Problem with Smart Lock and trusted devices - Samsung Galaxy S7 Questions and Answers

I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve

stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
straight thought is wht u said
thr is extra policy for ur device.
remove the exchange server and check wht happen...
if nothing changed go to security setting and clear credentials and remove all admins app
:good:

I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.

m3xiz said:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
Click to expand...
Click to collapse
+1 for this suggestion. I'm a big fan of My Knox. It sets Samsung apart in this area.
Sent from my SM-G930V using XDA Premium HD app

stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
Some third party email apps are capable of applying Exchange policies on the application level instead of device level. Thus leaving the rest of the device under your control. Try an app like Nine which can do just that. The are other apps too but I like this one.

Thanks Everyone. I'll try those. It sounds like myknox might help if this is it. On my Moto X I was using before, I used Touchdown for exchange (cause the ootb mail client sucked) and it similarly kept the admin policies to the app.

hmm, removed the exchange account. now things aren't greyed out anymore. I could go into trust agents and Smart Lock (Google) is enabled. I go into phone administrators and there are two: "Android Device Manager" and Support & Protection". I turned them both off (I don't know how to REMOVE them). Restarted phone. No change in behavior. My screen still locks when, for example, connected to my Gear S2 watch though that's one of the trusted devices for smart lock..

nevermind, it's working. I was just expecting different behavior. I still have to 'swype to unlock' but I'm not hit up for credentials anymore. I was expecting that when I woke the phone it would go to the last screen it was on. I don't know why, my Moto didn't do that. I think it was having the fingerprint sensor now that just messed up my mental processing.

A very simple alternative to the same effect is offered by the Exchained app. No root required.

I found if you go to lock screen (in setting: device) and create and lock screen pattern. Trust agents becomes available (in security settings: advanced), you can then turn it on and smart lock becomes available (in security settings: advanced).
There is a youtube video about it: How To Enable Smart Lock On Any Device

Unrelated to smart lock: As user "Avah" said, I highly recommend Nine email for connecting to your exchange server. It does not force the administration policies on your device (or at least, it may ask you, and you can decline). Better than the built-in clients and way better than the old Touchdown app.

Related

[Q] Microsoft Exchange Question

I have a question about putting my companies exchange setting on my samsung captivate.
so here is a little background. I work for a company that no cameras are allowed, except for me because I am the company photographer. I was issued a blackberry as my work phone but the freaking sucks. Actually when I got it, I set it up myself but then a day later the camera was magically deactivated on it. I am guessing the it department remote in and disabled it.
So I just got a samsung captivate as my personal phone which has nothing to do with my work but.... When I had my iPhone 4 I was able to put the same exchange settings on it and use my work email and address book and calendar on it and they never knew and my camera was never disabled. I dont care about using my phone camera at work but I do when I am not at work since it is my personal phone.
So my question comes after this. When i go to enter my exchange info on my android running froyo 2.2 on my samsung, it says that security settings will be automatically changed by the server. Will they be able to disable my camera on my personal phone? but my iphone they never did? What kind of corporate bull**** damage can they do to my phone and lock it down? It is my personal phone and I only want my calendar on it so I dont have to carry my ****ty blackberry phone around.
if they can lock the phone down just by me entering the exchange settings, can I do anything to prevent it?

App Lock programs

Does anyone have good success using these types of programs on the TF700 or their phones in general? If so which are you using? I read people reviewing the apps saying they work fantastic but then some post how to get around them or simply uninstalling it will remove the lock. Or they make the device run slower.
A coworker was asking if it's possible to have multiple email accounts in either the google email app or the default stock email client. The answer is yes but it doesn't give the option to password protect or require the account password to access the emails. She has a business one that she would like kept protected in case anyone gets her tablet. As it is anyone who gets your device and gets past a regular screen lock almost has complete access to your google account. The only way to do it is add the account to the device, then go back into settings and remove the account. Thats a bit of a pain for something that should be available as a security feature.
So with these app lock programs the owner could require a password to open a protected application (gmail or email client). It's a matter of how effective the programs are vs how much battery drain or performance hit it causes.
The ASUS "App Locker" app puts a pin password on apps, including system apps such as system settings. Comes with your TF700. I think (but not sure if I remember correctly) setting up my departments TF300's so that users could not access the system settings using App Locker.
Thanks for the info. She has a Levno 7'' tablet thing. I'm constantly telling her how to do this or that on it. Our Tf700 is way more power than she will ever need. I will have to see if her's comes with something like a native app lock.
I'll be checking out the asus lock on mine. Might as well set it up in the event it's ever stolen. I don't use the screen lock. It got annoying to constantly enter a pin/password when I turned my screen on.
Thanks for the reply.

Warning to users with active sync accounts that require pin lockscreen

Many users have active sync accounts with pin code lock screen requirements. Vzw added a "feature" where you type if wrong 10 times and the phone will factory reset. With the lock screen gestures enabled it is much much easier to accidentally wipe your data due to this.
Until we get an insecure kernel that disables write protection to /system and can disable this "feature" be warned!!!
Sent from my Nexus 7 using Tapatalk
dottat said:
Many users have active sync accounts with pin code lock screen requirements. Vzw added a "feature" where you type if wrong 10 times and the phone will factory reset. With the lock screen gestures enabled it is much much easier to accidentally wipe your data due to this.
Until we get an insecure kernel that disables write protection to /system and can disable this "feature" be warned!!!
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
A sync account meaning a google account? This "feature" is pretty damn annoying.
123421342 said:
A sync account meaning a google account? This "feature" is pretty damn annoying.
Click to expand...
Click to collapse
anyone who selects or is forced to use a pin for their lockscreen....
Others are noticing ..
http://phandroid.com/2014/03/31/htc-one-m8-security-video/
Once we have /system write access this is an easy fix to eliminate.
Article writers missed that point though...
Sent from my HTC6525LVW using Tapatalk
To be fair, this is SOP for any business that allows users to connect their phones to their corp e-mail...
I didn't watch the video, but I assume he didn't connect his phone to his work and download the policy?
tehsquishmeister said:
To be fair, this is SOP for any business that allows users to connect their phones to their corp e-mail...
I didn't watch the video, but I assume he didn't connect his phone to his work and download the policy?
Click to expand...
Click to collapse
Even BlackBerry makes you type in a confirmation. The wake gestures on this phone make it very easy to do in your pocket or bag.
Sent from my HTC6525LVW using Tapatalk
I don't think this is related to exchange, I think it's any lock screen. I use a pattern lock screen and it is the same. I've also turned off the gesture wake options.
l7777 said:
I don't think this is related to exchange, I think it's any lock screen. I use a pattern lock screen and it is the same. I've also turned off the gesture wake options.
Click to expand...
Click to collapse
Then it's a bigger ouch! We will be able to kill it once we get better root action.
Sent from my HTC6525LVW using Tapatalk
This annoyed the crap out of me. I travel constantly with my phone and if it gets wiped during travel (and losing pictures and documents), that would equal me being fired from my job. My companies exchange server enforces security, which is a good thing, but then I have this device wipe thing hanging on my mind. On other devices, I can simply turn off this absolutely retarded option.
I had the same problem on the HTC M7. Luckily it can be disabled with root.
Anyway, once we get a proper root, you can set the failed attempts = 0 in an system xml file and then you will be good to go.
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.
Exchange servers are known to push security policies which sometimes can hamper user experience and in some cases overstep the boundaries of BYOD setups in workplaces.
Using NitroDesk TouchDown for a few years now, allows an activesync connection to my work exchange server, but doesn't pull group policy to overtake my phone. I highly recommend it.. (man, that sounded like an ad)
Be aware the wipe on 10 attempts isn't an exchange policy. Some exchange policies can force a PIN or a password, but thats it.
HTC, as of recently on their devices, has mandated the wipe on 10 policy once any type of security is set (whether that is a PIN or a pattern or a password) regardless of exchange policy.
Whether its because of exchange or your own setting, any security lock enabled on the phone will trigger the wipe on 10 policy.

[Q] OTA Update Broke Smart Lock?

Downloaded the OTA update on my S6 yesterday, and I noticed that Smart Lock (the feature that keeps your phone unlocked if you are in trusted locations, etc) had stopped working. I went to check the Smart Lock settings and now they are greyed out! Did this happen to everyone or just me?
people in Edge forum reporting same issue so you are not alone.
i think most folks here are waiting the couple days needed for a dev to update the OTA to be root before updating which is why you dont see a lot of response to this question.
It definitely messed up lock screen stuff. I use fingerprint and now I get the lock at the bottom of the lock screen sometimes. When I pull it up it does nothing, then switches to fingerprint mode.
Well, disregard my complaint. User ignorance. The day they update rolled out I also bought a new car with bt (for the first time)and paired my device. Apparently I just didn't recognize what smart lock looked like.
I think this update messed up the camera or something. My pictures seem blurry as hell.
Sent from my SM-G920V using XDA Free mobile app
I can confirm that mine does the same thing!
Glad it was figured out. I was going to say my smart lock has been working fine with my LG G Watch after I installed the update.
If you have a corporate Exchange account which requires a password or fingerprint, then Smart Lock will no longer work after the Samsung update a few days ago. I'm getting around the problem at the moment by setting up some profiles in Tasker. I have also read that if you remove your Exchange account and switch to Nine Exchange email from the Play store, that brings smart lock functionality back.
EDIT:
More testing. After disabling Tasker, I have confirmed that removing my Exchange account from the phone does indeed make smart lock start working as expected again.
Also, I've downloaded and set up Nine and Smart Lock still works as expected. Just FYI in case anybody else is experiencing this issue. Something to look at.
You normally use gmail for exchange? If so, uninstall updates for gmail then readd your account and smartlock will work again. This is a known issue on other devices.
One of the versions of gmail after 5.1 broke it... You may not see the issue unless you reactivate gmail. Many users report smartlock working until either readding their account or reactivating gmail. But regardless, downgrading gmail seemed to work...

Ghost in the Machine

Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs

Categories

Resources