Database Info

Password Protected Recovery

Is it possible to implement a password into recovery.img (like cyanogens or JF's) So that not just anyone could wipe the phone if they stole it.

Good question.

I only bring this up because I have had my phone stolen and it was locked so Im sure they wiped and also I am trying to make my phone as secure as possible for this next go-around I have already Moved my apps like "MobileDefense" and "Sim Checker" to "/system/app" Which makes them unable to be uninstalled by any thing other than a wipe. So I figure if the Recovery was locked It would completely solve my issue and I would be able to get my phone back no matter what unless it was broken.

i would like this, i am always parannoid that something bad is gonna happen like i lose my phone or someone steals it. this would mean a wipe would be impossible, and the only way to restart teh phone would be to pull the battery if you don't know the password.
the only issue would be that we would have to have a way to set the password which might be difficult to implement

tubaking182 said:
i would like this, i am always parannoid that something bad is gonna happen like i lose my phone or someone steals it. this would mean a wipe would be impossible, and the only way to restart teh phone would be to pull the battery if you don't know the password.
the only issue would be that we would have to have a way to set the password which might be difficult to implement
Click to expand...
Click to collapse
Yes it might be difficult. There could even be a list of preset passwords to choose from (as I doubt anyone from here will be stealing my phone) It would just make me feel better to have the added security.

This would be nice to have, but also just to give you something to think about, what if you forget that password? maybe they should also implement a master password as well, incase of lost or forgotten paswords.
Lost Password = Enter Master password.
which makes it harder to factory reset, but not impossible if forgotten password

insanedrunk said:
This would be nice to have, but also just to give you something to think about, what if you forget that password? maybe they should also implement a master password as well, incase of lost or forgotten paswords.
Lost Password = Enter Master password.
which makes it harder to factory reset, but not impossible if forgotten password
Click to expand...
Click to collapse
I would say dont for get it lol. But I do like your Idea about the master password.

nicholasbithell said:
Yes it might be difficult. There could even be a list of preset passwords to choose from (as I doubt anyone from here will be stealing my phone) It would just make me feel better to have the added security.
Click to expand...
Click to collapse
I like the idea about having a password but I don't agree with having preset passwords because all the perp has to do is go on here and find them out. Lol.

nicholasbithell said:
I would say dont for get it lol. But I do like your Idea about the master password.
Click to expand...
Click to collapse
Thanks, i had a phone that let me set two passwords before, incase i forgot one, i for sure knew the other one.

preset passwords is a bad idea and so is a master password. i guarantee you that if the person found a G1 or stole it they would run a google search and find XDA. xda is the #1 source for all HTC phones, i found an 8525 and when i needed to learn anything about that i got on google and searched for stuff. 9/10 times this site was the first result. i would think if we were to implement this then we would have to have a walkthrough for people to build their own recovery image and set their own password. this would be a little difficult but it seems to be the only way to do this.

tubaking182 said:
preset passwords is a bad idea and so is a master password. i guarantee you that if the person found a G1 or stole it they would run a google search and find XDA. xda is the #1 source for all HTC phones, i found an 8525 and when i needed to learn anything about that i got on google and searched for stuff. 9/10 times this site was the first result. i would think if we were to implement this then we would have to have a walkthrough for people to build their own recovery image and set their own password. this would be a little difficult but it seems to be the only way to do this.
Click to expand...
Click to collapse
I see your point, but i think i didnt explain myself correctly, the master password can be set by you (the enduser), sorry i misslead you guys.

tubaking182 said:
preset passwords is a bad idea and so is a master password. i guarantee you that if the person found a G1 or stole it they would run a google search and find XDA. xda is the #1 source for all HTC phones, i found an 8525 and when i needed to learn anything about that i got on google and searched for stuff. 9/10 times this site was the first result. i would think if we were to implement this then we would have to have a walkthrough for people to build their own recovery image and set their own password. this would be a little difficult but it seems to be the only way to do this.
Click to expand...
Click to collapse
I suppose that is the only way to go! I hope a Dev can help us out with this!

The problems I can see are that the recovery environment has no place to store files, it's read only. You'd have to build an image with the password hardcoded somewhere. The other issue is that if you have rooted your phone, you probably have installed an SPL that has fastboot, so getting into your device would be trivial.

cyanogen said:
The problems I can see are that the recovery environment has no place to store files, it's read only. You'd have to build an image with the password hardcoded somewhere. The other issue is that if you have rooted your phone, you probably have installed an SPL that has fastboot, so getting into your device would be trivial.
Click to expand...
Click to collapse
I understand but when you say "trivial" I assume you are referring to someone who has and idea of how to Hack the phone, But I assume that the person who steals it is not going to have the smarts to do all that without me first being able to track my phone. I just want alittle extra security.
The other part, the "Hardcoding" I do not really understand, I assume it means built in?

He means the password (or possible passwords) would have to be coded into the recovery.img that is on your phone. Meaning, either you would have to assemble it yourself, or the developers would set the password (or passwords, if given a choice) for you. Which would also mean that anyone would be able to search on here (or other sites) and find the possible choices for passwords for a given recovery image. Thus... security... fail..

daveid said:
He means the password (or possible passwords) would have to be coded into the recovery.img that is on your phone. Meaning, either you would have to assemble it yourself, or the developers would set the password (or passwords, if given a choice) for you. Which would also mean that anyone would be able to search on here (or other sites) and find the possible choices for passwords for a given recovery image. Thus... security... fail..
Click to expand...
Click to collapse
You *could* store it on the data partition, I guess. Would just have to mount it to check for a password file.

put pwd in the recovery partition is better~
we can have a defalut password then we can change it in recovery mode
with google latitude it will be awesome~~~

So... Cyanogen I think I hear donations coming your way for this one... haha jk
That is if your willing to try, Im not assuming you are going to.
But your recovery would be the one I would want it to be on.

i would donate on that

Can you use fastboot to actually get data from the device? I thought it's only there to flash images. I mainly am for the password in recovery to prevent someone from dumping my data to an SD card.

Nandroid Backups For All....

Ive looked through the site and found nothing about this, so i was thinking last time i made a nandroid backup,Could we instead of flashing roms just restore each others nandroids thru recovery and list all the features of the backup and put them up in a post sort of like the rom wiki? Then EVERYONE could definately find a setup they liked....just a thought. I dont have someone else's phone to test it on. Or are the number names on the nandroid backup files system specific? Any answers or info would be greatly appreciated. I think this would be cool if it works because we'd have so many choices of setups if ppl put theirs up,and it would eliminate bootloop,time for flashing roms and any extra addons. Then you can continue adding to or removing from the restored nandroid backup if you wish, or you could just leave it.

this is how the moto droid guys flash their roms. seems like ours would work...

I too have been thinking about this...

Only Problem is that is stores /data
And that is your settings and passwords for any apps you have used or market sign in etc
Also of you had any paid apps you would also not have to have those installed or the other person would get them and that would be considered warez and just flat out suck for the Devs that make them
You would have to nandroid right when you flash the update before you setup any passwords.
Or you could remove the /data part but then more than likely it will FC on multiple apps

Just A Thought.....
I think if we put up a repository for ppl do upload their fav. setups with the following specific information:
1)Rom name and version
2)Kernel if changed
3)Apps and System apps might be alot but nice
that we could all benefit and see some of the things other ppl are doing with THEIR roms. It would give the ppl like me who get flash crazy rather quickly many more options. We could just label them starting with NAN RECOVERY#1, with all the details and then go from there....

you could skip the sign in the beginning and customize and upload, minus paid apps and stuff, that way your contacts and google log in wouldnt be stored. but yea it would work
edit: guess it wont work. haha

zippy-man said:
Only Problem is that is stores /data
And that is your settings and passwords for any apps you have used or market sign in etc
Also of you had any paid apps you would also not have to have those installed or the other person would get them and that would be considered warez and just flat out suck for the Devs that make them
You would have to nandroid right when you flash the update before you setup any passwords.
Or you could remove the /data part but then more than likely it will FC on multiple apps
Click to expand...
Click to collapse
i was just thinking the dev could make a nandroid before they sync anything... restore any warez
MagnusRagnarok said:
I think if we put up a repository for ppl do upload their fav. setups with the following specific information:
1)Rom name and version
2)Kernel if changed
3)Apps and System apps might be alot but nice
that we could all benefit and see some of the things other ppl are doing with THEIR roms. It would give the ppl like me who get flash crazy rather quickly many more options. We could just label them starting with NAN RECOVERY#1, with all the details and then go from there....
Click to expand...
Click to collapse
everytime i try to rename a nandroid backup i cant get the phone to restore it...

This won't work, I've tried it. Ask me how? Well two of my Hero's died on me but thankfully I was still in the 30 day warranty period both times. Anyways everytime I've tried to restore my old settings from my previous phone but it won't take because it's a different serial number. I managed to get around that but once you flash the rom and boot up the phone EVERYTHING force closes on you. Even if you DO NOT have passwords/logins etc... There is your answer go try for yourself if you would like but don't say I didn't tell you.
~Danny

dmc971989 said:
everytime i try to rename a nandroid backup i cant get the phone to restore it...
Click to expand...
Click to collapse
NO spaces. Make sure there's no spaces in your backup name, use dashes or underscores instead

Hmmm.....
zippy-man said:
Only Problem is that is stores /data
And that is your settings and passwords for any apps you have used or market sign in etc
Also of you had any paid apps you would also not have to have those installed or the other person would get them and that would be considered warez and just flat out suck for the Devs that make them
You would have to nandroid right when you flash the update before you setup any passwords.
Or you could remove the /data part but then more than likely it will FC on multiple apps
Click to expand...
Click to collapse
Thanks for the feedback,i did think this through way before posting. I would have become aware of those issues if i had someone else's device to test this theory.maybe if you want to upload you get your setup and set up your apps and then nandroid before you add your paid apps to your own setup. The benefit would still be the same, there are more good free apps that i use than paid anyway. So we would not be using warez and taking money from devs,and then just log into your own google account. That SHOULD work....

danimal_01 said:
This won't work, I've tried it. Ask me how? Well two of my Hero's died on me but thankfully I was still in the 30 day warranty period both times. Anyways everytime I've tried to restore my old settings from my previous phone but it won't take because it's a different serial number. I managed to get around that but once you flash the rom and boot up the phone EVERYTHING force closes on you. Even if you DO NOT have passwords/logins etc... There is your answer go try for yourself if you would like but don't say I didn't tell you.
~Danny
Click to expand...
Click to collapse
you couldnt rename it to the correct seriel number?

If I had another hero i wouldve tested BEFORE posting....
danimal_01 said:
This won't work, I've tried it. Ask me how? Well two of my Hero's died on me but thankfully I was still in the 30 day warranty period both times. Anyways everytime I've tried to restore my old settings from my previous phone but it won't take because it's a different serial number. I managed to get around that but once you flash the rom and boot up the phone EVERYTHING force closes on you. Even if you DO NOT have passwords/logins etc... There is your answer go try for yourself if you would like but don't say I didn't tell you.
~Danny
Click to expand...
Click to collapse
Date them with dashes and it will work, i do it every time to keep track. I still need another hero to test the serial number thing since you actually just named your backups the wrong way. So those results wont work. Because if you had named them the right way your results wouldve been different. Also we wouldnt change the exact backup name, we would title and then link to the file....thanks for reporting your experience

danimal_01 said:
This won't work, I've tried it. Ask me how? Well two of my Hero's died on me but thankfully I was still in the 30 day warranty period both times. Anyways everytime I've tried to restore my old settings from my previous phone but it won't take because it's a different serial number. I managed to get around that but once you flash the rom and boot up the phone EVERYTHING force closes on you. Even if you DO NOT have passwords/logins etc... There is your answer go try for yourself if you would like but don't say I didn't tell you.
~Danny
Click to expand...
Click to collapse
Danny, I too had to swap out my Hero and for the hell of it restored a Nandroid backup from my original phone. However, unlike your experience, I had no problems with force closes. The only thing that happened was that Gmail wouldn't send properly. I fixed that by wiping the Gmail cache. I don't think that issue is specific to restoring a Nandroid from a phone with a different serial number though as I've read others having the same problem on occasion. Also, assuming we'd be sharing backups that don't contain personal info on them, this Gmail issue would be unlikely to happen.
In any case, I like this idea. Perhaps we should be checking out how the Droid folks are doing this (as someone else pointed out). They might've worked out the kinks in this Nandroid sharing plan.

Any One Care To Help Me Test?
If anyone would care to help me test my idea,so to maybe get something going on the site for everyones benefit who like my idea and want to flash these backups, I will test someone elses if anyone is willing to send me one or a link to one;please leave the numbers unchanged for accuracy,or i can send someone one of mine becuase i have many from 1.5 and 2.1 with several different rom and theme setups that i would be willing to share to test out my idea. Anyone interested please just pm me...Thanks

MagnusRagnarok said:
If anyone would care to help me test my idea,so to maybe get something going on the site for everyones benefit who like my idea and want to flash these backups, I will test someone elses if anyone is willing to send me one or a link to one;please leave the numbers unchanged for accuracy,or i can send someone one of mine becuase i have many from 1.5 and 2.1 with several different rom and theme setups that i would be willing to share to test out my idea. Anyone interested please just pm me...Thanks
Click to expand...
Click to collapse
ill try it out (ill be reflashing in a bit anyways)... so if you want to send me a blank nandroid (no contacts,Gmail,etc) then ill give it a shot and report back

I'll test it. just pm me the link. but I already know it works

MagnusRagnarok said:
Thanks for the feedback,i did think this through way before posting. I would have become aware of those issues if i had someone else's device to test this theory.maybe if you want to upload you get your setup and set up your apps and then nandroid before you add your paid apps to your own setup. The benefit would still be the same, there are more good free apps that i use than paid anyway. So we would not be using warez and taking money from devs,and then just log into your own google account. That SHOULD work....
Click to expand...
Click to collapse
That would work and would kind of be cool if it did
But the only problem is that I don't think many people would actually do it.
Oh I forgot too if you want to download apps you gotta sign into the market first

zippy-man said:
Oh I forgot too if you want to download apps you gotta sign into the market first
Click to expand...
Click to collapse
Or you can pull the apps you use on your current ROM and push them back via ADB on the clean ROM. Kind of a hassle though.

ive done it, it works, just save the nandroid backup folder ie. BCDMRS-date-3463, inside the folder ie. /sdcard/nandroid/HT02yourphone/ with the rest of your backups.
then recovery, backup and restore, nand restore and select the backup u saved.

Thanks
phonetec said:
ive done it, it works, just save the nandroid backup folder ie. BCDMRS-date-3463, inside the folder ie. /sdcard/nandroid/HT02yourphone/ with the rest of your backups.
then recovery, backup and restore, nand restore and select the backup u saved.
Click to expand...
Click to collapse
You are awesome. Thanks for the info.

[Request] Someone willing to do me a favor & modify this app?

Okay, here's my situation. I have a ton of numbers in my address book (well, Google Contacts), and I use this app called Contacts Clean-up to make sure all the formatting of all my numbers are the same and everything. Now the problem is with this application it forces you to format your numbers so they have a "+" before your number (ex. +1-555-555-5555).
I went to use Darch's Legend ROM and for some reason that format of a number isnt supported, it just wont let me call the people. Being that I have hundreds of contacts between Google Contacts & Facebook I need to have my numbers formatted WITHOUT the "+".
Long story short, the app is open source & I was wondering if someone could modify it for me to make an option to not have the "+" in the number. I know someone's gotta know how to do it...
Here's the link... http://code.google.com/p/android-contacts-cleanup/
Thanks in advance.

just take a look at the source yourself. it's pretty clearly outlined when you find
svn/trunk/res/values/strings.xml
i'd do it for you right now... but i can't check out a copy of the source since i don't use linux
but if you look in the strings.xml, you'll see the '+' sign that you want to get rid of clearly. if you're running linux, simply modify the file to delete the + sign and package it back to the apk, i'm assuming. then it should work fine

It just sucks that I'm on my mom's Mac right now.
Any ideas how to do it from here? Or anyone with Linux willing to help a fellow Android guy out?

i'm not sure if it works on a mac, but give it a try anyways!
just go to terminal and enter
Code:
svn checkout http://android-contacts-cleanup.googlecode.com/svn/trunk/ android-contacts-cleanup-read-only

To do it on a mac you would first have to install macports, and then run:
Code:
sudo port install subversion
After that you would then be able to check out the source.

Damn I'm on my mom's computer right now... I can't really install anything.
Ughh. Could anyone possibly try to do this for me if its not too much trouble?

I'll see what I can do. I might have some time to do it tonight yet.
Edit:
I have made the edits that are needed. Also, it required a bit more than just editing the strings file. This is obvious to anyone who has experience with Android development since the strings are only for display. As far as getting it to do what you wanted, that was just a few quick edits to the Formatter class.
PM me for a link to the .apk to install it. (I'm a new user, so I can't post links.) Just download it OTA. You will need to enable unknown sources in order to install it.

bbene said:
I'll see what I can do. I might have some time to do it tonight yet.
Click to expand...
Click to collapse
Thank you so much! You don't know how badly I need this.

this should work for you...also i put in a section so that if you had used the other one by mistake and it put the + in front of your numbers it will remove the +... USE AT YOUR OWN RISK, tested with 10 differently formatted contacts all were formatted correctly after running it

venumx said:
this should work for you...also i put in a section so that if you had used the other one by mistake and it put the + in front of your numbers it will remove the +... USE AT YOUR OWN RISK, tested with 10 differently formatted contacts all were formatted correctly after running it
Click to expand...
Click to collapse
Ditto. Lol.

venumx said:
this should work for you...also i put in a section so that if you had used the other one by mistake and it put the + in front of your numbers it will remove the +... USE AT YOUR OWN RISK, tested with 10 differently formatted contacts all were formatted correctly after running it
Click to expand...
Click to collapse
Thanks so much, about to try it out.

IT WORKED! Thank you so much! You dont know how much this is gonna help me.

np glad it worked

You're welcome, even though you didn't use mine lol.

bbene said:
You're welcome, even though you didn't use mine lol.
Click to expand...
Click to collapse
Wow, sorry bout that. I completely missed your post.

bbene said:
You're welcome, even though you didn't use mine lol.
Click to expand...
Click to collapse
haha my bad bbene didnt realize you were working on it till i went to post it! you didnt attach yours to your post

It's OK. I just know next time to post a new reply to myself rather than editing my post.

Regardless, thanks to both you guys.

glad you guys got it working. sorry i couldn't do it for ya!
isn't open source awesome, guys?

especially when its as readable as that code was...

[APP] Autowipe - For those with Froyo

Autowipe is back!
Greetings all,
As most of you probably know, Froyo (2.2) includes new phone wiping abilities. I've been working on an app to take advantage of this new feature and I'm excited to let others see it.
Unfortunately for me, I do not have a Froyo Phone! I am looking for some of you very nice people with N1s or Droids that have 2.2 installed to help me out with testing, as the Emulator can only go so far. Most importantly, I'm interested in seeing if the "Subscriber Id changed" action works when removing/changing SIM cards.
Quick description: Android 2.2 (Froyo)+ includes a new administrator feature. The administrator must be enabled by the user before it can perform its actions. This application focuses on the memory wipe feature of the administrator. If your device gets lost or stolen you can set up this application to automatically wipe the memory in the following conditions: failed passwords to unlock screen, SMS password received, subscriber ID changed (SIM card).
Screenshots and APK attached below.
Thank you very much!
Update 05 March 2011:
* Integrated a Test Mode into the app.

Don't mean to be a downer or anything but isn't this what Mobile Defense and WaveSecure do already?

PhantomRampage said:
Don't mean to be a downer or anything but isn't this what Mobile Defense and WaveSecure do already?
Click to expand...
Click to collapse
I don't think that those two programs are updated to work with the admin froyo settings, it's actually what is trying to accomplish.

PhantomRampage said:
Don't mean to be a downer or anything but isn't this what Mobile Defense and WaveSecure do already?
Click to expand...
Click to collapse
But neither of those apps are free or are supported outside the US as far as I know.

gatsu_1981 said:
I don't think that those two programs are updated to work with the admin froyo settings, it's actually what is trying to accomplish.
Click to expand...
Click to collapse
You can at least set WaveSecure as admin, don't know about Mobile Defense. But still, keep up the work!

i really like this app bro. So when you say wipe, does it restore factory settings? or does it literally wipe everything so that u have to restore via adb or something?

Indeed, my intention is to release it as a free app on the Market to all locations.
adam18488 said:
i really like this app bro. So when you say wipe, does it restore factory settings? or does it literally wipe everything so that u have to restore via adb or something?
Click to expand...
Click to collapse
Thanks for the compliments. According to the documentation it never specifically says "factory reset" but I'd guess that is what it is doing: Ask the user data be wiped. This will cause the device to reboot, erasing all user data while next booting up.

adam18488 said:
i really like this app bro. So when you say wipe, does it restore factory settings? or does it literally wipe everything so that u have to restore via adb or something?
Click to expand...
Click to collapse
now that would be nice.... both phone and SD at that. That way if you get someone smart enough to track down how to bring up the bootloader and restoral menus, they won't have anything to work from....

Any update in this project? its really promising. A free alternative to only payed remote wiping software on market.

Keep up the good work bro.
This is an excellent alternative, eh?
Can you please give us a version with "SIM"?
Thanks.

JHPadu said:
You can at least set WaveSecure as admin, don't know about Mobile Defense. But still, keep up the work!
Click to expand...
Click to collapse
how do u set wavesecure as admin? read something about you can remotely activate gps! how?
I have wavesecure and root access

Hello all, sorry I was away for a bit there. Good news, I've just posted a release to the Android Market. I will update the original post shortly.
Search for Autowipe on the market if you can. Feedback would be great! (This version WIPES, it's armed!)

Good work!
Please hide the sms password with ***, add a cursor and perhaps a confirmation with "password set" or something like this.
And most important a test mode would be great. No idea how to test it without wiping hehe

watercool said:
Good work!
Please hide the sms password with ***, add a cursor and perhaps a confirmation with "password set" or something like this.
And most important a test mode would be great. No idea how to test it without wiping hehe
Click to expand...
Click to collapse
Thanks. I'll add those too, good ideas. I was thinking if you forgot your password you could check back and see it but I suppose you could just delete the asterisks and make a new one.
Thanks again!

vesperaNovus said:
As most of you probably know, Froyo (2.2) includes new phone wiping abilities.
Click to expand...
Click to collapse
No, sorry. What exactly?

vesperaNovus said:
Thanks. I'll add those too, good ideas. I was thinking if you forgot your password you could check back and see it but I suppose you could just delete the asterisks and make a new one.
Thanks again!
Click to expand...
Click to collapse
You're welcome. When you need your password and forgot it, it's probably too late anyway hehe

I've posted an update with some of the changes requested. The test mode is a taller order so I haven't been able to do that yet.
xPatriicK said:
No, sorry. What exactly?
Click to expand...
Click to collapse
From the 2.2 Highlights:
Device policy manager
New device policy management APIs allow developers to write "device administrator" applications that can control security features on the device, such as the minimum password strength, data wipe, and so on. Users can select the administrators that are enabled on their devices.
Click to expand...
Click to collapse
Pretty exciting!
As usual I still don't have an actual 2.2 device so please let me know if I did anything silly, like forget to let you enable the app or something

love it.......
ty for ur hard work

Thank you for contributing, one request. Sdcard wipe too...if someone is smart enough they can restore my phone with a nandroid after it's wiped....if it's a smart thief that is

Sorry if I'm suspicious about all this but with would you need network access for your app?

Android Rom and Banking Fraud?

Hello to all,
first of all forgive me if i am in the wrong forum. Second I am not an authority with ROMs and developing. I can flash a new ROM and follow guidance easily but that's it. Up to that.
I will tell you my scary experience with a specific rom which i installed a couple of days ago on my S3. First off all this post is not suppose to be rude to anyone or anything. I am telling you my story and I would appreciate your input as you are the experts.
3 days ago I installed the MIUI (http://miuiandroid.com/community) ROM on my S3.
As soon as I turned the phone on to run it for the first time I went to the typical set ups but then I noticed something.
On he top right corner of the status bar the a green phone icon appeared meaning that the phone was automatically set on "Call-diverting" .I dint pay any attention for about 30 mins as I was setting up the phone.
When I decided to see what the icon does to my sock and horror I realised that my phone was pre setted to call diverting automatically to a specific mobile number in the UK.
I quickly disabled the call diverting and dint think anything more. All of that happened around 12:30 in the afternoon (pay real attention to the times here).
about 10 minutes later I was at the office. around 2 hours after that I got a text message from my Bank to call them about a suspicious money transfer.
I called the bank and the told me that a few minutes earlier someone attempted to transfer 2000 pounds from my account. Of course my on-line banking was frozen and I was lucky not to loose the money.
Now, during these two hours my phone never rang just the text message from my bank. The bank security employee told me that it looked suspicious to them because whoever was trying to transfer the money asked for the 4 digit number via the automated bank security system to be diverted to another mobile number. The bank advised me to call my mobile carrier as I did.
The mobile carrier , when i talked to him, confirmed that someone called them and accessed my account by giving them all the right info, and requested that every time my phone was out of coverage all calls to be directed to another mobile!
have you guess what was the other mobile?? It was exactly the same mobile number as the pre-set on the ROM which I had installed 3 hours earlier!
And my bank confirmed that the same mobile was used in order to get the 4 digit pin.
I was shocked to say the least!!
When after a few minutes I managed to talk to my girlfriend , she told me that she was calling me earlier for about an hour. These phone calls never made it to my phone. As the phone was pre-setted to call diverting it was ringing to the diverted phone and not mine.
It is obvious that as I do mobile on-line banking and I access my accounts from my mobile (as many do), somehow they managed to get all the information about me and I am suspecting dodgy applications on my phone. I hope I am wrong but this experience has really shocked me.
I love android phones I love what you developers do but I am after you opinion in this one.
I am not here to offend any developers but to have a genuine answer and a sensible discussion about this issue. I am not a kid I am professional and this experience has really made me think twice about smart phones.

nice.! install only trusted ROMs with a lot of feed back
Sent from my GT-I9100 using Tapatalk 2

jowett69 said:
nice.! install only trusted ROMs with a lot of feed back
Click to expand...
Click to collapse
the miui-rom made by miuiandroid.com is a "trusted rom with a lot of feedback" and has a long history and a community with over 50.000 members.
mtdgr said:
I am suspecting dodgy applications on my phone.
Click to expand...
Click to collapse
i think you're right, it wasn't the rom but some malware-/spyware-app.
assuming your phone was rooted, it would be easy for an app to do all kind of bad stuff once it got root-privileges, eg hiding on your sdcard and spying your data and after that establishing the call-divert to catch the 4digit-pin and the rest would be history.
only thing you could do is think what questionable apps with root privileges you installed in the last days before this happened, try to get a copy of it and have a closer look on it, maybe installing it without a simcard inserted or with a simcard without charge on it, to see what happens...
a big piece of luck would be some kind of log from about 1230h to see what established the call-divert, but if i would do such app i would ensure to delete all logs with traces afterwards, but who knows?
though, all of that are just the ideas that came to my mind as i read your post...
good luck for the investigation, would be interesting to know if you could get any information about what happened, so keep us updated, ok?
greetz,
sUsH

It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.

some ideas
mtdgr said:
It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.
Click to expand...
Click to collapse
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist

fluxist said:
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist
Click to expand...
Click to collapse
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?

oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?

mtdgr said:
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?
Click to expand...
Click to collapse
did you wipe your internal and external sdcards too? how did you wipe? cause it depends where the malware was hiding, if it is erased now or not.
a simple, yet powerful firewall is droidwall. you can find it in the market. put it in whitelist-mode and allow only the stuff you know. but droidwall controlls "only" internet-connections (wifi and 3g or such). for full controll over every permission of every app and connection of your phone you sohuld use pdroid, but i don't know if that's really necessary, though i understand your fear. but if someone really wants to harm you and has some knowledge, there are always ways, i think...
mtdgr said:
oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?
Click to expand...
Click to collapse
not really, think of those apps you can use to root your device. think a bit further and one could make an app that roots your device and afterwards does the stuff it wants. but seriously, though it is possible, who would do that to you? that's what you should think about...
greetz,
sUsH
ps: cause you did a wipe, there's no possibilty of going through some logs, sry. (though this too depends on the way you wiped and what exactly you wiped...)

I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app

mtdgr said:
I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
sry, then your try to get rid of the problem also got rid of possible evidence. just try to forget it and be more careful in future with suspicious apps from questionable sources and similar.
greetz,
sUsH