My situation:
In my company we have about 30+ handsets currently running Android (standard and custom ROMs from XDA). The handsets include HTC Desire HD, HD2, Desire S and Desire Z. The users cannot be trusted not to brick the phones if they are allowed to download apps and modify them in anyway (not to mention they are business phones so shouldn't have facebook etc on them any way).
I've heard about admin tools which allow control of handsets remotely.
Requirements:
So, if possible, what i would like does something along the lines of...:
1: Blocks further apps from being added to the handset without a password
2: A lock to keep as many of the settings as is originally provided (wallpaper etc)
3: A master admin tool which i can remotely manage all the handsets from (download requested and approved apps, wipe, lock, locate and reset the phones if lost...etc)
What i have done before to stop the users adding further apps is register my email address to Android Market on all the phones, then changed the password using my desktop). While this stops new apps from being downloaded from the market, it does mean i cannot remotely roll out approved apps as they are no longer signed in to the account.
Is there anything out there which does any/all/some of the above?
Is there one tool which can manage all these tasks? Or will it have to be seperate apps like Norton Mobile Security (such as) etc?
Can anyone get their heads around this?
Thanks!
The market lets you download apps to a phone.
Lookout Security does all of the security tasks you want.
Thanks, that would take care of the remote wiping, locating and locking.
Does Android provide any corporate setup for administration of lots of handsets? Surely this is a niche in the market for some devs to jump on if there isn't something like that already.
And i know Android Market allows you to remotely download apps to multiple phones but i want to make it impossible to download through the phone itself. (so i can add apps but the user can't)
Something that performs like MFormation Enterprise Manager but avoiding the $20k price tag! (a tall order i know)
Sonic_Sonar said:
Something that performs like MFormation Enterprise Manager but avoiding the $20k price tag! (a tall order i know)
Click to expand...
Click to collapse
Hello,
Have you found any apps that fit your needs? Do you use them? If no, is your organization still interesting in mobile device management service?
I'm asking because I'm working for http://bloove.com (personal phone management service) and we're going to expand our offer to small and medium companies.
This new service will combine existing contact, sms, phone log and bookmark backup for personal phone with MDM features like centralized app management, location and wipe service etc.
We're looking for early adopters who will have a chance to add their custom requirements to the service and get this service for free for up to six months.
Please let me know if you're interested and want to discuss this further.
Thank you,
Rostislav
[email protected]
Please use the Q&A Forum for questions Thanks
Moving to Q&A
I did something like this ...
I first installed openssh server, plus a script that checks a specific URL for remote access needs (had to do it that way since my carrier blocks connections on all ports).
The server side is a simple php script that you call like this: check.php?deviceid=[ID]. The script checks a DB to see if there is anything new for that device ID and acts accordingly. I implemented three features: Tunnel, Script, Install APK. So, If I want to install an APK to all devices, I just upload it on our webserver, and on the MySQL DB I add devices id = all, action=install, file=/apks/whatever.apk. If, for instance, I want to do something more complex on certain devices, I add: id = all, action=script, file=/apks/whatever.sh. I write the script, then all phones check for updates on this check.php every 5 minutes, if they find a script, they'll download and execute. If it's an APK, they'll download and install. If I insert a line with deviceID=[deviceid], action=tunnel, file=[PORT NUMBER], then the phone will SSH into a remote server and do a reverse port forward, on [PORT NUMBER]. Then I can just SSH into localhost:[PORTNUMBER] on the server, and I'll have a terminal inside the phone to do whatever I need.
This doesn't address the restrictions issue, but it does allow you to control the phones however you want.
Regards,
Almafuerte.
As the title say pretty much it all, i need help with SELinux.
I do not quite understand it's purpose and why it got introduced.
My main problem right now is i cant use some very apps like before (Android 8 or less) since i'm now in Android 11 or more.
Also i've been warned that we cant record our calls now in android since Android 9 ( i may be wrong) but i know that even before you couldn't record normally calls. To bypass it you had to use the loudspeaker and record hands-free. I read somewhere that how the modem firmware was coded wich prevented to record calls both ways and to record normally calls you had to flash the modem firmware...
I live in a jurisdiction that allow to record calls both way and allow recording between two persons being one of them in the discussion, ex: you can't record other people discussion if you're not part of it.
So that's pretty what help i'm looking for and would like to have some help with other things mentioned above.
I have a Motorola Moto One 5G ACE witch custom rom Havoc Os and also an old Samsung Galaxy S4 also with a custom rom.
Thank you.
P.S. Sorry for bad english, it ain't my first language.
SELinux ( Linux ) in the world of Android devices is SEAndroid, it got implemented wiith Android 4.3. Some SELinux concepts aren't implemented in Android, hence we correctly have to speak of SEAndroid.
As part of the Android security model, SEAndroid enforces mandatory access control (MAC) for all processes, even processes running with root/superuser ( AKA su - switch user ) privileges. With SEAndroid, Android can better protect and restrict system services, control access to application data and system logs, reduce the impact of malicious software, and protect users from potential bugs in code on mobile devices.
IMO SEAndroid is somehow comparable to UAC known from Windows OS.
SEAndroid by default operates on the principle of default denial: anything that is not explicitly allowed is denied.
To change SEAndroid permissions on a per app basis Android must be rooted.
More info here:
Protecting Android with more Linux kernel defenses
News and insights on the Android platform, developer tools, and events.
android-developers.googleblog.com
Please find below the details of issues we are currently facing for capturing the location via mobile app.
Requirement:
The android mobile application is being used by field executives who need to visit many farmers and retailers on a daily basis. The executives submit their activity report at the end of the day.
Customer wants to track the locations visited by these executives and validate the submitted report against the captured locations. For capturing the location, the field executives should not be required to do anything extra in the mobile app and location capturing should work automatically in the background. Users need to just provide the required permission while installing the app and enable the location service on their device while using this application.
Problem Statement:
Tried the below mentioned approaches.
1) IONIC Background Location Plugin : It's updating the location when the app is in open state but it's not working after the app goes on background (Pause state).
To run the app in background we have used a background mode plugin. But it's not working in the background state.
Plugin links:
https://ionicframework.com/docs/native/background-geolocation
https://ionicframework.com/docs/native/background-mode
2) Geolocations watch position: Tried this method as well. Getting precise location when app is in open state. But unable to get locations on background state and screen off state.
3) TransistorSoft plugin: With this plugin, for most of the users having mobile devices with OS Android version 9 and above, either the location tracking is working fine without any manual settings required or started working properly after doing some manual settings on their device.
Some brands like Oppo, MI, Vivo have a custom OS layer on top of Android OS with additional settings to prevent apps from consuming battery extensively. Due to this the location capturing stops after some time.
Some mobile devices, specially with custom OS, do not have required configuration options to allow apps to run without any barriers in the background and capture the location.
Mobile app technical specifications:
Application Type: Hybrid
Framework: Ionic 5
Used on OS: Android
I am looking for a reliable location tracking solution for the existing app which will work accurately and uninterruptedly on any Android devices (or above certain OS version) with minimal manual settings required.
Request you to please help me in this regard.
Hello.
I have a question about Android preinstalled security certificates. There is possible to view them in system, turning off and on. But unfortunately there even no possible to copy-paste sha and it's fingerprint (maybe it just in particular ui of phone, don't know).
So if iam interested to bulk check all of them for issues/more info/research is there a way by some app or maybe pull them somehow from phone with ADB interface and then import and perform mentioned above tasks in some Windows software/ Linux/web frontend? And then turning off what is not good.
Because for example many of them has expired dates, some of them issued by CA or countries that iam personally have no default trust, etc.
p.s. Iam mentioning a FACTORY STATE OFFICIAL SOFTWARE and firmware phone, Android 12, December 2022 security patch.
Thanks!
Hallo,
I've noticed this problem 1 year ago and it keeps affecting my different Samsung devices, when I format them, even with nand erase and re partition using pit files, after some days or even hours the problem comes back.
The said permission contains an unique code for every token on different Samsung proprietary apps, like smart switch, Samsung account, etc.
It's some sort of backdoor that allows a user with high privileges to run shell codes of every sort, and even creating a Linux subsystem, or having subtle root access to change build prop data, and imei spoofing, and many other issues that can be addressed as digital identity theft.
Any help about how to get rid of that?
Here is a further explanation of the issue (I don't know if I can post such links, in case not sorry moderators)
Remote Code Execution as System User on Samsung Phones - NowSecure
We examine a security vulnerability of Samsung devices.
www.nowsecure.com
That's interesting, thank you