Related
Does anyone know how to remove or disable the marketplace app completely from reg hack?
apg5031 said:
Does anyone know how to remove or disable the marketplace app completely from reg hack?
Click to expand...
Click to collapse
just one question.
why????
We are trying to use this for business. We do not need anyone to go to marketplace and download apps. Or is there a way to control downloading apps?
Parental controls on a Live ID can prevent the purchase of apps, but I don't know of any way to prevent people from installing free apps. Also, even if you could block app installs on the phone (by blocking the Marketplace), it's still possible to install apps from the PC by using the Zune software.
What is the concern around apps? Smartphones without them are far less useful, and the security model on WP7 is good enough that you don't have to worry that an app will steal sensitive business data or something from elsewhere on the phone.
no, it is impossible... also your application has to be downloaded from marketplace (not good idea to load as dev), and the phone access it for checking updates to apps and everything else...
I can see some concerns: Facebook, FIM, Youtube, etc. If the phone is being used for business, the company may be concerned with employees goofing off through such apps.
Is there any current limit in the registry that we could utilize? A max number of installed apps?
To bad we couldn't create a build that doesn't have the marketplace app in it.
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
I want to download and install the IP Webcam app from the Play store. Even though it has over 5 million installs, how would I be able to tell that it wasn't doing something malicious like allowing backdoor entry to my network or transmitting snapshots back to the developer or someone else? If I want to use it as a security camera...how can I be sure that it is not doing something behind the scenes?
I have been wondering a lot, and testing out different apps and functions to try and pin point what is it exactly that Niantic is tracking on Android, because of which they are able to shadowban spoofers on Android, but can't when the players on iOS do the exact same thing.
These are the things I tested:
1. Used magisk manager to hide root access, so Pokemon GO shouldn't be able to detect root access at all. If it would have detected, the game would have stopped working, so no guesses needed here.
2. Testing whether enabling Developer Options>Mock Locations is creating their red warning trigger. I have tested with both situations:
i) Developer Options>Mock Locations ON:
We can select a fake GPS app to use this feature, and spoof. The game works fine.
ii) Developer Options>Mock Locations OFF:
We can disable this feature, and use certain apps such as 'Fake GPS Pro', which has a 'root mode' in their settings menu, enabling us to spoof without mock locations.
3. Whether they are checking the if we have any fake gps app which is listed in the store, to spoof, by scanning our installed apps. For testing this, I used an app called 'Fake GPS Joystick' which has an inbuilt app cloner, thus allowing us to change the app name and install the same app again under a different package name, and then uninstall the original app.
4. Whether they are tracking the IP address to check whether the IP used at a particular geolocation during spoofing corresponds to the IP address of that particular country. I have used VPNs to alter my IP addresses(to match corresponding countries) when spoofing to different geolocations.
5. Whether a specified number of soft bans(by changing extremely distant locations in less than 2 hours) ultimately leads to a red warning shadowban. I have tried this process on both iOS and Android. I have shifted countries in less than 2 hours, causing the pokemons to flee, and pokestops to not work. Even after that, on iOS, no shadowban was triggered, but on Android, shadowban was triggered.
6. Whether they are checking in-game locations.. for example, if you are in Japan and move to Australia after 2 hours it is a red flag logically. This should be easy to track because all Pokemons that you catch have their catch location listed under it. If they track this, they can simply calculate the distance between the last activity and the next activity, but the game doesn't track this(different activities across different countries with a gap of 2 hours) because accounts doing this over and over again on iOS has triggered no ban.
7. Whether Android security patches have something to do with getting shadowbans. I have tried using 2017 and 2018 patches. In both situations, shadowban was noticed, so tracking using security patches seems irrelevant.
Off the top of my head, I have used these tests, individually, and also together, in both cases, all accounts have been shadowbanned on Android, but completely fine on iOS.
P.S. I don't care much for the game, but I am intrigued to know how the company tracks and imposes these bans.
If you have any info/comments, please help figure out their banning mechanism.
3. Whether they are checking the if we have any fake gps app which is listed in the store, to spoof, by scanning our installed apps. For testing this, I used an app called 'Fake GPS Joystick' which has an inbuilt app cloner, thus allowing us to change the app name and install the same app again under a different package name, and then uninstall the original app.
Click to expand...
Click to collapse
This can be explained by some low-level code they run to detect apps installed on your phone. In the iOS Sandbox, this is just not possible.
Please see below discord screenshot explaining this in more detail:
https://i.gyazo.com/6ecb41b2b30aa03b6a987c4e61083b73.png
LOL, pogo++ (iOS) just got owned harder than any Android punishment. Ironically, the person you quoted in that screenshot is a developer of that particular piece of software. Of course he's going to say that his solution is the best -- I'd do that too.
His solution hacks the Pokemon go app directly. Niantic has simply detected their changes, which is completely irrelevant to sandboxing protections as it's within their own app. It's MUCH easier to detect than an app/filesystem scan, and Niantic can be certain it's targeted at them (a spoofing app doesn't mean you're using it for Pokemon Go, which is why they've only asked to remove it without any further penalty back in Nov 2017 with the app blacklist).
All Niantic needs is one detection to sneak by the Pogo++'s attention and BAM, your L40 is gone.
You have tested very well but certain things you missed..
The ability of a Spoofing app to simulate Fake location matches That of Real Location?.. No in Android.. You can verify it by the Looking into Google maps and you'll spot a Lighter ring Around the Blue Dot of GPS that Ring should be larger which is equal When in Real location but the ring size decreases in Spoofing apps..
But in GPS joystick which I have been using Never gave me Any ban in past 11 months and my Main account has no Record of any bans. Because I disabled location services and moved the app to system by Root and lucky patcher
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
theseventensplit said:
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
Click to expand...
Click to collapse
It's an Android right?
I had a look at the Amazon store for anti-theft apps but there were none that I recognised from sources I trust (nit that I have researched them, but maybe you can find a reliable review) You have to be certain it's from a trusted source as these type of apps require special permissions eg admin in order to do their job, and could be abused by a malicious app.
I would recommend Cerberus Anti Theft, I used them for years & they have a good reputation, even though Google removed the app form play store. This is because they had to link the Google app to additional downloads in order to maintain the functionality of the app that made it the best, after Google changed what permissions apps could be granted for apps downloaded from Google store.
You can download for Android devices from their website
https://www.cerberusapp.com/
However there is a potential problem with all antitheft apps, ie. Turning off wifi/data means you can't communicate with it(but Cerberus could be activated via SMS), also a factory reset will remove them, so if a knowledgeable person steals a phone/tablet they can remove the antitheft app, so possibly you would have limited time to activate it. Which is why I used to root & install as a system app, which meant only reinstalling the full factory Android operating system to remove it.
There should be the basic "fined my device" on Android built in (I'm not familiar with Amazon variants) but its not very powerful.
I'll look into it, thanks. It does have tracking but unfortunately that wouldn't alert in time to be able to accurately determine who took it.
If Cerberus can do sms then my manager might be able to get immediate notification if it walks away, once it disconnects from wifi
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
theseventensplit said:
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
Click to expand...
Click to collapse
PS. You could use Tasker app (or other automation app) on your phone to set up an alert when the tablet losses connection, if you use your phone as a hotspot, I think.