[Q] Locking phone on specific message (app idea) - General Questions and Answers

Hello everyone !
My question is about (Android) an app that would lock the phone if it receives a specific type of message. (Mostly in any case of stolen or lost phone)
I know those apps exists in many kinds. But the thing I imagine is a really "powerful" app, that would lock everything, disable almost everything (screen too), every buttons (even power button so it won't be switched off), etc. But yet it lets GPS on, and for example, it sends messages every 2 minutes with the exact location.
Plus, I suppose it will be recommended on phones without removable batteries. The only way for the "robber" (if there is one) is to know how to access recovery, etc.
The phone can be reactivated by another specific message, I suppose, but that's not the point. The subject is more about locking the phone to its maximum.
The thing is, I don't know anything about coding on Android, that's why I tell you this. And also, I suppose it will need root access to disable all those things, so it will be even harder, even if I wanted to create the app ...
Do you think such an app exists (or could be created) ? Can you inform me a bit more about this ?
Thanks everyone !

Up, anyone ? ^^'

Related

Phone Security/Encryption/Protection against loss or theft?

Hi guys, im fairly new to the WM scene, but have finally customized my Xperia X1 to be just how I want it.
This brings me to this question about security.
At the moment what worries me, is if I lose my phone or someone steals it. They would have access to all my information, my contacts, my software, my emails, passwords and other such personal information that I would rather not give out. Obviously the safest solution would be to leave it in the house, but that's something none of us want to do!
Now I was thinking about encrypting the Internal memory and the memory card so that the files could not be hacked or looked at by prying eyes when connected to a computer for instance. But I couldn't seem to find any software which would do such a thing. I currently use TrueCrypt on my PC which stops nearly everything.
What I really want to do is the following:
1. Password the device.
2. Encrypt it, so that the files cannot be taken off or read.
3. Automatic password lock after 1 minute.
4. Stop files being accessed through a PC (by others of course but not myself).
5. Any other methods people could access the phone with a computer, flashing and such tools to get into them.
I know the memory card has encryption to stop anything other than the device reading the card. But this doesn't work on mine for some reason as I can plonk the card in a reader and get access to all my files in various computers I have tried.
I realize it will never be truly secure but let's be honest. The average thief wouldn't exactly know how to hack into a phone and access it's files.
Now im not fussed if say for instance it was stolen, the thief flashed the phone and used it for themselves. At the end of the day, they've got the phone, wether they are using it or not isn't going to make a difference, but making sure they can't access the files is a top priority.
One of the main programs I worry about is these "Wallet" programs that you can get. They are very handy for storing all your card details and such on, but are they truly safe? That is what I wonder.
Any replies would be really appreciated as I always worry about losing my phone at the moment due to it having no protection!
Are there any suggestions anyone can make to me?
Anyone got an opinons on this? I was hoping for a reply.
Hi vmrmic,
I know that Check Point has a encryption solution for Windows mobile since I work there
http://www.checkpoint.com/products/datasecurity/mobile/index.html
Check supported devices:
www.checkpoint.com/supportedhandhelds
X1 is not up there but it works fine. I have tried it. Officially supported in a couple of weeks
Note that this solution is intended for business and not a one by one installation
If you have more questions find the forum on checkpoint.com since I don't always check this forums.
Regards
Check out Throttle Lock http://www.throttlelauncher.com/portal/
Not every thing your asking for but a great solution
TB

Seek Droid Reviews?

Anyone use Seek Droid?
http://www.appbrain.com/app/seek-droid/org.gtmedia.seekdroid
How's it compare to lookout or prey?
Seems like it's pretty feature rich for $.99 and reviews are good, but it's always good to hear from real, live users directly.
Lifehacker liked it
http://lifehacker.com/5745207/seek-droid-is-the-simplest-way-to-find-your-lost-android-phone
I think its the best, but I'm one of the developers. PM me if you have any questions.
I'm sure you do, but I was going to get some real user reviews here.
Give it a shot, write a review. If you dont like it, email support and we'll make it right.
I'm not sure if we have many people that are on xda using the app (yet). We are a really small company, and unlike our competition, we dont a marketing department to get our name out. Just a few developers trying to put out a good lightweight product. We love to see reviews and suggestions, so let us know what you think.
I can gave you a brief snapshot [after finishing my write up I realized it wasn't so brief]. Note: I haven't lost my phone yet so I've only been able to test it. Also, I have not tested other Droid locator apps so I have no point of reference. I've tested this on a Droid X.
Setup is a breeze. The user is asked to enter a username and secret code. The app goes through a registration process. The main screen of the app (on the phone) is organized as follows: View Website; Your SeekDroid.com Login; View Help; Current Status [Registered]; Your Secret Code; Options for Enabling remote formmating of the phone and SD card; Option for retrieving call history settings; Terms of Service; and Contact Us.
At the Seek Droid website, you're asked to enter your username and secret code. A top line menu appears, as follows: Locate; Alarm; Calls; Hide; Lock; Wipe; Help; and Log Out. Locate does just what it suggests: the webpage sends out a search command and a Google map displays the location. The Alarm options prompts you to type a message to be sent to the phone. Once the message arrives, the message pops up on the phone's screen and it beeps and will continue to beep until the screen is touched. When the screen is touched, you're taken to the slide-to-unlock screen. If your phone is secured with a password, you'll be directed to the unlock screen (pattern or keypad). Calls displays a recent call list. Hide triggers your device to hide the Seek Droid app from you list of apps (in your app drawer). Reboot is required. With Lock, you're prompted to assign a new digit lock code (digits only, not a new pattern lock). Whether your device already has a lock code or pattern lock, the new code is applied. I, for example, have a pattern lock. I changed the lock code remotely with Seek Droid and it changed it to the new code I sent. With Wipe you are given a prompt to ensure that's what you want to do. I did not test this feature. I might backup my SD card and try the wipe feature for that...I'll report the results later if I do.
I've tested the app indoors and outside, with GPS on and off. It finds it every time, usually within 3 minutes. I keep Use Wireless Networks and Enable Assisted GPS activated in the Settings screen on my device. Also, I have an app protector app that locks apps on my phone (along the lines of App Protector). I have Settings locked (requires a password to access). Seek Droid is able to change the unlock code remotely with Settings protected and unprotected.
Naturally, Seek Droid does not find my phone when it's turned off or in flight mode. Seek Droid does not provide advanced user controls like deleting individual apps, turning off/on GPS, remotely turning on your phone, etc.
Locating my phone worked with Internet Explorer, Firefox and Chrome. Javascript must be enabled.
One final comment: I encountered an issue with one of my computers locating my phone. I contacted Seek Droid support and received a response within 1 hour. Very helpful and responsive...kudos to them. After some troubleshooting, I discovered the problem rested with my computer. Seek Droid worked well from every other computers I have access to (rather than troubleshoot the problem with the one computer, I simply won't use that one to log in to Seek Droid in an emergency). So, my advice is to test the app from various computers so you know which one to use if and when you actually lose your phone.
I recommend the app based on my limited testing. I also recommend that you use this in conjunction with a device password or pattern lock (or an app protector app to prevent removal of Seek Droid). You simply want to set up controls so another person can't easily uninstall the app or deregister the device.
Price has now gone up to $1.99 and a bit peeved as I left it until today to get it, losing out 62p in the process
Anyway, after taking an aggggggge (months on and off) trying to configure Tasker to do this unsuccessfully I've now binned that idea and got this instead; setting it up alongside Tasker to receive a specific SMS to switch all the location finding stuff on (I have mobile and wifi switched off by default).
Just liked to echo the above comment in that it is really easy to use and the location is nailed down much better than all my previous attempts with Tasker.
Well worth it.
Wow, didn't notice that. I still hadn't purchased yet either and was going to. I really don't need it, I just wanted to play around with it. I'll just pass @ $1.99 and use the free version of lookout without wipe functionality and spend the $1.99 on a game I wanted or something.
Oh well.
is there a secret code default because i donwloaded the app to my phone online but never set it up
Kicknik: After installing the app and opening for the first time, you will be prompted to enter a username and a secret code of your choosing. Then, it will go through a process of registering your device (I guess it syncs up with Seek Droid). The username and secret code are then used to login to the Seek Droid website in order to locate and lock your device remotely.
My impressions:
Bought and installed a couple days ago on my Lg Optimus One. I am very satisfied.
The program installs very easily, once installed it asks you to choose a login name and a password and to set a few options: there's a few boxes to check, like the possibility to enable or disable the remote wipe of your smartphone.
Once you are done setting up you can access the seek droid website from your phone or from any device with internet access and once you are logged in you can monitor your device position (you can remotely enable gps if gps is disabled), check the last calls that were made from your device, lock your phone or wipe it to factory settings formatting internal memory and sd (of course it asks you for confirmation on the website if you click on the wipe button).
Another useful feature that can be accessed from seek droid website is the "hide" button. Once you press it the seek droid app on your phone becomes invisible (requires reboot) thus becoming even harder to uninstall (anyway even wehn visible the program requires your password to uninstall).
I tried every feature except for the wipe one and i can say it does what it says. Position through gps is accurate and is shown on a mini google map on the seek droid site. I monitored battery consumption and it seems almost unexistent.
In conclusion i think every smart needs a security program like this, and seek droid does better than other similar apps that i had tried before.
First I was using Lookout, but I rly didn't liked that story with the chinese developer that got misunderstood with his wallpaper app because of what Lookout said. Every website was telling ppl to uninstall his app. Lookout got a lot of attention, everyone installed their app and uninstalled the poor chinese app. That wasn't nice :T
Then I went to WaveSecure, from McAfee. I think it's $20 per year.
Never worked on my phone. Tryed the support, even installed a "debug version", but couldn't make it work properly on my HTC Desire. Gave up.
I was looking for another app to replace it and then I met Seek Droid. Was very cheap, no monthly fees and such, decided to give it a try.
Dude, I'm VERY satisfied. It's easy to install, got it WORKING on 5 minutes. McAfee WaveSecure didn't worked for me, but I had no issue with Seek Droid. If I had met it before, could save the $20 I paid to get WaveSecure (I should have tested it first, but saw "McAfee" on it, guessed it works.)
Didn't noticed any abnormal battery drain, I could retrieve the latest phone calls made and received, I could lock and unlock from the website, located very fast (I was using wifi when I tested).
I think that it could report the number of the SIM card and keep the alarm message on the screen, I mean, If I just lose it, I would like to keep on screen instructions to contact me :S
Currently If you "click" on the message, it will go away.
Anyway, I'm another happy customer.
It's very cheap, everyone should give it a try!
seijimaddog said:
Anyway, I'm another happy customer.
It's very cheap, everyone should give it a try!
Click to expand...
Click to collapse
Glad to hear you like it. Dont forget to review us in the Android Market.
I bought it for me (EVO) and my wife (LG Optimus S). Very reasonable price. Easy install and configuration and website control.
We also were using the new Sprint/Assurian TEP app. That has additional features--which I don't want or need (i.e., contacts backup). And, even though my wife's phone also has TEP, their app now says that the subscription has expired--which it hasn't.
I was about to cancel the TEP for her phone anyhow, and this is a nice reminder of why it's a waste for her cheap phone anyhow.
We're happy with Seekdroid and the $.99 price.
sycko,
I have Seek Droid on my Droid and my wife's Droid 2. Love the application. I was wondering if there was a way to get to get Seek Droid to work on my rooted Nook Color? There can be a general location using the WiFi instead of GPS I believe.
Thank you for your time.
How does one set this up? I bought it a while back and never got around to setting it up until today. I launch it on my EVO and it pops up a screen asking for a name and password, and anything I put in it says it's username or secret code is incorrect (obviously, since I've never set up a seekdroid account). I go to the website and it does the same thing. HOW DO I SET UP AN ACCOUNT IN THE FIRST PLACE?
Thanks.
Nevermind. Got it. (Uninstalled and reinstalled and the create account screen popped up.)
Does this work with Google Voice? I don't have text messaging, so thats the issue I have with location/alarm apps
I want to know, what if my phone got stolen and the guy instantly decides to wipe my device clean of any trackers .. will this device still be able to track after such an activity ?
Also, what if the robber doesn't wipe the device clean, but modifies/disables the internet connection on the device ? Or switches to another SIM which does NOT have internet on it ? Will this program still be helpful in any sense ?
Free today on Amazon. Don't know if this is current version, but thought I would pass that along. Clean interface, but I haven't put it through its paces yet.
Great app
I love the app. Very easy to use. I've used it to locate my phone twice.
I just installed mohan's latest ROM for the skyrocket and I am getting a message that seekdroid is not working. Any tips on how to debug. Is there a log of the failure?
I like the ROM, but consider this a must have app.
need a bit of help
sycko said:
I think its the best, but I'm one of the developers. PM me if you have any questions.
Click to expand...
Click to collapse
If seekdroid or something like that was installed on my phone. By my psycho gf. How would I totally remove it????

[Q] Theft Aware vs Cerberus

Hi guys.
Try to decide which to get between these two. It looks quite similar in what they do? Which one would you prefer? Don't matter the cost..they're just worth paying for. Which is better for non rooted phone?
anyone at all?
Never heard of the 2nd one but I am looking for a replacement for wavesecure
The only difference i can see between cerberus and TA is that cerberus can take photo. Apart from that, anything else guys?
Theft Aware saved my phone, Cerberus... hmmphh
[UPDATE] Tested "in the field"
Yesterday night I came to a friend's party and couldn't find my phone, so first thing I tried to dial it and see where I forgot it- went to check the car, but the phone wasn't there. The strange thing was that I was directed immediately to the voicemail, as if my phone was powered off..
Then I noticed my wife's phone has got an sms from Theft Aware, that the sim was replaced with a new number (including the new number). I called the new number, and got no answer but was able (via sms command) to get the phone's location, then I sent an sms to the new owner that I'd like to have the phone back and a number where I can be reached, then locked the phone.
At the same time I tried to operate similar thing with cerberus via their android client which is easy to operate. Nothing happened.
I tried again to call the new owner- he answered- told him I've got his phone number, location and photo (this was a bluff because cerberus did not work). The new owner was so surprised that he immediately offered to bring it back, which he did. I got my phone back after barely 30 minutes.
When the phone was back I checked my mailbox, and noticed that I got a mail from cerberus:
IP address: 109.64.199.59
An unauthorized SIM card has been inserted into your device.
Number: null
Network
Operator: 42502 ()
Subscriber ID: null
SIM card
Operator: ()
Serial: null
This is an automated message, please do not reply.
Nothing really useful...
Cerberus app did take a photograph, though, but it showed my own face back at home- the photo was taken only AFTER I have entered my unlock pattern, so it was no real use.
So, when really needed Theft Aware vs. cerberus: 1-0.
Nowadays Theft Aware is free, bundled with Avast! antivirus and some other bla bla (which can be manually uninstalled), so I just can't see no reason whatsoever why not install this useful program. Within minutes, all Android phone owners in the party started looking for Avast's TA and iphoners started looking for something similar for their own kind
You can probably disregard all the BS I wrote before (below), but whatever...
[OLD][BS]
TA is only sms-based. Perhaps they are working on some web-interface but not sure where it stands (beta stage?).
With Cerberus it is possible to send commands from their website and from a small applet/client (e.g. you can install it in a friend's phone) that is very useful if you don't have a computer nearby. Cerberus can also trigger the cameras, record audio, splash a message+speech in full screen ("Hey, thief! Bring it back") etc. Cool, perhaps also useful.
TA can be installed as system app, and with a name of your choosing to add further "security".
Cerberus installs as user app, but it is possible to download from their website a zip file that can be flashed as system app (or installed via ROM Manager) but not sure how many users are aware of this option. Anyway, it will still show as "cerberus" in lots of places, so it cannot be considered as stealthy as TA.
Both have many disadvantages- if the thief has access to the phone (some people don't use any pin/pattern lock, eh???) then he can deactivate TA or Cerberus from the list of device administrators and in a few seconds rendering both of them useless.
Both won't survive the flashing of a new rom, but I doubt that most "casual thieves" will go away to flash a rom in a stolen phone.
Some other sms applications using notification may override TA. That's what happens with GO SMS, for example- GO SMS will display the sms with code and everything, and TA won't work at all. There are workarounds, but it is an annoyance.
Major disadvantage of TA is the same code used to enter the application is also the one used in SMS commands! The dev is well aware of this issue but thinks it is too much for a user to remember two different codes (one for entering app, second to confirm sms commands). Thus, a thief can just get the sim out of your stolen and put it in any other phone. Then, when you start sending sms with commands to your stolen phone, you'll be actually providing the thief with your unlocking code... Next he turns on the stolen phone (with whatever sim- original or one of his choice), unlock it with the code you've just sent him by sms.. It's THAT easy. I am not sure how cerberus will act, in a similar case.

[App Idea] Plan B for data recovery on broken stock phones.

I feel this idea could be useful for a lot of us, not on our phones since we are likely rooted but on our family members and non tech friends stock phones. Which we usually end up fixing.
My idea if it is possible would be be for a "Plan B" type app for use after a broken screen, were the completely stock phone without ADB enabled needs data extracted.
My hope is that someone could make a app that is remotely installed from play.google.com that automatically turns on ADB debugging (if possible without root)
After that most data can be extracted with "adb backup" or adb pulls.
I can't count how many times this would of helped me in the past if it existed. Any dev up for the job? I am sure it would be appreciated by people.
Guess no one was interested in this idea.
shadowofdarkness said:
Guess no one was interested in this idea.
Click to expand...
Click to collapse
I think many of us are interested but one (so far) can help.
would be a good idea.... who ever was in need for something like that will be likely to pay for that... :laugh:
I could see this being a massive security risk. Sure the app could be handy, but it would also make stealing info from a phone very very easy.
So on that note, I don't think it will ever make it through, though I am sure there are ways.
Just install something like SMSBackup+: https://play.google.com/store/apps/details?id=com.zegoggles.smssync
Set it to automatically back up to their gmail, every so often, and then when it comes time to have to do repairs, you can get all of their calling/sms stuff back, since Google automatically deals with the contact infos.
it wouldn't be a security risk since the only way to install it would be from play.google.com which no one can do without your password. also pour planning with other software is not the point of this since I have been asked to recover data from devices by people that I honestly had no clue they owned the device before they broke it.usually family I don't see on s normal occurrence.
I've always been taught to keep a back up of anything you consider important.
Either way...
There are ADB backup solutions out there, there are recovery apps in the Playstore that will scan for missing or deleted files.
If you have access to the Playstore you have access to all the already available recovery apps. Why the need for an app that will basically root and unlock the device from behind their 'lock screen'?
If you have no direct GUI access, you want an app that you run on your computer that forces the phone connected via USB, to unlock and let you access whatever you want before you restore the phone. This is a massive security problem, because anyone could download that app, and use it to break into phones.
Sound like the 'prior planning' apps, are the best way to go.
I think you are missing my point. I know that prior planning is the best but it it not always possible when dealing with people so tech illiterate that even thought they own the device they barely understand it is not a iPhone because that is what a smartphone is to them.
My intended use is for physicaly broken phones (mainly screen) where I can't control any apps with the screen or turn on ADB from settings.
You thought on the security risk is wrong since out of the ways I can think of to install it via play store on the phone is would not be used since that would mean the attacker could just go into settings and do it the normal way. sideloading is impossible since it would be redundent due to that already needing ADB on.
The intended way via the web is safe enough since the attacker would need your email, password.
Do you hate the "Plan B" app that gps tracks your lost or stolen phone that is already in the play store and gave me this idea. It shows in the store as having between half a million and a million installs. Do you think those people should of went without such a app and lost their phone since they should of just pre planned since it is better.

Unknown activity HTC ONE M9

I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
--
squidstings said:
I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Click to expand...
Click to collapse
Interesting issue. I am not sure about the rooting. You are probably going to need to ask experts around here. Hopefully, they can help you with that. As for security, you could try checking if you have any suspicious apps running in the background or installed (You might be using same GPS or another app for example). It could be that one of the malicious apps had access to your calls which lead to them outputting calls to somewhere. You could try disconnecting your internet for a day and see if the calls persist (That is probably not an option for you, but it is an idea). Additionally, you could try a factory reset on one of the phones and see if the problem is still there.
squidstings said:
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
Click to expand...
Click to collapse
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
What to do? As Ross says disconnecting is probably not practicable. If you have malicious activity they probably are using data as well as calls. So I would install a firewall to block most apps and log attempted connections (normally have to pay for this) then check IP addresses tell see if they are legit. However this may not show anything as data may go via root. So setting up a proxy to route traffic to your PC and use a sniffing program to see traffic or at least I P addresses.
You can download root checking apps from play store. Also check your security settings any app with admin rights? Also use a good antivirus you might get lucky, but even if negative you may still be infected.
Only way to really clean your system is to reinstall your OS, though a factory reset will fix often. But first you need to know how you were all compromised and fix that else it will just return, I would think it's most likely your local work network, (but could be your provider R or even something else you connect to in sore way eg Bluetooth, or an app you all have (you can boot into safe mode to disable 3rd party apps, but with HTC system apps possibly containing apps that use the Baidu apk etc that still has a possible backdoor unpatched (as far as I know) safe mode will not help white those!)
You might have to look into freezing/uninstalling all HTC installed apps.
IronRoo said:
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
You might have to look into freezing/uninstalling all HTC installed apps.
Click to expand...
Click to collapse
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
so here's the kicker. I'm literally nobody! On disability, no exciting employment history and those In my family who have, aren't in contact, nor do I have contact info. And it was my wife and daughter who had the other phones, but mine was central i think. daughters phone was locked. So nothing so exciting. Which is why I even bothered asking lol
squidstings said:
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
Click to expand...
Click to collapse
Ah! Rogers Canada should be a well controlled and trustworthy provider, so probably not them, though a rogue employee or having their network compromised can't be ruled out.
Also if official Gmail app it should be safe though it does have some quite intrusive permissions like full network access, view confidential info etc, but all are legit if you want the full functionality of Gmail. But it shouldn't have access to place phone calls, so should not be able to create the behaviour you describe.
That leaves a rouge app, but you would all need to have it I suppose, HTC app (or system behavior) or local hack ie via your router or via your PC. A good anti virus should find rogue app on phone and similarly on PC. HTC system apps hard to spot without doing the firewall etc etc. So I would also be double checking your local router for firmware update and resetting it with a new strong password, to prevent possible return, so to any Bluetooth devices.
Hope it doesn't return! All the best
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
squidstings said:
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
Click to expand...
Click to collapse
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Applied Protocol said:
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Click to expand...
Click to collapse
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
It didn't show root. 2 of 3 m9s were mysteriously unlocked. the 3rd did prompt for a code, but did also show those "unknown #" calls. However, I'm still stuck on the code. I can't even enter a ",". Didn't check the other units for it, but it's still the only unanswered issue that could explain the unlock (aside from your suggestion). No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
It's dead now anyways. Battery won't charge unless powered off and went from 24+hours regular standby to about 3 hours with extreme powersave on, overnight and doesn't extend with usb power. usb data comm isn't even recognized. All 3 have failed actually (different ways) so I'm going back to my m7 which still works great. Except, it says s-on but works with different carriers and I can't even enter the code I paid for (no prompt. is there another way?)
So, here's the tinfoil hat part. Although I'm nobody, This all started around the time of the '16 election. when I was arguing with a youtube account named (not looking to attract attention so no name, but you know it) for the person who came 2nd.
Thank you for your help. It's a shame it's pooched before solving the issue. But hopefully, the code will be solved.
But any help entering my sim unlock code a different way would be appreciated. But if other carrier sims work, should root be doable while showing s-on?
Thanks a TON!!
squidstings said:
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
Click to expand...
Click to collapse
It would seem in your case that it is a setting change that was made and not comparable to other phones. Probably what we are talking about is a connection to a command server. S-on is a protection so that one cannot change the state of certain partitions namely the recovery boot and system however their are ways to get around this. You would need to get a root app to do that.
As a general rule you need to prove something is going on and funny numbers are a indication but nobody in the security community would touch it because it is very open. What you need to do however is
Get a copy of the calls use pcap and
check your firmware with the standard HTC firmware
this will show you what the phone call is doing and will help the android community overall (improved security)
Also programmers do not try to add backdoors they try to have a good product it is the hacking/security teams of _________ that do that. This being a programmer myself.

Categories

Resources