Related
Okay, so i was wondering for a while why we need to remember strong passwords!?
I mean a long time ago i learned that a password has to be as cryptic (and unrememberable) as possible to increase security. A not so long time ago i learned that passwords dont have to be cryptic, but should be as long as possible.
For me, long passwords are okay if im in front of my computer, but since i have to enter them on my phone or tablet it gets really troublesome and annoying to enter long passwords.
So my idea was that it would be much nice if servers (or whoever demands passwords) would do more to prevent password attacks. For example, if your account has entered a wrong password for example 10 times than lock it for 5 Minutes. If there are 10 more attempts lock it for another hour. If there are 10 more failed attempts shut it down for a day.
By that approach you only get 30 attempts in one day. Even an ridiculously easy password would be enough to withstand password breakers.
So why isnt this done more often? Why do i need a strong password?
Another possibilty would be just to shutdown any account with more than 50 attempts and you need to reset your password.
So am i missing something?
Check out "KeePass" and other password storage systems.
I use KeePass and KeePass Droid and sync between devices. The database file is encrypted and unlocked with a master password - one that while long, is easy to remember - the passwords for individual accounts are random strings.
One disadvantage I can think of as to locking down accounts with incorrect guesses is that it would give people who want to annoy/troll/et cetera a way to lock people out and have them keep resetting their password - or, if you suggest locking the account down - lock the real user out indefinitely by continuing to spam passwords they know are wrong. This kind of assault could continue even after the password has been reset - rendering the account unusable.
Lutziver said:
Okay, so i was wondering for a while why we need to remember strong passwords!?
I mean a long time ago i learned that a password has to be as cryptic (and unrememberable) as possible to increase security. A not so long time ago i learned that passwords dont have to be cryptic, but should be as long as possible.
For me, long passwords are okay if im in front of my computer, but since i have to enter them on my phone or tablet it gets really troublesome and annoying to enter long passwords.
So my idea was that it would be much nice if servers (or whoever demands passwords) would do more to prevent password attacks. For example, if your account has entered a wrong password for example 10 times than lock it for 5 Minutes. If there are 10 more attempts lock it for another hour. If there are 10 more failed attempts shut it down for a day.
By that approach you only get 30 attempts in one day. Even an ridiculously easy password would be enough to withstand password breakers.
So why isnt this done more often? Why do i need a strong password?
Another possibilty would be just to shutdown any account with more than 50 attempts and you need to reset your password.
So am i missing something?
Click to expand...
Click to collapse
Passwords are normally not stored on a webserver, just a password hash, which is a code made form your password for example the md5 hash could be used.
So when you create an account the hash is stored (so the webserver never knows your password) and then when you come to login you enter your password, the hash is created and check agaisnt the stored hash.
Passwords are hacked by someone gaining access to the password database then downloading its contents, from there own machine they can then run a brute force attack moving through possible passwords, generating there hash and checking against the hashs downloaded.
They will normally start by using some form of dedicatory of known used passwords (things like 1234, qwerty etc etc) and then go into generating random strings until the right one is found.
professional hackers will use hardware like this http://www.gizmodo.co.uk/2012/12/the-hardware-hackers-use-to-crack-your-passwords/ to brute force which is able to work through billions of hashs a second.
Thus the longer and more random your password strength the better but then again if the attacker wanted to and had enough time they will get your password.
The only thing webservers can do is try and keep databases secure enough that an attack to grab the data isnt possible, but we all known this often is not the case
Pennycake said:
Check out "KeePass" and other password storage systems.
I use KeePass and KeePass Droid and sync between devices. The database file is encrypted and unlocked with a master password - one that while long, is easy to remember - the passwords for individual accounts are random strings.
One disadvantage I can think of as to locking down accounts with incorrect guesses is that it would give people who want to annoy/troll/et cetera a way to lock people out and have them keep resetting their password - or, if you suggest locking the account down - lock the real user out indefinitely by continuing to spam passwords they know are wrong. This kind of assault could continue even after the password has been reset - rendering the account unusable.
Click to expand...
Click to collapse
I would also recommend taking a look at LastPass, along these lines. A long master password and individual passwords is really rather safe.
Funny thing, after setting up KeePass, I had a few accounts compromised - the ones I forgot I had and didn't switch over. The its a good thing I did switch over, or something important could have been gotten into.
Sent from my SGH-T999 using xda app-developers app
Also I would like to suggest Dashlane for password security. It's the only form of password management software I've ever used but I've been very happy with it. It's definitely worth checking out
In terms of password security, the most important factor is the length of the password: with each character added, the time taken to brute force the password increases dramatically, following a power law model.
That said, you also want your password to not be easily guessable: so don't use something that relates to personal information about you, or about what the password is for (i.e. don't make your XDA password 'xda-developers').
This XKCD is relevant, in case someone in the universe hasn't seen it already...
Password storage programs like KeePass are a great way of solving the security vs. memorability problem: your passwords can be as long and random as you want, you only need a strong master password to be secure.
Not even passwords, we need strong security. Check out these thread:
http://forum.xda-developers.com/showthread.php?t=1931627
[Suggestions & Discussions] Why mobile security matters
Sent from my GT-I9103 using xda premium
With iOS I used 1password to generate 20 character passwords so I don't remember any of my passwords since it's kept in the app. Hopefully they update the Android version soon.
Sent from my Nexus 4
Another one for Keepass here. The array of devices it is available for is impressive. I am trying to convince everyone I know to use some sort of password management since more and more of our lives are on the net now, particulary bank and government accounts.
You don't need a really strong password if you're protecting your device from people who don't know you (not your friends, or your kids). If you're only worried about your device getting stolen by someone you don't know (who doesn't know you) you can make your password easy to remember and enter by making it your first born child's name or pet's name, or first born child's birth date. But if you're trying to protect the device from your kids (or other people who know you), you better make it something a little harder for them to guess.
Lutziver said:
Okay, so i was wondering for a while why we need to remember strong passwords!?
I mean a long time ago i learned that a password has to be as cryptic (and unrememberable) as possible to increase security. A not so long time ago i learned that passwords dont have to be cryptic, but should be as long as possible.
For me, long passwords are okay if im in front of my computer, but since i have to enter them on my phone or tablet it gets really troublesome and annoying to enter long passwords.
So my idea was that it would be much nice if servers (or whoever demands passwords) would do more to prevent password attacks. For example, if your account has entered a wrong password for example 10 times than lock it for 5 Minutes. If there are 10 more attempts lock it for another hour. If there are 10 more failed attempts shut it down for a day.
By that approach you only get 30 attempts in one day. Even an ridiculously easy password would be enough to withstand password breakers.
So why isnt this done more often? Why do i need a strong password?
Another possibilty would be just to shutdown any account with more than 50 attempts and you need to reset your password.
So am i missing something?
Click to expand...
Click to collapse
No u r write but thn it is easy for our frnds r closed ones to know our pswds
Sent from my Micromax A50 using xda app-developers app
---------- Post added at 08:02 PM ---------- Previous post was at 08:00 PM ----------
Sry its right nt write
Sent from my Micromax A50 using xda developers app
I would be very careful about using "apps" to manage stored passwords. Hopefully the database is encrypted. (There is e.g. a bitcoin wallet app that doen't encrypt stored data!) It is sometimes trivial to decompile the app to get the java sources with the decryption algorithm. If it was a native app, decompilation would be harder.
You have to assume the attacker can get the db and the algorithm, and therefore only has to guess the key. Therefore, the password you choose must be as difficult to guess as possible. (This goes double for people using software they can't build themselves, such as linux distros and roms. There is a reason Debian devs cryptographically sign their contributions (packages) which are then built and distributed by other machines; it is near impossible to inject malware, in such a way that others can't discover who did it.)
The real problem is that malware on e.g. a desktop os can install keyloggers and grab the contents of copy/paste buffers. So the mechanism to move the password from the db to the app that needs it must also be secure. Passwords must be salted, and correct algorithms chosen for each part of the software (E.g. MD5, mentioned above, is considered insufficient for password hashes and most other uses, and should not be used).
A lot of people think that encrypting things or hashing them multiple times or with 2 or 3 different algorithms will improve security; this can actually decrease the amount of work for an attacker, so must not be done.
Ask yourself if the developer of such an app is aware of these issues, and also of the specific API and other features of Android that provide (some) security in the face of an attack. Ask yourself if such a developer would be compensated more by writing such an app, or by doing other work.
Then make your decision about how much you can trust the app that you have.
Sent from my SGH-I317M using xda app-developers app
Just have a long passward or any cryptic 1,
Remember on your web and use a masterpassward in firefox if shared system,
And just save it in an app called msecure in android just sync with Dropbox and tjen when ever you need to enter a password just copy from msecure and paste it where you want.
Ty:thumbup::sly::beer:
----------------Read If You Have Time----------------
Send From My Samsung Galaxy Note 2 N7100,
HIT thanks if I did Helped you.
LIFE! It's what you make out of it!
rselthn slight
KeePass or 1Password instantly springs to mind as others have already mentioned.
One way to keep secure passwords easy to remember is by taking the websitename, domain, or some other criteria (5th word on the homepage) and applying a couple of rules on that. E.g. take the word phonetically in reverse order, shift all vowels one place in the alphabet, append an exclamation mark, prepend a fixed number (e.g. 5), and add the length as a number to the end. XDA would become exdeeaa -> aaeedxe -> bbffdxf ->5bbffdxf! ->5bbffdxf!9 ... still quite difficult to guess, but easy to remember, because you just have to remember the rules.
Obviously those rules aren't the actual rules I use, but I do use something like this...
I am going to be honest, I have never taken computer security seriously and I feel like it is going to bit me in the bum really soon if I don't change my habits. This all started with a few emails I received about forgetting my password on multiple accounts. The first time, I just assumed someone typed in the wrong account. I received a second one a few days later and it started to make me wonder if someone had my email. Then a few days ago I signed into Paypal only to realize that they locked down my account and refused to open it again until I provide some more information. I thought this was strange because I had been using my PayPal account for a few years now to purchase things on eBay. After I submitted my information, they wanted an explanation as to why someone who lived in Iran tried to access my account. I don't know anyone who lives in Iran and so now I am a little freaked out. I want to know what I can use to prevent hackers from getting access to my accounts.
Is it a good idea to pay for a vpn service for daily online activities?
Should I setup a password keychain for my accounts and use long randomly generated passwords?
Should I switch to Ubuntu? (current running Windows 8)
My computer skills are pretty solid so feel free to suggest things that maybe a more advanced user might do.
It is possible but can be done without paying. Tor is very popular and a really good service but it can only provide anonymity, not security. That for install HTTPS everywhere and customize every service you use to provide SSL.
Sent from my GT-I9100 using xda app-developers app
PayPal are pretty smart, your account should be safe, your account was flagged because of an attempt of a login x amount of miles from your usual common log in region, like you said Iran, so of course, PayPal will do whatever they can to protect your account, even if it bugs you.
You can protect yourself by making sure you have virus protection, free or paid, making sure its up to date, and scan once in a while.
I use Windows 7, so I use Microsoft Security Essentials for real time protection, I also use Malwarebytes but disable it for real time protection as more than one real time scanner would cause performance issues for anyone. keeping both up to date and scanning regularly should keep you virus/adware/malware/spyware free.
As a precaucion, I also use adblock plus for firefox to prevent ads, not just because its annoying, but also because ads sometimes are bad for you and you end up with fake antospyware 20xx and so on.
As for passwords, just try your best to make sure your entering them at the actual website you think your on, check the security certificate on the address bar on the left of the url.
WhatsApp just sold for 19 billion which blows my mind. The application is still vulnerable to having entire messaging histories and photos stolen by malware that was reported 3 moths ago. The WhatsApp developers haven't even patched the vulnerability yet!
http://armorfor.us/1dv7yyY
Any chance anyone here has a contact at WhatsApp to get a comment on this issue?
Yeah, again, how is that thing worth the same cost of building 3 of the tallest skyscrapers in the world side by side?
why do people even use it? I must not text enough to get it
Veeshush said:
Yeah, again, how is that thing worth the same cost of building 3 of the tallest skyscrapers in the world side by side?
Click to expand...
Click to collapse
HAHA! no kidding, there are so many other things that you could invest 19 billion dollars in. Form WhatsApp perspective tho, when they finished the deal the owners were jumping for joy!
Based on what I could understand from the article, this isn't any more of a vulnerability than any software on your computer being able to open files on your desktop or external drive...
Ryccardo said:
Based on what I could understand from the article, this isn't any more of a vulnerability than any software on your computer being able to open files on your desktop or external drive...
Click to expand...
Click to collapse
not quite. I would assume the computer software you use an example is opening files on your desktop or external drive with your instruction and authorization.
The whatsappcopy malware steals users WhatsApp conversations without their knowledge and then uploads them to a terribly insecure website where they can be purchased by anyone. Its an invasion of privacy and is probably described best as Trojan Spyware. If you interested in analyzing the APK you can visit hxxp://whatsappcopy.com/BalloonPop2.apk but be warned the APK will automatically be downloaded when visiting this site. I recommend doing so from a computer and using an emulator to run the APK.
The BalloonPop2 "game" that steals the whatsapp convos make no mention that it is preforming this activity and does so in the background of the device.
UPDATE: Whatsapp finally did respond to request for comment and said simply "we are working on getting this website disabled."
theJGstandard said:
not quite. I would assume the computer software you use an example is opening files on your desktop or external drive with your instruction and authorization.
Click to expand...
Click to collapse
It already has permission: the only key difference between this and any random game with "read SMS" enabled is due to Whatsapp saving messages or whatever by default in a shared storage so "read and write SD card" is not inherently suspicious, but as I've been always saying the description of permissions are mostly guidelines and it's their combination to be dangerous (compare with the fact that minor modifications to the APK could have made the team behind this get... all your music instead of your IMs)...
And the computer analogy is because (generally and by default) everything in your user profile is accessible by any software run as your user, yet I can't recall a major Windows malware aimed at getting access to a specific client's messages through saved logs on disk...
Ryccardo said:
It already has permission: the only key difference between this and any random game with "read SMS" enabled is due to Whatsapp saving messages or whatever by default in a shared storage so "read and write SD card" is not inherently suspicious, but as I've been always saying the description of permissions are mostly guidelines and it's their combination to be dangerous (compare with the fact that minor modifications to the APK could have made the team behind this get... all your music instead of your IMs)...
And the computer analogy is because (generally and by default) everything in your user profile is accessible by any software run as your user, yet I can't recall a major Windows malware aimed at getting access to a specific client's messages through saved logs on disk...
Click to expand...
Click to collapse
ok, sorry i didn't understand what you meant originally. Surprisingly the balloon pop 2 application doesn't have the READ_EXTERNAL_STORAGE that you would expect. It only has the following permissions
android.permission.INTERNET" />
android.permission.ACCESS_NETWORK_STATE" />
android.permission.GET_ACCOUNTS" />
But undoubtedly your right, it is harvesting the WhatsApp conversations from the SD card. I assume this is done by using the get_accounts permission and then it is able to use the absolute pathway to access the WhatsApp stored data.
To me thats where the story is. That the whatsapp framework is vulnerable to having the messages stolen. Its nice that they are now aware of the malware and making an effort to have it taken down but it seems the essential issue is the lack of internal security that needs to be addressed.
Maybe you see it differently tho?
Permissions are supposed to be the way for Android users to determine which apps to trust and which ones are suspicious but this app doesn't really have a stand out permission that would be a red flag for your average user.
Keep us updated :good:
theJGstandard said:
but be warned the APK will automatically be downloaded when visiting this site. I recommend doing so from a computer and using an emulator to run the APK."
Click to expand...
Click to collapse
I'd change the http to hxxp so no one accidentally clicks that link.
edit
Also my Eset Smart Security actually blocked the app on my desktop.
Here's the VirusTotal results for BalloonPop2.apk just for the fun of it:
https://www.virustotal.com/latest-scan/55fc64952b923883714de4239420d3af
Veeshush said:
Keep us updated :good:
I'd change the http to hxxp so no one accidentally clicks that link.
Click to expand...
Click to collapse
good call
Anyone knows anything about 'Telegram'.
Seems to be just about the same as Whatsapp but nowhere near as famous and maybe it introduces less malware problems?
Anyone knows?
FPITAS said:
Anyone knows anything about 'Telegram'.
Seems to be just about the same as Whatsapp but nowhere near as famous and maybe it introduces less malware problems?
Anyone knows?
Click to expand...
Click to collapse
There's an open source client too AFAIK
Never heard of it before.
Sent from my GT-I9300 using XDA Free mobile app
I want to beef up my security on my tablet. I want a program that can lock and encrypt selected applications. But I don't just want a basic app locker. I don't want a program that just prevents apps from running unless I have a password. A lot of programs can do that. I want encryption. I want the app's data secure, so even if someone boots it into recovery and goes in with ADB or something, they can't get any data. I don't necessarily need to encrypt the apk or the odex or anything like that, but the data for sure.
Basically, I want something like this: https://www.amazon.com/Hackerso35-Crypto-App-Locker/dp/B074FJPFPN . That description really seems to be what I'm looking for. "Protects your apps data with SHA3 / AES 256-bit encryption." BUT that program was released back in 2017 with no apparent updates since, it only has one review, and searching for it on Google only gives two pages of results. So I don't know if I want to trust that particular program. I want something like it.
I want something that can do what that program purports to do, regarding encrypting app data. I want something with a strong reputation. I want something a lot of people use and trust. Any recommendations? Thanks.
Recommendation only. I will not be here to reply.
Smart AppLock: Privacy Protect - Apps on Google Play
Lock apps with password!
play.google.com
As for not having it unable to be uninstalled, do some research on how to set it as a device admin app.
Also, you mentioned"connecting through adb"
just disable USB debugging, etc
All the best.
ps, contact the developer of the app you mentioned ,and im sure he could point out why he hasnt updated, maybe "they" are already on other projects...
Not quite what I was asking for. The Crypto App Locker program above says that it "encrypts the app's data as well." The one you recommended doesn't say anything about that.
Like I say, I'm only hesitant about that particular app because it has so few reviews and hasn't been updated in so long. As for the developer, this very forum reports: "Last seen Nov 26, 2017"
Well that all depends(regarding your first post) Have you heard of Trust Wallet?
Also if you're rooted, you can compress the app..etc. With a vital key. Then, unfreeze it.
The reason I suggested contacting the Dev, was he/she could point you in the right direction.
But if its an app you open every day, that could be a pain. Perhaps telegram group could give you some insight. Maybe As the guys at airdrop...
Alliance shield app bricked my phone...the owner (RRiVEN) banned me for asking about the permissions his app uses and he got butthurt and banned my account and ip address knowing it would soft brick my phone if i factory reset it with all the apps I disabled and now I can't remove the spyware/malware infected app or recover my device back to factory settings...him and his app destroyed my brand new 1200 dollar s21 ultra
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Maxxx17 said:
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Click to expand...
Click to collapse
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Also this app proxys all your data and activity thru his server....the required sign up and login for the app to work is the first dead giveaway and a huge red flag
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
HELLFISH420 said:
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Click to expand...
Click to collapse
You may be right. Be careful next time.
yeah the owner is in trouble and he dont even know it....he even tried to push a zip file to my phone (script)
HELLFISH420 said:
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
Click to expand...
Click to collapse
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
oh yeah one last thing [email protected]
RRiVEN said:
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
Click to expand...
Click to collapse
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
HELLFISH420 said:
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
Click to expand...
Click to collapse
All I see is more accusations and ZERO proof. Typical Hellfish.
Where is the poof I log passwords? I will happily give you any version of the Shield going back 2 years. Decompile it and show me the password grabber, or exodus, or anything else. You can't so I won't be holding my breath.
It has multiple permissions yes, but most are so the Knox features work. You know what permissions I don't request? Storage.
HELLFISH420 said:
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
Click to expand...
Click to collapse
Once again more accusations and yet zero proof. Same offer still stands, show me the malicious permissions, what ever that means.
Since we banned you for lies it has been half a year. My app is still here. Still waiting for it to be taken down. My guess is another 6 months will pass and we will still be here.
You were nice and we were nice untill we asked for proof about your wild claims, then it changed. Suddenly we were the bad guys. Extraordinary claims require extraordinary evidence.
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
We are happy for you, really are, no sarcasm, but once again you don't understand why we have the login.
All it takes is reading our website feature list to see why, but hey you compare apples to carrots.
Also you better hope Samsung doesn't find out you are using Knox to disable system apps or your key will be revoked.
If it uses Samsung Knox, then it needs an internet connection, so excuse me If I don't believe you 100%
HELLFISH420 said:
oh yeah one last thing [email protected]
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
Click to expand...
Click to collapse
What are you even talking about? I really think you need to get help, your infatuation of us is weird and how you think everything we do is hacking you.
Trust me, if I had a zero day (which I don't) I wouldn't use it to hack random people via my legit app we worked 5 years on and almost half a million downloads. I would sell it for $100,000 and then find the next one.
But hey, you think whatever you want.
Edit:
After reading my comment again do you think the Cloudflare or Google link is an ipgrabber? I take it you never heard of Cloudflare or Google, interesting.
Cloudflare has a market cap of 65 Billion and Google 1.99 Trillion, very huge respected tech companies.
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Suprnova84 said:
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Click to expand...
Click to collapse
Any legit company can apply to use Samsung Knox, which I did.
My connection with the Military has nothing to do with the app. The Shieldx was created in my spare time using my company (RRiVEN LLC) that I set up as a College project before I joined the Military.
Knox is a very powerful system that the Shield only scratches the surface of what it can do. I am not surprised that the Military uses it.
This hellfish character is a troll. Shield is a great app and works well. Only I don't stick with it because there is still no way to add large hosts from online sources easily. Once that happens, I'm switching. Until then, adhell3 is the best solution.
Wow that war was awesome to read. Go Alliance Shield X whoo whoo !!! lol
this issue has been resolved....mods please delete this entire post
I'm not related to hellfish or whatever, just saw a recommendation in the internet - app to control running services on Samsung devices, well that was quite an experience.
This is just ridiculous software, probably author is a follower of well known Terry Davis (god bless his soul) with his well known TempleOS. IT IS JUST FREAKING RIDICULOUS! never ever install that crap and stay away... just a complete nonsense beyond imagination, you may get a taste of it just browsing through official website, which was already very much suspicions, but I registered and installed anyways... mother of god...
also author's weak excuses about dot in emails? WHAT ON EARTH???? have you ever seen a single rnd generator... do you have a slightest idea how email works, any understanding of modern spam\antispam techniques? zero, zilch... my god... sheeez....
HELLFISH420 said:
this issue has been resolved....mods please delete this entire post
Click to expand...
Click to collapse
How did you resolved the issue? pls update me about the solution so we can also try..
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
also how can I get this software of yours? Have you uploaded this in the forum or playstore or somewhere else? Please update me...