I'm customizing my phone's stock ROM (I have root access), and I wanted to disable Lollipop's Device Protection feature where you need to sign in with a Google account after a device wipe.
How do I disable it? Preferably via build.prop, but any solution is cool.
Related
Seem like micky insecure kernel does make the root work great. But just wondering is there anyone also find the wifi wont auto connect anymore? I have to manually add them...
If you mean that the passwords are not saved the fix is in the kernel thread.
In build.prop change ro.securestorage from true to false.
Thank you ..it works. One more thing does anyone know how to disable that security notification after rooting other than disabling the whole smart manager? I try the notification setting unfortunately the smart manage do not have the block option.
Update: i think i found a soltion to this annoying security notification. Use titanium back up or root uninstaller to freeze security log agent.
Hi, are there some ways to have control of root access just for a person who knows some "root password" (for an administrator), and limit/disable root access for a normal user?
E.g. to change superuser or root access password? Set-up/change the root login password? Or some other ways?
Also what do you think of SuperSU, Hide my Root, and similar apps for this case?
I need to setup security/make limitations on "super user", or at least disable root temporarily when a normal user is using the device (and reenable root when an administrator needs to make system/app changes etc.)
Also: what is the way to hide (as much as possible) root access (and the fact that the device is rooted) from Apps and the normal user?
ROM is LG G3 d855 RESURRECTION REMIX 7.1.1_r9
Hi everyone. I just want to make it clear.
Rooting isn't bad if you know what you are doing.
First of all, there are attack methods for android as well as for PC's.
Here's how to prevent them.
NON-ROOTED:
Make sure you clear cache and dalvik once every month (This is just for the sake of free storage).
If a third-party app you downloaded doesn't have a name in the package installer, don't install it. More likely delete even the apk.
Otherwise it will probably show random webpages by using default browser.
Download any kind of Anti-Virus like Avast, AVG, CM security etc...
Don't turn Play Protect off, if you don't have root, you probably don't have apps that can be recognised as a threat.
Don't download any file from anywhere with an unknown extension.
If your phone supports it without any issues, you can use Full Device Encryption in Security Settings this will put the Normal mode lock to recovery, and even the phone can't be booted unless you type the password in, also in recovery if the atacker deletes the entire system partition, your user data partition will still be encrypted so your data is safe.
ROOTED:
First of all, to protect yourself from network-based attack vectors, install AFWall+ (Free on Play Store).
It rquires root acces bc it's modifying the device's iptable rules to prevent specified apps or app kinds from reaching differenet sort of network, if you are paranoid you can even deny the entire system from reaching any sort of network.
Second install a root privileged anti-virus (I'm pretty sure such things exist).
Third use magisk rooting instead of SuperSU or phh's Superuser, magisk has 2 very usefull mods, one is Energized Protection what blocks malwares adware etc... and the second one is Unified Hosts Adblock (i prefer thsi a bit more cause it has a GUI where you can select what must be blocked).
Also magisk rooting method doesn't corrupts your device's fingerprint so it passes SafetyNET so you still can use Snapchat and Super Mario Run even with a rooted device.
Fourth you still can use Full Device Encryption (Remember if you forget your password or something doesn't working after the encryption like the fingerprint sensor you should consider going back to stock with nand erase to get the data partition Decrypted (Causes full internal sd content loss) otherwise factory reset won't do the job.)
Thanks for sharing information.
I agree with you that rooting is not bad when you know what you are doing but also you should know WHAT APPS ARE DOING.
As a Cyber Security Expert, there are alot of attacking tactics for android phone too as well as PC. These days there are lot of vulnerabilities networking and android system.
1. WPA2/PSK wireless technology is not safe as it is vulnerable to Blueborn attack
2. Newly found vulnerability in LTE networks, allowing three types of attacking methods.
3. The adware is most common in rooted phones and if it got administrator permisiions, it becomes evil.
4. MITM attack is always here
And there are lot of other methods using these days to hijack devices.
bencetari said:
Hi everyone. I just want to make it clear.
Rooting isn't bad if you know what you are doing.
First of all, there are attack methods for android as well as for PC's.
Here's how to prevent them.
NON-ROOTED:
Make sure you clear cache and dalvik once every month (This is just for the sake of free storage).
If a third-party app you downloaded doesn't have a name in the package installer, don't install it. More likely delete even the apk.
Otherwise it will probably show random webpages by using default browser.
Download any kind of Anti-Virus like Avast, AVG, CM security etc...
Don't turn Play Protect off, if you don't have root, you probably don't have apps that can be recognised as a threat.
Don't download any file from anywhere with an unknown extension.
If your phone supports it without any issues, you can use Full Device Encryption in Security Settings this will put the Normal mode lock to recovery, and even the phone can't be booted unless you type the password in, also in recovery if the atacker deletes the entire system partition, your user data partition will still be encrypted so your data is safe.
ROOTED:
First of all, to protect yourself from network-based attack vectors, install AFWall+ (Free on Play Store).
It rquires root acces bc it's modifying the device's iptable rules to prevent specified apps or app kinds from reaching differenet sort of network, if you are paranoid you can even deny the entire system from reaching any sort of network.
Second install a root privileged anti-virus (I'm pretty sure such things exist).
Third use magisk rooting instead of SuperSU or phh's Superuser, magisk has 2 very usefull mods, one is Energized Protection what blocks malwares adware etc... and the second one is Unified Hosts Adblock (i prefer thsi a bit more cause it has a GUI where you can select what must be blocked).
Also magisk rooting method doesn't corrupts your device's fingerprint so it passes SafetyNET so you still can use Snapchat and Super Mario Run even with a rooted device.
Fourth you still can use Full Device Encryption (Remember if you forget your password or something doesn't working after the encryption like the fingerprint sensor you should consider going back to stock with nand erase to get the data partition Decrypted (Causes full internal sd content loss) otherwise factory reset won't do the job.)
Click to expand...
Click to collapse
**rooted user**
What happens if I lose my phone and someone get's into the recovery and deletes the lockscreen security? How can I avoid that? Is running a custom ROM without a custom recovery safe, or is it even possible?
I'd like to add:
• Using a trusted VPN
• Possibly changing your DNS settings to use a provider that supports DNS over HTTPS
clonechill said:
**rooted user**
What happens if I lose my phone and someone get's into the recovery and deletes the lockscreen security? How can I avoid that? Is running a custom ROM without a custom recovery safe, or is it even possible?
Click to expand...
Click to collapse
Philz CWM recovery and some other custom TWRP-s has recovery lock. And with full device encryption data partition can't be reached without giving the unlock.
I'm working on porting "CIT test" application from MIUI to custom Android 11 ROMs (for calibrating proximity and fingerprint sensors), with end goal of creating a Magisk module. I'm stuck now with the application calling android.os.ServiceManager/addService, which fails with SecurityException -- I presume because I removed android:sharedUserId="android.uid.system" from its manifest, so it doesn't run with system app permissions. Currently I place it in /system/priv-app instead, which allows me to give it at least all the manifest permissions that it requires.
AFAIU, there is no way for me to simply use android.uid.system, as it requires one to sign the package with the same keys that were used for the ROM itself. As my idea is to have a general Magisk module, this is out of the question. However, because obviously I expect devices to be rooted (and can require Xposed), I want to find some way of circumventing signature check for this one package. Say, using Xposed to patch signature check, and to allow my public key to be used for android.uid.system apps. I don't want to completely disable signature checks, as this greatly compromises security.
I also thought of somehow using su to run this application as root, but apparently this is also not possible.
Is there a way to do this or something similar? Maybe I miss another way of implementing what I want? Any help or links are greatly appreciated.
I am curious about this too. It would help install the nReal nebula service on non-carrier devices and use nRreal Light AR glasses with the Nebula app.
Re-add the android.uid.system line
disable your Android Signature Verification
install with magisk to /system/app or priv-app
Hi there, I'm working on a project.
I have below questions.
1. Is it possible to backup app data without root and without adb as app doesn't allow backup. I don't want to root my phone and i don't have any custom recovery.
2. If above question's answer is "No" then is it possible that i sign and update mod of an app on top of already installed original app from play store. I don't want to uninstall previous app i just want to update app with different signature. My device is not rooted and i don't have any custom recovery.
Thanks in advance
An app's data is stored either in /data/data/<pkg-name> or in /Android/data/<pkg-name> what depends on Android version and/or app. To successfully backup these data Android OS must be rooted, AFAIK.
self-signed app will treated as other app, so this is not possible. some apps however could be downgraded to older version with adb backup allowed (for example WhatsApp)
starting with api level 30 the flag android:allowBackup="false" seems ignored
https://www.xda-developers.com/android-11-force-app-local-backup-restore-handicap-cloud-backup
starting with api level 31 different flag android:debuggable="true" is required for adb backup
https://developer.android.com/about/versions/12/behavior-changes-12#adb-backup-restrictions
so your only chance is find the proper OEMs D2D transfer app (like Samsung Smart Switch for Samsung, Phone Clone for Huawei, etc.)