Is there an application that can password protect certain apps that I choose?
And please do not say Kids Corner as it does not do what I am asking.
It's probably possible (though far from easy), but I'd actually be more inclined to help if you hadn't opened a duplicate thread about this.
Only made second thread about this to attract some attention, 7 months passed since that guy opened his thread and nobody could give a good answer.
To me it's weird that nobody tried to make an app like this still, it would be very popular and help users very much.
Anyways, thank you for replying.
Really, just bumping the other thread was enough, but since we're here anyhow... my idea for how to approach it (and this would take a *lot* of hacking) goes something like this:
1. Create an app (call it X) that has the capability to launch other apps, and filesystem write access.
2. Have X take another app (call it Y) and encrypt its binaries. This prevents anybody from launching it by any means.
3. Tweak the app database to make it so that when you try to launch Y, it instead launches X and passes the id of Y as a parameter to the launcher.
4. X prompts the user for a password to Y. On getting the right one, it decrypts Y's binaries and writes them back to the correct location, then launches Y.
5. When the user (or OS) closes Y, a background process of X notes that Y is closed and re-encrypts it.
Currently we know how to do... well, some of #1, and we think the rest is possible. Given that, #2 isn't too hard. #3 is something I don't have the least notion how to do *right now* but I'm sure it's possible. #4 shouldn't be too hard given #1 and #2. #5 will be a trick - currently, apps have no way to know what other apps are running - but I'm sure it can be done.
It's a large engineering problem blocked by an even bigger research and hacking problem, though. Nothing we'll have soon. You'd never be able to publish it in the store, either, and it would only work for people with hacked phones. It's exactly the kind of *useful* thing that would be possible if Microsoft were willing to let up the restrictions on third-party developers a bit, of course, But for the time being, there are *reasons* nobody has done it yet.
Well the word that I actually was thinking after reading your post was "crap".
It seems only with time (and a whole [email protected]#$ing lot of it) will wp become a true competitor to android, but to be honest I don't think it will come to that.
Thanks for replying GoodDayToDie, I'm freakin' sad that there is no app that can suit my needs, I even tried with kids corner but the screen still needs the password entered like the normal one. Nothing really can make up for what I have in mind.
Cheers mate.
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
tfBullet said:
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
Click to expand...
Click to collapse
You're right tfBullet! I need it for whatsapp, photos, message and games app, mostly to prevent from friends but gf too.
I was thinking it might be possible to mod an app and add password before it can be accessed, although I have no experience in this domain. Many apps in store have this function, like wallet or prive photo apps.
My phone is dev-unlocked as I started a few days ago to study and try to create a simple app for me and my friends.
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running. The encryption thing really isn't too hard, although you could skip it anyhow too.
If there was a way to run a program in the background that monitors when certain apps are selected and then prompts when its activated would work, but it would need an unlocked phone. And even under home brew I don't know if its possible to run apps in the background. Yet.
Sent from my Nokia 521 using XDA Windows Phone 8 App
The encryption thing really isn't too hard
Yea, but that's a little extreme. If you can create that password program that runs in the background you could probably have it watch files, apps or pretty much anything. You'd have to password protect the cofig file. And maybe if you can't remember the password after so many attempts you can have the program email the passwords to your email. Just some ideas.
Sent from my Nokia 521 using XDA Windows Phone 8 App
Running software in the background is actually shockingly easy. The trick is getting it to run with better-than-app-sandbox privileges. We're still working on that one. In the meantime, apps can't even read, much less write, to the install location of other apps.
GoodDayToDie said:
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running.
Click to expand...
Click to collapse
@GoodDayToDie: actually these .NET apps are pretty easy to decompile, if you're willing to fix the bugs that the decompiler leaves you with...
so there is not really a need for a valid signature, if you're able to compile & sideload the app yourself
the only thing is: you need the decrypted XAP, as far as i know these get decrypted while installation and can be pulled from a interop unlocked device?!
It would be nice to get my fingers on some OEM (Nokia etc..) XAPs, to see if we can find any exploit in them
I know better than probably 95% of this forum what it takes to decompile managed code; I have reverse engineered huge numbers of apps. However, you are missing several important points.
1) Modifications like you suggest are very complicated to automate. It's certainly possible, but it's not simple.
2) Re-installing the app would be a pain. You would really want to do this as an in-place modification, and that means (for store apps) that it would still be signature-checked.
3) Not all apps are managed code; WP8 supports purely native code.
4) Even with managed code, obfuscation can make tinkering with the binary nigh-impossible.
It's just so incredibly stupid that WP is so limited. I know it's under Android big time, but I think even iOS more customizable, right?
Also, is there a message app in the store that has pass option? I searched but found nothing...
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
GoodDayToDie said:
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
Click to expand...
Click to collapse
But with the jailbreak and MobileSubstrate, iOS is extremely customizable, and there are tons of tweaks, that's where Apple gets its new features from
Back to topic, I think the OP would be happy with a solution that locks the "normal" user of his phone out of some apps, so it wouldn't be necessary to modify anything of it, just making the standard launcher (I don't know how it's called, but I mean when you launch the app via home screen or with a toast) ask for a password should be enough.
Related
Well been doing alot of study lately and it seems ALOT of apps on the market that are full versions and are "free" seem to have ad sponsored elements in them. Sending your GPS data to whoever or other various things. Now while if the dev mentions on the description that their "Paid" version is ad free. Least its up front and honest about it. However alot of Apps I found out hide this info it seems. Is this going to be the new "Kazaa" on the G1? Back when Kazaa came out, is when the influx of "Spyware" was increasing. Im worried is this happening to the G1 now? While I can understand devs choosing this to make their app free and gain from it a lil. Whats to say other devs wont use this for other intentions that may have some negative impact?
Just wondering tho.. for modded G1s. Is there some sorta firewall app or so yet that might be useful? Anyways just thought I would post for discussion case I am worried over nothing.
Install AdFree from the Market.
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Mysticales said:
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Click to expand...
Click to collapse
A little paranoia is a healthy thing, too much is bad, but these ads collect all sorts of location information to profile you and provide relevent advertising, but who knows what else happens with the data etc etc etc
PS you need root access on your phone to use AdFree
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account? Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS.. not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Mysticales said:
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Click to expand...
Click to collapse
You can use your own hosts file on your own phone, AdFree just automates the process, if you look at this thread it started off describing how to do things manually.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account?
Click to expand...
Click to collapse
Possibly, I haven't looked into accessing the google credentials from the android APIs so I don't know for certain, might be a private API google only shares with it's own apps, that doesn't mean someone won't figure out how to access them however.
Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS..
Click to expand...
Click to collapse
When you install an app there is a screen displayed of the permissions the apps ask for, read/write contacts, calendars etc will all be displayed, you should be able to see the permissions an app will have access to after it's installed as well from memory.
not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Click to expand...
Click to collapse
You should be more worried what google will do with all the info it collects to be honest, but that's another issue altogether.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Click to expand...
Click to collapse
You are prompted during install as to what the app will be able to access, google leaves it up to you to accept it or not.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Click to expand...
Click to collapse
Depends how the tethered setup gets DNS info, if it uses the information from the hosts file then yes, but this is dependent on what the tether setup does.
Mysticales said:
Its like a new gateway has been opened.
Click to expand...
Click to collapse
Only if you never bothered reading the permissions requests when installing an app. They clearly describe what permissions an app wants to use and you can cancel the installation if you feel you don't want to give an app the right to access your personal info. So if you install a game that says it wants access to your Google Account info (which would include your email and thus all your associated google services) then you have only yourself to blame if the dev sends you a ton of spam or sells your email address.
Bottom line is read the permissions requested carefully and decide whether you trust the company/entity that created the app before installing it. Also, i'd be very wary installing any root apps, since root apps by their very nature can operate outside of dalvik sandbox and do practically anything they want to your system. I'm only running two root apps right now: Market Enabler and Wifi Tether. They are both open source.
Well of course I read the permissions thing. However still I would still wonder about things.
Mysticales said:
Well of course I read the permissions thing. However still I would still wonder about things.
Click to expand...
Click to collapse
Google actually closed up some of the loop holes that apps were using on Android 1.0/1.1 to enable wifi etc.
jashsu said:
They are both open source.
Click to expand...
Click to collapse
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Its not anything malicious and you can easily see the permissions when installing.
People all like free apps instead of paying a few dollars, but when an ad is added people try to get rid of it... Havent you all ever wondered why the ads are there? Just like on a forum as the one you are on right now? Right they generate at least a little bit of money for a dev that doesnt want to charge the users directly by letting them pay, but spends almost all his free time to keep apps updated, write new once and answering questions.
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
delta_foxtrot2 said:
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Click to expand...
Click to collapse
It's not difficult to get the code from svn and compile it. Pretty effortless.
rogro82 said:
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
Click to expand...
Click to collapse
Many people don't like to view ads on their computers, let alone their mobile phone. Thus if people can block the ads easily, they will. Content producers and software developers will simply have to find a new business model to pursue. Maybe that's a free/premium differentiation model or maybe its microtransactions. That or they will have to deal with a percentage of their userbase blocking ads.
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Now again, I said I understand why they are there for free apps. Its just that as a user myself.. I like to know Im protected from potential hazards. Also alot of devs like to make something hot to use on later resumes and projects. Ive worked with alot of devs in my time start with nothing and grow to get bigger jobs in RL cause of the project. =)
jashsu said:
It's not difficult to get the code from svn and compile it. Pretty effortless.
Click to expand...
Click to collapse
I didn't say it was hard to get or compile it, but auditing the code to make sure nothing malicious is going on can be very difficult at times. There is a code obfustication competition each year and it's extrodinary what some can do and you'd never know unless it was pointed out to you.
Mysticales said:
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Click to expand...
Click to collapse
It's not just "issues" too many ads tick a certain segment of the population off to the point that they go to these lengths to get rid of them.
This is of course before you factor in this segment of the population are usually the least to click on ads, usually for ethical/moral reasons, so them getting rid of ads is usually no big loss.
Last time I checked AdFree was downloaded less than 5,000 times, now compare this to a speedometer app I made which anyone can run and it's been downloaded over 10,000 times I highly doubt any dev relying on ads will actually loose out by the people that can and are blocking them.
rogro82 said:
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Click to expand...
Click to collapse
The meta data that can be gleened from this sort of advertising can have all sorts of flow on effects and unintended consequences.
I see the world and potential pitfalls in things differently than others, I don't know why, but the more data collected the worst things can be.
If you are interested in what country they are from/in just pull the country code from the SIM card, why narrow it down to within a few metres?
Well since I have been using Adfree. Let me say this. My G1 seems to be running faster! I dont get as many force close/wait errors. Certain apps like atrackdog for one RUN faster. I mean without the ads running, it seems my apps speed through their task and do what they are supposed to. Kinda interesting note oddly.
Also lets say a app you know would be using GPS to locate you on a map. Thus triggering "Give app permission to use your GPS" which you know why it needs it. But does the app also tell you that it uses the GPS for Ads? So I dont always trust what it says when it comes to permissions as it doesnt mean in the underline that its not using the same permission to do other things. Would be nice if the G1 had a notice that the app uses Ad support.
Linux is a wonderful and powerful operating system that can do just about anything you can possibly dream of.
First, the hosts file hack is a piece of crap since all it does is it points potentially malicious domain names back to self. It doesn't take into account connections that are ip address based... those will still go through and there is nothing that can be put in the hosts file to stop that.
iptables on the other hand.... included in 1.0 and 1.1, and several custom 1.5's, can do many strong things; block by ip address (including if it tries to lookup by dns), block by port, *BLOCK BY USER ID*.
The latter is particularly interesting since each program installed on android is assigned its own userid. That means that with the correct iptables rule, you can block all network traffic for THAT PARTICULAR PROGRAM. Or you can blacklist/whitelist servers for that program, etc.
http://www.cyberciti.biz/tips/block...ingle-user-from-my-server-using-iptables.html
http://www.cyberciti.biz/tips/linux...ng-access-to-selectedspecific-ip-address.html
For example, when I issue this command:
iptables -A OUTPUT -o tiwlan0 -m owner --uid-owner 10017 -j DROP
My browser is no longer able to connect (since it is uid=10017) using wifi (tiwlan0 is wifi). Note: leave out the entire "-o tiwlan0" argument and it should block all outgoing on all devices for that userid.
To find the userid for a particular program, do "ls -l /data/data/program'sdatadirectory"
So on JF 1.51 is this ability already there? Yea I know Linux is great for iptables. Always is, even in routers hehe.
If its not in there already, Debian, how well does that work on the G1?
Hi everybody, I would like to make a list of those features that lacks on windows phone, even if we are only at very early stages, maybe with the arrive of unlocks some of them could be added, in future..If you have any suggestions I can edit the list
P.S. I consider the GDR3 improvements alredy achieved (like a decent task manager, FM radio..)
-A FILE MANAGER
(yeah, I know that on the market already exists something, but they are definetly FAR from a real file manager. Anyway nokia/microsoft said that in the next months would come out http://www.tuttowindowsphone.net/wp-content/uploads/2013/08/nokia-lumia-file-manager.jpg , we will see..)
-FLASH PLAYER
(on windows RT exists and works, as in future the WP8 kernel would be almost the same of WinRT, probably we will se it..or at least I hope so)
-LIVE TILE TOOGLE
(Right now we have only shortcuts to settings, would be more useful if the live tile would act directly as a toogle. Maybe someone will give it an attempt :fingers-crossed: )
-A NOTIFICATION LED
(some phones does have the windows logo acting as a led, BUT it works only to notify some battery status (a bit useless..). If it should be used as a proper notification led would be amazing..or at least the camera flashlight could be used for that (ok, this is a desperate suggestion LoL)
-COSTUMIZABLE RINGTONES AND ALERTS RELATED TO THE APP
(A different sound for whatsapp, sms and e-mail. I personally use the phone at 90% in vibration/silent mode, But I know that it could be useful)
-A CUSTOMIZABLE LOCKSCREEN
(I mean lock-patterns and some other useful features..I mean, windows phone 8 lockscreen can be used better, you know..)
-A QUICK WAY TO MANUALLY ADJUST SCREEN BRIGHTNESS
Sometimes the Authomatic sensors don't work well and is necessary to switch the brightness manually.
-A BETTER PUSH NOTIFICATIONS MANAGEMENT (thank's to @Life'sGood for reporting and to @GoodDayToDie for explainations)
Sometimes are delayed
This really belongs in General; it is neither a question (or answer) nor related to troubleshooting.
With that said...
The only thing really standing in the way of an on-device file browser is the need for somebody to write it, but that doesn't mean it'll be worth much to do so right now; until I or somebody else gets more permissions working (ideally, all of them), the amount of the file system which is readable (never mind writable) is extremely small from an app's perspective. To get an idea of what I mean, take a look at my Webserver Native Access app - the all-capabilities version, if you have a Samsung phone - and see for yourself just how little of the system is accessible.
Even completely leaving aside the permissions issue (ha!), Flash player support is somewhat unlikely. First of all, it struggles a little even on the Surface RT, which has nearly twice the CPU power of any WP8 model right now (GDR3 opens the path for quad-core WP devices, but they aren't here yet). Second, the kernel may be the same but the user-space libraries are not; a lot of system components that Flashplayer depends on are probably missing from WP8.
Believe me, such toggles have been attempted, and they will go on being attempted. It'll happen eventually...
Some phones actually have a notification LED, even. There are (unofficial) APIs that could probably be used to control it, too... I wouldn't hold your breath on this one, though. In any case, you won't get colors unless there's actual multiple color elements there to work with; the best you could di is different flash/fade patterns.
Update 3 (GDR3) brings some additional controls over notifications. However, I believe you're right that they still don't offer per-app sounds (though you can set the sound for apps, as a class, I think).
Lock patterns are pretty darn weak and easy to break, but in general I agree with the concept of having more control over the lock screen, and additional features.
Not a problem that I've had, but I can see how it could be. This probably falls under the toggle tiles request, actually; have the ability to create tiles that increase or decrese the brightness.
Sorry for the bad section, I was looking at the same moment at general section and at Q&A and I chose the wrong browser tab, my fault (don't know how to change section)
Anyway thank you for the reply I think that the main problem for indipendent developers is time, because every 18 months windows stops the support on the actual OS and switches to another new (WP8 support is planned to be killed in july 2014, after that it will be an update to extend "phone life" of 6 months, in total: 2 years). After that date will come out another OS but nobody knows if it will be "similar" to WP8 or something totally different (probably the latter option)..and everything probably would start from the scratch. I think that all the OSs producers are making BIG efforts to make you change phones after exately two years LoL
P.S. When I talk about brightness control, I can't figure out how a live tile could directly make it (swiping on it?), it can only turn on/off. My idea was that could be useful something like a swipe on the status bar on the top of the screen, like cyanogenmod does (I don't want to compare android to windows because they are totally a different concept, so I generally don't want to mention functions present in other OSs that could be ported, IMHO it's quite useless thinking in this way.) but I suppose that this is quite impossible on a programmative side :s
You'd have two (small) tiles for brightness control, one to increase and the other to decrease. It would be a little messy and would need to go in significant steps, but it's possible.
I think it's not a bad idea I've just found out that on offical WP8 site exists a section dedicated at suggestions about features to add to windows phone, and many pepole voted on that site..but Microsoft NEVER listened to them LoL probably the task manager improvement in GDR3 will be the first feature accepted by Microsoft from that lists. Anyway the requests on the officiale site are quite the same on my post (file manager is STRONGLY requested)..nobody is asking for flash player or for led notification (quite strange IMHO but that's it).
P.s. any idea about how to reach bootloader (I'm talking about ativ s)? I suppose that with a simple boot is impossible, even pressing a combination of buttons will not work..
There have been multiple items implemented from uservoice, although the custom SMS tones and application closing are certainly notable for having been long-requested and taking until now to be provided.
No idea on the bootloader. I haven't been looking for it in particular, though; not my area of interest.
Technically, you can implement a media stream source to support flash (i believe there is one already on the interwebz).
However, flash is really not meant for mobile devices (which is why very few mobile OSes support flash out of the box), because it wasn't intended to be used on devices with such low computing power. So even if you were to have a flash player, you wouldn't be able to do much with it until your battery drops dead or your phone starts turning into plastic(or aluminum in some cases) soup.
There is also an increasing abuse of flash advertisement all over the internet (which is bad from many points of view), which hurt mobile internet browsing quite a lot on devices with flash support. I just wish google & adobe would stop supporting this dark ages format and move on to HTML 5
Yeah but..just to make a famous example, look at youtube. Many videos are locked down for mobile devices. Combining a flash player and a browser that supports desktop as user agent, you can go beyond this limit. Ok, the result is that it works quite bad, but at least it works..
gigsaw said:
Yeah but..just to make a famous example, look at youtube. Many videos are locked down for mobile devices. Combining a flash player and a browser that supports desktop as user agent, you can go beyond this limit. Ok, the result is that it works quite bad, but at least it works..
Click to expand...
Click to collapse
I don't think that the format (flash) is the problem here, you can always watch these videos with an unofficial app, like Metrotube or Tunetube. And I doubt they use some kind of flash player, it's just not allowed on mobile devices by the uploader/youtube I think.
To the OP, what do you mean with "features that lacks in Windows phone 8", something MS should fix or hackers should provide as features? Because a file manager would completely be against windows phone's locked OS, every app is sandboxed and can't access other app's storage, which has its reasons for security. A file manager will never be possible, except for th case they change the whole OS. On iOS, it's pretty much the same, and with a jailbreak you get a file manager (if you want to). And you can brick the whole system, can make apps crash or even modify them, which would cause a lot of trouble for Microsoft.
I have to try those unofficial apps, I've never considered to use them Regarding the lacking of features I mean that with a system well locked down like WP8 is, I think that microsoft should put more effort to provide some features that nowdays are considered basic (you know, a notification led is useful and doesn't require any particular effort from microsoft or manufacters. Even (real) toogglers are essential but they are not in here..don't know why ) Of course I understand that not all the features can be provided by microsoft due to security reasons, and here comes developers' work
P.S. regarding file manager I suppose that, if it will would ever come out, would have been thanks to developers, but as I said in OP, nokia probably would provide it. Don't know if it's true, but let's see what comes next! Some hours ago at Abu Dhabi, at lumia phablet presentation, came encouraging signals to encrease the number of the apps for windows phone. Ok, it doesn't mean anything and Personally I don't use instagram but more apps means more people that will adopt WP8..and more people will call more developers (hopefully) and micosoft ecosystem would finally start (even if there's to solve the "problem" of Windows RT/Windows Phone, first).
As you said even iOS is closed-source but (even if I don't like making comparisons between OSs because they aren't meant to work in the same way) I think that the interest in that platfom made possible to create the powerful mobile substrate, to make even heavy modifications to the system.
But even without moddings, I mean..iOS now has quite al the essential features that a phone requires (quick and real toogglers, a camera flash that tries to act as a notification led..ok, not a file manager but it has a download folder, a quite "useful" lockscreen, battery percentage..), so IMHO is quite usable out of the box because apple now provides many of the basic features expected to be on a phone. So I think that for apple devices jailbreaking is not as necessary as was in the past. WP8 on the contrary strongly needs a jailbreak because is not a fully mature OS..
ANOTHER FEATURE THAT LACKS (IMHO): the new versions of office are not as useful as office 2010 in windows mobile. Who remembers WM, office 2010 was so similar at the desktop version (even fonts could be changed and added!!!)..but since then, the most part of features disappeared, so office mobile stopped being as useful as it was before for business people nobody will care about that (developers can't do anything for this, and microsoft will never provide those features..but I miss it. So I didn't put this in the list because it's more a "personal" thing.
And I was thinking that even a windows phone with the stylus would be useful especially with one note, that on PCs and tablets is ready to be used with a stylus and I found this fantastic. But even this is a "personal" desire that will never come LoL
::facepalm::
snickler said:
::facepalm::
Click to expand...
Click to collapse
Why? I don't think I'm that wrong, there's no real possibility to have a fully featured file manager on WP, is it?
th0mas96 said:
Why? I don't think I'm that wrong, there's no real possibility to have a fully featured file manager on WP, is it?
Click to expand...
Click to collapse
In my inner eyes i see next user/professional developer asking if there was a patch to adjust screen brightness to personal needs in more than just the dictated three steps.
Answer: Buy an other phone or program your own OS.
A very simple feature is missing, App update notifications from Store.
WP8 now doesn't seems to be telling me when the apps on my phone has been updated unless I went to look for them. Its only then that the tile shows 1 update available. HELLO???!!!
So that means I have to list out the apps I've downloaded and look for each and every single one of their updates?
How can Microsoft and OP miss this one out?
And my clock isn't synced even if I set it to auto, sometimes it jumps AM/PM or even months!
Life'sGood said:
A very simple feature is missing, App update notifications from Store.
WP8 now doesn't seems to be telling me when the apps on my phone has been updated unless I went to look for them. Its only then that the tile shows 1 update available. HELLO???!!!
So that means I have to list out the apps I've downloaded and look for each and every single one of their updates?
How can Microsoft and OP miss this one out?
And my clock isn't synced even if I set it to auto, sometimes it jumps AM/PM or even months!
Click to expand...
Click to collapse
Added in OP
@Life'sGood and @gigsaw: That's a problem with your phone, not the OS as a whole. I guarantee you that WP8 fully supports app update notifications and clock sync. If yours doesn't, that's a problem with your phone, specifically. Blaming Microsoft for it is nonsense and won't help you fix the problem.
Now, as for fixing the problem... do you have an active SIM card in the phone? If so, does it have a data connection? That's most logical reason I can think of for the app update notifications to not appear; no connectivity when the phone tries to check. The clock can sync off the towers as well (also needs a SIM, I suspect) but it can also sync off GPS satellites (which have extraordinarily accurate clocks, and broadcast time signals that anything with a GPS receiver can pick up even if it can't get an accurate locations fix).
The most likely solution, honestly, is to hard-reset your phone. You might want to call support or take the phone in to a Microsoft store or something first, though; hard-reset will wipe the data (though that's most likely what they'll tell you to do anyhow).
GoodDayToDie said:
@Life'sGood and @gigsaw: That's a problem with your phone, not the OS as a whole. I guarantee you that WP8 fully supports app update notifications and clock sync. If yours doesn't, that's a problem with your phone, specifically. Blaming Microsoft for it is nonsense and won't help you fix the problem.
Now, as for fixing the problem... do you have an active SIM card in the phone? If so, does it have a data connection? That's most logical reason I can think of for the app update notifications to not appear; no connectivity when the phone tries to check. The clock can sync off the towers as well (also needs a SIM, I suspect) but it can also sync off GPS satellites (which have extraordinarily accurate clocks, and broadcast time signals that anything with a GPS receiver can pick up even if it can't get an accurate locations fix).
The most likely solution, honestly, is to hard-reset your phone. You might want to call support or take the phone in to a Microsoft store or something first, though; hard-reset will wipe the data (though that's most likely what they'll tell you to do anyhow).
Click to expand...
Click to collapse
Please let me explain why I though it was microsoft's fault: I had an WP7 with a different SIM (but same phone number) and those problems were there for almost Every app I had to update and clock often changed hour. After that I had an Android, at least with date and time no problem..with store of course I can't say after a year of android I switched back to WP8 and the market/time problems happened only a couple of times..but I thought that was something wrong in my phone because here on xda nobody has never talked about it. But I notoced that even whatsapp sometimes misses or delays some notifications with wp8 (with android never happened), and, at least in my country, this is a common problem with many users that complain abouth that, so at least for whatsapp I'm sure it's not my problem. I contacted the support of whatsapp and they said to me, if I remember well, that whatsapp notifications pass trough Microsoft servers, so in their opinion the fault of this problem was microsoft's. So I was thinking that even the other problems are related with Microsoft server's sync..so when another user said to have almost same problem As mine (but As I said, with WP8 happened to me only a couple of times, I don't know if other user has those problems more often), I convinced myself about my theory LoL of course I can imagine I am totally wrong because I don't know how those syncs works and if they work alla in the same way..what do you think about it? Before re-editing the OP I wanted to explain to you the whole situaton because you have for sure better knowledge about that
Push notifications for apps are completely different from update notifications. The latter are polled for, by the OS, at pre-determined times and without the app in question being involved at all; you'll get the update notifications even if you've never run it.
That said, push notifications on WP (7 or 8) are not as quick or reliable as on Android, it's true. The battery impact of push-using apps is lower, though.
Thank's, anyway I will hard reset my device. I have just realized right now that if the glance screen could be ported in future on other devices, a led notification becomes useless (of course, I don't know what is the battery impact on an AMOLED screen..and it's VERY important)
GoodDayToDie said:
@Life'sGood and @gigsaw: That's a problem with your phone, not the OS as a whole. I guarantee you that WP8 fully supports app update notifications and clock sync. If yours doesn't, that's a problem with your phone, specifically. Blaming Microsoft for it is nonsense and won't help you fix the problem.
Now, as for fixing the problem... do you have an active SIM card in the phone? If so, does it have a data connection? That's most logical reason I can think of for the app update notifications to not appear; no connectivity when the phone tries to check. The clock can sync off the towers as well (also needs a SIM, I suspect) but it can also sync off GPS satellites (which have extraordinarily accurate clocks, and broadcast time signals that anything with a GPS receiver can pick up even if it can't get an accurate locations fix).
The most likely solution, honestly, is to hard-reset your phone. You might want to call support or take the phone in to a Microsoft store or something first, though; hard-reset will wipe the data (though that's most likely what they'll tell you to do anyhow).
Click to expand...
Click to collapse
afaik i'm not seeing these features. I did a hard reset but I've yet to see the Nokia Camera, network+ (call filter) update.
I googled and found out this is a system wide issue with almost everybody having this issue. So does a half f'ed apple still counted as an apple?
App update notification this feature is simply not available.
I have a SIM and data connection for my 1020, on Wifi most of the time. Clock doesn't sync at all neither.
Hi,
So, Android has a permission system which albeit somewhat flawed (malware can gain permissions not intended for it) and not very suitable for laymen (non rooted phones have to either accept all permissions or be denied from the app. In many programs people don't have the luxury of not using them) theoretically has merit. IOS has...well actually I'm not sure how it works security wise but I pressume it creates sandboxes for each app, layman wise it is reasonable since you (theoretically) can deny access for all programs to certain components (no need to jailbreak).
How does WP works?
Thank you.
Security is different, apps can't do as much as on android. But iOS is better in this, because capabilities are like in Android: you can see what the apps want prior to installing them, but blocking some of them isn't possible.
I am very saddened to hear this.
Is there an ability in place similar to Androids rooting?
Also, what do you mean by "apps can't do as much as on android"?
Thank you!
@th0mas96's post is technically *mostly* accurate but very confusing and doesn't actually answer your question at all.
The short version is that WP apps use a capability-and-sandbox system much like iOS and Android, with each app getting a sandbox that gives it read-only access to the app-specific install directory and the global system directory, read/write access to the app-specific data directory, and access to whatever other stuff is specified in the capabilities. Capabilities are currently all-or-nothing; you can't reject or disable any capability except by just not installing the app.
I could go into the technical implementation of the system a bit, but the short version is that WP8 apps use fairly standard NT (as in the NT kernel that is at the core of PC Windows versions) security features: each app has a unique token (rather than inheriting the token of the process that crated it, the way it normally works on PC but very much like how Windows Store apps work on Win8) which contains the app-specific Security IDentifier (SID) that gives access to the app directories, plus the SIDs of the various capabilities that the app has.
What @th0mas96 was talking about is that WP capabilities usable by third-party developers are much more restrictive than they are on Android. For example, Android allows an app have full read-write access to your contacts or to send SMS directly. WP8 doesn't allow that unless you use capabilities that are normally neither allowed on the store nor allowed in sideloaded apps (Microsoft's code can have them, of course - that's how the built-in SMS app works - but not Joe Random Dev). The downside of this is obvious; some app behaviors (like a full replacement for the SMS app or phone dialer) are not possible. The upside is that apps are *way* more limited in how malicious they can be; the most common way that Android malware makes money (remember, the vast majority of malware is for profit) is by sending SMS to "premium" numbers. On WP8, an app could *compose* such a message, but it couldn't *send* it for you (unless it had a capability that third-party apps normally can't have) so you'd have a chance to see what the app was doing and decide not to send that message after all.
This means that the ability to disable capabilities is much less important on WP8 than on Android.
Oh, then those restrictions are actually good news.
Aside from from your typical run-of-the-mill malware my main concern was actually privacy. I have a huge displeasure from apps like Whatsapp which on android takes a whole plethora of liberties and was hoping that perhaps some other system may contain their user data voracity and their ability to control the divice their on.
Is there any link in which I could see the full list of those restrictions?
I'm still downhearted from not having a more fine grained control of the system but maybe it still has it uses in some scenarios...
Also, thank you very much for your comprehensive explanation!
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Window phone Security Issues
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
grilledcheesesandwich said:
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Click to expand...
Click to collapse
Sounds interesting.
Not something I'd try )) but interesting.
Aman Raien said:
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
Click to expand...
Click to collapse
I pressume this is an advert for Master Software Solutions, but nevertheless I did google the term you suggested and got nil results. I also browsed the main site of the company itself but haven't found anything related, nor did I find anything on their facebook page.
Regardless, I checked out this Kids corner thing, it's cute but not really security related...
Thx anyway.
Hello - I am doing a pen test for a customer. They are not giving me the xap files like they did last time. Is there a way to pull the xap file off the phone and on to your PC? I have a dev unlocked phone which I can sideload apps using power tools. I have done some research and it doesn't sound like this option is available, but I wanted to ask.
Thanks in advance.
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
GoodDayToDie said:
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
Click to expand...
Click to collapse
Thanks again for all your help. So my situation is this: I am doing pen testing for a client (and I'm sure we are competitors some what). The have provided me a Nokia Lumia phone running 8.0 and another Lumia running 8.1. The app is installed by their dev team (app is not avail from the store). They are reluctant to provide my the XAP file as they consider it proprietary info. I have done a dev unlock on the phone, but my primary goal is to view the isolated storage/dlls for the app to make sure they are not storing sensitive data. I am using the standard tools for viewing the isolated storage, but for these to work (best of my knowledge) they require you to sideload the application which I cannot due (not XAP file). I am proxying the traffic, but without looking at the file system there is not much I can do. As an aside, they are using MDM with jailbreak detection.
Whoa, somebody actually got around to writing jailbreak detection for WP8? Crazy. I wish I could see that; I'm sure it's trivial to bypass (at least for interop-unlock, the difference between locked and unlocked is changing a registry value and it would be easily possible to re-lock it, launch the app while keeping the editor app open in the background, switch back to the editor, and unlock/jailbreak again) but I'm amused that anybody even bothered trying. Also, the APIs you would need to do the detection aren't even available on 8.0, officially; you're in violation of the store rules if you use them. Then again, maybe this is an internal, "Enterprise" app; those have permissions to do stuff that typical third-party apps do not. Are you sure they don't just mean they have jailbreak detection for iOS? I see something about Office365 MDM offering JB detection, but while I suppose they could have written something for WP8.x as well I feel like I probably would have heard of it?
If the app was sideloaded by the dev team, then you can see its isostore using the official tools or using Windows Phone Power Tools. If it's an enterprise app and the app was installed that way, then things get more difficult (especially if the phone they gave you doesn't have an SD slot). Not giving a pentester access to the binary they're testing is silly on a number of levels; if you succeed in breaking in then you'll get it anyhow, and an attacker will have a lot more than a week or two to poke at it so they're wasting your presumably-paid-by-the-hour time if they want you to see how good their security is without actually examining the app. I bet they used obfuscation, too... Some people just don't get it. "Security" by obscurity... isn't. Sorry, end of mini-rant. Anyhow, there's a guy on the forum who claims to have a non-JTAG unlock for Lumias, but no idea when or if it'll see the light of day.
https://www.xda-developers.com/android-q-storage-access-framework-scoped-storage/
... Looks like porting old pie roms to new phones is going to become a thing
According to what I've read, it would be very easy to build a workaround for it, especially considering Google already has a workaround in place until Q apps are enforced in Google Play.
Also looks like it might be a pain in the ass
I cannot believe what I just read. I wasn't aware this was coming and I couldn't despise the decision more.
Proper access to the file system was for me one of the main advantages Android offered over iOS.
Way to go, Google...
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
It's not even just storage, it's to everything these days. Why does the app for my Apex Fusion interface on my reef tank need access to contacts and text messages?
On topic, I agree 100% with you.
Those tears in my eyes... yeah not because of the blue light in the middle of the night here... because of what I read... agree +1
I personally think it's a good move. I don't use a lot of apps because of their required permissions.
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Sent from my OnePlus 6T through Tapatalk
hank81 said:
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Click to expand...
Click to collapse
True, but I'm sure eventually, just like with most every other special permission these days, you will wind up having to enable it on every boot.
Yes, the entire bug report is atrocious, but let's not get our pitchforks just yet. Google effectively punted on this for Android Q, by making it possible to contribute business as usual. It's quite possible that these issues will be resolved by Android P, or even that the whole idea will be scrapped in favor of something else.
The fact of the matter is that storage permissions in Android are terrible, Trying to address that is not in and of itself a bad thing, in fact I would argue that part alone is a good thing.
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
partcyborg said:
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
Click to expand...
Click to collapse
Thats deep!
Scott said:
Thats deep!
Click to expand...
Click to collapse
Lots of adult beverages to come up with this ?
Ayahuasca ?
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
roaduardo said:
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
Click to expand...
Click to collapse
Not exactly. Storage access in the current world is a binary yes/no decision (well, 2 binary yes/no decisions if your device has a SD card slot), either "yes here is access to all of /sdcard" or "no you can't read or write to anything outside your specific app data folder". Using something like the API gives you the ability to do much more fine grained access like "give Poweramp access to my normal music collection in /sdcard/Music, but not my keepassxc password file.", Or "let photos index all the pics it finds on my machine, except for the ones in a 'certain' telegram folder".
The cause for pitchforks in the bug report isn't that people are in love with the posix apis for file access, just that the current Android API implementation is something like 50x slower in Android Q, making it essentially useless for file manager apps that need to do things like directory listings and maintain indexes of all shared storage, etc.