[Request] Lockscreen/Pin related - Security Discussion

i'm looking for a specific type of app that i cant find anywhere in the playstore and i did my fair share of testing. This app would enable the lock screen to recognize two pins. One would be the normal pin you enter when you want to unlock the phone and the secondary pin when entered would trigger a series of security protocols like wipe all data on the phone ,erase all contacts and sms apps etc. Is there such an app? If not,then this would make a great idea for an app. I know i'd pay for it. Thanks in advance.

There are no such apps right now .
But you may try something like android device manager or mcAffee which provides online accessibility to your device for wiping data,fact. reset etcetera .
Or , instead of writing/requesting here , you may contact your favorite lock screen app developer and simply request to then to implement your idea on it . They will add it without any doubt
Sent from my GT-S7562 using XDA Forums PRO

bg1129 said:
i'm looking for a specific type of app that i cant find anywhere in the playstore and i did my fair share of testing. This app would enable the lock screen to recognize two pins. One would be the normal pin you enter when you want to unlock the phone and the secondary pin when entered would trigger a series of security protocols like wipe all data on the phone ,erase all contacts and sms apps etc. Is there such an app? If not,then this would make a great idea for an app. I know i'd pay for it. Thanks in advance.
Click to expand...
Click to collapse
There's not an exact match to your requirements always but still on the half way down there are some apps which you may try & deal accordingly.
I would recommend you to use
1. Smart Applock
2. Theftie
3. Cm Applock.
Out of these you may select the one you feel comfortable with.
Hope you find this useful...
ayushbpl10

ayushbpl10 said:
There's not an exact match to your requirements always but still on the half way down there are some apps which you may try & deal accordingly.
I would recommend you to use
1. Smart Applock
2. Theftie
3. Cm Applock.
Out of these you may select the one you feel comfortable with.
Hope you find this useful...
ayushbpl10
Click to expand...
Click to collapse
OP posted a SINGLE requirement, and none of the apps you listed can fulfil that requirement.

snapper.fishes said:
OP posted a SINGLE requirement, and none of the apps you listed can fulfil that requirement.
Click to expand...
Click to collapse
Have you tried Smart Applock...
Then look for a feature of lock screen setting which allow you to have 2 passwords for the lockscreen & also has the feature of siren when password feeded wrong & mailing an image as well as video of the person trying to gain unauthorized access to your device. Also it provide wipe & lock feature.
Talking about other apps they also function the same but don't have a feature of multiple password.
I hope next time you try the apps first & then post such a reply....
Moreover I strictly mentioned that the exact requirements are not be found with these apps & user must look accordingly as per the available features.
ayushbpl10

ayushbpl10 said:
Have you tried Smart Applock...
Then look for a feature of lock screen setting which allow you to have 2 passwords for the lockscreen & also has the feature of siren when password feeded wrong & mailing an image as well as video of the person trying to gain unauthorized access to your device. Also it provide wipe & lock feature.
Talking about other apps they also function the same but don't have a feature of multiple password.
I hope next time you try the apps first & then post such a reply....
Moreover I strictly mentioned that the exact requirements are not be found with these apps & user must look accordingly as per the available features.
ayushbpl10
Click to expand...
Click to collapse
Ok. By now i understand there is no such app so let me tell you why all of the above do not work for me.
We all store more and more sensitive info on our phones,we make payments with the phone we have banking apps installed ,private emails and so on.All the above apps are great apps if your phone is stolen,but full of flaws.you can take out the sim card and that's it.What do you do if someone forces you to enter the pin and then disappear with the phone wallet etc?in the time it takes you to go home and remote wipe the phone they already have everything that was on the phone. All those apps are useless and full of flaws in cases like this.

Related

[Q] What is the best phone tracker/recovery app?

I am new to Android. Just got my Vibrant. I want to protect this phone so that in case it is lost or stolen I can recover it. Could you tell me what are some of the best apps for this?
Here is a list of names I know about for now:
Where's My Droid - This is currently installed, but required me to send a text to my phone to activate the GPS and even then it won't keep the GPS active long enough to get a precise location. Furthermore, it can alert the would be robber.
Glympse - well, this is not for stolen phones
Wavesecure - couldn't find any good threads on this. Seems to have an annual subscription fee of $19. I don't want that. Just want a standalone tracker.
Remote security - Not clear that this is a good app.
TheftAlarm - Again, developed in foreign language and I don't know how good it is
MobileDefense - Maybe this is the best app, but it is still in beta and no more users are accepted. I already filled out a request.
Find My Android - Was suggested in this thread, but it doesn't seem to be different from Where's My Droid, except the notification when SIM is replaced.
Lookout Mobile Security - Doesn't seem bad, but it doesn't lock your phone remotely. Can easily uninstall the program. I also found out that I better use a different email address than the one my phone gets otherwise the phone gets an email with "location" of the phone when you look it up online. This is better than Where's My Droid since you can do it more discreetly online, without sending texts (but have to make sure the email you use is not managed by the phone).
Am I missing something? I really want to protect this phone and it is frustrating that among so many apps, we seem to be missing good anti-theft solutions. Preferably I want something that can lock the phone remotely and allow me to do things without interruptions from the thief or at least discreetly. What would you recommend?
Also, I have a rooted (stock) Vibrant.
Thanks.
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
khaytsus said:
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
Click to expand...
Click to collapse
WOW! Ok, but the question is - 1.can it lock the phone remotely? 2.What happens if the thief uninstalls Tracker or changes the SIM (can you password protect it)? Finally, 3.can it take picture AND email them remotely? Otherwise, I don't see much use to this feature if the phone is gone.
Lookout seems rather good, but I have not tested it personally. I'd add a link, but I'm a new user. Should be easy to find with a Google/Market search, though.
Well that (un installing tasker)may be the case with any tech anti theft, if the thief is smart and careful they will wipe/reset/format whatever they took, rendering a soft lo jack useless
I would just get tasker and lookup findmyandroid on lifehacker, its the best current option
Captiv
Yeah, I found out about LookOut on Android forums. I have installed it. It doesn't allow you to lock the phone remotely and can easily be uninstalled.
As for Find My Android, I don't see how is it different from Where's My Droid., maybe except the part where you're notified if the SIM card is replaced.
I updated the original post.
Find my android isn't the name of the app, its what the lifehacker post is tagged as (#findmyandroid)
The program is tasker, and its more customizable and it can turn on gps
Captiv
Sure, Lookout can be uninstalled, as can any other app. But really, you should have some sort of password on your device. With pattern unlock, there's really no reason not to do so.
According to one of the devs on their forums, remote locking as well as "other features" will be coming to Lookout "very soon".
https://lookout.zendesk.com/entries/24881-remote-lock
In the meanwhile, I use WaveSecure for locking my phone and Lookout for tracking, as its mechanism seems much better.
If you want to prevent Lookout from being uninstalled, just move the apk to /system/app (assuming your phone is rooted).
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
GPS Tracker by Instamapper is the one I use most. With a text message, it will return its location via Google maps. It will continually do so for as long as you have it set up for. Every 10 Seconds, Every 2 minutes, Every half hour, etc. I used it to track my stolen phone with the laptop in the car. This app saved me from buying a new phone.
stickerbob said:
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
Click to expand...
Click to collapse
Same here. Glad I got it while it was still a beta!

Looking for an app that set password separately

Hi. I'm looking for a program that could be able to assign a password to every single program I have installed indepently. For example, assign a password when I want to open Dolphin browser for example or another one applied to the settings option.
Also, I'd like the phone to start without asking me for a pin number. I know that is a very insecure thing to do but I'm looking to immediately use the phone when I wake up in the morning Thanks in advance.
Jordibcn said:
Hi. I'm looking for a program that could be able to assign a password to every single program I have installed indepently. For example, assign a password when I want to open Dolphin browser for example or another one applied to the settings option.
Also, I'd like the phone to start without asking me for a pin number. I know that is a very insecure thing to do but I'm looking to immediately use the phone when I wake up in the morning Thanks in advance.
Click to expand...
Click to collapse
1. Lots of apps like this on the market, personally I prefer pattern protection from apps like, Seal. However, you could probably find alternatives if you look at related apps. If we had Gingerbread, then we can use Visidon which is a face unlock for apps.
2. Do you mean when phone starts up? or when you unlock? I think you want password protection to be disabled completely. If its not from an app and from the phone itself, then go to Settings > Location&Security Settings > SetUp Screen Lock > None.
I tried Seal and works great. Very easy to use and do exactly what I wanted. I hope an update to gingerbread comes soon so I can try the other one (but unfortunately I don't see it in market, maybe is why I have froyo 2.2?) with face recognition. I thought face recognition was a feature of ice cream sandwitch so is good to know that for gingerbread we can use this feature somehow. Thanks.
We can't find it in the market because the developer set the minimum version to be Gingerbread so to avoid having people download it without knowing on 2.2 and lower devices and leaving negative feedbacks, we wont be able to see it till we're on Gingerbread. I've tried it out on another device and it works pretty well.
Basically Gingerbread added Front Camera Support to the SDK so that allowed developers to use the Front Camera without any... fragmentation. In 2.2, if we tried that we would have had a much more difficult time in getting the front cameras to work because we'll need to find out how HTC did it, how Samsung did it, and how LG does it.
Ice Cream Sandwich offers an official way Face Tracking, but that's still using the Front Camera so as long as developers create their own Face Tracking stuff, it can be used in Gingerbread.

Anti-theft protection for Galaxy Note

What is the best protection for Galaxy Note in a case of theft? I am referring to the following features:
1) SMS message to the predefined number that contains the number of the new SIM card when it is insterted by the thief/third person;
2) possibility to remotely delete all personal data (contacts, messages, passwords for applications, schedule, notes);
3) GPS location of the phone without the possibility to turn off the GPS by the thief/third person;
4) possibility to lock the phone and make it unusable (unlock it with a password only known to the owner);
5) software protection that cannot be overridden by a factory reset or connecting the phone to a computer;
6) privacy of the owner (not being tracked all the time but only when the phone is reported as stolen).
I am aware of the following options but I am unsure which ones have the features above:
1) stock Android protection;
2) Samsung Dive;
3) Norton Internet Security (free on Samsung Apps);
4) Kaspersky Internet Security (free on Samsung Apps);
5) NetQuin (free on Google Play);
6) Avast (free on free on Google Play).
Are there any other options that meet the mentioned criteria?
What is the best option?
there is lookout as well
I use Avast.
Use android lost...Best app ever!
i use cerberus. it has the option u looking for. im useing it.
Sent from my GT-N7000 using xda premium
I am using Avast and Androidlost both...
Best and Free
Sent from my GT-N7000 using xda premium
after long search
after long search i ll try one of them
1- gotya
2-phone locator pro
3-avast
as they have full option
remote wipe ,call ,photo of thief , every thing
Seekdroid Is Awesome!
Cerberus
Jack143 said:
i use cerberus. it has the option u looking for. im useing it.
Sent from my GT-N7000 using xda premium
Click to expand...
Click to collapse
Same here, you can flash it to the system to, and it will keep giving you information even if someones wipes the data of your phone.
I've tried them all and Cerberus is the best IMHO. Also takes pictures and send them to your email if someone puts the wrong password in or you can do it and everything you described through the web interface.
That's all fine if the guys who steals the phone, tries to use it as is. but you know now a days they have well set up team, they simply put it to download mode & flash a clean ROM (i hope so). Around twenty days back i lost my Galaxy i9003. the incident was so shocking. Two guys, one from behind my slow moving car (at a signal during peek hours) diverted my attention by hitting the car with hand & when i turned back the othr guy flicked my phone through window. phone was kept at speedo meter compartment (window shutter was open with my arm resting on it). i had installed phone locator pro. Nothing happend till date.
So be carefull guys. Since our Gnote is large enough for anybody to pull it from hand & run away if u r walking & talking in busy places. Remember, there r lots of people watching you...
So Cerberus has all the features I listed in the first post? Is it the best then?
Does anyone have actual experience with these apps after their Android phone had been stolen?
Anyone?
Cerberus can be installed to system partition so it survives hard reset. Also there are disguised versions with System Framework app name without icon to make it stealth.
Sent from my GT-N7000 using xda premium
Do any of these apps need a rooted phone or does it make a difference?
Nice thnx
Cerberus is the best one!
You guys also have samsungdive service, many samsung users don't even know about this...
Sent from my GT-N7000 using Tapatalk 2
So does this mean that Cerberus is even better than Samsung Dive?
Absolutely best is Android lost........ Have all points you want except #5,that you will find in NO app.....
But android lost have more then 10 useful functions more.....
Can Make photos of the thief, audio recording, hide the app complete.....
If the thief change the simcard, you will get the new tel Nr., in the same moment and can control phone continously........
All actions would NOT be seen by the thief.....
You can write "fake error" messages, like "read error in lineb#FF12E" and if he press on "ok", a photo (without shutter sound) is taken of him.......
And very much more functions, look on "www.androidlost.com", the best thing is, that android lost works with a Google message service, so you're not need the sim to do commands......
Orders can get over every Internet browser or over Sms to ya phone.....
I test the emergency with my friend, and it works fantastic, after 30minutes I got 10 pics of him, have his voice, catched all phone numbers, he dial, all messages also, get all 2minutes his new location, got the complete phone state, so I have a good chance to find the thief in the first one or two hours.......
It's a shame, that you can't protect your phone by yourself against flashing roms, but every guy, (if he not knows how to flash a note exactly) have first to look for the roms, how to flash and so on, and this gives you 2 hours or more to locate him.......
Don't count on the police! In Germany, they will do nothing, also if you have the imei and they have technical stuff to locate a phone on every login, but they don't do, just in "special causes". That's a joke, so it's better to locate it by your self
Rock
Sts
Sent from my GT-N7000 using Tapatalk 2

[Q] Disabling camera without rooting

Hi amigos,
I do have HTC explorer, My office have a policy on employees to use only non-camera moblie phones. So I need a solution to this,is there any app available in market to disable the camera with out rooting. I browsed in play store,and I do got an app,but it works only on ICS platform. Pls suggest me any remedy pls..
Thanks,
Viki
Without rooting, I don't think so, sorry. You can block access to the app, requiring a passcode, but if you know the passcode, then it's not really much different to having the app there normally, plus it wastes battery.
Any app available?
Thanks for the reply SifJar. Is there any app which popups an error message kinda like that, if I tap to open camera. Since the one who gonna checking all this will be the security incharge in the gates, he lacks knowledge on android and stuffs.
SifJar said:
Without rooting, I don't think so, sorry. You can block access to the app, requiring a passcode, but if you know the passcode, then it's not really much different to having the app there normally, plus it wastes battery.
Click to expand...
Click to collapse
SifJar said:
Without rooting, I don't think so, sorry. You can block access to the app, requiring a passcode, but if you know the passcode, then it's not really much different to having the app there normally, plus it wastes battery.
Click to expand...
Click to collapse
hi
try this root ur phone and use root explorer and see if u can delete the camera .apk.But make sure to take a backup of the same so u can use the same if needed in the future and at bangalore i have seem that some companies allow u to put a sticker on the camera lens to close it and thus not use the same in the company premises chek with ur co if this is OK it would be a better solution if this is acceptable:laugh:
Any other remedy without rooting
I was using ma phone by sticking a sticker over the camera till now, but the admin security over ma office found many were using kinda like that.so now
haree said:
hi
try this root ur phone and use root explorer and see if u can delete the camera .apk.But make sure to take a backup of the same so u can use the same if needed in the future and at bangalore i have seem that some companies allow u to put a sticker on the camera lens to close it and thus not use the same in the company premises chek with ur co if this is OK it would be a better solution if this is acceptable:laugh:
Click to expand...
Click to collapse
[email protected] said:
Thanks for the reply SifJar. Is there any app which popups an error message kinda like that, if I tap to open camera. Since the one who gonna checking all this will be the security incharge in the gates, he lacks knowledge on android and stuffs.
Click to expand...
Click to collapse
Actually, now that I think about it, it should be possible, yes.
There is an app called "Tasker" which allows you to run certain actions whenever certain things happen. One of the "contexts" you can set is an app being launched (e.g. the camera app). This context will then trigger a set of actions, which can include a whole variety of things from returning to the home screen to displaying a custom made popup. You could combine these two, so that whenever the camera is launched, it will return to the home screen and then display a popup saying some error.
There is a free one week trial of Tasker available here: http://tasker.dinglisch.net/download.html (any tasks you create during that first week will continue to work after this time, you just won't be able to add any more without paying for the full version, which is available in the Play Store or via the same link as the trial)
Once you install the trial, download the attached file, remove the .txt extension (put it there as XDA doesn't allow upload of XML files) and put it on your SD card in the folder "profiles" inside "Tasker" on your SD card, then import it into Tasker by long pressing on the button "profiles" at the top and then selecting "import" and then choose "Camera Disable". It is a task I made which I think should do the trick for you. If you want to edit the error message, tap on "No Access" in Tasker (should have a green arrow at it), then tap on "2. Popup" and edit the text accordingly.
EDIT: Also note that disabling the task is as simple as tapping the green tick beside it's name in Tasker, which will turn it into a red circle with a line through it to represent the task is disabled and camera can now be accessed again.
The error will also appear when launching "Camcorder".
Couldnt you get away with just hiding the camera app, that way you can easily say that you deleted it.

How security improvements can make your device more vulnerable (sic!)

First of - I'm just an everyday user of Android device, never interested in hacking or any other "advanced" use of computers and likes. My greatest achievements so far are jailbreaking Iphone, rooting an Android phone and installing stock ROM on it. You can call me a noob. However - I like to improve things I use and I also value my privacy. That's why I installed a software that locks access to certain apps on my phone. I recently found this app actually made an opposite - it made my device vulnerable to identity theft and potential financial loss. I wouldn't really bother telling my story if developers didn't delete my one-star-rating with a brief description of the problem right after I posted it in Play store.
So, to the point. I installed CM Security and app lock app (nearly 14 millions of users and 4,7 rating) and locked some of the "sensitive" apps with it. One evening I was bored enough to try and play "a hacker" who "found my phone" and see what such person could do. Considering "a hacker" somehow managed to unlock the device he'd now encounter my second line of the defense - the mighty app locker. And now, in a few short steps I'll show you how much damage you can do with it:
1. First it obviously asks you for an unlocking password/pattern, but -as you don't know it - you hit in-app menu button and choose "forgot password?" option.
2. It asks you to log in to your Google account in order to reset the password (YES, you can access Google password recovery from inside the app, so even if you lock your device's Settings, your mail client and so on, you can still access the most vulnerable option of your account from "security" app).
3. As you don't know a Google password you hit the "forgot password" link that starts Google password reset process.
4. It will ask you for the "last password you remember", but you can just say you don't know it and then it gives you an option to get a verification code by SMS - chances are it will be sent to the device you're just holding in your hands. And these chances are big.
5. After you get a verification code you're in. You can now set a new Google account password and reset app locker password/pattern.
It's that easy. You not only unlocked an app locker but also got access to Google account which gives you pretty much endless possibilities, including purchase of some apps in the Play Store as it stores your card details and you only need an account password to authenticate the purchase. You can also try to restore Ebay or Paypal passwords or even try to get directly into bank accounts via banking apps. Sky is the limit.
I already deleted CM "security" app and looked for some replacement. I wasn't really surprised it's kind of a standard that when you install them, security apps ask you to give your Google account details just in case you need to recover your password in a future. And they often make you think that giving these details is an integral part of installation process, a must-do that is necessary for an app to install and work. Some apps, like CM "security" don't even ask - they just use your Google account details and don't give you a chance to give up such option.
After all - here's some advice I can give:
1. Don't install any security software that connects to your Google account and gives "password reset" options;
2. Don't give Google your mobile number, even if it seems convinient;
3. Don't use your Google account address as your contact information in "owner info" option of your device.
If you have any other suggestions that may improve security, please share.
Cheers
Question is why you didn't lock your device in the first place.
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
That is what a combination of a lock screen pwd,short for convenience, and full encryption using a separate and longer pwd of high entropy/randomness is for. Even with that its important to understand how it works and its limitations. Such as it does not encrypt.the ext sd card data. So if you put apps or privledged data there you either should not or using other means to encrypt it. One such way would be to use truecrypt to encrypt it using a pc, being the easiest and then use one of the apks that gives suports accessing those types of partitions/files.
The function you are speaking of is ther to prevent people you have a large degree of trust in such as a family member or close.friend possibly that you may allow to use your phone but do not want them to be able to access private data. Think of a parent allowing their child to use the phone to play a game but does not want them scewing up email or going into their bank app and randoming clicking around etc...
I hope you get the idea. Its not there to prevent someone that means to do you direct intentional harm.
I also want to point out my comments are only directed at the most basic level and only deal with physical secure of data on the phone and not the phone itself nor from remote access or privacy.
Also want to point out that a screen lock pwd is nothing but a inconvenience at best to someone wanting access to your data. A quick reboot into recovery and a bkup to a sd card will get them all your data and any weakly secured credentials there in. Its only one part of physical security, of which, is only itself one part in over all data security, which itself, is only a part of data privacy. Its a large house of cards and removing one or putting one little piece in just slightly the wrong place and collapse the whole house.
Its hard to do just the small piece of each of these parts correctly and exrremely hard to.combine all the small and large parts together for a total protection scheme. It takes considerable research and learning to do these things especially if your goals are for higher levles of security and privacy.
As an example someone that really wants their phone data ue on android to be private from commerical.data collection which via proxy means all gov access to said data would never install goggle play store or any google app on their device. That is just one glaring example of many.
http://ad.cmcm.com/en/?f=home-en-top
Cheetah Mobile is spyware. watch the video on their website
I would suggest using the built-in encryption on Android. I don't use it myself, but have the Avira app installed. I like their PC software, and gave it a try.
It can be used to track a lost phone or lock it remotely. Since I have rooted my Huawei G300 it complains a bit, but still scans all apps being installed.
bigeasy911 said:
I think you are misappling this feature 's benefit/use. It is not there, IMO, to secure your phone from an advesary that has even brief access to your phone.
Click to expand...
Click to collapse
Fact is still that this app claims it provides certain security, yet it doesn't. Not everyone will realize this. So it's always good that people keep pointing this out.
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
minimale_ldz said:
Nearly a year gone since I posted this and now I returned to "AppLockers" during my mobile security research. This is such a bad thing I can't believe apps of this kind are accepted by PlayStore and not banned eternally as the most fake security solution that ever existed. What surprised me even more, "serious" companies, eg. Norton are also in this business... anyway
I checked this one first - Best App Lock - it's "best", right? And it's got 4.5 stars rating with 1,000,000 - 5,000,000 downloads.
I set it up, set the PIN, locked test app - everything seems fine.. as long as you don't go to Settings > Apps and don't force stop Best App Lock, because then - your protection is gone. But OK, you can also lock Settings and prevent such tricks and it works... as long as you don't use Activity Launcher to call App Lock's pin reset activity... Yes, you can reset the PIN without even opening the app itself.
Now, Best App Lock was clearly made by some amateur, so let's see what pros got for us, the big ones. I checked mentioned Norton App Lock, with 4.6 rating and surprisingly not as popular, with "only" 500,000 - 1,000,000 downloads. It's a bit better, it only contains one activity, so you can't bypass it easily, because the app itself is protected with a pattern, but here's another trick - reboot device in Safe Mode and you can disable Norton's permission to draw over other apps to make it helpless as a baby. Or you can just uninstall it in SM. I didn't check anything else, because what more you can do to prevent such workaround, than Norton already did?
If someone is aware of a way to disable power menu, or at least the ability to disable Safe Mode on unrooted Android please share. Until then I call all the App Lock apps the biggest scam in mobile security.
Click to expand...
Click to collapse
Reviews or star ratings are not always very reliable, just use as a rough guide .... (In my opinion SOME of those Chinese apps seem to be amongst the worst offenders)
https://techcrunch.com/2014/05/27/f...unes-but-google-play-has-the-worst-offenders/
optimumpro said:
The first step to real security is removing all Googleapps and Google account. There is no other way around this. Next, don't install any app that is not open source. Also, don't use any recovery. And finally, either epoxy your entire usb port, if you have let's say a magnetic charging port or cut all usb port pins except for 2 for charging. In addition, you should open the phone and epoxy usb port and contacts from inside, so that it can't be replaced. Or even better: epoxy your entire motherboard. That would take care of UART socket or any other way of entering CPU/GPU/RAM from inside. Encrypt your phone. After that, your phone couldn't be penetrated (other than through the air/baseband, which is a whole different level of sophistication). If someone targets you over the baseband, throw your phone and run for your freedom...
Seriously, in the above scenario, no one can have access to your data: no fastboot, no adb, no recovery. They wouldn't be able to replace kernel, recovery, system or use any OEM official flashing method... . I welcome any suggestion to hack such a device...
Click to expand...
Click to collapse
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the damn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
billysam said:
Well you forgot SD card, unless you encrypt that as well, which for a user who uses the card for transferring files across different devices is not such a bright idea.
using epoxy could slow down the hack, and seriously give more trouble to the user than the hacker.
that being said your idea of securing the data is somewhat clear but really a secured device? cause epoxy can be penetrated as well, lock screen can also be bypassed, even without Google and a recovery.
it might take more time than hacking an average device, but still it can be done and most probably the hacker would be the same owner. cause he forgot the d
amn password and is looking to get back the data.
the more we try to secure, the more we make our lives tough.
Click to expand...
Click to collapse
Epoxy: Knowing how small and fragile phone motherboards are, I think you will most likely damage the board while trying to penetrate epoxy... Maybe you shouldn't epoxy the usb port on the ouside, but cut the data pins and epoxy on the inside to not give a hint to an attacker. Anyway, I wish an attacker fun time trying to remove epoxy...
The point of encryption is to protect data when the phone is off. So, it makes sense that for someone without a password, the phone turns into a brick. And if you tend to forget the password, then write it down somewhere other than the phone...
Mobile security is a myth. At best it is a door knit lock. Will keep honest People honest but won't stop someone from. Really trying and doing it.
I see lots of talk from people about security and yet these same people use Facebook which has enough holes in it that anyone could hack someone else pc. I use it all the time to mess with people. The looks on their faces are priceless.

Categories

Resources