Root Tracker is source code for a super-simple Android 2.2+ device tracking system that responds to SMS messages with embedded control passwords.
Root Tracker is designed to be installed on a rooted device in /system/app, so it can survive a hard reset. Root Tracker has no user interface, all the better for hiding it from a thief. The code must be customized for the particular user and device, as passwords and other configuration items are hard coded, and each user should change the package name and other details to make it sound like a system package, in order to even better hide the package from a thief. Don't use the current values in the source, as a smart thief (there aren't many, I expect, but there may be some). Plus, I expect that different users will have different requirements.
After customizing and installing, go to your system Settings and set Root Tracker's device admin class as a Device Administrator.
Actions available:
gps
wipe
lock (locks screen [if set as Device Administrator; otherwise, sets screen timeout to a very short value to make device very hard to use], turns off adb, disables NoLock)
unlock
root shell command (output returned via SMS).
I wrote Root Tracker because I was uncomfortable about having my phone tracked and potentially wiped by a closed source app, like the various anti-theft trackers currently available. A crucial design principle was to make RT simple enough that one can easily verify from the source code what exactly it is doing.
The passwords are plain text in the apk. You can replace this with hashing if you like, but I didn't bother.
Also, instead of invoking the Android system's data wiping, which is known to be of problematic quality on some devices, it uses dd to overwrite the data partition, which may be more reliable (but of course, you have to ensure RT is installed in /system/app). Moreover, this means that the wipe works even if the thief is clever enough to go to the device settings and revoke Root Tracker's device administrator status. I don't know how well this works. This is a feature I did not test since I don't want to deal with restoring a backup. I worry that wiping the data partition will cause a reboot at some point. (Still, I have deleted the contents of /data before, and restored them via tar, and the device did not reboot while deleting.)
The gps command responds instantly with last cached GPS and Network location, then turns on GPS (even if disabled) and Network location (this one may show a dialog, so I recommend keeping Network location on in your Settings, or else disabling the Network location code). Then it waits for a GPS fix. If while waiting for a GPS fix, it gets a new Network location value, it sends that, but keeps on waiting for a GPS fix. If it gets a GPS fix before getting a Network fix, it quits looking for the Network fix (you can change that in the source code).
Note: Installing this on a device that isn't yours (unless you're law enforcement with an appropriate warrant) is likely illegal and is certainly not nice. This is designed for one's own use.
Related
heya guys.. I'm gonna tell you that I was a bit worried about losing my phone.. now about the data, about the handset.. infact everyone must be.
What I got out is :
-- There are many apps in play store that provide you info when your phone is lost... but those are BULL****
-- If the thief is a genius like us, he would just turn off the phone, throw sim card and memry card and then just boot into recovery/adb shell to factory reset your phone. In that case, all these apps are useless..
-- So, the BEST way to protect your phone is :: install avast! It is the MOST EFFICIENT APP IF YOUR PHONE IS ROOTED .
It has a feature that The app would install into the ROOT folder as a SYSTEM APP !!!! which couldnt be deleted even if your phone is resetted/new rom is installed. :angel::good::good:
THE APP ALSO HAS A FEATURE THAT IT WOULDNT ALLOW THE THIEF TO BOOT INTO ROOT/ADB WHEN THE PHONE IS MARKED LOST !!!!
:good::good:
It could play a siren, wipe your phone, hard Lock it and more!!!:good::good:
so keep it !~!
Steps to Track your Android Device using Avast
Now as mentioned above, you should fulfill the above two condition to go with this tutorial. If you don’t have Avast, please first install it.
1. After installing Avast antivirus for your Android device, just go to its dashboard and click on Anti-Theft, to enable your anti-theft in your phone. Avast will now ask you to install its Avast anti-theft module from Google play or through advance installation mode as shown below.
Avast Anti-theft
For this tutorial we have chosen to install Avast update from Google play store. Please do not install this directly in your Android phone or tablet.
Note: Avast will also ask to create an account to give you control from web-interface.
2. Now after installation of Avast anti-theft module i.e Avast update, Avast will setup your anti-theft feature, here you just have to give your name and alternate mobile number and also password.
Avast Anti-theft setup
So now you have installed Avast anti-virus and setup your anti-theft feature in it and now its time for testing. To test the remote control feature of this application, we tried controlling our Android phone from a remote location with the help of web-interface.
Now go to My Avast and go to devices, where your all active devices will be shown.
Avast Devices
Now in device detail you will see lots of option and tabs. Here go to choose command, and you will see lots of commands like command to locate your device, lock, siren on-off, call, launch, messaging etc. Lets test with knowing the position of your lost or stolen phone.
Avast Device commands
Test 1 : Locate
Select command Locate and click on send. Now Avast anti-virus will search for the best option to determine your Android phone location silently. In my case, it switched on my Wi-Fi automatically and then send co-ordinates to the server in a very little time. To get up-to-date location, you can also instruct to get phone location every 5 minutes, 15 min, an hour etc.
Avast locate command
Now to see if your command has been successfully received by phone or not, just browse to command tab and check status, it should be a green check mark as shown above.
To track your Android phone location, click on Locator Map after executing the locate command successfully and there you will see the current location of your Android phone or tablet.
Avast GPS Map
To see your GPS co-ordinates and source of tracking you can go to GPS Coordinates tab.
Test 2 : Set Siren
Now suppose your Android device is stolen and you want to run a siren, so that thieves can get afraid for a while, then go to command and send SIREN ON command. As soon as you give this command, your phone will start ringing with tone “Phone is lost or stolen, Phone is lost or stolen“.
I must tell you that this is very effective command and once executed, it is very difficult to stop the siren even if you have disabled your GPRS, 3G, Wi-Fi etc. Even if stealer will switch off the phone and again switch On, the siren will still ring.
Avast SMS Commands to Control your Android Phones
The method we discuss above were from web-interface and require internet connection, what if you are commuting in bus, metro train or any other public transport and some one stole your expensive Android phone. Then SMS commands come into action and immediately you can lock your phone, Wipe the data, locate, etc. etc. with the help of these handy SMS commands.
These commands work with your password, which you setup during anti-theft configuration above. The syntax of all the commands is very simple. Just type your password and command. Below are some of the very important commands you should know.
In below SMS commands, let say your password is 1122.
I. LOCK Command: This will lock your mobile phone.
Example: 1122 LOCK
II. LOST Command: This marks the phone as LOST.
Example: 1122 LOST
III. SIREN ON : Switch On the Siren on the phone.
Example: 1122 SIREN ON
IV. LOCATE : Will locate your phone and send you the Co-ordinates.
Example: 1122 LOCATE
1122 LOCATE 5 : Will locate the phone continuously.
V. CALL [phone number] : Phone will call the given number automatically
Example: 1122 CALL 9801234XXX
VI. WIPE : Will wipe all your data from phone.
Example: 1122 WIPE
VII. REBOOT : Will reboot your phone.
Example: 1122 REBOOT
Above were some of the very important SMS commands, to get the whole list please see Avast website.
Hope this article will help you in saving your Android phone from loosing and if lost, then it will help you in tracking it.
NOTE:: Guys i was a senior member,, but ive made a new account ,, so plz hit THANKS THANKS THANKS !! PLZZ PLZZ :good::good::good::good:
Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...
nupi said:
Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...
Click to expand...
Click to collapse
It's not a standard option in Android (I for one am glad - I've accidentally wiped my work Blackberry more than once when inebriated). Android Device Manager (or the Motorola equivalent) both allow a manual remote wipe from a PC or another Android Device.
It's possible for apps to monitor incorrect password entries (no root required just a Device Administrator Permission), although I'm not sure if an automated wipe is possible without root. Take a look around the play store to see if anything meets your needs.
I use the automation app MacroDroid along with Secure Settings (both in the playstore) on my unrooted MotoG. The way I've got it set up is that 3 failures to enter correct PIN changes it to Password mode, a further 3 failures will prevent the phone from waking up (by automating a screen lock associated with the screen coming on). As-well as that it will automatically take and email to me front and rear camera photos, and the phones location on the change from Pin to Password, and again on the change to 'Lockdown' mode. I can send it an SMS with a special message in the text to get it to repeat this. I'm toying with the idea of setting it to shout 'Thief!' repeatedly at full volume when someone tries to turn on the screen when it's locked down
It is not exactly that what you were asking for. But i just wanted to mention also Cerberus here.
It brings a lot of nice features to control your phone remote.
Hello,
My S3 mini was stolen and the thief apparently removed the battery or sim as soon as it was stolen. So it came into mind, which is more secure really. iOS or Android. Apparently, for an Android phpne whether the battery is removale or not, the thief can simply remove the SIM or just shut it down without even knowing the screen pass lock. Furthermore, if he does the power plus volume down combination, he can easily reset the phone to its factory defaults and even then, my photos - main storage and SD card - will be compromised. So yea, the phone can easily be cut from the internet so the wipe amd locate fucntions would be useless.
However on my iPad, I tried connecting it to a new computer, the photos were not accessible. I even installed iTunes, still the photos were not there. It had to be accessed from an iTunes that has previously backed it up. Traditional methods like wiping and locking and tracking are rednered useless because the thief can easily remove the SIM or simply shut it down without knowing the passlock.
So yea, does that make iOS more safe? Do thieves have access to programs that can bypass the lock screen for iOS or Android. Do they have access to programs that can factory reset iOS without an iTunes with a previous backup?
Am I missing anything? Can the user thighten the securty more by himself other than being careful and copying the photos reguraly. Also I am assuming that the USB debugging is turned off for Android by default.
PS: I do know that There are apps made to combat theft but yea, removing the battery, shutting it down or removing the SIM totally kills all those solutions.
We all know there are apps, but every night I sleep I think of this feature. But I'm not a kernel dev so I don't know how to make it.
Hopefully some kernel dev stumbles across this and can implement it.
There must be a pin lock when you factory reset your device and a toggle which unlocks the device pin for a certain amount of mins then locks so that the recovery wipe isn't reachable until one unlocks it.
But yeah, till now I think apple devices are more secure in terms of when theft applies.
Sent from my Nexus 5 using Tapatalk
i have an option to encrypt the entire phone in the security menu. i do not know if that is a custom rom or an android thing, but i suspect it is the latter.
i do not use that option, though, it makes data recovery more difficult should something go wrong. still, it is there, and if you guys are so security conscious, why not just encrypt the data?
In this era, Mobile Security is the top priority for any smartphone user. Mobile Security continues to up for the security. Nowadays it's more vital cause we store sensitive data on mobile phones. Ios is more secure than android.
Some features of IOS why you choose IOS:
App marketplace security: Apple closely inspects every app on its app store, which might reduce the number of apps available, but helps to minimize malware-riddled apps.
Device manufacturers: iPhone's integrated design makes security vulnerabilities less frequent and harder to find.
Updates to patch vulnerabilities: Apple updates are more accessible to control across devices, promising consistent security.
I just got my pixel, and found two very bitter disappointments. First, as expected, even an unrooted device will not pass safetynet (i.e., let you run android pay) if you've unlocked the bootloader.
Second, however, and a bit more of a shock, there appears to be no way to require a passphrase on bootup. The option on the nexus 5X and 6P that you get while selecting a PIN simply does not exist. So does this mean there is basically no way to secure my phone?
This is doubly infuriating. On one hand Google wants to prevent me from learning my own device encryption keys, supposedly in the name of security. But then on the other hand, they reserve the right to extract my keys themselves if they ever sign a backdoored bootloader (that can extract the now unencrypted keys from firmware).
For me the whole benefit of the fingerprint reader has been that it lets me select a very long boot passphrase, since I don't have to type it to unlock the phone. However, I'm now seriously considering removing the PIN from my lockscreen so I don't delude myself into storing anything of value on my phone.
Am I the only one super annoyed at these security developments?
Mine asks for my pin on first login.
Moogagot said:
Mine asks for my pin on first login.
Click to expand...
Click to collapse
Yes, but by the time it prompts for a PIN, it has clearly already decrypted the flash storage. So this means that if your bootloader is unlocked, someone could have messed with your system partition to bypass the lockscreen.
15xda said:
Yes, but by the time it prompts for a PIN, it has clearly already decrypted the flash storage. So this means that if your bootloader is unlocked, someone could have messed with your system partition to bypass the lockscreen.
Click to expand...
Click to collapse
That's not true. With device encrypted data and Direct Boot enabled, this restricted mode allows apps to perform limited actions and access non-personal data (i.e. specific system files), allowing it to boot up to the lock screen securely without any user interaction.
You have to enable it though, by going to developer options and selecting "covert to file encryption”. This WILL perform a factory reset though.
msaitta said:
That's not true. With device encrypted data and Direct Boot enabled, this restricted mode allows apps to perform limited actions and access non-personal data (i.e. specific system files), allowing it to boot up to the lock screen securely without any user interaction.
You have to enable it though, by going to developer options and selecting "covert to file encryption”. This WILL perform a factory reset though.
Click to expand...
Click to collapse
There is no "convert to file encryption" option in the developer options on the Pixel. Anyway, since the lock screen shows personal images and notifications and such, clearly a lot of data is available if someone decrypts the file system, even if there were an option to double-encrypt a few individual sensitive files. Anyway, what are the chances that every app developer encrypts every file I care about? This is why I want full device encryption, and I want full device encryption without storing my keys someplace where a backdoored bootloader can get at them.
15xda said:
Anyway, since the lock screen shows personal images and notifications and such, clearly a lot of data is available if someone decrypts the file system, even if there were an option to double-encrypt a few individual sensitive files.
Click to expand...
Click to collapse
Well, I stand partially corrected, actually. The device definitely seems to show some of my settings on reboot, like, for instance, volume. On the other hand, it can't receive VOIP calls (suggesting it doesn't have access to the SIP password I configured in the dialer), and incoming mobile calls don't show the contact name. So I guess it does offer some protection, but it's much harder to figure out what.
In case anyone lands on this thread, here is an explanation of what is happening on bootup:
https://developer.android.com/training/articles/direct-boot.html
The short answer is Pixel uses file-based-encryption now instead of disk-based encryption. I'm still not happy about this design because it somewhat reduces privacy and potentially complicates examining applications as root, but it's not as bad as I originally throught.
Good day, dear forum!
For long time i tried to clean my hacked samsung smartphone. But no luck.
I perfomed FRP in Samsung service center in my town. Situation the same.
Symptoms of hacking:
1. Gmail account hacked. I registered from my email but in registration form i see completely different email, not mine.
2. In my smartphone I see to apps with the same name ("email" and so on).
3. All my apps got all possible permission to acsess my data (network, sd card, system etc). Some of my important files is deleted and destroyed by hacker.
4. When i take affort for defend from hacker (for example, using privacy guide etc), privacy guide panels and factory reset panel become untouchable after 20 min,
although they work well in first minutes after installing OS.
5. I blocked wi-fi and bluetooth connections. I have no wi-fi connection at home. But i see that NFC is running, all my apps connected to wi-fi, phone working very slowly.
I see that phone maked 5 calls during 30 min when it was turned off (!). I think, my phone use hacker's wi-fi.
What i did:
1. Performed FRP in samsung service center. No luck.
2. I installed 4 files service firmware via Odin. The same.
3. I did FRP and installed TWRP, SuperSu, LineageOS v.14. During installation i cleaned Dalvik/ART Cache, Data, Internal Storage, System, Cache.
Also i skiped google and samsung verification. But also no luck.
Finally, i understand that hackers files, apps, peaces of code etc exist not in firmware, but deeper in core.
I think there is another one superuser and he has much more permissions in system then mine.
So, my question is:
-- where i can find and delete extra superuser on my phone,
-- where i can find and delete dangerous app permissions, added by hacker,
-- where i can find and delete dangerous changes (apps, files, pieces of code) added by hacker,
-- what extra actions i can perfom to deleted hacker from my phone (exept FRP and custom OS/firmware)?
There is similar post but i don't see decisions for me
https://forum.xda-developers.com/general/security/trojan-infected-recovery-phone-partition-t3762962
Sorry for long post and my English mistakes. I will be greatly appriciated for any advice!
Yours sencerely, Olga
I cleaned partitions and installed Lineage OS again. Phone changed MAC address Wi-Fi and now use NFC connection and wi-fi. I can't block NFC and Wi-Fi, button is not working. Can you explain me how phone can be hacked if dring the installation i didn't use sim-card or wi-fi? How i can change core settings/use custom core?
OlgaMar said:
I cleaned partitions and installed Lineage OS again. Phone changed MAC address Wi-Fi and now use NFC connection and wi-fi. I can't block NFC and Wi-Fi, button is not working. Can you explain me how phone can be hacked if dring the installation i didn't use sim-card or wi-fi? How i can change core settings/use custom core?
Click to expand...
Click to collapse
it is possible that the hacker installed the software on a partition and updating will not help that. You would need to check all the partitions their size and what are their permissions and compare it to stock, wiping the phone with dd if you have a full software image (the entire hard drive image) will also work but it is a take no chances command.