Related
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
With 1.5 i didn't have to use a password, but with 2.1 now i do.
This works
just thought i would update with my latest info. So here is the scoop. You can disable the exchange password lock and have it survive reboot/and mail checks. To do this follow these steps:
[APP] LockPicker - disable Exchange lock screen [30-03-2010]
Hi all,
"j0bro"
Just whipped an app together that disables the Exchange lock screen as soon as the server has enforced its policy by using a background service and an observer on the system setting. This requires no polling, scripting, etc. and survives reboots/enforcements
If you want to use the pattern lock follow the next steps if not just skip the next steps., First set the lock pattern before you setup your exchange server, Then after you set your pattern lock setup your exchange and it will ask you to set your password after complete download Lockpicker in the market and install & run. Iit will bypass the Password lock and the pattern will now work.
Or
klaus27
Originally Posted by klaus27
Ok, my app is ready. I have sent it to tamburylar for testing.
Version 1.0 is ready for testing. Working with HTC Sense. Waiting for reply for Milestone support. HERE
__________________
HTC Sense or Motorola Droid with Exchange and password policy? Get rid of it: http://forum.xda-developers.com/showthread.php?p=6044673
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
Click to expand...
Click to collapse
Not sure what you're trying to say here...
I'm using Exchange through my work, and the process is exactly the same as it has been on 1.5. Can you clarify your issue? Thanks!
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
Click to expand...
Click to collapse
This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.
As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.
swornenemy said:
This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.
As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.
Click to expand...
Click to collapse
Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks
networx2002 said:
Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks
Click to expand...
Click to collapse
Yeah android 2.1 is more EAS compliant and can actually do remote wipes if you ever lose your phone which is nice. I did this on my hero and it wacked everything off and would only boot into recovery. Thank god for nandroid.
Be advised that if you enter your password wrong 10 times, (provided that you are still using the built in android exchange support) it will format your phone as well.
I've got it backup, Just hate to have to unlock it all the time.
Wish they would let you use a pattern
networx2002 said:
I've got it backup, Just hate to have to unlock it all the time.
Wish they would let you use a pattern
Click to expand...
Click to collapse
I am in the same position as you. Delete your exchange account and use touchdown for your exchange mail. This way it doesnt require you to use a pin to use your phone except when accessing your exchange mail through touchdown
swornenemy said:
I am in the same position as you. Delete your exchange account and use touchdown for your exchange mail. This way it doesnt require you to use a pin to use your phone except when accessing your exchange mail through touchdown
Click to expand...
Click to collapse
i have never been able to get touchdown to work for me
Just thought I'd join this thread, as I was shocked to find the exchange password on 2.1 too. Personally I love the idea of password and secure wipe, but the problem is the keypad is so difficult to type passwords on it takes me forever to login. I prefer just using the sliding password. And lets face it if someone wants into your password protected phone all they need is a USB cable, laptop, and SDK and they can bypass it.
To this end I've been playing with a way to bypass the password and I have been somewhat successful. I am VERY new to this stuff I've been basically teaching myself as I go, so if there are any experts around with an interest please feel free to take this knowledge and run with it.
** DISCLAIMER ** I've no idea what this will do to your phone or your email so make sure you backup, i've had no problems with any of these settings and I've always been able to just delete the exchange account and readd it when there was a problem. That being said.. you've been warned, Backup. Also bypassing your companies pointless security measures may be dangerous and cause for termination.
To get started you'll need the SDK and working ADB. It appears all the exchange info is stored in a database file that you can read/edit with sqlite3. Here is what I've found so far:
adb shell (probably need root, not sure)
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
Optional sqlite3 settings to make reading easier:
.headers on
.mode column all
.width 2 40
There are two tables of interest here:
select * from secure;
select * from system;
The following update commands are what I used:
update secure set value=0 where name='DevicePasswordEnabled';
** This command will turn off the DevicePasswordEnabled and let you use a slide unlock pattern, but the password is still set from before.
update system set value=0 where name='lockscreen.lockexchange.enable';
** This command is the magic, I found out by watching logcat that when you unlock your phone it does an IF check on this variable and if it's set then it requires you to enter a password. Once this is set to 0 it skips the password and will ask for your slide unlock pattern instead. If you don't have an unlock pattern it will just jump to your home screen.
update secure set value=0 where name='MaxInactivityTimeDeviceLock';
** This one isn't too critical but I found it and thought I would share it. It basically removes the Exchange requirement for a idle timeout.. mine was set to 30 mins which was perfectly reasonable, but I removed it anyway.
Now once you run these update commands the changes are "done" no need to reboot or do anything special (don't even need to quit sqlite3) if you try to unlock your phone it might ask for a password the first time but enter it and lock the phone again. When you try to unlock it now the password has been removed. WOOOT!!
Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.
I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.
Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.
My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).
I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).
Good Luck
My employer is one of the paranoid companies that require the full password, so I'm also pretty interested in the answer. Changing values in the database show promise, but we'll need to see how this impacts what data is sent back to Exchange. For example, if I change the value to not requiring a lockscreen password, does Exchange know? If so, I get in trouble with Exchange admins, and they probably wipe my phone at their will. Ultimately, the device sends data back to Exchange, and the real solution is to find where the connection between Exchange and the lock screen is, and cut the cord.
For what it's worth, on the Pre this was handled in the lockscreen app and not anywhere near Exchange. The result was bypassing the lockscreen app altogether (return true; - elegant, right?), but that wouldn't meet the needs here of still having something. Once I get it reflashed with Damage's ROM tonight, I'll be playing with this.
And for the record - I'm also not trying to work around security policies enacted by my employer. This is purely for research and educational purposes.
say I wanted to go the other way, my Exchange server doesn't require a password but I want to use a pass... will following inverse instructions enable the policy?
networx2002 said:
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?
With 1.5 i didn't have to use a password, but with 2.1 now i do.
Click to expand...
Click to collapse
My company has the security enforced on our Exchange server. Keyguard Disabler (look it up in Market) will do this, but it also disables the slide-to-unlock. You can toggle it on and off as you need it.
-Daryel
Ill have to try it.
Installed Keyguard Disabler from the market and it works great. Well worth the buck 50. Buggy when set to auto start on boot so I just put in the password once at boot and run the app. Completely bypassed the lock enforced by my exchange server.
Hell, I just logged into my Exchange server and disabled the pin requirement.....
tamburylar said:
Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.
I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.
Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.
My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).
I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).
Good Luck
Click to expand...
Click to collapse
I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.
kranz68osu said:
I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.
Click to expand...
Click to collapse
That would be nice
magic answer to fixing this password stuff
i had the same problem with my work email server, i tried touchdown, didnt like. here's th eanswer people, download lockbot, the free version , from the market. use it, and if your like me, you will have no problem.
damn it feels good to finally help and not be helped by these forums. lol. hope i tworks. post back
ukcatsfan said:
i had the same problem with my work email server, i tried touchdown, didnt like. here's th eanswer people, download lockbot, the free version , from the market. use it, and if your like me, you will have no problem.
damn it feels good to finally help and not be helped by these forums. lol. hope i tworks. post back
Click to expand...
Click to collapse
Downloading now
It works. Thanks
one happy hero user
Hey guys,
I just preordered the Asus Eee Pad, main use is not just for me, but for the family.
I was wondering if it's possible to have a selectable account when using the the Tablet, sorta like how Windows/OS X allows you to login and have your own specific "desktop" or in this case "Home" page?
Is this possible?
No seperate user accounts in the way windows has it, but you can tie seperate syncing/app accounts to 1 transformer.
i too think this would be a great feature, even if you dont have a "user selection" but rather different lockscreen patterns or pins. enter your personal pin or lockscreen pattern and it opens to your custom homescreens, caching, app data etc...
I would really like a multiple profile feature, but I think it'd have to be done at an Android OS level. I haven't seen anything like this for any tablet, though
Locri said:
I would really like a multiple profile feature, but I think it'd have to be done at an Android OS level. I haven't seen anything like this for any tablet, though
Click to expand...
Click to collapse
i think a launcher could do it.
A Launcher could do it marginally well. You would have to manually switch profiles, and it would only affect what showed up in your app drawer and on you home screens.
It would have to be done on an OS level or individually for each app if you wanted different email account notifications based on user, or different settings based on user.
Theres no multi user support but your not the first to request it http://code.google.com/p/android/issues/detail?id=15030
It just seems like a feature that should be supported, no?
Hope to see this feature added in soon.
My transformer arrives today and I've been wandering about this.
Has anyone tried this/this
Slightly OT
Isn't this the initial process for the creation of bloatware?
More and more features requested.
My phone is both unlocked and rooted. I couldn't stand the crap. I just froze it since all the apps I want install on the card anyway.
With this leak for Android (which Google is patching) is there any app or ROM that will make password entry required (no saved passwords - I don't save them on the computer, so it's no hardship)
I do have wifi calling, and I will use it over public wifi. I go to places where I get one bar at the most, and the motel has free wifi. I want my pet sitters and house watcher to be able to contact me at any time. My daughter moved to England, so I need Skype, and Skype only works on wifi on Android.
I don't use Picasa, sync the calendar, but I don't want my contacts to be bothered if that is what a hacker has in mind. There is no personal info saved on my phone. I also don't game. I don't watch movies.
Also, I would like a firewall. I have both Bing and Groupon banned in the firewall and in the hosts file. Bing is getting too far ahead of itself. It's allied with Yahoo and I do have a Yahoo mail account.
I use the phone as a PDA reference guide, and the processor speed and screen is why I bought it. I have frozen all the social apps and I might delete them. The phone has been working super since it's been rooted and I enjoy it.
Thanks,
Zuben
I am not sure what you are exactly asking?
You mention password entry? If you are talking about accessing the phone, there is the lockscreen that you can either password enable or choose a pattern to lock the device.
You also mentioned about a firewall? There is webroot security which you can manage things. But, you said that you blocked a few things already? I dont understand.
fknfocused said:
I am not sure what you are exactly asking?
You mention password entry? If you are talking about accessing the phone, there is the lockscreen that you can either password enable or choose a pattern to lock the device.
You also mentioned about a firewall? There is webroot security which you can manage things. But, you said that you blocked a few things already? I dont understand.
Click to expand...
Click to collapse
I want the apps to ask for a password - not the phone. If I use app market I want to log in every time - do not save the password.
Google mail and Tmobile I could stop from automatic sync. I don't want them syncing automatically unless it's a needed function.
Example: I got a list of updates today, and I can't block the ones I don't want.
There's one in the list for Youtube and Youtube is frozen. So is Facebook. So I didn't allow the updates.
So does anyone have a custom ROM or an app that does this? And where do you find info on webroot security?
Unfortunately the SGS4G is still in its early stages of development, there are a couple good roms out there but they are still stock and not custom, however they do improve the performance of the phone. As for what your asking for, no there are no roms that do this yet
dsexton702 said:
Unfortunately the SGS4G is still in its early stages of development, there are a couple good roms out there but they are still stock and not custom, however they do improve the performance of the phone. As for what your asking for, no there are no roms that do this yet
Click to expand...
Click to collapse
Thanks, do you think there will be one?
How far can developers go to get rid of stuff?
I saw this:
http://www.usatoday.com/tech/news/2011-05-09-emergency-alerts_n.htm
and I don't want it. Especially presidential alerts. I would guess that the final version isn't out yet, but I'm curious. I think it would eventually lead to abuse.
I buy my phones for my own reasons and use them in my own way, so I'm not your typical user. I see the phone as a PDA, only voice/text is communication.
The rest is all my required information at my fingertips, and the new screens and processors on the phones are great.
Recently I received a notice from Google saying that my account was accessed from Russia. I also recently installed a custom Android ROM onto my T-Mobile HTC HD2. I was thinking, pretty much anyone can take the Android OS, make a custom version, and release it for download, right?
If so, is it possible that the person who created the custom Android ROM also modified it so they could steal my personal information? I really do like the ROM I am currently using and would not like to switch if I don't have to, but this whole Google thing has me paranoid now.
I have had my facebook lock down a few times from that kind of thing. But never out of the country. Did you check if mock locations is enabled? Settings - Applications -Development. Not sure id that could be the issue, but it is possible it was your phone reporting as another location.
Sent by Supersonic!
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me. I tried changing that Mock Locations setting, but it was already disabled. Just to be sure I haven't entered any of my new passwords into my phone yet since this last incident and I'm going to see if I still have problems.
johnny1178 said:
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me.
Click to expand...
Click to collapse
That's not good. Stay away from those warez & p0rn sites that end in ".ru"
Sent from my ADR6400L using XDA App
Watch out.
Are you sure google is sending these messages?
And does the mail contain a link for you to click on sayiong to change your password?
Alot of times the mail themselves are the scams. And are in most cases sent using the google account but from another server.
Could you copy paste the headers...leaving out your personal mail. In Outlook you can view this by opening the mail File->Info -> properties.
You should see internetheaders there.
Copy paste them. Dunno how to find them in Gmail havn't checked yet gonna see later how to view them in Gmail
Anything is possible, someone making a ROM could put whatever they wanted in there.
It's probably not the most likely way your account would end up compromised though, it could be anything from random hacking to malware on your PC.
Well, that's a good question. It's something that I wonder myself and that sometimes concerns me.
I have ESET antivirus installed and regularly do quick scans on my PC, but I suppose that wouldn't catch everything.
As far as the Google notice, it is not an email message. The notice appears in a red box with bold text at the top of my inbox when I sign into gmail, and I also checked the URL to make sure I was actually on Google.com.
I remember when I looking for ROMS to download, this particular build (can't remember the name) had the most thread views out of all of them at the time, so hopefully someone else would have noticed this issue by now if it was part of the build...
Anyways, thanks for your help. I'll try running an in-depth ESET scan to see if anything comes up.
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
I always thought about that. Just me being cynical I suppose. Some of these deevs just do it for the love
I never thought of that before, maybe I should be more careful in the future..
Thank you gr8 idea...
lude219 said:
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
Click to expand...
Click to collapse
What are you doing where you'd really need to worry about that? Just seems like using an android phone without a google account would be a pain.
*Update* I thought I would explain in this thread that I am not really looking for advice on MDM (Kiosk) or enterprise software. I am actually wanting to find a software developer that would be able to write a custom version of Android with absolutely no factory reset option nor safe mode.
I tried using an Android smartphone in the past but have quit because of serious problems. When I was using Android before, I installed software that prevents me from viewing explicit content on the Internet and also software that can block certain apps from being used.
However I discovered that the software that protects me can be quickly removed by factory resetting the device. Also, another dangerous setting is safe-mode, a setting that allows you to disable all third party apps. Since the software applications that I installed to prevent viewing explicit content are third party apps, using safe-mode disables those apps and provides unprotected Internet access.
Because of the addiction I have struggled with, I absolutely cannot have these kind of settings in Android if I am going to have a smartphone. So I need to find a software developer who can write a custom version of Android OS that has no factory reset option and no safe mode at all. Where can I find such a software developer and how much would it cost? I don't have any experience writing software myself.
Presently I am just using a flip phone with no Internet from Consumer Cellular. However their Consumer Cellular Link flip phone has Android software that is a custom version of Android very different from any smartphone, so from this I assume that creating custom Android OS is within the realm of possibility.
The smartphone I bought during the holidays, the LG Stylo, has been locked up by a family member and I am not going to use a smartphone if these settings are not removed. I realize the settings I want removed have a purpose of fixing a phone if something goes wrong, but I cannot have these settings. A better solution would be to allow an additional password to be required for accessing those settings, which would be different than the 4 digit screen unlock code, but I think setting that up might be more complicated for the software developer.
I am stuck with a flip phone with no Internet, and I want these issues to be resolved so I can start using my favorite apps, which include music apps and also I like to play games of chess with people around the world using the chess.com app.
use any kiosk software
I was involved with a discussion with 42gears about their SureLock "enterprise" software. However if I have that software installed, from their description it looks like the power button and maybe the volume buttons have to be disabled. I had a feeling that would make the phone not user friendly because of not being able to control the volume or restart the phone.
try hexnode mdm ..
JustSad said:
try hexnode mdm ..
Click to expand...
Click to collapse
I want to mention that I am actually looking for a software developer to write a custom version of Android with no factory reset nor safe mode.
Here is what Hexnode actually said in a reply to an email I wrote to them in the past:
"We currently cater only to organizations and Hexnode can't be used for personal use. Also, it will not be possible to sign up for services by Hexnode using a public domain email such as Gmail, Yahoo, etc. You would require a valid business domain email for the same. It looks like we might not be the right solution for your requirement."
Another idea that people have suggested to me is to get the smartphone made by the computer company that is competing against Android. Since this is an Android forum, would it be off the subject or bother anyone to ask about the smartphone made by Apple Computers? Some people have told me that it would be possible to set a passcode that would block access to factory resetting iPhone. However what I do not know is if the phone would still be usable with someone else setting a passcode on the phone that I would not know myself and also would there still be a way to bypass the passcode requirement?