Could someone please explain to me what exactly does ' a security enabled experia' mean? I'm guessing its another term for HardSPL?
Different possibilities...
It could be one with encryption enabled.
It could be one with the security checking enabled (so prompts you to confirm when you install unsigned apps.)
It could be add-on software, such as Sprite Terminator (http://www.spritesoftware.com/products/sprite-terminator) that provides additional security features in the event your phone is lost or stolen.
Or, it could be something else... you haven't given us a lot of information to work with! The context with which you say 'security enabled Xperia' might have been helpful!
Related
So far, I have not managed to remote wipe my Froyo Nexus One from Exchange. It just didn't work.
I'm wondering if this hasn't been implemented yet in the version I downloaded (the one that was publicized up last weekend) or if there's something I'm missing.
Has anyone every done this successfully?
Maybe when the finalized Froyo build is out. I would try it myself but what if it works
I'm stil unable to do this using FRF83. Has anyone else tried and had it successfully work?
Exchange sends the remote wipe command but the phone just doesn't acknowledge it.
I'm hoping Google isn't trying to quietly not include full ActiveSync capability into Froyo... it seems awfully late not to have features baked into incremental test builds after the source has been released.
You don't have the final release yet, chillax and wait for, then you can complain to your hearts desire about what isn't included.
I'm on FRF85B. Still doesn't work.
The admnistration settings are correctly configured I assume?(both server side and phone side)
I have the device setup connecting to my Exchange server. I can get mail fine. It updates my calendar fine.
Within Exchange, the device is setup and seen.
But when a Remote Wipe is initiated, nothing happens. I can see the request being sent, but the phone never acknowledges it. I get the standard security error the next time I try to sync and I can't send or receive any new mail, but I still have access to all mail that has already been pushed to me.
Even though our policy says that a PIN is required, I've never been prompted for a PIN. (Although, I do have a security pattern setup, so I dunno how that affects anything.)
Inside the device's Location & Security settings, there is an option for Select Device Administrators, but it doesn't do anything.
I don't know of any other configuration or administration options.
You may have to do a factory reset and implement the administrator from first boot.
You probably can't gain admin access to a device after the device is set up. That'd be a huge sercurity flaw.
Here's what the option looks like, under Location & Security Settings:
Device Administration
Select device administrators
Add or remove device administrators
It doesn't sound like I'd have to wipe in order to add.
ive tried a remote wipe too, but it didnt work :/
Probaby time to get in touch with Google Support.
I posted a bug report and heard back from someone at Google, saying that my issue only exists if Exchange is allowing unprovisioned devices.
So I turned that off. Now I'm getting "This Exchange Activesync Server requires security features your phone does not support."
At least it's a different message.
Now the word I'm getting from Google is:
(via http://code.google.com/p/android/issues/detail?id=9426)
"That's probably the "correct" response, as we only support the basic (EAS 2.5) features in Froyo. So if your server requires, for example, password history or expiration, or complex characters, then it won't be provisionable in Froyo. Our goal is to provide more policy support in future versions, but for now we support - password (PIN/alpha), minimum characters, max. fails to wipe, inactivity timeout, and remote wipe."
So there you have... still no full ActiveSync support in Froyo.
Success!
The password recovery policy is what was causing the holdup.
I had to create a custom policy for Android devices that didn't include this and everything worked as designed.
The next time I attempted to sync I had to confirm the Email app as functioning with a Device Administrator (which explains the odd Location & Security/Select Device Administrators button that nobody really knew what it did.). After allowing that, a PIN was enforced and a remote wipe was successful.
The only concern was that I was able to go in and remove Email as functioning with a Device Administrator. This prevented me from sending or receiving any new mail, but any already-synchronized email remained visible and readable.
If you haven't seen giveawayoftheday.com before, it is a site where software manufacturers offer licensed full versions of their products for FREE. The only drawbacks are that the software must be activated within 24 hours from when it is posted and technical support and upgrades usually aren't included.
It can sometimes be a real turkey shoot as to what is being offered but more often than not it is some type of handy program for audio/video processing or system utility. It is definitely worth checking this site out for programs that will make working with the NC easier. Today's free program is Zentimo 1.4 USB/eSata drive management program.
As a side note: After program installation there will be a pop-up from giveawayoftheday with 2 check boxes. Carefully read the description before clicking to enable either one. I just hit finish because I don't wany any unecessary "features". People running Norton Inernet Security may run into a problem with SONAR preventing the installs. GOTD stated that NIS is detecting a false positive due to the manner of how their software activation system works. I simply disable SONAR during GOTD program installs if this happens.
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
proch said:
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
Click to expand...
Click to collapse
Another question would be - if something like intune can enforce lock screen password policies, shouldn't I be able to do it the same way that intune does it? If so, how? If not - why not?
It's not possible to check if user enabled lock screen password or not as far as I know
but if you want to made your app secure (because it may include important data)
you can create a password for your own application !
I did it in a little notepad app my password page allow user to set a password with all English and Persian Characters , numbers and special Chars like [email protected]#$ and etc.
Sent from my RM-994_eu_poland_1183 using Tapatalk
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
GoodDayToDie said:
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
Click to expand...
Click to collapse
Thanks for this great and detailed information. See, that's exactly what I'd do if I were developing a desktop app - since i know that intune does it, I'd figure out how intune does it and voila. I'm finally getting over the idea that the same methodologies apply to windows phone development.
For my own educational purposes (since I want to understand this platform better), I would really like to know specifically how you go about accessing the registry APIs (for example). If there's any way for you to describe any number of these methods, I'd greatly appreciate it. Thanks again!
My NativeAccess libraries (check my signature, or search on the forum or on Codeplex) contain an example of one way to access the registry. The code is open-source; you may use the libraries as-is (don't expect to get them into the store, though I won't stop you from trying), use the source code as a reference, or modify/build them yourself; the license is very liberal (MS Permissive). The functions I use are generally documented on MSDN, in the desktop APIs section; the phone has the same functions, although the DLL names are changed and the header files hide them.
Do you know SNOOPSNITCH?
SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map.
Source and more information can be found here:
https://opensource.srlabs.de/projects/snoopsnitch
The important part is now, that although the Note4 should be generally supported, it does not work!
See Compatible Device List here:
https://opensource.srlabs.de/projects/snoopsnitch/wiki/DeviceList
Something in our stock rom may be missing (the diag kernel driver?), or there may be any other problem!
What do you think?
Or does someone has it up and running?
I think this would be interesting for a lot of people, especially because "big brother" is spying on us more and more,
and if that is the case it would be handy to have at least the knowledge that this is happening! :angel:
worthless. it requires root and only works on snagdragons. it also doesnt detect fake basestations (they can just upload the data to gsmmap or spoof the gsmmap requests) and any baseband attacks will go completely undetected.
works now since latest update!
@zurkx: why do you think it isn't able to detect fake basestations?
because its relying on a 3rd party database. requests to which can also be spoofed. plus there are plenty of real "fake" basestations. basically everytime they roll out a mobile basestation for any event its not in the db and flagged as a fake.
now if there was an actual method of telling a real from a fake basestation that would be worth installing.
Pretty please port this over to all note 5s. You'll have panties over your head for months.:laugh:
i am concerned.
i love to root my device and remove bloatware. ya. samsung devices. full of junk.
i use titanium backup but it seems to have trouble with magisk because its systemless and not like supersu.
anyways, my concern is about custom roms that we download from these forums.
what are the odds of rom creators infecting "Keyloggers" in these roms? i mean these days we use Lastpass to enter in our master password which contains all our passwords for our emails and other sites.
as well as authy.
its just a question.
yes. i prefer a custom rom and favor it as opposed to samsung roms.
any feedback?
@cylent
It's absolutely possible from looking at the Android Accessibility APIs:
developer.android.com/guide/topics/ui/accessibility
But, from my knowledge and testing, the key logger would need EXPLICIT access to the 'Accessibility Services'.
(Options > Settings > Accessibility) + see the attached screen shot.
If you installed a custom ROM and saw an application listed here not explicitly defined in the release notes, ensure it isn't enabled. Next query the developer as to its purposes. It's possible that just because it shows here that it isn't necessarily malicious and might serve a greater purpose.
If you receive no response or a runaround, disable it under 'Accessibility' and find the corresponding name under 'Apps' and remove it.
For that matter, dump the ROM altogether and find another immediately. I'd like to think our savvy little community would pick up on this breach of trust ASAP.
For testing purposes, mine is called 'Android Keylogger' but a malicious user could (and likely would) call it something less threatening.
Hopes this helps!