Database Info

[Q] What is the best phone tracker/recovery app?

I am new to Android. Just got my Vibrant. I want to protect this phone so that in case it is lost or stolen I can recover it. Could you tell me what are some of the best apps for this?
Here is a list of names I know about for now:
Where's My Droid - This is currently installed, but required me to send a text to my phone to activate the GPS and even then it won't keep the GPS active long enough to get a precise location. Furthermore, it can alert the would be robber.
Glympse - well, this is not for stolen phones
Wavesecure - couldn't find any good threads on this. Seems to have an annual subscription fee of $19. I don't want that. Just want a standalone tracker.
Remote security - Not clear that this is a good app.
TheftAlarm - Again, developed in foreign language and I don't know how good it is
MobileDefense - Maybe this is the best app, but it is still in beta and no more users are accepted. I already filled out a request.
Find My Android - Was suggested in this thread, but it doesn't seem to be different from Where's My Droid, except the notification when SIM is replaced.
Lookout Mobile Security - Doesn't seem bad, but it doesn't lock your phone remotely. Can easily uninstall the program. I also found out that I better use a different email address than the one my phone gets otherwise the phone gets an email with "location" of the phone when you look it up online. This is better than Where's My Droid since you can do it more discreetly online, without sending texts (but have to make sure the email you use is not managed by the phone).
Am I missing something? I really want to protect this phone and it is frustrating that among so many apps, we seem to be missing good anti-theft solutions. Preferably I want something that can lock the phone remotely and allow me to do things without interruptions from the thief or at least discreetly. What would you recommend?
Also, I have a rooted (stock) Vibrant.
Thanks.

Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.

khaytsus said:
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
Click to expand...
Click to collapse
WOW! Ok, but the question is - 1.can it lock the phone remotely? 2.What happens if the thief uninstalls Tracker or changes the SIM (can you password protect it)? Finally, 3.can it take picture AND email them remotely? Otherwise, I don't see much use to this feature if the phone is gone.

Lookout seems rather good, but I have not tested it personally. I'd add a link, but I'm a new user. Should be easy to find with a Google/Market search, though.

Well that (un installing tasker)may be the case with any tech anti theft, if the thief is smart and careful they will wipe/reset/format whatever they took, rendering a soft lo jack useless
I would just get tasker and lookup findmyandroid on lifehacker, its the best current option
Captiv

Yeah, I found out about LookOut on Android forums. I have installed it. It doesn't allow you to lock the phone remotely and can easily be uninstalled.
As for Find My Android, I don't see how is it different from Where's My Droid., maybe except the part where you're notified if the SIM card is replaced.
I updated the original post.

Find my android isn't the name of the app, its what the lifehacker post is tagged as (#findmyandroid)
The program is tasker, and its more customizable and it can turn on gps
Captiv

Sure, Lookout can be uninstalled, as can any other app. But really, you should have some sort of password on your device. With pattern unlock, there's really no reason not to do so.

According to one of the devs on their forums, remote locking as well as "other features" will be coming to Lookout "very soon".
https://lookout.zendesk.com/entries/24881-remote-lock
In the meanwhile, I use WaveSecure for locking my phone and Lookout for tracking, as its mechanism seems much better.
If you want to prevent Lookout from being uninstalled, just move the apk to /system/app (assuming your phone is rooted).

I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone

GPS Tracker by Instamapper is the one I use most. With a text message, it will return its location via Google maps. It will continually do so for as long as you have it set up for. Every 10 Seconds, Every 2 minutes, Every half hour, etc. I used it to track my stolen phone with the laptop in the car. This app saved me from buying a new phone.

stickerbob said:
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
Click to expand...
Click to collapse
Same here. Glad I got it while it was still a beta!

Android Malware Now Capable of Recording Your Phone Calls !!!

A new find by the researchers at CA Security have unearthed a new kind of malware on andriod which can record infected devices conversations and uploads it to a remote server !
Andriodians beware
Source: http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx

Another reason why it's important to check the permissions for an app before installing it. I'm bad about sometimes just hitting ok without looking but usually I'll go back and check afterwards just in case.
Check out Permissions Denied and Privacy Blocker in the market, they are both good apps that will prevent apps from getting permission to do stuff you don't want them to. Just be aware that the affected app may FC if it tries to do something and you have it blocked. I believe CM7 now is also able to block permissions on an app by app basis.

I usually have some sort of security installed on my phone. Regardless of checking apps before you install them, is this something I should continue to do? I flash new ROM's / ROM updates quite often, and I worry sometimes that it may be a good idea to make sure that Lookout, which is the anti-virus / anti-malware program that I use is installed before I do anything else.

I usually try to read the permissions, and some apps go out of their way to use permissions that are not necessary. I have been using Lookout Mobile Security, but I am not sure how well it works.

I think its time phone makers start inculcating permission management as in CM 7 in to there builds to help user's control these things. You could also use LBE Privacy guard, to control apps.

xHausx said:
Another reason why it's important to check the permissions for an app before installing it. I'm bad about sometimes just hitting ok without looking but usually I'll go back and check afterwards just in case.
Check out Permissions Denied and Privacy Blocker in the market, they are both good apps that will prevent apps from getting permission to do stuff you don't want them to. Just be aware that the affected app may FC if it tries to do something and you have it blocked. I believe CM7 now is also able to block permissions on an app by app basis.
Click to expand...
Click to collapse
Another nice app for this is called LBE Privacy Guard. I'm also a bit lax on checking before installing, but LBE will ask you in your notification window to confirm each perm. Allowing you to choose permit, ask each time it needs it, or deny access all together. I use it to deny access for network on games that don't need it to function and phone identification for almost all apps as most really don't need that info to work.

Which software to record calls?
Hi there,
as far as I know you cannot really record calls in Android becuase you can not intercept the phone directly. Therefore basically all phone recording software requires you to switch to speaker mode and records the call via the microphone (which may result in very bad audio quality, depending on your location).
Or is there now another (a better) way to record calls? Does an app exist, which records calls?
Kind regards,
∵ ToBe

ToBe_HH said:
as far as I know you cannot really record calls in Android becuase you can not intercept the phone directly. Therefore basically all phone recording software requires you to switch to speaker mode and records the call via the microphone (which may result in very bad audio quality, depending on your location).
Click to expand...
Click to collapse
That was my understanding of it as well.. heck for the Desire you need to be rooted, flash a specially-modified kernel, and have the correct radio ROM flashed.

ToBe_HH said:
Hi there,
as far as I know you cannot really record calls in Android becuase you can not intercept the phone directly. Therefore basically all phone recording software requires you to switch to speaker mode and records the call via the microphone (which may result in very bad audio quality, depending on your location).
Or is there now another (a better) way to record calls? Does an app exist, which records calls?
Kind regards,
∵ ToBe
Click to expand...
Click to collapse
there is one, works well with sony ericsson x10 mini pro, from android market
https://market.android.com/details?id=com.schass.recording.call&feature=search_result

I installed "LBE Security Service". (needs root) : works great
The author writes:
Protect your privacy by controlling the permission of each application to access your sensitive data.
- Block malicious operation from Mal-wares and Trojans.
- Block unwanted network traffic if you don’t have a unlimited data plan.
- Find out which application is trying to steal your privacy by checking the security log.

But apps like Angry Birds steal nearly everything from your (Position, Contacts ,SMS and so on) so i think there should be a general rule in the market which forbids things like Call recording(really man who needs this ^^) , and personal data stuff only the Position for apps who really needs this. And i mean nearly every free apps sells your data and this is not so cool i think you dont know nothing what happends to this data and I think there is alot to do on every mobile OS ( for every os is an angrybirds convert ^^), I knew at s60 (Symbian) there were a lot of antivirus kits to download(kaspersky, Bitdefender etc) maybe they will now see the market of android for antivirus softworks

dstyl said:
But apps like Angry Birds steal nearly everything from your (Position, Contacts ,SMS and so on) so i think there should be a general rule in the market which forbids things like Call recording(really man who needs this ^^) , and personal data stuff only the Position for apps who really needs this. And i mean nearly every free apps sells your data and this is not so cool i think you dont know nothing what happends to this data and I think there is alot to do on every mobile OS ( for every os is an angrybirds convert ^^), I knew at s60 (Symbian) there were a lot of antivirus kits to download(kaspersky, Bitdefender etc) maybe they will now see the market of android for antivirus softworks
Click to expand...
Click to collapse
just checked and angrybirds has no permission to access anything you mentioned, it only has full network access for ads (cm7 permission revoked) and read network state, thats all.

Droid Wall
I think just by using droidwall you can already squish a lot of malicious intentions an app has.
Its allows you to set a whitelist (or blacklist) of apps that you would allow to block packets from being sent.
What's great about it is:
1. it doesnt drain your battery, because it doesnt run as a service, but modifies your device's iptables
2. one of its features is logging your network activity so you could see which apps are actually sending or downloading data... this is helpful if you got a doctored copy of your favorite game or app. In case that app was modified to spy-on-you you can still block it

wow, then I think that I'll delete my entire mobile memory and apps and then start installing apps over again but I have to read the permissions very well this time.
Google should do something serious about that!
Thanks.

@FadeFX
Sry my fault Only the iOS version of angry birds steals psw ,contacts etc.
http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html?mod=what_they_know
there are the most apps who are watching u so if you are unshure take a look
For Android and iOS users knows anybody sm about apps who steals your data on WP7 ?
______________________________
LG e900 MFG Unlocked Mango Beta 2 <------------ Nokia 6630

Pretty much all apps need some kind or the other kind of permission .. so the wise thing is to look up these permissions while installing app or use any one of the other apps to do that for you ..

Pretty much all apps need some kind or the other kind of permission .. so the wise thing is to look up these permissions while installing app or use any one of the other apps to do that for you ..
__________________
Phone: Htc Desire HD (ACE)
Rom: HONEY3D 1.1
Radio:12.48.60.23p_26.08.04.07_m3
Kernel :Kquicksall
Recovery: 4 EXT CWM 3.0.2.8
OC : No frills
Yes ,but if you use an iOS device there came no permission screen ,so you have to lock it up in the Appcontract what this app does in background , so it seems like the only way to get malware on an Android/WP7 seems to dont read the Permissions and only click ok ( imean if you install a FartMaschine or sth. and it needs your Position data to work there must be something bad in the background
I mean for kids who uses there phone or ipod or whatever this is a really big responsibilty and u cant except from an 10 or 14 year old kid to take care about that i think these data stealing apps should be forbidden ,if you read the article you see that from 101 tested apps 56 send user data to different networks. Both the Android and iPhone versions of Pandora, a popular music app, sent age, gender, location and phone identifiers to various ad networks so i think there have to be a cut by the law. For me it was a new world to because i had an s60v2 device from 2004 till the last month so i had to learn to take care what my phone knews about me.
_____________________________________________
LG e900 MFG Unlocked Mango Beta 2<----------Nokia 6630

I never look at the application permissions, but this made me rethink after installing some applications...

Signal Private Messenger

Hi,
I've discovered the description of "Signal Private Messenger" app, but I don't know what thinking about it.
Its description seem's to indicate that you can communicate voice and text securely end to end with your smartphone, and that it's open source.
What is really securely ? I don't know and "I want to know"
Thanks in advance for your answers.

Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!

equi_design said:
Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!
Click to expand...
Click to collapse
Hi,
Thanks for your answer.
Your answer is a good summary of the app's features.
But what are you thinking about the word "securely" ?
Is it a dream or a reality ?
The app's editor highlights testimonies from known people who use it. Is it sufficient to trust this app ?
Has someone in this forum examined the code of this app ?

Nothing is completely secure.
In my opinion, & from my use, Signal is more secure than a normal messengering app - but less secure than a talk in real life.
If you are interested in security, please check out this XDA subforum; http://forum.xda-developers.com/general/security
And read up here: www.eff.org

Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.

jonathansmith said:
Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.
Click to expand...
Click to collapse
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself.
If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.

@jonathansmith
Thanks for your detailed feedback.
It will be nice if someone in this forum could analyze the code of this open source app.
As for me, I am unfortunately not competent.
Were you able to identify with AFW the site the app was trying to connect ?

dtective said:
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself. If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.
Click to expand...
Click to collapse
Thank you, that's exactly what I don't get. Why would it attempt to establish a connection. Ofc I'm blocking it. I'm blocking tons of others apps as well, but unlike Signal (and a few other suspicious apps) the other apps do not try to establish a connection.
As I said, when you block an app from accessing the net with AFWall you can tell AFWall to give you a toast showing you when every signle time when AFWall blocks a certain app trying to access the net. So, with 99% of my AFWall-blocked apps I don't get this toast, meaning that those apps don't even attempt to access the net (but better stay safe and have em blocked.) With some tricky apps though, AFwall shows that toast msg indicating that it successfully blocks a certain app from accessing the net. That's what I don't get - why would Signal be set up in a way that it would attempt to access the net. Prolly WiFi calling or sth but I'd rather use it for now only as a default SMS client.
Yes, you are right. Signal can see that there is a network connection live and that's why it constantly tries to connect to it. Just wish Signal would get it once and for all that it is blocked for good and stop trying to access the net.
If anyone knows which Services, Broadcast Receivers, or Activities from Signal should be disabled (using MyAndroidTools for example) please do share which ones they are so I can disable them and thus prevent Signal from constantly trying to establish a connection. The toast msg from AFW does become annoying when it is every second second
---------- Post added at 11:39 AM ---------- Previous post was at 11:33 AM ----------
iwanttoknow said:
Were you able to identify with AFW the site the app was trying to connect ?
Click to expand...
Click to collapse
Maybe gotta look into the log of AFW. The toast msg only shows the ip address which Signal ties to connect but AFwall prevents it form doing. But that's not the prob for me. Doesn't matter too much what it tries to access cos I know AFWall is good enough at preventing that. Just want to stop Signal from trying to access whatever it is trying to access! Will let you know if I figure it out!
---------- Post added at 12:00 PM ---------- Previous post was at 11:39 AM ----------
equi_design said:
Nothing is completely secure.
And read up here: www.eff.org
Click to expand...
Click to collapse
I second that. Nothing is, indeed! And thanks for reminding me about eff ... here's a good one - https://www.eff.org/https-everywhere @iwanttoknow check it out!

And here's a bit of a follow-up. Managed to catch the toast. Not sure if it is always the same ip that AFW blocks, but will try to pay attention. A reverse search reveals that the geo location of the ip is some place in Washington, US.
https://imgur.com/a/5fhIf

As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?

nutpants said:
As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?
Click to expand...
Click to collapse
You have to go back in time when the app was called Textsecure and it provided end to end encryption for SMS. The app was available on F-Droid until someone discovered that plain text sms were saved unencrypted on device. After that, the dev temporarily closed the source and also demanded that the app be removed from F-Droid, because in his view distribution on F-droid was "insecure." Well, that hole was fixed and the following versions worked pretty well. About the same, time, the dev started to be bothered by TSA every time he travelled by air. Then, within a few subsequent releases, google binaries and internet permission were included. Then, the app started to crash if internet service was restricted. In addition, you could only get the app from Googleplay, which means, you must have Gapps and Google Services Framework, which has total control over the phone and regularly "phones" home (obviously not your home). GSF can get your outgoing text before encryption and incoming text after.. Despite all of the above, one could still compile the app and use it without GSF. Then suddenly, the dev announced that he would no longer support encrypted SMS. About that time, he started receiving literally millions of $ from a US government's backed foundation. In addition, he was offered a lucrative contract to do encryption for What's UP, which later became Facebook. Quite a change after being harassed in airports So, encrypted sms were dropped and the app turned into an internet messenger. You must register with your phone number; your data goes through Google servers and Whisper System's servers. And by the way, neither the Signal servers nor Redphone servers are open source. You can't use the app unless you have Gapps and GSF and if you use the app, you are known to Whisper Systems, Google and all 3-letter agencies...
This is not the first time I am posting on Textsecure/Signal, just do a search on XDA and F-Droid forums and you will find more info with links. I would stay away from anything coming out of Whisper Systems. Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
And by the way, never use an app where everything: encryption, encryption method, registration, servers are in the hands of one entity, which won't allow you to use other servers...

nutpants said:
As I understood it ...
Click to expand...
Click to collapse
You might be right but for normal unencrypted messages Signal uses simple SMS. Have tried it and without any WiFi or data it simply sends a msg as an SMS. So far so good but u might have a point. I'm yet to test with someone who also has the app installed and see how encrypted msgs are transferred. I'd imagine it NOT to be over the internet, but then again you might have a point? Why? Because as I said I've blocked Signal with AFWall and I get a toast showing that Signal CONSTANTLY tries to connect to the internet when there is currently a live connection to the internet, be it Data or Wifi. So yeah, you might be right, but I need to test it out. In the meantime someone who has already done this would do us a favour by telling us how it works.
Using my personal phone number as identifier does not sound cool indeed. If you are right about this: 'It uses internet only to transmit encrypted messages. And it uses its own message server to host your message' then I guess I'm ok with using the net for transmitting encr. msg since they are encrypted with E2EE. As to where the msgs are hosted. I guess I'm better off having them stored at Signal's server than at Verizon's cos from Verizon they end up DIRECTLY to the government. I guess with nuff persuasion and money though they'd also end up there from Signal. It's the way of the world, isn't it? Also, as I mentioned in my last post, the IP which Signal constantly tries to connect to is in Washington. That's already fishy enough .... very fishy!

optimumpro said:
Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
Click to expand...
Click to collapse
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.

unknown404 said:
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.
Click to expand...
Click to collapse
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...

optimumpro said:
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...
Click to expand...
Click to collapse
I guess I'm ok with Wickr's being closed source (but then again what do I know ... the discussion about open vs closed source goes both ways so more opinions are welcome). Just don't get why I made an account there and now trying to log back in I'm told the credential are wrong. Weird!

Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?

iwanttoknow said:
Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?
Click to expand...
Click to collapse
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.

unknown404 said:
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.
Click to expand...
Click to collapse
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.

optimumpro said:
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.
Click to expand...
Click to collapse
That I do second and that I do like!

Hi,
After reading some articles, I discovered that it was "easy" to assure End-to-end encryption (E2EE) for our communications. I share my understanding here, knowing that it's well known by experts in the domain. So thank you for being kind to me.
In fact, there is a difficulty for communicating parties who wanted to communicate without anyone spying their voice or written messages. They have to use cryptographic protocols relying on a shared secret. But how to share a secret on unsecure communication channels ?
It's "easy", due to the Diffie-Hellman cryptographic protocol which permits to do that. There are a lot of explanations about it on the Net. But it could be defeated by the man-in-the-middle attack (MITM). To counter this attack, you have "simply" to sign the shared secret with asymetric keys (with your secret key to sign the shared secret, and with your public key permitting to the other part verify it). If you are interested, see more explanations on the Net about asymetric cryptographic protocols.
I sincerely hope that I didn't say too much nonsense.
Silence app is based on Diffie-Hellman protocol, like other apps in the domain.
In summary, after reading your answers to my initial post :
- Silence app permits to exchange SMS/MMS, using E2EE.
- Conversations app is an instant messaging (IM) client for Android, using E2EE.
Signal Private Menssenger is an E2EE IM and voice calling app.
I have noted what has been written about Signal Private Menssenger in this thread, so is there a "less intrusive" E2EE voice calling app, in the same way as Silence ?
Thanks for your participation.

Phishing Attack via Google Assistant?

Hey all and thanks in advance for any help you can provide as I have been racking my brain trying to figure this one out, but keep falling flat. A few days ago I received a Google Assistant notification on my Nexus 5X running the current stock Android (no rooting or modification on this device in any way). It was bringing to my attention an "important" email about one of my credit cards. I was immediately suspicious as this was the first time I had ever gotten a notification of this kind from Google Assistant. Usually it is sports score updates, bill reminders, breaking news, etc... But it did appear to be a legitimate Google Assistant notification so I did click it (I later confirmed this as I checked my notification history and it did show up as a Google App notification). It then opened Google Assistant, but then immediately opened either Chrome itself or a Chrome custom tab. The address that it opened appeared to be the legitimate Gmail domain, and unless it was using non Latin characters then I have no reason to believe otherwise. Not only that but it was showing an already opened email claiming to be from one of my credit card companies stating that there were important changes to their policies and/or my account.
It was at this point that I knew something was amiss. Images were being blocked in the email and just the whole process seemed "off". I opened Inbox/Gmail on my desktop and sure enough there was no such email there, it was at this point that I knew beyond doubt it was a scam. I was very careful not to click anything in the email but I could see that the "To:" label was to my legitimate email address and the "From:" address was typical of a phishing/scam email (eg. the name of the credit card company but with some kind of modifier attached). I wish I would have taken a screenshot of it, but it all caught me off guard. If it happens again believe me I will.
What made this all even weirder was when I tried to access this link on my desktop as I wanted to try and run some tests on the link that it was trying to get me to click on. I went on my Chrome history to track the link down but it was not there. So I checked my Chrome history on my phone and sure enough it showed up there, but not on my desktop. It was the only link not showing up on my desktop's Chrome history, all other links were there and I could see the same two links that were before and after the link in my phone's Chrome history but not that one. I have since factory reset my phone to be on the safe side and sure enough on my new install that link is also not showing up there either.
Now I am fairly well versed in tech, am very disciplined in "think before you click", and pride myself in being able to spot a scam - but I am also no expert and this is where I am needing some help in figuring out what exactly happened. I need to figure out if my device was compromised or if there is any way a malicious actor could have triggered my Google Assistant to open up a link like it did.
There is more to this story though which makes it a bit more complicated. Towards the beginning of the year I had a credit card that got compromised, this credit card was from the same company that the scam email was claiming to be from. Luckily I have alerts turned on and I was able to spot it almost immediately and reported it. The card was cancelled and I received a new one. I had my suspicions about how it was compromised but nothing for sure (I have never had a security problem like this, and I had recently used a website that I had never used before to purchase something - not damning itself but definitely suspicious). A couple months later and it happened again. At this point I was about 95% sure which website had compromised it. I believe the website itself was not malicious but that it's database had been breached, meaning the card only became compromised if it was "stored" in my account as a payment option. Also of note was that I have two cards with this particular company and only the one card I used on this website was compromised, not both cards nor the account itself (no other cards, companies, or payment options either). Further confirmation of my suspicions are that since I narrowed which website I thought that it was and it has not happened again.
My whole reason brining all of that up is that without it, to me anyways it would seem like my device is compromised. But with that story, and the fact that scam email was obviously phishing for my login credentials to that company makes it seem like someone somehow figured out a way to trigger my Google Assistant. Not only that, but triggered it to open up someone else's Gmail in a Chrome tab with an email already opened. Is that even possible? Do third party apps or services have this kind of access to Google Assistant? If not, it would seem to indicate for certain that my device is/was compromised, yeah?
As I already stated, I have since factory reset my phone, and every website and service I use has strong passwords and 2FA with alerts turned on if possible. But without knowing exactly how this attack was possible I still feel vulnerable. I have seen many phishing attacks in my day but this one seemed personalized, not mass targeted like the other which also makes me worry (again, even more so since I am not certain how this one happened). Plus I am worried that if it was my device that was compromised then a factory reset may not be enough. Many, many thanks for anyone who has a more intimate knowledge of Google's developer ecosystem that can help.
[EDIT} I will continue to add some things here that I think may be relevant to diagnosing this issue.
I was not doing anything at the time that this notification was sent. I was not even on my phone - I use Pushbullet to get notifications on my desktop and it was there that I first noticed it. And honestly, I do not even use my phone that much as I am near my desktop almost all the time. The rare times that I do use it, it is for listening to music or podcasts, almost no web browsing at all and very little app usage.
I was at home at the time of the notification, meaning no public or untrusted Wi-Fi. Nor at risk of any bluetooth type attack either.
I do use a VPN at all times.

Can you recommend an app for surveillance of another phone?

In an unfortunate set of circumstances I must put myself first and betray the trust of a person who I believe might have already done so to me.
I suspect my fiancee of having an affair. I have some partial evidence which might be circumstantial but my gut is telling me to pursuit it and uncover it all.
I know that there are generally apps that are keeping tabs on the phone: it's location, forwarding of facebook messenger, sms texts, call log and gps location, remote camera view snapshots and audio streaming of its surroundings and they operate while being in complete stealth mode.
I ask you if you can recommend such an app or a few so I could choose in order to snoop out what is really going on. :crying:
Please, can you recommend such apps?

Doubledeckler said:
In an unfortunate set of circumstances I must put myself first and betray the trust of a person who I believe might have already done so to me.
I suspect my fiancee of having an affair. I have some partial evidence which might be circumstantial but my gut is telling me to pursuit it and uncover it all.
I know that there are generally apps that are keeping tabs on the phone: it's location, forwarding of facebook messenger, sms texts, call log and gps location, remote camera view snapshots and audio streaming of its surroundings and they operate while being in complete stealth mode.
I ask you if you can recommend such an app or a few so I could choose in order to snoop out what is really going on. :crying:
Please, can you recommend such apps?
Click to expand...
Click to collapse
First of all.Wrong Forum bro.Thr forum rules doesn't allow such Discussion. Secondly don't be so specific while asking stuff.Thirdly it is very much Possible but on old phones like at most android 5.0 due to major changes in Security. Fourthly there is another way but it requires to some extent a higher level of understanding of linux and how an android device handles it's OS.Maybe you can build a backdoor in it.Fifthly the samsung account manager usually handles that.Go look it up.No root no bull**** straight last 15 sms and calls along with location.
Sent from my Pixel 3 XL using Tapatalk