i found this new plugin for tasker -> SecureTask
It needs no root, only some rights you have to set with a ADB shell on your pc.
if only 50% of the descriptions are true, this will be a new Swiss knife!!
Do somebody tell me more about his own experiences?
I'm using it, what do you want to know about it?
It has many features and until now I'm using only two of them: Dump log and Secure Settings. Those work as intended.
(Regarding the Secure Settings action: there are some limitations in Android N with some settings which ALL plugins are facing, so that's not a flaw of SecureTask).
The developer is very helpful and you can ask him any questions on his G+ page: https://plus.google.com/communities/107846871867669301384
Plus, you get all of this for free, so don't hesitate and try it!
THX!
I was not sure to get more security leaks, as i want to get.
Related
Hello everyone! I am the developer of Prepay Widget, a powerful app that allows you to monitor your account balance through USSD requests.
You can find more info about USSD on Wikipedia, but basically these are short, SMS-like messages used by most GSM and some CDMA providers to deliver information
or control account services. The actual information comes to you in the form of popup toasts, which thids app hides and parses into widgets.
You can find the apps landing page on XDA at the following thread:
http://forum.xda-developers.com/showthread.php?p=12348102
However, i want to stress that its important that we get some device-specific feedback, so please post in this thread if you have issues,
this helps me keep track of bugs and requests better.
You can use the Lite version of the app - it has all the functionality of the full version apart from automatic updates (not really that important imo).
As I haven't got one of these phones in my pocket, I need some testers to track down problems. Please, use this thread to comment or
suggest features. It is my belief that addressing issues is best done individually by phone, so if something doesn't work, let me know and I will fix it ASAP.
Market link:
https://market.android.com/details?id=fahrbot.apps.ussd.widget.lite
Debugging:
Please use the "Write to developer" item in the Settings menu to send logs. Enable debugging, reproduce your error and then send the logs.
Make sure you include a description - the more detailed the description the better.
Screens:
1.3.3.0
Added full Russian translation
Fixed many small errors from user logs
Fixed rare radio restart issue on some ICS buils
Anything to report?
Trying it out.. thnx!!
OK enjoy and please do give us some feedback!
Anything to report?
Anything to report?
Any issues or problems i should know about?
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
proch said:
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
Click to expand...
Click to collapse
Another question would be - if something like intune can enforce lock screen password policies, shouldn't I be able to do it the same way that intune does it? If so, how? If not - why not?
It's not possible to check if user enabled lock screen password or not as far as I know
but if you want to made your app secure (because it may include important data)
you can create a password for your own application !
I did it in a little notepad app my password page allow user to set a password with all English and Persian Characters , numbers and special Chars like [email protected]#$ and etc.
Sent from my RM-994_eu_poland_1183 using Tapatalk
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
GoodDayToDie said:
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
Click to expand...
Click to collapse
Thanks for this great and detailed information. See, that's exactly what I'd do if I were developing a desktop app - since i know that intune does it, I'd figure out how intune does it and voila. I'm finally getting over the idea that the same methodologies apply to windows phone development.
For my own educational purposes (since I want to understand this platform better), I would really like to know specifically how you go about accessing the registry APIs (for example). If there's any way for you to describe any number of these methods, I'd greatly appreciate it. Thanks again!
My NativeAccess libraries (check my signature, or search on the forum or on Codeplex) contain an example of one way to access the registry. The code is open-source; you may use the libraries as-is (don't expect to get them into the store, though I won't stop you from trying), use the source code as a reference, or modify/build them yourself; the license is very liberal (MS Permissive). The functions I use are generally documented on MSDN, in the desktop APIs section; the phone has the same functions, although the DLL names are changed and the header files hide them.
Hello,
I am looking for a Developer who can create an Android App/Service/Whatever for me to do the following task.
Since I have no expertise in Android Development I am very thankful for any help an will surely send some $ as compensation for the result.
TASK:
The App/Service/Whatever should be able to open up a webpage, perform a click on that page on a button (follow all redirections, parse and use javascript, use cookies) just act like a normal Browser, but completely invisible.
I dont want to see any Icon or UI Interaction. Maybe its possible to realize that only on Shell (Terminal) Level.
The Final Webpage's HTML-Code should be saved in a file on the FileSystem (/data/Whatever/page.html).
The App is only for me, my device is rooted and Running Android 4.4.1 .
I hope that someone can help me.
Hi mates.
I've switched from note 3 (greatest phone I've ever bought) to note 8 and I'm encountering a problem with the email configuration.
Actually, on the email application of note 3 I was able to add a personal PGP certificate for signing an email (or even deciphering emails from my contacts). The current Samsung email application seems to not have such feature... can you confirm this to me?
It's about to be weird, since they are spotting the encryption feature into the app description on the play store. Thanks
Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!
A_H_E said:
Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!
Click to expand...
Click to collapse
Many thanks!
Well... Samsung My Knox has been replaced by Personal Area and even if I configure an e-mail account inside it, the email application doesn't show the "advance" security options.
That's makes me vary mad...
Thank you for pointing that out. I had forgot that 'My Knox' had been retired.
I was pouring through their white papers and what not, and I'm thinking this must've been a business strategy; give consumers a moderate level of security via 'Secure Folders' and leave more advanced features for enterprise environments via 'Knox Workspace'.
See this:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
The options exists for those utilizing 'Knox Workspace'; even outlines full instructions.
Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you
DarkIaspis said:
Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you
Click to expand...
Click to collapse
No problem. Happy to help.
I've also reached out to Samsung myself to inquire further:
https://www.samsungknox.com/en/contact
Hopefully we can come up with a definitive reasoning.
Update
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.
A_H_E said:
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.
Click to expand...
Click to collapse
Hi Darklaspis
Were you able to make it work? I've tried everything but couldn't find a way to encrypt my mail from samsung mail app.
Is there any way you can helpme please?
i am concerned.
i love to root my device and remove bloatware. ya. samsung devices. full of junk.
i use titanium backup but it seems to have trouble with magisk because its systemless and not like supersu.
anyways, my concern is about custom roms that we download from these forums.
what are the odds of rom creators infecting "Keyloggers" in these roms? i mean these days we use Lastpass to enter in our master password which contains all our passwords for our emails and other sites.
as well as authy.
its just a question.
yes. i prefer a custom rom and favor it as opposed to samsung roms.
any feedback?
@cylent
It's absolutely possible from looking at the Android Accessibility APIs:
developer.android.com/guide/topics/ui/accessibility
But, from my knowledge and testing, the key logger would need EXPLICIT access to the 'Accessibility Services'.
(Options > Settings > Accessibility) + see the attached screen shot.
If you installed a custom ROM and saw an application listed here not explicitly defined in the release notes, ensure it isn't enabled. Next query the developer as to its purposes. It's possible that just because it shows here that it isn't necessarily malicious and might serve a greater purpose.
If you receive no response or a runaround, disable it under 'Accessibility' and find the corresponding name under 'Apps' and remove it.
For that matter, dump the ROM altogether and find another immediately. I'd like to think our savvy little community would pick up on this breach of trust ASAP.
For testing purposes, mine is called 'Android Keylogger' but a malicious user could (and likely would) call it something less threatening.
Hopes this helps!