Company abusing Data - Android General

Dear all,
I am a long time XDA member but just wanted to keep my identity safe from my company. Therefore using new account
My company is a very large company but in Asia and they are taking advantage of the employees and myself. The situation is that they are implementing a BYOD policy and we have to bring out own phones and laptops to use with work email. But at the same time they are implementing Data Leakage Protection software which they are forcing us to install on our own devices. I believe this is highly unethical and I have approached some lawyers and though not illegal they also feel unethical. However they have no recourse but to tell me to document everything. Anyways pretty useless.
The DLP software is essentially snoopware and logs and backs up files being transferred. Their argument is that we are using their network etc etc. I mention mention that we can use other networks to connect to the internet. Anyways, tired of arguing. Anyways it is a take it or leave it situation. I would like to know is there a way to access company email through Android without connecting to their exchange or active sync. The company has webmail and I looked at blue mail and it seems to be able to use http but its very buggy. I want to log or monitor what is being sent out from my phone to the company. I have been using the browser to access my company email but that is very manual. I was planning to carry two phones, but it also means I have to get two data plans which I argued should be paid by company... but of course all these measures are to cut cost from the company POV so they will not pay.
I also looking for a way to block the DLP software on the laptop but that is another forum.
EDIT: Apologies I think I posted in the wrong forum but I would like to stop my company from hacking /snooping my phone...
Thanks for listening and any advice
Mod Edit
Thread closed

Related

Interesting - Security issue on most Androids (2.3.3 and under)

Just read this.. figured I'd share. Looks like it's getting fixed.. Nothing more to see.
http://money.cnn.com/2011/05/18/technology/android_security/index.htm?hpt=T2
nice hope they roll out the fix for our damned phones as well.
Good thing we have .4 available to use
It's really a non-issue. Basically someone with a packet sniffer can see some information as it's synced with Google. Big deal. They can do that with any OS its just most OS's don't sync that information to the cloud.
Big deal. All they have to do is encrypt the data on the phone before it sends it out. 2.3.4 already corrects the issue.
player911 said:
Big deal. All they have to do is encrypt the data on the phone before it sends it out. 2.3.4 already corrects the issue.
Click to expand...
Click to collapse
Not a big deal for current Android phones (and their users) that won't be receiving that 2.3.4 update?..
S0NiX0928 said:
Not a big deal for current Android phones (and their users) that won't be receiving that 2.3.4 update?..
Click to expand...
Click to collapse
Its called marketing..... They "scare" people into buying the newest of the new.... damn communists
Let alone its coming from cnn... What a creditable non biast truthful news site
Sent from my LG-P999 using XDA Premium App
nate420 said:
Its called marketing..... They "scare" people into buying the newest of the new.... damn communists
Let alone its coming from cnn... What a creditable non biast truthful news site
Sent from my LG-P999 using XDA Premium App
Click to expand...
Click to collapse
Well, for my own sake I really couldn't care less... If the evils of the world want your privacy they could get it whether you liked it or not. I choose to think my life really isn't that important in the grand scheme of things lol. However, I will say I should've checked the sources because as with CNN, and all the other corporate lapdog news outlets, they aren't worth your time in a quest for real, truly important news. Typically all the mainstream outlets generate is shock and awe material, or seek it if you will. They either hype the fearful & devastation or ignore the stuff that would otherwise get them sued by true the criminals to humanity: corporations. We are in a whistle-blower-beware sorta society right now... You either are going to get killed or defamed for speaking out these days...
Wow, ending the rant there, sorry.
Kinda surprised at the attitude regarding the crappy google software. I guess some do not care if their personal info is stolen and used in nefarious ways.
This is Google we are talking about. Not exactly a fine upstanding corporate citizen. They have been stealing info for years. They helped China round up protesters before the Olympics. They will do or say anything to make a buck.
The fact that their software is so buggy and compromising is hardly surprising. People just need to be aware of the type of company they are and be prepared to have anything on their phone stolen and used against them.
It is what it is. I have accepted who they are and I am carefull about what I use my phone for.
Android smartphones face data breach threat
http://www.ft.com/cms/s/2/905bb4d6-813e-11e0-9360-00144feabdc0.html#ixzz1Mo0FZQyv
Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software.
A trio of researchers at Ulm University in Germany found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices.
The attack works when unsecured wireless access points that imitate public WiFi hot spots that the phone has accessed before – such as a coffee shop chain – capture an authentication token.
That token can then be used by attackers to access and modify personal data in Picasa, Google’s photo site, Calendar and Contacts. Business customers using Google apps on Android are not affected by the weakness because all traffic is encrypted by default.
“The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data,” said the Ulm researchers in a posting on their website.
“Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored e-mail address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.”
Click to expand...
Click to collapse
jcbofkc said:
Kinda surprised at the attitude regarding the crappy google software. I guess some do not care if their personal info is stolen and used in nefarious ways.
This is Google we are talking about. Not exactly a fine upstanding corporate citizen. They have been stealing info for years. They helped China round up protesters before the Olympics. They will do or say anything to make a buck.
The fact that their software is so buggy and compromising is hardly surprising. People just need to be aware of the type of company they are and be prepared to have anything on their phone stolen and used against them.
It is what it is. I have accepted who they are and I am carefull about what I use my phone for.
Click to expand...
Click to collapse
I agree. It may not be a big deal to the typical user who is txting his girlfriend and emailing his mom.. but a subjective view of this doesn't make it a minor thing all of a sudden.
I have watched google grow ever since the dot com days. I've been an avid user of their products. There has been an obvious directional move by google for those that pay close attention.. They have gone from user/community focused.. and now they have intermixed that with a focus of business .. no different than any other company pleasing the shareholders..
For anyone to think for one minute that google is a friend that can be trusted with your private data, you better get your head out of the sand and take a harder look. They are a business trying to make money. They are not a friend who is trying to serve you and look out for your best interest. They may make it appear so. They may say so.. in order for us to think so.. But I guarantee you that in the midst of a board meeting, the last thing uttered out of their mouth is anything about servicing you and looking out for your best interest. Sure, they may make it appear like that.. .but the reason why they make it appear like that? So they don't lose you as a customer and they can gain customers. Yes, they must make a good product that pleases a certain group of society. But what is the root? To be your friend and buddy?They must maintain good customer service or you will not use their service or leave. <-- The root of that mentality = $$$$$$$.
I played the game of business for many years during the dot com days. I sat in many meetings. Yes, that's how it works. "Let's do x, y, and z.. to increase our bottom line, bring upon more customers, etc.. Then we can explain it to the employees and the customers in x, y, and z manner as to why it is good for them." <-- That's business. What we see is not the "root" of their behavior. Deception at its finest.

CIQ - And Things Just Keep Getting Worse...

Since TrevE first wrote about CIQ (Carrier IQ), I have been following all of the articles, statements & rebuttals from all of the parties involved. I originally, and still do, planned on writing a definitive article regarding the truth about what CIQ does, what it can do and also who is responsible for deciding what CIQ does and what parts of CIQ are hidden or inaccessible to users.
In my quest for the truth, I contacted many people including CIQ, several carriers of various size and several manufacturers. Some of my sources have made official comments, while some have commented "off the record", one going so far as to make me promise the information would be used as background only.
Earlier today, I received a communication from one of my OTR (off the record) sources, whom works for a large US carrier currently envolved in a major spat with the FCC. The FCC decision was partly made in the interest of keeping competition well & alive for American Consumers. However, from what I learned this morning, any future FCC decisions may also help to protect your privacy.
After talking about several hot-button issues, including CIQ, with my source we stumbled onto the topic of wifi tethering. It seems that AT&T has been sending out letters and changing, or threatening to forcefully change, data plans to disallow unlimited data plans and to charge you for your tethering trangressions.
I put two and two together and asked how AT&T is catching the alleged offenders. To my shock, or lack thereof, the answer has been starring us all in the face; CIQ. This claim by my source was not just an empty accusation. They provided me with specific information from CIQ showing how they can and do monitor what applications you have and use, including ALL side loaded applications and materials. CIQ's own sales and marketing information shows graphs and data about app usage, including apps that have nothing to do with the network or AT&T & they also monitor how users handle different advertisements. Whether you ignore ads or click on one and follow it to a website, AT&T knows.
Firstly, what bothers me the most about this is that I can create an application for private use, one that has no bearing on the AT&T network, and they still can access information about my application and it's use. Yet AT&T states that they use the CIQ embedded software for monitoring and improving the AT&T network and the user experience. Seems contradictory to me.
The second thing that frustrates me, the fact that Congress passed a bill making it hard for companies to advertise and data mine over telephone lines. It didn't matter though, as companies had already begun advertising and data mining through electronic means. So you have the right to opt out and not participate if ad and data mining companies call you at home, but if they take that information over tablets and smart phones without asking or even giving you the opportunity to opt out, these companies think they are okay to do so.
Finally, all of the companies that use CIQ have insisted that the information they receive is anonymous. However, if that is true, then how is it that they are finding wifi-tethering offenders through the use of CIQ & sending them emails and letters? I imagine that it would be hard to take anonymous data and magically divine who has been tethering and where they should send the emails and letters notifying you of the need to change to the more expensive data plan.
wtf MAN ..i need to install a custom ROM on my SGS2 asap ...thanks man
thank you for sharing, please keep working to keep us all inform so that we can learn to keep "them UN-informed"
No doubt Carrier IQ can catch you tethering, but I don't think this is their method for that. I received a tethering notice from my Windows Phone which is atleast said to not have CIQ. On the Samsung Focus, the message from AT&T is only received when utilizing wifi tethering, there are no issues if you're using USB tethering. If CIQ was actually installed on WP and was to blame, I would have received the message for both methods.
That is a great point. I always tethered using Windows Mobile & Windows Phone, but neither I nor anyone I know ever got a letter about it.
I am wondering if in your case it was Uber-High data usage? I got a message after using it three times on an HTC Android Device.
Sent from my HTC PH39100 using xda premium
Personally, I have no problem with just getting some data. It starts to alarm me when everything down to the keys I press are being collected.
I just sit and wonder if some man is sitting back in a computer chair laughing-
"Hey Jim! I told you that guy would forget to bring his girlfriend her keys! You owe me five smack-er-roonis!"
To me, it all comes down to who exactly is seeing my information. I was thinking today, when my contract was signed with AT&T in 2005 and have been doing so until now, I'm sure taking my information wasn't in the contract.
As you have done, first thing tomorrow I'm going to make a lot of phone calls and find out what is exactly is going to happen. With permission, unlike CarrierIQ, I'll record each conversation so you good folks here can hear the truth(or lies, you know salesman).
Please continue discussion here

[Q] Unusual Camera questions

Hey people reading this! So this is the deal I live in spain and my school is discussing make mobile phones such as android and blackberry allowed in teh school. But there´s a problem in Spain there´s a law that says you aren´t allowed to take a picture of somebody and upload it to internet without there permission. yes dumb I know but that´s the law and the school doesn´t want the students to get int trouble nor do they want to get into legal twists and so on. So my question is there a possibility to develop an app that uses the camera minimal usage like using no intake of light = black. So other apps can´t access the sue of the camera. And have it sync with the schools servers with the latest calender and so on. But the twist is is it possible without root access. I´m not very experienced in the android field but I would appreciate some heads up on this. My head tells me it would be possible on black berry android but not ios.
Thankyou for all your answers in advance, and also thankyou for you taking your time to read this.:good:
Simple no tech answer. Tape a small piece of paper over the lense ,
-------------
I am a dishonest man, and you can always honestly trust a dishonest man to be dishonest. Honestly it's the honest ones you have to watch out for.
I don´t think you understand
xMrArnoldx said:
Simple no tech answer. Tape a small piece of paper over the lense ,
-------------
I am a dishonest man, and you can always honestly trust a dishonest man to be dishonest. Honestly it's the honest ones you have to watch out for.
Click to expand...
Click to collapse
How it would be useful is cause the networks proxy server would send a push notification that autostarts the app and drops the connection to the device if the app was exited/terminated by the user. I know it´s possible to do it the question is, is it possible to do it without root accsess. That´s how schoool keep themselves out of trouble cause you wouldn´t be allowed to use your phone without being connected to the network. There will also be distruptors set around the school so no tele signals can be used which essentially kills of the problem with calls and SMS. Thankyou for your answer anyways tho
laxan96 said:
How it would be useful is cause the networks proxy server would send a push notification that autostarts the app and drops the connection to the device if the app was exited/terminated by the user. I know it´s possible to do it the question is, is it possible to do it without root accsess. That´s how schoool keep themselves out of trouble cause you wouldn´t be allowed to use your phone without being connected to the network. There will also be distruptors set around the school so no tele signals can be used which essentially kills of the problem with calls and SMS. Thankyou for your answer anyways tho
Click to expand...
Click to collapse
There are some problems with this logic:
1.) The connection to the device will most likely be a wi-fi connection, therefore killing that connection will not stop someone from uploading a picture using the mobile network
2.) You are talking about the school setting up cell disruptors around the campus. You might want to check whether this is legal with the laws in your country, as here in the US it is a felony to tamper with the cell networks using any sort of cell network disruptor.
3.) Since the camera can be used without a network, what is to stop someone from taking a picture of someone, then going home to upload it?
Now, to answer your questions, we would need more information. Are these devices being provided by the school, or are they BYOD (students bring their own devices)? If they are provided by the school, you can create a custom rom that does not have any assets for the camera, therefore any camera app would be forced to close, as they can't access the resources it needs. This would require root access. If it is BYOD, you face a much larger issue as forcing students to install an app that could potentially alter data on their devices might be in conflict with privacy laws in place in your country. Again, you would have to conduct more research into the legal issues that are brought up.
syung said:
There are some problems with this logic:
1.) The connection to the device will most likely be a wi-fi connection, therefore killing that connection will not stop someone from uploading a picture using the mobile network
2.) You are talking about the school setting up cell disruptors around the campus. You might want to check whether this is legal with the laws in your country, as here in the US it is a felony to tamper with the cell networks using any sort of cell network disruptor.
3.) Since the camera can be used without a network, what is to stop someone from taking a picture of someone, then going home to upload it?
Now, to answer your questions, we would need more information. Are these devices being provided by the school, or are they BYOD (students bring their own devices)? If they are provided by the school, you can create a custom rom that does not have any assets for the camera, therefore any camera app would be forced to close, as they can't access the resources it needs. This would require root access. If it is BYOD, you face a much larger issue as forcing students to install an app that could potentially alter data on their devices might be in conflict with privacy laws in place in your country. Again, you would have to conduct more research into the legal issues that are brought up.
Click to expand...
Click to collapse
Oh it is legal there and may be come legal here if things don't change soon. That same law will becoming to us soon don't doubt it. With the privacy concerns coming up we will see this sooner or later.
No to answer the OP. No you won't be able to do this without root. There are some companies that sell devices without cameras just for this purpose as alot of business don't allow camera phones in the building. That maybe you other option.
Wayne Tech Nexus
zelendel said:
Oh it is legal there and may be come legal here if things don't change soon. That same law will becoming to us soon don't doubt it. With the privacy concerns coming up we will see this sooner or later.
No to answer the OP. No you won't be able to do this without root. There are some companies that sell devices without cameras just for this purpose as alot of business don't allow camera phones in the building. That maybe you other option.
Wayne Tech Nexus
Click to expand...
Click to collapse
Are you referring to the use of cell disruptors? I highly doubt that this would ever become legal in the states, as the potential for abuse is too great. There is also other concerns that these can be used against law enforcement to block their communication, which could be bad during instances of conducting a search warrant, or to block emergency communication, which is why the use of cell disruptors is prohibited by the FCC in the first place.
syung said:
Are you referring to the use of cell disruptors? I highly doubt that this would ever become legal in the states, as the potential for abuse is too great. There is also other concerns that these can be used against law enforcement to block their communication, which could be bad during instances of conducting a search warrant, or to block emergency communication, which is why the use of cell disruptors is prohibited by the FCC in the first place.
Click to expand...
Click to collapse
We will see. I already keep 2 one in my car and one in my kids car. Activated when the car starts. If they do become legal completely I am sure that law enforcement will have other means.
Wayne Tech Nexus
Answering your questions
syung said:
There are some problems with this logic:
1.) The connection to the device will most likely be a wi-fi connection, therefore killing that connection will not stop someone from uploading a picture using the mobile network
2.) You are talking about the school setting up cell disruptors around the campus. You might want to check whether this is legal with the laws in your country, as here in the US it is a felony to tamper with the cell networks using any sort of cell network disruptor.
3.) Since the camera can be used without a network, what is to stop someone from taking a picture of someone, then going home to upload it?
Now, to answer your questions, we would need more information. Are these devices being provided by the school, or are they BYOD (students bring their own devices)? If they are provided by the school, you can create a custom rom that does not have any assets for the camera, therefore any camera app would be forced to close, as they can't access the resources it needs. This would require root access. If it is BYOD, you face a much larger issue as forcing students to install an app that could potentially alter data on their devices might be in conflict with privacy laws in place in your country. Again, you would have to conduct more research into the legal issues that are brought up.
Click to expand...
Click to collapse
zelendel said:
Oh it is legal there and may be come legal here if things don't change soon. That same law will becoming to us soon don't doubt it. With the privacy concerns coming up we will see this sooner or later.
No to answer the OP. No you won't be able to do this without root. There are some companies that sell devices without cameras just for this purpose as alot of business don't allow camera phones in the building. That maybe you other option.
Wayne Tech Nexus
Click to expand...
Click to collapse
To answer you question yes this is a BYOD type of deal and how the school are going to keep themselves out of trouble, is that you aren´t allowed to use a cell phone without being connected to the network. The cell disruptors are legal and the privacy concerns are also green since there is ofc going to be a terms & conditions agreement to accept or decline the first time you open up the application. Ina ll honesty the school just wanna cover there asses so they don´t have problems in the future. So it´s not there problem anymore if someone kills the app and the phone disconnects from the network and they take a picture. Most people don´t use an autostart manager so it won´t be a huge problem either.
Now you say that it isn´t possible to do this without root access then we got an issue that isn´t solvable. Or is it just to complicated to develop? From what i understand they have the resources to do it if it´s possible.
Why I got involved in all this was cause I had kinda the same ideas and I was talking to one of the teachers and he told me that the principal teacher had similar ideas. So I went and talked to him, my thought process were let´s put our ideas together. Then he told me about this issue. And finally why I´m asking you all this is cause I don´t have any experience in programming alltho I do have a lot of experience with both computers and cell phones.
Thankx yet again for all your replies so far I appreciate it a lot!

Blackphone opinions???

I ran into this article today and I wanted to see what the people on XDA think about it. This company is working on a Android phone that it's primary purpose is to protect the users privacy.
Here's the link: http://mobile.theverge.com/2014/1/1...nn-silent-circle-geeksphone-blackphone-launch
Read the article, watch the video and let me know what you think.
Sent from GNote 3 rooted with kingo.
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
I saw an article about this venture also. This is a good thing. If he gets press about this phone, maybe other venders will take notice and start building in privacy features as well. :good:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
orangek3nny said:
I don't see the need for new hardware here. If they really want to secure something, they could create a mod for Android, that could be installed on a variety of devices for example.
Besides, if they encrypt telephony, messages and stuff, they will need to be decrypted again - but the question is where and how? I bet they won't have any hardware encryption module and even if they do, it will make communication with other phones impossible. Software encryption means other phones will need to install some additional software to communicate with the Blackphone and it might be a bit inconvenient.
Click to expand...
Click to collapse
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Andronote3 said:
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
JamieFL said:
I think you are missing the point. As you or I may not NEED this kind of security, I'm sure you can think of someone who does.
Obviously, there would be two levels of privacy/security... Connections between 2 black phones and everything else. So who utilize a black phone? How about corporations and governments? Law offices, professional sports teams, or doctors and hospitals.
Now, even though I do not NEED this, if it was affordable, I would heavily consider it.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I understand what you are saying and I completely agree with you. It looks like a device that corporations and the government would "benefit" more than regular users. Either way, It won't fix 90% of all the problems people face when it comes to staying safe against privacy/security breaches. I truly believe that they are using the whole NSA scandal momentum to make people believe that they are safe/secured if they buy this phone.
P.S: Nice quotes.
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
But, what's wrong with these apps fine tuning my specific desires to my Location?
You can't stop people from stealing your identity. The hacker/firewall paradox is, for every walk you build, they will build a taller ladder.
The only thing really close to full privacy in data sending is, that light source that sends data. It's a light bulb, and the light has data in it, a sensor receives it. It can be held within the walls of a room. But that only effects a closed circuit type system. If that light source is connected to the Internet, then game over.
Why do you think record companies and movie companies keep their computer systems offline and deal in only physical media? A hacker will get into anything I'd you give him the tools and time.
This phone gives a sense of security that is non existant
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
SaintCity86 said:
I saw this phone.
It isn't an answer to every privacy issue.
What its an answer to is, not having to agree to an android apps permissions to gain access to the app.
These apps don't make their money off the app sales, they make their money sending information to retailers.
Retailers own the world.
The question I still pose is... What's wrong with retailers knowing where you are?
There's nothing you can do about the government. They won't let us make things that are government proof, nor would they (The retailers ) want to.
http://forum.xda-developers.com/showthread.php?t=2658527
Click to expand...
Click to collapse
nailed it
The problem is Android itself. Thanks to Xprivacy, it's a lot easier to control what leaks out of your device. Personally I'd rather see more encryption mechanisms than this. FFOS seems to be on the right path
There Is nothing you can do to stop identity theft.
Nothing.
And there is nothing you can do to do the government from tapping your lines.
You want a safer form of communicating, send Voice recordings over text.
That's an entirety separate warrant, and harder to get. Other than that. It's hopeless
You've Just Been Tapatold ♧♢dbombROMv3.4♤♡
My Theme ( Taking Requests )
http://forum.xda-developers.com/showthread.php?t=2658527
d1rX said:
FFOS seems to be on the right path
Click to expand...
Click to collapse
I think you mean FOSS[1] = Free and Open Source Software. Anyway, I fully agree, in fact, that is the ONLY way. Closed source encryption programs can't be 100% trusted by definition. There might be security flaws, intentional or not.
Anyway. the NSA has backdoors to every operating system[2], so if you're really a target, they get you. Also, there are more than enough security holes in the layers under the operating system[3].
I think what these phones are supposed to do is bring end-to-end encryption for e.g. industry users so they don't get spied on. The NSA and the US government can get their hands on encryption keys for servers like in Lavabits case[4]. But this is the transport encryption. The data is, if not otherwise secured, available in plain text on the servers of providers. This also means, the officials can decrypt ANY data that comes in, not just the one of actual targets.
Now, end-to-end encryption makes sure even the provider can't see your data in plain text because you encrypt and decrypt it on your device. What Blackphone does is, it uses the apps from Silent Circle, a closed source encryption programm for VoIP and messages. Although the owner of that company is the well trusted cryptographer Phil Zimmerman, one can never be sure.
That's a good point. how a non blackphone device is gonna decipher the encryption? how is it going to get the key? How can a non blackphone device even a establish the same "secure" connection?
Click to expand...
Click to collapse
You can install and use Silent Circle on any(ok, a lot of) phone(s). Just make sure you don't have additional malicious software installed. Any yes, it costs $100/year or so. And you get a subscription for SpiderOak, sort of a Dropbox but they encrypt the data before uploading. Any you get a better overview over what app uses what permissions. A few extra tweaks basically.
Alternative: Android Phone with CyanogenMod/Replica. TextSecure for messages, RedPhone for VoiP and owncloud for files. Way cheaper too, and open source, also made by well respected cryptographers like Moxie Marlinspike[5]
[1] de.wikipedia.org/wiki/Free/Libre_Open_Source_Software
[2] zerohedge.com/news/2013-09-08/nsa-has-full-back-door-access-iphone-blackberry-and-android-smartphones-documents-re"]backdoors to every operating system
[3] forum.xda-developers.com/showthread.php?t=2530044
[4] techdirt.com/articles/20131002/17443624734/lavabit-tried-giving-feds-its-ssl-key-11-pages-4-point-type-feds-complained-that-it-was-illegible.shtml
[5] thoughtcrime.org
if they want to spy on us they can ... that's it...
More info?
Hi all - looking for more info on this phone - just joined XDADev to post this.
Specifically, what brands might this hardware be found under? Know it's a Tinno S8515 but have yet to find out anything about that; seems like Tinno generally makes phones for other companies?
Any help is appreciated!
Best,
-Cx
:cyclops::cyclops::cyclops:
The greatest challenge to securing a phone is not the OS or the apps running on it, it's the baseband. We have known for well over 30+ yeasr how to harden a *nix based system (like AOS), but we haven't even started to question WTF is going on in the closed source 10-100 MB baseband RTOS, which have fulll access to your entire FS and the most important phone operations, like SIM, RF, EMMC etc etc.
Only forcing the corrupt modem OEM's to release the sources of the Baseband firmware could improve the situation. This will never happen, unless there is another baseband Snowden out there somewhere...
We already know that the BP/CP FW is extremely insecure, and relies almost solely on obscurity as their main mechanism of protection. If this was not the case, the iPhone unlock developers would have been fekked long time ago, and the rest of us would sit around with SIM/network locked bricks filling up our bookshelves.
Unfortunately the greatest majority of the millions of XDA members are completely carefree about this issue and are only happy as long as they can "tweak some ROMs". So this will never be the place to find/see any serious baseband reversing, no matter how important it would be from a security standpoint.
So to summarize, your Qualcomm baseband will continue to send your exact GPS coordinates to the network provider at will, without you ever knowing, and without anyone (here) caring. So goes for the FM transmitter that is part of the baseband FW in both Intel and Qualcomm based phones. Do you have control over that? Never.
Only a serious long term spectrum analysis study could reveal whats going on there, where and when you're not (able) to watch.
This phone is the biggest scam lol.
hyshys said:
Saw news about this and came here to seek out does any1 have opinions about it.
i wonder, does the safety come from hardware or is it the OS what makes this so safe.. if it is the OS, i hope some1 smart enough makes custom rom for this.
Click to expand...
Click to collapse
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
iliass01 said:
I was wondering this too. If it is only the rom (just like the $1300 pwnphone). It should be port-able
Click to expand...
Click to collapse
Blackphone. - no hardware security, just software, and most of it is NOT open source. Some here (@SaintCity86 , @repat) has their points, and they are mostly right! If you want some security (and I said some!!!), then get rid of most of your apps (permission check and some common sense), all Google apps (yes, all of them), install a paid (not free) and high quality VPN software, don't use the phone feature (only data sim-prepaid), get an internet phone number (with no personal details), use end to end encrypted apps to make calls and send and receive texts, install Xposed and Xprivacy (or any other variant) and limit even more the apps you have on your phone. Don't use it as your only phone, but as a secure device and share your number and other infos with trusted people! In this case, maybe, you will be able to add some layer of security and actually be able to use it. And most important, don't give your phone in the hands of anyone! It is a bit paranoid, but it's the only way! But, don't be fooled! You can have some security, only if you stay under the radar, and don't gain some attention. If yes, then you have no luck! Personally, I have seen the Blackphone, and tested it for some time, and I am not really convinced it can be trusted.
Good luck!
Andronote3 said:
I really don't see how this phone is gonna change anything. Apps and websites have keyloggers, You still need a carrier to get service from and they have control of all your traffic. What about radio frequencies that can be intercepted, IP addresses, GPS chips sending signals to satellites, baseband and firmware are connected thru the cell towers of the carrier. I'm starting to think this phone is a scam.
They said nothing about how they're dealing with all this. They are probably using the whole NSA scandal momentum to fool people into believing they are safe if they buy this phone.
Sent from GNote 3 rooted with kingo.
Click to expand...
Click to collapse
Would just like to correct this common misconception, GPS is one way.
GPS receivers as found in your phones, or navigation systems, receives GPS signals only. Nothing gets sent to satellites in this process, the algorithm is purely one way.

I need help from an Android expert for my identity theft case

Hello:
I have a Galaxy Note 10+ on Android 12. I recently woke up to find an extra checking account added to my name at Navy Federal Credit Union. Money was transferred into then back out of that account, amongst other things that they did. Long story short, NFCU denied my fraud claim. Their security team told me the reason for the denial was that a "device of historical record was used" to open the account and process the transactions. Which is impossible, as my husband of twenty years was in the ICU when this was happening and I was with him, and phones are prohibited in an ICU. Also, the month before, I had started getting notifications on my phone that Amazon was charging my Capital One cards for purchases I did not make. I contacted Amazon, they had me change my password, got refunded, and the intrusions stopped. Interestingly, there were two names and addresses added to my Amazon account, I am guessing those were the names and addresses from the fraudulent purchases. Anyway, i am working now on an appeal to NFCU to get my money back after they debited my checking account for their loss after I called to report the fraudulent account. Is there any way possible that someone would be able to use a different device that appears via the network to be my device? I was told that they could tell because of "unique identifying codes" so i am assuming either the IMEI or MAC address.
I did have three things happen, any of which could have potentially granted access. One, I tried to root my phone using an app purporting to be Kingoroot, but the root was unsuccessful. Two, I did one time download and try to install an app via APK Downloader app store. It didn't work and I uninstalled it and have not tried again, nor wlll I ever try again. Both of those things happened in the summer of 2022. The last was actually from my Windows laptop - an Asus ZenBook - also in the late summer of 2022. I have been getting fake emails from Navy Federal for a long time, and usually you can tell right away it is fake because there will be something that doesn't look quite right or something misspelled, etc. I received an email one day however that looked perfect and legitimate, saying I had a message from NFCU, and I was actually at the time expecting a message in reply from NFCU so I didn't think and clicked on the link and attempted to log in. Right after I hit submit, I noticed the URL was resolving to nfcu.org (or maybe nfcu.com) and not to navyfederal.org like it should be, so I immediately closed the tab before it did whatever it was going to do.
NFCU argues that because of 2FA and the transactions being from a device of historical record that it was me that did the transactions, even though I am wholly innocent and had no idea this was happening until after the fact. They at first said that I must have been the victim of my email being hacked, so I changed that password, but not before I suddenly started getting literally hundreds of spam emails to that account, all from vendors thanking me for signing up to their marketing email distribution list. I am assuming the device NFCU is talking about was my Note 10+, but they will not tell me "without a subpoena" which device was used. I had also traded in a smartphone to Samsung in the past year, had sold a smartphone to a guy overseas via eBay, and had sent in the laptop I had for an insurance claim, which they kept and issued me a check instead, with which I oourchased the ZenBook I now have refurbished off eBay. So there are other possibilities, but even with those, it would have required somehow being able to resurrect my identity on those devices as they were wiped before sale/sending them off. My current laptop got a clean install of Windows immediately when I got it so I doubt that is the source. I also do nt install pirated software on it or use torrents, etc. If anyone has any information on what could be possible in this case, I would greatly appreciate anything you can tell me. My husband passed away in the middle of all this, so having funeral expenses on top of loss of income has been very, very difficult financially, and losing one's spouse of twenty years is devastating mentally, so I really truly need to recover these funds and put this issue to rest. To do that I must figure out how someone could do transactions on a device that appears to be my device but it isn't mine. How is this possible?
Thank you for your time and assistance, I am very grateful for any information you may have that could help me with my appeal.
I'm very sorry to hear this happened to you. I have some experience with this. Most likely, you will need to hire an attorney who specializes in this to get your money back. If you haven't talked to NFCU corporate in VA. I would also recommend doing so. Keep logs of everything you do. Record pertinent conversations.
Best of luck you to you!
defcondoc said:
I'm very sorry to hear this happened to you. I have some experience with this. Most likely, you will need to hire an attorney who specializes in this to get your money back. If you haven't talked to NFCU corporate in VA. I would also recommend doing so. Keep logs of everything you do. Record pertinent conversations.
Best of luck you to you!
Click to expand...
Click to collapse
Thank you very much for the reply! I planned to assemble my appeal and fire it off via the regular channels plus as you suggested send a copy of everything to NFCU corporate.
Have a great week!

Categories

Resources