Hi,
I am just thinking about how to harden my smartphone for a vacation backpacker trip around Thailand lasting one month. Circumstances:
1) Free Wifi and VPN
I am going to buy a sim card with mobile data at the airport, no difficulties there (dual-sim smartphone). But every time I connect to a free wifi, all my data is send unencrypted until I connect to a VPN gateway. But in between there is enough time for every background service to exchange data. Security concerns justified? The wifi owner can attack via man-in-the-middle or simply capture data or websites with wireshark.
Solution:
setting up a Firewall?! 3G/4G allow all, wifi block all, vpn allow all ?
2) Loosing the smartphone
First fact - my external sd card is not encrypted as I got one corrupted very quick and all the apps using the feature got unusable. So the data can be easily read, I just keep that in mind.
Next, the smartphone will be locked with a security pattern, so the thief or finder wont be able to use it. On the lockscreen my name and adress is written, finders fee, etc.
Do you set up a cerberus for remote tracking, deeply integrated into the smartphone?
Do you sync your pictures directly to the cloud whenever you have a strong wifi connection?
Where do you store your passwords "offline" - paper in your wallet (I use Keepass for everything, I do not even know my passwords for e-mail, Google and Facebook since they are very strong)
Related
So I've had this HTC S743 for about 5 days and I thought I had it setup correctly to use wifi for data comm.
wifi enabled and selected to use my home network. I can see the radio tower status icon and my locally named network is also displayed.
Under the comm manager the data connection is off.
I have a very simple $45/mo plan with no monthly data plan.
Over the last 5 days I have been surfing the web a bit did some email tests with my ISP and used the on board GPS app which is horrible. Not heavy usage but experimentation to see if I like how the phone works.
After 2 days I get an email from AT&T that I have extremely high data usage exceeding my account limit (for having no monthly plan) and that I should sign up for a data plan at once.
$29 over 2 days for this little bit of fluff? A total of 2,900kb in data.
So I call up AT&T and they tell me this and that and want me to sign up for a plan which I may do. But I want to be able to know that the datacomm is happening via WIFI when I can see a selected WIFI is in service.
They also told me that all GPS data is forced through 3G and bypasses WIFI???
Can anyone here give me an idea about what I may be doing wrong and whether AT&T is correct about the GPS service?
Is there a better GPS app that doesn't do this? This one pretty much stinks anyway. A resolution of 1000 meters doesn't cut it.
AT&T also informed me that I can't have a smart phone without a data contract. Really? I've had one for 6 years like that but it wasn't WIFI capabale and too small to bother with web access.
Thanks for any light you shed on the subject.
One thing I have subsequently found out is that if data connection is off and WIFI is off then when I go into IE and start surfing it does bring up pages. Then when I go back to the Comm Manager the Data Connection to check the status of my connections it is still off for an instant and then it automatically turns itself on as though it had been turned on by use of IE and the status was just being updated.
Last night I installed a newer version of Google maps and was only able to install it via the web browser as opposed to via the Activesynch application on my PC. I was concerned that this might trigger turning on the 3G connection. So I had it set up for a WIFI connection ONLY and installed the app. Afterwards I went into the connection manager and once again the data conn. was turned back on so it's possible that it utilized AT&T's 3G network instead.
Is there any way to control or stop this?
GPS data doesn't have anything to do with 3G/Wifi data......
I know it's supposed to be positioning via the satellites through the GPS antenna but the the description data is coming over the network right? So it appears that even though I'm setup for WIFI access and it's showing as connected with an IP address etc. when I try the Googlemaps GPS app it turns the data conn. for 3G back on.
Thanks for chiming in ...
I have been copying over and installing some new apps to try out this morning via usb. WIFI is on and I'm loged in. None are datacomm oriented that I know of (unless they'r trying to make an internet access to notify about being installed) none the less I just checked again and my data conn. is once again turned back on. Is this typical behavior for a windows mobile phone (6.1) or is this just an AT&T "feature".
Sorry, I don't have a WM6 phone!
Ok, so, I have an OpenVPN setup at home, and I'm connected to it with my phone. I've been using VPNs for years and based on my previous experiences, I have a thought, and a couple questions...
Does every single packet go out through the VPN or only the ones destined for an IP on the private subnet? If it indeed passes every packet over the VPN (as with others I've used), why couldn't one just tether it after that? Would all data not then go over AT&Ts network and out to the internet via my home connection?
I've actually been musing about this for a while, but never bothered to actually connect my phone to my home VPN until now to even think about trying it.
Anybody have any unique insight on this?
N0ctrnl said:
Ok, so, I have an OpenVPN setup at home, and I'm connected to it with my phone. I've been using VPNs for years and based on my previous experiences, I have a thought, and a couple questions...
Does every single packet go out through the VPN or only the ones destined for an IP on the private subnet? If it indeed passes every packet over the VPN (as with others I've used), why couldn't one just tether it after that? Would all data not then go over AT&Ts network and out to the internet via my home connection?
I've actually been musing about this for a while, but never bothered to actually connect my phone to my home VPN until now to even think about trying it.
Anybody have any unique insight on this?
Click to expand...
Click to collapse
It entirely depends on how your VPN is set up. You can set up a VPN that will require all traffic to be routed through the VPN, or you can set up a VPN to only route traffic destined for that internal network to be sent over VPN.
And there's no reason you couldn't do that. If they are indeed detecting tethering by the content of data, you could set a VPN to pass all traffic through the VPN, and encrypt it so that they would never know what data was actually being sent. The biggest thing to be aware of is speed. If you are passing all traffic through VPN, your internet speed will immediately be reduced to the maximum speed your home internet connection can upload data. So if your home internet is 1 Mbps up, then your max speed is going to be 1 Mbps up now because you have to wait for that system to send the data along (plus overheads for encryption and processing of data, etc).
AJerman said:
It entirely depends on how your VPN is set up. You can set up a VPN that will require all traffic to be routed through the VPN, or you can set up a VPN to only route traffic destined for that internal network to be sent over VPN.
And there's no reason you couldn't do that. If they are indeed detecting tethering by the content of data, you could set a VPN to pass all traffic through the VPN, and encrypt it so that they would never know what data was actually being sent. The biggest thing to be aware of is speed. If you are passing all traffic through VPN, your internet speed will immediately be reduced to the maximum speed your home internet connection can upload data. So if your home internet is 1 Mbps up, then your max speed is going to be 1 Mbps up now because you have to wait for that system to send the data along (plus overheads for encryption and processing of data, etc).
Click to expand...
Click to collapse
Yeah, I fully understand the performance penalties of pushing all data through a VPN. Really, I only tether my phone down at my workshop to update orders and print shipping labels. It's about 200MB a week, and I could do it over dialup if I had one. Not an issue at all.
Thanks a bunch for your thoughts. It's pretty much what I thought. I'll just have to brush up on my OpenVPN knowledge and see if I can make sure it's all routed over the VPN.
Note: Consequently, I just got a text message from AT&T letting me know I'd automatically been switched over to a tethering plan since I was still tethering. The rub here is I have not tethered my phone a single time in the last 3 months! I actually have a 2GB plan on my old Captivate that I've been using. I called into AT&T and the lady I got was really cool. She said there must be something triggering the tethering alert on their side and she filed an extension for me so I wouldn't get switched over automatically.
So, I don't know what AT&T is really using to detect tethering, but it's indeed throwing out false positives. I've also only used 809MB since the beginning of my billing cycle (November 21), so I doubt very much that it's excessive data usage. I use some interesting things like wifi connected file managers and remote web desktop, but surely those don't trigger it (?).
Ok, so, I just did a test using whatismyip.com. It shows my wifi gateway here at work when using wifi with the VPN on, and it shows the AT&T IP when connected with wifi off. So, that shoots the idea that all traffic will go over the VPN by default when connected. I guess I'm going to have to dig a little deeper to get it working that way.
The "Redirect Gateway" option in the VPN settings seems to work perfectly. I'll keep testing and see what I can come up with as far as a tether goes!
I wasn't sure where to post this thread, so I'll try here. I have zero signal in the building I work in. So I connect to my company's secure wifi network. I don't really browse any webpages while at work, but I use hangouts and use the wifi to send and receive messages. I don't want anyone seeing my conversations or any other data on my phone for that matter. I've read that network admins may possibly be able to read messages, emails, browsing history, view gallery etc. I'm new to all this, so I googled and it seems that a VPN might be what I'm looking for. Will this secure my phone and keep all of my information hidden and safe?
it's hard . as long as you connect to the wifi, the network admin has way to get your infomation
Services like Gmail or Hangouts are secure and IT admins will not be able to read your email/chats unless they're pro hackers and are really targeting you. Their firewall will probably have the capability to log browsing history though, but not go through your email/chat/pictures etc. If you use a VPN service on top of it, it becomes extremely hard to track your browsing, and your browsing history will also be private. In the eyes of your IT department you will only be having encrypted network traffic between your computer and the VPN service provider (you should choose a good VPN like Spotflux or Hotspot Shield - they are free and have premium versions with more features also). However, many/most company networks do not allow their users to use a private VPN service.
Device Settings Guide, Tips & Discussions
Part 1 - Connections
If you're new to this series or want to see the index, please read Post #2 first.
Wi-Fi
Click on Gear icon besides any network:
View supported Network speed and security
Auto reconnect: If on, automatically connects to this network when Wi-Fi is ON. Switch it off for backup Wi-Fi i.e. you can keep it ON for 5 GHz network and OFF for 2.4 GHz so that it always connects to 5 GHz automatically.
Manage Router: Opens up the router admin page by going to your Gateway IP Address.
IP Settings: Choose from DHCP or Static. If you want to use custom DNS, you have to use Static IP. If you want to know the Network info like IP, Gateway or Subnet Mask, choose Static once and note the displayed info.
Proxy: Set manual or auto-config proxy here.
Click advanced to show:
View device's MAC address and allocated IPv6/IPv4. Learn about MAC and IPs here.
Metered Network: If you set a connection as metered, you or device can restrict background processes, big downloads and save data.
Randomized MAC: Devices are supposed to have a permanent MAC but this could be used to track you. From Android 10, you get an option to use randomized MAC each time your device connects to Wi-Fi. You can disable this if you use MAC Filtering on your router.
QR Scan (icon on top-right): Connect to Wi-Fi without entering password. Use a device that is already connected to the network and scan the QR code displayed by the former.
Menu > Wi-Fi Direct: Turn on Wi-Fi Direct on a nearby device as well to transfer files wirelessly and fastly. Works best with Samsung Devices and it does NOT require connection to a Wi-Fi network. You get speeds maxed out at the supported wireless speed of your devices! It is a better and more secure alternative than ShareIT or JioSwitch.
Menu > Advanced:
Sync with Samsung Cloud: Backup your Wi-Fi usernames and passwords and use the same on synced devices.
Switch to mobile data: If your Wi-Fi network quality drops, use mobile internet directly even if Wi-Fi is still connected (needs Mobile Data to be ON). You can add (Wi-Fi) Network Exceptions to prevent switching. Get notified to Allow individual apps to switch to mobile data i.e. if WhatsApp is blocked on your college Wi-Fi, you can allow WhatsApp to use Mobile data while keep using the Wi-Fi!
Turn on Wi-Fi Automatically: Your device will automatically enable Wi-Fi where you use it frequently. For example, you or your device can turn off your Wi-Fi when you go out and you won't need to enable it again when you get back home (you can configure the frequent networks after they appear here). Tasker used to handle this job for me (try IFTTT for simpler setup) but now the OEM solution is more optimized.
Wi-Fi power saving mode: For example, if you get WhatsApp messages every 30 minutes on average, the device learns about this traffic pattern and can toggle Wi-Fi accordingly to fetch notifications every 30 minutes. I keep this disabled as my usage pattern is dynamic like most of you. Better use App Sleep or Hibernation Apps like Greenify to save battery. Learn more about this mode here.
Wi-Fi control history: View apps that have toggled Wi-Fi recently. You can figure out if there's any culprit app that is toggling your Wi-Fi frequently when you have explicitly turned it off/on.
Hotspot 2.0: Automatically connects to APs that support Hotspot 2.0 or 802.11u. Network providers are themselves upgrading existing Wi-Fi in public areas like airports and encryption is a must for Hotspot 2.0 so you can trust and rely on it while you don't have to manually guess the right network. Learn more about Hotspot 2.0 here.
WPS push button; WPS PIN Entry: (Pie doesn't support WPS but Google says it's coming back, Read here) Connect the device to WiFi by pushing WPS button on the router or entering WPS PIN in case these are enabled on the router. Learn about WPS here.
Install network certificates: Normally not needed. Some organizations would need you to install certificates to access their domains. Same as what you do on a PC to install certificates.
Wi-Fi Calling
(Formerly VoLTE calling) Uses Wi-Fi to transmit voice instead of the mobile network but they still appear to be done via your SIM or number. This saves your mobile plan and also beneficial when you have low mobile network inside your home but good Wi-Fi! You'll see the SIMs in case the carrier supports VoLTE calling. #JioWaale
Bluetooth
When the Bluetooth is ON, you can STOP/SCAN for nearby devices manually. Keep BT on for playing with the following settings.
Menu > Advanced:
Sync with Samsung Cloud: Note that this only sync Samsung devices like Galaxy Home Speakers and Galaxy Buds.
Music Share: Enables your friends (or else) to connect with a speaker connected to your phone without requiring you to unpair and them to pair with the speaker. Useful in cases like you want your car to be always connected to your device. However, on a trip, your friend wants to play music from his phone while you drive. Get more explanation here.
Ringtone sync: Sync the ringtone you set on your phone to the connected speaker. I did not know they played different tones!
Bluetooth control history: Similar to 'WiFi control history' above.
Block pairing requests: Block spammers to request pairing.
Bluetooth scan history: Shows apps that scanned for BT devices. Review this once in a while as Apps can scan even when the BT is off!
[Discontinued] Dual Audio: Enables your device to connect to 2 different audio devices and play the same audio on both of them. Samsung explains this here.
[Discontinued] Media volume sync: In case the connected audio device supports this, you can change the player's volume by your device's volume rockers by enabling this i.e. you don't have to manually raise the volume to the fullest on both your device and the connected player to get the highest volume possible for your house party.
[Discontinued] Phone visibility: (Moved to Separate section after Bluetooth in Pie, please tell if it works for BT as well) Allow devices (with Samsung Connect) to find your device for connection. You can disable it unless you live in a Smart Home or transfer files from other devices more often. Learn more about this mode here.
NFC and contactless payments
It's turned ON by default on a new phone so do turn it OFF first. Samsung Pay will turn that ON if needed. Samsung Pay uses only NFC now starting from S21. MST is discontinued though no other brand could use this for payments. In case you don't know about MST (patented by LoopPay), must-read here. More information on the discontinuation in the FAQ.
[Discontinued] Android Beam: Allows you to share stuff when you tap your phone with some other-phone-with-already-enabled-NFC.
Contactless payments (Formerly Tap and pay): Select the default app for Payments and Others. Your default app will open up when you, for instance, tap your phone on an NFC-enabled POS (of course you need NFC to remain ON beforehand).
Pay with currently open app: By enabling, if currently opened app supports payment, it will used instead of the default app above. I have kept it enabled because I don't want Samsung Pay to open up when I know I am going to use GPay!
[Discontinued] Default NFC Method: By default and normally needed, 'Auto select'. In case you are the curious breed, learn about the different options here.
Flight Mode
Disables your operator's network. Since enabling this will also disable Wi-Fi and Bluetooth altogether, you can turn back these two on without toggling flight mode.
Mobile networks
Data roaming: Enable it if your carrier doesn't charge you for roaming or you're rich enough.
Network mode: By default, 'auto connect'. You can play with the options in case you're facing network mode changing issues or want to save battery (put to 2G only). If your region does not have 5G yet, you can go back to 4G/LTE to save battery!
Access Point Names: I recommend you to request or configure your operator's settings for the first time even if it had been automatically fetched. Nerdy guide here.
Network operators: Suggest usage?
Data usage
Data saver: Formerly known as 'Restrict background data'. Your background apps will stop using network data i.e. you'll receive WhatsApp notifications only when you open the app again. You can also whitelist apps in 'Allowed to use data while Data saver on'. This feature can help a lot in saving battery or making you check the phone less when you're hanging out with your girl. Me no girl so no enable!
Mobile data usage; Billing cycle and data warning: Do check this in a while to review the apps that use most of your mobile data (maybe you don't need those apps that much on mobile data); Change your operator billing cycle, set data warning and enable data limit in case your operator doesn't give you free GBs. The app options you change here will be reflected in the Data saver section above.
Mobile data only apps: You can choose apps that you only want to use mobile data. Useful in case your organization's Wi-Fi blocks some apps like WhatsApp. This is related to 'Allow individual apps to switch' in the Wi-Fi section.
Wi-Fi data usage; Restrict networks: Like mobile data, you can also review your Wi-Fi usage! Do review it once in a while to identify data-hungry apps that can affect battery and CPU as well. The apps you disable here for background usage will be blocked while Mobile Data is on OR the Wi-Fi is metered. Please confirm?
SIM card manager
Select Icon, Name and Network mode (described above) for the corresponding 'SIM slot' (not the SIM). Select preferred slot for calls, messaging and data. Learn about Smart Dual SIM here.
Mobile Hotspot and Tethering
Mobile Hotspot > Advanced:
Wi-Fi sharing: In addition to mobile data, you can also share your Wi-Fi. This can be helpful in case you don't want to reveal your network or its credentials or don't know about them. Also, your device can become a repeater for devices that are too far away from the Wi-Fi (keep your phone on charging).
Security: Use 'WPA2/WPA3-Personal' (Learn about wireless encryption here).
Timeout: Keep timeout low so that hotspot turns itself OFF earlier in case there's no client or change to 'Never Timeout' if you are going to need it for some time.
Hidden network: Enable 'Hide my device' to stop exposing your SSID.
Power saving mode: Similar to PMS in Wi-Fi Advanced. Keep Protected Management Frames (PMF) on by default and change in case the client doesn't support.
[Discontinued] Menu > Allowed Devices: Enter MAC addresses of clients you want only to connect to your hotspot. Same as MAC filtering in routers.
Mobile Hotspot > Auto Hotspot: You might get this ON by default. Turn it off! This enables your or family devices to share your internet connection via Hotspot. You know when you need it!
Bluetooth tethering; USB tethering; Ethernet tethering: Learn about BT/USB tethering here.
More connection settings
Advanced Calling & Messaging: Some iMessage kinda thing? Anyone?
Nearby device scanning: Although it uses Bluetooth Low Energy, I have it disabled. If you enable it, you get notifications for nearby devices like TVs that support connections through your device (will annoy you at airports).
Printing: Do download Google Cloud Print and any other printing plugin required by your or your organization's printer.
[Discontinued] MirrorLink: Learn more here.
[Discontinued] Download Booster: Uses both WiFi and LTE at the same time to download apps over 30MB from Play Store and Galaxy Apps. In case you want that app as soon as possible.
VPN: Configure your VPNs here in case you have. I use Psiphon. You can also manually configure profiles as you do on PC.
Ethernet: Yes, you can use a wired connection on your device too. Discussions here.
Private DNS: Supports DNS over HTTP/TCP and I recommend reading about this here. I use 1dot1dot1dot1.cloudflare-dns.com.
Series - Full Menu Guide Explained
Series - Device Settings Menu Guide
Hey XDA! I just got free from the initial setup of my Galaxy S22 Ultra. I don't know how many of you do this but I'm one of a kind that gives a considerable amount of time to explore every setting, feature and every single option whenever I get a new device or even when I factory reset the existing one. It's been years since I have started with this curiosity and I have never found an 'all-in-one' menu guide to explain each and every option in the device. Yes, you could also simply google the option you want to know about but how about compiling all of them in one guide? I don't know if this experiment would work or not but here's I am starting with this. I have spent the past three weeks taking out time whenever I could to compile this guide.
There are a couple of reasons I had decided upon to start with this series. Firstly, I want to help newbies (or even experienced) out there to explore and know about every feature or option your device could offer. I have seen many duplicate threads that are created every day to query fellow users even about an individual but unfamiliar option in the settings. I intend to do my bit to clear this clutter and help potential askers to get answers beforehand. Secondly, this guide could serve as a manual in case you want to find or get briefed about an option. You could then simply 'Find in a page' over the threads or simply use XDA's 'search in the thread' option to save your time. Thirdly, since I've broken the settings into different threads, this could help users engage and discuss over a particular device's super-menu and spread their knowledge, come up with new ideas and explore more of their devices. Fourthly, this series is not constrained to Note9 only. The settings on every Android device out there is similar and you would be able to find any common to your device settings here as well. Fifthly, since I have provided links and sources to some options, this can serve as directory map as well. Sixthly, this guide consists of tips for many options that you won't probably find normally.
This guide is intended and recommended to be read by anyone at least once. If you're reading a thread for the first, I recommend you to open up the corresponding settings in your phone and read the settings description in case there is. All the threads are arranged in the same order as the settings would come up. You could then simply read out my description of the same, my selected configuration and hyperlinks to some articles or videos in case you're the curious breed. This guide is strongly recommended after a fresh start. I want you all to give some time to explore each and every option your device can offer.
Hope this experiment lives up to the marks. Both criticism and appreciation are greatly needed and appreciated. Please comment.
I've tried to explain each option you could find by going deep into any setting. No matter whatever links I have provided, I will feel grateful if you want me to explain any feature more than I have done already. Please ask questions related to any settings. Do provide me suggestions and your take on my configuration. Please provide me with more guides and articles for a particular feature. I want to have the precious contribution of XDA members in this guide. Discussion over any feature, setting, your configuration, did-you-knows and anything else is greatly appreciated. This is a newbie-friendly place so don't hesitate to ask questions - besides the fellow XDA members, I'm always here for you.
Regards,
Paras Lehana
Index
Part 1 - Connections
Part 2 - Sounds and vibration, Notifications, Wallpaper and themes
Part 3 - Display, Lock screen, Biometrics and security
Part 4 - Advanced features, Device maintenance, Apps
Part 5 - Cloud and accounts, Google, Accessibility, General management, Software update, User manual, About phone, Developer options
FAQs
Why did Samsung discontinue MST for Samsung Pay? (Contributed by @sansart)
Ans: With big card companies like Mastercard ditching Magnetic Stripes due to security concerns, Samsung could be taking a step in this direction. Starting with Galaxy S21, Samsung discontinued MST and, in a statement, it added: "Due to the rapid adoption of near field communication (NFC) technology by consumers and businesses, beginning with devices launched in 2021, Samsung Pay will focus its support on NFC transactions, across the Galaxy portfolio. While future devices will no longer include magnetic stripe technology (MST), customers with previous, compatible Galaxy devices will be able to continue using Samsung Pay, including MST." (Source: The Verge)
Mastercard nicely explains about ditching Magnetic Stripes here: Swiping left on magnetic stripes
Good read, thanks! I think your NFC section needs updating though, Samsung no longer uses MST.
Updated. FAQ too. Thank you for contributing!
Since S22U is my upgrade after spending over 3 years with Note 9, I was doubting about the MST thing after the payment failed once. Now I have read about it. Thanks again!
sansart said:
Good read, thanks! I think your NFC section needs updating though, Samsung no longer uses MST.
Click to expand...
Click to collapse
Running a standard Galaxy S22 on Verizon. My employer, a cybersecurity company, forces me to use our company VPN on my phone, and the VPN icon is always in the notification bar up top. When I check in VPN settings, the option to run all the time is not checked, so I'm not sure when I'm actually connected through VPN. So several questions regarding this:
1. Is there a way to know when I'm actually going through the VPN and when I'm not?
2. Is there a way to temporarily disable the VPN? I've tried doing some things with smart devices around the house, and I can't connect directly to the devices unless I disable the VPN (at least, that's the message I've received from my Nest Thermostat and my Ring cameras). The only way I know is to delete the VPN service completely, but then I have to create a ticket with our help desk to have it reinstalled. That's why I'm looking to just disable periodically.
3. Can my employer see EVERYTHING I do on my phone including all browsing history and personal emails and texts?
Thank you
My guess is that an always-on VPN service - introduced with Android 7 - is running due to device settings controller setup what can't get temporarily deactivated.