Database Develop

[Q] Password protect certain applications?

Is there an application that can password protect certain apps that I choose?
And please do not say Kids Corner as it does not do what I am asking.

It's probably possible (though far from easy), but I'd actually be more inclined to help if you hadn't opened a duplicate thread about this.

Only made second thread about this to attract some attention, 7 months passed since that guy opened his thread and nobody could give a good answer.
To me it's weird that nobody tried to make an app like this still, it would be very popular and help users very much.
Anyways, thank you for replying.

Really, just bumping the other thread was enough, but since we're here anyhow... my idea for how to approach it (and this would take a *lot* of hacking) goes something like this:
1. Create an app (call it X) that has the capability to launch other apps, and filesystem write access.
2. Have X take another app (call it Y) and encrypt its binaries. This prevents anybody from launching it by any means.
3. Tweak the app database to make it so that when you try to launch Y, it instead launches X and passes the id of Y as a parameter to the launcher.
4. X prompts the user for a password to Y. On getting the right one, it decrypts Y's binaries and writes them back to the correct location, then launches Y.
5. When the user (or OS) closes Y, a background process of X notes that Y is closed and re-encrypts it.
Currently we know how to do... well, some of #1, and we think the rest is possible. Given that, #2 isn't too hard. #3 is something I don't have the least notion how to do *right now* but I'm sure it's possible. #4 shouldn't be too hard given #1 and #2. #5 will be a trick - currently, apps have no way to know what other apps are running - but I'm sure it can be done.
It's a large engineering problem blocked by an even bigger research and hacking problem, though. Nothing we'll have soon. You'd never be able to publish it in the store, either, and it would only work for people with hacked phones. It's exactly the kind of *useful* thing that would be possible if Microsoft were willing to let up the restrictions on third-party developers a bit, of course, But for the time being, there are *reasons* nobody has done it yet.

Well the word that I actually was thinking after reading your post was "crap".
It seems only with time (and a whole [email protected]#$ing lot of it) will wp become a true competitor to android, but to be honest I don't think it will come to that.
Thanks for replying GoodDayToDie, I'm freakin' sad that there is no app that can suit my needs, I even tried with kids corner but the screen still needs the password entered like the normal one. Nothing really can make up for what I have in mind.
Cheers mate.

as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...

tfBullet said:
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
Click to expand...
Click to collapse
You're right tfBullet! I need it for whatsapp, photos, message and games app, mostly to prevent from friends but gf too.
I was thinking it might be possible to mod an app and add password before it can be accessed, although I have no experience in this domain. Many apps in store have this function, like wallet or prive photo apps.
My phone is dev-unlocked as I started a few days ago to study and try to create a simple app for me and my friends.

Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running. The encryption thing really isn't too hard, although you could skip it anyhow too.

If there was a way to run a program in the background that monitors when certain apps are selected and then prompts when its activated would work, but it would need an unlocked phone. And even under home brew I don't know if its possible to run apps in the background. Yet.
Sent from my Nokia 521 using XDA Windows Phone 8 App

The encryption thing really isn't too hard

Yea, but that's a little extreme. If you can create that password program that runs in the background you could probably have it watch files, apps or pretty much anything. You'd have to password protect the cofig file. And maybe if you can't remember the password after so many attempts you can have the program email the passwords to your email. Just some ideas.
Sent from my Nokia 521 using XDA Windows Phone 8 App

Running software in the background is actually shockingly easy. The trick is getting it to run with better-than-app-sandbox privileges. We're still working on that one. In the meantime, apps can't even read, much less write, to the install location of other apps.

GoodDayToDie said:
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running.
Click to expand...
Click to collapse
@GoodDayToDie: actually these .NET apps are pretty easy to decompile, if you're willing to fix the bugs that the decompiler leaves you with...
so there is not really a need for a valid signature, if you're able to compile & sideload the app yourself
the only thing is: you need the decrypted XAP, as far as i know these get decrypted while installation and can be pulled from a interop unlocked device?!
It would be nice to get my fingers on some OEM (Nokia etc..) XAPs, to see if we can find any exploit in them

I know better than probably 95% of this forum what it takes to decompile managed code; I have reverse engineered huge numbers of apps. However, you are missing several important points.
1) Modifications like you suggest are very complicated to automate. It's certainly possible, but it's not simple.
2) Re-installing the app would be a pain. You would really want to do this as an in-place modification, and that means (for store apps) that it would still be signature-checked.
3) Not all apps are managed code; WP8 supports purely native code.
4) Even with managed code, obfuscation can make tinkering with the binary nigh-impossible.

It's just so incredibly stupid that WP is so limited. I know it's under Android big time, but I think even iOS more customizable, right?
Also, is there a message app in the store that has pass option? I searched but found nothing...

I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.

GoodDayToDie said:
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
Click to expand...
Click to collapse
But with the jailbreak and MobileSubstrate, iOS is extremely customizable, and there are tons of tweaks, that's where Apple gets its new features from
Back to topic, I think the OP would be happy with a solution that locks the "normal" user of his phone out of some apps, so it wouldn't be necessary to modify anything of it, just making the standard launcher (I don't know how it's called, but I mean when you launch the app via home screen or with a toast) ask for a password should be enough.

[Q] Most SECURE Keyboard? One that require no permissions?

It's not that I don't like the stock keyboard, I'm always looking for something new, safe, practical and well....not questionable.
Keymonk Keyboard, from the app store did not require permissions. However...
"Attention: This method can collect all of the text you enter, except passwords, including personal data and credit card numbers. It comes from the app Keymonk FREE. Use anyway?" ---- (Upon some digging, I've read that this is a mandatory message for all after market keyboards?) Well, if it doesn't require permissions then is this just another way of saying...."just kidding, we can and have the ability to collect all your inputs and we may or may not jack it from you."
SwiftKey is obviously ubber popular, but it asks for these permissions:
In-app purchases (obvious)
Identity (WHY?)
SMS (WHY?)
Photos/Media/Files (WHY?)
Wi-Fi connection info (WHY?)
Device ID & call information (WHY?)
For those who care, seeing all these apps requiring permissions that are not related to the apps function can be uncomfortable. To be clear, I understand that some codes for specific functions are written within the OS for another particular function. (It'd be nice to know what basic functions are connected to what so that we know to make sense of all these permissions.)
So the question is, what keyboard is the most secure to use?
Obvious Tips, but questionable:
Stick with reputable companies? - This to me can go either way. Just because they are a big name doesn't mean that they are necessarily more secure and honest. A lot of big names are very questionable and can probably get away with more....
Use a VPN? - By doing so, although the data is secure within the pipeline, would the actual input be vulnerable by collecting its data at the point of input before the data is actually sent? Possible I'm assuming...

They're all secure.
They're not saving everything you type in a database to somehow use against you later.
But what makes you that special that you think someone would do that?

Haha, because I'm Santa clause and I don't want anyone knowing my secrets. Lol j/k...
No but on a serious note, the thread was intended to be more general to address the point of how secure the keyboards really are and why they have the default prompt of it telling you that it has your personal info on tap at their disposal.

At the same time, I'm fully aware that most people don't care, but on the flip side of the coin there are people who do care for legitimate reasons whether it'd be work or what not. Either way, it raises an interesting question.

devynbf said:
They're all secure.
They're not saving everything you type in a database to somehow use against you later.
But what makes you that special that you think someone would do that?
Click to expand...
Click to collapse
SwiftKey can store your information in the cloud to be shared across devices, however.

RiverCity.45 said:
SwiftKey can store your information in the cloud to be shared across devices, however.
Click to expand...
Click to collapse
Yea I guess that's true. But I'm pretty sure anything you type isn't going to be relevant to, really, anything that matters on the scale OP is proclaiming.
Literally, absolutely nothing.

On the scale that OP is proclaiming? You're pretty optimistic. I'll give you that, but I think you're missing the point here. Not everyone is lolly dolly like you in thinking that everything is all fine and dandy where you can trust anyone and everyone. You're also pretty wishy washy and hesitant in agreeing with something that is true. What RiverCity.45 pointed out is true. Face it.
Literally, absolutely nothing? Where have you been hiding?
Also, what have you done to contribute to the original question? NOTHING. Just leave it be.
devynbf said:
Yea I guess that's true. But I'm pretty sure anything you type isn't going to be relevant to, really, anything that matters on the scale OP is proclaiming.
Literally, absolutely nothing.
Click to expand...
Click to collapse

[INFO] How to enable mail-encryption

Hi mates.
I've switched from note 3 (greatest phone I've ever bought) to note 8 and I'm encountering a problem with the email configuration.
Actually, on the email application of note 3 I was able to add a personal PGP certificate for signing an email (or even deciphering emails from my contacts). The current Samsung email application seems to not have such feature... can you confirm this to me?
It's about to be weird, since they are spotting the encryption feature into the app description on the play store. Thanks

Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!

A_H_E said:
Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!
Click to expand...
Click to collapse
Many thanks!
Well... Samsung My Knox has been replaced by Personal Area and even if I configure an e-mail account inside it, the email application doesn't show the "advance" security options.
That's makes me vary mad...

Thank you for pointing that out. I had forgot that 'My Knox' had been retired.
I was pouring through their white papers and what not, and I'm thinking this must've been a business strategy; give consumers a moderate level of security via 'Secure Folders' and leave more advanced features for enterprise environments via 'Knox Workspace'.
See this:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
The options exists for those utilizing 'Knox Workspace'; even outlines full instructions.

Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you

DarkIaspis said:
Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you
Click to expand...
Click to collapse
No problem. Happy to help.
I've also reached out to Samsung myself to inquire further:
https://www.samsungknox.com/en/contact
Hopefully we can come up with a definitive reasoning.

Update
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.

A_H_E said:
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.
Click to expand...
Click to collapse
Hi Darklaspis
Were you able to make it work? I've tried everything but couldn't find a way to encrypt my mail from samsung mail app.
Is there any way you can helpme please?

What to consider before Rooting?

I was a Sony fan until lately it got a bit not worthy in my opinion.
I had Xperia mini then Xperia z3 compact until 3 months ago (that i got note 9)... it was rooted, custom rom, Xposed and stuff.
I know that by Rooting a Sony phone, you loose DRM features (camera improvement ...) that can be later restored by flashing a DRM fix zip and that's it, you still have everything.
but this is my first Samsung phone so I'm unfamiliar with all stuff(Odin, Knox, etc....)
questions I have:
1_ What I loose by Rooting? can they be restored after root?
2_ Wich method you suggest and why? magisk or SuperSU? or something else
3_ What do you recommend to install/set/tweak/flash after Rooting?
my phone: SM-N960F Running Android 9.0 updated 1 July 2019

Welcome to the dark side my friend!
Your Knox bit will flip from 0x0 to 0x1 - that's the first thing that will happen once you flash a custom recovery & kernel. This means that all Samsung features that check the bit status will permanently stop working; including, but not necessarily limited to, Samsung Pay, Secure Folder, S Health, Samsung Pass, the works. The change is permanent and can not be reversed by erasing everything and returning to stock firmware. As far as long-term effects on rooting go, that's pretty much it. Unlike on Sony Phones, outside these specific applications, there's no impact on other functionality like proprietary camera processing and image enhancement.
These days Magisk is generally recommended. SuperSU has been going downhill for a while, ever since Chainfire retired and handed off the development. It's also the only way to pass Google's SafetyNet checks while rooted.
As for recommended tweaks - well, that's up to your personal tastes. Myself, I'd protect the battery from excess wear by limiting maximum charge to 80%, and set up support for Sony's DualShock 3 I'm sure you'll find that most tweaks you liked on the Sony side will also work here.

You will lose samsung pay as well which supports MST which is a killer feature for me.

oddbehreif said:
Welcome to the dark side my friend!
Your Knox bit will flip from 0x0 to 0x1 - that's the first thing that will happen once you flash a custom recovery & kernel. This means that all Samsung features that check the bit status will permanently stop working; including, but not necessarily limited to, Samsung Pay, Secure Folder, S Health, Samsung Pass, the works. The change is permanent and can not be reversed by erasing everything and returning to stock firmware. As far as long-term effects on rooting go, that's pretty much it. Unlike on Sony Phones, outside these specific applications, there's no impact on other functionality like proprietary camera processing and image enhancement.
These days Magisk is generally recommended. SuperSU has been going downhill for a while, ever since Chainfire retired and handed off the development. It's also the only way to pass Google's SafetyNet checks while rooted.
As for recommended tweaks - well, that's up to your personal tastes. Myself, I'd protect the battery from excess wear by limiting maximum charge to 80%, and set up support for Sony's DualShock 3 I'm sure you'll find that most tweaks you liked on the Sony side will also work here.
Click to expand...
Click to collapse
Thanks for the Complete answer
I'm okay with, most of it... you know the secure folder is an awesome feature (at least for me) that is built in, super fast and integrated into various apps.
I haven't seen such an app as this stable and secure while maintaining this much functionality over many apps and locations inside the phone.
so that's a 'not sure yet' for me ... ?
can't something be made to reverse or change Knox trip to 0x0 again?
it made me interested... I want to participate or donate to such a project if it's ongoing

EL MAXERO said:
can't something be made to reverse or change Knox trip to 0x0 again?
it made me interested... I want to participate or donate to such a project if it's ongoing
Click to expand...
Click to collapse
Unfortunately, no. When an unsigned kernel is booted, the bootloader will detect it and trip a physical fuse in the SoC. There are ways to fake 0x0 status when fully booted, but since these features check the actual "eFuse", there's really nothing that can be done short of replacing the entire motherboard.
I remember this being a hot topic among developers since the Note 3 days; to this day nobody has claimed the bounty of several thousand dollars sitting in the Note 3 section of XDA Forums.

With root and Dr.Ketan ROM you basically get everything from this device:
- Native call recording
- Full/Half screen caller with native dialer
- All sorts of optimizations, memory management and tweaks
- Youtube Vanced (it can be used without root, but with root is a bit more convinient)
- GPay works with Magisk
You can see the list of all features(they are a ton) on Dr.Ketan ROM thread as well on his page http://www.drketanrom.com/
I was using the same Rom+root on my Note 8, now on my Note 9. I also got his Tweaks Pro app which is paid, but very useful. It's a no-brainer for me since I care much more about the functionalities rather than the warranty of this phone.
Ofc, this is my subjective point of view.

No more Samsung Pass? I like not having to type passwords in all the time. Is there something with similar functionality?

asif9t9 said:
No more Samsung Pass? I like not having to type passwords in all the time. Is there something with similar functionality?
Click to expand...
Click to collapse
LastPass works but requires a yearly subscription. You can also use the one in Google.

asif9t9 said:
No more Samsung Pass? I like not having to type passwords in all the time. Is there something with similar functionality?
Click to expand...
Click to collapse
pretty sure it works so does the google version called auto complete.

BajaBlast4Life said:
LastPass works but requires a yearly subscription. You can also use the one in Google.
Click to expand...
Click to collapse
LastPass is free. You can get a paid version but is not necessary.

In all honesty there is really not that much of a benefit in rooting a modern day android device, unless you are a developer or an android hobbiest! As the current iterations of android are pretty good right of the bat!

Question KLMSAgent as Device Manager

Good morning.
Under Settings / Biometric & security / Other security settings / Device management apps, I have a switch for disable KLMSAgent. What are the consequences for doing it?
My only goal would be optimize the system, reduce its process and memory load and so... I do NOT pretend root my phone, and I don't want compromise its security. My phone is only for personal (not enterprise) use.
Is safe set that switch to off? what happens if I do that? someone has tested?
Thank you.

Apparently, it is part of the Knox security and is safe. That said I do not have it as a device admin.
What is KLMS Agent and How to Remove It? - The Shared Web
Are you trying to figure out What is KLMS Agent in your Samsung smartphone? This article explains What is KLMS Agent and How to Remove It.
www.thesharedweb.com

lywyn said:
Apparently, it is part of the Knox security and is safe. That said I do not have it as a device admin.
What is KLMS Agent and How to Remove It? - The Shared Web
Are you trying to figure out What is KLMS Agent in your Samsung smartphone? This article explains What is KLMS Agent and How to Remove It.
www.thesharedweb.com
Click to expand...
Click to collapse
Thank you for your time.
I know that's part of Knox, and safe, too, but I don't knew the consequences for disable it as a Device Admin/Manager... Reading that you don't have it as a device admin, I have disabled it a couple minutes ago to see what's happen... At the moment works all right, no problems at all, no differences in functionality with my typical use of the phone...
Only that now I can't see how I'd eneble again if I needed it, because KLMS Agent has dissapear of the "Device management/administration" apps... :-S (look at the screenshot). Don't worries because I think never go need it again ;-)
Thank you, and greetings.

rcastroc59 said:
Thank you for your time.
I know that's part of Knox, and safe, too, but I don't knew the consequences for disable it as a Device Admin/Manager... Reading that you don't have it as a device admin, I have disabled it a couple minutes ago to see what's happen... At the moment works all right, no problems at all, no differences in functionality with my typical use of the phone...
Only that now I can't see how I'd eneble again if I needed it, because KLMS Agent has dissapear of the "Device management/administration" apps... :-S (look at the screenshot). Don't worries because I think never go need it again ;-)
Thank you, and greetings.
Click to expand...
Click to collapse
I do not have and phone works fine, and I cannot find the package on my phone so must work fine without it.
Not sure why it would be installed unless the phone had been under some organisation's mobile device management service.

lywyn said:
I do not have and phone works fine, and I cannot find the package on my phone so must work fine without it.
Not sure why it would be installed unless the phone had been under some organisation's mobile device management service.
Click to expand...
Click to collapse
Thank you again. And only as information, my phone never was part of any organization... I bought for myself, and ever was and is for personal use. But as I said before, don't worries! the phone is working fine, just as before, and disabling KLMSAgent may be reduce the memory and process load, so it's ok.