Last days I was testing Google's Find My Device (gFMD) vs Xiaomi's Find Device (xFD) on my two Xiaomi phones:
Davinci: Mi 9T, Xiaomi.eu MIUI 12.5.2/A11
Lisa: 11 Lite 5G NE, stock MIUI 12.5.8/A11
---
Both gFMD and xFD come as preinstalled system apps
gFMD can be set through Google settings, xFD must be activated through Xiaomi Cloud
gFMD can be installed to every Android with GApps (it relies on Google Play Services)
xFD comes with (stock) MIUI firmwares
---
If you have several phones registered to the same Google account (each of those phones may have also other/multiple Google accounts set), with gFMD you can check for each of them
Similarly, if you have several phones registered to the same Xiaomi Cloud account, with xFD you can also check for each of them
For gFMD you must have Google History Location enabled
Of course, both gFMD and xFD require Location to be turned on (although some features like playing sound or erasing data remotely work also.with Location disabled)
Both gFMD and xFD work with Mobile Internet or WiFi
---
Precise requirements for gFMD can be found eg here:
https://support.google.com/maps/thread/9580022?hl=en&msgid=9582219
Some screenshots in the guide might be outdated (Google settings may look little different now/with the newer Android version).
But all required settings are properly described - except I was nowhere able to find the Visibility status for Google Play
Note: When I properly set everything, gFMD locating was still failing for me on one phone. Then I disabled gFMD, rebooted, enabled it back and rebooted - gFMD finally started to work then
---
Both gFMD and xFD can be used (find location of the phone, etc) through browser (on the PC or the phone, incl. the own phone):
https://www.google.com/android/find
https://us.i.mi.com/mobile/find
gFMD can be used also through that app, but xFD only through browser
Of course, for the real use there is no sense in using the browser on the own phone (except to test do xFMD and gFD work) or in using xFMD app to check the own phone
---
With both gFMD and xFD you are supposed to locate your phones.
With gFMD you can also inspect it's history of locations (Maps Timelapse)
With both apps you can force playing a sound on the target/remote device. Also, with both you can erase data remotely and inspect the battery status
With gFMD you can change unlock pin/pattern remotely.
xFD has a similar Lost Mode option (forcing a user on the remote phone to login with your Xiaomi Cloud password to unlock the phone)
---
To work properly, both gFMD and xFD must have Autostart enabled and Battery Optimization disabled.
Btw, for xFD, Autostart cannot even be controlled/disabled
gFMD shows notifications on the remote phone that phone is trying to be located and then that phone was located. This might be useful while testing but not in the real case if the phone would be lost or stolen.
Notifications are coming from Google Play Services and must be disabled there: Settings, Apps, Manage apps, Show System apps, find Google Play Services, Notifications, Disable notifications
---
Through the tests (while traveling on vacation and now back at home) I found:
gFMD properly locates both my phones in some seconds but Davinci is usually located little faster. Sound can be played even if the remote phone was not located (similarly should work for changing pin/pattern or erasing data but I didn't test)
xFD always successfully locates my Davinci (maybe little slower than gFMD)
However, more often than not, xFD fails to locate my Lisa. On the next try (immediately or after some time), or even after a few unsuccessful attempts it then successfully locates Lisa.
I could not find why it sometimes fails. Eg, I'm testing through browser from the Lisa itself (hence Lisa is not sleeping), and gFMD has just successfully located Lisa, but xFD fails several times to locate Lisa and then suddenly locates successfully
However, you can still play sound when locating fails
-
Long story short, I found Google's Find My Device more reliable than Xiaomi's Find Device but I will continue using both (just in case)
thank you for the careful and thorough walkthrough of your experience with both Google's and Xiaomi's find my device services. I hadn't even begun to think about those aspects of my phone security in nearly as much depth as you have until I read what you had to say about it.
I'm tempted to activate Google's fmd service, but I'm hesitant to share such sensitive data with more than one international corporate giant. I had an unpleasant experience last year with getting my phones (two Redmi Note 7s* and two 9s) hacked and a lot of data compromised, including precise location. This might just be making me overly skittish.
However, it still seems prudent to ask whether there's any way of being confident that you, and only you, are accessing that location data when, and only when, your trusted software does so for good reason. Or something reasonably close to that, if that's simply too high a standard.
Is the FMD redundancy worth the doubled personal data exposure? More generally, would you consider Xiaomi and Google equally secure? I'd be interested to hear your thoughts.
* I had two Note 7s, identical (same unlock, both logged into everything), except only one had a SIM. One got stolen. I got locked out of things, and my remaining phone got overrun by malicious software... a separate story
summervelvet said:
thank you for the careful and thorough walkthrough of your experience with both Google's and Xiaomi's find my device services. I hadn't even begun to think about those aspects of my phone security in nearly as much depth as you have until I read what you had to say about it.
I'm tempted to activate Google's fmd service, but I'm hesitant to share such sensitive data with more than one international corporate giant. I had an unpleasant experience last year with getting my phones (two Redmi Note 7s* and two 9s) hacked and a lot of data compromised, including precise location. This might just be making me overly skittish.
However, it still seems prudent to ask whether there's any way of being confident that you, and only you, are accessing that location data when, and only when, your trusted software does so for good reason. Or something reasonably close to that, if that's simply too high a standard.
Is the FMD redundancy worth the doubled personal data exposure? More generally, would you consider Xiaomi and Google equally secure? I'd be interested to hear your thoughts.
* I had two Note 7s, identical (same unlock, both logged into everything), except only one had a SIM. One got stolen. I got locked out of things, and my remaining phone got overrun by malicious software... a separate story
Click to expand...
Click to collapse
I see your risks but I prefer the advantages (hoping to be able to erase my lost/stolen phone, in case it ever happens)
Also, I don't think that my data at Xiaomi are less secure than my data at Google.
Actually, I'm more unhappy since the corresponding govt agencies of the two superpowers having easy access to my data through their back-doors at Xiaomi and Google respectively
Btw, long ago I enabled Xiaomi Cloud (prerequisite for Xiaomi Find Device) because of backup/restore and that helped me couple of times to super easily and quickly restore almost everything upon factory reset/data formatting
Therefore I backup parts of my data on Google side and parts (some common to both sides) at Xiaomi.
Hence again to whom should I believe more (and why?) about security of my data on their servers.
And similarly about giving my privacy to the two giants (again, I'm more worried about the corresponding states/agencies than the two companies)
But unless you left everything and go to the woods, you cannot protect your privacy in the modern life, and you can never be sure that your accounts here or there would ever be compromised, hence I again have to choose between the pros (commodities) and contra (privacy and secure of my data)
After all, my sins are mostly about sometimes driving over the speed limit and discussing here about Magisk and so, hence I don't care that much about being spied
Related
I admit that this is a little narrow - but I figured I'd share my experiences.
I use Replicant, so I really want a phone with few blobs, an unlockable bootloader, and a low price. I did not win on this phone... too many blobs.
However, I like this phone, and it was cheap (I have XT1304 / US GSM edition). I figured that if I could de-Google the device it'd tide me over until CM comes out and is stable. I don't care to use Google Play Services. At all. (I know it's rare, but hey, I like smartphones, just not so tied to the walled garden.)
When I disabled all of the Google & Motorola Services that I could on stock, I'd get crashes from anything that wanted to use my location. ADB revealed it was crashing looking for the "network" location provider.
This would kill everything; even the modem would be reset - I'd miss calls, the Launcher would restart...it was basically a soft reboot because of underlying system crashes. Switching the location mode off of "High Accuracy" or "Device" to "Battery Saving" would cause it not to crash, but that's not exactly a good location provider.
Now yes, I'm disabling "system" services. I'm on my own. But someone's gotta do it.
My solution:
Post-factory reset with no Google account:
Install any location consumer - I used SatStat in F-Droid. (I'm too new to post links; find it yourself. You're smart and people like you.) I installed it via adb after turning on USB Debugging. There aren't many other ways from GNU/Linux distros, but you should be able to MTP it on there too.
Turn location on. Dismiss annoying dialog: No Google you can't snarf my location. (This dialog doesn't save its answer if you don't have a Google Account. It. Asks. Every. Time. Therefore, it must die.)
At this point it gets fuzzy - I basically went on a disabling spree, and managed to disable everything except Google Play Services (No Notifications, Clear Data, Disable Service) checking to see if SatStat would crash between every disable. I was also checking the Location settings every once in a while as well - eventually Google Settings revealed that "Google Location reporting is not avaiable for this location" which means... it's dead, Jim. No more annoying dialog. At this point it was safe to disable Google Play Services.
When I was done I had about half a page of apps - if that. At which point... I installed F-Droid, and am busy repopulating the world.
The entire point of this post: if you're going to de-Google your phone, use CM and don't flash GApps. Disabling everything on stock is risky, but doable. Just expect to factory reset. Disabling in Settings is so much better than the old days of Root & Remove.
Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs
No, this is not going to be as easy as one would think from reading the title.
Running an unofficial LineageOS (13.0 - equivalent to android 6.0.1) on a no-name Chinese phone.
I would describe myself as one of those people who really don't like to see much information about my activities on my phone recorded, and (for this question) that specifically includes data usage per app. To ramp this up to the paranoid level, I have never used (or even turned on) mobile data - I stick exclusively with wifi, and never access the internet with this device without going through a VPN.
The data usage history currently goes back several months. I know that the data resides in two files (datausage.db and datausage.db-journal) in
/data/data/org.cyanogenmod.providers.datausage/databases/
First of all (this seems out of order, but humor me), I have tried removing those files, zapping (wiping) those files, and creating files of the same sizes containing nothing but 0x00. The original files appear again after a reboot (yes, I have killed the data usage provider before doing this, and no, I have no idea where the system stores the copies). I have invested (so far wasted) several hours in trying to remove this data, and have made absolutely no progress.
If you have read up to this point, you probably have thought "why don't you just go into "Settings / Data Usage" and select "Reset Data Statistics"? A reasonable question, and actually what I attempted first, but doing that has a very unfortunate side effect - it completely destroys (disables) Wi-Fi background data (something that took me several more hours to figure out) for every app. Even restoring the backup for the "Data Usage Provider" app won't fix it. The only way to re-enable background data is to restore an image backup.
Time for some questions.
First, can anyone suggest a way to delete the data usage history (without making the phone unusable, of course)?
Second (mostly for my curiosity), where does the system store the backup of the data usage history database?
Third (approaching it from using the "Reset Data Statistics" function), does some way exist to restore Wi-Fi background data for all apps. I wouldn't even mind going through the apps one at a time in settings to re-enable this. To clarify, if I select an app in "Settings / Apps / Someapp" and then go into "Data Usage", I typically have "Only over Wi-Fi" selected (which has worked fine since I have had the device - a few years). After "Reset Data Statistics", no app will communicate in the background with this setting. If I change to "Over cellular data & Wi-Fi" (keep in mind I have never turned cellular data on for this device), then the app will then use Wi-Fi in the background.
Something (well beyond my ken) seems very broken.
Im keep being hacked by my genius software engineering malignant narcissistic. I've bought over 15 different phones from different carriers and used fake registration info. However, they get hack in 30 mins. I know the fontserver app was remotely downloaded Over the Air because of other apps that are installed to help that process. For ex; GNSS Air Test, Gnss Test 1.2, fused location, gnss log level setting, LAOP test. V1.93, entitlement checkservice , FOTA update, secure ui service, teeservice, dynamic syatem update, hidden menu, hidden operator, G-DEC, GCUV, etc...mobile service apps to install the spyware. From my understanding, all is needed is a phone number to where app is downloaded OTA. Here's the kicker... With every new phone I dont even setup a google acct or call anyone and it get hacked.
So please anyone share your theories or anything about this . i need to stop this bs. Theyve gang stalked me broke in my house numerous time vandalized, hacked my friends and their families threatening them with death threats and non stop harassing calls to my cell and house phones.
So i just need some kind of inkling how this can happen. Sincerely yours truly
Sorry to hear this is happening to you. It is also happening to me by my soon to be ex who is already by ex. I keep being told to buy another phone and I don't because I figure the same would happen to me and the new phone will just get hacked as well by whomever she got to do this to me. I created a post today asking for help, but due to the lack of replies to your post I guess I better not hold my breath that anything can be done. Did you find a resolution to stop from being hacked?
Better check yourself...
Burgrio said:
Hacking attacks are on the rise, and it doesn't seem like there is any way to protect yourself from them.
Click to expand...
Click to collapse
There's plenty you can do. Most devices get compromised because the user did something stupid.
Not always but part of not being stupid is acting as soon as unusual behavior is noticed. Find the cause asap.
Factory reset if you highly suspect being hacked and reset all passwords.
I've been running outdated and unpatched stock Androids for years with no breaches that ever required a factory reset or reflash to purge. It could happen but in practice if you don't do stupid things... it doesn't happen.
Downloading any unvetted files or apks even a jpeg can do it. Do not side load anything unless completely vetted. Lock down install unknown files globally and locally for all apps especially browsers unless you need to sideload. Check those settings at least once a month... and enable them as soon as a sideload is done.
I don't use wifi and keep bt off when not being used. I check my download folder daily for crap I didn't download and for any strange behavior.
All email is kept in the cloud... email and texts are prime perpetrators.
Don't click on anything unknown, delete or close the window. Keep all trashware apps off the device including FB, Twitter, WhatsApp etc.
Scan app permissions, know what's running at startup and why/what's accessing the internet.
Listed System Administrators, who's your daddy?
The list goes on but you get the idea...
♤There's no saving dumb bunnies
Hi, I'm planning to buy the Motorola Edge S (not G100) as it is cheaper.
Previously, I owned a Moto P30 (the phone that looks like the iPhone X) and China ROMs even on other OEMs have this weird bug where you won't receive any notifications say, in WhatsApp unless you open the app itself (already enabled app in background/disabled optimizations etc..).
Is this "bug" still persists in latest Moto phones using China ROM?
Hope someone can confirm. Thanks.
I personally bought it from AliExpress and the vendor already unlocked the bootloader and flashed the global ron with Google Play. My edge S with the global rom from the vendor has no problem with the notifications. Depending where you buy it you can have it with the global rom already instead of needing to do it yourself.
Keep in mind you wont pass safetynet, you may need to install Magisk for it
Thanks. I don't intend on flashing it to Global ROM. There is no issue with Motorola global ROMs as notification is working fine. I just need some confirmation if China ROM still has this weird bug. This is true for any Android phone without GMS (a lot of complaints in Huawei forums with this problem).
There should be some battery optimizing setting behind. If you cannot set it via whatsapp & phone setting, you will need to kill such background app by adb
Disabling battery optimization and putting the app with "unrestricted data usage" didn't help (on my previous Moto P30 running China ROM). Same case as the Lenovo z6 Pro based on China ROM. Android will kill the app (ex. WhatsApp) regardless whether you put it on whitelist.
But both are old devices running an old version of Android. Anyway, I would still buy the Motorola Edge S (Pioneer Edition). An irritating bug (for devices without GMS) which Android developers should have squashed a long time ago.
Settings Edge S with Chinese firmware.
1.Settings - System - Advanced. Google Play Services - On.
2. Download, unpack, and install Google Services.
3. Configuring notifications and application operation.
a) System-Apps & notifications-Special app access-Battery optimization.
For the necessary applications and notifications: Enable - Don’t optimize
b) Launch the application - Device shield.
Background running – Allow app running in background.
Auto start apps - Enable the applications you need.
My order is still on the way. I'll try that once I received my purchase. Thanks.
So I got my phone already setup with all Google-related apps installed.
I configured the settings by whitelisting Google and all apps important to me like WhatsApp.
In Device Shield, I ensured my apps are whitelisted to allow background processing at all times and put them in auto start.
Adding to that, in battery settings, I put them in Do Not Optimize. I also ensured to allow background data.
For now, everything works PERFECTLY. Notifications arrive on time and I don't even miss any WhatsApp calls. It is either that OR my I'm still using my phone too much (not even 12 hours since I got it).
ijuanp03 said:
So I got my phone already setup with all Google-related apps installed.
I configured the settings by whitelisting Google and all apps important to me like WhatsApp.
In Device Shield, I ensured my apps are whitelisted to allow background processing at all times and put them in auto start.
Adding to that, in battery settings, I put them in Do Not Optimize. I also ensured to allow background data.
For now, everything works PERFECTLY. Notifications arrive on time and I don't even miss any WhatsApp calls. It is either that OR my I'm still using my phone too much (not even 12 hours since I got it).
Click to expand...
Click to collapse
Hi, I got the same problem. WhatsApp calls don't work properly. If any one knows how to remove/kill the background app procedure through adb, please share the same.