Related
DroidWall in the marketplace allows full WiFi access to all apps.
Is it possible to code an application for Android (perhaps with root access) that can:
- deny all outbound data access per app basis
- specify the rules (ip-range/port-range) per app basis
Like a real alternative to a desktop software firewall?
Way too many apps are leaking all sorts of information (in plain text!) from the user account database to the Internet.
The android security makes me really scared to use the platform for anything requiring security. The privacy/security model is basically a swiss cheese that can be poked through by almost any app that just asks for certain rights at install time.
I'm hoping a firewall would be able to limit this issue, no?
I don't know about the other stuff you mentioned, but my version of DroidWall has a block/allow option for wifi and 3g, separately. It's the latest version from the market place, 1.4.2
Thanks, I just checked it out and it seems DroidWall indeed has a Wifi side blocking by app basis as well. I'm still testing though.
Ah, just tried it. Force closes on Galaxy S (rooted). Sigh.
I came across this bit on wikipedia:
System access and copy protection
Applications developed for distribution on Google Play allow the developer to enable copy protection which prevents the end user from copying the application from the phone. Because the Android Dev Phone allows unrestricted access to the OS, this copy protection is disabled. If the developer enables copy protection on their application, then the application does not appear on Google Play for the Dev Phone.[3]
Click to expand...
Click to collapse
http://en.wikipedia.org/wiki/Android_Dev_Phone#Galaxy_Nexus
Now i was thinking, isnt a rooted phone technically same as developer edition phone? After all they both would have unrestricted access to the OS. Therefore is it so that as my device is rooted I might be missing some apps (though I havent noticed so far!).
shmotog said:
I came across this bit on wikipedia:
http://en.wikipedia.org/wiki/Android_Dev_Phone#Galaxy_Nexus
Now i was thinking, isnt a rooted phone technically same as developer edition phone? After all they both would have unrestricted access to the OS. Therefore is it so that as my device is rooted I might be missing some apps (though I havent noticed so far!).
Click to expand...
Click to collapse
I don't think so, it should be the opposite, if you have root, you can modify your build.prop to make your device compatible with ALL Apps.
KuGeL94 said:
I don't think so, it should be the opposite, if you have root, you can modify your build.prop to make your device compatible with ALL Apps.
Click to expand...
Click to collapse
Do you have a rooted device?
Can you confirm if there are some apps that you cant access (considering, or rather assuming, you havent modified your build.prof, yet).
shmotog said:
Do you have a rooted device?
Can you confirm if there are some apps that you cant access (considering, or rather assuming, you havent modified your build.prof, yet).
Click to expand...
Click to collapse
I do have a rooted stock ROM, but havent stumbled across any app that I cant acces, maybe tell me some examples and i will see if i can acces them or not, there are always some apps that arent compatible like high end games or so because the hardware of the moto g isnt powerful enough, gta sa for example
I think apps like play TV & movies won't work, as well as some media streaming apps but not 100% been off the scene a few years.
Sent from my XT1032 using Tapatalk
mutantlx said:
I think apps like play TV & movies won't work, as well as some media streaming apps but not 100% been off the scene a few years.
Sent from my XT1032 using Tapatalk
Click to expand...
Click to collapse
bought a stupid movie by google play just to test, works. hunger games, supposed to be top film, couldnt stand 5 mins of it.
It's possible for an app developer to block installation on rooted devices for a specific app - e.g. the SkyGo (UK TV provider) and Barclays Online Banking app can't be installed on rooted devices. There aren't many though and for those that are blocked you will find a thread somewhere on XDA where clever people have worked away around the restriction or are trying working a way around the restriction.
neu - smurph said:
It's possible for an app developer to block installation on rooted devices for a specific app - e.g. the SkyGo (UK TV provider) and Barclays Online Banking app can't be installed on rooted devices. There aren't many though and for those that are blocked you will find a thread somewhere on XDA where clever people have worked away around the restriction or are trying working a way around the restriction.
Click to expand...
Click to collapse
you are absolutely right about barclays. even though i dont have an account there, installed it just to test. quite disappointed.
my own banks app works but i read the fineprint and it said you shouldnt install it on rooted device, against t&c.
this is really depressing
Yep the restrictions on the Barclays app is the main reason I've left my Moto G stock.
What do the T&C's for your own banking app say? As far as I understand iit the worst case scenario is that your not covered for any loss if your bank account is hacked/defrauded AND the bank can categorically prove that the source of the hack was the app on a rooted device.
It does seem a bit ridiculous to me as there is nothing stopping anyone logging in to internet banking via their browser on a rooted phone, or for that matter on a computer in an Internet cafe somewhere which is IMHO far more risky. It's all about due diligence - if your account is defrauded and the bank can prove you haven't taken reasonable care with your bank cards / pin numbers / internet banking / connected apps and that is the cause of the fraud then you don't have the financial protection that you would get otherwise.
shmotog said:
you are absolutely right about barclays. even though i dont have an account there, installed it just to test. quite disappointed.
my own banks app works but i read the fineprint and it said you shouldnt install it on rooted device, against t&c.
this is really depressing
Click to expand...
Click to collapse
I think there was a app called rootcloak and it hides root access, or something like that, you need xposed for it to work and if your already rooted might as well install xposed here's the link
http://www.xda-developers.com/android/xda-xposed-tuesday-root-cloak-xda-developer-tv/
Sent from my Nexus 7 using Tapatalk
tkelly0727 said:
I think there was a app called rootcloak and it hides root access, or something like that, you need xposed for it to work and if your already rooted might as well install xposed here's the link
http://www.xda-developers.com/android/xda-xposed-tuesday-root-cloak-xda-developer-tv/
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
cheers bro ill check that out
neu - smurph said:
Yep the restrictions on the Barclays app is the main reason I've left my Moto G stock.
What do the T&C's for your own banking app say? As far as I understand iit the worst case scenario is that your not covered for any loss if your bank account is hacked/defrauded AND the bank can categorically prove that the source of the hack was the app on a rooted device.
It does seem a bit ridiculous to me as there is nothing stopping anyone logging in to internet banking via their browser on a rooted phone, or for that matter on a computer in an Internet cafe somewhere which is IMHO far more risky. It's all about due diligence - if your account is defrauded and the bank can prove you haven't taken reasonable care with your bank cards / pin numbers / internet banking / connected apps and that is the cause of the fraud then you don't have the financial protection that you would get otherwise.
Click to expand...
Click to collapse
Yeah you're absolutely right. However HSBC, the one I'm with, installs fine, but in its terms and conditions it says dont install if youre rooted. So well I uninstalled it before I even logged in with it. I just do banking on my desktop pc now.
Another app I came across that doesnt work in 4OD. At same time BBC iPlayer works.
neu - smurph said:
Yep the restrictions on the Barclays app is the main reason I've left my Moto G stock.
What do the T&C's for your own banking app say? As far as I understand iit the worst case scenario is that your not covered for any loss if your bank account is hacked/defrauded AND the bank can categorically prove that the source of the hack was the app on a rooted device.
It does seem a bit ridiculous to me as there is nothing stopping anyone logging in to internet banking via their browser on a rooted phone, or for that matter on a computer in an Internet cafe somewhere which is IMHO far more risky. It's all about due diligence - if your account is defrauded and the bank can prove you haven't taken reasonable care with your bank cards / pin numbers / internet banking / connected apps and that is the cause of the fraud then you don't have the financial protection that you would get otherwise.
Click to expand...
Click to collapse
Could you confirm something for me, have you come across a Call Recorder that works on your moto g? I'm on ANDROREC and it works fine on 4.3 but when I updated to kitkat it stopped. Thats the primary reason why I rooted in first place to have call recorder. Could you check that for me @Neu-smurph?
tkelly0727 said:
I think there was a app called rootcloak and it hides root access, or something like that, you need xposed for it to work and if your already rooted might as well install xposed here's the link
http://www.xda-developers.com/android/xda-xposed-tuesday-root-cloak-xda-developer-tv/
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
installed xposed, 4od or barclay still dont work.
shmotog said:
Could you confirm something for me, have you come across a Call Recorder that works on your moto g? I'm on ANDROREC and it works fine on 4.3 but when I updated to kitkat it stopped. Thats the primary reason why I rooted in first place to have call recorder. Could you check that for me @Neu-smurph?
Click to expand...
Click to collapse
It installs fine and appears to be working, but the recordings are empty - no audio.
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
Did you root with Magisk? If so, use Magisk Hide feature and check the Axis Bank app. It should start working again.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
sandrocks said:
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
Click to expand...
Click to collapse
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
_mysiak_ said:
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
Click to expand...
Click to collapse
I don't have any experience on windows 8 and 10, and do not know about any banking app for windows 7.
If we are running something as Admin and are able to access app's data(not common data folders like program files or login user data) we are screwed up. In that case most of the DRM protected contents also shall not work. I am not sure pre-installed DRM keys also work as usual after rooting your android phone.
Again every OS architecture is different and I am talking about android which uses Linux kernel.
Root access is not something about tuning your OS or phone, It comes with much more responsibility.
Root access to one wrong app can screw up many things. Off course you know all this jargon since you are senior member on this forum and I don't need to tell you this.
In Windows all apps can read other apps data, under the current user. They don't need admin access for that. Yet nothing is compromised I guess that Windows/Linux/Android banking apps use good cryptography and preventive measures, so even if someone gets access to the data, be it settings or network packets, you are safe. I am absolutely confident in using banking apps with root, however not so much with apps requesting accessibility permissions or Xposed modules. Those two can IMHO potentially do much more harm.
Long story short, use your brain, don't install everything you find on the Internet, don't allow all permissions without thinking and don't use shady public Wifi hotspots.
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
theseventensplit said:
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
Click to expand...
Click to collapse
It's an Android right?
I had a look at the Amazon store for anti-theft apps but there were none that I recognised from sources I trust (nit that I have researched them, but maybe you can find a reliable review) You have to be certain it's from a trusted source as these type of apps require special permissions eg admin in order to do their job, and could be abused by a malicious app.
I would recommend Cerberus Anti Theft, I used them for years & they have a good reputation, even though Google removed the app form play store. This is because they had to link the Google app to additional downloads in order to maintain the functionality of the app that made it the best, after Google changed what permissions apps could be granted for apps downloaded from Google store.
You can download for Android devices from their website
https://www.cerberusapp.com/
However there is a potential problem with all antitheft apps, ie. Turning off wifi/data means you can't communicate with it(but Cerberus could be activated via SMS), also a factory reset will remove them, so if a knowledgeable person steals a phone/tablet they can remove the antitheft app, so possibly you would have limited time to activate it. Which is why I used to root & install as a system app, which meant only reinstalling the full factory Android operating system to remove it.
There should be the basic "fined my device" on Android built in (I'm not familiar with Amazon variants) but its not very powerful.
I'll look into it, thanks. It does have tracking but unfortunately that wouldn't alert in time to be able to accurately determine who took it.
If Cerberus can do sms then my manager might be able to get immediate notification if it walks away, once it disconnects from wifi
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
theseventensplit said:
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
Click to expand...
Click to collapse
PS. You could use Tasker app (or other automation app) on your phone to set up an alert when the tablet losses connection, if you use your phone as a hotspot, I think.
Hi there people!
Seems to work better on a Galaxy S5 rather than an S8 but WeChat over the last 6 years have made it increasingly difficult to spoof where I am without the app banning my account completely for it recognizing me using location simulation software.
Not only that but the Fake location software I have used with WeChat is very hit and miss. 1 time out of about 20 it gets the spoofed location correct.
Wondered if anyone found a solution to this? I know people once said use an earlier version of WeChat but I can't even do that now because it informs me that the version is too old.
I have today used on the S8 EdXposed Modules. Firstly was Advanced Virtual Location which didn't work at all. So I instead downloaded a Fake GPS Joystick for Pokemon GO along with an extra which Hides Mock Locations to Apps. However, Wechat still thinks I am in my actual (Real) location.
Let me know if you familiar with all these WeChat changes and how we can bypass them.
Cheers!
If you rooted, there are some xposed modules can do the job for you.
I used latacylsm and xprivacylua, both works well with wechat up to Android 12.