How secure is Autoremote (Tasker plugin) - Asus Transformer TF700

Hey there,
I saw a couple of posts on the Internet regarding this new Tasker plugin. I was wondering how it really works, but couldn't find any detailed explanation on how exactly this works.
I'm a bit sceptical installing a Tasker plugin which can be controlled by any browser. Sure you have to know the shortened URL and you can define a password, but I don't see myself handing over control of my phone to a Tasker login lying around in the cloud somewhere.
Any insights?
https://play.google.com/store/apps/details?id=com.joaomgcd.autoremote.lite
This is the lite version if anyone is interested.
How to from pocketables
http://www.pocketables.com/tag/autoremote
Sent from my GT-I9300 using Tapatalk 2

AutoRemote developer here
Hi.
I'm AutoRemote's developer.
What exactly are your concerns over AutoRemote's security?
The way it works is, like you said, you control your phone from your own personal URL. You give that that URL to other people or keep it to yourself. The probability of someone finding that URL by chance is extremely low, and even if they do, they would have to guess which commands you configured on your phone.
Feel free to ask any questions and I'll try to answer them.

Hi,
thanks for taking the time to answer my questions. And I have to admit, I was a bit vague in my first post.
How does the communication between my desktop browser and my phone work? Let's say I defined a message and send it from my browser at work to my phone, which is on the mobile network. How does this work? Will the message be send from the PC to the phone? I don't know how that would work, as the ip I got from my ISP is behind a firewall and there is no way to directly reach my phone. This leaves two possibilities:
1. the phone has a constant connection to the server, like an ssh tunnel (http://autoremotejoaomgcd.appspot.com/?key), or
2. the phone itself checks for new messages on the server in regular intervals (again, http://autoremotejoaomgcd.appspot.com/?key)
1. battery will drain a lot, judging from my experience with ssh or VPN. Phone won't go into deep sleep.
2. Messages will be stored on the server.
I guess 2 is more likely, but then again, I could be talking out of my a**
My main problem with it though: Everything done via http://autoremotejoaomgcd.appspot.com/ is a black box for me. You could save all messages, including passwords and messages and this is a big problem for me. Don't get me wrong, but why should I trust you with this data when you could do all kinds of nasty things with the devices. Let's assume I made a message to remotely wipe my phone, you could do same, couldn't you?
I'm not saying you do these things, but I don't know you
I guess my guestion is, any way to host the middleman goo.gl/12345 and http://autoremotejoaomgcd.appspot.com/ myself?
If I'm wrong about these things, please feel free to correct me and thanks again for taking the time
Greetings

Thanks for the friendly message.
About the first part, the way it works is, the autoremotejoaomgcd.appspot.com page sends a message to Google which in turn sends a push notification to your phone.
That doesn't drain any more battery than it would otherwise, the connection to Google's servers to receive push notifications is always open anyway.
This is the same way you receive new email alerts or instant messages on other apps.
About the second part, yes, it's true. If I wanted, I could keep all your messages and resend them. I certainly DON'T do that, but why would you trust me?
Well, what I always say is, use AutoRemote for fun and non-dangerous stuff if you don't feel like trusting me. If you feel I'm not a bad guy (I already have lots of positive reviews on Google Play that show that I haven't done anything wrong), that by all means create a remote-wipe profile in Tasker.
Hope this helps!

Hey man,
Thanks for the explanation and sorry for the delay, but the last couple of days were pretty busy. Anyway, I still have a follow up question
I'm curious about the Google push notification feature you mentioned and I'd like to know how that works. I hope there is some sort of mechanism to prevent people from sending notifications to my device without my consent. If you could point me in the right direction in terms of documentation I would be grateful (well, I already am for your response )
I think I will give it a try and use incoming email for wiping device. Being able to disable my xmpp account on the tablet when phone leaves home would be a great feature. So, thanks again for your effort and your answer.
Have a nice day.
Hillbicks
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2

Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben

Fmstrat said:
Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben
Click to expand...
Click to collapse
I'm with Ben here. I just installed Autoremote for testing and tried adding my linux box as a registered device. That implies entering a valid username and password for the linux box, and I'm guessing that both username and password are sent on the clear when sending a message from Autoremote to the linux box. This is a major security risk, and perhaps Ben's solution could be easily implemented...
I think Autoremote is a great idea with a great execution so far, just lacking the security component for our peace of mind!
Ivan.

There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.

fortunz said:
There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.
Click to expand...
Click to collapse
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65

ironhead65 said:
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65
Click to expand...
Click to collapse
Hi, as long as your sending device and the reciever (that may be another phone or a PC) are in the same network, there is a possibility to send the messages directly via WiFi. Also, messages can be sent by using Bluetooth.
So, as long, as your connected to the same network (what you usually are as long as you´re at home), or your devices are in the same room there is no need for external servers
Greetings!

@joaomgcd
Any news on that matter?

C0qRouge said:
@joaomgcd
Any news on that matter?
Click to expand...
Click to collapse
What part exactly do you mean?

thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.

C0qRouge said:
thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.
Click to expand...
Click to collapse
+1 to direct communication, as in LAN communication ONLY
Two devices both running tasker/autoremote, able to communicate with one another on the same network, without being routed outside the network.....ever
Whether thats feasible, ....i dont know
I also like the encryption bit

Related

[Q] [HELP] Password & account detail leaks [Sony PSN Fail!]

Hi Everyone,
So Sony PSN join the ranks of Gizmod, Play.com, Facebook, Sky, Apple, AOL [there are many more] as leaker's of our information.
What are peoples thoughts on this?
It seems that more often than not our passwords and details are not safe with companies anymore, but how can we protect against this?
Although it is best practice to use different passwords for every site and to use secure passwords (i.e. mix of numbers and letters) surely this is not practical since our heads are only capable of remembering so much. I also try to avoid trying out multiple passwords when logins fail, afterall, what happens if that is logged!
What solutions exist to combat this issue? Are there any alternatives?
I think it is safe to say that if at least one of your passwords has not been leaked by now, then it is simply a matter of time. I just don't think passwords are good enough now, we need something better.
Do you mean the latest PSN Network problem? If you talking about that:
Sony will have to repay people for stolen account info such as credit card info! Its because sony security was so weak that this happened!!
Now i agree that passwords are not always the best protection for us. And never use public computers to check email and stuff since most have keyloggers!
For Password i use a real strong password using all sort of simbols and its meaning its not related to me nor family... Makes it hard to guess for people
xploz1on said:
Do you mean the latest PSN Network problem? If you talking about that:
Sony will have to repay people for stolen account info such as credit card info! Its because sony security was so weak that this happened!!
Now i agree that passwords are not always the best protection for us. And never use public computers to check email and stuff since most have keyloggers!
For Password i use a real strong password using all sort of simbols and its meaning its not related to me nor family... Makes it hard to guess for people
Click to expand...
Click to collapse
The problem is that not matter how strong the password is, once it is stolen it doesn't matter anymore unless you have strong passwords for each and every site and a Rain-Man brain to recall them all.
I agree about public computers, you can add to that Open Wifi connections and those people who think it is a great idea to keep their wifi unsecured!
I think as people have become aware of password security, they do use better passwords, but they still use them everywhere.
I know some people use apps to store their passwords, but not only is that inconvenient but what happens if you battery is flat?
For such a big problem, there must be some kind of answer.
Sony are a bit of a joke these days. To be fair, it's not definate that CC info was taken as they don't actually know, and to the best of my knowledge nobody has reported actually having been defrauded yet. Credit Cards are covered by fraud protection anyway so it would only be the inconvenience that it causes people rather than a loss of money.
PSN passwords and account info is another matter though. That should all be encrypted and if it's not they have a lot to answer for! Also, why did it take them a week to report this problem to the account holders?
Just read this: http://www.fudzilla.com/games/item/22562-sony-now-saying-there-was-no-leak
Hi! When I read about this Sony issue i shocked! I mean, if that happens to sony... i think i'm not buying anything else without a virtual credit card.
Regarding to the passwords... i found this article in a blog the other day that recommended to use long passwords, with different elements, one common and one specific for every site. For example:
p4ssw0rd_fBk for facebook, or p4ss_gM41L for gmail... i think thats an interesting idea!
neival said:
Hi! When I read about this Sony issue i shocked! I mean, if that happens to sony... i think i'm not buying anything else without a virtual credit card.
Regarding to the passwords... i found this article in a blog the other day that recommended to use long passwords, with different elements, one common and one specific for every site. For example:
p4ssw0rd_fBk for facebook, or p4ss_gM41L for gmail... i think thats an interesting idea!
Click to expand...
Click to collapse
yeah I was thinking of something along similar lines.
I guess you have to make it slightly more than a simple combo though or there is still a chance it could be used. It would stop most automated attacks though, which would be far better than using the same password.
A different take on using a combo of random letters/numbers is suggested here http://www.baekdal.com/tips/password-security-usability. Interesting that "It is 10 times more secure to use "this is fun" as your password, than "J4fS<2"" even though you are using common words and you are much more likely to remember it...makes sense I suppose, there are only 128 ascii chars but far more possible common words so even three is enough. It goes against what most password advice of using mixed case etc, but in fact it is right - although note that WAP2 talks about a pass-phrase rather than a password, you can see why now. Obviously unrelated words would be better, i.e. not using famous quotes etc , and you still have the problem of putting a unique bit in for the site itself which can't be used to access your other accounts, if they get your password from somewhere else.
I think if I did use such a system it would be worth keeping note of the codes you've used (somewhere nice and safe of course) or you could end up locking yourself out of a lot of places (or at least keep track of which places you've adopted the system on).
Could also having a system so you can change your passwords periodically but still remember them i.e. a year code or something, 1st letter of your car reg perhaps.
Another thing you could do is to protect your email address (since that is a prime target once your details have been lost...i.e. they now have a password (or variations to try) and related email account to try it on) is to use email aliases (like hotmail allows), so that the signed up email address does not even relate to an actual real account (hotmail just says the password is incorrect, even if you are using the correct one for the linked account!).
The only other issue is down to security questions and password reminders on sites, a password is useless if they just reset it due to a simple security question. (Does sony have that info as part of sign up or is it just your email address they use for reminders - I can't remember now).
After-all, if they just need you to supply your D-O-B or mothers maiden-name and it was stored on a site which has lost it's data, it is not something you can change (unless you lie of course from now on). What info would they use to verify you if you told them you've lost access to your email address, would that info also have been included in the "lost" data from these companies???

Most secure apps for various purposes

Ive been through the entire security forum. Must say till a little raw but it will mature hopefully. Still a lot of noobs talking and no serious dev talk. Im not a developer but I have done some research esp on encryption systems and keep myself updated with the loopholes in various apps. Until such time when they do join in I think it would be a good idea (esp if the higher-level know-its) would share their list of apps they use for their everyday functioning and especially how you currently protect yourself best against unwarranted attacks to the types other forums are talking about.
My list is:
K-9 mail : for email. I use APG with that though im still not convinced its worth it cause the keys would be a easy to 'reverse engineer' as you can easily detect the device you use to send the mail and thus an estimate of the computing power essentially showing them the narrow range of prime numbers in which the key could have been generated. But you would need to be a dedicated target for that. Plus its open-source and very popular.
Xprivacy: its good for apps with too many unnecessary permissions but it wont protect you against intruder attacks.
network connections: just switched over to this from wire shark. Still undergoing testing. But it tell you the current internet connections and seem promising. You can block the suspicious IPs using xposed framework called peerblock (look into the xposed mod index). Needless to say but I think blacklisting google would be perhaps make you life considerably old-fashioned esp if your plugging the google 'backdoor' access they provide to 'he-who-shall-not-be-named' organizations.
Browser: im using the native AOSP browser. Firefox would be a better alternative in my opinion to chrome or others. I wish we had chromium for android.
Quickpic: using it instead of the native gallery after i found that it was connecting to the internet.
Calander: using the native AOSP calander but deleted the calander sync cause i try to avoid relying on google too much. selectively Denied internet permission.
ES file manager: a very complete tool. root explorer with checksum built-in. denied internet permissions.
TextSecure : Using this for standard texting because it seems to offer more encryption that any other texting app at the moment. Plus its going to be the default messaging app in Cyanogen ROMs in the future. Offers One-Time-Pad system encryption which is encryption theoretically secure (what that means for the common man is that this encryption is the only one that has stood the test of time to be unbreakable of used properly. All other encryption systems rely on the fact that the decrypting systems used to 'crack' the encryption lag behind the algorithms. Lets hope the devs did implement it properly)
Remove Google from CM10+ ROMs : http://www.xda-developers.com/android/remove-the-google-from-cyanogenmod-with-freecygn/
"Not every user particularly cares for Google’s proprietary bits and its tendency to put them everywhere. As such, XDA Senior Member MaR-V-iN has created a script to clear out Google proprietary binaries from all CM10+ ROMs. Freecyngn disassembles the CyanogenMod settings app and replaces Google Analytics library with the free NoAnalytics. The whole process doesn’t break the Settings app, and turns your device into one that is Google-free"
Click to expand...
Click to collapse
Thanks to @SecUpwN for the site: www.prism-break.org As you will see by visiting this site its not secure but just a list of more open-source projects.
I dont use a lot of google products like gmail or chrome or maps but i would like to minus the uneasiness that i have using it. And i dont use public wifi at all. The great things in life are hardly ever free!
Needless to say but i use CM 10.1 since its well developed and open-source. Looking forward to omniROM by chainfire and other great devs. I do believe we need some serious stenographic programs for android because encryption alone is not the way to go. Maybe they will take this more seriously. This remains a work in progress. As always hit thanks if it helps.
CM is now for profit. It's CyanogenMOD Inc. Anyway, this is a pretty naive approach, IMHO. You want to keep something secret you can't tell technology about it. Check out "Schneier on Security."
where did you download "network connections" from?
@aejazhaq: See www.prism-break.org!
runwithme said:
where did you download "network connections" from?
Click to expand...
Click to collapse
I downloaded it when the dev was giving the pro version free for a limited time to XDA members. How ever its available on the play store...https://play.google.com/store/apps/details?id=com.antispycell.connmonitor&hl=en
SecUpwN said:
@aejazhaq: See www.prism-break.org!
Click to expand...
Click to collapse
Yes i cam across that just a week ago. It seems to me as my knowledge progress' that the apps available are just to keep the selective data eg your mails private if you use APG with that. @pan.droid I think anything on your device is still as vulnerable as can be honestly and don't think, at least as of now that you can protect your data on you device with any satisfactory means, at least not yet. I'm interested in stenographic means more now than ever because I think encryption alone wont cut it esp keys generated on the phone; the prime numbers needed for a foreseeable future (3+ yrs) protection are elusive on the phone, perhaps the PC can do a better job, but again with its fallacies esp with emails being stored in the cloud permanently means that there's an expiration date on such material you choose to share. And given it lacks forward secrecy and anyone using PGP in emails is definitely shouting encrypted msgs being transmitted perhaps arousing more suspension and the subsequent package.
Thus I do agree the list is currently very naive but perhaps the best we can do at the moment. Thats why I'll leave people to share their opinions on this because this is perhaps an ongoing discussion.
I'm really interested in a contacts replacement. I hate the new style google version but I don't trust ANYTHING free from the app store. They all download your contacts!
You didn't mention AFWall+, the iptables firewall I consider instrumental in blocking most phone home attempts.
SecUpwN said:
@aejazhaq: See www.prism-break.org!
Click to expand...
Click to collapse
Actually, pretty great site!
pan.droid said:
Actually, pretty great site!
Click to expand...
Click to collapse
You're welcome. If you're interested in security projects, have a look!
I'd totally jump on board with that, but all I have is a WI-FI tablet, ATM. Great activist project for anyone serious about security.
pan.droid said:
I'd totally jump on board with that, but all I have is a WI-FI tablet, ATM. Great activist project for anyone serious about security.
Click to expand...
Click to collapse
Sadly, our project is missing real security enthusiasts and DEVELOPERS. Do you know anyone I should get in touch with?
I use "Keepass2Android Offline" to manage my passwords. This "offline" version removes Internet access permissions which I consider essential for security of my database.

Android to PC text based communication

Hi!
(Disclaimer: I do not have a degree in CS or SE yet, and my knowledge stems from high school and some freelance work. I have coded a few programs and an app before, Though I might have some methods / ideas that would look horrible to you. If such is the case - Please tell me! I am still learning and might sometimes go a certain rout which works but is completely "wrong" regarding coding standards. (For instance: I have a note taking app which saves its content in a text file, which i am pretty sure is not how any other app works)).
My question:
I am in the process of coding an Android app, which needs as a part of the service it provides to send certain messages (text only) to the app users PC (one way).
I would like to use some sort of central service, since in my understanding of routers and IP i'd have to have the user set up port forwarding if his PC is behind a router (which'd be complicated for most users) (If this is untrue and using an IP based solution would be better/simpler then please explain how so).
The first solution i have devised (Which i would very much like to avoid) is to use a third party service (such as Pushbullet) as a means to transfer the messages without paying for any services myself. This is less convenient since (to my understanding) I'd have to name the app "X for Pushbullet" and might have some legal trouble, and also would be dependent on a third party.
The second solution I've thought of would be to host (as in pay monthly for hosting on a server) an online DB with usernames and messages (the message table containing a column for what user sent the message as well), and a local program (written in C# or Python probably) on the target PCs which searches the DB every X interval for new messages for X username. This seems like it would work, though probably isn't the most graceful way to go about it.
Would really like to hear how a more experienced programmer would tackle this problem!
Thanks a lot in advance!

p=p. any one know how it works?

Found something new to me
https://prettyeasyprivacy.com/
Email encryption easy...
Found On fdroid under k9/p=p
Claims it works with your existing email account
But I have not found out how it works yet
Our how the foundation is set up.
And that's the kind of thing I like to know before I install
Anyone have any experience with them?
Personally, if you are looking for encrypted email... I'd choose Proton Mail any day of the week over p=p.
p=p just doesn't seem anywhere near the security of Proton. But that's just my opinion. Test it out and let us know how you like it. It's always nice to have options!
I'm just not at the point where I want my email provider to supply my email program.
Don't get me wrong it's not a bad idea..
(I like that it's open source, that's always good)
But I would much rather have encryption all on me and my device..
And I can pick and choose what provider I'm using.
I don't love the idea of being locked into anything...
nutpants said:
I'm just not at the point where I want my email provider to supply my email program.
Don't get me wrong it's not a bad idea..
(I like that it's open source, that's always good)
But I would much rather have encryption all on me and my device..
And I can pick and choose what provider I'm using.
I don't love the idea of being locked into anything...
Click to expand...
Click to collapse
hey @nutpants , i know you are more knowledgeable than me (and know how to search.lol) but i did find this link for p=p. you can email them i beleive.
https://prettyeasyprivacy.com/integrate/
"err on the side of kindness"
I found the instructions
https://www.prettyeasyprivacy.com/docs
I wish that people would stop hosting instructions online and include manuals with the installs.I mean seriously how much space will it take?
I will be doing some time reading everything carefully..
But would love opinions from everyone else.
Basically it appears to create extradition keys between users of the app automagiclly and then encrypt everything by default when possible.
Much like text secure was doing for text.
Hopefully things like this will become a standard for email.
(With a common method of encryption so no one it tied to just one particular email app)
And we will see more applications that can be used to encrypt mail.
I'm going to do some testing
Well ive done a little testing.
And honesty I'm looking what I see.
Sure this is in early stages and early days.
But it appears that it is as simple as they suggest.
I could even get my least technical buddies to use this email encryption.
I have not seen it try to contact anything except my mail server.
And it does not require contracts out other erroneous permissions (it asks but you can block it and no crashes(at least for me)
It's works automagiclly.
If you exchange emails with someone who is using pep (I think it's stupid that they have the three lines between the p's why not just have the E)
It figures that out and starts exchange of public pgp keys.
Art that point your messages title bar have a yellow background do you know encryption is taking place.
After you verify the "code words" with your correspondent (by voice so you verify who you are taking to is who you are really taking to(or any other method you desire)
Your messages get a green title bar do you know encryption is going on with a verified user..
So simple even a grandpa can understand it.
It uses pgp for encryption so you know it's good
Right now it's pretty basic and there are few encryption options
But they plan ad more features as time goes on
I'm liking what I'm seeing and I will do more testing and will keep an eye on this to see how fast it matures.
The only real con at the moment it that there is no way to secure the app from running with a password to keep any one who gets their hands on your device from reading everything.
But that's a little minor..
If someone had their hands on your device, you have already broken the golden rule.
This app is simply a fork of K9Mail with a few icons replaced...
It is definitely a fork.
But encryption had been built in, including auto key generation and key exchanges.
K9 is my daily driver.. And I love it.
But pEp makes encryption simple enough for anyone to use..
(As in my grandmother could use it)
When and if it matures to have all the encryption features most advanced users need
(Like easy key import, export, backup, manual key changes)
It may become my daily driver..
Sadly in the world today, encryption is almost mandatory.
And pep is on the way to make that easy for everyone.

EDITED [Q] Why is /u0026 in the names of my apps? How am I being hacked & tracked?!? Total N00b needs help!

Scrolling through the apps installed on my phone, and it is hit or miss on which of the Android and/or Google apps have \u0026 in the middle of their names. Not all, but it seems the important ones do, that downloaded and installed in the middle of the night hours or days after the initial purchase and set up of the phone. Isn't Gmail, Chrome, Android Web View, Device Unlock, Calculator, Device Health Services, and most Google services already installed in Android phones? It's even in some of the apps I installed later on, but not all. I have looked it up, both here and using different search engines. Not too excited with the results, nor do I have the IT brains to understand all the jargon. Would someone here please explain it in layman's terms? BTW, I know I have been hacked/tracked by my ex for a while now. Would \u0026 happen to be a way to remote access and monitor my phone usage?
EDIT: Nothing was synced to old phones, devices, or accounts. This isn't the first new device he has gained access to. There have been several brands and models, phones and laptops. Your guess is as good as mine, and the police, as to how it is being done. Sometimes he leaves "<rooted>" on the screen or turns on 911 only it locks up the phone a few hours after bringing it into the house. He works in the tech industry. No, this isn't my device I've asked this on. This really hasn't been as fun as it sounds.
Thank you all in advance!
I will put my tin foil hat on while anxiously waiting your replies.
(I know, funny not funny. Either has been having to live with his BS.)
Checking back and bumping. There was just one reply on another thread. Please, someone has to know of this Google and Android system hacking apps combo floating around in Google Developer and Firebase. It's a real thing, and my nightmare now. I will not censure if you developed it or are using it on someone other than me. However, I beg you to reconsider if you are. There are days that I feel that worrying about the safety of my kids and if he does show up somewhere I'm at with a grudge to settle is too much to handle. Not everyone has the ability to get through that. I did not deserve his controlling abuse when we were together and there seems to be no way to get out from under his thumb currently. The local cyber cops have been of no help. They either do not believe this happening, these types of apps exist and what they do are possible (One said, "Those kind of things are just in James Bond movies"), or they think there is no imminent threat because there aren't bruises and the little I do have in the bank has not been touched after closing and opening numerous accounts to keep him out. I make just enough to support my kids and myself. Banking, online shopping, and social media are impossible, and the time is now spent trying to end this on my own. Please, help is needed. One of the members on here has to know what the hell this is.
Thank you again.
ripppani said:
\u0026 seems to be the escape sequence of the Unicode character &. \u0026 cannot do any damage by itself, but it can be and probably is a result of incorrect encoding or decoding of text strings, which in turn could be caused by hacking. If you don't know what Unicode is, here is the Wikipedia article.
I am not sure whether the "<rooted>" really represents that the device is rooted, but you generally don't want someone untrusted to root your device, as rooting it allows the one who rooted it to have unrestricted access to the device.
Click to expand...
Click to collapse
He has had remote unrestricted access to my devices. The <rooted> is one of his reminders he is there, as well as <bootloadermode>, or the locking up or turning on 911 calls only. This hasn't been fun, either having it happen en use or waking up to it. I do not allow this. New devices, new Google accounts, never syncing, and never logging into old accounts. However, no one seems to be able to figure out how he gets into new devices once they enter the house. New routers, modems, entire internet accounts, he still weasels his way in. The hacking apps are Google Developer based, this I know. Try getting info on that out of Google without a warrant. Cyber cops have brushed this under the rug since there has been no physical or financial harm, as of yet.
He lived with me when we were dating. Is there a device that may be in my home that could hi-jack my wifi, allow him to sign into my device, and show it as my device while VPN-ing an address even after all the changes? (I seems to travel all over the place on occasion according to my IP addresses that show up) The location tracking and call/text monitoring is real, as he has shown up or had let things said in my private (ha!) conversations with others slip. Of course he has nothing to do with this. (ha! again)
Any help or input on this would be greatly appreciated. I have looked things up at the library until my eyes bled. I can only comprehend so much without an IT background. I do not have the money for a cyber forensic investigator, and I know the local police probably have me on the Crazy Crying Wolf list. Which is just as embarrassing as knowing that having a complete lack of privacy in my life is a total nightmare.
Thank you again.

Categories

Resources