Related
For the past few days, I've been dealing with what appears to be a disproportionately huge group of Evo owners (relative to other Android phones) who've been having crashes with an app I wrote that appear to be caused by the unavailability of network-based location services. I did some research, and it looks like a LOT of Evo owners have been doing things that (temporarily?) disable network-based location services in an attempt to keep the battery from dying too quickly.
Are Evo users who do this literally going into Settings and disabling network-based location services outright, or are there one or more apps/hacks that supposedly disable it only when "it's not being used"? If there are, what does an app that depends on network-based location services have to do to make sure that whatever is supposedly enabling network-based location services "when necessary" realizes that it is, in fact, necessary... and do it in a way that won't cause the lookup request to prematurely or needlessly fail?
Like I've said, I've had a few users with other phones have problems due to the app's current absolute dependency on the availability of network-based location services... but with Evo owners, it's more like a nonstop hailstorm of complaints. Rewriting the way the app handles location to eliminate that absolute dependency is my next major project, but it's going to take me at least a week or two to finish, and in the meantime I'd love to be able to find a temporary solution that I can patch and release tonight that will solve the worst of the problem for the majority of Evo users in the meantime.
Speak up brother. What is the App (so people who don't have the slightest clue as to how to relate your user name with the buggy app you have)?
I'm not sure why anyone would do this, aside from "privacy" concerns... It will not help with battery life on it's own. If your GPS is turned off, your device gets it's relative location via the cell phone tower's coordinates. This information gets transmitted to your phone regardless if you have it disabled to accept it.
They are probably thinking that if they disable it, other services won't try to update information based on your location. Instead they should just adjust any services that are auto-updating.
I can go >24hours before I need to charge my phone with moderate usage throughout the day (without using 4G). I can post SystemPanel screenshots if anyone is interested.
mattrb said:
Speak up brother. What is the App (so people who don't have the slightest clue as to how to relate your user name with the buggy app you have)?
Click to expand...
Click to collapse
OK, if it makes you happy, I didn't personally write it that way. It's a legacy app I'm helping to fix. In the meantime, I'm trying to put out as many fires as quickly as I can. That said, I'm not going to condemn the original author. All things considered, it was a perfectly reasonable decision for him to make. It was his first major Android programming project, and his immediate runtime environment was a Droid on Verizon. 99% of his Android-owning friends were Sprint or Verizon. For the most part, on Sprint & Verizon, network-based location services work really well. The app's dependency on them didn't really bubble to the surface as anything more than likely user error until lots of non-Americans started showing up with phones that couldn't be automatically assumed to have inseparably-bundled mandatory data service.
Truth be told, America is a lot like Japan -- cellular networks that are almost proprietary to the national market and work in ways that aren't necessarily consistent with the way things work elsewhere in the world, but utterly ubiquitous and totally dominant within it. I'm sure that right now, plenty of Japanese developers are writing Android apps that assume every phone supports network-level low-latency "Push to Talk" capabilities (IDEN's "killer app"), or some other feature that's ubiquitous in Japan and (almost) unheard of elsewhere. Six months from now, they're going to be scratching their heads wondering why it crashes on every phone in Europe and most phones in America (Sprint, and I think Verizon, try to emulate IDEN's PTT on CDMA by buffering the audio stream on a server, then sending a SMS to the recipient's phone that triggers its download and streaming a couple of seconds later).
Anyway, I digress. Getting back to the original question, are Evo owners who disable network location doing it manually, or are they doing it in a way that can be worked with cooperatively by apps in order to get it to automatically turn it back on when needed?
Actually, I have theory #2 about why Evo owners might be having problems, but it's pure speculation at this point. I'm wondering whether there might be Evo owners who've explicitly disabled EV-DO and 1xRTT to try and force the phone to use WiMax in areas where it might otherwise try to fall back to the older modes, and the possibility that even NON-network location service DEPENDS on EV-DO/1xRTT for aGPS data transmission of the raw telemetry data. In a way, it makes sense... the WiMax network is totally parallel to the CDMA2000 network, and it's not inconceivable that there might BE no data route between the Sprint WiMax network and the servers that handle aGPS queries. Especially if there aren't any real-world locations where Sprint WiMax is available, but CDMA2000 data is not.
If you go into the settings you can disable the network location, but there are ways for an app to ask if the user wants to turn the setting back on.
Evo owners can't disable 1xRTT otherwise standard calls and text messages won't work anymore. They can change settings if they have their MSL code such that EVDO isn't ever used however.
Well, maybe "disable" is a strong term. I know that on a Hero, there's a network setting somewhere that allows you to tell the phone, "Use EV-DO, or don't do data at all". It doesn't affect the operation of voice or sms -- only the phone's willingness to fall back to 1xRTT for internet access if EV-DO isn't available. I'm assuming the Evo has a similar setting that goes a step further and lets you dictate "WiMax or Nothing".
Here's how it could theoretically affect location services: obviously Sprint does aGPS. By law, it HAS to do it for e911 purposes. HOWEVER, I think that non-e911 aGPS lookups on Android phones get diverted through Google (or at least an aGPS service hosted by Google) unless you pay Sprint extra for navigation service. Under those conditions, if you told the phone to use ONLY WiMax for internet access, and you were in an area where only EV-DO and/or 1xRTT data were available, you could have a situation where the phone can do e911 location, but wouldn't necessarily have that info available for use by other applications (vis-a-vis most of HTC's WinMo 6 phones). If the phone couldn't use WiMax, and the user dictated "WiMax or Nothing", the phone couldn't reach Google. Without Google, there'd be no free aGPS for Android apps to consume.
The above is pure speculation, of course. As a practical matter, Sprint itself can't/won't give a coherent explanation of where the line gets drawn between Sprint and Google for (a)GPS service, which makes troubleshooting location-related problems that much more fun. Personally, it wouldn't surprise me in the least if late-model HTC phones DO have 100% of the hardware onboard to turn satellite telemetry into latitude/longitude/altitude coordinates, but the underlying software fails without realtime network connectivity anyway because it still tries to involve a server somewhere for some reason.
Look, this is what happens to me and I think it's a bug.
When I turn off GPS for a while, like for 12 hours, and then I turn it on, I still see the "Location" icon crossed out. At first I didn't know what was going on. I thought it was the GPS icon, but it wasn't, it was the location services being turned off.
So I reproduced it several times and this is what happens. When you turn off GPS for a while, the location setting will be turned off also, and it will remain off even after you turn on the GPS again. Which IS A BUG. That's not an expected behavior. So you may be right.
baiatul said:
Look, this is what happens to me and I think it's a bug.
When I turn off GPS for a while, like for 12 hours, and then I turn it on, I still see the "Location" icon crossed out. At first I didn't know what was going on. I thought it was the GPS icon, but it wasn't, it was the location services being turned off.
So I reproduced it several times and this is what happens. When you turn off GPS for a while, the location setting will be turned off also, and it will remain off even after you turn on the GPS again. Which IS A BUG. That's not an expected behavior. So you may be right.
Click to expand...
Click to collapse
My experience doesn't mirror that at all. When I turn GPS on (which I am impressed to say has it finding satellites many times faster than my old HTC Fuze) the location disabled icon changes almost immediately. I saw this a lot over last weekend when I was doing a lot of phone based navigation.
Yes, I forgot, I'm in NY, and in Manhattan very strange things happen when you go in and out the subway with signal and no signal several times a day for periods of time from minutes to an hour.
Many programs that are expected to work crash when there is no signal. Or when you run applications in the subway with no signal, the gadget freezes sometimes. Maybe this GPS thing is also one of those glitches. Maybe it's a combination of turning on or off the GPS, and then the loss of signal for a while. It still happens to me, but I got used: every time I turn back on the GPS after being disabled for MANY HOURS (12? 24?), I have to turn back on the Location setting.
merak69 said:
I'm not sure why anyone would do this, aside from "privacy" concerns...
Click to expand...
Click to collapse
I turned off network location services for one simple reason....using it caused my location to off by at least 1/2 mile. So it seemed pretty useless to me.
pixelpop said:
I turned off network location services for one simple reason....using it caused my location to off by at least 1/2 mile. So it seemed pretty useless to me.
Click to expand...
Click to collapse
It's basing your location on the information from the cell phone tower. It isn't meant to give you a precise location like GPS can (this is why its called aGPS). The point is to give a general location so that apps that need to know what city you are in (weather apps for example) can figure it out to show you information for where you currently are.
If you want precise information, turn on full GPS and you are good to go.
My point was disabling location services entirely will not save you any more battery life vs leaving network location on (excluding full GPS obviously). What will save you battery is turning off your other services (Facebook, Twitter, News, etc) to only update when you manually say so or setting their update schedules to much longer frequencies.
Here's how it could theoretically affect location services: obviously Sprint does aGPS. By law, it HAS to do it for e911 purposes. HOWEVER, I think that non-e911 aGPS lookups on Android phones get diverted through Google (or at least an aGPS service hosted by Google) unless you pay Sprint extra for navigation service. Under those conditions, if you told the phone to use ONLY WiMax for internet access, and you were in an area where only EV-DO and/or 1xRTT data were available, you could have a situation where the phone can do e911 location, but wouldn't necessarily have that info available for use by other applications (vis-a-vis most of HTC's WinMo 6 phones). If the phone couldn't use WiMax, and the user dictated "WiMax or Nothing", the phone couldn't reach Google. Without Google, there'd be no free aGPS for Android apps to consume.
Click to expand...
Click to collapse
Your phone doesn't communicate with Google. Sprint has their own aGPS servers but I think you might misunderstand what their purpose is. The "a" part of aGPS means Assisted, but only assisted in the fact of giving the chip the information it needs to lock on to the true GPS signals faster based on your current location.
For example: If you used a GPS device that wasn't assisted and its known internal satellite database was out of date, it'd have to search for awhile to location any/all satellites in the sky. On the flip side, an assisted chip can use the network server to download satellite info (ids, frequencies, etc) to show which satellites are visible for your given rough location. This enables hardware lock to happen faster.
However those aGPS servers are optional since the chip has a hybrid mode of operation:
a) If you have true GPS on, obviously it uses GPS to determine your location, down to potentially 3-4 meters.
b) If the chip can't get a satellite lock or you have true GPS turned off, the chip uses multiple known tower locations in combination to triangulate your location (based on signal strength to known towers). The fewer the towers it has access to, the less and less accurate your known location becomes. This works even with 3G and 4G disabled because it transmits the data over 1xRTT (you can easily test this in Google Maps).
In the second situation (b), I've seen where tower triangulation has narrowed my location down to 100 meters. I've also seen where it can't get a lock on multiple towers reliably such that the chip puts my "center" location as the actual location of the tower with an accuracy rating of 2000 meters. This is what Pixelpop is mentioning above about accuracy.
merak69 said:
Your phone doesn't communicate with Google. Sprint has their own aGPS servers but I think you might misunderstand what their purpose is. The "a" part of aGPS means Assisted, but only assisted in the fact of giving the chip the information it needs to lock on to the true GPS signals faster based on your current location.
For example: If you used a GPS device that wasn't assisted and its known internal satellite database was out of date, it'd have to search for awhile to location any/all satellites in the sky. On the flip side, an assisted chip can use the network server to download satellite info (ids, frequencies, etc) to show which satellites are visible for your given rough location. This enables hardware lock to happen faster.
However those aGPS servers are optional since the chip has a hybrid mode of operation:
a) If you have true GPS on, obviously it uses GPS to determine your location, down to potentially 3-4 meters.
b) If the chip can't get a satellite lock or you have true GPS turned off, the chip uses multiple known tower locations in combination to triangulate your location (based on signal strength to known towers). The fewer the towers it has access to, the less and less accurate your known location becomes. This works even with 3G and 4G disabled because it transmits the data over 1xRTT (you can easily test this in Google Maps).
In the second situation (b), I've seen where tower triangulation has narrowed my location down to 100 meters. I've also seen where it can't get a lock on multiple towers reliably such that the chip puts my "center" location as the actual location of the tower with an accuracy rating of 2000 meters. This is what Pixelpop is mentioning above about accuracy.
Click to expand...
Click to collapse
You're correct that aGPS doesn't go through Google. It's presumably handled by the radio and Android is never aware of it at all.
Cell tower location/triangulation is different however. The OP is correct that it does go through Google, as the US CDMA carriers are totally unwilling to allow outside access to this information like GSM carriers do. Google built and maintains their own database of tower info, and that is what populates your rough location in Android. It is not aGPS data from Sprint's servers that is allowing that.
You want a hack? Well use the last known position, if it's historical then post a message "wtf turn on location services, if you want picture phone to work".
The app may not work but it won't crash as it has a location. More so it blames the user. lol
Post a little line to the location service enable semaphore, "who turned off the lights?"
You can get location assisted position from Wi-Max just like you can get it off Wi-Fi. As far as I know there is no app to disable Mobile Network Location on demand. If your having issues with it than users are going in and disabling it by hand through the settings. The problem probably is that 90% of the know it all bloggers advise to disable network position because they think it does something for battery life.
I'm also willing to bet good money that Google is handling the network location. Why else would they have a location server(supl.google.com). Only to let Nokia users use it?
-------------------------------------
Sent via the XDA Tapatalk App
I've noticed that there are areas where the GPS doesn't work, even outside with no sky obstacles. One of them is on 113 st. between Broadway and Amsterdam avenue (NYC), right next to a building tagged "Cell Motion Laboratories." I've been there twice since I have EVO and the GPS is off like 10 buildings when I'm in the building next door. From outside, it just looks like any other Columbia University residence.
(Yes, my location settings were enabled and GPS was on).
ZIP 10027.
I just searched that lab, and it has nothing to do with cellphones, but with real cells (biological lab for kids, I think).
bedoig said:
You're correct that aGPS doesn't go through Google. It's presumably handled by the radio and Android is never aware of it at all.
Cell tower location/triangulation is different however. The OP is correct that it does go through Google, as the US CDMA carriers are totally unwilling to allow outside access to this information like GSM carriers do. Google built and maintains their own database of tower info, and that is what populates your rough location in Android. It is not aGPS data from Sprint's servers that is allowing that.
Click to expand...
Click to collapse
What you are talking about for triangulation is software level functionality part of Google Maps and Google Maps only and yes it contacts their servers to try and guess where you are. Google does build out their own "database of tower info" just like they collect all sorts of other statistical information (you agree to this when you turn on location services), but part of the aGPS standard is that every cell phone tower, GSM or CDMA, transmits its coordinates to your handset.
What I'm talking about is all strictly in the hardware, but perhaps the word "triangulation" was the incorrect choice of word when talking about aGPS, however it is similar... The aGPS functionality in our phones is tightly integrated into the radio chip (Qualcomm RTR6500 CDMA2000) and this chip does not need to contact Google or Sprint to determine your rough location from a tower (turn off all internet access and you'll see what I mean). It can contact Sprints servers through the network (when it is able) to further plot your location based on the data transmitted to/from the aGPS server.
When you first use the EVO, there is a screen that asks if you want to share anonymous location data. That setting is also tied to network-based location services. That is, if you disable anonymous location sharing, it also disables NBLS entirely. You can thank either Google or HTC (not sure which) for their greed on that one.
I just checked and mine was set to off. not sure what sets it to that as I never touch that setting.
Just adding my 2 cents.
I upgraded from Froyo to Gingerbread through Sprint's "push" during November. Since then, I've been experiencing problems with GPS in Google Maps, which "bleed over" to Google Navigation as well as Sprint's TeleNav app (they can't locate me, much less give me routing).
Example: I recently drove from Arlington up to Denton, TX, about 60 miles, with GPS on (didn't actually need it), turned it off, then drove back down to Fort Worth. When I got there, I wanted to see a map of the area where I was, turned on GPS, and Maps insisted that I was still 40 miles away in Denton. Had similar problems in other towns with Maps telling me I was where I'd been before.
Depending upon whom you talk to at Sprint, it either is or isn't a known issue. The only solutions I've found are to (1) cover the GPS antenna with thin cardboard (e.g., business card scrap), and (2) to root the phone and use a GPSfix.zip fix (which I'm loathe to do since it voids warranty).
Today, a seemingly knowledgeable Sprint rep said that they have "no reports" of such problems on this phone, tho' there are threads upon threads on the Sprint Community about this. Their only suggestion is to retrograde the phone to Froyo, which necessarily involves wiping the phone of apps and data. I'm not concerned so much about the data (I can back most of it up), but it takes a couple of days to get the phone back to where it was (multiple email accounts in different apps, etc., not to mention re-downloading everything).
I've also done a forced stop of Maps and removed all updates and data, but don't get any better or consistent results using either the "factory" Maps or after re-installing updates.
Does anyone have a clue about this? It's been going on for more than a month and I'm getting rather frustrated.
I have this problem. The GPS indicator stays on, but no position info gets updated. A power-off restart is required - it then works for 1 minute to 1 week... very frustrating when you are lost and relying on your GPS.
I am using the samsung galaxy s2 for business. I an using a custom software for a transport company. Part of the software is GPS tracking of our drivers/trucks. I have noticed that some of our drivers are turning the GPS antenna off when they don't want to be tracked. Is there a way that I can prevent my drivers from turning it off. Note that I can send a sms to turn it on, but that is not practical since I would have to continually monitor to see which trucks have stopped sending in data.
Thanks.
Depending on what county you are in there are serious legal issues with tracking your drivers in this manner.
If you really need to ensure it stays on all the time then the best way would be to have a script constantly running as 'root' checking to see that the GPS was on and enabling it if it wasn't.
I don't think that there are any legal issues here as our drivers are made aware that we are tracking them. Its not a hidden feature. We need to know where our freight is at all times.
I was thinking of such a script. Would I have to root my phone?
I want to create an "un-steal-able" phone.
Of course this is impossible, but I want to make it as difficult as possible for thieves to get away with it, and as easy as possible for me to find it.
Assumptions:
Phone has available call and text messaging service.
Phone has internet capabilities and "permanent" Internet access. (We will consider 2G, 3G, or 4G cellular access with a data plan to be permanent. Depending on an open WiFi network to be available at all times is unreliable).
Phone is on and has some charge in its battery. (If the phone is off, we can't do anything).
Phone has an accurate GPS receiver.
Requirements:
Software that relays GPS coordinates via an Internet connection. As a backup for when there is no cellular data signal, software that relay GPS coordinates via SMS
Software cannot be disabled or removed without authentication.
GPS on phone cannot be turned off without authentication (alternative: remote activation of GPS receiver via Internet or SMS)
Cellular data and/or WiFi cannot be turned off without authentication (alternative: remote activation of cellular data via SMS)
Where GPS signal can be used for macro location (within 10 to 30 meters), there must be some method of micro location (within a few feet).
Phone cannot be powered off via any button press, on-screen menu, or removal of battery
Phone cannot be wiped by on-screen menu or by computer cable connection
Now I have approached this solution from two starting points: the iPhone running iOS, or an Android-based smartphone. Both have different advantages and technical details. Let's look at how we can meet each of these requirements one by one.
iOS solution:
Unfortunately, if your iPhone is not jailbroken, your choices are not so great. But FindMyiPhone does do the basic job of relaying GPS coordinates. For a jailbroken iPhone, iCaughtu seems to be the best of the bunch from the research I have done and gives you a bunch of cool anti-theft features.
and
Using the options under Settings -> General -> Restrictions, you can disallow users from deleting apps AND from turning off location services. Of course, you can accomplish something similar by simple setting a password to access your phone. Unfortunately I haven't yet seen any program that allows you to remotely activate the GPS receiver on an iPhone.
Unfortunately I don't think there is anyway to prevent a thief from disabling your cellular connection other than setting a password on the whole phone. This has its advantages and disadvantages.* Similarly, I don't see any way to remotely activate the Cellular Data on an iPhone via SMS.
This is where things start to get more complex and we need to start thinking of actually modding the phone. So far the best RF tracking solution I have found (in terms of size, cost, and effectiveness) is a cheap chinese-made product that I picked up in Asia and cannot find a link to. This one is very similar http://www.amazon.com/Loc8tor-LTD-Loc8torLite-LOC8TOR-Lite/dp/B0012GMDC4/ but the reviews are meh. It is RF-based but does not really give any directional information. Once you are close to the RF transmitter (using the GPS coordinates), you can use the RF receiver to basically play a little game of hot and cold and walk in different directions all while watching if the signal gets stronger or weaker. I've done two real world field test with the similar device and was able to successfully find a purposely concealed bag in a slum twice.
But how do we get this into the phone? If you disassemble the transmitter, it is a very small circuit board, but most phones these days are already packed to the brim. Additionally, these units need power, so you would need to solder it into the phone's power system.
For the iPhone, concerns about a battery-based shutdown are reduced by its "sealed" battery compartment. Of course, with the right tools, someone can get to the battery. But this is not likely to happen quickly and will likely occur in a specific home or shop, from which we can get coordinate data. We only need to delay the thieves long enough to track them. The bad news is that preventing an iPhone from being shutdown via button press is much more difficult. Even with a lockscreen password, anyone can turn off an iPhone with a long power/sleep button press. I found a mod on Cydia that required a password before any shutdown, but it seemed it was only compatible with iOS 5 and I am running iOS 6.
This is the most challenging problem, as the most common method for any experienced phone thief to avoid detection is simply to power off the phone (or disable internet/3G) and as quickly as possible get to a computer and perform a complete wipe using any number of computer programs. A password on the phone can prevent access to the menu options for resetting factory default, but very little can prevent a thief from physically connecting the phone to a computer and wiping it.
Again I turn to physical modding. Would it be possible to modify the iPhone connector in such a way that the pins for power and charging would still work, but the pins for a data connection would require a specially modified cable to conect to the computer? Once my phone is through its initial setup and/or, most anything I need to do as far as data can be accomplished via WiFi. If needed, I would keep my special data cable at my home only and never take it out. But losing the ability to charge from any iPhone cable would be too debilitating to daily usage.
So I ask the experts: how can I improve on or solve these ideas? Is there software out there that I don't know about, either on the App Store or the Cydia Store? Are there ways to remotely control the iPhone's wireless and GPS functions via text? There should be. Any ideas on incorporating a tiny RF transmitter into the iPhone? Is there any way to prevent an iPhone from being shut down via the sleep button? Is there anyway to sabotage the lightning connector in an intelligent way to prevent a computer-based wipe?
*Advantages and Disadvantage of a phone-wide password. Honestly, I would rather not have a lockscreen password on my phone. I'm not a privacy freak and I don't care if a thief sees my pictures of e-mails or Facebook. If my phone is stolen, I'm hoping it is stolen by an idiot and that they WON'T try to wipe the phone. None of my solutions are foolproof. Everything in here is about delaying the thief long enough to track them. If an idiot steals a phone without a password, he MIGHT just use it as is. But if an idiot steals a phone and can't doing ANYTHING with it, he is going to take it to someone who will be smart enough to wipe it MUCH SOONER. Of course, the disadvantage is a loss of privacy, but iCaughtu has a cool solution for that too.
Android solution:
Android phones are much easier to root, and software solutions exist that will work reasonably well even for nonrooted phones. The best software I have seen is Avast! Anti-theft (part of Mobile Security), AndroidLost, and Cerebrus. All of these can report GPS coordinates, and with Avast! at least, you can also see coordinate history online and actually follow the path of your phone through the minutes, hours, and/or days. AndroidLost can report GPS coordinates online OR via SMS!
,
and
Avast! cannot be removed without a pin code. It can also prevent the user from during off Cellular Data and GPS. AndroidLost can be used to activate WiFi, Cellular Data and/or GPS via internet command OR via SMS. There are a ton of other internet-based and SMS commands in AndroidLost as well. Even without an active lockscreen password, a thief would be powerless to disable communication between the tracking software and you. In this department, Android truly outshines the iOS solution.
Getting an RF tracker into an Android-based phone has the same challenges as an iPhone.
I haven't found ANY glimmer of hope for a mode to disable shutdown via a long-button-press on Android. At least I found one mod for iPhone, even if it was the wrong iOS version. This is a huge gap in the goal of building an "unstealable" phone for both operating systems. As for the battery: Android phones come in many flavors. Many have removable batteries, so if you want to make life more difficult for thieves you'll have to limit yourself to a phone with a "sealed" battery compartment such as the HTC One.
A computer-based wipe via USB cable presents the same challenges as an iPhone EXCEPT that we're dealing with a more standard interface so that MIGHT make modding an easier task. Is there any way to make the microUSB jack more "proprietary" so that any normal USB cable can charge it but only a specially one can transmit data?
There is one other detailed I am interested in, but which is, I believe, currently impossible since it would require modifications to the lowest level of the phone's software, and that would be an auto-on feature. If the phone's battery dies for any reason (or any other shutdown that is not user-initiated), I would love for the phone to automatically power back on whenever it receives a new power source (either being plugged into the wall or getting a fresh battery).
Why am I so interested in doing this? I live in a third-world country and I travel to many other third-world countries. For 3 years, I guess I had good luck, but in the past year I have had three phones and a laptop stolen from me on the street and I have been punched in the face. Several of my friends have also had phones stolen during that time, and one friend was even kidnapped and robbed. Maybe crime is getting worse or maybe it is just coincidence. I have tried to be more careful each time, but one should not live life in fear or blame ones carelessness alone. It is time to fight back. Money, time, memories, self-respect, and peace of mind have been taken away from me and from people I care about. These thieves bear the real responsibility for these crimes. And the police and government here is largely unwilling, incapable, uncaring, and/or corrupt. Maybe I can help others as well.
Thanks for your suggestions and input.
Your thoughts are well expressed.
Hopefully something is coming fast to consumers.:good:
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
greens1240 said:
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
Click to expand...
Click to collapse
bump
greens1240 said:
Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
Click to expand...
Click to collapse
would you elaborate on that?
keen36 said:
would you elaborate on that?
Click to expand...
Click to collapse
Those are actually 2 separate issues even though the carrier's actions may seem unusual.
I don't see https in the url for this site, and when I try to force https it redirects to remove the ssl,
so privacy didn't matter here?
Some of the unusual activity involved messages about "sim data" refresh/change when no 3rd party
apps were ever installed, the phone wasn't rooted, and updates turned off. Apps that were turned off
showed subsequent network activity. After a factory reset, disabling some apps and changing other
settings, the main issue was the phone getting extremely hot when using the hotspot to test a vpn
service (vpn settings config on pc not on android).
If your phone number ends up on that "list" you should expect management to take an approach with you
as if litigation is underway. Expect very little cooperation, leave 15 messages over a 30 day
period with 5 different corporate managers to finally get a return call from yet a different manager who
finally admits they have ways to prevent your phone from getting through to support or customer service.
They must have thought none of their customers would figure out that advanced call rejection features
can do all kinds of things, such as put select callers on hold indefinitely, forward the call to a number that
rings but never answers, have the caller hear fast busy signals, have the caller hear a message that no
one is available to take their call, etc, etc. A word to anyone with a cell phone - If you can't get through
using 611 or the carrier's toll free numbers, try calling from a different phone, and if you get through
with the different phone, then you know.
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
keen36 said:
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
Click to expand...
Click to collapse
As network packets travel over the Internet, anyone with physical access to a network device (within the packet route) can view your activity without your knowledge. There are redirection protocols used by thousands of businesses and ISPs to divert port 80 traffic to web caches, internet filtering appliances, and data mining "honeypots". Not sure if still true today that network router and Layer 3 switches manufactured by Cisco ship with a redirection protocol (WCCP) that can be used to re-reroute HTTP traffic through an external filtering or a logging device. Most would agree when it comes to discussions about network security- exchanging plain text email, and requesting advice on plain text message boards is not the best practice.
"refreshing sim data" was a message I observed after the s4 was rebooted. It seemed odd that the message appeared when there was no update or installations. But I'm not an expert on the device, for all I know it might be normal to see the message when there's no activity. As far as turning off apps, it's normal to turn off apps that use resources, drain battery, etc. if you don't need them. Turning off, not deleting, and changing permissions doesn't appear to be an option on 4.3 without a 3rd party app.
As far as sounding paranoid, there's a lot more to the story that I didn't go into involving what looks like attempted identity/phone theft by the carrier's own employee(s) or reseller(s). The way the situation was handled it genuinely looked like a cover up, and still does.
There is still the issue of securing a hotspot which no one from any tier 2 support centers has been able to answer. Not sure if a droidwall or other firewall would be doing anything beneficial since I assume any port scanning would be of the device connected to the hotspot rather than the s4 itself.
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
what do you do exactly when you "turn off" an app? step-by-step?
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
keen36 said:
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
Click to expand...
Click to collapse
Do you know a better place to ask advanced security related questions about Samsung/Android? Google and Samsung tech support are unable to answer many basic security questions. Anything advanced is a foreign language to them.Ask 1000 Samsung employees "What is Knox?" and 999 will answer "Never heard of it." Most don't care about security, and never will unless and until they become a victim, and have a substantial loss.
keen36 said:
what do you do exactly when you "turn off" an app? step-by-step?.
Click to expand...
Click to collapse
I used app manager. I'f you're familiar with S4 running 4.3 then you're familiar with app manager.
keen36 said:
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
Click to expand...
Click to collapse
This message may be related to updating network tower(s) info which I agree, by itself would be harmless.
keen36 said:
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
Click to expand...
Click to collapse
There's constant network inbound/outbound activity while the device is idle according to the indicator. The activity could be perfectly benign. Many native apps communicate with the network, but it is also possible to turn off (restrict) background activity to limit which apps have network access. I wouldn't know what it is without running a program such as wireshark. A paranoid schizophrenic might think an app that had permission to access the microphone, recorded audio in the room, then encrypted & uploaded it to a server for later retrieval. That could never happen in the real world right?
I'm merely asking questions about various events which may or may not be signs that there's a problem, but I've not concluded anything. More importantly I'm hoping to find information on how to properly secure a hotspot. You've not offered any information about this so I assume you feel no hardening, modifications, or additions are necessary, and in using default settings the device is impenetrable.
keen36 said:
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
Click to expand...
Click to collapse
I agree, they are complex. Tech support is of no use, they simply are not trained to respond to a question such as "Is there a firewall running on the device?" "Is code checked for malware by human eyes before an app is put on playstore, or simply trust unknown authors and feedback?"
no, i am sorry, i do not know about any android security related web communities.
i use a sony phone on kitkat, so no, i have no idea what you mean with "app manager". i just want to know what that program did; did it uninstall the apps, did it disable them, did it freeze (rename) them? i have never heard of an app being "turned off", that's why i ask.
what you describe with the microphone listening and uploading what it records to the internet, that is happening every time you open google voice search or -if you use the google now launcher- everytime you go to the homescreen
i do not know how you got the idea that i think that your device is impenetrable ([email protected] sentence btw. )? that is a ridiculous thought, i would never say such a thing. in fact, i am of the conviction that no absolute security can exist on a device which is connected to the internet. there is a reason why some security-related programs are built on machines with no internet access at all.
if you know how to use wireshark, why don't you just use it? if i had to take an uneducated guess, i would think that you would then realise that the network activity you see is benign (not malicious i mean, you might very well discover some nice datamining activity by google etc. ).
i do not know your usecase, if you are living in a country which has an oppressive regime, if you are a general target for hackers somehow (public figure / working at a security-related position etc.), then yes, it might make sense to look at your phones security in detail. if that is not the case, however, then no, i do not think that additional hardening of your hotspot is needed...