Someone keeps turning on blue tooth while on public WiFi were to locate and rid of certificates or intrusive coding
raymondbernard said:
Someone keeps turning on blue tooth while on public WiFi were to locate and rid of certificates or intrusive coding
Click to expand...
Click to collapse
You need to provide more info ie what version of Android & security patch date .
Anyhow, You should always use a VPN when accessing a public wifi, only use a trusted provider (many VPN companies are dodgy, they severe you their adds, harvest your data etc many even appear to be controlled by governments ef China, Iran, etc) Use a list of trusted VPN's from a trusted organisation like like the EFF ... though you may trust someone else more ...) Set up a VPN and see if Bluetooth starts, before messing with certs.
Do you have Bluetooth tethering on? Some apps may be able to create a hotspot if allowed.
See "user credentials" in settings for any EXTRA installed certificates, normally this will be empty, unless you or your work or an app have installed a certificate.
Do not mess with system certificates unless you know what you are doing. however you can probably disable most of them, I have, you just have to remember that if you get error msgs warnings from apps or websites this is likely why. Which ones you disable will depend on who you trust & which country you are in.
IronRoo said:
You need to provide more info ie what version of Android & security patch date .
Anyhow, You should always use a VPN when accessing a public wifi, only use a trusted provider (many VPN companies are dodgy, they severe you their adds, harvest your data etc many even appear to be controlled by governments ef China, Iran, etc) Use a list of trusted VPN's from a trusted organisation like like the EFF ... though you may trust someone else more ...) Set up a VPN and see if Bluetooth starts, before messing with certs.
Do you have Bluetooth tethering on? Some apps may be able to create a hotspot if allowed.
See "user credentials" in settings for any EXTRA installed certificates, normally this will be empty, unless you or your work or an app have installed a certificate.
Do not mess with system certificates unless you know what you are doing. however you can probably disable most of them, I have, you just have to remember that if you get error msgs warnings from apps or websites this is likely why. Which ones you disable will depend on who you trust & which country you are in.
Click to expand...
Click to collapse
Android patch January 1 2018
Version=asks v 1.4 released on 161228
SMR-jan 1 2018 release MS
No Bluetooth tethering is disabled
System certificates are disabled I do know what doing
When running VPN Bluetooth still sometimes turns on anyway to trace path of access
raymondbernard said:
Android patch January 1 2018
Version=asks v 1.4 released on 161228
SMR-jan 1 2018 release MS
No Bluetooth tethering is disabled
System certificates are disabled I do know what doing
When running VPN Bluetooth still sometimes turns on anyway to trace path of access
Click to expand...
Click to collapse
Sorry, just trying to cover all possibilities as I have no idea what you know about security certs, so I try not to assume anything, though I did assume you have turned off Bluetooth scanning already ? Was there a reason you suspect BT certs is your problem? Is there another device listed as connected to your phone when BT turns itself on?
OK, good you are on a relatively recent security patch it seems so many vulnerabilities should already be patched, if it is actually some sort of security issue you have. That said there have already been some Bluetooth related vulnerabilities in 2019 eg this one from March CVE-2019-2009, but it needs BT turned on already, so not your problem. (should have also asked before are you on stock with selinux enforcing?)
I believe Google Play services can sometimes turn on Bluetooth, check "recent location requests" in settings (also might show you another app that is doing it?) Then you can go to, settings> apps> advanced>permissions>location & change setting for Play Services This might of course affect other features you want ... so maybe turn off another app listed there especially if it was listed in "recent location requests" when BT has turned itself on.
No other devices listed on my account
Am useing stock selinux enforcing not google play services as it only gets turned on when on public WiFi will check locations history
raymondbernard said:
No other devices listed on my account
Am useing stock selinux enforcing not google play services as it only gets turned on when on public WiFi will check locations history
Click to expand...
Click to collapse
Good, you should be pretty secure then.
As I understand it, Play Services can be used by other apps to send location requests, it may activate location when it sees a public wifi, so it could be why some people have reported it turning on Bluetooth as this is also part of location. However I'm not 100% clear exactly how this works, so I may be wrong.
Do you know anything about setting up bitcoin wallets as it won't confirm my I'D I've tried several times
raymondbernard said:
Do you know anything about setting up bitcoin wallets as it won't confirm my I'D I've tried several times
Click to expand...
Click to collapse
sorry, no
Related
Worth reading http://www.theregister.co.uk/2011/05/16/android_impersonation_attacks/
and perhaps following http://forum.xda-developers.com/showthread.php?t=1086878 (ok -- maybe not -- that thread is pretty useless)
In brief:
The weakness stems from the improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier, the researchers from Germany's University of Ulm said. After a user submits valid credentials for Google Calendar, Contacts and possibly other accounts, the programming interface retrieves an authentication token that is sent in cleartext. Because the authToken can be used for up to 14 days in any subsequent requests on the service, attackers can exploit them to gain unauthorized access to accounts.
Announced today, apparently there will be silent OTA patches for Contacts and Calendar.
that is crazy!!!!
this made me feel a little at ease, just a little.
The attacks can only be carried out when the devices are using unsecured networks, such as those offered at Wi-Fi hotspots.
Click to expand...
Click to collapse
not sure what else to say about it.
Bloggers and media like to hype this stuff up.
Bottom line is this. Don't connect to a public wifi you don't trust, and always log in via SSL.
The issue here stems from using public wifi that allows people to sniff your traffic.
For instance:
You walk into starbucks, I'm already there and with my phone I create a mobile hotspot, I call it "StarbucksWifi" for the SSID. You're none the wiser and you connect with your phone (OR with your laptop, it's not just your phone but the media didn't share that).
I turn on Shark Mobile (Wireshark) and start capturing all those lovely packets. I then dissect them later to see your login info etc.
Again, don't connect to public wifi you don't trust or are unsure about. Starbucks uses ATT for hotspots and the wifi name is always ATT from what I remember.
fknfocused said:
that is crazy!!!!
this made me feel a little at ease, just a little.
not sure what else to say about it.
Click to expand...
Click to collapse
Not a real issue unless you're one to use unsecured wifi networks.
joedeveloper said:
Bloggers and media like to hype this stuff up.
Bottom line is this. Don't connect to a public wifi you don't trust, and always log in via SSL.
The issue here stems from using public wifi that allows people to sniff your traffic.
For instance:
You walk into starbucks, I'm already there and with my phone I create a mobile hotspot, I call it "StarbucksWifi" for the SSID. You're none the wiser and you connect with your phone (OR with your laptop, it's not just your phone but the media didn't share that).
I turn on Shark Mobile (Wireshark) and start capturing all those lovely packets. I then dissect them later to see your login info etc.
Again, don't connect to public wifi you don't trust or are unsure about. Starbucks uses ATT for hotspots and the wifi name is always ATT from what I remember.
Click to expand...
Click to collapse
Thanks.
I love hearing about this kind of stuff. It's good to keep current....now I know why they have that accept conditions page at wifi places like starbucks and mcdonalds. You couldn't create that with your hot spot...or could someone
Sent from my SGH-T959V using XDA Premium App
thanks for the info fellas. I rarely connect to wifi spots when Im out and about. Actually, the only time I do is when im home or at work. Looks like im good.
While "always log in via SSL" is a great suggestion, the Google services aren't going to go over a secure channel (unless you have VPN enabled).
The same warning should apply if you aren't using WPA2 -- the older WEP (and WPA) is still common on many "secure" wireless connections, especially home units, and takes not more than a few minutes to crack with widely available tools.
http://www.google.com/search?q=wep+crack
From http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
WPA2 has replaced WPA; WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.
This is what I was asking about in another post. I like to vacation where I have 0-1 bars on the phone, and motel wifi is available. I would like my pet/house sitting service to be able to call me when I'm away.
Also kid moved to England. We use Skype, Skype on Android is wifi only.
Mostly do use home WPA encrypted, but there should be some kind of safety for those who do need the service. Do not use the phone for personal stuff like banking, etc. even on a network.
And there are areas here in the west where there is no service for any carrier. Canyons are not conducive to line of site.
SGS4G does have wifi calling built in.
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
greens1240 said:
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
Click to expand...
Click to collapse
bump
greens1240 said:
Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
Click to expand...
Click to collapse
would you elaborate on that?
keen36 said:
would you elaborate on that?
Click to expand...
Click to collapse
Those are actually 2 separate issues even though the carrier's actions may seem unusual.
I don't see https in the url for this site, and when I try to force https it redirects to remove the ssl,
so privacy didn't matter here?
Some of the unusual activity involved messages about "sim data" refresh/change when no 3rd party
apps were ever installed, the phone wasn't rooted, and updates turned off. Apps that were turned off
showed subsequent network activity. After a factory reset, disabling some apps and changing other
settings, the main issue was the phone getting extremely hot when using the hotspot to test a vpn
service (vpn settings config on pc not on android).
If your phone number ends up on that "list" you should expect management to take an approach with you
as if litigation is underway. Expect very little cooperation, leave 15 messages over a 30 day
period with 5 different corporate managers to finally get a return call from yet a different manager who
finally admits they have ways to prevent your phone from getting through to support or customer service.
They must have thought none of their customers would figure out that advanced call rejection features
can do all kinds of things, such as put select callers on hold indefinitely, forward the call to a number that
rings but never answers, have the caller hear fast busy signals, have the caller hear a message that no
one is available to take their call, etc, etc. A word to anyone with a cell phone - If you can't get through
using 611 or the carrier's toll free numbers, try calling from a different phone, and if you get through
with the different phone, then you know.
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
keen36 said:
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
Click to expand...
Click to collapse
As network packets travel over the Internet, anyone with physical access to a network device (within the packet route) can view your activity without your knowledge. There are redirection protocols used by thousands of businesses and ISPs to divert port 80 traffic to web caches, internet filtering appliances, and data mining "honeypots". Not sure if still true today that network router and Layer 3 switches manufactured by Cisco ship with a redirection protocol (WCCP) that can be used to re-reroute HTTP traffic through an external filtering or a logging device. Most would agree when it comes to discussions about network security- exchanging plain text email, and requesting advice on plain text message boards is not the best practice.
"refreshing sim data" was a message I observed after the s4 was rebooted. It seemed odd that the message appeared when there was no update or installations. But I'm not an expert on the device, for all I know it might be normal to see the message when there's no activity. As far as turning off apps, it's normal to turn off apps that use resources, drain battery, etc. if you don't need them. Turning off, not deleting, and changing permissions doesn't appear to be an option on 4.3 without a 3rd party app.
As far as sounding paranoid, there's a lot more to the story that I didn't go into involving what looks like attempted identity/phone theft by the carrier's own employee(s) or reseller(s). The way the situation was handled it genuinely looked like a cover up, and still does.
There is still the issue of securing a hotspot which no one from any tier 2 support centers has been able to answer. Not sure if a droidwall or other firewall would be doing anything beneficial since I assume any port scanning would be of the device connected to the hotspot rather than the s4 itself.
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
what do you do exactly when you "turn off" an app? step-by-step?
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
keen36 said:
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
Click to expand...
Click to collapse
Do you know a better place to ask advanced security related questions about Samsung/Android? Google and Samsung tech support are unable to answer many basic security questions. Anything advanced is a foreign language to them.Ask 1000 Samsung employees "What is Knox?" and 999 will answer "Never heard of it." Most don't care about security, and never will unless and until they become a victim, and have a substantial loss.
keen36 said:
what do you do exactly when you "turn off" an app? step-by-step?.
Click to expand...
Click to collapse
I used app manager. I'f you're familiar with S4 running 4.3 then you're familiar with app manager.
keen36 said:
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
Click to expand...
Click to collapse
This message may be related to updating network tower(s) info which I agree, by itself would be harmless.
keen36 said:
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
Click to expand...
Click to collapse
There's constant network inbound/outbound activity while the device is idle according to the indicator. The activity could be perfectly benign. Many native apps communicate with the network, but it is also possible to turn off (restrict) background activity to limit which apps have network access. I wouldn't know what it is without running a program such as wireshark. A paranoid schizophrenic might think an app that had permission to access the microphone, recorded audio in the room, then encrypted & uploaded it to a server for later retrieval. That could never happen in the real world right?
I'm merely asking questions about various events which may or may not be signs that there's a problem, but I've not concluded anything. More importantly I'm hoping to find information on how to properly secure a hotspot. You've not offered any information about this so I assume you feel no hardening, modifications, or additions are necessary, and in using default settings the device is impenetrable.
keen36 said:
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
Click to expand...
Click to collapse
I agree, they are complex. Tech support is of no use, they simply are not trained to respond to a question such as "Is there a firewall running on the device?" "Is code checked for malware by human eyes before an app is put on playstore, or simply trust unknown authors and feedback?"
no, i am sorry, i do not know about any android security related web communities.
i use a sony phone on kitkat, so no, i have no idea what you mean with "app manager". i just want to know what that program did; did it uninstall the apps, did it disable them, did it freeze (rename) them? i have never heard of an app being "turned off", that's why i ask.
what you describe with the microphone listening and uploading what it records to the internet, that is happening every time you open google voice search or -if you use the google now launcher- everytime you go to the homescreen
i do not know how you got the idea that i think that your device is impenetrable ([email protected] sentence btw. )? that is a ridiculous thought, i would never say such a thing. in fact, i am of the conviction that no absolute security can exist on a device which is connected to the internet. there is a reason why some security-related programs are built on machines with no internet access at all.
if you know how to use wireshark, why don't you just use it? if i had to take an uneducated guess, i would think that you would then realise that the network activity you see is benign (not malicious i mean, you might very well discover some nice datamining activity by google etc. ).
i do not know your usecase, if you are living in a country which has an oppressive regime, if you are a general target for hackers somehow (public figure / working at a security-related position etc.), then yes, it might make sense to look at your phones security in detail. if that is not the case, however, then no, i do not think that additional hardening of your hotspot is needed...
Privacy: Does Android upload your home AP SSID/BSSID/GPS if the home AP beacon is "hidden?"
Does hiding your home AP broadcast beacon prevent UPLOAD of your SSID/BSSID/GPS to Google?
If so, how?
Background:
Anyone navigating on Android who drives by my home after they pressed OK to the Google Maps query is likely automatically uploading to Google my private information without my consent.
To continue, turn on device location, which uses Google's location service. [No Thanks or OK]
By default, this simple act turns the Android phone that drives by my home into a spying device for Google:
Android11-Settings > Location > Location services > Google Location Accuracy = ON
Google's location service improves location accuracy by using Wi-Fi, mobile networks, and sensors to help estimate your location. Google may collect location data periodicaly and use this data in an anonymous way to improve location accuracy and location-based services. Turning this off will result in your device only using GPS for location. This may impact the accuracy of location used by apps such as Maps and Find My Device.
All I'm asking with this question is whether turning off the home access point broadcast beacon (aka hiding the SSID) prevents those phones from UPLOADING my information to Google servers (and to other servers) by default.
Please be advised this question has nothing to do with using "_nomap" as part of the SSID. The question is independent of whether _nomap is used because the upload to Google by phones driving by your home of your SSDI/BSSID/GPS still occurs with or without _nomap on a broadcast SSID.
I'm interested in this as well. I've lowered the signal strength so you can't connect to it from the street, hidden SSID, but I'm pretty sure that [Forgot to not be evil] Google will collect all and any data it can get hold on. For example, if using an app to check signal strength, it recognizes the WIFI signal, so I'm guessing it's getting picked up by G as well. It's only a guess... and a history knowledge from them getting high on personal data
Марија said:
Notice that this is BENotice that this is BEI'm interested in this as well.
Click to expand...
Click to collapse
Thank you for letting me know the solution will also be useful to you as that's why I asked it.
We want a definitive solution for people like you and me (we can't be the only ones who care about our home AP privacy).
I think anyone who is concerned about their home privacy wouldn't want their SSID/BSSID/GPS in a public database if they didn't expressly opt IN on purpose.
The default assumption by Google (and many others) is, I suspect, that if you publicly broadcast your SSID in the clear, then you're opting in.
Even though I disagree with this default assumption I have to understand the logic which is why I don't broadcast my SSID.
By not broadcasting my SSID I'm (hoping) it's signaling my intent to opt OUT.
Марија said:
I've lowered the signal strength so you can't connect to it from the street, hidden SSID, but I'm pretty sure that [Forgot to not be evil] Google will collect all and any data it can get hold on.
Click to expand...
Click to collapse
I thank you for that idea of lowing the signal strength (which only some routers will allow, I think) but I need all the signal strength I can get.
And more to the point most people need all the signal strength they can get, I think.
Even so, while lowing the signal strength may help, it still won't work for the Android devices that walk close enough to your front door to access your signal after using Google Maps.
Pragmatically, all it takes is the postman or the Fedex guy or the UPS guy to have his Android phone on with his "Google Location Accuracy" turned on.
It's even worse if they have "Improve accuracy" turned on, as that adds additional "Wi-Fi scanning" and "Bluetooth scanning", which is another can of worms we'll stay out of for this thread.
Speaking of Google Maps, you can "fix" the problem of Google Maps secretly turning on "Google Location Accuracy" but you have to go into your Android settings to find the special Google Maps (Google Play Services actually) "activity" named
com.google.android.location.settings.GoogleLocationSettingsActivity
Actually the activity Google Maps used is a secret undisclosed activity one step BELOW that com.google.android.location.settings.GoogleLocationSettingsActivity activity since the "OK" in Google Maps automatically secretly toggled it on.
Nonetheless, I set a shortcut to the com.google.android.location.settings.GoogleLocationSettingsActivity which allows me to turn the "Google Location Accuracy" toggle off (while leaving the "Location" toggle on) after I say "OK" to the Google Maps query to turn on location.
BTW, the undisclosed hidden secret activity is a specific Google activity that only Google does, as far as I know.
No other program that I know of secretly toggles "Google Location Accuracy" on other than Google Maps which is one reason Google is being sued in Arizona as we type for their secret tricks to get our private data uploaded to their public servers.
Марија said:
For example, if using an app to check signal strength, it recognizes the WIFI signal, so I'm guessing it's getting picked up by G as well.
Click to expand...
Click to collapse
Here is where our little secret lies!
I have absolutely no doubt that the phone's radio picks up the hidden BSSID (because I can see the hidden BSSIDs on my phone when I use any decent Wi-Fi graphing app).
However........
It's my understanding (which I need to find a reliable source to back it up) that someone's phone that is typically set to upload the SSID/BSSID/GPS by default will NOT upload that BSSID if it's hidden.
What's important is that sentence assumes that the typical upload of the SSID/BSSID/GPS requires the SSID to be broadcast in the clear.
If that's true, then simply HIDING the SSID broadcast beacon will stop other phones from uploading your SSID/BSSID/GPS to not only Google servers, but potentially Mozilla, Kismet, Wigle, Netstumbler, and other servers.
Note that I'm not saying it can't be done by a determined program. What I'm saying is that it's my understanding that it isn't done.
Notice the profound implications?
If I'm correct, then HIDING THE SSID broadcast is far BETTER than using _nomap (although I'd still use nomap also) simply because hiding the beacon broadcast is making it clear your intent to even those public databases that do not respect the nomap.
I think this is the way the Android SSID/BSSID/GPS upload typically works.
Of course ... there's more to the story...
One problem with hiding your SSID is that it kicks the privacy can down the road because now your phone is constantly asking by name for that SSID when you're not connected and your Wi-Fi is on.
Of course, there's a simple fix for that secondary problem (which works in Android 11 at least), which is to set your Wi-Fi on your phone to stop asking for your hidden SSID when you're out of range of it.
That don't-ask-by-name-for-my-hidden SSID setting on Android 11 is
Settings > Connections > Wi-Fi > (select an SSID) > gearicon > Auto reconnect = OFF
Марија said:
It's only a guess... and a history knowledge from them getting high on personal data
Click to expand...
Click to collapse
I would like to find a reliable source that backs up that guess that Google and Mozilla and the others (Kismet, Netstumbler, Wigle, etc) "don't" get your SSID uploaded to their servers by default if your home AP SSID beacon broadcast is hidden.
Notice I said "don't" which I think may be the case only in the default situation, as I'm well aware any determined person "can" upload even your hidden home AP BSSID/GPS information manually to any public server they want to.
In the end, I have a solution that I'm constantly honing to improve it where I want to accomplish two things here.
I want others to be able to do what I can do, and
I want others who know more than I do add to what we can all do in terms of keeping our SSID/BSSID/GPS out of Google's hands (and that of Kismet and the rest).
To clarify things: Android OS is developed by a consortium of developers known as the Open Handset Alliance and commercially sponsored by Google. It is free and open-souce software. It's source code is known as AOSP.
Android OS isn't collecting data as Google Mobile Services ( GMS ) do.
If you do not need any GMS applications or services, a high-quality AOSP ( like LineageOS what is just a modded version of AOSP ) protects your privacy at 100%, IMO.
jwoegerbauer said:
If you do not need any GMS applications or services, a high-quality AOSP ( like LineageOS what is just a modded version of AOSP ) protects your privacy at 100%, IMO.
Click to expand...
Click to collapse
I agree with you that I should switch to aosp given that I have no need for gms services.
But the phone is still technically owned by T-Mobile for two years (it was free) so I am under the impressions (see below links) that I can't add aosp yet (is that true?).
Question Does anyone know how to root the Samsung Galaxy A32 5G?
Question Any chance that a Samsung Galaxy A32 5G can get aosp?
Hello everyone,
Can anyone trace your real phone location even if you are using fake GPS apps ?
Sometimes when I run government-related apps, banks app, money delivery apps or even food delivery apps for example, the app asks me to turn off the fake gps I'm running in the background, otherwise it won't work.
To explain more, If authorities can trace your exact phone location through cell towers, why government related apps are programmed NOT to function unless you turn off the fake gps? Does this mean that FAKE GPS apps really hide your real location?
Thanks a lot
Solimann said:
Hello everyone,
Can anyone trace your real phone location even if you are using fake GPS apps ?
Sometimes when I run government-related apps, banks app, money delivery apps or even food delivery apps for example, the app asks me to turn off the fake gps I'm running in the background, otherwise it won't work.
To explain more, If authorities can trace your exact phone location through cell towers, why government related apps are programmed NOT to function unless you turn off the fake gps? Does this mean that FAKE GPS apps really hide your real location?
Thanks a lot
Click to expand...
Click to collapse
Generally No.
But also as you said govt. related apps, they uses/traces your IP and GPS both for better service. The govt. has advanced tracking system. So, even if you are using a fake gps they can easily trace your real location without asking to turn off fake gps.
Also apps like food delivery and money transfer have good tracking systems so they can easily detect that you are using a fake gps.
Now, for fake gps apps like Fly Gps, etc.
Some of them work properly and some of them not. Also if you have a root access on your device then there are some apps that changes your IP and Location both for better work.
Yes they really hides your location but they can easily be traced and broked by any govt. or any good hacker.
Hope It Helps!
ai.Sanaul said:
Generally No.
But also as you said govt. related apps, they uses/traces your IP and GPS both for better service. The govt. has advanced tracking system. So, even if you are using a fake gps they can easily trace your real location without asking to turn off fake gps.
Also apps like food delivery and money transfer have good tracking systems so they can easily detect that you are using a fake gps.
Now, for fake gps apps like Fly Gps, etc.
Some of them work properly and some of them not. Also if you have a root access on your device then there are some apps that changes your IP and Location both for better work.
Yes they really hides your location but they can easily be traced and broked by any govt. or any good hacker.
Hope It Helps!
Click to expand...
Click to collapse
Thanks a lot, very well explained.
Solimann said:
Thanks a lot, very well explained.
Click to expand...
Click to collapse
Solimann said:
Hello everyone,
Can anyone trace your real phone location even if you are using fake GPS apps ?
Sometimes when I run government-related apps, banks app, money delivery apps or even food delivery apps for example, the app asks me to turn off the fake gps I'm running in the background, otherwise it won't work.
To explain more, If authorities can trace your exact phone location through cell towers, why government related apps are programmed NOT to function unless you turn off the fake gps? Does this mean that FAKE GPS apps really hide your real location?
Thanks a lot
Click to expand...
Click to collapse
aiSanaul said:
Generally No.
But also as you said govt. related apps, they uses/traces your IP and GPS both for better service. The govt. has advanced tracking system. So, even if you are using a fake gps they can easily trace your real location without asking to turn off fake gps.
Also apps like food delivery and money transfer have good tracking systems so they can easily detect that you are using a fake gps.
Now, for fake gps apps like Fly Gps, etc.
Some of them work properly and some of them not. Also if you have a root access on your device then there are some apps that changes your IP and Location both for better work.
Yes they really hides your location but they can easily be traced and broked by any govt. or any good hacker.
Hope It Helps!
Click to expand...
Click to collapse
Anyone know how to get fake gps working on iphone full process please and stable working. I need to know full method which includes what jailbreak is best, what iphone versions are best and easy to do. Also how to disable or turn off mock location detection. Like in andriod you can do it via smali. Please I tried looking for usefull info on the net everywhere but can't seem to find solid info. Cheers
Hey everyone
I'm currently abroad on a business trip and now I see my daily WhatsApp backup consistently fails to upload. Despite my media auto-download 'When roaming' settings being set to 'All media' and having chat backup 'using cellular' settings enabled, it refuses to perform the upload on roaming. Since quite a few years there are no mobile data boundaries in Europe so this limitation makes no sense. It's showing the following error:
You're currently roaming. Wait until you're no longer roaming or connect your phone to Wi-Fi to back up to Google Drive.
Click to expand...
Click to collapse
With no other option but to tap 'OK'. The notification just states 'Backup in progress, Preparing backup...' with no swipe-down options. I only have unsecure networks at my disposal so I'm not using those. WhatsApp seems to be unique in not allowing the user to force this. Is there any way I could force it nonetheless? Perhaps by making the app believe I'm on Wi-Fi. I found this FakeWiFiConnection project but that requires Xposed. I have root but don't want LSPosed or any such framework.
Any chance?
Not all at once! lol.
Can someone just state it can't be done so I can mark it as the solution?
Timmmmaaahh! said:
Hey everyone
I'm currently abroad on a business trip and now I see my daily WhatsApp backup consistently fails to upload. Despite my media auto-download 'When roaming' settings being set to 'All media' and having chat backup 'using cellular' settings enabled, it refuses to perform the upload on roaming. Since quite a few years there are no mobile data boundaries in Europe so this limitation makes no sense. It's showing the following error:
With no other option but to tap 'OK'. The notification just states 'Backup in progress, Preparing backup...' with no swipe-down options. I only have unsecure networks at my disposal so I'm not using those. WhatsApp seems to be unique in not allowing the user to force this. Is there any way I could force it nonetheless? Perhaps by making the app believe I'm on Wi-Fi. I found this FakeWiFiConnection project but that requires Xposed. I have root but don't want LSPosed or any such framework.
Any chance?
Click to expand...
Click to collapse
Without LSposed spoofing the WIFI status is neigh impossible, but I think you're missing the forest for the trees. If you don't trust Nearby WIFI access points, choosing to trust only your cellular network, then create your own WIFI access point. Become the change you want to see.
Take the sim card out of your phone and use it in another, creating a Hotspot and solving your problem.
I guess.
Slim K said:
Without LSposed spoofing the WIFI status is neigh impossible, but I think you're missing the forest for the trees. If you don't trust Nearby WIFI access points, choosing to trust only your cellular network, then create your own WIFI access point. Become the change you want to see.
Take the sim card out of your phone and use it in another, creating a Hotspot and solving your problem.
I guess.
Click to expand...
Click to collapse
Close enough. Thanks!