[Q] [Nov 2017] Knox - Down sides of tripping it? - Samsung Galaxy S8+ Questions & Answers

I have searched xda and stackexchange to get this answer but have not been able to get a comprehensive list of what all will go if I trip Knox. Some answers were very old so I wanna see what all will I lose now with the latest Knox in my S8+? Some of the things I already know but don't care about losing:
1. Samsung Warranty
2. Secure Folder
3. Samsung Pay
4. Banking Apps
My actual concern is about device security as a whole e.g. if my device gets stolen, then except the data in my Secure Folder being secure, is there any other advantage of Knox too? Like the thief wouldn't be able to boot up or use my phone or anything of the sorts? Or the internal storage would be encrypted and there'll be Secure Boot only with Knox? I plan to flash TWRP too so what all am I going to lose? It would be amazing if we get a complete list of Knox features.

If you disable FRP lock to use root stuff, any thief can simply install a new ROM to your device and get full access as an owner without any protection. If FRP lock is enabled (not rooted), the person who steals your phone has to know your Google account login to use the device, otherwise the phone will be a brick stuck in the setup process. When you get the phone back from the thief, you can login with your Google account and have access to the phone again.
If you want to root, go for it, but I don't really see the point right now. LineageOS is not a daily driver yet (amazing that it exists though!), Note 8 ROMs bring only a few new things like different Infinity wallpapers, and things that required root before (f.e ad blocking) can be now done without root.

My banking app works with root but the finger print option is not available because of root. only thing i do miss is secure folder as that does not work.

Related

Want to insert tracking app - what app, knox, root, updates.

Hi Guys,
I've got my SM-920F and I have the very same dilemma like when I got my S5 - to root or not to root
And back then I made a decision to not root it, because I was very satisfied with it's stock rom, didn't want to trip knox and wanted to use OTA (convinience).
It was all fine until my phone has been stolen.
So now I am wondering how to protect myself from not getting my phone back in case of theft.
A scenario I have in my mind goes like this:
Someone steals my phone. Screen is locked (fingerprint/pattern, doesn't matter).
What the thief does at first is a factory reset. Then it will use a phone or sell it to someone else.
The outcome is that the phone will be most likely connected to the internet. (unless it will be torn into pieces )
Now, if I had placed a tracking app on a partition, which will not be cleared by HR, it will send me phone location.
Questions:
1. If I get root not tripping knox, place my app, and then loose the root, app should be just fine, right?
1.1 If I will not trip knox getting root on stock, is there any possibility to trip the counter, when making changes in the system?
2. Update. No root == OTA working. Can OTA delete/disable my app? (out of scope: compability of the app with OS)
3. Do you know any suitable app for that?

Need help configuring Samsung Galaxy S7 SM-G930W8 (Canadian Model)

Hello,
I wasn't 100% sure if this was the correct thread or if I should have posted under the ROM section for this phone. We own a start-up company, and have signed some contracts with some larger companies. In one particular contract, we need to take certain security precautions.
My wife has purchased me a Samsung Galaxy S7 SM-G930W8 (the Canadian model). I live in the USA. It's unlocked and multi-csc (whatever that means). The product code is XAC (I believe that means unlocked). We contacted Samsung to verify that a USA sim card would work in the phone, which it does, and that it wouldn't lock the phone to that sim card, which it doesn't. So we're good there.
We explained the issue about the software. The phone comes with some software pre-installed that we cannot have on the phone if we're going to be using it as a company phone, which we would like to do. Samsung said we could disable most of the apps, which we were aware of, however, the contracts specifically states certain types of programs cannot be installed on our company devices.
I asked them if I where to gain root access and remove those programs, would it void the warranty. They said no. The only way we would void the warranty is if we dropped the phone and damaged it, or got it wet.
What would be the best way to go about removing these programs and trying to get a more cleaner version of Android? I understand that a ROM would have to be specific to this phone, because of the various hardware in the phone. But we are not looking for any "extra" programs that tend to come with ROMs to attempt and make them better. I noticed some ROMs for this phone include a custom installer, where we can pick and choose what we wanted installed. But they also come with customized kernels with various security features disabled (such as a fake version of KNOX).
Could someone recommend the best route to go here? Stability is extremely important, however, so is security. We cannot have unapproved third party apps / mods on the phone, but we have some leigh way there. For example, I could probably get around installing a custom recovery partition because the code on that custom recovery partition is not running while we're accessing company resources. If we have to go the route of using a custom ROM, we'd prefer one that supports over the air updates, but does not force them.
Any ideas?
Thank you and sorry for such a novice question. I had done a good bit of research into this and thought I found the perfect one, just to discover that it appears to no longer be supported and the thread on XDA has been deleted.
**EDIT: I should add that my wife upgraded it to Android 7, but I was afraid that would limit our options, so I downloaded the stock XAC ROM for this phone and used Odin to flash it back on, so it's currently running 6.0.1. I'm not sure if that makes a difference or not.
Thanks!
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
https://forum.xda-developers.com/galaxy-s7/how-to/root-required-oreo-disable-apps-t3814249
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Hai Karate said:
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
Click to expand...
Click to collapse
I apologize in advance if I get your gender incorrect, a quick google search shows your name is unisex. I am going to assume you are a male, until otherwise told so. Yes sir, you are reading correctly that I must completely remove the apps from my company devices, including this phone. I appreciate that my wife bought it for me, but she doesn't fully understand the business like I do and I don't think she really thought it through. I imagine it costed a good bit of money, so I'd hate to have her send it back because I cannot remove the apps.
I appreciate the links to the threads, however, I already know how to disable the apps, but that is not enough. They physically cannot be installed based on what they're capable of doing (ie, a potential for viewing documents / schematics / pcb layouts labeled as confidential or highly confidential, or even worse, being poorly written in such a way where the program is exploitable and someone gains unauthorized access to our network, the certificates we have installed on the phone, etc.)
Hai Karate said:
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Click to expand...
Click to collapse
[/QUOTE]
Updating to Oreo is something that we will be wanting to do, but something I have been holding off on, in case I have to flash a modified firmware, or ROM as it's sometimes referred to. As for Knox being disabled, I actually believe that is something we are going to need to happen, have it disabled. We use special software that provides similar functionality that Knox provides, but is a lot more advanced. We actually use a few products for that.
I do have to admit that my knowledge regarding cell phone firmwares is a bit limited, although I do write firmware for other custom created devices. My worries with custom firmware are:
1) Certain security features (excluding Knox) might be disabled or removed (ie, the ability to encrypt the internal flash, encrypt the MicroSD card, having SELinux turned off, having secure boot disabled)
2) The firmware containing programs that most people would find useful but stuff I cannot have. If I have the ability to uninstall it, that's okay, I can do that. But if it's stuck, like it is now, where I can only disable it, that is not okay.
3) Something being installed without my knowledge.
Our security setup checks company phones to see if they're rooted, and if they are, it marks the device as non-compliant. I can have a device as non-compliant for a few hours....but if it's marked as non-compliant for a few days, one of the larger companies we're dealing with call to ask why, and then we have to do a secure session, where they login to one of our devices, but cannot physically click anything, just look, and have us go into various software to see why it's non-compliant, and, well, it's not fun.
We had it happen once because my wife accidentally sent an email from a personal device to a in-house email address, which never got encrypted, and it triggered a security audit, which was not fun at all and I'd rather not go through that again.
Are there no bloat-ware free signed official images or is there no way for a developer to import a signing key into the device to keep secureboot enabled? Also, out of curiosity, why would running a custom firmware disable Knox? In our case, that's something we need, however, I was just curious. And if we go the route of custom firmware, is there a way to show that it's gone, or will all the custom firmware's install a fake version of Knox?
Thank you for taking the time to answer my questions. I really do appreciate it. I know how precious time can be, how busy a person can get, and I realize I have a lot of questions here, but I really need to make sure we're secure.
One of the programs we'll have on there is something called Symantec Endpoint Mobile. I am not sure if you have heard of it or not, but that provides virus protection, etc.
So CSC contains the regulatory information for my country and the providers....my phone is a Canadian phone. I thought Canada did not have Straight talk, yet, my wife's straight talk sim worked. I noticed in the recovery menu, it shows multi-csc. Does that mean my phone has the country specific stuff for more than one country? I'm wondering if I should try changing it to a US phone.
AP contains the kernel, the recovery partition, the system partition, and the bloatware, right?
BL is simply the bootloader.
If I could gain root on this phone without flashing a custom ROM or maybe somehow by just flashing something like TWRP without voiding the warranty, I could just modify the meta-data for the apps that I need to uninstall to allow them to be uninstallable, correct?
Since I went from a partial install of 7 back down to 6.0.1, my camera does not work. I'm wondering if it's because the ROM I used wasn't the correct ROM. It was the G930W8VLU2API1 ROM, minus the CSC, which was G930W8OYA2API1.
I've tried a factory reset, I've reflashed the ROM, using the non-HOME CSC, I've wiped the cache partition....still no camera. It simply says Warning Camera failed. I tried a few of the tricks I've read about on the net to fix it, but so far, no luck. Cleared the data and cache for just about every program, including the camera. I believe the problem might be because I have internet turned off right now, no sim card in, and even though I have automatic updates turned off, the phone still started to download an update.
Did Android 6.0.1 show Secure Boot status in Download mode? My wife, with the same phone, but the American AT&T unlocked carrier version (we paid full price), her's has a Secure Boot: Enabled. She's also running 8.0.0. With my 6.0.1, all there is is a Secure Download, which she also has, but no Secure Boot listed at all.
If secure boot is disabled, I should be able to flash any custom BL without tripping Knox, even if it's not signed.....right? I know with my datacenter, the bootloader changes even a bit, the servers and workstations are not booting, unless I sign the bootloader with my MAK.
**EDIT: Also, what exactly are these z3x things I see on the gsmhosting site? It's hard understanding exactly what they do based off their description because I don't think the developers native language is the same as mine. I go to z3x-team.com, and it almost looks like the device can do almost anything with the Samsung....upgrades, downgrades, unlock codes (wtf?), etc. Is it just a scam or are they worth the investment?
**EDIT2: I made a mistake. I guess there's some special Samsung Knox policy that gets applied to Samsung only devices, that configures it in some sort of way to make it compliant, so Knox has to stay.....

Spyware tracking software on the phone

So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
gesaugen said:
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
Click to expand...
Click to collapse
If the ex actually did something like that and embedded into the system partition on the device, a factory reset will not remove it.
You would need to flash the device with the firmware to remove it, you may even need to use the "re-partition" option in Odin when you flash the device.
It would also be wise to change the password on her Google account before flashing the device, to be thorough, change the password and maybe even the email/username while you're at it, then go to system settings and remove the account then sign back in with the new email/password, then flash the device, after flashing and booting, sign back in with the new account details.
I would also change passwords and account details for any other apps on the device, such as Facebook, Facebook Messenger, any other email addresses or other email apps and any other types of social media apps or other apps that require an email/username and password. Change any and everything on the device that the ex could have possibly had access to. If she also has other devices or PC's synced with her phone or email, I'd change the details on those other devices/PC's as well. If she has WiFi at home, change its password and maybe even see about changing the IP of her modem/router.
Then, after that, make sure she doesn't click on/open/download anything from anyone that she doesn't know, including multimedia texts/pics, it could be the ex trying to embed something again, opening it will just compromise the device again.
Sent from my LGL84VL using Tapatalk
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
VidJunky said:
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
Click to expand...
Click to collapse
As far as I know, Samsung does not have bootloader mode, it uses Download Mode, otherwise known as factory mode or Odin mode. It also does not quite display the information that you described as you described it. Some Samsung devices may or may not display bootloader status as "locked" or "unlocked", I've never seen anything about Samsung devices ever showing anything about *Tampered. I've seen devices show "custom binary" or "official binary" and show system status as "official" or "custom", some show info for secure boot, activation lock, kernel lock or Knox warranty void.
But, none of this necessarily has anything to do with whether something could have been embedded into system. You can push things to system even if the bootloader is locked and without "triggering" anything or being "flagged" by the system.
Plenty of Samsung devices have been rooted without unlocking the bootloader, without tripping Knox or Qfuse and will show binary status as "Custom"(the one thing that does show that the device is rooted/tampered but still doesn't necessarily indicate any malicious code that might have been placed by the ex, just rooting the device and nothing else would give the same result), all locks at default status as "locked"(non-tampered) and system status as "Official".
Given that the ex was the one that took care of and managed all devices that she owned, I would just take the thorough route just to cover the bases just because there are so many points of entry that the ex could have set up among all of the devices/equipment that she has.
Sent from my LGL84VL using Tapatalk
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
VidJunky said:
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
Click to expand...
Click to collapse
This tells me that you aren't familiar with Samsung devices because plenty of Samsung devices have been rooted without unlocking bootloader, I couldn't even begin to count them all. Unlocking bootloader is really only necessary if flashing a custom recovery or custom ROM. Not all Samsung devices are rooted by flashing a custom recovery to gain root. Most of the Samsung devices sold in the US have locked bootloader that cannot be unlocked by any means whatsoever, yet these devices can be rooted. Obviously, they have been rooted without unlocking the bootloader.
Yes, it may have the "reboot bootloader" option in recovery, if selected, that will boot you into download mode/Odin Mode. Typically, what you are describing with bootloader mode applies to devices that use fastboot, Samsung does not use fastboot, it isn't compatible with fastboot, adb works with Samsung but fastboot does not work with Samsung in any way, shape, form or fashion.
And it is possible to root a Samsung device, then install something in system and then remove root immediately after(which means that root checker will not see anything) and it won't show anything in Odin mode, won't trip Knox or Qfuse and still show Official in Odin mode. If it is rooted, then an app is pushed to system then root is immediately removed and this was all done without rebooting the device in the process, then the bootloader, Knox, Qfuse and all that never even detects that root was ever there because it was removed, which means it never gets loaded at boot for the bootloader and other security coding to see that root was there. Some can be rooted and then flash TWRP using Loki without unlocking the bootloader, which "shouldn't" be possible with a locked bootloader, yet, it is done.
I'm just saying, it isn't always as detectable as you imply.
Sent from my LGL84VL using Tapatalk

Banking app detecting Magisk even when hiding

Hi Guys,
I've installed a bunch of apps to check for root including Safetynet and I'm actually in fact unrooted just bootloader unlocked and using latest version of LightROM.
Unfortunately no matter using magisk core or uninstalling everything, hiding from system and hiding the banking app it still detects Root and that's SUPER aggravating.
Is there a way to know exactly what checks is failing when an app is attempting to detect Root as I said I haven't even rooted yet..
The apps are SBM mobile and Juice byMCB.
Thanks for your help!
Airbag888 said:
Hi Guys,
I've installed a bunch of apps to check for root including Safetynet and I'm actually in fact unrooted just bootloader unlocked and using latest version of LightROM.
Unfortunately no matter using magisk core or uninstalling everything, hiding from system and hiding the banking app it still detects Root and that's SUPER aggravating.
Is there a way to know exactly what checks is failing when an app is attempting to detect Root as I said I haven't even rooted yet..
The apps are SBM mobile and Juice byMCB.
Thanks for your help!
Click to expand...
Click to collapse
It says detecting root but it's actually detecting Knox has been tripped via modification.
It's well known that some banking apps and others will never work on a phone that has or had a custom Rom installed at some point.
cooltt said:
It says detecting root but it's actually detecting Knox has been tripped via modification.
It's well known that some banking apps and others will never work on a phone that has or had a custom Rom installed at some point.
Click to expand...
Click to collapse
Thanks for your answer.. So I checked with a knox checker app and it can't tell knox was triggered saying it's 0x0 (I know the efuse was tripped but magisk apparently can hide it at least from non system apps) and all the root checkers and safetynet checkers I ran could not see anything.
I wish I knew what exactly tripped this app, not sure if an app developer can open it up and see the logic in effect at startup?
What are my options now?
Since I tried removing root/magisk - did not help
1. Flash stock? knox would show up as 0x1
2. throw away the phone as it will from now on never run this banking app? that seems super extreme and when I asked before unlocking BL everyone was adamant banking apps were not a problem anymore.. sigh
Airbag888 said:
Thanks for your answer.. So I checked with a knox checker app and it can't tell knox was triggered saying it's 0x0 (I know the efuse was tripped but magisk apparently can hide it at least from non system apps) and all the root checkers and safetynet checkers I ran could not see anything.
I wish I knew what exactly tripped this app, not sure if an app developer can open it up and see the logic in effect at startup?
What are my options now?
Since I tried removing root/magisk - did not help
1. Flash stock? knox would show up as 0x1
2. throw away the phone as it will from now on never run this banking app? that seems super extreme and when I asked before unlocking BL everyone was adamant banking apps were not a problem anymore.. sigh
Click to expand...
Click to collapse
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
cooltt said:
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
Click to expand...
Click to collapse
If that's really the direction things are going it's pretty sad. Android turning into crapple.
Anyway I was wondering how an app (Bank) could have access to the real knox status while another not (the app I used detected 0x1 without magisk and 0x0 with magisk)
I don't want a world where I can't bootloader unlock my phone.. Already I regretted not bootloader unlocking it because it's 2019 and android can't backup all my app data yet. So if I factory reset, bam all my redownloaded stuff has no saved data (or most of it) and that annoys the hell out of me. There should be a way to basically nandroid a backup to your computer or sd card and restore that whenever you feel.
I was super bummed a month ago, my stock unrooted s7e was extremely slow and unusable, after rooting, and installing LightROM all went back to being fluid. I was about to spend good money for a new phone now I can't use my banking app at all and I'm *****ing cause I use it on a daily basis.
Airbag888 said:
If that's really the direction things are going it's pretty sad. Android turning into crapple.
Anyway I was wondering how an app (Bank) could have access to the real knox status while another not (the app I used detected 0x1 without magisk and 0x0 with magisk)
I don't want a world where I can't bootloader unlock my phone.. Already I regretted not bootloader unlocking it because it's 2019 and android can't backup all my app data yet. So if I factory reset, bam all my redownloaded stuff has no saved data (or most of it) and that annoys the hell out of me. There should be a way to basically nandroid a backup to your computer or sd card and restore that whenever you feel.
I was super bummed a month ago, my stock unrooted s7e was extremely slow and unusable, after rooting, and installing LightROM all went back to being fluid. I was about to spend good money for a new phone now I can't use my banking app at all and I'm *****ing cause I use it on a daily basis.
Click to expand...
Click to collapse
How can some apps see knox and not others? Read only access to the EFS partition.
Samsung (along with all phone Manufactures) develop their firmware together with all the big app developers who intend to use the platform. The banking sector has been hit hard with all kinds of IT related fraud especially with mobile banking. Banks simply cannot rely on customers to secure mobile devices so the choice is, block their app from functioning on a device that has been compromised in any way shape or form whatsoever or carry on taking the hit for banking fraud. If i was a bank i know which option i would choose, especially as governments are ensuring banks refund customers for their own stupidity.
With regards to open source and Android community mods, while it's been great there is a serious downside to it. More and more companies & developers are protecting their work and intellectual property. Mods will become harder and harder as much tougher security is built into apps and firmware. It's enervatible. Nobody makes money from phones which don't track your usage habits or can't show ads etc. We are all the product!
Lets not even talk about built in obsolescence.
cooltt said:
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
Click to expand...
Click to collapse
I must admit I find it sad that no one found a workaround It used to be that the community could outsmart the manufacturers now it seems maybe they all got employed instead
I guess we had a good run

IS UNLOCKED BOOTLOADER LESS SECURE/HOW TO MAKE SECURE?

In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and delete the lockscreen! But now devices are encrypted and that can't be done anymore. I also experience that some security apps require root for their full features (Android Lost). But I'd think it'd be easier to inject some sort script or flash something to help them with trying to get into your device (like removing the unlock attempt limit like is done with iPhone). Luckily Oneplus can relock with custom ROM but most can't ) : .
If you wanna talk about specific devices, maybe talk about Xperia Z5 II and/or LG G8 Thinq. And whether it IS or ISN'T less secure, what can be done to BEST secure a device? Whether official or not.
A device with a locked bootloader will only boot the operating system currently on it. You can’t install a custom operating system – the bootloader will refuse to load it. If your Android phone has a standard locked bootloader when a thief gets his hands on it, he won’t be able to access the device’s data without knowing its PIN or password. (Of course, a very determined thief could crack open the phone and remove the storage to read it in another device.)
If you’re unlocking the bootloader of your device and want to protect against this, you could choose to enable Android’s encryption feature what dependes on Android version - either FBE ( default since Android 10 ) or FDE ( default since Android 6 ). This would ensure your data is stored in an encrypted form ( AES 256 ), so people wouldn’t be able to access your data without your encryption passphrase. However, even encryption can’t protect your data perfectly.
Conclusion:
Of course, you probably don’t need to worry about this too much. If you’re an Android geek installing custom ROMs and rooting your device for your own use, you probably aren’t going to be the target of a determined and skilled thief who wants to access the data on your device. If your device is stolen, it’s probably by someone who just wants to wipe the device and sell it. And this wiping can easily be done by connecting the Android phone via USB--cable with PC and from there launching a specific command.

Categories

Resources