Will installing anti-theft softwares as system app helps? - Security Discussion

I came across this video recently, on Youtube:
Title: Short Film: Find my Phone - Subtitled by Anthony van der Meer
https://www.youtube.com/watch?v=NpN9NzO4Mo8
At about 2:38 minutes into the video. He talks about how he install the anti-theft app as a system app which doesn't allow resetting the phone to remove the app.
So I was thinking. As a safety precaution, because I have everything in my phone and don't want it to fall into the wrong hands. If I would to install any anti-theft app as a system app using apps like Lucky Patcher. Then if the thief decided to do a factory reset on my phone. Will it remove the anti-theft app and will I still be able to have full control over my phone?

xeCloud said:
I came across this video recently, on Youtube:
Title: Short Film: Find my Phone - Subtitled by Anthony van der Meer
https://www.youtube.com/watch?v=NpN9NzO4Mo8
At about 2:38 minutes into the video. He talks about how he install the anti-theft app as a system app which doesn't allow resetting the phone to remove the app.
So I was thinking. As a safety precaution, because I have everything in my phone and don't want it to fall into the wrong hands. If I would to install any anti-theft app as a system app using apps like Lucky Patcher. Then if the thief decided to do a factory reset on my phone. Will it remove the anti-theft app and will I still be able to have full control over my phone?
Click to expand...
Click to collapse
If you can install an app in system, it could be deleted the same way. You probably have recovery too, which means the system partition could be completely wiped and new rom installed. But even if your bootloader is locked and there is no root, a thief can simply flash OEM firmware, which will wipe all partitions including system.
The video and the app in there do not provide any security against someone who knows what he/she is doing. Instead of installing stupid apps that expose your phone to the internet, you could simply write down your phone's IMEI, which in most cases cannot be changed even if you wipe both system and data. Then, you can ask for police and your carrier help: they would be able to locate the phone regardless of a rom or simcard...

optimumpro said:
If you can install an app in system, it could be deleted the same way. You probably have recovery too, which means the system partition could be completely wiped and new rom installed. But even if your bootloader is locked and there is no root, a thief can simply flash OEM firmware, which will wipe all partitions including system.
The video and the app in there do not provide any security against someone who knows what he/she is doing. Instead of installing stupid apps that expose your phone to the internet, you could simply write down your phone's IMEI, which in most cases cannot be changed even if you wipe both system and data. Then, you can ask for police and your carrier help: they would be able to locate the phone regardless of a rom or simcard...
Click to expand...
Click to collapse
Let's assume the thief that stole my phone doesn't know how to do a complete wipe just like the one in the video. At best. He did a factory reset on my phone and start to use it as he's own or sell it away immediately. So does the anti-theft app still works?

xeCloud said:
Let's assume the thief that stole my phone doesn't know how to do a complete wipe just like the one in the video. At best. He did a factory reset on my phone and start to use it as he's own or sell it away immediately. So does the anti-theft app still works?
Click to expand...
Click to collapse
That would depend if the thief has a data plan or connects to Wi-Fi regularly.
Most find my device apps work from internet connections and gps.
And most thieves know that .
The other ones pull the battery until it's sold or the smart ones sell the parts.
But yes if you get lucky enough to find a thief who steals your phone
And can't use Google but still wants to connect your device to the internet
There is a chance you might catch him and get your phone back.

We dont allow discussion of piracy/fraud related apps such as lucky patcher on XDA.
Thread clsoed.
xeCloud said:
I came across this video recently, on Youtube:
Title: Short Film: Find my Phone - Subtitled by Anthony van der Meer
https://www.youtube.com/watch?v=NpN9NzO4Mo8
At about 2:38 minutes into the video. He talks about how he install the anti-theft app as a system app which doesn't allow resetting the phone to remove the app.
So I was thinking. As a safety precaution, because I have everything in my phone and don't want it to fall into the wrong hands. If I would to install any anti-theft app as a system app using apps like Lucky Patcher. Then if the thief decided to do a factory reset on my phone. Will it remove the anti-theft app and will I still be able to have full control over my phone?
Click to expand...
Click to collapse

Related

[Q] Hard Baking in Security?

Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
DroidBois said:
Does anyone know if it would be possible to bake in security like Wave Secure type of thing in to custom ROMs? I've always thought Wave Secure is a bit pointless if a simple factory reset would clear it and therefore leave the phone ready for the thief or new owner to use as they see fit.
Another layer, not perfect, but still another layer that a thief or finder may not be immediately aware of would be to bake in some security features like tracing or locking in to a custom ROM so even a factory reset wouldn't remove it, possibly something in to the boot loader itself?
Has anyone thought of this?
Click to expand...
Click to collapse
People do and have bundled things into roms - often dropping them into /system/app directory, though I don't think anyones gone as deep as into the bootloader?
Though, if your phone is rooted, and your installed the app to /system/app, then a thief could in theory just flash your phone faster than if your phone WASNT rooted. They don't even need to root your phone at that point.
An interest aspect of hardening this, might be to compile your on recovery/bootloader that would require a password to get into.
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
The tough pay as I see it would be everyone would need their own custom ROM.
Sent from my SPH-D700 using XDA App
Xerloq said:
I think what he's saying is to add the wave secure or similar app into the ROM so that if the thief does a quick "reset to factory settings" after lifting the phone, the security app would survive, perhaps long enough to recover it.
Most thieves would just wipe the phone (if that) to flip it and might not take the time to flash a new ROM.
Click to expand...
Click to collapse
Yep, that's it. I'm assuming most thieves would not recognise a custom ROM or know what to do with it. At least buy some time to try and locate and recover the phone. Only time I'd want a front facing camera.
So what happens if they replace the SIM though? Sending SMS's is nice, but only if your number is still working with that phone. A hard baked security system would send an SMS when the SIM was changed at least.
You shouldn't make a ROM to put an apk into /system/app. You can simply push it through ADB or via terminal emulator. That will atleast survive a factory reset. I don't think many thieves actually take the time to flash a new image
So this is all we need to do? Use the ADB method? So I push through WaveSecure, that could survive a factory reset with settings intact?
Something baked in to recovery would be awesome too.
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
RAMMANN said:
as far as I know when pushing an apk via adb into system/app then only the app itself is stored there, not the settings. the settings are gone after a system wipe. there needs to be some logic in the app to connect to a site and retrieve your settings from there... using your phone's ID or something.
Click to expand...
Click to collapse
The application itself will survive - but wouldn't all it's data, which still resides in /data/data be wiped?
So yes... the app survived... But it no longer knows who you are, or whose phone it is.
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
tbaker077 said:
I think the just release CDMA/GSM Droid Pro may have the security you are looking for?
Click to expand...
Click to collapse
It's a bit extreme to fork out another $700 on a new phone just for this. The whole point is to avoid spending money in case of theft or loss
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
tbaker077 said:
Well part of my unspoke point is this is XDA-Developers, I sure there is a ways(one the rom comes out) to port some of those security files to other Android devices.
Click to expand...
Click to collapse
Didn't quite understand you, are saying it is possible to bake in some security?
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
tbaker077 said:
I think once the Droid Pro, which has it baked in, is either rom dumped and extracted, or rooted then I think it could be possible.
Click to expand...
Click to collapse
So something *is* possible via software, not requiring special hardware?
Once some gimboid puts in their own SIM you'd think that you can't send an SMS to control the phone although WaveSecure seems to cover that too.
I'd like something as subtle and as invisible as a good virus. Bootloader would be ideal. Theoretically then a full factory wipe wouldn't clear it.
I couldn't tel you. All I know is the Droid Pro is a 3G CDMA. GSM device with some special enterprise security features/software aimed at the BB users.
Doesn't really help us then if that's only available on the Droid Pro.. For the rest of us we still need to work out how to bake in WaveSecure or, ideally, something very subtle. If someone takes my phone I want to nail the little turd, or at least embarrass him when the phone siren goes off or he gets a loud spoken message or something.
Another point, with IMEI numbers, is this of any use if you bought your phone outright? I.e. if my phone is stolen, I can't get the IMEI blocked can I? And can IMEI numbers be changed?
This may meet your needs/requirements. It is called lookout mobile.
https://www.mylookout.com/
I know Paul at Modaco bakes wavesecure into his roms.. not sure if the data would survive a wipe but then whats the point of baking it in system if it doesn't right? Check it out:
Version R9: (requires membership)
http://android.modaco.com/content/h...-rom-for-htc-desire-online-kitchen-2-2-froyo/
R8: (Free for all)
http://android.modaco.com/content/h...for-htc-desire-with-online-kitchen-2-2-froyo/
Okay.. Just found out. This explains everything!
https://www.wavesecure.com/blog/how-to-make-wavesecure-hard-reset-proof.aspx

[Q] Trigger Factory Reset in CWM Recovery

I'm loving to try out the CM7 builds and other custom ROM, but at the same time I'm concerned with all the security risks of an unlocked bootloader and cwm recovery.
I wanted to know if there's a way to trigger a factory reset to remotely wipe the phone using the clockwork recovery. Anyone know of anything done like this?
I know there are apps out there that trigger a remote wipe by going into the stock recovery but, when that happens on CM7 for instance, the phone just goes on that Exclamation Mark screen since the stock recovery was overwritten.
Since CM7 can actually reboot to cwm recovery, would there be a way to issue a command to reboot to recovery AND perform a factory reset (or one that would bring back the stock recovery and then do the wipe).
Am I talking nonsense here? I just wanted to minimize risks with a phone theft for example, by wiping everything (I can wipe the SD card already, but am now concerned with the system itself).
Thanks!
You're just being too paranoid. Unlocking your bootloader won't affect anything.
Besides.. the chances are, if a person stoel your phone. I seriously doubt that they have any knowledge of recovery and all these other things that most users on XDA know.
If they do know, then the chances of them stealing your phone are low. I mean really, what individual with knowledge of flashing different ROMs and all these other things would have the audacity of stealing your phone? Only chance is if you lost your phone (not insulting anyone but I don't think people would have the courage to steal a phone from you if they are so knowledgeable in flashing)
And you can always go to http://market.android.com and download "Plan B" onto your phone.
https://market.android.com/details?id=com.lookout.labs.planb&feature=search_result
After you install it, Plan B will start locating your phone using cell towers and GPS, even if you didn't have GPS switched on. Your location will keep updating for 10 minutes, and you will get an email each time it is located, whether the phone is moving or standing still. You can start the process again by texting “locate” to your number from any other phone. In order to locate your phone, we send you a text via SMS, so standard message rates apply.
Click to expand...
Click to collapse
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
fabio008 said:
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
Click to expand...
Click to collapse
? I don't get the point that you're making of "unlocked bootloader" vs. "locked bootloader." It's the same thing, it just allows more freedom. Phones that aren't Nexus run on a locked bootloader and such. They're able to flash ROMs and do all that.
And Plan B is a last resort app, its not supposed to be used a security app. Thats what their primary app, Lookout is for.
Stop being paranoid, if somebody steals your phone. The chances of them knowing about recovery and doing all of that are VERY LOW.
If its something that bothers you just put a security lock on your phone and Lookout or any other related app. Report it to the police and they'll help you retrieve it.. unless thats something Brazil doesn't offer.
fabio008 said:
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
Click to expand...
Click to collapse
You can use Autowipe app and use a pin code to lock ur screen. Autowipe has options to wipe ur phone after 'n' number of unsuccessful attempts to unlock ur screen. You can also set options in the app, to wipe ur device when sim card is changed.
Sent from my Nexus S using XDA App
zephiK said:
? I don't get the point that you're making of "unlocked bootloader" vs. "locked bootloader." It's the same thing, it just allows more freedom. Phones that aren't Nexus run on a locked bootloader and such. They're able to flash ROMs and do all that.
And Plan B is a last resort app, its not supposed to be used a security app. Thats what their primary app, Lookout is for.
Stop being paranoid, if somebody steals your phone. The chances of them knowing about recovery and doing all of that are VERY LOW.
If its something that bothers you just put a security lock on your phone and Lookout or any other related app. Report it to the police and they'll help you retrieve it.. unless thats something Brazil doesn't offer.
Click to expand...
Click to collapse
I understand the chances of knowing about recovery are indeed very low, still, locked and unlocked bootloader have a significant difference when talking about access to your phone's data. With 2.3.3 now, there is no way to flash cwm if you have a locked bootloader (unless you completely erase your phone), while having it unlocked allows you to access everything from the modded recovery (considering you have the expertise).
It is a long stretch but I just thought it was worth discussing additional security possibilities when you're not completely "stock".
kirdroid said:
You can use Autowipe app and use a pin code to lock ur screen. Autowipe has options to wipe ur phone after 'n' number of unsuccessful attempts to unlock ur screen. You can also set options in the app, to wipe ur device when sim card is changed.
Click to expand...
Click to collapse
Yeah, I actually have a pin code and WaveSecure installed, so for the most part I think it works OK. But their wipe function is not that great, it leaves a lot of stuff behind.

[Q] Password protect the device administrators in security settings?

Phone is a Droid Incredible running the latest stable CM7 (7.0.3)
----------------------------
I recently installed seek droid and a few other applications meant to protect my phone in the event of malware download or the phone is stolen. I noticed though that if someone goes in and removes these devices from the admin group that they can just be uninstalled. I realize the lock screen is there to protect the phone but if they do get in they can very easily uninstall the programs I would be depending on to get my phone back.
Now I know someone could just wipe the device using the factory reset in clockwork mod but yeah ... anyway I am looking to see if there is a way to secure the security settings or the device administrators section with a separate password of some sort? Or maybe there is a program that will do it? I tried Seal but it only seems to do app locks and it doesn't require administrator privileges so it can just be uninstalled anyway.
Thanks for any help. I have been looking around for awhile and come up with nothing so I am not expecting much but figured this would be the place to ask.
There are such tracking apps that require root but will be installed into /system and thus even survive a factory reset.
I think you can install any app to /system through a bit tinkering.
Some allow to change the icon and app name to hide its true purpose.
In the end, if the person knows what he is doing, you can't stop him.
Thanks for the advice. I realize if they know what they are doing they can get it off somehow but would be nice to not have an obvious app sitting in the drwaer called 'seek droid' that can then just be easily uninstalled.
Thanks again.

[Q] Security of CM7 or other ROMs

Hey all,
I would post this on the CM7 thread in development, however I don't have 10 posts to my name, so it's here. I also didn't see anything via searching the Q&A with security of CM7 or other ROMs. If I am wrong, or it's been posted, I apologize!
I read all of these posts on the internet about jail-breaking iDevices via SSH, and it made me wonder if a rooted phone has the same vulnerability (via SSH or other method) that could compromise my phone.
Currently, I have TWRP with CM7, and back-ups of everything, so if I do manage to catch something nasty, I have no problems with restoring. But I'd like to avoid all of that in the first place. I realize pretty much all of this can be avoided with smart internet surfing, avoiding un-trusted apps, and making sure the unknown sources setting is unchecked. Anything else?
There's the app called "look out" I think that's a great app for stopping malware from apps. Or you can go with any anti virus app on the market
Sent from my PG06100 using xda premium
Lookout is a great app, though I personallly prefer Avast as it has the ability to firewall and has a killer anti-theft service that can stay on the device even if the thief factory resets it
Pretty much just common sense, like you said.
- Uncheck "Android debugging" (ADB), "Allow mock locations" and "Unknown Sources" in Settings>Applications>Development.
- Never install Apps that didn't come from the Market (Google Play, whatever). Review the permissions before installing an app... isn't it odd that your notepad app needs internet access, account access and network-based location capabilities?
- Revoke unnecessary permissions and auto run conditions for your apps (I use Gemini App Manager for auto run).
So, I looked at Lookout (no pun intended), and it's ok. I haven't tried Avast yet, and I have Sprint, so I'm looking at it's Total Equipment Protection app as well.
Another question: how effective is the Superuser app at blocking requests for root? Does it intercept all requests or only apps? I understand that getting root via the terminal emulator on the phone needs the superuser, but using the computer to run commands through the shell doesn't (I think). So, if the Superuser app can't prevent USB debugging without permission, what are my options in case my phone gets stolen?
smmiller506 said:
So, I looked at Lookout (no pun intended), and it's ok. I haven't tried Avast yet, and I have Sprint, so I'm looking at it's Total Equipment Protection app as well.
Another question: how effective is the Superuser app at blocking requests for root? Does it intercept all requests or only apps? I understand that getting root via the terminal emulator on the phone needs the superuser, but using the computer to run commands through the shell doesn't (I think). So, if the Superuser app can't prevent USB debugging without permission, what are my options in case my phone gets stolen?
Click to expand...
Click to collapse
Superuser app will prompt you for anything thats asking for root access... When I first rooted my shift I had to grant adb shell superuser permissions...
And honestly if your phone gets stolen, it's gone... We had a user that had has phone stolen and the police nor sprint could do anything about it, even though he knew where the phone was... Here is the thread...
Sent from my PG06100 using Xparent Blue Tapatalk 2
drob311 said:
Superuser app will prompt you for anything thats asking for root access... When I first rooted my shift I had to grant adb shell superuser permissions...
And honestly if your phone gets stolen, it's gone... We had a user that had has phone stolen and the police nor sprint could do anything about it, even though he knew where the phone was... (LINK REMOVED)
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
You know what, you're right about the Superuser part. So, that's good. Now I just need to lock down the recovery (TWRP).
On a side note, it is no longer illegal swap ESN/MEID info anymore, so long as you own the phones involved. I think that was passed by Congress around the same time as the whole jailbreaking thing, however with the new laws coming out soon in regards to the national database of bad phones, that may change.
fayrarri said:
Lookout is a great app, though I personallly prefer Avast as it has the ability to firewall and has a killer anti-theft service that can stay on the device even if the thief factory resets it
Click to expand...
Click to collapse
I use avast too you can select root installation. On a side note about security having root doesn't make your phone any less secure. User error makes things less secure like not checking permissions of a app before installing it.
Yeah but its not just about knowing who took your phone or where it is, the remote wipe can be helpful to remove sensitive data from the phone
fayrarri said:
Yeah but its not just about knowing who took your phone or where it is, the remote wipe can be helpful to remove sensitive data from the phone
Click to expand...
Click to collapse
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
drob311 said:
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
I would pay a good 10 bucks for that app!
Sent from my myTouch_4G_Slide using Tapatalk 2
I realized something unfortunately - the recovery and bootloader can't be locked down, which means that any apps loaded onto the phone can be easily deleted. So, that kinda makes locking the phone down to prevent data theft on a stolen device pointless.
Thoughts on locking the recovery and/or bootloader down in case of a stolen device?
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
drob311 said:
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...
Sent from my PG06100 using Xparent Blue Tapatalk 2
Click to expand...
Click to collapse
Knowing me I'd brick the phone and then find it two days later in my car
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
fayrarri said:
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
Click to expand...
Click to collapse
sparksco said:
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
Click to expand...
Click to collapse
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.
However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.
I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
fayrarri said:
Knowing me I'd brick the phone and then find it two days later in my car
Click to expand...
Click to collapse
But if you activated the brick app, your phone would have already been reported stolen to assurion and put on the bad esn list, even if you find it, it can't be re-activated...
Sent from my PG06100
Lol yes I realize that, just making a joke
smmiller506 said:
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.
However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.
I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
Click to expand...
Click to collapse
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
sparksco said:
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
Click to expand...
Click to collapse
I completely agree with you on this one - data security is more important than anything else. Which is why I'm curious about the security of rooted phones - I enjoy the features of a rooted phone and hate the bloatware/jail-cell environment of a stock phone to give up root.
I will assume that the chances of a thief knowing how to use a rooted phone are pretty good. So, if I can lock down Android and root permissions in the OS, how can I do the same to the bootloader and/or recovery to achieve ultimate security?

Is it possible to lock CWM and Download Mode?

Just wondering, is it possible to password lock CWM and Download Mode, so that a thief or anyone else who doesn't know the password cannot flash another rom?
elevul said:
Just wondering, is it possible to password lock CWM and Download Mode, so that a thief or anyone else who doesn't know the password cannot flash another rom?
Click to expand...
Click to collapse
No, it's not possible.
Theonew said:
No, it's not possible.
Click to expand...
Click to collapse
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
Even if you could, there would always be a way around it, and if not, i doubt you'd see the phone again anyway. That is unless you have tracking software enabled, but if they know enough about android to know about the recovery and download mode, chances are they'd take the sim card out and go somewhere without gps coverage to give themselves time to get around that.
Bottom line, it would be pointless, if they wanted to get into it badly enough, they would
maxib123 said:
Even if you could, there would always be a way around it, and if not, i doubt you'd see the phone again anyway. That is unless you have tracking software enabled, but if they know enough about android to know about the recovery and download mode, chances are they'd take the sim card out and go somewhere without gps coverage to give themselves time to get around that.
Bottom line, it would be pointless, if they wanted to get into it badly enough, they would
Click to expand...
Click to collapse
Hmm, I don't really care about seeing the phone again, what I want is for them to have a useless brick on their hands, so that stealing it would become pointless.
Have a look on vodafone.it, There are instructions on how to get your phone blocked when it is stolen.
The english language version can be found here: http://www.vodafone.it/engl/services/theft_loss.html
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
Yes, it's very sad. I worry a lot about the security of my personal info, data, pictures, etc.. Before using Android I have a BlackBerry 2 years before.. And, that it was hard until without first erasing ALL data and internal memory. In android it is not, the files like pictures, videos, docs.. remain despite a wipe in CWM!! and the lockscreen its gone like factory reset... that's unacceptable . I think that is the main reason Im gonna switch to the hated iphone 5 from an S3... that phone with Encryption+PIN its very tough to unlock, confirmed by a forensic expert. The S3 encryption its useless due to the android recovery and download...
Honchay said:
In android it is not, the files like pictures, videos, docs.. remain despite a wipe in CWM!!
Click to expand...
Click to collapse
Just to clarify, this is only if they are stored on the (internal/external) sdcard and are not wiped.
Sent from my Nexus 4
elevul said:
So if someone steals it he can easily remove all security stuff put into it, by simply reflashing another rom...
What's the ****ing point.
Click to expand...
Click to collapse
I know this is an old post but someone else might find it useful, Avast! Anti-Theft is an awesome tool as it support root installation, so you can do a through wipe of your sd card (premium feature) also if your phone is stolen, it can automatically take a pic n upload it, even if they do a factory reset, the app is still there.
geminixx said:
I know this is an old post but someone else might find it useful, Avast! Anti-Theft is an awesome tool as it support root installation, so you can do a through wipe of your sd card (premium feature) also if your phone is stolen, it can automatically take a pic n upload it, even if they do a factory reset, the app is still there.
Click to expand...
Click to collapse
Cerberus does the same, is cheaper and much more reliable.
It should be possible somehow, even doing some hardware mods like bridging some pins to avoid download mode, actually recovery is lockable
philz touch recowery have a lock recovery by password. But i need close or lock Download Mode in Samsung S4

Categories

Resources