Related
Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.
I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running custom ROM's, but it's not worth losing my job.
Thanks and sorry if this is the dumbest question you've ever read.
mjs2011 said:
Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.
I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running customer ROM's, but it's not worth losing my job.
Thanks and sorry if this is the dumbest question you've ever read.
Click to expand...
Click to collapse
"Good for Enterprise" won't run on a rooted phone..
there are ways to bypass the root detection (google xda+good+hide+root, but if the app updates, you might have to re-hide it
with a rooted nexus 5... you could buy a really cheap used phone (with wifi), don't root it, install good and tether via your nexus 5... but you'll have to carry around two phones
if you're worried about security, stock rom, no root, stock everything, locked bootloader.
By rooting your phone as you may or may not already know, you are bypassing certain security measures in order to make manufacturer level changes such as installing roms. I personally believe because of that, your rooted phone will never be as secure as a non-rooted one. If i were you i would go back to stock and use androids built in security features (data encryption, password/pin) because no matter what app you use to protect yourself, because you are rooted there will always be a risk
Hope this helps
Great thanks for the responses. Yeah, I was a little worried about that. As much as I love rooting/custom ROM's, my job means 10x more. I'll go back to stock unrooted and locked bootloader.
Thanks again!
My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)
Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.
So long as you follow simple rules, you should be fine
1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense
Although that said:
1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages
2) if the app doesn't work with root anyway..
Personally, if you really want corporate email on your phone AND freedom, get a second phone
Sent from my Nexus 5 using Tapatalk
rootSU said:
My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)
Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.
So long as you follow simple rules, you should be fine
1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense
Although that said:
1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages
2) if the app doesn't work with root anyway..
Personally, if you really want corporate email on your phone AND freedom, get a second phone
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Thanks! Yeah, I think the key here is that our policy does state that the phone being used can't be modified, so it's better that I just follow the rules.
Plus, stock Android has improved so much over the years that this is a much easier decision than it would have been back in the day when I had my LG Optimus running Froyo.
mjs2011 said:
our policy does state that the phone being used can't be modified,
Click to expand...
Click to collapse
Then its best not to. Financial companies take this sort of thing very seriously and can often see breach as gross misconduct
Sent from my Nexus 5 using Tapatalk
Thankfully a lot of the stock ROM is pretty good out of the box and just needs a few minor tweaks.
Hey guys need some assistance. Every phone or tablet and laptop new old hers hacked by my tenants boyfriend. He hacked everything from my ipad mini 2 with all updates ios 8'3 to my android phones moto g sony Xperia even a cheap nokia lumia 635. I put them on airplane mode and he's able to worm his way in. I turn off bluetooth update everything but nothing is working. I only rooted one phone. He generally installs a backdoor them changes my luck pin or pw or pattern. Then he rigs my recovery so it doesn't recovery won't work or it will install his hacked rom. What can I do to a. Log this, b. Secure my next device. C. Stop this ahole. My privacy and security is gone
Bump im using catlog and no root. Should I root it for additional protection
Any tools I can use to prevent intrusion or log his actions
lmf said:
Hey guys need some assistance. Every phone or tablet and laptop new old hers hacked by my tenants boyfriend. He hacked everything from my ipad mini 2 with all updates ios 8'3 to my android phones moto g sony Xperia even a cheap nokia lumia 635. I put them on airplane mode and he's able to worm his way in. I turn off bluetooth update everything but nothing is working. I only rooted one phone. He generally installs a backdoor them changes my luck pin or pw or pattern. Then he rigs my recovery so it doesn't recovery won't work or it will install his hacked rom. What can I do to a. Log this, b. Secure my next device. C. Stop this ahole. My privacy and security is gone
Click to expand...
Click to collapse
Explain how you came to this conclusion, as a IOS8.3 exploit is worth six figures, so seems perplexing to waste it to hack a neighbor
First thing you need to do is find out how he is getting his hands on your devices.
Almost everything you describe requires him to have possession on your devices for decent amounts of time.
You have no digital security if you have no physical security.
Either you have schizophrenia, or he's got the key to your place.
You're sure he isn't sneaking into your place at night or something?
aliyangohar4 said:
You're sure he isn't sneaking into your place at night or something?
Click to expand...
Click to collapse
Sounds like that. Haha...
I
shadowcore said:
Sounds like that. Haha...
I
Click to expand...
Click to collapse
But just to watch him sleep
lmf said:
Hey guys need some assistance. Every phone or tablet and laptop new old hers hacked by my tenants boyfriend. He hacked everything from my ipad mini 2 with all updates ios 8'3 to my android phones moto g sony Xperia even a cheap nokia lumia 635. I put them on airplane mode and he's able to worm his way in. I turn off bluetooth update everything but nothing is working. I only rooted one phone. He generally installs a backdoor them changes my luck pin or pw or pattern. Then he rigs my recovery so it doesn't recovery won't work or it will install his hacked rom. What can I do to a. Log this, b. Secure my next device. C. Stop this ahole. My privacy and security is gone
Click to expand...
Click to collapse
I think you should change all your passwords of Wifi, phone and switch off your wifi or bletooth when not in use. If he still can hack your phone then he might be some genius and you need to complaint about it in police.
Hey everyone. New to XDA forum. Just wanted to get real tech opinions and what everyone thinks. I recently purchased the new Blackphone 2, a high end security phone by silent circle. I notice it's not running the normal Android OS that everyone is using, it's running "Android Silent OS".
One thing I notice was, it doesn't come with stupid bloatware that I'm custom to getting with iPhone and Androids. One of the main issue I purchase this one was the promise from Silent Circle that any new discovered security bugs, they will release a patch within 72 hours and it seems like they have a good track record of doing so.
I'm just wondering the money I shelled out for this device, did I just waste money or is it really worth it. I'm tired of smart phone apps that I download always keep track of things and accessing private stuff like contact information, GPS location and other sensitive information where I was a victim of one app that sold my GPS location to an advertising company where I was bombarded with ads on my phone.
Any thoughts on this device if it's really a high security phone or just a gimmick to sell. I know no phone is NSA proof of course but I'm guessing this phone is a little more secure then the average Android/iPhone.
I"m no expert on the Blackphone but, it would be interesting to hear your experience with the phone and in particular between both Blackphones.
Congrats on your purchase. I count it reasonable for 800$, not a waste for sure. I wonder if the phone calls couldn't be listened by third parties like a crypto phone. It would be nice to read a mini review of the device by you.
DylinPrestly said:
Hey everyone. New to XDA forum. Just wanted to get real tech opinions and what everyone thinks. I recently purchased the new Blackphone 2, a high end security phone by silent circle. I notice it's not running the normal Android OS that everyone is using, it's running "Android Silent OS".
One thing I notice was, it doesn't come with stupid bloatware that I'm custom to getting with iPhone and Androids. One of the main issue I purchase this one was the promise from Silent Circle that any new discovered security bugs, they will release a patch within 72 hours and it seems like they have a good track record of doing so.
I'm just wondering the money I shelled out for this device, did I just waste money or is it really worth it. I'm tired of smart phone apps that I download always keep track of things and accessing private stuff like contact information, GPS location and other sensitive information where I was a victim of one app that sold my GPS location to an advertising company where I was bombarded with ads on my phone.
Any thoughts on this device if it's really a high security phone or just a gimmick to sell. I know no phone is NSA proof of course but I'm guessing this phone is a little more secure then the average Android/iPhone.
Click to expand...
Click to collapse
The answer is: nobody knows, but Silent Circle. Their android is closed source, so essentially they are saying: trust us (because we have a PGP creator). No gsm phone call can be encrypted unless the other person is using exactly the same piece of software that you are. You can more or less encrypt sip calls, but again, you need the other person have a similar software and be on the same server. And don't forget, most providers including Google (googlevoice), Truphone and others block channels where encrypted data packets (for phone calls) are carried.
You can't have true security unless the baseband part of your phone is completely isolated from the rest of the system and virtually 100% of manufacturers use the following model: baseband is a separate mini OS that is hooked directly to your hardware and ram bypassing Android system together with all the protection gimmicks. So, if someone is targeting your phone through cellular modem, Android wouldn't even notice it.
Remember: the main threat to security of a user is Google, as well as manufacturers and carriers. You can neuter Google to a large extent, because Android is open source, but there is nothing you can do to the other two...
Buying something NSA proof from an american company...
@DylinPrestly
How do you like the phone so far? Can you relate any experiences? How do communications between the two phones compare to communications between one Blackphone and a non-Blackphone? It seems to me that communications between Blackphones are more secure.
Thanks.
Great discussion, I was actually thinking is there a way to get an "android silent os" on a note 5? If not, are there any roms out there that is like silent os for security and privacy?
Sent from my iPhone using Tapatalk
I have a doubt about Blackphone
I have bought a Blackphone BP1 because a friend sold it very cheap. My main doubt is if this phone can only make phone calls to another Blackphone or there is a way to call any "normal" Android phone.
I don´t want to set up the phone until my doubt has a solution, bacause yes, it's a fact that I want a sure phone, but I dont need a "caged" phone, because I don´t have any friends or relatives that have another Blackphone so it's useless for me.
Another question is if the Blackphone can only talk to another Blackphone, is there a way to swap the PrivaOs for a Cyanogen version or a pure Android version in order that I can use it as a normal phone?
Thanks to anyone that can clarify my doubts.
jolive57 said:
I have bought a Blackphone BP1 because a friend sold it very cheap. My main doubt is if this phone can only make phone calls to another Blackphone or there is a way to call any "normal" Android phone.
I don´t want to set up the phone until my doubt has a solution, bacause yes, it's a fact that I want a sure phone, but I dont need a "caged" phone, because I don´t have any friends or relatives that have another Blackphone so it's useless for me.
Another question is if the Blackphone can only talk to another Blackphone, is there a way to swap the PrivaOs for a Cyanogen version or a pure Android version in order that I can use it as a normal phone?
Thanks to anyone that can clarify my doubts.
Click to expand...
Click to collapse
The Blackphone 1 and 2 are able to communicate fine via standard GSM to all other phones, but the calls are secure when using the Silent Phone app, which can be installed on any Android/iOS device really.
As to being "NSA" proof....
“We have a bit of a problem with the press saying that the Blackphone will make you NSA-proof,” Phil Zimmerman, one of the Blackphone’s creators, tells me at Mobile World Congress in Barcelona. “If someone [at the Blackphone booth] tells you that it’ll protect you from the NSA, I’ll fire them.”
I have both the Blackphone 1 and 2, though the Blackphone 1 has gone into "retirement" now that I'm using the BP2 ,which I'm quite happy with, if you have any questions I'd be more than happy to answer
bitterman said:
The Blackphone 1 and 2 are able to communicate fine via standard GSM to all other phones, but the calls are secure when using the Silent Phone app, which can be installed on any Android/iOS device really.
As to being "NSA" proof....
“We have a bit of a problem with the press saying that the Blackphone will make you NSA-proof,” Phil Zimmerman, one of the Blackphone’s creators, tells me at Mobile World Congress in Barcelona. “If someone [at the Blackphone booth] tells you that it’ll protect you from the NSA, I’ll fire them.”
I have both the Blackphone 1 and 2, though the Blackphone 1 has gone into "retirement" now that I'm using the BP2 ,which I'm quite happy with, if you have any questions I'd be more than happy to answer
Click to expand...
Click to collapse
I have a question about this phone if that's allright. How do regular (unencrypted) calls work? Are they free or do they require some sort of credit? (I mean on the phone side, not the carrier obviously)
Hi, another BP2 owner there.
I've just opened a thread in "Reviews" section about this phone: http://forum.xda-developers.com/gen.../blackphone-2-review-basic-tech-info-t3516371
This phone doesn't introduce any active/passive GSM complexes security, it's a standard phone with modded Android 5.1.1 ROM called 'Silent OS'.
The only way to make this phone secure, is to use their paid app 'Silent Phone', which is paid analog of Telegram and available on Play Market (can be used on any phone).
I am currently working on making a clean AOSP ROM for this device, because Silent OS is totally a disgrace which is impossible to root.
DylinPrestly said:
did I just waste money or is it really worth it
Click to expand...
Click to collapse
Money waste confirmed, read my thread for more information.
varotone said:
I have a question about this phone if that's allright. How do regular (unencrypted) calls work? Are they free or do they require some sort of credit? (I mean on the phone side, not the carrier obviously)
Click to expand...
Click to collapse
Yes, unencrypted calls are free, it's just a usual modded android phone with GAPPS.
Encrypted calls are made via the "Silent Phone" app which is paid and needs a paid subscription on the other end. Doesn't worth your money.
It won't do any encrypted calls if one who you talk to doesn't have Silent Phone installed.
If you need a good and open source communications encryption, use Tox which is available for Android and iOS.
You wasted money...
If you have any knowledge whatsoever on Android Building...
You can pretty much achieve the same and /or close the same point of "safety" the black phone provides.. With the extra that you control what's being built , what your using..
---
How to root this phone? Any custom roms?
Airlock user. What is it?
Bought BP2 few months ago and recently discovered in Data usage statistics that there is unknown to me user consuming Wifi and 4G internet on the background. I have never created this Airlock user.
I wrote to BP support, where they simply said: You should not be alarmed by that.
WTF? What kind of answer is this?
Anybody here knows what is that user for and if there is any way to disable or remove it?
A litle guide to increase bp2 performance
https://forum.xda-developers.com/an...e-make-bp2-t3735815/post75218344#post75218344
Hi everyone , I've been an android user for the last couple of years I still own an iPhone but I'm really excited to sell it because from now on I feel that buying an iPhone is buying a piece of plastic with technology from 3 years ago with an apple sticker , OK, why am I making this post well .Nowadays stealing a phone is useless because of the security measures used on them , with an iPhone it's impossible to unlock the device without the icloud but on the Android side , with my note 5 I'm able to reset and use it like it was a brand new phone even though I've set the fingerprints lockscreen, if someone steals my phone they can press home+power+volume up and do a factory reset and BANG they have a new phone , I have rooted my phone but is anything possible fix this ? Any kind of configuration or app that stills make the recovery menu possible and the factory reset option but still maintain my security configuration that why even that people erase all the data on my.phone the couldn't be able to use it because it would still have the lockscreen setup with my f in Niger prints or code . Thank you
ralls94 said:
Hi everyone , I've been an android user for the last couple of years I still own an iPhone but I'm really excited to sell it because from now on I feel that buying an iPhone is buying a piece of plastic with technology from 3 years ago with an apple sticker , OK, why am I making this post well .Nowadays stealing a phone is useless because of the security measures used on them , with an iPhone it's impossible to unlock the device without the icloud but on the Android side , with my note 5 I'm able to reset and use it like it was a brand new phone even though I've set the fingerprints lockscreen, if someone steals my phone they can press home+power+volume up and do a factory reset and BANG they have a new phone , I have rooted my phone but is anything possible fix this ? Any kind of configuration or app that stills make the recovery menu possible and the factory reset option but still maintain my security configuration that why even that people erase all the data on my.phone the couldn't be able to use it because it would still have the lockscreen setup with my f in Niger prints or code . Thank you
Click to expand...
Click to collapse
To be honest no. Even your finger print can be grabbed from the device. No mobile device security is complete. There are even ways to get around apples.
Best advise is dont lose your device or keep anything really important on it.
there are back doors built into android I read a while ago that if you know the persons Gmail account on the phone you can actually make it urs I mean the imei number might be bad but there is always wifi but anyways all u need is the Gmail associated with the phone and the password null and bam you in I have yet to try it but I will here in a few
There's an option to enable a reactivation lock. But really, flashing a custom ROM will remove this. There's no way around it, on any device.
Installing some security software may help to catch a thief. I'm using one which takes picture using front camera and emailing it to me after 3 unsuccessful passwords. On rooted phone is impossible to remove untill you flash new firmware
Sent from my SM-N910T using XDA Free mobile app
rooting android fones have become so useless and tiresome. Iv always had to have an encrypted fone for work purposes but root for fun. Nowadays its become rediculour to root. Bl unlockin, custom binaries. For years iv always had to spend weeks searching for guides to root and encrypt but recently these samsung phones with the locked bl is a pis take. No amount of security will take over someone who has pysical access to your fone but the data can be reset which is what im trying to do wo allow me to encrypt my fone. Fuk it no one on xd bothers replyin anyway
Is that a question, a statement, or both?
I run stock Samsung's that are heavily optimized.
They run very well and even though the one is still running on Pie security is not an issue.
I spend very little time with maintenance and troubleshooting. The current OS load will be 2 yo in June, still fast, stable and fulfilling its mission.
What's not to like?
blackhawk said:
Is that a question, a statement, or both?
I run stock Samsung's that are heavily optimized.
They run very well and even though the one is still running on Pie security is not an issue.
I spend very little time with maintenance and troubleshooting. The current OS load will be 2 yo in June, still fast, stable and fulfilling its mission.
What's not to like?
Click to expand...
Click to collapse
put twrp, root device then if it gets stole see if u cant slp at nite. Twrp breaks encrypt on sam fones and after all these years still no way of encryp
nidowak653 said:
rooting android fones have become so useless and tiresome. Iv always had to have an encrypted fone for work purposes but root for fun. Nowadays its become rediculour to root. Bl unlockin, custom binaries. For years iv always had to spend weeks searching for guides to root and encrypt but recently these samsung phones with the locked bl is a pis take. No amount of security will take over someone who has pysical access to your fone but the data can be reset which is what im trying to do wo allow me to encrypt my fone. Fuk it no one on xd bothers replyin anyway
Click to expand...
Click to collapse
I root my phone to occasionally deal with discrepancies with just about any company that gives me problems. I do this via native call recording which as far as I am aware only works while rooted. Living in a one party consent state I don't even have to let the other party know I am doing so. To be honest though I can't really speak about root access on today's phones mine is a 2018. When I do choose my next phone I will definitely take the time to do my research and find an easy one that will do what I'm trying to do with it. Even if it is not going to the newest whatever phone. I find the benefit of having call recording far outways having the newest tech.
nidowak653 said:
put twrp, root device then if it gets stole see if u cant slp at nite. Twrp breaks encrypt on sam fones and after all these years still no way of encryp
Click to expand...
Click to collapse
Physical possession is the only real security.
Anyone trying to steal my phone will bleed.
If I was you I be more concerned with data lose due to encryption. You are the one most likely to get locked out... and then you're boned. Especially if it's your last backup data drive.
Linux4life2211 said:
I root my phone to occasionally deal with discrepancies with just about any company that gives me problems. I do this via native call recording which as far as I am aware only works while rooted. Living in a one party consent state I don't even have to let the other party know I am doing so. To be honest though I can't really speak about root access on today's phones mine is a 2018. When I do choose my next phone I will definitely take the time to do my research and find an easy one that will do what I'm trying to do with it. Even if it is not going to the newest whatever phone. I find the benefit of having call recording far outways having the newest tech.
Click to expand...
Click to collapse
i remember when call recording was slowly being tak
blackhawk said:
Physical possession is the only real security.
Anyone trying to steal my phone will bleed.
If I was you I be more concerned with data lose due to encryption. You are the one most likely to get locked out... and then you're boned. Especially if it's your last backup data drive.
Click to expand...
Click to collapse
iv had a few phones that encrypt with root and have never got locked out, always kept backups. But this was years back. Now that every things moved on it seems securing the fone is getting much harder with the manufacters constantly ****in things up. Like samsung never had bootloader, now they do, no knox, know they do etc and it gets harder. But yea your so rite, nothing beats Physical possession, the only prob ? the theifs think like that about other ppls phones to haaaa
nidowak653 said:
rooting android fones have become so useless and tiresome. Iv always had to have an encrypted fone for work purposes but root for fun. Nowadays its become rediculour to root. Bl unlockin, custom binaries. For years iv always had to spend weeks searching for guides to root and encrypt but recently these samsung phones with the locked bl is a pis take. No amount of security will take over someone who has pysical access to your fone but the data can be reset which is what im trying to do wo allow me to encrypt my fone. Fuk it no one on xd bothers replyin anyway
Click to expand...
Click to collapse
That's the wrong question. The real quesion is: Why should anyone accept not being in full control of anything he paid a full price for?
Why leave the control to vendors who abuse it in their special interest, which mostly is against the user's favor?
The fact they are making it harder and harder is proof, that there's a lot to lose!
Elmarigo said:
That's the wrong question. The real quesion is: Why should anyone accept not being able to be in full control of any device that he paid a full price for?
Why leave the control to vendors who abuse it in their special interest, which mostly is against the user's favor?
Click to expand...
Click to collapse
exactly ! But manufacterers no longer bother about customers and what they want. Its the wallet, once you pay they dont care.
Rooting gives you a higher level of control over your phone's internals. Usually, vendors hide most of the advanced optimization settings. These are exposed when you root your phone. Even without rooting, have a look at the settings screen of custom ROM's like Lineage and compare it with the stock setting screens, and you will see a number of 'extras' that help tweak your phone in ways the stock does not allow.