Any workaround to enable FDE - Full Disk Encryption - Honor 8 Questions & Answers

I would like to use Full Disk Encryption but there is no place in the settings to do that if you search for the setting it will come up but selecting it does nothing.
My unit does not ask for a password on boot. Does anyone know of a workaround or a ROM that will allow FDE, or is the issue on the hardware level of H8?

TweakingTweaker said:
I would like to use Full Disk Encryption but there is no place in the settings to do that if you search for the setting it will come up but selecting it does nothing.
My unit does not ask for a password on boot. Does anyone know of a workaround or a ROM that will allow FDE, or is the issue on the hardware level of H8?
Click to expand...
Click to collapse
The disk is completely encrypted but I don't know why it doesn't ask the key. I have a feeling it just uses a default key for all devices which makes having encryption a joke.
Sent from my Honor 8 using XDA Labs

ayush rao said:
The disk is completely encrypted but I don't know why it doesn't ask the key. I have a feeling it just uses a default key for all devices which makes having encryption a joke.
Sent from my Honor 8 using XDA Labs
Click to expand...
Click to collapse
Ah, that would make sense, thanks for the info. Why on earth would they not allow you to set the key. I'm guessing it was out of vanity or due to gov.
I love the phone but not being able to set the key is a no go. I have a few days to return the phone still, if any one has any ideas I will test them out!

TweakingTweaker said:
Ah, that would make sense, thanks for the info. Why on earth would they not allow you to set the key. I'm guessing it was out of vanity or due to gov.
I love the phone but not being able to set the key is a no go. I have a few days to return the phone still, if any one has any ideas I will test them out!
Click to expand...
Click to collapse
As per Google's new rule any phone with marshmallow and above should be encrypted. If the phone has Advanced Encryption Standard (AES) cryptographic operation performance of over 50MB/s then it will be encrypted by default. The thing is to follow this standard huawei encrypts their device but if I'm not wrong they use the exact same key for all devices which doesn't make sense since for effective protection every device should have a unique key.
Here's an article explaining what I just said:
https://goo.gl/hHFRNb
Sent from my Honor 8 using XDA Labs

Related

[APP] WiMAX RSA Key Checker

** WARNING: ONLY FOR THE SPRINT HTC EVO OR SPRINT HTC SHIFT WITH ROOT ACCESS. WILL NOT WORK ON ANY OTHER PHONE OR UNDER ANY OTHER CONDITIONS. **
Description:
This is an extremely simple application as well as my very first application.
This application allows the user to easily find out whether or not their WiMAX RSA Keys are present. The WiMAX RSA keys are required in order for WiMAX operate properly.
Determining whether or not WiMAX RSA keys are present is a very important step in troubleshooting WiMAX connection issues.
This application makes it very easy for the user to determine three key pieces of information:
Root Access?
Busybox installed?
WiMAX RSA Keys Present?
Unfortunately, sometimes during the process of customizing and modifying the EVO or Shift the WiMAX RSA keys are lost. If these keys are lost, WiMAX will not work.
Please provide feedback based on the limited set of features currently present. This is my first application and I've done my best to make sure it provides the basic functionality. In future versions I hope to improve many aspects.
Please bear with me as I work to improve it! Feel free to email me with suggestions, comments and feedback!
Download:
From your PC - WiMAX Keys Checker on market.android.com
From your EVO or Shift - use this link - WiMAX Keys Checker
In the market, search for joeykrim or wimax key checker
FAQ:
Will this application Backup/Restore RSA keys?
I could add this functionality but perfer not to put at risk anybody's RSA keys by replacing them in an active and live environment. Both recoveries, Amon RA and Clockwork backup/restore the RSA keys in recovery mode. I'd prefer not to duplicate functionality.
Also the phone hardware architecture and software structuture creates a safer environment for partition altering in recovery mode.
Worked for me although a little laggy... well... a lot laggy.
Kept freezing for a second after pressing each button [root, busybox, check]
Nice, I was just thinking of writing something like this.
Worked great for me, thanks! And just fyi, it's "congratulations" with a "t" not a "d"
Sent from my PC36100 using XDA App
w00t! Now you're in the big leagues kid :-D
Word.
Thanks tomorrow when I get a replenishment.
Awesome, simple, and works. What more is needed?
app works great bummer tho it said my keys are gone
mattykinsx said:
Worked for me although a little laggy... well... a lot laggy.
Kept freezing for a second after pressing each button [root, busybox, check]
Click to expand...
Click to collapse
With update 1.1 the issue seems to have been corrected.
Released 1.1 update to fix some minor typos and formatting isssues
Released 1.2 update to update the app icon
Thanks for all the feedback and support! Look forward to hearing more!
Works... did lag but it says that. Very good tool. Good job
Sent from my PC36100 using Tapatalk
why not use an terminal emu and check? Well i guess this does simplify the process a lot which is always good.
Works perfect thx. No idea what lag people are talking about
from my phone duh
Released Ver 1.3
Added threading and notification so more UI freeze/lag
Added permanent results text box (don't have to worry about missing the results)
CheesyNutz said:
Works perfect thx. No idea what lag people are talking about
from my phone duh
Click to expand...
Click to collapse
Yeah because all apps function completely the same across all ROMs, kernels, hardware types, etc.
Via Tapatalk Pro on Android
mattykinsx said:
Yeah because all apps function completely the same across all ROMs, kernels, hardware types, etc.
Via Tapatalk Pro on Android
Click to expand...
Click to collapse
what the hell are you talking about you press 3 buttons and wait how can there be lag
CheesyNutz said:
what the hell are you talking about you press 3 buttons and wait how can there be lag
Click to expand...
Click to collapse
because its not instantaneous duh"sarcasm" lol worked great on my phone
In the latest version 1.3 - I've added a dialog box to keep the user notified regarding the checking for RSA keys in the large wimax partition. This should up clear up any confusion around UI lag or delay.
Thanks everybody for the feedback!
I'll probably release one last version with a few tweak fixes and a background image.
mine are present...is there an easy way to back them up for good so i wont lose them in the future?
beezy69 said:
mine are present...is there an easy way to back them up for good so i wont lose them in the future?
Click to expand...
Click to collapse
i think (i maybe wrong) if you hboot i think you can backup your keys? i think i read that somewhere...or maybe i am drinking tainted soy milk hmmmmmmm!
Mine are present
I think both clockwork and Ramon recovery back up the keys now
Sent from my PC36100 using XDA App

[APP][1.6+] PDroid - the better privacy protection app - will you use it?

Hi,
I have recently developed a privacy protection application for Android.
You can use it to block access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.
Unlike others (e.g., Permissions Denied or CM) this does not make applications crash when access to private data is blocked.
The following short video shows some of its functionality.
PDroid does not require ROOT or any Android permission to function, nor does it need any services running in the background. But it does require patching some ROM components, so that it needs to be ported to different devices. Currently it is available for Nexus One, Nexus S, Desire HD (Gingerbread) as well as Magic with CM 6.1 (Froyo).
So I am wondering if I should release it for public use and maybe port to other devices. I will only do so if you would like to use it, since it requires some fine-tuning to be more user-friendly. So please vote if you would like to use PDroid.
I would love to use this app on my galaxy s and tab.
Especially the point to give the apps random or custom information instead of just blocking the access is important.
If you need help testing the app on those mentioned devices just let me know
I hope you get enough positive feedback to port and continue developing this app.
I ll love to have such an app on my Xperia X10 mini pro (cyanogenmod 7)
so basicly it's a LBE replacement? The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
I would like to give this app a shot too with my devices (Nexus S 4G, EVO 3D and Epic Touch 4G). Does not require root, but assume that root is ok? Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well. Looks promising.
XlAfbk said:
so basicly it's a LBE replacement?
Click to expand...
Click to collapse
Kind of. The functionality is similar to that of LBE while I tried to account for its disadvantages, such as not being able to disallow access to some data (e.g., system logs, incoming and outgoing call numbers etc.), requiring root or being unreliable since LBE requires its protection service to be running so that malicious apps still can steal data if they are started before LBE after boot.
XlAfbk said:
The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
Click to expand...
Click to collapse
Most likely yes (depends on how much spare time I can allocale to this project).
Tahde said:
Does not require root, but assume that root is ok?
Click to expand...
Click to collapse
Yes, it won't interfere
Tahde said:
Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well.
Click to expand...
Click to collapse
Yes, basically any device, for which Android can be directly built from AOSP (and this includes Nexus 4G) is supported right now.
Love to see it for the T-Mobile G2x especially if it is open.
svyat said:
You can use it to block access for any installed application to the following data separately...
Click to expand...
Click to collapse
That's a nice list. I'd really like a version for my Motorola Defy.
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
I too would like to use this app, sounds awesome. If you need any beta testers, I volunteer
rogier666 said:
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
Click to expand...
Click to collapse
Impossible, since the actual application logic performing the data access control is based on the Android application framework and not the SDK. Plus, doing it the LBE way requires root and will never be 100% reliable. In other words, there is no way of creating a proper solution without patching the ROM.
I would like to have this for t-mobile US Vibrant since we're getting no Gingerbread love from t-mo or Sammy and I'm all flashed out with nothing else to do.
I would like to give your app a spin to see how it works
KB0SDQ said:
I would like to give your app a spin to see how it works
Click to expand...
Click to collapse
I am also interested in this app... Sounds very promising and I hope this will get ported for the G2/DesireZ, so I can get some freakin' privacy!
If I can help in any way, any way at all, I'd be very happy to do so.. I'm running CM7.1.0 on my DesireZ @ 1.2ghz...
Thanks a lot!
Looks great. I'd love to get that on my Thunderbolt (CM7) would there be anyway to block permissions like internet and SD card access, I know Cyanogenmod lets you disable them but you have to reset your phone after a change for them to take effect. Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around if you could make an app think it was using one or the other for a connection I think that would be very helpful to some folks.
I'd test this on the t-mo Galaxy S2 if you're willing to do it...
Sent from my SGH-T989 using xda premium
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
I would like to see for Desire , Great to have this kind of app! I'll help which ever way
IvanNCase said:
would there be anyway to block permissions like internet and SD card access
Click to expand...
Click to collapse
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
IvanNCase said:
Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around [...]
Click to expand...
Click to collapse
Nope, it doesn't
ukanth said:
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
Click to expand...
Click to collapse
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
svyat said:
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
Nope, it doesn't
.
Click to expand...
Click to collapse
Fair enough.
By the way how do you install this does the ROM patching need to be done by the original creator or done with a zip file through recovery?
svyat said:
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
Click to expand...
Click to collapse
That's great to hear. Good job done ! I can't wait to see you release. I'll surely try to port it for Desire

Lockscreen notifaction bar access in CM

As everyone probably has seen the notifaction bar access in ICS is a nice new feature. However, I am pretty sure it would be possible to also make this possible with Cyanogen Mod, there has been a request already, but it was "closed" due to insufficient stars with a given period. I think it would be nice to go ahead and star this issue as much as possible to get this feature in CM 7.x
http://code.google.com/p/cyanogenmod/issues/detail?id=2710
dekeijzer said:
As everyone probably has seen the notifaction bar access in ICS is a nice new feature. However, I am pretty sure it would be possible to also make this possible with Cyanogen Mod, there has been a request already, but it was "closed" due to insufficient stars with a given period. I think it would be nice to go ahead and star this issue as much as possible to get this feature in CM 7.x
http://code.google.com/p/cyanogenmod/issues/detail?id=2710
Click to expand...
Click to collapse
This is a bad idea. I see alot of security risks with this and I hope google fixes it. Nothing should be able to be accessed while the screen is locked.
zelendel said:
This is a bad idea. I see alot of security risks with this and I hope google fixes it. Nothing should be able to be accessed while the screen is locked.
Click to expand...
Click to collapse
Wouldn't a simple feature on-off toggle fix everything? Let people choose if they prefer security and privacy or ease of use I guess. I have a business phone and a personal phone..with no real "personal" data, so I wouldn't mind being able to quickly access notifications when the phone is locked.
MacCarron said:
Wouldn't a simple feature on-off toggle fix everything? Let people choose if they prefer security and privacy or ease of use I guess. I have a business phone and a personal phone..with no real "personal" data, so I wouldn't mind being able to quickly access notifications when the phone is locked.
Click to expand...
Click to collapse
As long as there is a way to shut it off then I wouldnt mind it.
You can already do this using widgetlocker. It is a convenience as well as potential privacy risk.
Sent from my DROID BIONIC using Tapatalk
zelendel said:
This is a bad idea. I see alot of security risks with this and I hope google fixes it. Nothing should be able to be accessed while the screen is locked.
Click to expand...
Click to collapse
I am pretty sure you will still have to entern your unlock pattern/code when you open a notification.
zelendel said:
This is a bad idea. I see alot of security risks with this and I hope google fixes it. Nothing should be able to be accessed while the screen is locked.
Click to expand...
Click to collapse
You can't access it if you have any type of lock on your phone. So if you have pattern set up you won't be able to pull it down. So thats your fix. If security is your priority then you already have a pattern lock or pin set up right?
Sent from my Galaxy Nexus using Tapatalk 2

My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FMM

My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
That is sad to hear.
Thats why no company uses lockdown software. Now you are forced to buy new handset from them. Its only their win.
Only security they work on is to force no software changes by the buyer but not the thief.
Good sales point for iOS if I block an iPhone from iTunes acc, no way it can be reactivated w/o my account consent.
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
or maybe u didnt activate it ...
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
Rwgister a complaint with the police. IMEI tracking is possible.
My friend was mugged and the crook was caught a couple of months later using IMEI tracking.
Sent from my GT-I9500 using xda app-developers app
This feature relies on WiFi/Mobile data. May be the thief turned off the data.
Not sure about that. You can reset the phone with a sms. So I guess it doesn't rely on mobile data alone.
I don't know which features the op enabled, so everything is unclear. Maybe the thief just turned off the phone and waits until the owner gives up.
Is there any software capable of installing itself into /system and working after system reset in hidden mode?
+ taking photos with front cam (only if "stolen") and uploading them somewhere?
+ store those photos in /system (so no gallery can show those photos)
Or better - be installed right into bootloader/(and|or)kernel?
Yuna said:
Is there any software capable of installing itself into /system and working after system reset in hidden mode?
+ taking photos with front cam (only if "stolen") and uploading them somewhere?
+ store those photos in /system (so no gallery can show those photos)
Or better - be installed right into bootloader/(and|or)kernel?
Click to expand...
Click to collapse
Yes, cerberus.
Sent from my GT-I9500 using xda app-developers app
have you used an app called Android Lost, i like this one
If I take your phone and immediately remove the SIM card and immediately flash / wipe a new rom - no way to track it by the Samsung software... (by the way - even it is very easy to change the IMEI ). So, the only option is to send the SMS wipe command before the phone is reflashed
Sent from my GT-I9505 using XDA Premium 4 mobile app
Easy to change imei? Please, make proof-of-concept.
Can i change my IMEI to 1234567890123 or even 666666777777 in my sgs4 (i9500)
Yuna said:
Easy to change imei? Please, make proof-of-concept.
Can i change my IMEI to 1234567890123 or even 666666777777 in my sgs4 (i9500)
Click to expand...
Click to collapse
With root and Terminal Emulator you can change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Primokorn said:
With root and Terminal Emulator you cand change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Click to expand...
Click to collapse
Yes, ive seen mods take care of bussiness regarding this topic.
Sent from my GT-I9505 using xda app-developers app
Primokorn said:
With root and Terminal Emulator you can change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Click to expand...
Click to collapse
Device manager. Phone lost etc.
These are tools only for nsa tracking not for us to track.
+1 for Cerberus. This is a must have app for all Android owners
p.s. OP sorry to hear about your loss
gdonanthony said:
or maybe u didnt activate it ...
Click to expand...
Click to collapse
Point is if you do a hard reset everything gets wiped and the thief has a brand new phone to use. The user who lost it cant find it by imei via samsung.
I also wonder why we are not able to set a password in recovery mode (like a bios for pc would allow us).
I both registered , activated and tested Google ADM and Samsung FMM , I hoped both being similar to Apple's Activation Lock, but isn't its very easy for thieves to overcome just doing a hard reset thru boot loader.
Also the Imei at police I was informed that mafias have IMEI repair tools that in fact are service tools for repair centers but capables to change the Imei number, so is very possible my S4 now lies on a new box with new accessories and new imei and is being sell as an new s4 w/o complaints neither evidence was stolen.
Big issue here
Samsung's introducing consumer-centric features for Knox with the N3. It includes the abilitiy to prevent wiping the device. You can also hide your porn in a seperate secure container that only the phone owner has access to. The SGS4 h/w as it relates to Knox should be the same so hopefully the 4.3 update will push the functionality to the SGS4.
From the N3 press release...
The new GALAXY Note 3 comes with enhanced privacy and security protection provided by Samsung KNOX. Users can activate Samsung KNOX with ease which allows them to run and store security- sensitive applications and data inside a protected execution environment called “container.” The security inside the container is strengthened by system-level protection of Samsung KNOX against malware and phishing attacks as well as hacking attempts on physical devices when devices are stolen or lost. For instance, important personal pictures or video can be stored in the container with no worries for data leakage due to hacking. In addition, users may choose to store enterprise applications and data such as corporate email, contacts and calendar and allow the IT department to manage the container through EAS (Exchange ActiveSync Server). These features make the GALAXY Note 3 an ideal device for BYOD (Bring-Your-Own-Device to work)
Furthermore, the GALAXY Note 3 is equipped with an improved Find My Mobile feature that allows users to disable the phone when it is stolen or lost. With the enhanced user authentication, the technology prevents stolen mobile phones from being reset to factory settings, and allows users to remotely track or erase the data from their lost or stolen mobile phones.​
Any news on this regarding the S4? Does the new 4.3 firmware prevent hard-reseting the phone?

Android custom ROM for security + minimal of Google?

Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
dj.houba said:
Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
Click to expand...
Click to collapse
Cyanogen or GingerBread are some good ROMS for good security, as I know.
D-J Mutant said:
Cyanogen or GingerBread are some good ROMS for good security, as I know.
Click to expand...
Click to collapse
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Omnirom is supposed to be security and privacy consious.
Sent from my Nexus 7 using XDA Premium 4 mobile app
Well I'd suggest the cyanogenmod, but without the google apps. They're optional.
In the nexus 4 section there is an aokp that is patched so built in Google analytics are gone. There is a patch that can be applied to other ROMs.
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
Is that so , see from what u saying ,,, the ASOP is better then the other build rite
Sent From GT i9300
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Thanks
Thanks, I was trying different ROMs, finally I chose PAC-MAN ROM without Google apps
Hello !
does it mean that any modded stock rom with GApps will be insecure ?
Thx
just youtube some galaxy s2 roms you'll find reviews on some good roms
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
http://www.kandroid.org/online-pdk/guide/release_keys.html
something like this
I think you can skip "make dist" part, just do a regular build as you would normally (CyanogenMod ==> brunch your_device
you can fine the need file under "out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/cm_hammerhead-target_files-")
for Cyanogenmod Nexus 5 for ex (hammerhead )
source build/envsetup.sh
brunch hammerhead
and you'll fine the target_files zip under
out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/
that the one you need to feed to build/tools/releasetools/sign_target_files_apks
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
This probably isn't exactly spot on, but here's a rough sysnopsis... When a ROM is built from source, the creator "signs" their creation (i.e. the ROM and the apps within). This way you can be sure that you're indeed getting an official ROM built by AOKP (or whomever) and not by some malicious 3rd party. Likewise, the Android OS uses signatures to ID which files are legitimate and given permission to run (i.e. official updates). However, there have been incidents with custom ROMs when this functionality has been exploited. This could allow an otherwise innocuous seeming app to deploy hidden malware and cloak itself as a legitimate app, gaining full rights to the phone.
A self-built ROM with your own private key is presumably safer against such an attack. I don't think most people would need to be concerned about this, but still something to keep in mind. Unfortunately jcase is spot on about custom ROMs almost always creating or exposing more vulnerabilities than stock. For instance, features like ADB or USB-OTG are often enabled by default. If that wasn't bad enough, in the event that your phone is ever lost/stolen/seized, having a custom recovery installed is pretty much handing over your identity with a bow wrapped on top. It makes it easy for anyone to bypass PIN/password/face/gesture-lock or dump off the entire disk image. Not to mention analysis can reveal your account passwords, WiFi keys, SMS, phone records, photos. Most of these vulnerabilities can be safeguarded against with careful consideration, but you certainly won't get there by default.
dj.houba said:
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Click to expand...
Click to collapse
The only way to eliminate the ability of a nation-state interfering in your data would be to not generate any. If they're watching you, then stopping them from watching you isn't going to be possible. So it's better to ensure that when they watch you appear innocent.
Granted, I'm not saying you shouldn't take any precautions. But to truly get away from their snooping you're probably better of without a phone.
fadedout said:
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
Click to expand...
Click to collapse
:good: Excellent advice.
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Liberr said:
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Click to expand...
Click to collapse
It only sends version statistics to Google, and there's a build.prop setting that allegedly disables it (ro.config.nocheckin=1) -- haven't tried it because I'd rather show my pride in Gingerbread
smartymcfly said:
There is a patch that can be applied to other ROMs.
Click to expand...
Click to collapse
What and where is this patch?
I would think you could block all of Google's ip address's in your host file on any rom also.
You could edit the host file before flashing it.

Categories

Resources