Open letter to mobile device manufacturers - General Topics

Dear mobile device manufacturer,
Today mobile devices like tablets and mobile phones are primarily marketed as consumer devices and the main purpose is to sell content, mobile services, and to display ads. Professional users, especially IT professionals, have different requirements which are are not fulfilled by most of these devices today.
Here are the most important requirements for mobile devices:
- The user must have full control over his data. This means two things: a) The user must be able to read and write all data stored on the device. b) The user must be able to prevent data theft by applications running on the device, either by limiting app access to data, or by limiting app access to the Internet.
- The data on the device must be accessible from another computer through open protocols and interfaces and without sending potentially sensitive data over the Internet (think: USB mass storage). The user must not be forced to use a vendor-proprietary software or shop to access the data on the device.
- The user must be able to create a full backup of all data stored on the device. It must be possible to create such a backup easily, with as little manually intervention as possible. The user must be given the choice to create the backup in the cloud or on a local computer.
- It must be possible to either restore the device backup as a whole or to restore data individually per app. Reason: when an app is updated, it may turn out that the new version is broken, slow, or otherwise not fit for the purpose. If the new app version converted the data to a new format, not only the app must be rolled back, but also the old data must be restored from a backup.
- It must be possible to roll back apps after an update to a previous version. Ideally this shall be made possible by allowing the user to archive app executables outside the mobile device.
- The user must be able to revert to a previous OS version if the new version turns out to have problems. It must be possible to download copies of the OS software in a form the user can install later, at his own discretion, offline, and without intervention from the device vendor.
- The vendor must specify for how long he intends to provide security updates for the device.
- The user must be able to uninstall all applications pre-installed on the device.
These fundamental and simple requirements have been fulfilled by almost any computer system in the past 30 years. Yet there is not a single mobile device that only comes close to fulfilling them today. This is a real shame. We cannot accept that the industry takes control of our data and the devices we paid for.
--->
This list is is probably incomplete. Feel free to add to it.

Related

Good For Enterprise

Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
matt1313 said:
Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
Click to expand...
Click to collapse
Checking for root is configurable by your IT area. My account is not setup to check for root but I have had other problems. Can you easily unroot and reroot your device so Good would work except for the rare times that you actually need root? One problem I have had is the initial setup would never complete (stops at retrieving policies) unless I go back to stock eclair, get it working and back it up via Titanium backup, then upgrade to Froyo or GB, and then restore it. Mine continues to work via root though. The other problem I have had is if I ever restore to an earlier state (using the same PIN), it will stop syncing. I need a new PIN issued to get it working again.
I'm reading that IT admins can lock your phone camera, wipe SD card, etc.
What other kinds of things can they do once "Good for Enterprise" is installed on your personal phone?
Nate2 said:
I'm reading that IT admins can lock your phone camera, wipe SD card, etc.
What other kinds of things can they do once "Good for Enterprise" is installed on your personal phone?
Click to expand...
Click to collapse
I was involved in piloting "Good for Enterprise" for my company. I do know that the possible "controls" vary depending on the platform. Good for Enterprise on the IPhone will have much more control because the devices (hardware) and OS are very limited compared to Android. Keep that in mind as you read some of these items if they don't mention which platform. Also, the Good application would have to be granted root access to your phone "I believe" in order to do any of the items you mentioned. If you are running a custom ROM and have the "SuperUser" app, you would see if it had that access. I "think" it will be very hard for Good to implement some of those controls unless the Android OS provides an API for it because the underlying hardware can vary so much. I'm not a developer but I think that is correct.
Also, if you work for any decent sized company, they will be very concerned about the legal aspects of company provided software deleting (or even reading) personal information outside the "Good container". I mention the word container because Good provides encryption of everything within the app so it can not be read by anything outside the app (such as root explorer). I have successfully backed up and restored the encrypted data to another ROM but it is just bits to Titanium Backup or anything else. Feel free to PM me if you have any other questions on it that I might be able to answer. I know the admin for Good for our company that I could ask other questions.
I'm reading that the installation can detect jailbroken iPhones and rooted Android devices, and if the IT admins decide, they can configure it to refuse installation on such devices to prevent compromising Good's security/integrity of its resources.
(I'm not rooted, and don't plan to root my DroidX, so it is a moot point for me)
I heard from Verizon that IT admins can remotely control hardware components, including cameras, Bluetooth and IR ports, SD Cards, and more.
Things I'd like to know... can IT admins:
Track/monitor internet usage on the device?
Track/monitor GPS usage?
Copy non-Good related resources (e.g. files) from the device or SD card?
Lock the device?
Locate the device?
Wipe non-Good related resources?
Does the Good app send device System Logs to the IT folks?
Phone call logs?
App Permissions:
YOUR ACCOUNTS
ACT AS AN ACCOUNT AUTHENTICATOR Allows an application to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.
MANAGE THE ACCOUNTS LIST Allows an application to perform operations like adding, and removing accounts and deleting their password.
SERVICES THAT COST YOU MONEY
DIRECTLY CALL PHONE NUMBERS Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
NETWORK COMMUNICATION
FULL INTERNET ACCESS Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ CONTACT DATA Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
READ SENSITIVE LOG DATA Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
WRITE CONTACT DATA Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.
PHONE CALLS
READ PHONE STATE AND IDENTITY Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS
MODIFY/DELETE SD CARD CONTENTS Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
RETRIEVE RUNNING APPLICATIONS Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
PREVENT DEVICE FROM SLEEPING Allows an application to prevent the device from going to sleep.
YOUR ACCOUNTS
DISCOVER KNOWN ACCOUNTS Allows an application to get the list of accounts known by the device.
HARDWARE CONTROLS
CONTROL VIBRATOR Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE Allows an application to view the state of all networks.
VIEW WI-FI STATE Allows an application to view the information about the state of Wi-Fi.
SYSTEM TOOLS
READ SYNC STATISTICS Allows an application to read the sync stats; e.g., the history of syncs that have occurred.
AUTOMATICALLY START AT BOOT Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
KILL BACKGROUND PROCESSES Allows an application to kill background processes of other applications, even if memory isn't low.
Sent from my unrooted DroidX using XDA App
I've been using EVO CM7 nightlies for quite a while now and never had issues with Good for Enterprise. With last 3 versions of nightlies, Good hasn't worked. When trying to reinstall Good, it says there is no phone network when trying to register. When looking at Device Info in Good setup screen, it doesn't have a phone number. Tried clearing, data, all cache, etc.
Is anyone else having this issue? It's like CM7 is not sending the phone string to Good when calling it.
A coworker also uses CM7 (not nightlies) and has no issues with Good on EVO. The phone number shows up in Good device info on his EVO.
I had the same problem, but I'm luckily an admin at our company on the good software. After messing around with it... this is what I had to do.
1. Uninstall Good from your phone on CM7 (Must be uninstalled at first for this to work....)
2. Reboot into Recovery and make a Nandroid Backup
3. Wipe the both Caches and Data, Install a Sense Rom
4. Install Good Mobile and have you admin resend you the email to enroll your phone
5. After entering the code and entering a password.. the Good will try to pull emails... kill the good app before this.
6. With Titinium Backup, backup Good and its Data.
7. Reboot into recovery.
8. Wipe the both Caches and the Data... Recover your previous CM7 Nandroid backup.
9. In CM7 launch Titanium backup and restore Good Mobile and its Data.
Worked after that... this way Good would communicate with the phone during the enrollment... which for some reason with CM7 it doesn't work... and just complains about not being connected to your mobile network.
Coincidentally I've just put up another post relating to IMSI numbers which was prompted by Good refusing to activate as some devices are reporting the same 1st 6 digits of their IMSI rather than the full 15 that Good uses to authenticate the license relative to the specific SIM card the license is for. Has anyone else come across this issue with Good?
matt1313 said:
Has anyone been able to get this working with Root? I install fine, enter my pin and it goes through but since I have root it doesnt sync. Im running liberty, any suggestions
Click to expand...
Click to collapse
Mine quit syncing after the first day. I had to upgrade my personal unlimited data plan to a corporate/enterprise data plan for an additional $15/month with Verizon, and reinstall Good.
Sent from my unrooted DroidX using XDA App
Sievers said:
I had the same problem, but I'm luckily an admin at our company on the good software. After messing around with it... this is what I had to do.
1. Uninstall Good from your phone on CM7 (Must be uninstalled at first for this to work....)
2. Reboot into Recovery and make a Nandroid Backup
3. Wipe the both Caches and Data, Install a Sense Rom
4. Install Good Mobile and have you admin resend you the email to enroll your phone
5. After entering the code and entering a password.. the Good will try to pull emails... kill the good app before this.
6. With Titinium Backup, backup Good and its Data.
7. Reboot into recovery.
8. Wipe the both Caches and the Data... Recover your previous CM7 Nandroid backup.
9. In CM7 launch Titanium backup and restore Good Mobile and its Data.
Worked after that... this way Good would communicate with the phone during the enrollment... which for some reason with CM7 it doesn't work... and just complains about not being connected to your mobile network.
Click to expand...
Click to collapse
I previously had a similar problem that I mentioned above - on custom FROYO ROMs it would stop at retrieving policies but flashing to stock eclair, I could finish the setup (and let all current emails come in) and then backup via TB, flash to custom FROYO, then restore and it would be all set. However, when I recently reinstalled Good on Continuum 5.5, I decided to try to let it complete the setup and it did with no problem. I only tried that since my IT admin setup "self-service" for me. I can access a link where I can send a new PIN for my account since it can easily stop syncing. The PIN goes to your corporate email so it is safe to allow.
@Nate2 - sorry I didn't see your post previously. Yes, there are Good policies that can be setup to detect "jailbroken" IPhones, etc. At my company, Good on Android is still not a standard offering because corporate policies are limited to what they can do on Android due to the numerous OS and hardware combinations. However, I have been pushing simply putting trust in the Good encryption (AES 256 if I remember right). Looking at the permissions of the app makes it look at first glance like it can do anything. However, I don't think it is as extensive as it seems. The only "data" outside the Good container that can be read by the app "to my knowledge" is the contact info. This is because your IT administrator can allow Good to sync corporate contact info (in Good) to your phone's contact info. This allows you to easily see who is calling (rather than a phone #) if it is one of your corporate contacts. Although it can access (modify/delete) SD contents, it doesn't say "Read". I don't think I am "reading" too much into that... For internet access, I know Good is working on adding in internet access (from inside the Good container) so browser access is allowed. I am "guessing" this is mostly for IPhones, etc. where the IT admin could stop internet access outside the Good container. That way they could control internet access on a "corporate" device. This is speculation on my part, though. I do think it can send device logs which is required "I think" to detect root access. Look over all the permissions listed keeping in mind READ access to system logs and contact info only and it seems to fit. Therefore, I think they probably can detect that you enabled/disabled GPS but I "doubt" they can detect where you went since I don't "think" that goes in system logs that they pull. If you still have any question, send me a PM since I don't frequently check this thread.
Thanks RichMD.
I once worked in a large company where a sysadmin was fired for accessing the corporate e-mail of an employee (his ex-girlfriend). She reported the incident to HR. Possible access to additional sensitive resources on the phone makes these kinds of incidents worse, and that's why we should be cautious.
Sent from my unrooted DroidX using XDA App

[Q] anti theft idea

I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
+1
i like it.
Please dont qoute OP
It is possible
But our devices are flashed completely if we flash a new rom
Every 1 is changed to zero
And if some devs figure out how to create such partition then people will figure out how to disable it
If a thief know how to flash new rom then he might find out a way to disable it.
We can change kernel and system so its not so much secure.
I don't have enough knowledge
For example you own a Samsung device and you created partition like that and a thief will just flash a stock rom including pit file so your partition will be merged or wiped
Sent from my C6502 using XDA Premium 4 mobile app
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
There Are many of them:
NQ Mobile Security Free
AVG antivirus
Quickheal
Avast
Mobile Tracker
(according to my theory)
Unless you can modify your hardware, it is highly impossible to have anti-theft app or security which persist through wipe (full wipe).
What if you have access to your hardware ? You can make system like Knox. Let say if your device is tampered, you can make the (Let say X-hardware) flag become 1. Now what should it do when the flag become 1 ? Either locks entire rom or make the device looks like bricked or etc (which make the device useless until you reset it). In hardware part, you should also modify how device should behave when it is turned on. Let say you have a microcontroller which see this X-hardware flag. If it is 1, skip entire process and turn off the device. How about software side ? Of course you need modified OS to support this.
The theory looks easy, but implementation is the hardest one.
There is a very easy way to implement this.
Most all new comouter hard disk and solid state disks sjpport what is known as HPA.
HPA stands for Host Protected Area or Hidden Protected Area.
It can be set or queried with the linux tool hdparm.
It effectively makes the disks report a smaller total size to the OS at the firmware level. Anything can be put inside including anti-theft software (see: computrace)
Easy enough.
anurag09 said:
I am a noob with a history of 3-4 phones stolen , so it prompted me to search a antitheft app. One thing I found out that antitheft apps only work till phone is switched on or it has not been wiped and flashed with a new ROM. I struck me that is there a way that we can circumvent it.
The idea was
1) Make a partition in memory which is very small that it is not noticed by the thief who is flashing it to wipe every thing.
2) This new partition should not be wiped while flashing a new ROM and should be hidden to computers.
3) Install a anti theft app app on that new partition.
4) The app should get installed automatically even after flashing new ROM.
5) The app should retain its data.
6) The app should be hidden in the menu.
7) We can access the app to trace the mobile.
See I don't have any necessary skill to do any of these task so I ask you security pundits CAN IT BE DONE?
If possible we can ask a developer to do it and fund it I am sure there will be many to fund this work.
Click to expand...
Click to collapse
I dont know if you live in a developed country, but phones have thing called IMEI that can be tracked. The guys who steal phones and who buy stolen phones are obviously stupid enough to believe that reselling phones is a thing.
Really, if you get your phone stolen so much, my suggestion would be buy two phones this time. One feature phone and a smartphone you keep at a safeplace. You use the smartphone only in safe situations and the dumbphone in all other cases.
Works fine, believe me. A feature phone costs less than an SD card nowadays.If you got your phone stolen 4 times, dont use or get a smartphone in the places you work or pass.
Software cant help if you are surrounded by thieves.
Sounds a great idea.
def a good idea. but as the previous post mentions., imei does a moderately good job of keeping blacklisted phones of the network
came across this article, and made me think of this post
its talks about an anti-theft method called poison pill
here is an excerpt:
The loss or theft of a company laptop can cost far more than the replacement hardware. It can cause significant disruptions to business. It can result in legal or financial exposure. It can put your company in breach of compliance with HITECH, HIPAA, and other stringent rules and regulations regarding data security and privacy.
Laptops with an Intel® Core™ processor with Intel® Anti-Theft Technology (Intel® AT) provide IT administrators with intelligent protection of lost or stolen assets.
With Intel® AT, you can now disable a lost or stolen PC with a local or remote "poison pill". This poison pill can delete essential cryptographic material from system hardware in order to disable access to encrypted data stored on the hard drive. The poison pill can also block the laptop’s boot process, rendering the system a "brick".
Intel® AT’s flexible policy engine allows you to specify the detection mechanism that asserts theft mode, the thresholds for timer intervals, and the theft-response action(s) to take. Because the technology is built into PC hardware, Intel® AT provides local, tamper-resistant protection that works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop is disconnected from the network. When the laptop is recovered, you can reactivate it quickly and easily using your choice of methods: pre-provisioned passwords, one-time codes generated by IT, security questions, and more.
Intel® AT is activated through service subscriptions from Intel® AT-enabled software and service providers.
Source
If you have a Samsung phone, Enable "Reactivation Lock" from Settings->Security.
Wouldn't you have to use a custom PIT file to realize this? I think the best thing at the moment is the reactiviation lock, which is coded into the bootloader as far as i know.
Try Android Lost. If you convert it to a system app, you'll have a great security app (the best, in my opinion) that should survive a reset.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Great idea! I would like a developer to make a recovery (such as CWM) that could be able to give you an option to put a password on the recovery. That'd be awesome.
Try using Hidden Eye. It captures a photo using front camera every wrong password. The full version have an ability to send the photo to your email. Check it out.
Never underestimate a kid whose poor in cash but rich in time.
https://play.google.com/store/apps/details?id=com.lsdroid.cerberus
Cerberus does all of the things mentioned in this thread except create a hidden partition and survive a new rom flash but does survive factory resets.
If the person was tech savvy enough to flash a new rom then they are tech savvy enough to change the IMEI to circumvent blacklisting. The reality is that the vast majority of people would at most do a factory reset on a stolen device.

Secure Spaces Support (or equivalent feature) for Pixel?

I used Graphite Software's Secure Spaces on a Blackphone 2, and I really liked the way it allowed me to keep work and personal data separate. Visiting their website, I see that support is unfortunately limited to a small group of phones, and includes the installation of a customized ROM. In the xdaforums Nexus 5 and Nexus 5X Development forums, there are Secure Space ROM threads, but I'm just curious if anyone knows if there will be future support with Secure Spaces for the Pixel, or if there is another solution that provides a similar separation capability, for the Pixel. (Unfortunately my employer does not allow rooted phones).
Just received notification from Graphite that support for the Pixel is planned. If anyone knows of any similar "separation" technology that's available please feel free to post to the thread.
Not being familiar with Secure Spaces, and having only briefly scanned what it does, could you not do the same thing on the Pixel by setting up an additional user for the phone? When you set up a new user it's like a whole separate phone for that user, including passphrase, apps, storage, email, settings, everything.
Maybe it's an ignorant suggestion, but it looks like that's what Secure Spaces does.
I think that Secure Spaces offers more separation than what you're describing, (although I admit I've never tried setting up two user accounts on my phone to see what separation is provided). My current and former employer require that any devices that access the corporate network, (in order to get email, calendar schedule, etc.), be installed with MDM, (mobile device management), software that allows the IT department to have complete control over the entire phone's configuration, (most obvious if you try to change the security options), and management. Secure Spaces allows me to have separate workspaces, one that corporate IT can own, and another that can be configured and managed as I want. It also keeps data separate between the workspaces.
jasnn said:
I think that Secure Spaces offers more separation than what you're describing, (although I admit I've never tried setting up two user accounts on my phone to see what separation is provided). My current and former employer require that any devices that access the corporate network, (in order to get email, calendar schedule, etc.), be installed with MDM, (mobile device management), software that allows the IT department to have complete control over the entire phone's configuration, (most obvious if you try to change the security options), and management. Secure Spaces allows me to have separate workspaces, one that corporate IT can own, and another that can be configured and managed as I want. It also keeps data separate between the workspaces.
Click to expand...
Click to collapse
When I create a new user under Nougat, it's as if it's a brand new phone. You only have the base apps that were there when the phone was new, you have to set up Gmail again, Chrome is empty, Photos shows nothing, etc. You can manage security settings, pretty much everything. The only thing I've found that it will not let the secondary user do is open the Messenger application - so the secondary user cannot read or send text messages on the phone - which is of course a good thing.
I also found an article with this blurb about the separation between users:
Under the hood, file-based encryption enables this improved user experience. With this new encryption scheme, the system storage area, as well as each user profile storage area, are all encrypted separately. Unlike with full-disk encryption, where all data was encrypted as a single unit, per-profile-based encryption enables the system to reboot normally into a functional state using just device keys.​
Anyway, it's probably all irrelevant now since the product you're used to and happy with is available for the Pixel. That said, if you haven't installed Secure Spaces yet it might be worth taking a look at it. Just two-finger swipe from the top and tap the "user" icon and then "Add user".
Thanks for spending the time to research this issue.
I'm sure that folks over in the two SecureSpaces development threads here, (1., 2.), can speak more authoritatively on what Secure Spaces offers over a stock setup. For me being able to configure the security options for my personal space, separate from my work space, is important, as well as keeping the data separate from each other.
What about Android for Work?
I used to use it with BES12, worked well.
Sent from my Pixel using Tapatalk

Unsolved tech...

Hello guys,
I have been searching for answers to some of the tech stuff, but couldn't find them.
Here are some of those questions. Hope some of you would have answers to these. Thanks in advance!
ANDROID
1. How to share files between multi-users on Android 11?
Before Android 11, it was possible to save files inside the Android/ obb folder, and these files were visible for all users on the device. In Android 11, this is no longer working as the 'obb' folder appears to be exclusive to each user.
I know this is possible via USB OTG or a cloud service, but is there a solution without these?
2. How to copy/ backup game data for non-rooted devices?
Helium Backup doesn't seem to work. I have played a game for long on my Mediapad, and I would like to copy that game to my phone. Unfortunately, my Mediapad is not rooted and losing all that game progress has become a nightmare. I have written to the app developer to provide some sort of backup using either Google Play Games or social media integration like Facebook/ Twitter, but haven't received any response.
3. How to force apps (esp. file managers & gallery apps) to use in-app media viewer without changing system default.
For example, I may use the stock gallery app as default for viewing media. But if I am using another gallery app or a file manager that is capable of viewing media files using its own media viewer, I would rather want it use it than open the default app. Is there a way to do it?
4. Replace stock file manager (a system app) with another app from Google Play Store or other sources. Is this possible?
I am not asking how to convert a user app into system app. I know that part. I tried replacing the apk file of the stock file manager with a 3rd party apk, even renamed it, but it didn't work.
5. Extract a system app from one device and install it on another device without root. Is this possible?
I have tried it, but apk installation fails. For example, Samsung Gallery app on OnePlus phones.
iOS
1. How to install .ipa (iPhone app) on an iPhone (not jail-broken) without a laptop (iTunes)?
2. Is it possible to have SFTP server for iPhone?
All Operating Systems
1. How to provide LAN only access for non-rooted devices as well as in Windows & iOS?
For rooted devices, we have apps like AFWall+ that can do it. But is there a way to do it for devices without root, as well as for Windows and iOS?
For non-rooted devices, we have apps like Netguard that support 'Allow LAN access' whilst blocking internet access.
Are there any alternatives and solutions for other platforms?
2. How safe is it to enter login credentials in an app to allow it access to network drives?
I use several apps (on various platforms) to connect to my laptop over SMB. This requires me to provide the app with my Windows Login Credentials, which is a Microsoft account. Am I risking my account by providing this info to the app? Is it safe to enter login credentials of cloud services in file manager apps?
Just bumping this thread as it seems to have been lost/ unnoticed.
@Ultramanoid can you answer some of these?
Sridhar Ananthanarayanan said:
@Ultramanoid can you answer some of these?
Click to expand...
Click to collapse
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Ultramanoid said:
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Click to expand...
Click to collapse
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Sridhar Ananthanarayanan said:
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Click to expand...
Click to collapse
Didn't answer because it won't be helpful.
As to the 1st, I don't use LAN, and I don't keep data in any device or computer unless in use. External independent encrypted storage to be used wherever, whenever, independent of device, cables if needed.
As to the second, it's a matter of common sense, being informed of vulnerabilities and aware of reputation, and trust. Would you trust Chrome or Mozilla with data if you're online banking ? Seems reasonable -- but be aware of major vulnerabilities that may be going on. Would you trust an application released yesterday by a single developer for the same ? Probably not a good idea.
Finally, I doubt what I use and how I use it would be acceptable for you, or most people. In essence you could : Install latest firmware, wipe device, install latest security patched Lineage build for it, remove vendor / Lineage applications, get full root, remove anything you don't need or use which could have vulnerabilities; frameworks, libraries, binaries, etc ( Bluetooth, SMS, Android system-wide downloader, system-wide WebView, NFC, and on and on .. ), install your own binaries, fonts, hosts file, and applications where appropriate ( /bin /etc et al ), install Termux and all Linux packages required for your use, everything open source whenever possible, and stay away from any Google services / Play / applications with ANY trackers, analytics, data mining or even crash report capabilities; zero tolerance. Internet permission only for a secure web browser -- and terminal if / when needed. Half of what I do or use goes through terminal to be honest. In short, for me an Android device is a full Linux laptop replacement with added perks : Always on and on me, camera, GPS, pedometer, unlimited LTE data, and emergency calls for medics / police. ( Edit : And Japanese EEW alarm of course ! Only notification I use. We learned our lesson well in 2011. )
You can use ApkExport to extract any apk including system apks. I've transferred apks between other devices devices with it.
Never had need of doing that though with a system apk.

Why is Android not providing backup of app data?

Hello community!
I think this is the best place to ask this question as this is a forum of default for all developers.
Why is Android not providing backup of app data?
On iOS, factory reset and restore is a breeze. The process is extremely simple, and there is absolutely no user intervention required after a factory reset. iOS simply puts everything in its place as if nothing happened. Same is true for macOS, WatchOS & iPadOS. This is just a wonderful implementation. The only limitation is if an existing app is no longer available on the Apple AppStore. In that case, the app data would still remain in the cloud (or iTunes backup), and can be easily restored if the app (.ipa file) is backed up using iTunes (or similar 3rd party software).
Can someone answer why the same is not available on Android, despite it being the more versatile software?
As far as I know, backup over ADB isn't reliable. And more importantly, ADB isn't for everyone.
Thanks.
android is google. there exist native backup option to backup app data in google drive. adb backup is androids native backup option. it will save apps data to PC and can restored even to other devices.
so your question should be, why android provides solution to app developers protecting their app data from backup.
aIecxs said:
android is google. there exist native backup option to backup app data in google drive. adb backup is androids native backup option. it will save apps data to PC and can restored even to other devices.
so your question should be, why android provides solution to app developers protecting their app data from backup.
Click to expand...
Click to collapse
The native backup solution doesn't backup most of the apps data. As a result, most things must be setup from scratch after a factory reset. The process isn't automatic and requires plenty of manual work. This is clear from the numbers below:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Size of actual backup:
It is clear that most apps are not backed up, and only a very few apps' data is included, which I believe is mostly Google stuff.
That said, why does Android allow developers to prevent their apps' data from being backed up? This doesn't make sense because the data belongs to the user, not the developer of the app.
what you don't understand app data can be perfectly backed up. it's just the app developers they decide whether it's allowed or not. It's controlled in AndroidManifest.xml
android:allowBackup="true" API level < 30
android:debuggable="true" API level > 30
https://developer.android.com/about/versions/12/behavior-changes-12#adb-backup-restrictions
btw your screenshots refer to EXTERNAL_STORAGE
https://developer.android.com/training/data-storage
aIecxs said:
what you don't understand app data can be perfectly backed up. it's just the app developers they decide whether it's allowed or not. It's controlled in AndroidManifest.xml
android:allowBackup="true" API level < 30
android:debuggable="true" API level > 30
https://developer.android.com/about/versions/12/behavior-changes-12#adb-backup-restrictions
btw your screenshots refer to EXTERNAL_STORAGE
https://developer.android.com/training/data-storage
Click to expand...
Click to collapse
On iOS, the backup doesn't include apps' own data (those that are required for the app to run properly), instead only the data that the app has collected from the user, such as settings, login credentials, etc. So that when the user restores a backup, everything simply works like nothing happened. And this includes crucial apps like Banking apps too.
During the restore process, the system downloads the apps automatically from the Store that comes with the entire database, libraries and other files that the app needs to run properly, which isn't part of the backup. The user doesn't have to worry about any of these things as the system handles EVERYTHING automatically.
I don't understand why App Developers should have a say in whether the user specific data that they collect and store in their working directories should be part of the backups. That data belongs to the user and as such only the user should decide whether it needs to be backed up or not, just how it is in iOS.
On Android, where does the app save all of user configurations and files?
I think we can track it down to simple rule.
if you wanna have control and responsibility about your phone in your hands, use android.
if you don't care a f** about what's stored in cloud - buy iPhone
aIecxs said:
I think we can track it down to simple rule.
if you wanna have control and responsibility about your phone in your hands, use android.
if you don't care a f** about what's stored in cloud - buy iPhone
Click to expand...
Click to collapse
You missed an important point: on iOS, user decides whether his data that is collected by an app should be backed up to the cloud or not. You get to control what to backup, and what not to backup. If user chooses to save in the cloud, Apple is pretty good in keeping that data secure. Most cases of breach are users' own stupidity.
With Android, it is absurd that the app developers make this decision for the users. And you are saying one should use Android if he wants to take control of this. I don't see a simple or reliable way to do that.
Yes because Android is highly customizeable. I know how to backup my data. There exist TWRP, Migrate, Titanium, and I never used any cloud. Btw the last thing I would backup is /storage/emulated/0/Android this is the first directory I always delete, and I never lost any app data (although I don't know what obb really contains as I never played games, used WhatsApp or any other memory wasting stuff)
It's okay if it is absurd to you, but sure it's not a technical reason. I have linked the documents explaining. To me it would scare me to dead if my device would re-install everything and becomes in the exact same state as before factory reset
TheMystic said:
The native backup solution doesn't backup most of the apps data.
Click to expand...
Click to collapse
can you give example app please, let's do reality check
It's simple, main reason is GDPR, cmiiw
Data needs to be separated between application data (config, everything that is not stored any customer/user/client information) and user's data (login sessions, anything that might compromise customer/user/client information).
For most application data, it can be safely assumed, google, huawei, or any third party software, can back it up, stores it in any kind of their backup storage (cloud, ftp, you name it), and restores it as they wished. However, as the user's data, they cannot. At least without user's consent. And it's because of GDPR.
And @Alecxs is correct. Imagine if someone can restore your data in their phone, and then they were identified as you, imagine the horror. If you think no it's impossible, think again. If you think Apple is secure and that's not possible, think again.
And now, why many backup apps exist in play store that can do that? Simple, they don't provide any kind of agreement that they will store your data in their storage, it's always in your local storage or your own cloud storage (dropbox, drive, you name it). And because there isn't any clear protocol from android to do so (separated backup between application or user data), most of them needs to be operated under root.
aIecxs said:
Yes because Android is highly customizeable. I know how to backup my data. There exist TWRP, Migrate, Titanium, and I never used any cloud. Btw the last thing I would backup is /storage/emulated/0/Android this is the first directory I always delete, and I never lost any app data (although I don't know what obb really contains as I never played games, used WhatsApp or any other memory wasting stuff)
It's okay if it is absurd to you, but sure it's not a technical reason. I have linked the documents explaining. To me it would scare me to dead if my device would re-install everything and becomes in the exact same state as before factory reset
Click to expand...
Click to collapse
Less than 2% of Android users install a custom recovery and/ or root their device. And a much smaller number use ADB to take care of a few things on their non-rooted device. I'm talking about backup solution for the remaining over 98% users.
Pretty much everyone knows how to backup their stuff. It's just that there is a lot of work to do and requires patience. An automated backup solution helps in saving plenty of time and unnecessary work for the user.
There are, however, some situations where the user is helpless. I was playing a game for a long time, spent a good amount of money on in-app purchases, and when I bought a new phone, there was no way to transfer all that stuff. That game provided no means (either using Google Play Games or Social Media integration) to backup the user account. I wrote to the developer several times, but never got any response. I even complained to Google, but nothing happened for a pretty long time. I stopped buying stuff in that game. Many months later, the developer finally allowed saving game data to Google Play Games. Although I could now move my stuff to my new device, it was just too late. I lost interest in that game. In my case, I still had the old device with me, and working fine. So I could save all my details to Google Play Games. Imagine if someone lost their device, or broke it, or sold it...for them all that money spent in that game would be gone.
'As with your scare me to death' statement, I think you haven't understood how backup & restore works on iOS. iOS will wipe everything on your phone, do a fresh installation of the OS, download all your apps again, and then restore user settings, login credentials, etc, which pretty much takes care of EVERYTHING. The user has no work to do here. But the system is fresh, and all the junk built up over time by both the system and the apps are now gone! It is NOT a system image and restore that will bring everything back, including the unwanted stuff. So your device isn't actually in the exact state like before. It is much leaner, cleaner and much more efficient. The exact same thing happens when you migrate to a new device. Only the things that matter are migrated, the rest are not.
Do note that the user has full control over which apps to backup, and therefore, which ones will be restored/ migrated.
aIecxs said:
can you give example app please, let's do reality check
Click to expand...
Click to collapse
If I factory reset my Android phone, the backup will only restore call logs, sms, contacts, and a few basic stuff. It will also download all my apps from the Google Play Store. But here ends the similarity. Beyond this, the user has to setup every app from scratch, with the exception of a few like Google's and Microsoft's cloud based apps. User also has to setup all the permissions for apps from scratch. There is a lot of work involved, which can be easily avoided if Android provided an automated way of getting this done.
User configuration files and login credentials belong to the user. You haven't explained why app developers can choose whether this information can be backed up or not. To me, it seems like Android has a big limitation in the way it is designed, and so is unable to provide a simple backup solution that takes care of these things like in iOS.
x3r0.13urn said:
It's simple, main reason is GDPR, cmiiw
Data needs to be separated between application data (config, everything that is not stored any customer/user/client information) and user's data (login sessions, anything that might compromise customer/user/client information).
For most application data, it can be safely assumed, google, huawei, or any third party software, can back it up, stores it in any kind of their backup storage (cloud, ftp, you name it), and restores it as they wished. However, as the user's data, they cannot. At least without user's consent. And it's because of GDPR.
And @Alecxs is correct. Imagine if someone can restore your data in their phone, and then they were identified as you, imagine the horror. If you think no it's impossible, think again. If you think Apple is secure and that's not possible, think again.
And now, why many backup apps exist in play store that can do that? Simple, they don't provide any kind of agreement that they will store your data in their storage, it's always in your local storage or your own cloud storage (dropbox, drive, you name it). And because there isn't any clear protocol from android to do so (separated backup between application or user data), most of them needs to be operated under root.
Click to expand...
Click to collapse
GDPR? Seriously?
Is GDPR not applicable to Apple?
And GDPR is not about backup and restore. It is about collecting user data without authorization AND using it for purposes that benefit someone else.
For the purposes of backup, all data remains with the user account and not used for any purpose other than to restore the same to the user's device(s), subject to credentials verification.
By your logic, there cannot be any cloud based solution either, including emails!
As mentioned before, Apple is pretty good in taking care of their cloud services. And so is Google. Most cases of breach have been found to be a fault at the users' end. Someone keyed in their credentials in the wrong place and then complained that their account is compromised, their photos have been leaked - not Apple's fault.
TheMystic said:
it seems like Android has a big limitation in the way it is designed, and so is unable to provide a simple backup solution that takes care of these things
Click to expand...
Click to collapse
please give me example app pkgname so I can double check
aIecxs said:
please give me example app pkgname so I can double check
Click to expand...
Click to collapse
You can take any app on your phone which isn't cloud based. Take the file manager app for example. I have set up several remote connections on my file manager. There is no way this information will be restored from the stock Android backup. I will have to setup all remote connections again if I were to uninstall this app and reinstall it. Same holds true if I factory reset my phone or migrate my information to a new device. Android will only reinstall the app for me automatically. I will have to setup all remote connections manually, AND also setup all the custom configurations for the app that I have setup in System Settings.
Only if the app itself provides a built-in way to export all the configurations, will I be able to export them and import it back after a factory reset/ migration. Even then, the configurations (or permissions, etc) for the app under System Settings must be redone manually on Android.
can you please provide pkgname (or google play link) of your file manager, so I can double check?
aIecxs said:
can you please provide pkgname (or google play link) of your file manager, so I can double check?
Click to expand...
Click to collapse
Because this is applicable for all non-cloud based apps which are the majority, I don't have to be specific.
But, since you asked, here are a couple :
1. https://play.google.com/store/apps/details?id=com.alphainventor.filemanager&hl=en
2. https://play.google.com/store/apps/details?id=com.teslacoilsw.launcher&hl=en
okay I am not going to test crappy google one backup on my daily driver, as I don't want to safe my phone to cloud for reason.
Haven't checked Nova Launcher but for File Manager I can say android:allowBackup="true" is allowed in AndroidManifest.xml, so adb backup and restore of app data will work (I can test it later)
Not sure what you mean with non-cloud based apps, are you trying to say these apps can't backed up from google drive? If so, who decides if an app is "cloud based" or not?
aIecxs said:
okay I am not going to test crappy google one backup on my daily driver, as I don't want to safe my phone to cloud for reason.
Haven't checked Nova Launcher but for File Manager I can say android:allowBackup="true" is allowed in AndroidManifest.xml, so adb backup and restore of app data will work (I can test it later)
Not sure what you mean with non-cloud based apps, are you trying to say these apps can't backed up from google drive? If so, who decides if an app is "cloud based" or not?
Click to expand...
Click to collapse
Most of the important/ critical information are already in the cloud for almost everyone. This includes emails, photos & videos, documents, etc. for those who use Cloud Storage (which is pretty much everyone, with an exception of an insignificant minority, insignificant being purely in terms of numbers).
Which also means that all login credentials are already with the service providers in encrypted form, in the cloud. So there isn't really anything critical in the app backups that isn't already there in the cloud. App specific configurations don't come under critical information, and as such all that data should never leave the device, unless it is part of the system backup. More importantly, that data belongs to the user, and there is no reason app developers should have a say in whether that should be available for backup or not. It simply shows that Android is most likely limited by its flawed design on this issue.
Pretty much everyone uses the built-in Backup feature provided by Google, and it makes sense to use that over others like Samsung Cloud because a Google backup is available on all brands of Android devices. I haven't used Samsung Backup or other OEM specific backups, but I guess they are pretty much the exact same like Google Backup, the only difference being the service provider.
By cloud based apps, I mean apps that save all data in the cloud, e.g. Gmail, Outlook, Google Keep, Microsoft OneNote, Google Drive, OneDrive, etc. Apps like file managers, launchers, clipboard managers that don't use a cloud, firewall apps, etc that work locally are the apps whose data must be backed up to the cloud. Again, by app data I mean the user configurations (e.g. remote/ cloud connections set up in a file manager) and login credentials that belong to the user, and not the app or its maker.
user configurations (e.g. remote/ cloud connections set up in a file manager) and login credentials for com.alphainventor.filemanager can backed up, I don't see a problem here besides the fact the app developer seems to agree with your opinion and does allow it (there are good reasons for app developers to deny, I can give you example if you want)
lets stay at facts, regardless of your opinion post #2 applies. Android is providing backup of app data
aIecxs said:
user configurations (e.g. remote/ cloud connections set up in a file manager) and login credentials for com.alphainventor.filemanager can backed up, I don't see a problem here besides the fact the app developer seems to agree with your opinion and does allow it (there are good reasons for app developers to deny, I can give you example if you want)
lets stay at facts, regardless of your opinion post #2 applies. Android is providing backup of app data
Click to expand...
Click to collapse
Please, adb doesn't come under official backup feature provided on phones. ADB, root, custom recovery, etc. are for a niche of users who are an insignificant minority of the user base.
So, Android needs to provide a way or redesign itself where it's Backup & Restore function is just as seamless and effortless, as it is on iOS.
Do let me know what 'good reasons' app developers have to opt out of data backups. Hope they do realise that no one is interested in the app specific stuff, they only care for their own configuration files. And those who do, they know how to root and extract all app data.

Categories

Resources