Related
Dear XDA users,
I am looking to find a really secure rom. I dont want to run OEM corrupted roms which do gods knows what. I have googled for a good bit and I have found some areas which are interesting from a security perspective. However, there does not seem to be a holy grail when it comes to a secure rom at the moment. Paranoid Rom sounded oh so promising but has no additional security related features. Cyanogenmod is a nice custom rom with root disabled by default, which is a great improvement and makes it interesting as a secured non-OEM rom. You also have the NSA developed SE Android rom which you need to compile yourself but comes with a great list of additional features.
Can anyone recommend me a rom which is build to be secure?
Also lets have a discussion on features which you would like to have in a secure rom:
Hidden-TrueCrypt partition on SD card.
Fully encrypted memory
Password protected recovery
Tor network enabler with apps for the various anon services on onion networks (such as torchat, onionmail, etc.)
Location scrambler
Strict firewall with easy enable/disable mode
Remote lock-down
First question. Why?! Are you a spy or something?! There's nothing wrong with standard ROMs. There are antitheft apps available that can remote wipe the entire device including SD card if its ever lost or stolen. I can't think of any reason why you need that level of security on your device.
I believe a truecrypt partition can be mounted on the SDcard. As far as hiding it goes, I'm not sure.
As far as password protecting recovery, there's no tweak/hack for it. I understand the security concern with someone meddling with your phone and flashing a rom but it's called 'recovery' for a reason.
I believe tor is available for Android.
You can spoof your location with several apps. Wouldn't hurt to google it.
Cerberus can remotely lock-down your phone, retrieve contacts/call logs from a sim, etc...
Try compiling your own rom and cater it to your needs.
Whoa, why would you need that much security? I do suggest creation of your own Rom as mentioned this way all you're security needs can be met.
Sent from my Sensation Z710e using xda premium
privacy
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
My name is Bond. James Bond.
To answer your question no you cannot have that kinda ROM here. Root disabled?? pretty much every ROM here has it enabled. GPS can be disabled with one click. I'd suggest SIM lock through phones security settings, face lock for apps pro from the market and a nice cold beer to make you less paranoid. No offence but not even presidents want that much security.. Its a phone..
hjfkuiper said:
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
Your network provider is never going to know you use recovery or that you can gain access to your system partitions. They're not going to know you use root apps or that you have root access either. firewall you can obtain via the avast antivirus app in the market.
And I don't think you'll ever be able to cover your tracks when it comes to hiding who you call and text. The network company holds records of all calls and texts for billing purposes and only relase these in case of police investigations, with your permission. You can turn off your GPS, but you can still be located using the cell towers, which you need for reception, so you can't hide yourself completely. If you want internet access with out this just use wifi with a vpn or other such ip hider/rerouter and remove the sim card all together.
There is genuinely no need for this level of security on your phone. Like I said in my last post, if your phone is lost or stolen, you can always remote wipe your device so no one will know what you had on it, it'll just be a shiny brick.
hjfkuiper said:
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Jonny said:
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Click to expand...
Click to collapse
And Carrier IQ is not in any custom roms, and even if it was it can be easily deleted.
Cyanogen most certainly does NOT have root access disabled by default. Half the features on it wouldnt work without root access.
If you really need that kind of security the best answer is to not do whatever you need that kind of security for on your phone. Use another device.
Also, invest in a high quality tin foil hat.
Sent from my HTC Sensation using xda app-developers app
Hi,
First, not even 1% care about security and privacy in thiers phones. People just having fun not knowing what data is being leaked from thier phones.
I know what you mean, if you want to have secure ROM, use CyanogenMod and patch it with autopatcher - PDroid2.0, then block almost all permission to all apps (including system) and this will give you the best privacy. Also don't use gaps and remove bluetooth if you don't use it.
Use K-Mail with APG to encrypt your emails, use Ostel to make anonymous calls, use Tor as a browser.
I think CyanogenMod9 for Sensation has already Pdroid patch merged. I suggest it over CM10 as is more stable and faster.
Below are links that may be useful for you.
PDROID:
http://forum.xda-developers.com/showthread.php?t=1923576
Autopatcher:
http://forum.xda-developers.com/showthread.php?t=1719408
Guardian Project:
http://forum.xda-developers.com/showthread.php?t=1840929
Hardening Android Guide
http://forum.xda-developers.com/showthread.php?t=1954513
Have fun
THE_GENIUS
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Dun Dun Duuuuuuuuunnnnnnnnnnnn!! (sorry, couldnt resist ) :silly:
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Without DroidWall - yes, anything can leak, but with - no chance.
Thank you! This is the only helpful reply in a thread full of morons.
I'm in the same boat
I would like something similar. I know we have remote wipe, etc. However I would like to know that if I loose my device, the only thing I am loosing would be the device. Currently I am using ARHD 50.0. I can not get the local storage to encrypt. The Micro SD however can be encyrpted. So I am working to try and install all the apps I need, then move them to the microSD and force them to write data there instead of the default location.
It is a bit strange that this seems to not work well at all.
Android is rather secure. Every non-system runs in its own sandbox.
Follow these steps to get you phone really secure:
1. Encrypt internal storage as well as sdcard.
2. Go S-ON. Relock your device.
3. Remove custom recovery after ROM installation. Otherwise encryption can be broken. Especially if you're scared of NSA.
4. Use superuser to remove all apps you don't need, then disable superuser.
5. Disable ADB. Both USB and wireless.
Any "trusted" ROM capable of this is secure.
Happy to help.
Far_SighT said:
1. Encrypt internal storage as well as sdcard.
Click to expand...
Click to collapse
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
imma gonna get ma tinfoil hat
bastei said:
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
Click to expand...
Click to collapse
You need to use a ROM that supports it. I use ViperS 5.1.0 (Vipers 4 also supports this).
Not that because SD card encryption, other cards that you put into your phone will be read only until you decrypt external storage
Hi guys & girls,
I have a Desire HD, not a sensation smartphone, however maybe I can add helpful Info here.
I am just exploring the activity on all smartphones, so I can discover which devices have the most developers, people and support now =D
Which Smartphones have the most Developers and Users now, by the way? Thanks
Well, the Best Secure Rom, I think is only the Guardian Rom.
That Rom is develloped just with the propose to be most secure, emphatize on just security as a priority, after all the NSA & government & Intelligency Agencies Surveillance.
Era Post-Edward Snowden =D
I think the name of the great Developer is "x942".
The problem is, He is just one Develloper working on that, so not so fast developing and very few devices are supported.
(I think only Galaxy Nexus, Nexus 4 and Galaxy S2, not certain)
He has other security projects also, like "Secdroid" and his hardened kernel.
Second to "Guardian ROM" maybe:
BlackPhone
(But i think for while not so worth because all software and apps is just 3rd party apps opensource that we can install too on our smartphone. And not worth spend 600 euros/dollars i think. But is very good and opensource hardware).
CryptoPhone is a security project on Germany/EU too, based on era Post-Snowden.
But just a smartphone based on Galaxy S2 with software we can install by our methods too =)
I think the best and most secure but simultaneous with very strong developing/support/updates for future proof is really CyanogenMod.
But we need to deposit our trust on them still, even now that they are now a Company, not anymore opensource community like on old early days, when Cyanogen started =)
The best is Guardian ROM.
However just one great develloper can not support many devices and long and faster develloping like CyanogenMod as a fact.
About software and apps we have many:
But the popular/best are:
All apps of "TheGuardianProject" site like:
Orbot; Orweb; GPG; ChatSecure (Gibberbot); Ostel; Pixlknot; Obscura Cam; and so on...
Whisper Security apps:
RedPhone; TextSecure (WhisperPush on Cyanogen);
SilentCircle apps se can trust but i think are Paid.
Tor (orbot) , I2P, and MacChanger (MacMan, etc...) apps for Anonymity.
SecDroid as i said.
PDroid (but with kitkat i think se do not need anymore).
AfWall+ (Sucessor and total opensource of DroidWall, linux iptables firewall).
WiFi Protector (by Gurkedev, opensource wireless that protect us from Arp poisoning, MITM attacks like droidsheep, faceniff, other sniffers and packets captures...)
AdAway (opensource blockers of adware, spyware ads and popups)
Virustotal app =D
KeePassDroid (Password manager protected with encryption data base).
K-9 Mail with APG (opensource email with open PGP implementation).
And for TrueCrypt similar encryption and containers i think exist many apps already on market, but do not know which is the best yet.
EncFS is good also.
One great market just with opensource apps and a must have is
F-Droid.
If you want use your data connection with a VPN (Virtual Private Network) on my researches i discover and read some of the best are:
Free - > SpotFlux; HotSpot Shield; CyberGhost; SecurityKiss; HideMan; ...
Now the Best ones are Paid.
Some of the best ones:
MullVad
iVPN
NordVPN
TorGuard
Proxy.sh
BolehVPN
AirVPN
And the Countries with the Best Privacy Laws and Protection are:
Iceland ; Norway ; Romania ; Serbia ; Sweden ; Swiderland ; Luxenbourg ; Panama ; Seichelles ; Taiwan ; Hong Kong ; Malaysia ; ...
Well, hope I can help with something, and please if anyone know more Info about Security, Privacy & Anonymity tell also, and let all us know more knowledge =)
Cheers, Guys & Girls.
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Elanguescence said:
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
I heard my company is planning to go with these soon for entry level supervisors such as myself. I'm trying to figure out exactly what it is. All the specs and brochures from Motorola keep calling it a mobile computer in a smartphone "form factor" but never actually call it a phone. I didn't see anything in any of the specs to lead me to believe for sure that it was a phone or if it was just an Android computer in a smartphone form factor.
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Thanks.
- Byron
bfollowell said:
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Click to expand...
Click to collapse
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Elanguescence said:
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Click to expand...
Click to collapse
Thanks for the info but it looks like mine is going to be crippled.
Sort of a let-down really. Yes, it "can" be a phone. Or without a sim card it can be a really powerful Android based mobile computer. That's what it is going to be for most of us. Only a few supervisors with area management approval are going to get units with the phone features working. Still cool. Just not as cool as I'd thought it was going to be.
- Byron
bfollowell said:
Thanks for the info but it looks like mine is going to be crippled.
Click to expand...
Click to collapse
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Elanguescence said:
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Click to expand...
Click to collapse
I don't think they're doing anything all that special to cripple it. They just won't all have sim cards or a cell plan. Pretty much as simple as that.
I won't be doing anything to circumvent that though or rooting it or anything like that. It's not like it's a gift and it belongs to me or anything. After almost 22 years, I've kind of grown to like my job and getting a paycheck every two weeks.I'd kind of like to keep it for another 15 or 20 years. Who knows, maybe my manager will decide that I need cell service with mine.
I work for a large automaker in the U.S. We have over 2.8 million square feet under roof. Personally, I can be anywhere on in the plant, on the roof, in pits & sub-basements underneath or anywhere on or near the 50 acre plant site at any given time. A lot of what I need to do on a daily basis is through our intranet portal. They're putting in something like 500 new wi-fi repeaters/extenders all around the plant as well. They're purchasing these for over 300 first line supervisors at my site alone. I'm pretty sure they're doing this corporate-wide so I hate to think what they're spending on these things as a corporation. I'm sure it would bankrupt many small nations! In addition to giving us portal access away from the desk, these are meant to replace our aging industrial radio system. As expensive as these are, they're still much cheaper than $1.5 to $2k per person for a radio that has no other built-in functionality and these do seem pretty ruggedized.
Still a shame about the phone functionality though.
- Byron
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
FYI, in case anyone's wondering, there is a version with Google apps on the way (if it isn't already orderable).
Sent from my Moto X
tfnico said:
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
Click to expand...
Click to collapse
Browser is a standard one, which comes with other devices. Name is Browser.apk and version is 1.0.9
It's possible to install unsigned APK's without rooting.
google account
Hi,
I got stucked with trying to get google calendars from my google account to TC55.
I found one solution to setup google account as a corporate one, but it's not available anymore due to change in google policy.
I can setup google mail via email account, but that doesn't bring me my calendars to the device.
I tried to install gapps but without success.
Is there any other way?
Thanks.
Motorola work on google apps for TC55.There is in beta.
Elanguescence said:
... here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
Obviously u rooted, can u install gapps in it?
RjCode said:
Obviously u rooted, can u install gapps in it?
Click to expand...
Click to collapse
No idea, I haven't tried. As far as I understand gapps are usually installed via flashing a zip from recovery, and the stock recovery of the TC55 does not have that option, it only allows reflashing a whole image, if I understand it correctly. Either way, I have come to appreciate the open source alternatives and do not want to get Google on my phone, so I will not try, sorry.
However, going by this thread over at the Motorola support forum, it seems it won't take long until there is official gapps support:
https://developer.motorolasolutions.com/thread/4989
Motorola has now released a TC55-firmware with Google apps. Here are the release notes:
https://atgsupportcentral.motorolasolutions.com/content/emb/docs/ReleaseNotes/Release%20Notes%20-%20%20TC55_RevAPlus_GMS_01%2074G_v10.htm
According to the support email they sent me, to get the actual release you need to perform the following arcane ritual:
Resolution Type is : Software Download
Resolution Id is : 95562
Resolution Title is : TC55 Update Image v1.74 with GMS (Google Mobile Service) Release Note & Factory Reset & Enterprise Enabler package
restrictedSW :
T55N0JGMVRUEN17400.zip 321 MB TC55 OS Recovery Update package
T55N0JGMVAUEN17400.apf 321 MB TC55 OS update package file for deployment using MSP
If you require access to OS files for TC55 1.74 GMS then call the local Support Desk and provide following information:
a. Site ID
b. Serial #(s)
c. Phone #
d. Customer name (First and Last)
e. E-mail address
Click to expand...
Click to collapse
Don't ask me what the local support desk number is, or the site ID, or why they have to make this so complicated.
Hi Elanguescence,
I think I screwed up my tc55 by enabling the multiuser function without first creating the white list. Now all the users (with admin rights) does not have access to all the programs, including Applock Administrator and Multiuser administrator.
To cut things short, do you know of a way to reset the device? I don't mind setting it to factory default and start over. I've googled it and some said to launch Rapid Deployment and scan a barcode from there... but my Rapid Deployment just says "Service Not Ready, Please Wait" and get stuck there.
Any help appreciated. Thank you.
Any TC55 users here? Should be getting my unit w/ GMS soon... How do you guys like it?
Is the bootloader locked?
Sent from my Moto X
Hey!
I want to Buy one TC55 for me. Normally i hate Android and the Google stuff on the Phone but some Motorola Salesman told me there is a version with out.
Now i use an Sybian Device. That mean i am "offline" the hole time and when i need Internet the Phone connect the the Internet.
So how about that phone can i work "offline" to?
I will also use an VPN Tunnel to block on my backend all Connnection i dont want. Does all Data trough this VPN Tunnel ?
How about the Barcode Scanning does it work good?
I know for 2D i need to use the Cam but how works it when i am in some other Application?
Nobody?
Ok. I just bought a TC55 from a Friend and I was wondering if someone would post the update to get GSM and the Factory Reset packages. I went to the page and it requires all the information posted above before. Mine is rooted, but i am trying to install GAPS but the recovery is the basic and cannot. I manually installed Google Play and the Google Play Services but Google Play services keep crashing and the Play Store will not connect, any ideas ?
the are 2 versions one with google s... service and the other without.
So i belive you have the first?
(Can i ask you some question about that phone?)
Howdy (and apologies ahead of time if this is a dup, I _did_ search, didn't find anything),
Is it just me or did application specific passwords break with Lollipop? Googled a bit and couldn't find any details. I just see postings stating that 2fa works now, but I don't see how that negates the need for app specific passwords.
I know 2fa is now supported but I'm a bit concerned to use my normal password as I'm not sure if it's stored in any way. Anyone know of any links that explain what exactly is stored and how the auth is persisted across reboots? Maybe I'm misunderstanding, but I thought that if my device was lost, with app passwords I could revoke the device without changing my main password.
The other issue is, since I'm using 2fa with the google auth app on this phone I wouldn't even be able to setup if I wiped this phone (which I will need to). At least prevously I could login to my google account on my PC, create the app specific password and sign on that way.
- TIA for any info
I have just upgraded my Nexus 5 from 4.4.4 into 5.0.1 (I didn't install 5.0.0). What I did:
1. Factory reset on 4.4.4
2. Install system update into 5.0.1
2. Factory reset on 5.0.1
3. Application specific password NOT accepted on initial account setup on Nexus 5. I had to use my master password and code list because you can't read sms before account is added on the phone.
Is this really broken? I haven't found any info on this either.
Wow, someone else who was using this feature. That makes 2 of us at least. I guess that's why they removed it...? Yeah, unless I'm missing something it appears it's indeed broken.
The best part is this isn't really part of Android, but part of gapps; no way to report bugs for that (at least that I've found). Someone opened a bug against AOSP but they closed it as this stuff isn't part of AOSP:
{scheme}code.google.com/p/android/issues/detail?id=57863&can=1&q=app%20specific%20password&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars
They suggested using the "google mobile help forum"; I guess this page links to it: {scheme}googlemobile.blogspot.com/2008/11/got-questions-try-new-google-mobile.html - following the link just gives an error "no group mobile found" or something similar.
All I could see to do was to post a response to their help page on signing in with app specific password to Play pointing out the inaccuracy of the article. I can't find that article anymore, it looks like it might've been removed? I received no response to that.
I can't imagine this being a very difficult feature to support, so I'm a little surprised it was removed. But hey, at least they added all sorts of eye candy and other crap I don't really care about.
I think this is a deal breaker for me. Unless I'm misunderstanding here, if someone were to acquire my phone and extract the password the key or whatever it's storing, they would then be able to access my account settings and take full ownership. If it only had the app specific password, I don't think that'd allow them to modify security settings. If it's tieing the key to the device, that's great but I still can't revoke it (doesn't show up in the app specific password page). Unacceptable (again, unless I'm misunderstanding something?).
Maybe it's time to start looking for alternatives. Wonder if any Maemo derivatives can run on the M8? It was miles ahead of Android in all departments except eye candy anyways...
I'll reply here if I see any more info - please do the same.
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
dragonash said:
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
Click to expand...
Click to collapse
Agreed. Quite unfortunate, but I can't find anyone outside of this thread and a few random posts that seem to actually care.
Thanks for confirmation that this is still a problem, btw. I'm still not sure if there's anyplace to even raise this to Google...
i just spent an hour trying to understand why this smart feature wasn't working on my new mobile with a stock andorid lollipop! at least i feel less lonely now...
i sent a feedback to google even if i don't think they'll reply.. i opened a ticket on AOSP website (Issue 189310) if you want to check their reply.. sorry but i can't post outside links
Dear All,
I use Samsung Galaxy A8 SM-A800F with marshmallow 6.0.1 (Official).
My mobile is hacked. Someone is remotely accessing my mobile and making changes as per his will, hacker is able to access my device without mobile data/internet enabled.
I have observed following things -
- Hacker can track my keystrocks/screen touch
- He can access my whatsapp messages
- He is able to reply to my whatapp messages
- He is able to make folders in my mobile
- He is able to restart mobile
- He is able to enable/diable mobile data
- He can access my sms and can send me customized sms.
- He is able to do all above things without mobile data enabled
I am not sure whats going on with my mobile, is this some king of virus/malware which is allowing hacker to control my device ?
I have tried installing various antivirus.
I have tried factory reset / installing official firmware using odin but still hacker is able to control my device remotely.
Kindly advice me on how to fix this problem.
Best Regards,
Romob
Please advise
romob said:
Dear All,
I use Samsung Galaxy A8 SM-A800F with marshmallow 6.0.1 (Official).
My mobile is hacked. Someone is remotely accessing my mobile and making changes as per his will, hacker is able to access my device without mobile data/internet enabled.
I have observed following things -
- Hacker can track my keystrocks/screen touch
- He can access my whatsapp messages
- He is able to reply to my whatapp messages
- He is able to make folders in my mobile
- He is able to restart mobile
- He is able to enable/diable mobile data
- He can access my sms and can send me customized sms.
- He is able to do all above things without mobile data enabled
I am not sure whats going on with my mobile, is this some king of virus/malware which is allowing hacker to control my device ?
I have tried installing various antivirus.
I have tried factory reset / installing official firmware using odin but still hacker is able to control my device remotely.
Kindly advice me on how to fix this problem.
Best Regards,
Romob
Click to expand...
Click to collapse
are you sure its a hacker? as mobile apps can do all that if you give them permission. why are you sure its a hacker? why would someone hack you?
simms22 said:
are you sure its a hacker? as mobile apps can do all that if you give them permission. why are you sure its a hacker? why would someone hack you?
Click to expand...
Click to collapse
I am sure someone is doing mischief,
I have tried resetting my device, uninstalling apps etc. but issue still exist.
Any help would be greatly appreciated
Any help would be greatly appreciated
Please help
romob said:
Please help
Click to expand...
Click to collapse
have you tried a full wipe and installing a.cistom rom?
"err on the side of kindness"
it's too dangerous. List some apps and source you got apps from ( if you remember all of them)
Have you let somebody tease your phone?
This is not funny but funny as I'm dealing with the same thing, I believe it comes down to WiFi hack, or through tags or nfc or whatever I've done the same thing resetting, rooting, removing some files ex, I've revoked, froze ect.... not sure what do to my self. It have noticed when I hard reset and it unmounts a file. Still learning code so not tip top on what it says. If I can get maybe a list of exploits it would at least give me a place to start. I'm on an s7 Sept patch bone stock apps I have Google chrome,messages, phone,contacts.
You could write a book on what you possible need to do, depending on how your system was compromised.
As you can see them replying to your messages I'd bet it's one of your mates that has done something! Having access to your phone would make hacking it easier eg start with a remote control apps and then gain more access later.
I'm no expert but I think you did the right thing reinstalling your rom, but if it's coming back then they must be able to reinstall malware as they have your wifi password, network password, or it's on your sd card or a bad app that you have reinstalled and can gain root or something.
You need to change ALL your passwords that may enable access to your network or phone, incl work etc. ALSO update/reinstall or factory reset any modem/router/network firmware/pc you can as they may have opened some backdoor. But only have one thing on at a time as you fix it, else one might just compromise your network again. Make sure things like tv, printers etc have secure wifi settings (change ALL default passwords to your own strong ones)
Once all have been restored/factory reset with new passwords then you can turn them on again. (I would leave sd cards out and don't install all your apps yet, add them one at a time and only from Play store) also change passwords for all apps as they may still be able to gain access to them & check things like two factor authentication is set to use phone numbers you have set, not theirs.
I have to go now, though there are more possibilities, I've probably missed some things too, but hope I have given you some ideas. Good luck
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.