So I just updated to B360 last Thursday, and so far no major issues.
However one which is particularly annoying, is that of Device Policy. One of my Google Apps accounts I need for work enforces device policy, and it keeps prompting me that it requires that the device be encrypted, and require a PIN on restart.
However, the device is encrypted (or if it's not, Device Policy didn't seem to care before), and it does ask for the PIN on restart. I removed the account entirely and uninstalled device policy, then readded both, to no avail. Device policy still complains about both of them and refuses to let the account sync.
Has anyone else experienced this issue, or have any does anyone have any suggestions? I could wipe the device and try that, but I don't want to go to all that effort unless I know it'll fix it.
Related
Does anyone know why my exchange starts, brings in all the mail, then starts a "Freeing OpenSSL Session" infinite loop and email stops coming in?
I know I posted in another thread but Google Customer Service says it is my IT and my IT says it is the new OS. I just need anyone out there that understands this and can help me make sense of what is going on?
Just spoke with Google Tech Support -
They said this is definitely an OS error. It has happened with past OS because they did not include all Certificates in past versions. 2.2 is supposed to have all versions and an options to accept any that were not included.
They said that obviously my phone is not accepting the certificate from my server.
He ended by saying he hopes this is only my phone and server and not a more widespread issue since the OS is rolling out soon to the other units.
There was no solution since this requires the programmers attention to figure out why the OS is not accepting the certificate.
In short, OS 2.2 will not work with my server.
I have tried manually installing the .cert files onto my phone with no success. My IT believes the UCC cert is breaking the activesync because Google did not include these in Android and did not allow Android to accept other Certs....
I just wish anyone else was having this issue.
did you upgrade to FRF91? might be helpful, since they said they fixed some security issues.
I did update to FRF91.
This is really weird that Touchdown will work but Exchange will not.
I know there are past instances of this and it has something to do with the OS's approved SSL and what is on the Server. Also apparently the way OS 2.2 handles unknown certificates causes this problem.
Up until recently, the corporation I work for only authorized blackberry devices to sync with the exchange servers. They've just recently started allowing iPhones and certain android devices to do the same.
On the corp intranet page that deals with this it explains that once you setup activesync a phone lock passcode is required, screen timeout of less than 15min is required, and 5 incorrect passcode attempts, lost/stolen, or something like leaving the company will result in a wipe that will affect non work related data loss as well. The next sentence then says that if it can't be wiped remotely it is the employee's responsibility to do so.
I don't know if some of that wording is from the blackberry only days or what.
If I were to go ahead and get authorization for this, would setting up an activesync with the corporation exchange server really allow them to wipe my phone, including personal data? Would it really make my phone require a passcode and limit my screen timeout all by just syncing?
I just don't know what kind of control simply setting up an activesync account is really possible.
I hate using our web access bc it requires and id and 2 passwords and even though I can use lastpass to make that easier its still slow/inconvenient.
I don't want to ask IT about all this bc I don't want them to think I'm trying to get around the system or give me an incorrect answer (fortune 100 company, they deal with a lot and don't know everything about everything ).
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Jack_R1 said:
One of the features introduced in Froyo with Exchange/ActiveSync support was remote wipe. I believe they'll have no problem wiping your phone, unless you disconnect that account first.
Click to expand...
Click to collapse
I'm actually less concerned with wiping than I am with being forced (by that I mean them somehow enforcing my settings such that I can't make my screen timeout longer than 15min or have to use a passcode to come out of sleep). I've never lost a phone and am willing to deal with consequences of not having a damn unlock code. I just don't want my phone to be locked into particular settings. Hope that makes sense.
Hi all, I recently installed MobileIron on my Xperia Z to get work emails etc. I am running Android 4.2.2 When i had done testing, i decided to remove Mobileiron and deactivated it and uninatslled it, this was ll fine. As part on the setup of MobileIron, my phone had to be Encrypted and this went through fine also. The issue now is that if i go into Security and look under Owner Info>Encryption, it says Encrypt phone (Encrypted) and i have no option to decrypt. If i tap on "Encrypt phone (Encrypted)" nothing happens. anyone any ideas on this? Thank you!
The reason why you had to encrypt in the first place was because your corporate policy required it ... i.e., your IT department configured your MobileIron server to require encryption on your device, so once registered with MobileIron, you had to adopt the corporate policy.
I don't know of any Android devices that allow for decryption. That said, there's no good reason to decrypt. You are getting a security advantage with no real negatives. In theory there could be a micro-penalty in the battery consumption or i/o speed but in reality it's not going to be noticeable.
If you really can't stand the idea of encryption, you need to do a full factory reset. You'll lose all your data during that process so you'll want to backup first and restore once complete.
jsirota said:
The reason why you had to encrypt in the first place was because your corporate policy required it ... i.e., your IT department configured your MobileIron server to require encryption on your device, so once registered with MobileIron, you had to adopt the corporate policy.
I don't know of any Android devices that allow for decryption. That said, there's no good reason to decrypt. You are getting a security advantage with no real negatives. In theory there could be a micro-penalty in the battery consumption or i/o speed but in reality it's not going to be noticeable.
If you really can't stand the idea of encryption, you need to do a full factory reset. You'll lose all your data during that process so you'll want to backup first and restore once complete.
Click to expand...
Click to collapse
Thank you for your response
The reason i was looking to do this is that i also have a Samsung Galaxy S4 and with an identical setup, there is the option to Decrypt so i was wondering if i missed something.
osheaj said:
Thank you for your response
The reason i was looking to do this is that i also have a Samsung Galaxy S4 and with an identical setup, there is the option to Decrypt so i was wondering if i missed something.
Click to expand...
Click to collapse
agree. i used samsung galaxy note before with mobilelron. the same setting for my new xperia z but i cannot find the decrytion command
OK, this is not strictly a OP3T problem but that's where it happened to me. I run Norton Mobile Security on my phone, which is encrypted. Just recently enabled Web Protection to see if that would help speed up the incredibly long time Norton takes to analyze links before it allows pages to load. When I set it up and enabled Norton Security Services in the Accessibility menu, there was a fine-print screen that said Norton would be taking over some of the lock screen functions. No big deal.
When I rebooted the phone, it went straight to Android, without asking for the encryption password. I booted into recovery, same thing. I tried disabling Norton Web Protection, still no password. Uninstalled Norton, still no password. The Security menu shows the phone is still encrypted, which I figured because the installation didn't take long enough to decrypt the phone, and because it doesn't work that way anyway.
I tried this first on an LG G2 running Lineage 16 , but didn't notice the lack of the password prompt until it was too late, and I had done the same thing to my daily driver OP3T.
After about two hours on a chat with Norton support, they escalated me up to senior support, and said I'd get a call back in a couple of days.
So, I turn to this group. There's only one way I can explain this behavior: it appears Norton Mobile Security might be modifying the bootloader to preload the encryption password and bypass the prompt. This effectively disables decryption, since anyone can now boot my phone into recovery and ADB pull whatever they want.
The phone is fully functional, but also wide open. Short of copying everything off the phone, resetting and starting from scratch, does anyone have a suggestion? I do have TWRP backups that include the bootloader, but I don't want to overwrite the bootloader if that risks breaking the encryption entirely and locking me out of my phone.
In the meantime, be careful with Norton Mobile Security!
If memory serves me right (ha!), disabling the boot password is supposed to happen when you enable any accessibility settings...
That makes sense. The warning looked like standard Android boilerplate. Is there a way to re-enable the password prompt?
mobilityguy said:
That makes sense. The warning looked like standard Android boilerplate. Is there a way to re-enable the password prompt?
Click to expand...
Click to collapse
Yes, disable whatever accessibility setting you enabled. It's got nothing specifically to do with Norton....
Didgeridoohan said:
Yes, disable whatever accessibility setting you enabled. It's got nothing specifically to do with Norton....
Click to expand...
Click to collapse
I disabled everything I could find related to accessibility - the Norton services and the Android accessibility shortcut. What am I missing?
Also, the problem affects the recovery partition boot, which has also stopped asking for the encryption password but decrypts the phone must fine. Doesn't seem like changes to the Android options would change that.
You might have to reenable the boot password in the security settings as well.
Didgeridoohan said:
You might have to reenable the boot password in the security settings as well.
Click to expand...
Click to collapse
Yes! That did it. Opening the PIN option on the security screen brought up a prompt asking if I wanted to have the PIN prompt on boot. It now asks for passwords on both system and recovery. Thank you for the last piece of the puzzle.
This is an increasingly irrelevant situation, but it gave me enough headaches that I hope it may someday help somebody. I forgot to disable all the pertinent stuff on my XT1254 before flashing a downgrade to unlock my bootloader. That means of course, that I had to log back in to the google account it was registered to.
The problem: After entering the correct password, a never ending loading loop occurs, and if the device falls asleep, the setup wizard starts over.
The cause: I had a Titan Key securing my account, as the primary 2FA. Android did not implement this yet in Marshmallow, so it is waiting for a FIDO2 Auth that is impossible on the device.
The solution: I needed to remove my Titan Key temporarily, so I could use a normal OAuth (Device Approval) on another phone. After that, adding the Titan Key back to the account was sufficient once you either remove that google account from the device (recommended if you're de-googling the device) or first disabling the security options to find the phone later.
Thanks for sharing your experience.