So I've gone through a total of 6 Palm Pre's & Sprint allowed me to choose a different device, so I just picked up a Hero...
The problem is, of course, lack of simple pin & remote wipe support for ActiveSync, so I am unable to use my corporate email on the device. I have tried using TouchDown & that doesn't even work. It seems that my work may have a filter I was told by support for TouchDown(I work for a large technology company, so IT policies are very strict).
My question, is there any way, by rooting or whatnot, to get my device to support ActiveSync fully? Or a way of somehow fooling EAS into thinking I have a simple pin setup & remote wipe available?
I really wanted to start using an Android device, but shoot, if i can't even get my work email on it, its pretty pointless...
Thanks alll!
So I've gone through a total of 6 Palm Pre's & Sprint allowed me to choose a different device, so I just picked up a Hero...
The problem is, of course, lack of simple pin & remote wipe support for ActiveSync, so I am unable to use my corporate email on the device. I have tried using TouchDown & that doesn't even work. It seems that my work may have a filter I was told by support for TouchDown(I work for a large technology company, so IT policies are very strict).
My question, is there any way, by rooting or whatnot, to get my device to support ActiveSync fully? Or a way of somehow fooling EAS into thinking I have a simple pin setup & remote wipe available?
I really wanted to start using an Android device, but shoot, if i can't even get my work email on it, its pretty pointless...
Thanks alll!
Click to expand...
Click to collapse
Thought 2.1 took care of those security issues. Only other option is touchdown in the market, it works with complex security options.
-------------------------------------
Sent via the XDA Tapatalk App
Excerpt from techwatch.co.uk
HTC's latest Android/Sense software has a vulnerability which collects user data and allows any app to access it.
The hole was brought to light by Trevor Eckhart and can be found on many of the devices such as the Evo 3D and Thunderbolt, amongst others.
According to Android Police, recent updates to the HTC software included the introduction of a suite of "logging tools" which collect information.
This could be used by the phone company to better understand problems that occur with devices, or enable better remote access.
However, it seems that the suite is not properly secured and doesn’t allow users to opt-in or out of the service.
Additionally, any app that can access "android.permission.INTERNET" can also get hold of a whole host of information on the phone's user.
This includes accounts, email addresses, GPS locations, phone numbers, text messaging data and system logs.
This means that any app that requests permissions to access the internet on the device can also, if it wanted to, get this information.
Android Police also found that any app could also access all of a phone's information, such as memory and CPU and IP address.
This, they say, makes it "theoretically possible to clone a device using only a small subset of the information leaked."
Considering the huge rise in malware which has been created for the Android market recently, this would seem to be a glaring error by HTC which needs to be very quickly sorted out.
The problem lies with the HtcLoggers.apk app which has an interface that requires no login or password.
However, AP believe that this is just the "tip of the iceberg" as they have only just begun to look into what other services installed on the phones might be capable of.
They also say that note that only the stock Sense firmware is affected.
Phones currently thought to be affected include: Evo 3D and 4G; Thunderbolt; Evo Shift 4G; MyTouch 4G Slide, some Sensations and the new Vigor. Of course, most of these are US handsets, but there are certainly some in the UK, such as the recently released Evo 3D and Sensation.
Whilst it's quite possible that other models are also affected, these are yet to be tested and confirmed.
Just delete HtcLoggers.apk from /system/app.
I checked on mine and couldn't find it. Then again I'm not on stock
Sent from my HTC Incredible S using XDA App
use this to check if this affects you.
after reading this i don't think it's as simple as just deleting htcloggers.apk. there are, however, steps listed to fix this if you feel inclined to do so.
There are a lot of customizations for Nexus kernels and with that, a few options for apps used to configure them. The only issue is that you may purchase one of these apps, but if you switch kernels, not everything is laid out the same way. This leaves the choice of dealing with options that don't work or buying another app. This app is meant to solve that problem by offering something a little less visually stunning, but highly flexible to support any kernel. After some testing and verification, I came to realize that this app did not have to limit to Nexus kernels. With a few lines of code, it could support almost any variation of the same features and options and simply disable what isn't supported.
If your device is not working with this application, please provide the device type and any information you have about the available settings. In most cases, this can be provided using the submission option directly in the app. If the app force closes altogether, it may require manually providing these details.
StarKissed Universal Remote App
An update is being released shortly to transition to a new method of determining available frequencies by processor core. This should resolve a lot of compatibility issues with devices that were crashing during the initial loading by performing better hardware checks. After some testing, this method will expand to the note 2, which currently uses a specialized check for available hardware.
From this day onwards, apps that Change state of SELinux are forbidden on Google Play Store. Those, who have such apps, have 14 days to fix violations or their apps will be removed.
Here's example of message from google:
This is a notification that your application, SELinux Mode Changer, with package ID com.mrbimc.selinux, is currently in violation of our developer terms.
…
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy:
“Don’t transmit or link to… items that may introduce security vulnerabilities to or harm user devices, apps, or personal data.”
After a regular review, we have determined that your app lowers a user’s device security by modifying or disabling SELinux on the device. To ensure a safe user experience for Play users, we have determined that apps with this functionality are noncompliant.
Please remove this functionality from your app within 14 days to achieve policy compliance. Once approved, your application will again be available with all installs, ratings and reviews intact.
This notification also serves as notice for other apps in your catalog. You can avoid further administrative action by immediately ensuring that no other apps in your catalog are in violation of (but not limited to) the above policy. Please also ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
All violations are tracked. Additional suspensions of any nature may result in the termination of your developer account, and investigation and possible termination of related Google accounts. If your account is terminated, payments will cease and Google may recover the proceeds of any past sales and/or the cost of any associated fees (such as chargebacks and transaction fees) from you.
If you feel we have made this determination in error -or feel that this functionality has been misinterpreted, please submit an appeal to the Google Play policy team through this Google Play Help Center article.
The Google Play Team
New definition of "dangerous product
Google play content policy
Google play distribution agreement
What are we going to do?
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
funtax said:
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
Click to expand...
Click to collapse
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
jerryfan2000 said:
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
Click to expand...
Click to collapse
Might I ask you which apps and features are affected?
PhinxApps said:
Might I ask you which apps and features are affected?
Click to expand...
Click to collapse
Button Savior (root). Assistive Zoom, oneClick Scroll. In my app, I create a jar with private API invocation in it and start the jar as a shell command by exec or something that I dont quit remember.
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
arpruss said:
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
Click to expand...
Click to collapse
Hmm, the e-mail is just a warning.. I think the apps will be removed in 13 days.
The title shouldn't matter, I assume it's just a scanner/grep which they run against eg. the classes.dex and search for "setenforce".
My app doesn't use this command normally, nor is it an app which is used by the 0815-user - it cannot be a human who decides about good/bad
But does this help us in any way?
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
tmjm28 said:
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
Click to expand...
Click to collapse
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
funtax said:
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
Click to expand...
Click to collapse
... which isn't possible on bootloader locked (exploit freed) devices
Has anyone an idea how to exactly interprete this message from Google?
I assume they parse the APK for "setenforce" and blame all apps which use it.
I fully understand and confirm Google's decision, no matter that it's realy a pain in the a** for some of us.
So, what are your thoughts about the following:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
2. do the modifications you need to do and hope this modifications are still working after enforced-mode is active again (how would a "execmod"-exception perform if the text-relocations have been made while SELinux was off?)
3. now call setenforce again but with "1", to re-renable SELinux
In other words:
1. would SELinux recognize that a text-relocation was made while it was disabled and then activated?
2. would it be ok to temporary disable SELinux but then re-enable it shortly after the required modifications?
@Chainfire: maybe #1 is something you might know due to SuperSU?
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
jerryfan2000 said:
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
Click to expand...
Click to collapse
Yes, that's correct. SuperSU sets itself to "permissive" in most times afaik - so if you run your restricted commands via SuperSU, you might not get problems with SELinux.
But if another process/pid is running into issues with SELinux, that won't help you.
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Catalyst06 said:
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Click to expand...
Click to collapse
This might indeed help some of the devs to adjust their commands to work with SELinux enforced - good hint, pretty sure many users are not familar with that
Ohh.. I must adjust myself: I wasn't aware of the SELinux-patcher. Might be an acceptable workaround?
funtax said:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
Click to expand...
Click to collapse
If Google catches this, they may be more tough on you.
I got notices for 3 variants of my Spirit FM apps. Was just a debug/test menu item.
Not needed for my Spirit2 app, but the Spirit1 app did direct access to audio and other devices and won't work on Lollipop otherwise. Not a big deal for Spirit1 really though, because I will likely never release a non-beta compatible with Lollipop.
So I removed the code.
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
mikereidis said:
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
Click to expand...
Click to collapse
Any news since? It seems Google pulled the trigger...
Sine. said:
Any news since? It seems Google pulled the trigger...
Click to expand...
Click to collapse
I went to 100% with my rollout just to be on the safe side.
I have had no followup problems. My affected apps are still selling.
Would have been nice for Google to send a "Thank you for co-operating" email.
I am sorry to hear that the SCR Pro developer has had his developer account terminated.
Termination is an EXTREME measure seemingly intended for confirmed malware spreaders.
I think it is VERY rare (if not impossible) to get a terminated account re-instated. I don't recall ever hearing of a re-instatement.
All of us small developers dependent on Google Play for our income are just a few Google mouse clicks away from having our indie careers ended and Google just does not care.
Why are they doing this?
I'm not sure if this is a good decision from Google. I fully understand that this could help to protect users, but in my opinion, a warning on the device would have been enough.
Android should be an open System. A user installing a permissive kernel, or changing a existing one to permissive mode, could be expected to know what she or he is doing.
I have to recompile the kernel for my SM-P605 because it was the only way to get it to work in permissive mode. Without the ability to do the mode switching by app, I have
to do this ugly changes by hand or make them persistent. Without this I'm even not able to do a chroot and run another Linux-distro on such a device. Forcing developers
to bypass such restirctions is the bigger security issue. If I'm not able to do such things, I could just as well buy a device made by apple.
What would a normal Linux user say, if he isn't allowed to get root access or couldn't download programs which don't work on a Kernels not enforcing SELinux.
mame82 said:
I'm not sure if this is a good decision from Google.
Click to expand...
Click to collapse
Google doesn't care.
Android is now dominant, and Google is closing it off, going closed source on the increasingly important Gapps/GMS etc.
Android Auto, TV, Wear, Play, etc. etc: closed source.
DRM will come and Google doesn't want us bypassing it. We already have it in locked bootloaders for non-Nexus.
This likely makes business sense for Google. They are the new Microsoft, not quite as evil perhaps, but getting closer all the time.