Security of the Data Plans? - G1 Q&A, Help & Troubleshooting

Just curious, can someone hack your phone via your data connection? What security does one have?
I'm not concerned by it, but it was a question posed to me and I did not know the answer.

Do you mean if you are tethering your internet? The only way that I can see that happening is if you have wireless tether for root users. If you leave it open, they can access your data that way, and it could lead to potential security risks. However, that app also has a way to encrypt your settings and have it password protected, like any other router would. Through just data alone without tethering, I don't see how anyone would be able to access your phone any other way.

Yeah, the person was questioning buying stuff from a site using his phone, fearing that his info would be out there for someone to obtain. I assume all data via t mo is encrypted some how?

I'm not sure if there is encryption through tmobile, but if you are buying things from the phone, the website itself usually has the security for it, like it would if you buy it from your pc. I have bought things from my phone and have not had any problems with it.

Anyone else know about encryption with the data plans, if there is any?

s15274n said:
Anyone else know about encryption with the data plans, if there is any?
Click to expand...
Click to collapse
You should assume that there is NO ENCRYPTION on the carrier data network. Even if there was, it would only be over the air and switch back to unencrypted as soon as the signal hits land. Basically, your carrier CAN'T encrypt data once it leaves THEIR NETWORK.
Purchase security is delivered via encryption between your web browser and the web server to which you are connecting. This has nothing at all to do with your carrier.
You should NEVER send sensitive information like credit cards over unsecured HTTP. Only over HTTPS (or other guaranteed encrypted tunnel).
When you look in your browser's address bar and see "https://", you know that it is encrypted because "s" == "secure".
Also be sure that you only use https servers that YOU TRUST. The host could themselves screw up the security, so being encrypted is no absolute guarantee (i.e. that nobody has stolen the decryption key from the server or otherwise compromised the system).
In other words, stick with major vendors -- don't trust websites that have a Jolly Roger icon at the bottom of the page, etc.

^ okay, makes sense... so makes me ask then. My credit card is saved for buying apps in the market. I assume that is secure/encrypted obviously... but when I am literally SENDING my info via the the data plan is it possible for that to be obtained?
Probably my last question because I do not want to sound any more whiny than I have.... especially when I'm not the one asking the questions.

s15274n said:
^ okay, makes sense... so makes me ask then. My credit card is saved for buying apps in the market. I assume that is secure/encrypted obviously... but when I am literally SENDING my info via the the data plan is it possible for that to be obtained?
Probably my last question because I do not want to sound any more whiny than I have.... especially when I'm not the one asking the questions.
Click to expand...
Click to collapse
1) it is stored on google's servers, not your phone.
2) the market uses encryption.

Related

[Q] question for those who use activesync with exchange server.

Up until recently, the corporation I work for only authorized blackberry devices to sync with the exchange servers. They've just recently started allowing iPhones and certain android devices to do the same.
On the corp intranet page that deals with this it explains that once you setup activesync a phone lock passcode is required, screen timeout of less than 15min is required, and 5 incorrect passcode attempts, lost/stolen, or something like leaving the company will result in a wipe that will affect non work related data loss as well. The next sentence then says that if it can't be wiped remotely it is the employee's responsibility to do so.
I don't know if some of that wording is from the blackberry only days or what.
If I were to go ahead and get authorization for this, would setting up an activesync with the corporation exchange server really allow them to wipe my phone, including personal data? Would it really make my phone require a passcode and limit my screen timeout all by just syncing?
I just don't know what kind of control simply setting up an activesync account is really possible.
I hate using our web access bc it requires and id and 2 passwords and even though I can use lastpass to make that easier its still slow/inconvenient.
I don't want to ask IT about all this bc I don't want them to think I'm trying to get around the system or give me an incorrect answer (fortune 100 company, they deal with a lot and don't know everything about everything ).
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Jack_R1 said:
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Click to expand...
Click to collapse
I'm actually less concerned with wiping than I am with being forced (by that I mean them somehow enforcing my settings such that I can't make my screen timeout longer than 15min or have to use a passcode to come out of sleep). I've never lost a phone and am willing to deal with consequences of not having a damn unlock code. I just don't want my phone to be locked into particular settings. Hope that makes sense.

Tmobile blocking tether now. Anyone else?

I'm running chromatic and as of 3 this morning tmobile is blocking my tether. Has this happened to anyone else yet? They want to upsell me to add tethering for 15 more a month and it still has the 5gb cap (Total BS) The built in wired tether and pdanet both aren't working, don't know about wifi tether yet but I'm assuming its blocked too. I found some posts by some g2 users this has happened to. Any one else? I'm glad im paying $30 for "unlimited" data. Aholes.
Thanks!
Sent from my Chromatic Dream using XDA App
Wireless tether aka wifi tether for rooted phones from code.google.com should still work. I've seen other reports of such blocks with market programs.
Sent from my T-Mobile G2 using XDA App
They popped me last night. G1 rooted running wifi tether for root users and pdanet. This sucks REALLY bad.
im using tether now to be on xda and facebook. im in new mexico and the only message ive gotten from tmoblie was there were slowing my download speeds for hitting my cap with unlimited data plan lol.
I have a rooted G1, and I usually use wifi-tether or Barnacle. Tried PDANet as well.
I've received 8 text-messages from Tmobile regarding my tethering being blocked. Odd thing was, I was streaming pandora-radio on the phone during a long car drive (~5 hours) while these things beeped away at me. I had tethered earlier for a few minutes to check my gmail.
Later when I tried to tether to check my email, any http requests direct me to an upsell message. However, Remote-desktop still works, FTP still works, and most everything except plain webpages work. Tmobile is asking $15/mo for 200MB of data, with $0.10/MB overage charges ontop of your 10GB "unlimited" plan.
I'm unsure of how they detect tethering. It seems to be based off of bandwidth usage, as there's no way for them to discern whether this is phone traffic or laptop traffic. The other thing that could be a possible giveaway is the number of connections that are open. I'd imagine the laptop has a few things open for windows update, msn messenger and who knows what, whereas the phone has Browser and Lattitude.
Regardless, this is balls.
user agent string
If they are blocking web browser traffic, but not other TCP/IP services like FTP or remote desktop, there's a chance they are fingerprinting non-phone web requests by looking at the user agent string. An interesting test would be whether or not you're able to still make HTTPS-only requests with the web browser on your desktop or laptop. It would take some evil hackery for them to be able to retrieve the user agent string from an HTTPS request.
See 14.43 of the HTTP 1.1 spec for a description of the user agent string.
Got around it by setting up an openvpn on cyanogen 6.1.0. Even if im not using tethering, im still gonna use openvpn for my data traffic, as they are probably using deep packet inspection, which means we no longer have any privacy on tmobiles network.
Im thinking about changing the default port to 443 so as far as they are concerned, im just browsing ssl sites on my phone (port 443 is the default ssl port for web browsing and openvpn uses ssl for encryption).
If you use this method, just be sure to reset you dns to to googles (8.8.8.8) otherwise they can still tell whether or not your tethering based on my experience.
Im seriously considering switching to sprint as i would actually be willing to pay for their tethering, i get 4g in my area and i have a lot of respect for sprint for not capping their 4g.
Maybe if tmobile offered more bandwidth or other features for their 15 bucks a month I would actually be willing to pay for it, but i AM NOT paying for data that I allready paid for. Data is data to them, my cap isnt changing, why should i pay more to pipe my data to my computer.
Correct me if I'm wrong but tethering for $15 essentially removes the 5gb throttled cap. Its the same as Sprint and their $10 fee. The 200mb plan is just a lower tier.
Sent from my T-Mobile G2 using XDA App
JustinTArthur said:
An interesting test would be whether or not you're able to still make HTTPS-only requests with the web browser on your desktop or laptop. It would take some evil hackery for them to be able to retrieve the user agent string from an HTTPS request.
Click to expand...
Click to collapse
Https to mail.google.com works just fine!
funkeee said:
Correct me if I'm wrong but tethering for $15 essentially removes the 5gb throttled cap. Its the same as Sprint and their $10 fee. The 200mb plan is just a lower tier.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
last time I was working the tmobile call-center for T3DS (spring 2010), the cap was 10GB. Although, that was nearly a year ago now. Samson had a lil' checkbox for "throttled" that was enabled at 10GB. perhaps a year and a half ago, maybe two now, they had disabled tethering previousy system-wide. Although back then I had a Motorola Krzr with no data, so I really had no clue what was affected.
The $15 thing is to enable tethering. two days ago it was offering me something around 40-50 dollars for "unlimited" (atop the $30 i pay for unlimited data), and $15 for 200MB (atop of the $30 i play for unlimited data). Of course, you must have a data-plan already in place. Looking at it again today, the page is different. It presents me with a mini terms of service, a button to add this package to my plan to enable tethering. No mention or word of cost.
And, visiting my.tmobile.com like it suggests... there's nothing on the official Tmobile website that I can find for the tethering package.
So, being the typical t-mo customer that I am, I called up the 1-800 number to whine and complain. I mostly want these annoying text-messages to stop. The rep said he could add on the tethering package for me, but I declined. He also offered to hand this over to his buisness group to see if these messages are being sent out in error.
TLDR: If I have to pay $85/mo minimum for smartphone with tethering abilities, i'd rather just give Verizon a call.
starnostar said:
Got around it by setting up an openvpn on cyanogen 6.1.0. Even if im not using tethering, im still gonna use openvpn for my data traffic, as they are probably using deep packet inspection, which means we no longer have any privacy on tmobiles network.
Im thinking about changing the default port to 443 so as far as they are concerned, im just browsing ssl sites on my phone (port 443 is the default ssl port for web browsing and openvpn uses ssl for encryption).
If you use this method, just be sure to reset you dns to to googles (8.8.8.8) otherwise they can still tell whether or not your tethering based on my experience.
Im seriously considering switching to sprint as i would actually be willing to pay for their tethering, i get 4g in my area and i have a lot of respect for sprint for not capping their 4g.
Maybe if tmobile offered more bandwidth or other features for their 15 bucks a month I would actually be willing to pay for it, but i AM NOT paying for data that I allready paid for. Data is data to them, my cap isnt changing, why should i pay more to pipe my data to my computer.
Click to expand...
Click to collapse
I've never successfully set up openvpn before, could you assist with this? Or is there a guide you recommend for beginners?
work around
was cut off last night.
tried the "user agent switcher" plugin for firefox to see if they are blocking browsers rather than the tethering itself.
With limited testing, i found several agents that work. iphone 3.0 to name one... Now to figure a way to keep the web looking nice using these agents.
I just received my first text warning and was cut off immediately....the 5gig throttle was already a huge kick to my nuts...now they want me to pay to tether and still be under the same cap?! I hit 5gigs WITHOUT tether...I really don't know how tmo expects to keep any smartphone customers like this...
Sent from my T-Mobile G2 using XDA App
The solution to this is very easy;
EVERYBODY needs to call up tmobile and tell them that you were NOT tethering, but changed the USER AGENT ON YOUR PHONE in order to make websites actually work since douchebag websites read that the user agent is for MOBILE and send you to their crippled mobile websites.
dhkr123 said:
The solution to this is very easy;
EVERYBODY needs to call up tmobile and tell them that you were NOT tethering, but changed the USER AGENT ON YOUR PHONE in order to make websites actually work since douchebag websites read that the user agent is for MOBILE and send you to their crippled mobile websites.
Click to expand...
Click to collapse
Well... You can call them all you like. Previously working for a tmobile call-center, I can assure you little will be done. If I received the call, I would be opening up samson and checking your usage history. The billing system logs just about every bit of data transfered, although I cant remember if it lists URL's anymore. I would suggest telling them that you were tethering, decline on the upsell offer of the tethering package because you feel your "unlimited data" package actually means unlimited, then you can also tell them that it is interfering with the phones operation by itself even when you arnt tethering, and request some sort of further troubleshooting/ticket creation.
If you say you arnt tethering, but DID tether, we could usually see judging by how many connections were initiated over a period of time... There's only so much an android phone can do at once. Regardless, as a data/tech rep, the next step would be filing a network trouble-ticket and putting in your information for an "engineer" to review over. Theres little (if not nothing) for the follow-up/callback process. At this point I would be telling you an engineer/tech would review over it, and try to end the call by up-selling you a newer phone.
TLDR: Unless things have changed in the past year, You will only talk to customer-care rep's, and have no chance of getting your concerns to those who have any power over these decisions. However if you do call in, please be polite and patient with the rep. I've called in and informed them that these are being erroneously generated, and they've taken the time to make a ticket for me. (they were, I got 8 of the damned things while listening to pandora on my phone)
hauppage said:
Well... You can call them all you like. Previously working for a tmobile call-center, I can assure you little will be done.
Click to expand...
Click to collapse
Not for a single call, but if EVERYBODY called and complained about it, it WOULD be dealt with.
If I received the call, I would be opening up samson and checking your usage history. The billing system logs just about every bit of data transfered, although I cant remember if it lists URL's anymore.
Click to expand...
Click to collapse
Go ahead and check the usage history. A smartphone is capable of generating EXACTLY the same data use as a tethered computer.
I would suggest telling them that you were tethering, decline on the upsell offer of the tethering package because you feel your "unlimited data" package actually means unlimited, then you can also tell them that it is interfering with the phones operation by itself even when you arnt tethering, and request some sort of further troubleshooting/ticket creation.
Click to expand...
Click to collapse
And that is EXACTLY what you do NOT want to do, because as soon as you do that, all discussion is over.
If you say you arnt tethering, but DID tether, we could usually see judging by how many connections were initiated over a period of time...
Click to expand...
Click to collapse
That might have been the case in years gone by, but no longer.
There's only so much an android phone can do at once.
Click to expand...
Click to collapse
Huh? The limiting factor here is the NETWORK, not the hardware. It is TRIVIAL to open up dozens of connections for lots of different services on lots of different servers. Just because it is beyond YOU does not mean that **I** can't do it.
Regardless, as a data/tech rep, the next step would be filing a network trouble-ticket and putting in your information for an "engineer" to review over. Theres little (if not nothing) for the follow-up/callback process. At this point I would be telling you an engineer/tech would review over it, and try to end the call by up-selling you a newer phone.
Click to expand...
Click to collapse
And once that request has been filed, you don't think that statistics will be run on the nature of the various requests? 200 thousand complaints about this nonsense knocking out normal phone data traffic, you don't think that would be noticed?
TLDR: Unless things have changed in the past year, You will only talk to customer-care rep's, and have no chance of getting your concerns to those who have any power over these decisions. However if you do call in, please be polite and patient with the rep. I've called in and informed them that these are being erroneously generated, and they've taken the time to make a ticket for me. (they were, I got 8 of the damned things while listening to pandora on my phone)
Click to expand...
Click to collapse
As I've said, numbers talk. I certainly don't advocate calling up and threatening anyone, but if the numbers are overwhelming, then corrective actions MUST be taken.
Please look at my post regarding T-mobile tethering
[/COLOR]I'm pretty sure I know what T-Mobile did.
http://forum.xda-developers.com/showthread.php?p=26649587#post26649587

[Q] Airport Security Apps?

Good day all,
With all the hubub about airport security screening your phone I'm interested in an 'airport app'. Namely, as opposed to full encryption (meh good if needed, but I don't really want to trade battery life for security) or the hassle of backing up an image, flashing a virgin phone image for travel, and then restoring the image after travel..
Why not create a 'sandbox' app of sorts. Start it, it simulates virgin or near virgin status, have an advanced unlock sequence to close it. The only issue, I see, would be if the phone was restarted while in 'airport mode' could it be triggered to restart in said mode.
After typing out my whole idea, I'm thinking the backup and flash of virgin rom might be a lot simpler. But I'm interested if any other world travelers, or US travelers would be interested in something like this.
So I guess the question is, anyone else thought about this, anyone know of something similar out already? Anyone want to develop something like this?
~HattZ
Screening in X-rays? What does it have to do with anything?
Or some other screening (don't believe it's technically possible - too many phones)? Can you point to your info source?
I don't understand the point of this, it is not like they take your phone and play with it when you go through security. In fact, mine has never been removed from my carry on when passing through security.
Maybe you have some evidence to support your theory that our phones data is at risk when passing through security checkpoints... but I doubt it.
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
pconwell said:
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
Click to expand...
Click to collapse
Sorry, wrong answer, it is the US, most national travel is not submitted to this type of search. All international (incoming) travel can be.
Lots of interesting talk on it: http://yro.slashdot.org/story/10/11...r-Moxie-Marlinspikes-Laptop-Cellphones-Seized
Legal explanation: http://caselaw.lp.findlaw.com/data/constitution/amendment04/04.html
pertinent excerpt: "Border Searches .--''That searches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border, should, by now, require no extended demonstration.'' 87 Authorized by the First Congress, 88 the customs search in these circumstances requires no warrant, no probable cause, not even the showing of some degree of suspicion that accompanies even investigatory stops."
A google search for "international travel us border checking laptops and phones" give about a million other examples, I'll throw a few below.
from Feb 12, 2008 (this isn't a new phenomenon, just getting more press)
http://www.pcworld.com/article/142429/five_things_to_know_about_us_border_laptop_searches.html
from 21 September 2009
http://www.mondaq.com/unitedstates/article.asp?articleid=86010
Don't like it? neither do I.
http://www.aclunc.org/issues/technology/blog/checking_your_privacy_at_the_border.shtml
ACLU excerpt (it's liberal, and slanted but a valid presentation of the worst case scenario): "Originally announced in July 2008, the current policy permits border agents to search electronic devices “absent individualized suspicion.” Agents may hold on to devices “for a reasonable period of time” to “review and analyze information.” In other words, border agents are legally able to take travelers’ information whenever they want at security checkpoints at airports or along the border, and hold on to it for as they long as they want. Agents may also copy information and send it off-site to be analyzed. The policy applies to all electronic devices, including computers, disks, hard drives, cell phones and cameras. Travelers have to be concerned about more than the possibility of security agents rifling through their belongings. Their private data might be compromised, erased, or kept indefinitely, and they don’t know how that data might be used."
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
MaximReapage said:
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
Click to expand...
Click to collapse
Yeah, sorta realized that or something similar would be the most efficient. I'm thinking even a step lazier, nandroid backup to SD, restore a stock rom / clear sim card, remove SD, maybe even backup to laptop (truecrypt FDE - custom error message at boot saying master boot record is corrupt)
walk out of security, pop in SD, start nandroid restore...
sigh.. a sandbox app would be sorta fun though.
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Definitely keep a copy of it on your computer at home, though.
airplanemode anyone?
Or turn of your phone.
I know what will make it a quick transition through airport security when flying international..
Put some heavy encryption on my phone, obfuscate my data, and then pass it off with a flimsy cover program to make it look like there is nothing there. That way if they do find it, it's GITMO TIME.
Jack_R1 said:
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Click to expand...
Click to collapse
meh, at the lower tier of airport security a custom boot message from a full disk encrypted truecrypt volume. "please insert windows disk" "cannot find master boot record" or similar.. and a sob story about how your laptop stopped working on vacation and when you get home you have a friend that you hope can fix it..
gets by most, it's not NSA at every checkpoint. it's just over min wage, uneducated, folks..
so backing it up to laptop, and tossing micro SD card in the bottom of a bag or in a jacket pocket.. will work just fine.

[Q]about wifi packet sniffing and skype

So apparently, I can't bring my laptop everywhere to get my thing done, but I had a thought of referring that to my phone. I find any trusted app/script to get the packets to cap file that would sit down in my sd card for further use. I'm not some evil mastermind that would go stealing anything(don't need anything now dough) This is purely for learning since I'm still learning about IT but trying to get ahead and since android is something that I'm still not sure of how it works.
And my other question: How can I get video calling on skype? I'm assuming it should work with GindgerDX but it doesn't.
Bahurs1 said:
So apparently, I can't bring my laptop everywhere to get my thing done, but I had a thought of referring that to my phone. I find any trusted app/script to get the packets to cap file that would sit down in my sd card for further use. I'm not some evil mastermind that would go stealing anything(don't need anything now dough) This is purely for learning since I'm still learning about IT but trying to get ahead and since android is something that I'm still not sure of how it works.
Click to expand...
Click to collapse
The question is ... why would you want to run a packet capture? The payload data in the packets is encrypted anyway - so there's no real way to (assuming evil intentions) crack down on the convos of other users being in the same WLAN/LAN segment. If you're worried about Man-in-the-middle attacks take my word that it won't work. If you wiretap a Skype<->Skype chat/call via a man-in-the-middle attack the connection would fail as Skype would recognize that the end-to-end encryption is borked.
Anyhow, whatever your idea is ... Google for "Pixie" ... that's a network sniffer for Android, and the only one I happen to know (as real men use tcpdump or Wireshark for network analysis anyway).
Bahurs1 said:
And my other question: How can I get video calling on skype? I'm assuming it should work with GindgerDX but it doesn't.
Click to expand...
Click to collapse
No. Skype Video only works on a selected range of devices (read up on the description in the Market) having a FRONT camera (a camera that's facing you and not a camera that's at the back of your device facing away from you).
Look around on XDA/Google (in other words: SEARCH!) and you will find out that there's a hacked version that has Video enabled for some additional devices, though I don't know if that would support the back camera of the W8/X8.
Yeah I'm kinnda sorry for the dumb question about skype cause I just always forget to look it up when I sit down on the web.
As for the sniffer thing. I dont know who would ever need to investigate packets affcourse I need to get the password. The sicuation is hard to explain, but lets say I need to prove that 14digs of just numbers is a stupid idea for long range wifi access password.
I cant get my laptop there so I need an alternative to get some packets and then easily get the password at home and as I sayed I'm not a genius in IT but I know how to use some of the features that backtrack provides.

Malicious Software Removal Help

So need a little help. I have an identified attacker on my phone who has injected spyware which is actively listening to all conversations, reading messages in real time, has access to all apps and full access to the phone. Essentially its an illegal wire tap thats able to view and listen to what i am doing. My question is this, can i clone my phone with all the data on to a thumb drive? Reason i have to turn over the phone to the local police for forensic examination and id rather just give a copy then my personal phone. 2. Is there a way to isolate the program to stop the massive leak without totally wiping my phone? Thanks for your help, I know this is an odd question and a little off the norm any help is deeply appreciated.
Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!
blackhawk said:
Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!
Click to expand...
Click to collapse
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone
Kjharahuc said:
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone
Click to expand...
Click to collapse
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.
blackhawk said:
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.
Click to expand...
Click to collapse
absolutly 100% agree, i cannot use the twrp backup since the phone has another user on it. I get an error due to the inability to decrypt the data. So im hoping imiging the phone over to a SSD that i can then turn into the police will be effective enough. I was able to identify several folders that are not mine or have anything to do with the apps on my phone so they should be able to do the same. To bad there isnt a way to tunnel back through and gain access on the other side of the leak.
The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.
blackhawk said:
The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.
Click to expand...
Click to collapse
Im just waiting for the SSD to arrive to transfer all the data the accounts have already been secured on another device
Don't transfer to another Android platform...
Verify the data is readable and all there.
I've wiped the os a total of 6 times and putting the phone into hard brick once it still is leaking and I can't stop it

Categories

Resources