Related
(Prospective TF700 buyer here.)
So since the device is WiFi only for most of us, no apps that provide post-theft security via receiving an SMS message are applicable.
I can't think of any way to get the tablet back or find its location post-theft. It would be nice if there was a security app that could act of receiving a specific e-mail instead of SMS.
Aside from post-theft action, before theft I know we can use a password to secure the contents of the tablet. But is the built in screen lock via password the best means to secure it?
I just wanted to foster some discussion and ideas around this topic. Since it's much harder than with a phone. Feel free to chime in with whatever is on your mind related to this subject.
Darnell_Chat_TN said:
(Prospective TF700 buyer here.)
So since the device is WiFi only for most of us, no apps that provide post-theft security via receiving an SMS message are applicable.
I can't think of any way to get the tablet back or find its location post-theft. It would be nice if there was a security app that could act of receiving a specific e-mail instead of SMS.
Aside from post-theft action, before theft I know we can use a password to secure the contents of the tablet. But is the built in screen lock via password the best means to secure it?
I just wanted to foster some discussion and ideas around this topic. Since it's much harder than with a phone. Feel free to chime in with whatever is on your mind related to this subject.
Click to expand...
Click to collapse
This is a valuable way for this kind of thinks and imo it's better than any app.But also keep in mind that even so if you lost your device it will not be easy to get it back,but atleast you could destroy your personal data.Oh,and even if it was a 3G model,the first thing a thief will do is shutting down the device and throw out the SIM.
Pretoriano80 said:
This is a valuable way for this kind of thinks and imo it's better than any app.But also keep in mind that even so if you lost your device it will not be easy to get it back,but atleast you could destroy your personal data.Oh,and even if it was a 3G model,the first thing a thief will do is shutting down the device and throw out the SIM.
Click to expand...
Click to collapse
Thanks.
Far as what the thief will do depends on their intelligence . The one who took my wife's phone kept the SIM in to use our plan as their own.
There are several antivirus apps available that provide remote wiping (abd/or locking) functionality and such, although I do not know if they can turn on WiFi and report the device's location in the process.
I guess Asus Device Tracker will have to do for me.
I do share some of the concerns of the OP in that other thread, but for me it beats nothing.
Device encryption. Takes awhile to do but the device will be useless without the pin. I have been meaning to turn it on, I just never have my charger handy when I think of doing it. Maybe tonight...
Unfortunately Android device encryption slows down the device (which isn't the fastest anyway in our case) and drains battery faster. It cannot be undone without the full wipe, too. It is nothing like TrueCrypt in these respects.
Edit: It seems it can give you some problems with rooting, ROMs and others, too, which makes it a wildcard, although I'd love to use it. Apart from that, it's far from perfect security, as enabling debugging mode will still allow adb access without PIN verification if the device is powered and after the pre-boot PIN verification (which it probably will be when stolen).
WhisperCore looks interesting, but it says Temporarily Unavailable where the download link should be present.
MartyHulskemper said:
There are several antivirus apps available that provide remote wiping (abd/or locking) functionality and such, although I do not know if they can turn on WiFi and report the device's location in the process.
Click to expand...
Click to collapse
Most work via SMS.
You might be interested in another aspect of Device Tracker: http://forum.xda-developers.com/showpost.php?p=30305551&postcount=21
d14b0ll0s said:
You might be interested in another aspect of Device Tracker: http://forum.xda-developers.com/showpost.php?p=30305551&postcount=21
Click to expand...
Click to collapse
So nevermind using Asus Device Tracker given that news .
And device encryption just has too many negative side effects for me personally.
So there's no decent 3rd party app and we can't trust Asus any further than we can throw one of their techs.
It seems the only security for me at this time is encrypting the most sensitive data via an app just for those pieces of data and general physical security.
d14b0ll0s said:
Unfortunately Android device encryption slows down the device (which isn't the fastest anyway in our case) and drains battery faster. It cannot be undone without the full wipe, too. It is nothing like TrueCrypt in these respects.
Edit: It seems it can give you some problems with rooting, ROMs and others, too, which makes it a wildcard, although I'd love to use it. Apart from that, it's far from perfect security, as enabling debugging mode will still allow adb access without PIN verification if the device is powered and after the pre-boot PIN verification (which it probably will be when stolen).
WhisperCore looks interesting, but it says Temporarily Unavailable where the download link should be present.
Click to expand...
Click to collapse
I'd be weary of device encryption if you plan on doing anything to the tablet other than keeping it fully stock. I'm not even sure how OTA updates are handled. Granted the situation is a bit different (and totally my fault) but I encrypted my HD on my laptop (TrueCrypt) which was awesome at first. I didn't see a noticeable depreciation in speed and felt a lot more comfortable . I decided to try a dev build of Win8 one day, so I partitioned my drive and installed through the Win8 setup process. Short version is that my encrypted partition fot trashed and I lost all of my data that wasn't backed up yet.
So yea, be careful when you encrypt.
[OT] Actually, according to TrueCrypt, Windows installer should only change your bootloader and rescue boot from a removable memory should do the trick with recovering TrueCrypt MBA. Did it wipe your data or just the boot record?
---------- Post added at 09:43 PM ---------- Previous post was at 09:38 PM ----------
Darnell_Chat_TN said:
So nevermind using Asus Device Tracker given that news .
And device encryption just has too many negative side effects for me personally.
So there's no decent 3rd party app and we can't trust Asus any further than we can throw one of their techs.
It seems the only security for me at this time is encrypting the most sensitive data via an app just for those pieces of data and general physical security.
Click to expand...
Click to collapse
I think partial encryption is fine, but of course can be compromised easier when not everything is encrypted.
As to third-party apps, I believe there's a lot of these, but after this ASUS example I'm not sure I want to use any of them.
In case you still want sth like that, just have a look at Google Play: https://play.google.com/store/search?q=anti+theft&c=apps
I'm not sure what it actually did at the end of the day (can't remember). I THINK it would only boot to the Win8 partition and while the other partition was there I couldn't access it from anything (I vaguely recall the partition showing up saying that it was 0% full). I tried to restore the MBR and I ran a few different analysis tools to see if I could recover files.
After a few days I decided that it wasn't worth it. It as almost a year ago and most of my stuff was backed up, I really only lost some music and some pictures. I decided to cut my losses, reformat everything, and reinstall Windows7.
d14b0ll0s said:
...
As to third-party apps, I believe there's a lot of these, but after this ASUS example I'm not sure I want to use any of them.
In case you still want sth like that, just have a look at Google Play: https://play.google.com/store/search?q=anti+theft&c=apps
Click to expand...
Click to collapse
Some of these actually look pretty good to me . It would be nice if they made them to work with your own personal machine and not their servers, but they obviously need to use a model that makes them money :laugh: .
Unlike Asus, 3rd party app makers don't hold the device warranty in their hands. They survive off me willing to use and trust their services.
When you're rooted then I recommend Cerberus I use on both my phone and the tablet. I had luckily never the chance to use it in a real situation but from my testing I can tell that it works really good.
It has a trial version so you can test it before buying.
Sent from my Galaxy Nexus using xda premium
avast! is the answer
Seems as if avast! Mobile Security can do everything the Asus Device Tracker can do. And even more, since it also has a virus scanner, firewall, network meter, SMS/call blocker and more other features than I care to remember. And it's FREE. All that and no worries of losing warranty.
avast! can lock the device tight via a web site, wipe it and more. And it can be configured to not be easily removed. So it's the answer to me.
I know there is a lot of gripe about the White list of what websites are allowed to use flash. I don't have a lot of knowledge on the topic so I wanted to fish around a bit for some information and pose some questions.
-Is it always going to be like this? Is it likely that they will release someway for users to control their own flash preferences?
-Is it likely that a 3rd party will release something that will allow a setting like this?
- [Edit] If more support for Flash is to be forthcoming, what would one expect the timeline to be? How long would it take? [I know this will mostly be speculation ]
- [EDIT] if firefox or chrome were developed for it, would they have to run off of the whitelist as well?
-As someone who hasn't touched windows 8 full, does the full OS have a similar flash limitation?
Also if this is the wrong place for this I am terribly sorry and will move the thread where ever it goes.
adashofrainbow said:
I know there is a lot of gripe about the White list of what websites are allowed to use flash. I don't have a lot of knowledge on the topic so I wanted to fish around a bit for some information and pose some questions.
-Is it always going to be like this? Is it likely that they will release someway for users to control their own flash preferences?
-Is it likely that a 3rd party will release something that will allow a setting like this?
-As someone who hasn't touched windows 8 full, does the full OS have a similar flash limitation?
Also if this is the wrong place for this I am terribly sorry and will move the thread where ever it goes.
Click to expand...
Click to collapse
Hello
I don't think it will always be like this. I think someone may create a tool that automatically adds websites or simplify the process for us. Or we may even have a list that the community creates and we could possibly set our browser to auto download the list via options or script or 3rd party software. That being said, I do not think full windows will have the same flash limitation..at least not in desktop mode, because they can install whatever windows app they choose. It's an awesome device nonetheless.
equisbox said:
Hello
I don't think it will always be like this. I think someone may create a tool that automatically adds websites or simplify the process for us. Or we may even have a list that the community creates and we could possibly set our browser to auto download the list via options or script or 3rd party software. That being said, I do not think full windows will have the same flash limitation..at least not in desktop mode, because they can install whatever windows app they choose. It's an awesome device nonetheless.
Click to expand...
Click to collapse
There is no doubt that I am enjoying my new toy. However I really enjoy certain facebook games, like Marvel Avenger's and Draw something, but unfortunately the flash support of Facebook doesn't extend to these. I got this to replace my laptop, it's unfortunate that I can't play these on the go any more. I suppose a time line for flash support would be another question I have.
laptop replacement...I think the surface pro is probably a better option for laptop replacement than the RT. Unless of course you only do light amount of things on your laptop, and do not care about not being able to install 'regular' windows applications such as Photoshop. Even then you could remote desktop into your PC and use those applications, Some people have reported very good results using remote desktop on the surface, but I have yet to try it or myself. Don't get me wrong though, the surface RT is a very powerful device and a lot better then android and ipad as far as productivity IMO. We are just little behind on the number of applications, and even then you could argue that most android and apple apps are useless. Nonetheless, the do have us beat by the numbers. We get a real high quality app right out the box - Office.
I was at a crossroads before I purchased my Surface. I love androids and I couldn't decide between RT or android tablet. I played with the Surface and I feel in love, Whereas the android tablet would have been just like having a bigger phone. There's not much I could do in an Android tablet that I couldn't do on my Samsung Galaxy S3.
I also though I wanted the Surface PRO at first, but upon further research, I came to the conclusion that RT was the right choice. I wanted a Tablet that can do light PC related tasks, not a full mini laptop - I have a DELL XPS 15 and multiple desktops for any 'serious' work I may need to do. The pro will probably get HOT and windy and noisy due to the fans as well. I think a lot of people who purchase the pro may end up returning it and getting a RT because I do not think the PRO will functions completely like a tablet. I may be wrong but I guess only time will tell.
I love this thing.
To answer some questions:
Win8 (x86/x64) includes the whitelist in its iecompatdata.xml file, but doesn't "respect" it (i.e. all Flash sites work).
While an official tool to control Flash usage is quite possible, don't hold your breath. A few unofficial tools already exist, but tend to be a bit limited and/or cumbersome to use (I'm working on an improved one myself).
A Windows Store app, even if it could get approved, probably wouldn't work for most people; the relevant file is outside the app sandbox, so the user would have to manually grant permission to access it.
For Facebook games (or other places where an external video is embedded manually), try adding the domain of the Flash file itself (usually found in an OBJECT tag, with an extension like ".flv"). For example, if the Flash file comes from "http://flash.facebook-games.com/IMaedAGaem/flashgame.flv", you should try adding "facebook-games.com" to the whitelist. You can try using my old scripts (working on updates for them) for this, although I can't promise they'll work in that case (haven't ever tried). The link is in my signature.
GoodDayToDie said:
To answer some questions:
Win8 (x86/x64) includes the whitelist in its iecompatdata.xml file, but doesn't "respect" it (i.e. all Flash sites work).
While an official tool to control Flash usage is quite possible, don't hold your breath. A few unofficial tools already exist, but tend to be a bit limited and/or cumbersome to use (I'm working on an improved one myself).
A Windows Store app, even if it could get approved, probably wouldn't work for most people; the relevant file is outside the app sandbox, so the user would have to manually grant permission to access it.
For Facebook games (or other places where an external video is embedded manually), try adding the domain of the Flash file itself (usually found in an OBJECT tag, with an extension like ".flv"). For example, if the Flash file comes from "http://flash.facebook-games.com/IMaedAGaem/flashgame.flv", you should try adding "facebook-games.com" to the whitelist. You can try using my old scripts (working on updates for them) for this, although I can't promise they'll work in that case (haven't ever tried). The link is in my signature.
Click to expand...
Click to collapse
So what's the real hope? That more websites get whitelisted?
adashofrainbow said:
So what's the real hope? That more websites get whitelisted?
Click to expand...
Click to collapse
That, or that Microsoft discontinue the whitelist
you do understand that you can easily add to the whitelist yourself right?
mmian said:
you do understand that you can easily add to the whitelist yourself right?
Click to expand...
Click to collapse
Yes, but it would be nice to not have to. And I'm not always 100% successful
First of - I'm just an everyday user of Android device, never interested in hacking or any other "advanced" use of computers and likes. My greatest achievements so far are jailbreaking Iphone, rooting an Android phone and installing stock ROM on it. You can call me a noob. However - I like to improve things I use and I also value my privacy. That's why I installed a software that locks access to certain apps on my phone. I recently found this app actually made an opposite - it made my device vulnerable to identity theft and potential financial loss. I wouldn't really bother telling my story if developers didn't delete my one-star-rating with a brief description of the problem right after I posted it in Play store.
So, to the point. I installed CM Security and app lock app (nearly 14 millions of users and 4,7 rating) and locked some of the "sensitive" apps with it. One evening I was bored enough to try and play "a hacker" who "found my phone" and see what such person could do. Considering "a hacker" somehow managed to unlock the device he'd now encounter my second line of the defense - the mighty app locker. And now, in a few short steps I'll show you how much damage you can do with it:
1. First it obviously asks you for an unlocking password/pattern, but -as you don't know it - you hit in-app menu button and choose "forgot password?" option.
2. It asks you to log in to your Google account in order to reset the password (YES, you can access Google password recovery from inside the app, so even if you lock your device's Settings, your mail client and so on, you can still access the most vulnerable option of your account from "security" app).
3. As you don't know a Google password you hit the "forgot password" link that starts Google password reset process.
4. It will ask you for the "last password you remember", but you can just say you don't know it and then it gives you an option to get a verification code by SMS - chances are it will be sent to the device you're just holding in your hands. And these chances are big.
5. After you get a verification code you're in. You can now set a new Google account password and reset app locker password/pattern.
It's that easy. You not only unlocked an app locker but also got access to Google account which gives you pretty much endless possibilities, including purchase of some apps in the Play Store as it stores your card details and you only need an account password to authenticate the purchase. You can also try to restore Ebay or Paypal passwords or even try to get directly into bank accounts via banking apps. Sky is the limit.
I already deleted CM "security" app and looked for some replacement. I wasn't really surprised it's kind of a standard that when you install them, security apps ask you to give your Google account details just in case you need to recover your password in a future. And they often make you think that giving these details is an integral part of installation process, a must-do that is necessary for an app to install and work. Some apps, like CM "security" don't even ask - they just use your Google account details and don't give you a chance to give up such option.
After all - here's some advice I can give:
1. Don't install any security software that connects to your Google account and gives "password reset" options;
2. Don't give Google your mobile number, even if it seems convinient;
3. Don't use your Google account address as your contact information in "owner info" option of your device.
If you have any other suggestions that may improve security, please share.
Cheers
Question is why you didn't lock your device in the first place.
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
That is what a combination of a lock screen pwd,short for convenience, and full encryption using a separate and longer pwd of high entropy/randomness is for. Even with that its important to understand how it works and its limitations. Such as it does not encrypt.the ext sd card data. So if you put apps or privledged data there you either should not or using other means to encrypt it. One such way would be to use truecrypt to encrypt it using a pc, being the easiest and then use one of the apks that gives suports accessing those types of partitions/files.
The function you are speaking of is ther to prevent people you have a large degree of trust in such as a family member or close.friend possibly that you may allow to use your phone but do not want them to be able to access private data. Think of a parent allowing their child to use the phone to play a game but does not want them scewing up email or going into their bank app and randoming clicking around etc...
I hope you get the idea. Its not there to prevent someone that means to do you direct intentional harm.
I also want to point out my comments are only directed at the most basic level and only deal with physical secure of data on the phone and not the phone itself nor from remote access or privacy.
Also want to point out that a screen lock pwd is nothing but a inconvenience at best to someone wanting access to your data. A quick reboot into recovery and a bkup to a sd card will get them all your data and any weakly secured credentials there in. Its only one part of physical security, of which, is only itself one part in over all data security, which itself, is only a part of data privacy. Its a large house of cards and removing one or putting one little piece in just slightly the wrong place and collapse the whole house.
Its hard to do just the small piece of each of these parts correctly and exrremely hard to.combine all the small and large parts together for a total protection scheme. It takes considerable research and learning to do these things especially if your goals are for higher levles of security and privacy.
As an example someone that really wants their phone data ue on android to be private from commerical.data collection which via proxy means all gov access to said data would never install goggle play store or any google app on their device. That is just one glaring example of many.
http://ad.cmcm.com/en/?f=home-en-top
Cheetah Mobile is spyware. watch the video on their website
I would suggest using the built-in encryption on Android. I don't use it myself, but have the Avira app installed. I like their PC software, and gave it a try.
It can be used to track a lost phone or lock it remotely. Since I have rooted my Huawei G300 it complains a bit, but still scans all apps being installed.
bigeasy911 said:
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
Click to expand...
Click to collapse
Fact is still that this app claims it provides certain security, yet it doesn't. Not everyone will realize this. So it's always good that people keep pointing this out.
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
Reviews or star ratings are not always very reliable, just use as a rough guide .... (In my opinion SOME of those Chinese apps seem to be amongst the worst offenders)
https://techcrunch.com/2014/05/27/f...unes-but-google-play-has-the-worst-offenders/
optimumpro said:
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
Click to expand...
Click to collapse
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the damn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
billysam said:
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the d
amn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
Click to expand...
Click to collapse
Epoxy: Knowing how small and fragile phone motherboards are, I think you will most likely damage the board while trying to penetrate epoxy... Maybe you shouldn't epoxy the usb port on the ouside, but cut the data pins and epoxy on the inside to not give a hint to an attacker. Anyway, I wish an attacker fun time trying to remove epoxy...
The point of encryption is to protect data when the phone is off. So, it makes sense that for someone without a password, the phone turns into a brick. And if you tend to forget the password, then write it down somewhere other than the phone...
Mobile security is a myth. At best it is a door knit lock. Will keep honest People honest but won't stop someone from. Really trying and doing it.
I see lots of talk from people about security and yet these same people use Facebook which has enough holes in it that anyone could hack someone else pc. I use it all the time to mess with people. The looks on their faces are priceless.
Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
XSportSeeker said:
Hello all!
New to XDA Forums here... well, new on posting, been lurking for years now.
So, I have this new pet project that I want to invest some time and money come 2017, and it's like this:
I want to get an Android tablet that will be kept permanently offline after initial setup, and will hold all sorts of personal information away from the interwebs.
After thinking about it, I decided to share thoughts, receive input and comments here and perhaps in some other forums to see if I can accumulate some interesting ideas.
I'll start with the most obvious question: which tablet brand and model would you think is interesting for something like this?
The ones I considered so far: HTC Nexus 9 for rooting, Samsung Galaxy Tab S or S2 for the fingerprint scanner, nVidia Shield Tab K1 for raw power and futureproofing.
Plan is to go full paranoia, disassemble the tablet, pull out stuff like cameras, microphones, possibly even speakers, and let this become a device that can only be accessed via touchscreen or connecting external speakers and microphones. Wi-fi chip and/or antenna will also go, Bluetooth, NFC if it's there, eventually modify the USB connector for power only. New stuff only via SD card perhaps.
Yes, this means I'll be forever locking it into a certain state, but it's a pet project to see how far I can go without rendering it useless... further, I'll see if there's a way to make those changes reversible, as long as you open the device up again and such. This is of course all gradual, just ideas, might not go so far.
OS and software wise, this will need a relatively recent version of Android for full disk encryption... though it would be kinda nice to have Nougat's file encryption instead. Pros and cons to consider with each device.
Some offline apps I put in a consideration list... some of them I haven't tested just yet, but will be looking into soon enough:
Apps: AppLock
Files: Crypt4All Lite, ES File Explorer
Calendar, Contacts: Flock, Fruux
Passwords: KeePassDroid
Assistant: Utter!
Dictionary: Offline Dictionaries
Translation: Bing Translate
Maps: HERE Maps
Notes: MonoSpace
Again, the idea is to have the tablet fully functioning and connected at first - update, install, configure and load it up with everything needed, and then permanently make it an offline device. I'm not sure how many of those will actually work without any network connection, but my research has been around apps that have offline options.
Any inputs are welcome, I appreciate any recommendations for hardware, apps and custom roms for the task.
You can imagine the device overall as a personal assistant, media consumption device that will securely hold private information like calendar, passwords, contacts and files in general. Not meant to be disposable, but of course, inaccessible if stolen or lost.
Thanks for reading so far, I'll keep this thread updated with progress, but I'll probably only start working on it early next year.
Click to expand...
Click to collapse
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Droidriven said:
If you're going to keep it offline then there is no reason to be paranoid about it.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Well, it's going to be offline, but still mobile.
I realize I'm still going overboard with it, but it's mostly for testing purposes... honestly, I'm not really all that paranoid about it, boring life with nothing to hide blah blah.
I wanna see if the tablet can even work if I take all those modules off (cameras, wi-fi, bluetooth, etc). I've tested some smartphones that can work perfectly well even if you physically disconnect cameras, not sure about the rest.
I also have another pet project to have a device that is still online, but with the most security and privacy oriented measures in place... so it's a bit of testing for that too.
The underlying purpose is to see if I can modify multiple types of devices to be used in highly secure and privacy oriented scenarios. Part of my curiosity as a journalist I guess. Already turned an old laptop into a locked down Linux machine, but I didn't do much on the hardware side.
Other stuff like encryption and a strong user login system would need to be in place in case of robberies and such.
In any case, think of it as a testing platform... I know no devices will ever be completely secure and private, but willing to do as much as possible with a single device and no specialized tools to enhance things.
Full disclosure: I dont normally do forums so sorry if I do this wrong.
I purchased a Bluetooth Purification Mask named Atmoblue.
It originated in China. Ive had it for a few months now and it has bluetooth and there is an app for it but it looks like its taking forever for it to be moved over to English.
My question is how hard would it be for a person (or me, with no experience at all) to pull the basic functions out of the app?
For example I want to bypass the wechat login (cause, no) and basically get the pairing function up and running along with the fan speed and some of the auto features in the app and create a basic app til they release the full thing.
If any of you also want to try I can send you the link to the apk. Or if you would do it and require payment at completion how much would that cost?
In case you need to see the device just google Atmoblue.
Thanks again everyone.
mastershino said:
Full disclosure: I dont normally do forums so sorry if I do this wrong.
I purchased a Bluetooth Purification Mask named Atmoblue.
It originated in China. Ive had it for a few months now and it has bluetooth and there is an app for it but it looks like its taking forever for it to be moved over to English.
My question is how hard would it be for a person (or me, with no experience at all) to pull the basic functions out of the app?
For example I want to bypass the wechat login (cause, no) and basically get the pairing function up and running along with the fan speed and some of the auto features in the app and create a basic app til they release the full thing.
If any of you also want to try I can send you the link to the apk. Or if you would do it and require payment at completion how much would that cost?
In case you need to see the device just google Atmoblue.
Thanks again everyone.
Click to expand...
Click to collapse
There is pretty much a 99.9% chance that you won't find anyone to do this for you. The best you can hope for is someone might give you some links to guides showing how to decompile and edit apk files. What you would modify in the apk file to achieve your purposes would require you doing your own research to figure it out. You can ask further questions along the way about the things that you don't understand, but there are no guarantees that you will get any useful answers.
In other words, be prepared to dig in and do the work yourself, if you really want to accomplish this feat. If not, get used to dealing with the app the way it is.
Sent from my SM-S767VL using Tapatalk
Yea, i started researching the day I posted this. I've been reading and reading and reading. Ive gotten to the point where I now have access to the battery percentage. Currently, trying to figure out the characteristics in the device itself and the values needed to change each of the modes. Also, it looks like the app from the company is pretty much useless to try to use. Based on the code (from what I can understand after 2 days of research and starting off with 0 coding knowledge) the app has to use wechat to basically be able to access a server and then the server sends it back to the phone then the device. Meaning I can't just look in the code for what values I need, unless I was able to actually sign into wechat and record the log. Which I can't do since I don't have access to wechat.
So now I'm currently looking up how to write code in the programs I've found to write it and create a ui. Ive at least figured out uuids and figured out how to call up the battery percentage now. Only like 3 more settings to go! Wish me luck lol