On a browser, you can initiate an SSL connection to log into your facebook or twitter account by using https...what about these apps on Android? Do I need to worry about people intercepting my passwords??
That's entirely dependent on the application. Dropbox can use a secure channel of communication or it could communicate in the open. Based on it's methods, I'm inclined to believe it's secure but I've not tested it.
Twitter had a large push towards it's OAuth login mechanism. However, there are documented methods that don't require applications to use it. So, again, it entirely depends on the application. Really, regardless of how this is done, your password shouldn't be passed in the clear.
I have uploaded my first app on to the Android Market and haven't too much interest so far on XDA so I thought I would post a little bit more information about the app.
This is a simple and light weight app that allows you to securely store and easily login to different websites on your phone.
Do you have all your passwords saved into your devices web browser meaning that anyone who has access to your phone can log on to the websites that you’ve accessed. Do you regularly wipe your phone for whatever reason and get annoyed at having to keep typing in your username and password. Then this might be the app for you.
The app will store all the login information that you enter into the app, which include the company name, the web address, username and the password. Each login is listed on the front screen. If you click on the stored login it will load the website and copy the username to the clipboard allowing you to paste into the username field. Also, when you launch the website from the app it will also create a notification. Once you have copied the username you can then click on the notification to copy the password. This way you do not need to switch to and from the app and the browser to copy the login information. Once you have launched the website, the copying of the username and the password is done while the app is running in the background.
All passwords that are stored within the device are encrypted using AES encryption algorithm to ensure your data is safe.
To protect others from accessing the app you can enable a password that needs to be entered before getting access to the app. Also, for added protection you can enable a feature that will automatically reset the app back to first use if the password gets entered incorrectly 3 times.
The app enables you to backup and restore your stored logins to a file on the SD card of your device. Should you need to wipe your phone, or if you get a new device and want to restore the logins onto your new device you can use the file that was generated from the backup in order to restore your data.
Although the App has Internet Access this is only there to enable you to submit bug reports from inside the settings menu and to enabled adverts to support the app development. I promise you, know personal information that you store inside the app is sent over the internet.
The App can be found on the Android Market. There are two versions, one which is a free ad supported version and a donate version which is identical to the free version but doesn't show ads. Please search for Boardies Password Manager.
Thanks
A new update has been released today in order to enable support for Android 2.1 and up. Tests have also been made to ensure that the app works correctly on honeycomb
My employer just opened up Android native email capability (to receive work email, calendar, apps) for my Note i717. Problem is, they won't allow Rooted devices.
I know there's several (6 I think) security certificates that get installed, but I was wondering if there's a way around this no-root rule.
1. If I unroot, get all certificates installed and then re-root will it nullify the certs?
2. Does anyone know enough about certs to answer if they're something that can be backed up and restored if I move to a different ROM in the future?
I've scoured the forum and have found info on bypassing the credential logins, but not pertaining to these questions above. Answers would be greatly appreciated.
It isn't really a rule...depending on your environment
b3furuya said:
My employer just opened up Android native email capability (to receive work email, calendar, apps) for my Note i717. Problem is, they won't allow Rooted devices.
I know there's several (6 I think) security certificates that get installed, but I was wondering if there's a way around this no-root rule.
1. If I unroot, get all certificates installed and then re-root will it nullify the certs?
2. Does anyone know enough about certs to answer if they're something that can be backed up and restored if I move to a different ROM in the future?
I've scoured the forum and have found info on bypassing the credential logins, but not pertaining to these questions above. Answers would be greatly appreciated.
Click to expand...
Click to collapse
Unless your company is using a type of MDM platform (Codeproof, Good, MobileIron, AppSense), they will not be able to detect that you have root access to your phone. Some companies instruct users to install a separate MDM application in order to access their email. Most Exchange servers can be connected to without installing the MDM software. If they don't force an MDM client, they won't know you are rooted.
Depending on the version of Exchange, you can use a 3rd party email app like K-9 to access the email which would also bypass the additional security policies that will be installed if you were using the built-in Exchange support. I use Touchdown, therefore the app is protected by a PIN but not my phone, so I can still unlock the phone without having to type a 6 digit number every, single, time.
The way I see it, the company's data is still protected, and I am not overly inconvenienced, it is a win-win.
Unless your company is using a type of MDM platform (Codeproof, Good, MobileIron, AppSense), they will not be able to detect that you have root access to your phone. Some companies instruct users to install a separate MDM application in order to access their email. Most Exchange servers can be connected to without installing the MDM software. If they don't force an MDM client, they won't know you are rooted.
Depending on the version of Exchange, you can use a 3rd party email app like K-9 to access the email which would also bypass the additional security policies that will be installed if you were using the built-in Exchange support. I use Touchdown, therefore the app is protected by a PIN but not my phone, so I can still unlock the phone without having to type a 6 digit number every, single, time.
The way I see it, the company's data is still protected, and I am not overly inconvenienced, it is a win-win.
Click to expand...
Click to collapse
Apologies, I did forget to mention they instruct to install Mobile-Iron.
Their process is such:
1. Install Mobile-Iron
2. Encrypt Device & set 6 digit pin
3. Install Certificates
4. Email configuration
5. Sync email, calendar, clients to phone
They do note "If your device is rooted, this process will not complete successfully."
Reviewing the steps, it looks like the whole process is done within Mobile-Iron.
No dice so far
Still can't find anything on the net for this. If anyone can help answer this I'd greatly appreciate it.
I'd love to be able to check on emails without having to open and boot my laptop. Also, it would be great to have my calendar sync so I don't miss meetings.
Android (I'm specifically on Android L 5.0.2, CM12S, but I think this would apply mostly from ICS onwards) offers a KeyChain in which a user may store a Certificate.
When an app wants to use a certificate from the KeyChain, it calls an API to pop up a list of the stored certs and asks the user to choose one.
Maybe I'm just being blind (I hope so!) but I don't see any way to require a PIN/password prompt, specific to each stored certificate, before the user/app may make use of any cert in the KeyChain. In effect, it seems that "access to the phone" = "ability to sign with any cert stored in the phone's KeyChain".
On Windows (desktop), for example, each individual certificate may be locked with a certificate-specific password, to prevent someone with access to the user's session from being able to sign with a stored certificate; the attacker would also need the certificate-specific password/PIN of that certificate before the Windows CryptoAPI could access the cert's private key.
How do I set up Android KitKat and Lollipop's KeyChain to have a certificate-specific password or PIN which must be entered on each use of a particular certificate?
thank you,
Dears,
I hope all is well,
I am seeking your kind support regarding my inquiry for airdroid privacy
I use the application to log in on my mobile, in order to use an application through my mobile.
My question is, can the operations that I perform in the third application know that I am using the airdroid application?
For more clarification, the scenario for this activity is.
If I log into my mobile remotely via the airdroid application and perform the fingerprint authentication process, can the IT administrator know that this activity that I have done is via airdroid, or will he read this activity that it is through the mobile itself?
Please note that, i disabled the authentication app permissions for all the activities that iam doing through my mobile
Up
Uppppp
Up
Up