Even if one has installed some kind of lockdown/tracking software + lock pattern there is always the possibility that a thief would know how to reflash and/or wipe the phone or be able to use Google to find out how.
Has anyone worked on adding the possibility of locking access to fastboot, recovery and OS boot? (Password protecting adb would also be a nice addition.)
There is not much these forums about it. Here is a thread that died: http://forum.xda-developers.com/showthread.php?t=531225
I would be fine with compiling my own recovery image if that is what it takes to get my own password, but I guess fastboot is the biggest concern.
I hope some smart developers will take their time to read this and think about it. Let's hear some input on how big of a task this is. I am sure it can be done, so take the challenge and show us some love.
wow this is an awesome idea. ya because apps like mobiledefense or wavesecure would be useless if the thief knows how to wipe the phone. this would be great and i would love to see it work. i dont know crap about making my own recovery or else i would do it if thats what it means to make my own password protected recovery. but like u said, fastboot is a greater challenge.
I could see recovery maybe having this but the bootloader you are out of luck unless you have a dev or holiday version of the nexus. We currently cant flash custom SPL's because they are sig checked.
What happens when you forget your password? Brick?
MatMew said:
What happens when you forget your password? Brick?
Click to expand...
Click to collapse
Damn if you forget it than you are just too stupid, lol Jk
but good question, however i don't think any development on this will be done anytime soon, id definitely support it though if it ever starts.
Locking the SPL would require us to be able to write/flash one, which is currently impossible
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
I want it
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
We'd also need to find a way to 'type' a password (for the recovery option) while in the bootloader, since there's no keyboard. You could use the volume toggle to cycle through letters or numbers, but this puts this option far past a 'trivial' change to the SPL code. This may be why Google didn't include the option in the beginning.
theslam08 said:
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
Click to expand...
Click to collapse
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
bubbahump said:
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
Click to expand...
Click to collapse
This would be really great... an idea, if ever possible, to overcome the bricking phone by password being lost, is somehow emailing it to the registered google account... or maybe sending an sms to a known phone number that was registered before...
dalingrin said:
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
Click to expand...
Click to collapse
Actually you can set an ON-BOOT password, which will prevent it from being booted at all without the password. Unfortunately, it is not that great a security measure, since you can just reset the BIOS using the jumper on the motherboard. Also, every BIOS manufacturer leaves a backdoor in case of forgotten passwords, just do a Google search for BIOS DEFAULT PASSWORDS.
But, the main thing to remember here is that we do not have a keyboard, and very limited buttons to use. So, what are you thinking of using? A combination of buttons (similar to the quick-reboot)? Or, cycling through with the volume/trackball, kind of like on a briefcase/suitcase (argh, imagine the frustration).
The next thing would be the implementation of such an idea.
If the SPL is to be modified to be password protected, we would need to source code - which I don't think is available.
If the recovery is to be password protected, it would need to have immediate access to a rewriteable portion of the internal memory for storage/retrieval of said password (as would the SPL, but first things first - gotta have the source).
A simple qwerty on-screen keyboard and using the trackball to select characters would work fine. Up and down with volume keys or whatever to type in characters is not a viable option for long passwords.
It seems all this would be of no use without the possibility of flashing our own SPL, so I guess this is a bigger task than I thought at first. We all know SPL's have been hacked many times before, so I believe it can be done on the Nexus One too. But, because of the already unlocked SPL opening up flashing heaven, I am not so sure anyone is going to use any time on figuring it out.
This is what we are left with:
1. Find a way to flash a custom SPL. Piece of cake right?
2. Create an SPL with the possibility of adding password protected fastboot/recovery. Protecting boot will probably not be necessary, as it would make it impossible to trace a stolen phone.
Let me comment on the privacy issue: I am not really very concerned about the data on my phone. Of course I would not want all the pictures and videos I have shot to fall into the hands of complete strangers, but I try not to keep secret/sensitive data on my phone. It is not really very difficult to take the sdcard and put it in any other device or card reader to get all the data off of it. All the password protection in the world will never get us around some physical security. (Maybe I should make another request for encrypting the sdcard?)
What I want is to be able to somehow find the bastard(s) that took my mobile and get it back without it being wiped first. Though there is always the risk that they would not get past the unlock pattern and just throw it away right away. Let's just hope they left it powered on within network coverage.
How does Android store Gmail login credentials? Are the information cookie-like (only session information) or is there an actuall password (encrypted or not, doesn't matter) stored somewhere? If the latter than that would be very bad for the security of the Gmail account (most critical apps there are Mail and Checkout). It would probably be a good idea to change the Gmail password as soon as one starts missing his Android phone.
--
One way of increasing the odds to get a stolen phone back would be to flash a custom ROM with an embeded and preconfigured security application that installs automatically and silently after a wipe. Not perfect because a thief could just flash another ROM but there's a greater chance of a device getting wiped than not getting wiped, right?
I guess a password in recovery would add an extra percentage to those odds too.
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
maedox said:
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
Click to expand...
Click to collapse
Sorry for the bump. But seriously this is a must.
Any Nexus with unlocked bootloader leaves the internal memory unprotected (All your photos in DCIM folder, etc).
You just need to enter fastboot and flash a custom recovery.
Hello
Well i have a phone that has exactly what was being mentioned in this thread and i have literally tried everything everyone is saying about flashing, etc.
Up until recently, the corporation I work for only authorized blackberry devices to sync with the exchange servers. They've just recently started allowing iPhones and certain android devices to do the same.
On the corp intranet page that deals with this it explains that once you setup activesync a phone lock passcode is required, screen timeout of less than 15min is required, and 5 incorrect passcode attempts, lost/stolen, or something like leaving the company will result in a wipe that will affect non work related data loss as well. The next sentence then says that if it can't be wiped remotely it is the employee's responsibility to do so.
I don't know if some of that wording is from the blackberry only days or what.
If I were to go ahead and get authorization for this, would setting up an activesync with the corporation exchange server really allow them to wipe my phone, including personal data? Would it really make my phone require a passcode and limit my screen timeout all by just syncing?
I just don't know what kind of control simply setting up an activesync account is really possible.
I hate using our web access bc it requires and id and 2 passwords and even though I can use lastpass to make that easier its still slow/inconvenient.
I don't want to ask IT about all this bc I don't want them to think I'm trying to get around the system or give me an incorrect answer (fortune 100 company, they deal with a lot and don't know everything about everything ).
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Jack_R1 said:
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Click to expand...
Click to collapse
I'm actually less concerned with wiping than I am with being forced (by that I mean them somehow enforcing my settings such that I can't make my screen timeout longer than 15min or have to use a passcode to come out of sleep). I've never lost a phone and am willing to deal with consequences of not having a damn unlock code. I just don't want my phone to be locked into particular settings. Hope that makes sense.
There are so many SW available ..for lost or stolen phone.
The protection / safeguard features offered by them are impressive.
But, I feel that anyone who can deliberately
Hard Reset the phone installed with these SW
can effectively negate or bypass the protection.
Perhaps there are other ways too which I am not aware of.
Unless there is some form of protection to prevent
this.
Can this be done ? Is there a way to fully protect your
phone from any tampering unless a password is entered ?
Thank you.
I guess not, but I remember having WaveSecure installed on my G1 in the system. If the thief would then wipe your phone, the program is still installed on it. A thief would have to completely install a new rom to wipe off the program. That's the best solution you can get right now I guess, but for that you'll have to be rooted. ( https://www.wavesecure.com/blog/post/turning-on-gps-remotely.aspx )
I don't know if this is possible with other programs, but am actually interested. Anyone knows about a free program that can track / wipe / lock stuff up and installed in the android system?
There is a project called prey which i'm testing. It's free but not (yet) as advanced as some others.
Google on Prey project and it should come up.
Sent from my LG-P990 using XDA App
Escobarretje said:
I guess not, but I remember having WaveSecure installed on my G1 in the system. If the thief would then wipe your phone, the program is still installed on it. A thief would have to completely install a new rom to wipe off the program. That's the best solution you can get right now I guess, but for that you'll have to be rooted. ( https://www.wavesecure.com/blog/post/turning-on-gps-remotely.aspx )
I don't know if this is possible with other programs, but am actually interested. Anyone knows about a free program that can track / wipe / lock stuff up and installed in the android system?
Click to expand...
Click to collapse
Perhaps a solution is to have a Unique ID Key.
Without which the phone cannot be tampered with, rooted, hard reset
or anything be done to it without this Master Key feature.
The Unique ID key should be one off and issued by the manufacturer
for each phone. And this key is required even by the service station
to open the phone. If the phone is sold by the owner then he
can provide the ID key to the buyer with a small test feature
embedded within for the buyer to verify if key is the right one.
This may help in some ways as the thief would then be forced to
return the phone to the owner for some monetary consideration
rather than be stuck with a brick.
Today's smart phones contain a lot of information and data potential
and these could be much more valuable ( to the owner ) than
the phone itself. And many more new capabilities are being
introduced such as e wallet and e credit cards etc.
And it is not convenient always to update/backup the data on to a PC etc.
The data on the SD card is not an issue as it can always
be saved after encryption.
Read recently that in UK a phone is stolen every 12 seconds.
I am sure the figures for stolen phones are high in other countries too.
I am using Theft Aware.
It is NOT overwritten by a hard reset.
It can only be overwritten by installing a new ROM which is a significant additional protection against the average thief.
It does not require an internet connection (remotely controlled by SMS)
It only costs 3€.
It works flawlessly on my Optimus 2X.
I have successfully tested most of the features.
The only disadvantage is that I have to reconfigure it after each ROM update.
luik said:
I am using Theft Aware.
The only disadvantage is that I have to reconfigure it after each ROM update.
Click to expand...
Click to collapse
But it doesn't take long to reconfigure. I agree Theft Aware is excellent on the O2X.
I use Ceberus on mine and androidlost on by backup defy. Ceberus has more features
Long story short, the phone was acting up a bit, I was drunk, so I went to bootloader and accidently instead of just doing proper reboot from there, I did factory reset :crying:
Is there any way to try some "undeleting" software to salvage whatever isn't really overwritten yet?
I tried couple softwares I've used to undelete files on PC with no luck, they can't see the One since it doesn't get it's own letter by the OS when connected, I also tried Wondershare Dr.Fone which is meant specifically for phones, but it can't see One either, same reason apparently.
All the apps in Google Play that should fit the bill require root, and mine isn't rooted and would rather keep it this way than root it.
3 days worth of photos & video from Ruisrock festival gone :crying:
I think you can't found your deleted file...
Yes, you can. Here's some HTC phone data recovery guide which you can try
HTC One phone data recovery
Restore photos from HTC One phone
hope this helps.
My P9 is my favorite phone I ever used, however the only aspect that makes me sad is that I searched all over the Internet, and I cannot find any confirmation that the device supports whole device encryption. Rather everything indicates that the data on the phone is not encrypted.
I travel abroad regularly, in a country where unfortunately some Westerners go to engage in child abuse, which means that when I come back to my country, I am often required by customs to let them inspect my phone, and the device could be taken away from me to extract and analyze its data. I would love to have my P9 to take fantastic shots of this beautiful country, however I do not want to let my government have access to all my intimate conversations with my wife, all my passwords, all the websites I visit and all my personal pictures. And no, simply wiping the device, if the device doesn't support encryption, is not sufficient to remove the sensitive data from it.
Unless I can find other information to the contrary, I'll travel to this country with a backup phone that does support encryption.
WDE is a requirement for all new Marshmallow devices onwards so yes it has it.
Actually I thought I read that Google ended up withdrawing this requirement.
At any rate, I certainly haven't found the functionality anywhere. It's not anywhere in the parameters, and although you can launch it with the activity launcher, it just reboots the phone without encrypting anything.
After I unlocked bootloader and installed TWRP, when rooting, it said can not mount data in red (but still got root).
Same error when I tried to do a backup in TWRP.
One video suggested changing the disk format and changing it back, and then when I turned on my phone after that, it said password was there but unable to be used and kept booting back into recovery until I wanted to kill myself.
Seems the reason was because the phone was encrypted and changing the format fkd it all up.
So yes - it is encrypted (at least on my P9)