Warning to users with active sync accounts that require pin lockscreen - Verizon HTC One (M8)

Many users have active sync accounts with pin code lock screen requirements. Vzw added a "feature" where you type if wrong 10 times and the phone will factory reset. With the lock screen gestures enabled it is much much easier to accidentally wipe your data due to this.
Until we get an insecure kernel that disables write protection to /system and can disable this "feature" be warned!!!
Sent from my Nexus 7 using Tapatalk

dottat said:
Many users have active sync accounts with pin code lock screen requirements. Vzw added a "feature" where you type if wrong 10 times and the phone will factory reset. With the lock screen gestures enabled it is much much easier to accidentally wipe your data due to this.
Until we get an insecure kernel that disables write protection to /system and can disable this "feature" be warned!!!
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
A sync account meaning a google account? This "feature" is pretty damn annoying.

123421342 said:
A sync account meaning a google account? This "feature" is pretty damn annoying.
Click to expand...
Click to collapse
anyone who selects or is forced to use a pin for their lockscreen....

Others are noticing ..
http://phandroid.com/2014/03/31/htc-one-m8-security-video/
Once we have /system write access this is an easy fix to eliminate.
Article writers missed that point though...
Sent from my HTC6525LVW using Tapatalk

To be fair, this is SOP for any business that allows users to connect their phones to their corp e-mail...
I didn't watch the video, but I assume he didn't connect his phone to his work and download the policy?

tehsquishmeister said:
To be fair, this is SOP for any business that allows users to connect their phones to their corp e-mail...
I didn't watch the video, but I assume he didn't connect his phone to his work and download the policy?
Click to expand...
Click to collapse
Even BlackBerry makes you type in a confirmation. The wake gestures on this phone make it very easy to do in your pocket or bag.
Sent from my HTC6525LVW using Tapatalk

I don't think this is related to exchange, I think it's any lock screen. I use a pattern lock screen and it is the same. I've also turned off the gesture wake options.

l7777 said:
I don't think this is related to exchange, I think it's any lock screen. I use a pattern lock screen and it is the same. I've also turned off the gesture wake options.
Click to expand...
Click to collapse
Then it's a bigger ouch! We will be able to kill it once we get better root action.
Sent from my HTC6525LVW using Tapatalk

This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is a good thing, but then I have this device wipe thing hanging on my mind. On other devices, I can simply turn off this absolutely retarded option.
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.

Exchange servers are known to push security policies which sometimes can hamper user experience and in some cases overstep the boundaries of BYOD setups in workplaces.
Using NitroDesk TouchDown for a few years now, allows an activesync connection to my work exchange server, but doesn't pull group policy to overtake my phone. I highly recommend it.. (man, that sounded like an ad)

Be aware the wipe on 10 attempts isn't an exchange policy. Some exchange policies can force a PIN or a password, but thats it.
HTC, as of recently on their devices, has mandated the wipe on 10 policy once any type of security is set (whether that is a PIN or a pattern or a password) regardless of exchange policy.
Whether its because of exchange or your own setting, any security lock enabled on the phone will trigger the wipe on 10 policy.

Related

Removal of Exchange PIN?

Just got my Captivate yesterday, and set it up to connect to my corporate Exchange account. As part of that, Exchange forced the use of a PIN (when unlocking) as part of the security policy. I realized the built-in Exchange support sucked, so I deleted the account and switchd to Touchdown. I would have expected that removal of the account would have removed the PIN requirements - but it didn't.
I've tried disabling the unlock pattern and re-enabling it, but I still get the PIN entry screen after 15 min of the phone being locked. Is there a way to do it without completely wiping the phone?
RoadSync by Dataviz doesn't enforce PIN's on Android.
That's fine, but I need to figure out how to remove the PIN that has been applied.
You may have to do a system reset. My Exchange server doesn't enforce PIN On my Captivate but it did on my iphone. Weird.
steelforce said:
Just got my Captivate yesterday, and set it up to connect to my corporate Exchange account. As part of that, Exchange forced the use of a PIN (when unlocking) as part of the security policy. I realized the built-in Exchange support sucked, so I deleted the account and switchd to Touchdown. I would have expected that removal of the account would have removed the PIN requirements - but it didn't.
I've tried disabling the unlock pattern and re-enabling it, but I still get the PIN entry screen after 15 min of the phone being locked. Is there a way to do it without completely wiping the phone?
Click to expand...
Click to collapse
Have you tried lock picker? Not sure if it'll work with the captivate but it's worth a shot:
http://www.androidcentral.com/quick-app-lockpicker
Hey steelforce, did you happen to find a resolution to this problem? I have exactly the same issue: tried exchange support in native email, didn't like it, switched to touchdown and deleted exchange account, and still stuck with exchange PIN.
Thanks.
To tell you the truth guys, I had this same problem with my phone and the only way I fixed it was to reflash.
Sent from my SAMSUNG-SGH-I897 using XDA App
I had the same thing when I first bought mine, and I removed it by reflashing and going to newer kernels and ROMs.
Of course now I wish I had it back. I can connect 1 Exchange account, but I can no longer connect to the other one that required a PIN, even after flashing back to JF6.

App Lock programs

Does anyone have good success using these types of programs on the TF700 or their phones in general? If so which are you using? I read people reviewing the apps saying they work fantastic but then some post how to get around them or simply uninstalling it will remove the lock. Or they make the device run slower.
A coworker was asking if it's possible to have multiple email accounts in either the google email app or the default stock email client. The answer is yes but it doesn't give the option to password protect or require the account password to access the emails. She has a business one that she would like kept protected in case anyone gets her tablet. As it is anyone who gets your device and gets past a regular screen lock almost has complete access to your google account. The only way to do it is add the account to the device, then go back into settings and remove the account. Thats a bit of a pain for something that should be available as a security feature.
So with these app lock programs the owner could require a password to open a protected application (gmail or email client). It's a matter of how effective the programs are vs how much battery drain or performance hit it causes.
The ASUS "App Locker" app puts a pin password on apps, including system apps such as system settings. Comes with your TF700. I think (but not sure if I remember correctly) setting up my departments TF300's so that users could not access the system settings using App Locker.
Thanks for the info. She has a Levno 7'' tablet thing. I'm constantly telling her how to do this or that on it. Our Tf700 is way more power than she will ever need. I will have to see if her's comes with something like a native app lock.
I'll be checking out the asus lock on mine. Might as well set it up in the event it's ever stolen. I don't use the screen lock. It got annoying to constantly enter a pin/password when I turned my screen on.
Thanks for the reply.

Unable To Remove Lock Screen/PIN

I'm not able to disable the PIN (or any security based lock screen; Password, Pin, or Pattern) and set the phone to just "Lock Screen" or even "No Lock Screen." The Face Unclock feature is also not available.
How do I remove the PIN (without a factory reset?)
UberSlackr said:
I'm not able to disable the PIN (or any security based lock screen; Password, Pin, or Pattern) and set the phone to just "Lock Screen" or even "No Lock Screen." The Face Unclock feature is also not available.
How do I remove the PIN (without a factory reset?)
Click to expand...
Click to collapse
Are you connected to a corporate Exchange email account? If so, I think the Exchange admin can require the lock screen and not let you turn it off.
dneiding said:
Are you connected to a corporate Exchange email account? If so, I think the Exchange admin can require the lock screen and not let you turn it off.
Click to expand...
Click to collapse
+1 This happened to me on my last phone, built in policy in MS Exchange. I think if you delete the account, you can get the options back.
dneiding said:
Are you connected to a corporate Exchange email account? If so, I think the Exchange admin can require the lock screen and not let you turn it off.
Click to expand...
Click to collapse
Only company email account used on the account is accessed through Gmail.
The "Lock Screen" was the selected option, until I tested out the PIN. But then when I went back into setting, Lock Screen and the other two were greyed out. So I can't remove the PIN now.
Only company email account used on the account is accessed through Gmail.
It's because you locked the microSD card. I had the same thing right now with LG G2 Mini
See if any of these will work for you
http://en.miui.com/thread-5684-1-1.html
it's for rooted devices and I'm not rooted. just delete the micro SD protection
Sent from my LG-D620 using XDA Free mobile app
How do you delete micro SD protection? Can this be done without formatting the card?
Of course, because you do not format it. Settings/security/decrypt SD card storage.
of course that option will be shown if you encrypted the card before
I think that also works with phone encrypt so maybe that's why you can't delete pin
Sent from my LG-D620 using XDA Free mobile app
Do you have foxfi certificate installed?
Sent from my HTC6525LVW using Tapatalk
ChrisNee1988 said:
Do you have foxfi certificate installed?
Sent from my HTC6525LVW using Tapatalk
Click to expand...
Click to collapse
i did not install anything.
Did you ever solve the phone lock problem?
I have the same problem as the one you've described in this thread. Did you ever come to a solution on this one?
Settings - security - crecredentials storage - clear credentials
Worked for me
me 2
This also just worked for me thanks
​
MrRedPants said:
Settings - security - crecredentials storage - clear credentials
Worked for me
Click to expand...
Click to collapse
jackie08 said:
This also just worked for me thanks
​
Click to expand...
Click to collapse
Ditto. Clear certificates.
figured it out
I managed to sort the issue out by clearing the credential storage on my device. It may not solve the issue for everyone.
UberSlackr said:
Only company email account used on the account is accessed through Gmail.
The "Lock Screen" was the selected option, until I tested out the PIN. But then when I went back into setting, Lock Screen and the other two were greyed out. So I can't remove the PIN now.
Click to expand...
Click to collapse
So I had this problem but only after this most recent update beginning may. And what I did was go to setting, then security, there should be a credential storage area. I cleared the credentials went back to lock screen and it wasn't greyed out anymore. I don't even know what activated this because all I did was add a pin just like you and then wanted it off and I couldn't. But I solved it. Hope it works for you. Good luck
To opt out, Go to Settings » Accounts» Remove Google and Corporate/Exchange account then restart device.
Now again go to Account and add Google account.
Now lock the phone and try to unlock with invalid PIN/Pattern for 5 times, next it will automatically open SnapView settings, there, remove SnapView.
That's it, Go to Security » Lock screen, enter the current PIN/Pattern, now it will display all other lock options....
100% working for Android Lollipop, others not sure!!

Problem with Smart Lock and trusted devices

I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
straight thought is wht u said
thr is extra policy for ur device.
remove the exchange server and check wht happen...
if nothing changed go to security setting and clear credentials and remove all admins app
:good:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
m3xiz said:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
Click to expand...
Click to collapse
+1 for this suggestion. I'm a big fan of My Knox. It sets Samsung apart in this area.
Sent from my SM-G930V using XDA Premium HD app
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
Some third party email apps are capable of applying Exchange policies on the application level instead of device level. Thus leaving the rest of the device under your control. Try an app like Nine which can do just that. The are other apps too but I like this one.
Thanks Everyone. I'll try those. It sounds like myknox might help if this is it. On my Moto X I was using before, I used Touchdown for exchange (cause the ootb mail client sucked) and it similarly kept the admin policies to the app.
hmm, removed the exchange account. now things aren't greyed out anymore. I could go into trust agents and Smart Lock (Google) is enabled. I go into phone administrators and there are two: "Android Device Manager" and Support & Protection". I turned them both off (I don't know how to REMOVE them). Restarted phone. No change in behavior. My screen still locks when, for example, connected to my Gear S2 watch though that's one of the trusted devices for smart lock..
nevermind, it's working. I was just expecting different behavior. I still have to 'swype to unlock' but I'm not hit up for credentials anymore. I was expecting that when I woke the phone it would go to the last screen it was on. I don't know why, my Moto didn't do that. I think it was having the fingerprint sensor now that just messed up my mental processing.
A very simple alternative to the same effect is offered by the Exchained app. No root required.
I found if you go to lock screen (in setting: device) and create and lock screen pattern. Trust agents becomes available (in security settings: advanced), you can then turn it on and smart lock becomes available (in security settings: advanced).
There is a youtube video about it: How To Enable Smart Lock On Any Device
Unrelated to smart lock: As user "Avah" said, I highly recommend Nine email for connecting to your exchange server. It does not force the administration policies on your device (or at least, it may ask you, and you can decline). Better than the built-in clients and way better than the old Touchdown app.

FRP triggered even though Settings was used to reset

Hi
I just sold my S7 and beforehand I used the Settings menu to reset the phone. It also asked for the Samsung password too for some reason. I checked after the boot that the phone restarted in factory setup mode and it did, so I powered it off and shipped it.
Now the buyer has said that they see this msg on start up:
"an unauthorised attempt has been made to reset your device to factory default settings, connect to Wi Fi or mobile network to verify your identity"
Why is this?
They are saying that they have been advised that "the phone is locked" and so want to return it.
Why did the FRP get triggered? Is there any way out of this?
Obvs I really don't want to give the buyer my google userid (presuming this will allow them to to set it up) as even if I changed my password afterwards they could potentially do all sorts of stuff before I can change the password again ... Besides giving your login out just a no no in anyone's book.
mr-br said:
I checked after the boot that the phone restarted in factory setup mode and it did, so I powered it off and shipped it.
Click to expand...
Click to collapse
Did you check if everything was actually properly erased by going through the setup wizard again and seeing if it complained about an unauthorized reset, or did you just see the setup screen and thought everything was good? It also seems you didn't remove any accounts prior to the reset.
You should've removed all accounts, and disabled any screen lock methods on the device before even going into the reset menu on the Settings app. If you leave your accounts on your device, especially your Google and Samsung accts, both FRP and Reactivation Lock will assume that an unauthorized reset was made and as such it will store said accounts during setup in order to verify that it's *you* who reset the phone.
It may be possible for the buyer to bypass FRP and effectively remove your Google account from the phone, but if Samsung's Reactivation Lock was enabled and you still hadn't tripped Knox, then you're pretty much out of luck on doing that in any way. Removing the Reactivation Lock is incredibly hard if not impossible on some devices, so don't count on much if the feature is active.
If nothing is possible, the only choice you have is to talk to the buyer to see if he will temporarily send the phone back so that you can unlock the thing properly, then ship it again. But I doubt anyone would like to go through more hoops and expenses to get their used phone working and would rather just return it and get a refund.
Thanks for the info.
After the reset and restart I just saw the setup screen and thought everything was fine. All I knew from memory was that doing a reset via the Recovery boot menu would trigger the protection, but I had no idea that one had to actually remove the screen lock and accounts before doing a reset via Settings! I'm pretty sure that the Settings-Reset page even says it will remove all data & accounts etc. and I know it said nothing at all about removing lockscreen & accounts beforehand!
Even the specific page at https://www.samsung.com/us/support/answer/ANS00083965/ makes no mention of that step - how are folks expected to know this stuff?
Grrr, this is why I'm so frustrated at how such a seemingly simple operation is so screwed up - no wonder folks love iphones [ducks] ....
The buyer is non-technical but I've persuaded them to give me a go at talking them through entering my google userid over the phone - and then straight afterwards I'll change the google password and remove the device from google account. Failing that it's refund time and writing off all the postage.
Well we tried. But, for some reason during my account sign-in, it was asking for a mobile phone number too which I wasn't expecting, and then after that it wouldn't accept my password. The guy was 86 though and so there might have been something else amiss that he didn't spot. So I'll have to try and fix it when it comes back... Oh and it turns out that changing your google account password nukes all your app passwords without any warning, so that's another PITA to update everywhere that uses those.
The buyer actually dropped by during a road trip, so I could login myself. It turned out that it was the S7's Samsung keyboard that was at fault since it refused to type in actual characters correctly. I had to disable the Samsung keyboard setting for Predictive Text. Also it insisted on automatically changing the case of letters until I'd long pressed the shift key to fix the case.
Only after doing these things was it possible to enter email address and password correctly. I then removed my google account, did a settings reset, and finally the phone reset correctly.

Categories

Resources