree that your app does more than Cerberus but your app is not the only one that will survive a system reset. Cerberus and others I suspect can also embed themself in the rom thus being able to survive a system reset. I have been using Cerberus for a long time so I am not sure if yours was released before Cerberus, as you indicated in a previous statement.
Sent from my Nexus 7 using xda premium
uberNoobZA said:
I would agree that your app does more than Cerberus but your app is not the only one that will survive a system reset. Cerberus and others I suspect can also embed themself in the rom thus being able to survive a system reset. I have been using Cerberus for a long time so I am not sure if yours was released before Cerberus, as you indicated in a previous statement.
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Yes, that's true. It was an honest mistake that i never updated the original PR release posting on the front that was originally added when we were were the "Only" ones. You can only keep that title for a short while on anything good.
And yes we have been offering it longer. This feature started with certain stands of our OVERVI3W product and then we stripped them into two completely different products and rebuilt Root Defense from scratch to offer more methods than OVERVI3W.
Cerberus has had a suspiciously similar structure and sales model to ours. Not that it matters, I'm sure they are also a great product however if you simply lost your phone and the battery is dead than Cerberus wouldn't even be able to help you find it. Anyway, I've also removed the word "only" on the first post. Thanks for your keen eye.
chetstriker said:
Yes, that's true. It was an honest mistake that i never updated the original PR release posting on the front that was originally added when we were were the "Only" ones. You can only keep that title for a short while on anything good.
And yes we have been offering it longer. This feature started with certain stands of our OVERVI3W product and then we stripped them into two completely different products and rebuilt Root Defense from scratch to offer more methods than OVERVI3W.
Cerberus has had a suspiciously similar structure and sales model to ours. Not that it matters, I'm sure they are also a great product however if you simply lost your phone and the battery is dead than Cerberus wouldn't even be able to help you find it. Anyway, I've also removed the word "only" on the first post. Thanks for your keen eye.
Click to expand...
Click to collapse
How would any app find a lost phone that had a dead battery ? Cerberus, lookout, AVG etc. are able to help you track your phone (lost or stolen) and some (like Cerberus) will play a sound, say a message using TTS, sound an alarm or make the phone ring. Granted, the phone needs to actually be turned on and have a charge in it's battery, but then this is a limitation of any other tracking app.
I will admit, one thing I really like from Cerberus is its pricing model, with a one off cost for life. Yes, I realise that does not 'guarantee' updates, but then nothing does, really...
Sorry to have inadvertently 'hijacked' your thread I'm definitely going to give your product a try. Do you have a corporate pricing model you could share? My company may be replacing all of their Blackberry devices with Android ones so something like this will be great to allow management of these devices.
Won't complete setup. At 4th or 5th screen where it says to swipe and it won't swipe...
cephraim said:
Won't complete setup. At 4th or 5th screen where it says to swipe and it won't swipe...
Click to expand...
Click to collapse
Is your phone rooted? and if so does it have su installed? You must at least have to be rooted and have su before it lets you continue.
If you do have both, it sounds like you have superuser set to automatically decline root privileges.
You can try the following, go to your program, open superuser and click the wrench in the upper-right corner, click security, click automatic response and then make sure it DOESN'T say Deny. If it's set for Prompt, you can try setting it to Allow to see if that fixes your problem as I've read that running CM10 on some model phones (like my Epic 4g touch) have a bug that causes the prompt feature not to always run.
If that's the case then switching it to Accept will fix that.
Well, I was able to complete the install, but I decided to uninstall for two reasons:
1) Lookout said it was a risk. I guess I know why.
2) It asked for SU access from several different modules (aupdate and security). This seemed odd to me. Is it what we should see?
You should know that the uninstall did not go well, either. I had to uninstall via Titanium to get it fully off my phone.
I'm willing to try it again if you could help clarify the multiple SU requests.
Thanks,
Eph
That is normal, the Root Defense app you download from the market or website is actually just an installer.
It configures and embeds the actual application "Security" into the OS and embeds a separate program "Aupdates" which allows for the silent remote uninstalls and updates without having to go through the market.
You can't uninstall Root Defense in any normal fashion because that's the whole point of a more secure application.
To uninstall properly, you're supposed to log in to the website and click the "uninstall" button in the lower right hand corner of the command tab.
The are all very deliberate and specifically designed to make the program as invisible as possible and as hard to remove as possible for anyone who tries to steal your device.
As far as lookout mobile goes, I believe it probably warns on any app accessing log files. I can only guess without knowing how there program works.
cephraim said:
Well, I was able to complete the install, but I decided to uninstall for two reasons:
1) Lookout said it was a risk. I guess I know why.
2) It asked for SU access from several different modules (aupdate and security). This seemed odd to me. Is it what we should see?
You should know that the uninstall did not go well, either. I had to uninstall via Titanium to get it fully off my phone.
I'm willing to try it again if you could help clarify the multiple SU requests.
Thanks,
Eph
Click to expand...
Click to collapse
Does Root Defense survive a ROM reflash? I'm looking for an undeletable theft protection. All ideas are very much welcome and appreciated.
SecUpwN said:
Does Root Defense survive a ROM reflash? I'm looking for an undeletable theft protection. All ideas are very much welcome and appreciated.
Click to expand...
Click to collapse
No.
Sent from my Nexus 7 using xda premium
SecUpwN said:
Does Root Defense survive a ROM reflash? I'm looking for an undeletable theft protection. All ideas are very much welcome and appreciated.
Click to expand...
Click to collapse
Unfortunately no, no current solutions offer this. This will survive a wipe or hard-reset but not flashing a new ROM.
Unless better protection is added via hardware or chipsets embedded in devices, this probably won't be a reality. With a rooted device you have full access to ALL aspects of the OS, partitions, everything. And to many that is the point of rooting.
For now, the best we can do is make it as difficult a process as possible to reduce your chances of loosing connection.
Version 3.1 released!
Change log includes:
* Fix for calls not being recorded bug
* Fix for auto-update can cause auto-uninstall of itself.
* Fix for phones not attaching after install
To ensure your auto-updater is working probably and you weren't affected by the auto-uninstall of program from update bug, please download the latest version from our first post or directly from the market.
Related
Hello Peoples of XDA Developers! Today I'll be sharing an APP that is definitely my most favorite one on Android...It is called Mango and it is an HD Manga Reader for on the go!
Mango provides many features such as My Library which allows a user to download specific chapters from any manga and basically save it on your phone for Offline Reading. It also has a Favorite section that allows a user to bookmark his/her favorite series and then get the latest updates just for the chosen ones. Another great part about this APP is the number of sources it provides such as Mangareader.net, Mangastream.com, Mangafox.com, Mangashare.com, MangAble.com and lastly AnimeA.com.
Those sources basically give you the most available series possible for a Manga App.
Here is the Dev's Page:
http://mango.leetsoft.net/
Here is the Market Version. It is called PocketManga:
https://market.android.com/details?id=com.ls.manga#?t=W251bGwsMSwxLDIxMiwiY29tLmxzLm1hbmdhIl0.
EDIT: PoketManga has been removed from the Android Market...Just like Mango's fate HOWEVER, Victor will still keep the updated versions on his website, so make sure to check it out!
Here is the free version's latest .apk:
http://mango.leetsoft.net/apk/poma/156/Poma.apk
Here is the QR Code:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Here is the paid version, with no ads and which supports the Dev:
http://mangoservice.leetsoft.net/buyBankai.aspx
If you wanna stay up to date on what's happening with the Development or what the Dev is planning in the future, make sure to LIKE their Facebook Page:
http://www.facebook.com/MangoApp?sk=wall
Check it out and Enjoy!
I've used Mango for a LONG time
But now it has been pulled from the market in my region (Italy), so I had to manually download the apk from your website, but in this way automatic update does not work.
619619 said:
I've used Mango for a LONG time
But now it has been pulled from the market in my region (Italy), so I had to manually download the apk from your website, but in this way automatic update does not work.
Click to expand...
Click to collapse
LOL Same for me...they have removed it from the Market...but the actual website gives you the up to date version and I'll be updating the post as soon as newer versions show up.
Its off the market for me as well but I went to the Facebook page thanks for the link
Awaiting Assimilation
Best manga app ever IMHO.
619619 said:
I've used Mango for a LONG time
But now it has been pulled from the market in my region (Italy), so I had to manually download the apk from your website, but in this way automatic update does not work.
Click to expand...
Click to collapse
Same here.
Someone should add that's its Xperia Play Optimized to work with the triggers (they just turn pages)
Sent from my R800x using XDA App
Leraeniesh said:
Same here.
Someone should add that's its Xperia Play Optimized to work with the triggers (they just turn pages)
Sent from my R800x using XDA App
Click to expand...
Click to collapse
Lol, I'll post it on the Facebook page
Too bad my screen is so small ( Xperia Mini Pro ) cuz it's a really nice app
Hello Peoples! The Dev of the Mango Manga HD app is making a request for ALL users to switch to Mango v1.4. Only 26% have done so, so far. The reason being is that firstly...1.4 is BETTER, secondly the Dev has acquired a new server which will host the Manga queries BUT v1.3 runs on the previous server. So instead of paying for 2 running servers, he recommends EVERYONE to download the latest version and then you will be able to enjoy the most out of the app!
I'm from Germany, couldn't the developer add a German manga source? like meinmanga. de
Sent from my u8800 using XDA App
levibuko said:
I'm from Germany, couldn't the developer add a German manga source? like meinmanga. de
Sent from my u8800 using XDA App
Click to expand...
Click to collapse
I will send an email and hope to see what the Dev will be able to do.
Sent from my LG-P999 using XDA App
Mango 1.4.140 (Renji) is now available. This version adds auto-download new chapters feature, data folder override, return of the zoom vibration, a few advanced options, changes to Bankai validation (separate app no longer required), tutorial skip option, a few Notifications fixes, Inverted Color Mode crash fix, and speed improvements in the Library Browser. Download it from:
http://mango.leetsoft.net/apk/140/Mango.apk
Nice to see this is still supported, even though it is off the market.
NEWS:
Quick Announcement guys! SInce Victor (The Dev) has placed Mango on the Market and Google removed it twice for no specific reason, he will be changing the name and try to post it on the Market again.
By a Poll, the new name is gonna PocketManga and the App icon will have "L" from Death Note.
Mango and PocketManga will be updated at the same time and gradually we will switch to the new name PocketManga only if Google does not remove it...
Anyways, hope everything goes well and then many more people will be able to enjoy this awesome app
Just got the new link:
https://market.android.com/details?id=com.ls.manga#?t=W251bGwsMSwxLDIxMiwiY29tLmxzLm1hbmdhIl0.
Enjoy!
Will download it when you remove permissions to read log files and phone identity
the app is good but it takes years to download contents
Tachikoma_kun said:
Will download it when you remove permissions to read log files and phone identity
Click to expand...
Click to collapse
Tinfoil hat here, I can ensure you this app is safe.
The dev has explained why he needs those permission in the official Mango profile on Facebook some months ago. It's just anonymous statistics that he uses for debug reasons. Anyway, you can opt-out with just a click if you don't feel sure.
Tachikoma_kun said:
Will download it when you remove permissions to read log files and phone identity
Click to expand...
Click to collapse
Mango developer here, felt I should chime in.
Fair warning, this is a huge post, but I'll explain exactly what these permissions are used for, and how they are used.
The Read System Log permission is used for debugging and troubleshooting purposes. As you use the app, Mango writes general diagnostic information about its performance to the Android system log. Later on, if the user goes to Send Feedback and selects "I'm having an issue", Mango will include diagnostic information from the log along with the user's message. I've found this to be invaluable when the user emails me stating "it doesnt work fix plz" and the diagnostic log shows that their SD card is full and Mango can't write anything to it. Most importantly, when the app force closes, a stack trace is written to the log pinpointing the exact line of code causing the FC.
A few things to note about the log data:
-It only ever leaves your phone when you use the Send Feedback function, compose a message, and send that message via your Email app (the diagnostic data is appended to the end of the email, you can view it before sending, or delete it if you don't wish for it to be sent)
-You can view the data at any time by going to Settings and Help >> Advanced Options >> Debug Log
-Only data that Mango has written to the log itself is ever read from the log. Though the system log is shared by all apps and the OS itself, Mango filters the log to only read data with the "MANGO" tag.
I am planning on implementing a custom logger soon so that Mango can read and write log data in it's own isolated log file, allowing me to remove the permission requirement.
Regarding the Read Phone State and Identity permission, this one is used to get the device UUID. The permission also allows the requesting app to view the phone number of an incoming call, which is why the header is "Phone Calls" in the Android permission warning screen. Mango has no reason to see or use that data, so it does not ever use the functionality, but it's a package deal included with the ability to use the getDeviceId API.
Unfortunately this one is required by the MobClix SDK used to display ads and is used by Mango to differentiate one device from another. Since there are no usernames/user accounts, but Mango uses an external server to do lots of the app's work, the server needs to be able to tell one device from another, and since IP addresses are often shared between many phones on a carrier, the server uses the device UUID instead.
It is important to note that the Mango Service does not associate your UUID with any reading history or favorites... that's kept on your device and never touches the server (though in the future, I might add an optional cloud sync feature). The only data associated with your UUID in the server's database are your Android version number, your phone's model number, your Mango version number, whether or not you've purchased the ad-free version, and the total number of times you've started the app. This lets me generate some basic stats about the app's usage, which you can view here:
http://mangoservice.leetsoft.net/stats.png
The UUID (rather, a hash of it, not the ID itself) is also used by the Flurry Analytics component which provides me with some more detailed (but still aggregated and anonymized) stats regarding app usage, such as how many users per week I see, what paths users most frequently take throughout the app, the number of favorites users have, and the Preferences they have enabled. For example, it lets me see that about 46% of Mango users have more than 20 favorites, about 14% of users check the "Left-to-Right Reading" option, and that only 8% of Mango users use the filtering option in the Favorites menu (clearly, it's something I need to promote more visibly in the next version, because it's an awesome feature and almost nobody is using it... :S ). I can't tell which options any individual user is using, since all of the data is aggregated and anonymized.
The user must opt-in to analytics... it is disabled by default and is only turned on if the user selects "Yes" to the "Enable Analytics?" option that appears when you first start the app. The user can also change this setting at any time from the Preferences menu.
/whew, I think that about covers it. Obviously there's no way for me to prove that what I've said above is true and it's completely up to you to believe me or not. But I write and maintain Mango as a hobby (though, thanks to the incredible response it's received, it's a hobby that's paying for my tuition!) and I really don't have any nefarious plot to use your data.
If you have any more questions, let me know. I don't check this thread super-frequently, but if you email me ([email protected]) I'll probably get back to you within 24 hours.
Also, thanks iasookia for making this thread!
barclays said:
the app is good but it takes years to download contents
Click to expand...
Click to collapse
The actual download speed simply depends on the network connection. I have been using Mango, and now PocketManga, since I got my Android Phone and haven't had any lags or slow downloads per se.
When I used my carrier's data, it would take about 3-4 min to download a chapter to the Library BUT at home, with WiFi, I get a chapter in like 40 seconds.
There is an issue however, if there are too many people on the same time, the server can't support the queries and then the downloads are slow...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is a new app I have written for Android that allows you to schedule uploads or downloads from your Dropbox.
For e.g. you can back up data from your device, or you can download a new playlist onto your device every morning. There are so many possibilities. Transfering data to/from your device has become so much easier.
Uses:
You create folder-pairs on your remote dropbox and your device. An upload or download is triggered at the pre-set time. In this way you can upload photos every night, or download music every morning. Or replicate your documents across all your devices.
You could set it up (with your credentials) on some one elses device to push files or updates, or retrieve data/photos etc, so it can be used for sharing common data.
The app does not do two-way syncing (which takes up far greater resources).
Features:
Custom pipes! Direct your files to where you want to!
Scheduler
File filter - Filter which files are to be transfered
Power aware - Conserves battery can run only on WiFi or when Plugged into mains
Runs in background only when needed
Notifications
Integration
Dropbox browser with Folder upload/download capabilities
Bug Reporting:
Please report sensibly with as much information as you can.
Layout issues: Please report the device name and also a screenshot if possible.
Force closes and crashes: Please report the logs and stacktrace as well.
Errors: Please report the exact error message and steps taken that produced it.
Behavior Quirks: Please report the steps taken, and what is wrong with the behaviour.
Feature requests: I will probably implement new features after all bugs are squashed, but I would like to hear your ideas.
Distrubtion and Marketing: Help for Play Store. Suggestions for better description and Search optimisation.
Please report and issues and suggestions to [email protected]
Disclaimer:
Please make sure you have a backup of any important data you cannot afford to lose.
This app requires a Dropbox account. Get it HERE
The apps
DOWNLOAD the app here
DOWNLOAD the eXTenDeD version here
Plugins to the app:
PhoneBackup:
Its a cool tool that can backup your SMS, Contacts and Call Logs. The good thing is that it backs it up as a CSV file. That way you can just open it and see all your contacts. What is every way more cooler, is that you can edit the CSV file and restore the edited data back to the phone. It is really useful, do have a look at it.
https://play.google.com/store/apps/details?id=com.maximussoft.backup
Tasker Plugin:
You need Tasker and Cloudpipes both to use it. It allows you a greater control over when you want to run your pipes. Users of tasker will already know what to do with it!
https://play.google.com/store/apps/details?id=com.maximussoft.cptaskerplugin
And also read about the app here: http://cloudpipes.wordpress.com
Thank you for your help and support!!!
Made some new updates:
Allow Dropbox browsing even when transfers are running
Fixed some typos and messages
Many UI enhancements, new icons!
Loving this app so far.
Well done.
Wait. I can upload music on it? I mean choose the whole album and not just a song and upload it?
Gesendet von meinem HTC One X mit Tapatalk 2
barx said:
Loving this app so far.
Well done.
Click to expand...
Click to collapse
Thanks a lot man, I appreciate it!
H-KaN said:
Wait. I can upload music on it? I mean choose the whole album and not just a song and upload it?
Click to expand...
Click to collapse
Yes, you can choose a whole album. The app supports folders and sub-folders.
In fact, even if all your songs are in the same folder, you can use the file filter to filter out your music (for e.g. a filter with "Linkin*Park*.mp3")
Yesterday I fixed a few more issues I was having with 'spaces' in folder names.
Let me know if you find any more issues!
Changelog:
Ver 0.9.3 (07/07/12)
- Fix force close on login with special characters
- Fix force close on upload folder names with special characters
- Fix force close on empty folder uploads
- Fix for saving pipes
- Fix for last run information
Password security??
I posted this comment over at AndroidAuthority
This app creator had Zero other apps in the Play Store, and the webpage has no other information about the creator(s).
I previously used DropSpace, but it had become unreliable.
This app looks fantastic, exactly what I want (one-way sync), but how can I trust this person with my DropBox username and password???
Click to expand...
Click to collapse
I just found this thread today, so I guess one answer is "s/he is on XDA", which lends a huge amount of credibility IMHO.
Although, before this thread, the OP has only posted twice in the last year, so not exactly the most active Dev.
Is there anything else that can assuage my concerns?
I saw one of the Play Store comments mentioned "What, no OAuth??" Is this a concern?
Seriously, this app looks like almost EXACTLY what I've been hoping for. If it works, I will gladly buy a Pro version to support the Dev as soon as it's available.
ScottHW said:
I posted this comment over at AndroidAuthority
I just found this thread today, so I guess one answer is "s/he is on XDA", which lends a huge amount of credibility IMHO.
Although, before this thread, the OP has only posted twice in the last year, so not exactly the most active Dev.
Is there anything else that can assuage my concerns?
I saw one of the Play Store comments mentioned "What, no OAuth??" Is this a concern?
Seriously, this app looks like almost EXACTLY what I've been hoping for. If it works, I will gladly buy a Pro version to support the Dev as soon as it's available.
Click to expand...
Click to collapse
Hi ScottHW,
I think I replied to your post on the Dropbox forums too. As you can see we both joined XDA one month apart, and have similar number of posts and thanks!
Anyway, the reason for not posting is that when I initially got an Android phone I started to get into modding etc so I would come to XDA for that kind of stuff. However, when I began serious development I started visiting app dev forums; thus the inactivity on XDA.
Here is my thread on my home forum: http://www.basic4ppc.com/forum/test-my-app/18970-cloudpipes-beta-testers-required.html
More than 1000 posts in one year!
I use an IDE called Basic4Android to develop my app which is super cool and easy: http://www.basic4ppc.com/index.html
Back to your concerns. This is my first app and I have learnt a lot. I might make mistakes and would happy to correct them when people point them out, but I would not knowingly steal your passwords or data and try to keep them safe.
So what are your concerns and how can I make you feel more comfortable?
Regarding this comment:
"What, no OAuth??"
Click to expand...
Click to collapse
Dropbox API requires to use OAuth 1.0.
See here and here.
Therefore that comment is technically inaccurate. However, since API ver 1, Dropbox requires users to login via either the official Dropbox app or a Web Browser (and then return to the app). While this increases security in that you do not need to provide your username/password to my app (I can still access all your data once you grant permission), some people find it annoying and an unnecessary step (i.e. to leave the app to authenticate and then return back).
Either way, I plan to implement both authentication methods so this may ease your concerns too.
There will be a Pro version soon with many more added features. However first I need to iron out all bugs, and so far it is looking reasonably stable.
Looks cool, I will check it out...I can't complain with over 100GB of FREE Dropbox space that I can finally use now
I don't know how I will use it, but I am going to check out the app
WinDroidGuy said:
Looks cool, I will check it out...I can't complain with over 100GB of FREE Dropbox space that I can finally use now
I don't know how I will use it, but I am going to check out the app
Click to expand...
Click to collapse
100 GB!!! Was that just referrals or did you win DropQuest 2012?
This means you can back up your phone all the time! However remember that the Dropbox API restricts uploads to 150 MB per file. So uploading for e.g. nandroid backups > 150 MB, or uploading large movies will fail and you may have to use the Desktop client (I dont know if the Web interface allows more than 300 MB) or a file splitter.
You can potentially put your whole music collection on Dropbox and download the albums you want only.
Let me know how you use it and if you find it useful.
ScottHW said:
Is there anything else that can assuage my concerns?
I saw one of the Play Store comments mentioned "What, no OAuth??" Is this a concern?
Click to expand...
Click to collapse
I now have implemented Dropbox Authentication through the Official Dropbox app/site, so you do not need to enter your username/password in my app anymore. This should be more secure than before.
awesome, just waht i was looking for
A new version now uploaded. I hope this is crash free, I have fixed all stability issues and reported crashes!
Changelog:
Ver 0.9.8 (22/07/12)
- App now starts on boot so pipes are scheduled even on reboot
- Fixed crashes when transfers fail or are re-tried. Transfers are now retried 5 times before they fail.
Your software is great! I restate my intention to buy a Pro version as soon as it's available. Thanks for responding so rapidly by implementing alternate authentication methods.
I have several suggestions, I hope XDA is an appropriate venue for conversing.
Right away, I would request you implement Revision checking for uploading. I know that DropSpace had this capability, so it must be present in the DropBox API, even the older versions.
If I have 350 pics in my DCIM folder, and I to back them up to DropBox, which already has copies of the oldest 320, there's no need for me to re-upload all 350. It's a huge waste of bandwidth and time.
Maybe I'm using the wrong technical terms here, but that's the general idea. I'd say it's essential to an app like CloudPipes.
More suggestions to come, keep up the great work!
Hi ScottHW,
Thanks for considering using the app.
I have many suggestions coming in and they are all in the pipeline. Once I get all of the essentials, then I will move on to a Pro version.
As you said, revision checking is essential. This is my current priority and hopefully I will get an update out soon.
thedesolatesoul said:
Hi ScottHW,
Thanks for considering using the app.
I have many suggestions coming in and they are all in the pipeline. Once I get all of the essentials, then I will move on to a Pro version.
As you said, revision checking is essential. This is my current priority and hopefully I will get an update out soon.
Click to expand...
Click to collapse
Fantastic work. Do you have a Buy Me a Beer or similar where I could show some appreciation and support while waiting for Pro?
I'm always happy to support a responsive Dev.
thedesolatesoul said:
Hi ScottHW,
Thanks for considering using the app.
I have many suggestions coming in and they are all in the pipeline. Once I get all of the essentials, then I will move on to a Pro version.
As you said, revision checking is essential. This is my current priority and hopefully I will get an update out soon.
Click to expand...
Click to collapse
Awesome work on this app. Cloudpipes is the absolute best. Saves me countless hours and time with my Nexus 7 and the lack of external SD. I can now flash at will without ever worrying about losing data.
I would like to second the revision checking functionality. would be an awesome addition. I look forward to seeing it in a future release. I would like to add one more thing I would like to see as well. I would like the ability to exclude certian files and folders via checkbox or similar mechanism (default for new folders and files would always be on of course). But this would be extremely helpful because I do not need to backup the small directories here and there that apps automatically create (i have Titanium backup for apps & their data). While I can use the file size filter to make sure 1-2gb movies are not synced, there is no way (at least that I know of) to easily eliminate some of these smaller directories that are just causing clutter in my dropbox. I would like cloudpipes to work strictly for the data I have on my storage that I need.
Lastly I would like to see the current status of the transfer, eta at current speed, current transfer rate, all from the transfers tab of the app. I know there is a percent bar in the notification window, but I would like to see more info in app.
Otherwise awesome app... absolutely loving it and really stable, zero crashes. Would gladly pay for a PRO version!!!
edit: One small bug I just noticed. Well not really a bug but more a necessary feature improvement is the ability to refresh your main dropbox directory. I changed the name of my backup folder from "test" to something more appropriate and it seems the main window is not refreshing the dropbox and loading the new folder name.
ScottHW said:
Fantastic work. Do you have a Buy Me a Beer or similar where I could show some appreciation and support while waiting for Pro?
I'm always happy to support a responsive Dev.
Click to expand...
Click to collapse
Not yet! But I appreciate responsive users
asuhoops8628 said:
Awesome work on this app. Cloudpipes is the absolute best. Saves me countless hours and time with my Nexus 7 and the lack of external SD. I can now flash at will without ever worrying about losing data.
I would like to second the revision checking functionality. would be an awesome addition. I look forward to seeing it in a future release. I would like to add one more thing I would like to see as well. I would like the ability to exclude certian files and folders via checkbox or similar mechanism (default for new folders and files would always be on of course). But this would be extremely helpful because I do not need to backup the small directories here and there that apps automatically create (i have Titanium backup for apps & their data). While I can use the file size filter to make sure 1-2gb movies are not synced, there is no way (at least that I know of) to easily eliminate some of these smaller directories that are just causing clutter in my dropbox. I would like cloudpipes to work strictly for the data I have on my storage that I need.
Lastly I would like to see the current status of the transfer, eta at current speed, current transfer rate, all from the transfers tab of the app. I know there is a percent bar in the notification window, but I would like to see more info in app.
Otherwise awesome app... absolutely loving it and really stable, zero crashes. Would gladly pay for a PRO version!!!
edit: One small bug I just noticed. Well not really a bug but more a necessary feature improvement is the ability to refresh your main dropbox directory. I changed the name of my backup folder from "test" to something more appropriate and it seems the main window is not refreshing the dropbox and loading the new folder name.
Click to expand...
Click to collapse
Revision checking is coming. Its a bit more complicated that I initially thought so it will be a major update, however it will be very useful to conserving bandwidth.
Regarding exclusion, I will have to think how this will work. While the back-end implementation should not be hard, I dont know how I will ask the user to exclude folders in the UI and then store them. Nevertheless I have added it to my things to do (and it is growing!!!)
Regarding more information in the transfers tab, this is a definitely planned feature. It is quite bland and devoid of useful info right now and I plan to add many things to it. Again, this is a little far behind on my todo list as essential functionality is added first.
Finally, this bug/improvement, this is a tough one. Since you renamed it from the website or desktop app those changes are not propagate to the app until you hit refresh on that particular folder. The Dropbox API does not support to notify the app of the change and also frowns upon repeated (automated) refreshes. I could set a time-out after which to refresh the file structure, but still that will not propagate the change immediately. I dont see a better solution for this apart from the user refreshing that folder as they know they have changed it. However it seems that the official dropbox app detects this change immediately so they are polling again for the change hmmm...
thedesolatesoul said:
Not yet! But I appreciate responsive users
Revision checking is coming. Its a bit more complicated that I initially thought so it will be a major update, however it will be very useful to conserving bandwidth.
Regarding exclusion, I will have to think how this will work. While the back-end implementation should not be hard, I dont know how I will ask the user to exclude folders in the UI and then store them. Nevertheless I have added it to my things to do (and it is growing!!!)
Regarding more information in the transfers tab, this is a definitely planned feature. It is quite bland and devoid of useful info right now and I plan to add many things to it. Again, this is a little far behind on my todo list as essential functionality is added first.
Finally, this bug/improvement, this is a tough one. Since you renamed it from the website or desktop app those changes are not propagate to the app until you hit refresh on that particular folder. The Dropbox API does not support to notify the app of the change and also frowns upon repeated (automated) refreshes. I could set a time-out after which to refresh the file structure, but still that will not propagate the change immediately. I dont see a better solution for this apart from the user refreshing that folder as they know they have changed it. However it seems that the official dropbox app detects this change immediately so they are polling again for the change hmmm...
Click to expand...
Click to collapse
Regarding this point, your update that you just pushed looks like it now includes a menu and a refresh button when viewing the dropbox. Maybe i am just dumb and missed it before. But I see it now and it fixes this!! Thanks if you did in fact add it!!
asuhoops8628 said:
Regarding this point, your update that you just pushed looks like it now includes a menu and a refresh button when viewing the dropbox. Maybe i am just dumb and missed it before. But I see it now and it fixes this!! Thanks if you did in fact add it!!
Click to expand...
Click to collapse
It was always there You might have missed it. Note that the menu contents and the button in the action bar change depending on which tab(Pipes/Dropbox/Transfers) you are on.
Sorry for taking so long on this update, but I wanted to make sure everything was working okay.
I have released a major update, it will take a couple of hours to ripple through the Play store.
This now includes revision checking, so only files that have been modified locally or remotely are re-transfered. If the app does not detect any change in the files then it will not be transfered.
Also just in case the Settings menu now has a trouble shooting section, with an option to 'Clear sync data'. If the app starts to mess up the transfers then you can use this option to reset the sync data, so it will start afresh.
This time I have focused quite a lot on testing, and tried to remove all weird and obscure bugs. There were many reports of the files not being accessible, probably because either the sdcard was unmounted, connected to USB or wasnt ready at boot. I tried to fix more of these cases.
There were also some minor UI tweaks here and there.
The OneWaySync option is not yet enabled. I have to do some more work on it, but should not be long.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hello, my name is Keith and I'm interested in sharing tips with the community to protect you from losing your device to thieves or other attackers. I'm sure many on xda-developers have heard of stolen device recovery apps like Android Lost and Cerberus, this guide will involve these, but also walk you through avoiding mistakes that can result in you never getting your phone back from an attacker. While the two apps I mentioned are very powerful, it's not as easy as installing an app to insure you get your phone back the way you left it. I'll also include other methods of recovery for a plan B approach.
So lets begin!
REQUIREMENTS
A phone or tablet duh! (data plans are a plus, but not necessary to use this guide)
Root access helps quite a bit!
Knowledge involving recoveries like CWM or TWRP.
A secure launcher. By secure I mean one that can't uninstall apps outside of the settings menu (ADW Ex just fixed this!)
NO PIN ON LOCKSCREEN (explained)
Step 1:
Download Android Lost (no sms add-on for wifi-only tablets) OR Cerberus!
These two apps are for theft recovery. They allow you to do things like:
-Locate & Track GPS
-Lock Device (and unlock device if you're deadset on having a lock, not ideal for recovery)
-Sound Alarms
-Wipe Internal/External Storage
-Recover Call Logs
-Recover SMS Logs
-Popup messages on device(great for trolling thieves)
-Call Forwarding
-Device information (battery left, network status, etc)
-Capture Photos (get a mugshot for the police)
-Record Sound (Cerberus only)
Which should you choose and how are they different? Well a lot of people like Android Lost, it's free (as in beer) and can even be installed and utilized from your google account after your device is stolen. It's a little more wifi-only tablet friendly. Android Lost has a unique feature that lets it hide SMS commands sent to the phone from Android Lost so you don't alert the attacker.
That said I personally use Cerberus. It's a lot less suspicious looking, a little less known, and is easily flashed to your ROM's /system/app folder (even with the option of disguising itself as framework). Cerberus however, is not free, it has a small fee of $3-5 which protects up to 5 devices. I like that Cerberus is a little more featured with sound recording, and it can run as a device administrator (I don't think Android Lost does this).
Step 2:
After you've chosen a security application, the time comes to protect that application. You may have seen me mention above that it's recommended you don't put a lock screen on your device. Let me take a second to explain why. Google. The first page of results on google for "how to bypass lockscreen" has the potential to foil everything. It can lead to your attacker learning how to easily preform a hard reset, and for the sake of recovering your phone this is not optimal. My brother has stolen a few iphones, and not once has a lock ever stopped him (he's a mechanic not a computer guy).
I like to take an open door approach to security. Leave your door unlocked, but nail everything valuable inside to the floor. Now leaving your device open to everyone requires you to stop and think about what YOU need to protect. To start you must download an app locker. There are tons of these out there, some OEMs even ship devices with them these days. The one I am using in this guide is UAG, or Ultimate App Guard - check out UAG Helper as well to potentially protect UAG from deletion.
There are many apps and services you can lock in a variety of ways ranging from pins to patterns to passwords. Here are the basic things you should lock.
- Settings
- Root File Explorers (or even your stock explorer if you've got photos you're not keen of others seeing)
- Gmail (especially if it's the account you're registered for android lost/cerberus with)
- App Markets (so they can't install more apps like root file explorers or rack up charges to your account)
- Package Installer (so the attacker can't install third party apps like root browsers, uncheck 3rd party installs in settings when you don't need it anyway)
- ADB Toggle (uncheck adb in settings, download adb toggle to quickly toggle on and off as needed, even locked it's still quicker)
- Titanium Backup
- Rom Toolbox
- SD Maid and similar apps that can delete files
Now this isn't all you should lock, just the essentials. Try not to lock too much else or else the attacker will have motive to use google to figure out how to hard reset. Let them play angry birds, let them check facebook (don't remember passwords for important stuff), let them play with your toys basically.
If you are on a wifi only tablet, then locking settings will present an issue - they can't connect to networks for Android Lost or Cerberus. There are two things you can do about it.
- Download Wifi Manager and place it in a location the attacker will see it (I put it under the system app drawer in ADW)
- Preload as many wifi hotspots as you can think of (starbucks, mcdonalds, libraries, etc).
It is highly unlikely the attacker will not want to connect to the internet on your device, even it's only over wifi. So even if you have a data plan consider doing the above in case they decide it's not safe to use your phone service.
Step 3:
Other Security Threats to consider
Launchers
Many launchers seek to be powerful and give you quick control over every little detail. Unfortunately that means some of them allow uninstalls. Recently I reported an uninstall vulnerability in ADW Ex to it's developer, and he's patched it with a lock pin which specifically addresses this issue. So for example, in ADW Ex to uninstall anything or access important launcher settings the attacker would need to know your launcher's lock pin. I am unsure of the situation on other launchers, but always check and report it to the developer if it's vulnerable! Do not overlook this and underestimate the attackers ability to notice this stuff, it could cost you your phone.
Recovery
If you have your Anti-theft application flashed to your ROM this isn't SUPER important. But you're still vulnerable to those who flash over your ROM. Don't forget your backups either! Having an insecure backup sitting on your sd card can cost you your device. If this vulnerability bothers you, try resetting your recovery to stock, and use Mobile ODIN or NVFLASH. Very few attackers (if any?) will be connecting in APX mode over usb to flash a blob over NvFlash lol.
WARNING FOR CM10/AOKP USERS: Remove the reboot menus!! Reboot into recovery in the reboot options when the power is pushed couldn't make it more obvious to an attacker!
Terminals
It only takes a few commands in android for an attacker to delete a few important links in your security chain. You may want to consider locking your terminal if you're still paranoid.
Plan B approaches
Your Carrier
If you own a smartphone under Sprint, Verizon, or AT&T - don't ever let their sales reps tell you your carrier can't find your phone. They have no problem when it comes selling this information to law enforcement. Granted an attacker may remove the sim card, go into airplane mode, or a sales rep may not have that kind of access, it's still a possibility for them to access your phone's GPS or use tower triangulation. Unfortunately in this case, some carriers like T-Mobile don't collect this kind of data, great for privacy - not as much for security.
EXIF Data
I've talked to the developers of cerberus briefly about implementing features to enable geotagging on photos remotely, but something like this hasn't been implemented yet. However a reasonable amount of device identifying information is still stored in EXIF data of photos taken from your device. Websites like stolencamerafinder allow you to upload photos you've taken on your device and search the internet for photos with exif data containing your devices serial number. It also allows you to enter your serial number and search for that alone. This can potentially find an attacker's facebook profile with that beautiful mirror photo taken with your phone. Once you have a name, websites like spokeo or reverse whitepages lookups can help you find addresses to report to authorities.
Be sure to check your serial number beforehand so you can figure out if this method is reliable for your device.
SSH
Here's a classic recovery video I'll end this with, done largely over ssh.
Thanks for information
Sent from my WT19i using xda app-developers app
holy cow great info!!! i am one of those who just installed 'android lost' and was good to go. lots of things to consider in addition to that..the 'hard reset' being the most troublesome.
i like the trojan horse approach..just let them in but lock down anything important.
pa33vel said:
Thanks for information
Sent from my WT19i using xda app-developers app
Click to expand...
Click to collapse
nyvram1 said:
holy cow great info!!! i am one of those who just installed 'android lost' and was good to go. lots of things to consider in addition to that..the 'hard reset' being the most troublesome.
i like the trojan horse approach..just let them in but lock down anything important.
Click to expand...
Click to collapse
thank you both for posting. glad this could be of use to others.
I actually wrote this just as my buddy got his brand new galaxy note 2 stolen from starbucks. Tried to walk him through recovery but his phone wasn't prepared beforehand. He had some battery apps installed that completely screwed his chances of recovery.
Nice guide but pretty much every thief will take the battery out, throw out the sim and either sell it to the local phone guy or hard reset it themselves.
This guide will only work on people who happen to find a lost phone or those really stupid thieves who have no idea what their doing.
Sent from my GT-I9000 using xda premium
NIMBAH said:
Nice guide but pretty much every thief will take the battery out, throw out the sim and either sell it to the local phone guy or hard reset it themselves.
This guide will only work on people who happen to find a lost phone or those really stupid thieves who have no idea what their doing.
Sent from my GT-I9000 using xda premium
Click to expand...
Click to collapse
how will they hard reset a stolen phone without a recovery or adb? furthermore - cerberus is flashed to /system, so a reset alone won't work.
the moment the person they're selling it to tests out the wifi it's over.
How good is the avast anti theft thing.?
pa33vel said:
Thanks for information
Sent from my WT19i using xda app-developers app
Click to expand...
Click to collapse
Lifehacker7 said:
How good is the avast anti theft thing.?
Click to expand...
Click to collapse
I just checked it out it looks like it would get the job done. It's missing some features cerberus / android lost have, has one or two unique features I saw - the one I noticed is it sends you an email when you battery is low and as much geographic data as it can acquire. This may be annoying though because your battery gets low quite often.
Seems a litte bloated in some areas, I'm generally against virus scanners on android because as long as you're getting your apps from reputable sources and they're not requesting odd permissions you're really just vulnerable to zero day exploits that this software won't be programmed to detect. If you're a person that pirates apps, loads JavaScript in random emails sent to you, or downloads very obscure apps - this may be more useful.
Shame that we have to sacrifice battery for security apps.
ickkii said:
how will they hard reset a stolen phone without a recovery or adb? furthermore - cerberus is flashed to /system, so a reset alone won't work.
the moment the person they're selling it to tests out the wifi it's over.
Click to expand...
Click to collapse
How would you remove the recovery? I don't know how it is where you are but over here they can simply flash everything back to normal with JTAG. Most phones get shipped over seas anyway so yeah.
Oh and Samsung phones you can just flash back to stock in download mode. Sony I'm pretty sure you flash back to stock in flash mode as well.
Sent from my Sony Tablet S using xda premium
NIMBAH said:
How would you remove the recovery? I don't know how it is where you are but over here they can simply flash everything back to normal with JTAG. Most phones get shipped over seas anyway so yeah.
Oh and Samsung phones you can just flash back to stock in download mode. Sony I'm pretty sure you flash back to stock in flash mode as well.
Sent from my Sony Tablet S using xda premium
Click to expand...
Click to collapse
it varies by device, most easy thing to do is flash stock. I'd love to see a day where cwm or twrp implement a recovery pin. TWRP can pull up a keyboard, and it could be done with a volume rocker, so I'm not sure why they don't implement some kind of security feature to it.
You could always break your volume rocker :laugh:
crashlen0 said:
Shame that we have to sacrifice battery for security apps.
Click to expand...
Click to collapse
not in every case, just don't set your antenna rules too strict. My friend set it to only grant access when his bluetooth headset is connected, bad results for him.
Very useful tutorial. I'd give you more stars if I could. You’ve obviously studied this carefully. I also appreciate your taking the time to provide comments on avast.. .those comments were useful.
I’m just trying to think through the pro’s and con’s of the approach recommended in the guide. (open the front door but nail everything down inside).
The big con for me
It will take time to enter a pin/pattern/password for every sensitive application (gmail, settings, playstore, file manager, many more), rather then just one when I unlock my screen. It means I have to dramatically alter the way I use my phone every single day.
So I want to understand the benefit, the “why” a little better:
If someone steals my phone which is screen-locked and USB debuggin off (*), then the only way for them to get in is to do some kind of factory reset? Doesn’t that process remove all the sensitive information from the phone? i.e. they're not going to be able to get into gmail once they break in? . I did spend awhile googling as you mentioned methods breaking into the phone, but these answers weren't clear to me.
Where I'm coming from (My uninformed opinion fwiw): I’d like to get my phone back, but protecting my sensitive data is also important. So I'd like to understand if the likely break-in method an attacker will take facing a locked phone at least protects my sensitive data:
if it does block access to sensitive data, then it's not a total loss to allow them to do it (I've lost my phone but not my identify)
if it does not block access to sensitive data, then I'm much more interested in locking down the individual apps like gmail etc.
* By the way, I did see while googling they can get past locked phone without factory reset if you have USB debugging on. That would be a big deal since they could get to gmail etc if you rely soley on lock screen and have USB debugging on. I'm definitely turning it off and only on when I need it.
Thanks
Very useful
Thanks for information
electricpete1 said:
Very useful tutorial. I'd give you more stars if I could. You’ve obviously studied this carefully. I also appreciate your taking the time to provide comments on avast.. .those comments were useful.
I’m just trying to think through the pro’s and con’s of the approach recommended in the guide. (open the front door but nail everything down inside).
The big con for me
It will take time to enter a pin/pattern/password for every sensitive application (gmail, settings, playstore, file manager, many more), rather then just one when I unlock my screen. It means I have to dramatically alter the way I use my phone every single day.
So I want to understand the benefit, the “why” a little better:
If someone steals my phone which is screen-locked and USB debuggin off (*), then the only way for them to get in is to do some kind of factory reset? Doesn’t that process remove all the sensitive information from the phone? i.e. they're not going to be able to get into gmail once they break in? . I did spend awhile googling as you mentioned methods breaking into the phone, but these answers weren't clear to me.
Where I'm coming from (My uninformed opinion fwiw): I’d like to get my phone back, but protecting my sensitive data is also important. So I'd like to understand if the likely break-in method an attacker will take facing a locked phone at least protects my sensitive data:
if it does block access to sensitive data, then it's not a total loss to allow them to do it (I've lost my phone but not my identify)
if it does not block access to sensitive data, then I'm much more interested in locking down the individual apps like gmail etc.
* By the way, I did see while googling they can get past locked phone without factory reset if you have USB debugging on. That would be a big deal since they could get to gmail etc if you rely soley on lock screen and have USB debugging on. I'm definitely turning it off and only on when I need it.
Click to expand...
Click to collapse
Sorry I wasn't quicker to respond - But UAG has a setting that makes it to where you must only enter it once until you power the screen off and it applies it to all locked apps. UAG isn't working for the time being on my current rom, I don't know if it's the same for others but I've notifed the developer regardless.
I'm a forensics student and can tell you that a reset alone won't wipe all the slack byte data off of the device, but fortunately this is an area of security that malicious hackers haven't quite caught up too. Mainly Military and Law Enforcement possess the tools and skillsets to do this on mobile devices because a lot of the software created to image your device and recover deleted data isn't liscensed to the general public. Solid State drives have put a few penetration testers out of business because it is notoriously difficult for forensic analysis. I can assure you that from this angle your common theif will not be stealing your identity - if you're a big shot with the CIA as an enemy, no so much. Account hijackings occur far more commonly through bad recovery questions, poor network security, or coming in contact with maliscious software.
However you should be prepared to immediately change your passwords to important accounts whenever any of your computers are compromised. Diceware is actually a pretty neat app for creating passwords with lots of entropy that makes cracking them more difficult. I've heard of a few gmail accounts being stolen lately that could have been avoided with two step authentication, so hiding google authenticater can be beneficial.
If a factory reset happens your user app data will be deleted apart from what is saved to internal storage and your sd card. What will remain is the device recovery backup that was saved to /system/apps so the option remains for you to remote wipe if you can contact the device. With avast I noticed the backup I created was in my app drawer, this worries me some because it may not be saving to the system folder - but cerberus does this for sure.
Google is watching us more than ever?
When Android know about you anything.
READ THE DUMB F&Q - CLICK ME
original write by anonymous
In this 5 minuts article we describe all the very weird things in Android, and we want to ask you - what do you say?
at first we saying that all of this is on built-in apps. Why to do that? ads custom, know what to upgrade for android, control in market, corperation with government entities like many times is past (Events in France on cooperation with cellular companys and government that they wiretapping your calls), read news, think about it - how google now know where you live, what you doing, where you visited.. and also you should take a look in this - https://history.google.com/history/ your all seraches and history. this site have my history from 2011 at least - and this site was published only from 2012 as seen in archive.org - likethe google history, why they not collect new info and not tell us right now - this maybe happend. keep reading.
One. (Shown all over the news) - "Next Android version will change the way the root work":
We asking, what happend to our "good times" Android experience? ("Open source", "Android will be different then iOS" Etc.)
Google want her privacy in system files, in control, in blocking permission root apps.
Keep reading, this was to notice what happend right now.
Two. Suspicious processes running in the background all the time
Three. Very Strange Permissions:
Hint: Android asks for credit card information on first running. ok its useful, fast, and great reason to take this details.
"Connect & Disconnect from Wi-Fi" - Dont cofuse we talk about other apps like "Factory Mode" etc. that running all the time in the background, why it need to turn on\off the Wi-Fi..? there is the main Wi-Fi settings, where YOU control the Wi-Fi, this is auto control. probably you not even see when Wi-Fi turned on it self. check in your built-in apps. its comfortable, came with the phone - you not need to install or update apps. and this came to many apps that nod need this. come on check it on few apps.
"Share your device's screen with another device" - Wow that was cool if was a built-in TeamViewer app! (wtf?!)
"Modify battery statistics" - in other words fake the battery status and deleting statistics, so the battery stats is not secure way to know what working and used the battery (!). (After long waiting for explain, they told me that is wrong spell. sure. the great perfect Google wrong in spell 4 official versions?! no, its modify.
"Downloading files without notification" - (you dont even noticed that something download, maybe right now)
"Add or modify calender events and send emails without host's permission" - In other words, the hosts is you. and emails send from you to another "mysterious" people. very smartly they put "Add or modify calender events" in start to hide this.
"Internet Browser" have permissions to - "Record audio" , "Take pictures and videos" (Allows application to take pictures and record video at any time).
"Mobile Tracker"! - Service that connects to the Internet and if your phone stolen you can lock him, wipe the device.
But I dont noticed that he canto call, send & read sms, record audio, share screen, read browser data (cookies etc.) and history, set an alarm in "Clock" (?), Access to NFC and more.
This was should be great options to my stolen phone. and very hurt for my private info.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Four. System applications linked to each other. - if one is turned off - problems starting.
The Android system built like this, that system applications linked to each other - you can check with few programmers that know this.
This is a nightmare of every programmer, when something get wrong, - to start searching problems and fix them. maybe rewriting the whole code. but google wants this.
Well, its like we'll have to install GTA V,ARMA 3, and COD:Ghosts to play Pacman.
You have turned off one - the other will continue to operate
Five. Permissions granted to applications that not supposed to do that
Gallery - can record audio, calling, etc.
Adjust color (with this you set sharpness and color tone, this of course very small option in Settnigs) - can view sms, terminate processes, access Bluetooth, Wi-Fi and etc.
And more like in "Three".
Thanks for helping, google.
very small part of "Help" premissions. check it.
Six. Almost every app has strange permissions that it should not have, check it yourself.
Seven. p.s.
We expected that Google, the "can do anything" company, in couple versions of Android will greatly improve the system and make it run faster.
(damn, windows 7 has same requirement) Although that iPhone have barely one processor with two cores, running like a cannon against my SGS4.
True, it is Android, we have higher resolution and quality and have more things to handle - but we espect that this 4*4 cores (SGS4) "computer" do more.
Maybe just another hidden processes in the background causing it?
Factory Mode - for some reason gives all permissions that you can in cell-phone. Why this running on your device now?
Eight. The Smart Google
In few words they do on you the trick. they can say that all permissions need for some reasons, but is great reason to connect you to the Internet 24\7 365 day in year. and the all hints points on something else.
Last. We care.
we care that "Hangouts" replacing our default message apps (why to put 2 applications of texting? its like to use the same cameras to take picture. one for us, one for google.)
some people dont care, and they are right. we become indifferent that all the world dig in our lifes. but it should not like this.
what you feel if steal your credit card, watch on you in bathroom, have your "deleted" snapchat images, take a look on your sister?
And what if in one day I waill want to use this?
mmm.. not really
What you say?
for the great people that read this - you must change it, do somethig. take the globe.
Flash CM, Use AppOps, Xprivacy
@Dimness
One.
Its not Google who wants her privacy, its you who want your privacy. If you'd have read them xda news post a little slower you would've notice why root is getting harder. Its because with root, comes the easiest way for viruses and hackers to access and take control of your phone and its info. Google is simply juking them out for you. They make rooting harder - most definitely not impossible! Alot of root apps have contained such viruses in the present!
Two.
Only if you new the filesystem. Android is open source, unlike iOS. Open Source means you can change it and add or remove what you like - When you know what your doing! Those "Suspicious processes" are just background processes for the framework, systemui, and all the other things that make android usable. Like display, hardware drivers and such. I don't know every background activity in Windows 8 - Guess Microsoft is hacking me
Three.
Really :shaking my head:
"Connect & Disconnect from Wi-Fi" - Well its not confusing. You disconnect when you want - connect we you want. O' so simple - anyone else spotting the strangeness?!:laugh:
"Share your device's screen with another device" - Wow that was strange if this wasn't a setting for a thing called BLUETOOTH
"Downloading files without notification" - Its for Google Play Updates and updates in general (really Dimness, really?)
"Add or modify calender events and send emails without host's permission" - Do I gotta?:laugh: Wow, man, its for if you add something to another calendar app not by Google - It adds it to Google calendar. The Emails are only if you want to send statistics to Google...
"Internet Browser" - Never seen it, been all threw android for the last 4 years, even the source...but never seen it You the only person whos noticed...
"Mobile Tracker" - Its for GPS, clocks, time zones, time, calendar updates and just about all of your NFC and network provider:silly:
Four.
WTF!?
Five.
These permissions are for task that you choose to be done.
Im done for now as I choose not to rwad such dumb accusations, maybe you should polish your info:laugh: And just one question - why would a MULTI BILLION DOLLAR company need your info, pics and etc? Why I can explain the rest, but for now its 11PM - nice life...
Aiko0923 said:
@Dimness
One.
Its not Google who wants her privacy, its you who want your privacy. If you'd have read them xda news post a little slower you would've notice why root is getting harder. Its because with root, comes the easiest way for viruses and hackers to access and take control of your phone and its info. Google is simply juking them out for you. They make rooting harder - most definitely not impossible! Alot of root apps have contained such viruses in the present!
WTF hackers lol
Two.
Only if you new the filesystem. Android is open source, unlike iOS. Open Source means you can change it and add or remove what you like - When you know what your doing! Those "Suspicious processes" are just background processes for the framework, systemui, and all the other things that make android usable. Like display, hardware drivers and such. I don't know every background activity in Windows 8 - Guess Microsoft is hacking me
TURN OFF ALL OF THIS, and guess what? my phone working great over 2 moths with games, apps and ALL
so why you need this procces ah?
Three.
Really :shaking my head:
"Connect & Disconnect from Wi-Fi" - Well its not confusing. You disconnect when you want - connect we you want. O' so simple - anyone else spotting the strangeness?!:laugh:
so you turn on the wifi with chat-on? with other apps that need this permission? you too much .........................
"Share your device's screen with another device" - Wow that was strange if this wasn't a setting for a thing called BLUETOOTH
You cross the line, bluetooth to share screen? you even know what it is? how much old you 5... lol the permission not even in bluetooth permissions - its on "Personal Information" sector .............
"Downloading files without notification" - Its for Google Play Updates and updates in general (really Dimness, really?) WITHOUT notifcation u cant read - even google play notificate when auto update, its not GOOGLE PLAY because the permission NOT IN GOOGLE PLAY, its on very many apps. (really, man? realy?)
"Add or modify calender events and send emails without host's permission" - Do I gotta?:laugh: Wow, man, its for if you add something to another calendar app not by Google - It adds it to Google calendar. The Emails are only if you want to send statistics to Google...
send emails without host's permission
that not qeustion if u want or not...
"Internet Browser" - Never seen it, been all threw android for the last 4 years, even the source...but never seen it You the only person whos noticed...
check your self in app manager you dumb.. i have sgs4 its not have to be in all devices
"Mobile Tracker" - Its for GPS, clocks, time zones, time, calendar updates and just about all of your NFC and network provider:silly:
NFC cant connect to internet!! this like bluetooth when you need to text message - this 2 things Not related at all
Four.
WTF!?
Five.
These permissions are for task that you choose to be done.
Im done for now as I choose not to rwad such dumb accusations, maybe you should polish your info:laugh: And just one question - why would a MULTI BILLION DOLLAR company need your info, pics and etc? Why I can explain the rest, but for now its 11PM - nice life...
Click to expand...
Click to collapse
EDIT: THE F&Q DUMB ITS ON QUOTE IN BLUE - OTHER INFO IN THIS COMMENT.
--
YES its for GPS, ITS THE WAZE!!
THEY NEED THIS PERMISSION, YES YES,
THIS THE ONE SIDE OF THE COIN, BUT IN Eventually ALL YOUR INFO SEND TO INTERNET.
THE "NEED OF PERMISSION" IS GREAT REASON, BUT THEY CAN TAKE YOUR INFO IN 1 SEC.
WHY NOT TO DO THAT? YOU ARE VERY HALPFUL INFO.
ads custom, know what to upgrade for android, control in market, corperation with government entities like many times is past, read news you are in 2014. not in dinosaurs age.
sandm4n said:
Flash CM, Use AppOps, Xprivacy
Click to expand...
Click to collapse
thanks
you think this is true at all?
This has become a concern to me as well. Not particularly the permissions aspect, but how Google handles the massive amount of private information they receive in general. I've stopped using the non-transparent aspects of Android, including gapps.
chaz3 said:
This has become a concern to me as well. Not particularly the permissions aspect, but how Google handles the massive amount of private information they receive in general. I've stopped using the non-transparent aspects of Android, including gapps.
Click to expand...
Click to collapse
You right im with you, so mutch weird stuff.
You're confusing Samsung's apps, Google's apps (Gapps) and the apps you're installing yourself.
Thread closed since this thread appears to be disguised as a discussions thread, but is spreading wildly inaccurate info (see my line above) and seems to welcome different opinions with insults (I've cleaned those as well.)
Spoiler: Warning - don't visit these two sites:
Code:
www.vu239trk.com
int.vaicore.store
Trend Micro says both of these sites are malicious.
Full story - I recently changed router brands. Our new routers have the ability to block malicious sites that are trying to be accessed. Thankfully, this isn't happening on my rooted phone - it's happening on my wife's Pixel 7 Pro which is unlockable but is locked. The same was the case a week and a half ago with her Pixel 6 Pro. Problem is, that my wife has no idea which of her apps - I'm guessing a game, but who knows - would be accessing those. I've tried to pin them down according to what time the router blocked access, but it hasn't helped.
The router has blocked access to those sites from her phone(s) a total of seven times between October 5th and the 19th:
10/5 - vu
10/9 - vu
10/12 - vaicore
10/14 - vu
10/15 - vu
10/16 - vu
10/19 - vu
So it's not every day, and not repeatedly on the same day. I've let her know each time the router notifies me, but nothing has come to mind for her, so I don't know if it's happening in the background or when she's actively using an app.
I've tried some simple Google-fu for this question, or specifically regarding these sites without any promising help.
Does anyone have any suggestions for how to find out what apps are accessing them? I'm aware of solutions like NetGuard - no-root firewall to whitelist/blacklist internet access - however, my wife is non-technical - I don't root her phones anymore as she's not interested in the benefits and it's less work for me, and no chance for me to mess up her configuration. Also, we both suspect that it's one of her games that is trying to access those sites, and those games might already require internet access for them to work, so I'm more interested in tracking down which without a process of elimination. She's also not methodical like I am, at least for technical things.
I could probably dump a list of her apps to at least get some ideas. All her apps came from the Play Store and were just restored from there during our recent transition to the Pixel 7 Pro, so whatever it is, Google hasn't caught it yet. She doesn't use any special web browsers, just Chrome, and she doesn't do anything techie or hacky.
Also trying to avoid both a factory reset and not using Google's cloud backup. She forgets her passwords constantly so fresh setups always cause high anxiety for her, and therefore for me too.
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
EtherealRemnant said:
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
Click to expand...
Click to collapse
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
EtherealRemnant said:
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
Click to expand...
Click to collapse
Thanks for that information! In this case, she doesn't have the Audible app.
EtherealRemnant said:
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
Click to expand...
Click to collapse
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
Click to expand...
Click to collapse
Words of wisdom for maintaining a happy marriage
Lughnasadh said:
Words of wisdom for maintaining a happy marriage
Click to expand...
Click to collapse
New movie: "Honey, I disabled half of your apps!"
EtherealRemnant said:
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Click to expand...
Click to collapse
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things.
┤Mod Edit├┤Unneeded remark removed├
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Sequel: "Why I now sleep on the couch"
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Translation: "Honey half your apps were spyware, can we still be friends after the divorce?"
Lughnasadh said:
Sequel: "Why I now sleep on the couch"
Click to expand...
Click to collapse
"...and use the cat's litterbox..."
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
Thanks for that information! In this case, she doesn't have the Audible app.
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
Click to expand...
Click to collapse
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it... and teach her new tricks.
blackhawk said:
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things. No saving dumb bunnies, you are what you load/download.
Click to expand...
Click to collapse
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
blackhawk said:
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Click to expand...
Click to collapse
Absolutely. I got her to install it - later when we're both not working, I'll work with her to have it do its thing. I meant to mention in my earlier reply, to thank you for that advice.
blackhawk said:
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it...
Click to expand...
Click to collapse
I use Brave for select things, but to try to move her completely or even partly from Chrome to Brave would ultimately not be an effort well spent. I'm getting anxious just knowing how things would go.
blackhawk said:
and teach her new tricks.
Click to expand...
Click to collapse
My wife's habits are firmly planted. Mine are probably just a tiny bit less than hers, but obviously, I can't be objective.
EtherealRemnant said:
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC.
Click to expand...
Click to collapse
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
EtherealRemnant said:
I don't run more than Windows Defender these days and I continue to just use common sense on the internet.
Click to expand...
Click to collapse
Same here.
EtherealRemnant said:
Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
Click to expand...
Click to collapse
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
roirraW edor ehT said:
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
Click to expand...
Click to collapse
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
roirraW edor ehT said:
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
Click to expand...
Click to collapse
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
But my stupid self has definitely done the "let's get drunk and mess with Linux" thing... Which has absolutely resulted in some loss lol, especially back in the LILO days when the installers could easily wipe out your Windows partition when they bugged out and also sometimes when I just messed up the partitioning myself.
Fortunately, there's not much that I absolutely have to have, so even if I lost absolutely everything, the biggest headache would be recovering my bank/credit union accounts (of which I have like 23 credit cards alone right now) and online accounts like XDA and reddit. Social media I could just start over. Or not start back up at all for that matter.
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
EtherealRemnant said:
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
Click to expand...
Click to collapse
I forgot - I guess I don't count my pre-XP days as far as viruses and trojans. Definitely had some on probably almost every Apple/Amiga/Windows OS I ever ran before XP. Security? What security!?
EtherealRemnant said:
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
Click to expand...
Click to collapse
That is lucky. I'm not on the opposite spectrum of hard drive experience, but I definitely have run the wheels off of many hard drives.
EtherealRemnant said:
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
Click to expand...
Click to collapse
A few months ago I largely switched back to Firefox, but I still use Chrome for certain things, and I do use Brave for a very few things. A couple of years ago, I was liking Microsoft's Chromium-based Edge just fine, but then they changed just one little thing - which made it many more clicks than in Chrome or other browsers if you wanted to potentially change your download save location for each and every download.
There were a ton of complaints to Microsoft but they wouldn't reinstate the original way. I'd have no problem if they at least let users opt to use the way they used to, but fell on deaf ears. I switched back to Chrome after that - Edge was just too much of a pain for micro-managed downloads.
EtherealRemnant said:
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
Click to expand...
Click to collapse
I'm still running W7. It's kept off the internet always. Android is a lot easier to keep secure.
Updates sound good in theory just like the Covid vaccine did. In actual practice they cause trouble and aren't needed. It's an ongoing experiment at this point and it's simply running too good to mess with the firmware. I refuse to.
Pie is pretty secure in real time with a few modifications. I keep wifi disabled as well. At this point I'm curious to see if anything can nail it. Lol, I test it everyday. A reload isn't very painful for me and everything is redundantly backed up.
App updates have caused me a lot of time and trouble particularly with Samsung. Got a pair of Buds+ that the last firmware update degraded the sound badly, need to get Samsung to reflash to its original firmware. My new Buds+ sound great with much better range; that firmware will never be upgraded. Upgrades and updates tend to break Samsung's... best to leave it be if it's fast, stable and fulfilling its mission. That strategy may sound counterproductive but it works well for me in real time.
That's all that counts.
Pcap droid app from the Google app store or download the apk from f-droid: it's a superb app.Here are some sample screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
xxTECRAxx said:
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
Click to expand...
Click to collapse
Thanks, but I was trying to indicate that root isn't an option I'm interested in for her phone. That is, she's not interested, and it would be especially disruptive to her now that we've had our factory unlocked Pixel 7 Pros for over six months, plus it's just less work for me to not bother rooting her phone and keeping it up to date manually.
In addition, with her phone not rooted, and the bootloader still locked, I feel better about her running whatever random games she plays.
I haven't had any notifications about that site being blocked in a while. The most recent email I found about it was from December, although I don't know if I might've deleted emails that came after that, but I think I purposefully kept only the most recent example.
I'll keep your information in mind if I ever experience anything like that coming from my devices (I always root them).