[Completed] Preventing a Android phone hacking when hardware can be accessed. - XDA Assist

Hi,
I have an ongoing problem. Just getting computer access to write this on a machine that is not hacked is dificult.
I have a very smart and talented member of my household who appears to be tied up with some bad people and I am constantly subject to hardware hacking of all my devices or worse.
The person is the recipent of significent outside help in this process and even devices that had biometric security have been hacked.
It appears that even encrypted devices have been compromised via various root kits. Though it is hard to be sure with the phones as I am not an expert in the Android OS. I can say that on numerous devices ranging from Galaxy Duos 2.2 Android to the latest Tab S 10.5 16GB 4G.
I have managed to stop the computers being compromised by using numerous single boot disks though it is cumbersome having to remember everything.
Right now you are probably tinking "Why does he put up with his crap?". Simple, it is my wife and even though idiot drug dealers have got to her I will not abandon her. I have seen worse in my life and in the end I will get her out of this.
Basically her associates assist her in keep me in the stone age so that I can't use my considerable skills to resolve these matters.
I need a phone setup that can't be hacked even if she has hardware access. I have tried using very dumb handsets but after a chat to Samsung it seems even they have been compromised.
So if anyone has any cunning ideas that can defeat organised crime using non off the shelf hacking software while having hardware access then I am all ears.
I am obviously not saying a lot here for legal reasons. Believe it or not she is the real victim here so please no advice not related to the technical issue.
Kind Regards

Hi,
XDA is not here to get involved in domestic disputes. I'm sorry, but we can't help you on this one.
Thanks, thread closed.

Related

[Q] Mobile Device Management

I'm currently evaluating some mobile device management solutions and had a few questions for the wise xda forum goers. I realize that this is primarily a device hacking/development community, but I assumed that surely some people here have some experience with this as an end-user or otherwise.
First and foremost, what recommendations can you guys provide for solutions? I've evaluated six or seven vendors, but I'm leaning toward AirWatch, Good Technologies and BoxTone. I'd really like something with a perpetual license scheme due to the way my organization's finances work. I also want something that won't frustrate my end users, has broad device support and provides security and app distribution functionality.
Does anybody have any test device recommendations? I'm thinking of using an iPod Touch and Samsung Galaxy Player 4.0. I'd imagine you developers could chime in on this. I don't need to test any mobile network functionality with these, just different interactions with the OS and apps. I'm pretty set on the iPod Touch, but I also need an Android test device similar to the iPod Touch and preferably under $300.
I'd appreciate any thoughts on this. I've got a pretty good idea of what I'm looking for, but I was hoping to get some real world insight aside from the vendor references.
P.S.: It's scary what MDM can do. For anybody considering this at their organization, administrative buy-in is key, and make sure you use this power responsibly.
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Mobile Device Management
The mobile phones which were only a calling device earlier have now become a smart business tool. As mobility is increasing it brings with it ample benefits, however at the same time it creates number of new challenges in terms of usage and the data stored on them.

[Q] Android Keylogger

So i'm well aware that XDA is a very well established forum and i am expecting a fair bit of jip for this first post but i am completely unsure of where to ask the question...
Is it possible to install some sort of key-logger on my S5 which will record every keystroke, text, call, picture, etc...
I have seen various programs online which either charge ridiculous amounts of money and look highly suspect, or operations which require rooting the device. Which i do not wish to do as it is my work phone, the reason is purely for proof of any comms between myself and clients when it comes down to disputes over contracts of work instructions, if i had a recorded phone call for example it can easily sway a decision in my favor.
My apologies in advance if this is in the incorrect area of the forum and any advice/assistance would be greatly appreciated.
,HotAfroSauce.
Did you tried Android Lost?

No Android Pay with root and why it's BS.

Yes, this is a new thread because the existing ones are focused on the technical debates around why it should or shouldn't work.​
I've been following this discussion to some degree and I just couldn't help but jump in. IMO the focus on the technical aspects of this issue are misguided. This is a purely, for lack of a better word, "political" decision.
Here's the thing. You can blather on for days about the supposed technical reasons that Android Pay cannot or should not work in a rooted/ROM'd environment, but the truth is, the state of the host device is nearly irrelevant. Consider this. You can take any Windows, Linux, or Mac PC and login with any level of user privilege you wish and use nearly any browser to access your bank's "secure" account website. There you can do MUCH more financial damage than you could ever do from a mobile payment app given the transaction limits placed on the latter. You can even do this from a pirated, hacked copy of Windows or MacOS with no issue. In fact you can login from a PC with known malware or trojan infections! Given this, anyone trying to make a technical security argument for not supporting mobile payment on rooted devices is either ignorant or lying. This was strictly an arbitrary decision on someone's part. Likely on the banking system's side.
The fact is, an Android phone with a rooted, custom ROM, is at best still a more secure environment than most PC's, at worst it's no less secure. Given the mechanism's in place on Android, it's even easier to verify an apps integrity than on a desktop OS.
So let's throw out all the pointless discussions about the technical issues that make mobile payment on rooted devices impossible. We already know that the banks have accepted much less than a perfectly pristine and secure environment for accessing their systems. Raising the bar for mobile devices was simply a bureaucratic decision, not a technical one.
If you want mobile payment on rooted devices, you'll have to lobby for it. Hard, and hope you can force anther bureaucratic decision in your favour. Even then I wouldn't hold my breath.
Android Pay
Tachyon_1 said:
Yes, this is a new thread because the existing ones are focused on the technical debates around why it should or shouldn't work.​
I've been following this discussion to some degree and I just couldn't help but jump in. IMO the focus on the technical aspects of this issue are misguided. This is a purely, for lack of a better word, "political" decision.
Here's the thing. You can blather on for days about the supposed technical reasons that Android Pay cannot or should not work in a rooted/ROM'd environment, but the truth is, the state of the host device is nearly irrelevant. Consider this. You can take any Windows, Linux, or Mac PC and login with any level of user privilege you wish and use nearly any browser to access your bank's "secure" account website. There you can do MUCH more financial damage than you could ever do from a mobile payment app given the transaction limits placed on the latter. You can even do this from a pirated, hacked copy of Windows or MacOS with no issue. In fact you can login from a PC with known malware or trojan infections! Given this, anyone trying to make a technical security argument for not supporting mobile payment on rooted devices is either ignorant or lying. This was strictly an arbitrary decision on someone's part. Likely on the banking system's side.
The fact is, an Android phone with a rooted, custom ROM, is at best still a more secure environment than most PC's, at worst it's no less secure. Given the mechanism's in place on Android, it's even easier to verify an apps integrity than on a desktop OS.
So let's throw out all the pointless discussions about the technical issues that make mobile payment on rooted devices impossible. We already know that the banks have accepted much less than a perfectly pristine and secure environment for accessing their systems. Raising the bar for mobile devices was simply a bureaucratic decision, not a technical one.
If you want mobile payment on rooted devices, you'll have to lobby for it. Hard, and hope you can force anther bureaucratic decision in your favour. Even then I wouldn't hold my breath.
Click to expand...
Click to collapse
I've been wondering why I cant get my phone to accept cards on Android Pay. Oddly, it takes a few of my rewards cards, that are not credit cards. But that's not exactly helpful. I'm glad I caught your post on this because I was wondering about it myself. Thank you for your input on the matter. -Jason

Got time for the little guy?

My apologies for being the dumb new guyand i cant help but think of the movie joe dirt and his lack of experience working on the oil rig. ( Im new,... I dont know what to do! ")
First and foremost i have VERY LITTLE knowledge or understanding of platforms or networking and developing but due to my frustrations with owning devices that i cant even have configured to my liking because of all the ridiculous crap that the service providers have preinstalled and the more emminent threat of the possibility that someone has infiltrated my last two devices or some account i posses and has been deliberately been attempting to dismantle my mental confidence and molesting me of my privacy, ive been opting to root my device in hopes of regaining control. But also the working knowledge of being capable of understanding what im doing and looking at is whats driving me.
So with all that ssid ... And thanjs for sticking eith me through all that,... Is it a good idea for the average joe to have and use a rooted device if he doesnt even know how to root it himself? And secondly,... Once its rooted can someone like me use it and nabigate and learn without jacking the device up COMPLETELY in the process? And last,... I was considering using either oneclick or dr. Fone and let a tech do it. R these sites legitimate or am i just getting suckered in out of hope for some regained control?

Please help me with my Tab A 10.1 wifi PLEASE

So, a bit of a backstory. I'm part of a parenting group who does work with the local school system. They help lower income families and such, and during the remote learning part of COVID they were responsible for giving out tablets and hot spots to allow children without the means to remotely learn. Well now that remote learning is over they had surplus tablets and hotspots and because my fiancée and I are in a parenting group/education class we were entered in a raffle sponsored by them. We won tablets. Tab A 10.1 Wi-Fi tabs. Nice as hell. They came loaded with a Knox configuration for a company for early education called HATCH. Inc. It uses an app called IGNITE!. The security profile locks the wallpaper, and a few other things that are obviously centered around the school stuff. Well, a lot is unlocked also, but I'm concerned about my privacy and inability to upgrade and/or install apps of my discretion. I reached out to the head company several times for them to unlock it. I opened the developers options and was able to enable USB debugging as well as OEM unlock to unlock the bootloader. It had the option readily available. Since then, I have tried EVERYTHING to uninstall this security profile by flashing custom ROMs and everything. I've googled several dozen hours and have installed drivers, .tar recovery files, apps, Odin, flashers, rooters, romers, holy relics, mantras, novels, movies, self-help magazines, you freaking name it I've done it. I also have yet to find a clear, DEFINED set of instructions for my SPECIFIC model of tablet, and the firmware downloads are questionable. Please, PLEASE freaking God above, PLEASE, one of you android gurus help me! I can't get up with the company to remove it because they don't return calls or emails, and I can't find any real help online. This is so freaking aggravating. I OWN THIS TABLET. IT IS MY PROPERTY. Someone, help me disable this Knox crap, so I can use my tablet at my discretion. Please.
That's quit a story...
Indeed. Quite the story and quite the debacle. Most definitely one of the most annoying things that I've dealt with in a long while.
nundril said:
Indeed. Quite the story and quite the debacle. Most definitely one of the most annoying things that I've dealt with in a long while.
Click to expand...
Click to collapse
Try to stick to just the pertinent facts especially with issues like this. The axion the longer the story the bigger the lie applies to my former statement. You didn't snap on me so I'll give you the benefit of doubt.
You won't like the answer but the easiest way is to get the IT department to delete the work profile. Not much of a prize if they don't. Some face to face encounters might motivate them better. Rub it it in if you have to, and don't take no for an answer. May take multiple people, trips, letters, whatever, climb the ladder to the top of that administrative chain if needed.
Consider it a lesson in assertiveness, you can never get too much of this type of training and it's free.
Otherwise the solutions you see in the Google searches are what's available.
Understandable. As of now I've just stuck to emails and phone calls. The head office is located about an hour and a half from my location so a ride to them for me and my fiancee tablets to work might be worth it. Appreciate the response and the honesty, I just figured I would explain the situation because I've seen so many times where a situation could've been handled had it been explained in greater detail. Just trying to convey the whole situation to an audience with zero knowledge of me or the situation as to hopefully reach someone with the knowledge to help, that's all.
Knox is a true pain. I avoid using it as much as possible because of the trouble it can cause.
XDA gets at times 1 request a day to bypass FRP lockouts. Some of those are stolen devices.
My dead mother's, friend's, etc. , I forgot it, it was like this when I bought it, my professor assigned us to hack it; the list is endless. Most are first post new members.
Of course some are innocent victims that got caught up in the machine as it were. Best advice is to return to vendor/do a charge back or get the unlock code from the last owner.
Rock simple stupid works the best.
If you're in the right the satisfaction of getting it resolved outweighs the time spent. I'm one of the few people who has gotten a refund check from Sony... it took dozens of calls. It was worth it in satisfaction alone
Do you think that calling Samsung customer support would make something shake? I mean considering we are legitimate owners, of which the instructors of our parenting class (who are employees of the early education place who distributed the tablets) are happy to attest to. I talked to them and they said to email or call and they would verify ownership and the details of the raffle etc etc to whomever reached out to them. If Hatch. Inc won't answer my calls perhaps Samsung might be able to help? Just trying to gather info at this point.
nundril said:
Do you think that calling Samsung customer support would make something shake? I mean considering we are legitimate owners, of which the instructors of our parenting class (who are employees of the early education place who distributed the tablets) are happy to attest to. I talked to them and they said to email or call and they would verify ownership and the details of the raffle etc etc to whomever reached out to them. If Hatch. Inc won't answer my calls perhaps Samsung might be able to help? Just trying to gather info at this point.
Click to expand...
Click to collapse
You can try, Samsung customer support is notoriously horrible. Replacing the mobo would fix it. There maybe less drastic ways to resolve it.
The source of your dilemma are your benefactors not ensuring the gifts were properly decommissioned. They should see their mistake is rectified if they are sincere. Actions have consequences... even if by omission.

Categories

Resources